What is Sumo Logic? #
Sumo Logic is an all-in-one data analytics platform focused on Security, Operations, and Business Intelligence use cases.
Why Should You Use the Sumo Logic Connector? #
The Sumo Logic connector provides visibility into the assets in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Sumo Logic REST API and ingests only meta-data about Sumo Logic devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
|
Field |
Description |
Example |
|---|---|---|
|
Profile Name |
Profile Name for the connection between Lucidum and Sumo Logic |
lucidum-sumologic |
|
Access Key ID |
Unique ID for a Sumo Logic access key. The Access Key should have View access to the Sumo Logic assets and users you want to ingest in Lucidum. If you have the Create Access Keys capability, you can use the Preferences > My Access Keys page to create access keys. If your role grants you the Manage Access Keys capability, you can manage access keys in the Administration > Security > Access Keys page. |
su7iQSdsdm7MGP |
|
Access Key Secret |
Password for a Sumo Logic access key. If your role grants you the Manage Access Keys capability, you can manage access keys in the Administration > Security > Access Keys page. |
*********** |
|
Asset Data Query |
Query, using the Sumo Logic Search Query Language, to filter the list of assets. |
_sourceHost=ldapserver AND _sourceCategory=”hr-dept” |
|
Asset Data Mapping |
Maps field values from Sumo Logic to fields in the Lucidum Asset database. |
“device_hostname”->Asset_Name |
|
User Data Query |
Query, using the Sumo Logic Search Query Language, to filter the list of assets. |
“uid=” | parse regex “uid=(?<userId>\d+)” |
|
User Data Mapping |
Maps field values from Sumo Logic to fields in the Lucidum User database. |
“user_username”->Owner_Name |
Asset Data Mapping #
Lucidum has populated the Asset Data Mapping field with most commonly used Lucidum fields. The value on the right side of the mapping is the Lucidum field.
To create a mapping:
-
You can map only the Lucidum fields (values to the right of ->) that are already included in the Asset Data Mapping field. Currently, uou cannot add new mappings.
-
Put your cursor in the Asset Data Mapping field.
-
Note the name of the Lucidum Field you want to map. Then delete it (garbage can icon).
-
Enter
“Sumo Logic field name”->Lucidum field name.where:
-
“Sumo Logic field name” is a field name used in Sumo Logic.
-
Lucidum_Field_Name is the name of the field in the Lucidum Asset database.
-
-
Press Enter.
-
The new mapping appears in the Asset Data Mapping field.
User Data Mapping #
Lucidum has populated the User Data Mapping field with most commonly used Lucidum fields. The value on the right side of the mapping is the Lucidum field.
To create a mapping:
-
You can map only the Lucidum fields (values to the right of ->) that are already included in the User Data Mapping field. Currently, you cannot add new mappings.
-
Put your cursor in the User Data Mapping field.
-
Note the name of the Lucidum Field you want to map. Then delete it (garbage can icon).
-
Enter
“Sumo Logic field name”->Lucidum field name.where:
-
“Elastic field name” is a field name used in Sumo Logic.
-
Lucidum_Field_Name is the name of the field in the Lucidum Asset database.
-
-
Press Enter.
-
The new mapping appears in the User Data Mapping field.
Source Documentation #
Creating Credentials #
To create an access key, your account Sumo Logic account must have the Manage Access Keys permission.
To create an access key ID and access key secret that Lucidum can use to communicate with Sumo Logic:
Required Permissions #
The access key for the Lucidum connector should have at least View access to the Sumo Logic assets and Sumo Logic users you want to ingest in Lucidum.
Asset Data Query and User Data Query #
https://help.sumologic.com/docs/search/search-query-language/
