Sumo Logic Log Management Integration

Sumo Logic is a cloud-based machine data analytics company focusing on security, operations and BI use cases. It provides log management and analytics services that leverage machine-generated big data to deliver real-time IT insights.

This integration provides:

  • The date and time an observable was seen in log messages

  • The Collector that received the log message and the log source that was provided

  • Verdicts and judgments from Sumo Logic's query to CrowdStrike Intelligence

  • Each log message returns sightings of an observable

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Sumo Logic Log Management integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Sumo Logic Log Management integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Sumo Logic Log Management integration in Cisco XDR.

You can perform the following task after you integrate Sumo Logic Log Management with Cisco XDR:

  • Investigations - Start a new investigation by searching on suspicious indicators of compromise to extract observables for enrichment. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Sumo Logic Log Management has recent information. For details, see Investigate.