Sumo Logic

Usage

The Sumo Logic syslog-based integration with the Vectra product provides powerful log management and analytics capabilities tailored for modern applications.

This integration offers streamlined visibility into network behaviors, security incidents, and operational trends. It enhances the ability to detect anomalies, respond to threats, and optimize performance across the network. You can automate alerts and derive actionable insights, making it a vital tool for network management, compliance, and continuous improvement.

Vectra portal steps

In Settings > Response Integrations, click Add Integration. Select Sumo Logic`

Configuration

The following fields are specific to the Sumo Logic integration.

Additional post configuration

After the Sumo Logic configuration is setup, you will need to configure a Response Policy in the Fusion portal and a custom parser in Sumo Logic to receive events from Fusion.

Configure a Response Policy to Sent Events to Sumo Logic

You can configure response policies in the portal by navigating to Response -> Response Policies -> Add Response Policy.

Configure Sumo Logic Custom Parser

To configure the custom log parser from Sumo Logic, follow the custom parser guide in Sumo Logic.

To get logs from the Fusion Portal to use for Panther's custom parser, go to Search -> Events, select an event. view the raw record from the properties tray, select the JSON tab, and click the top level clipboard icon as shown below: