In this example, we will send a webhook to a data lake on Sumo Logic.
Suppose that every day, you want to send a list of newly found VMs, Servers, and Workstations to a dashboard running in Sumo Logic.
You could create a query that specified:
-
show all the assets that are either VMs or servers or workstations
-
exclude all assets that are either Kubernetes instances (labeled as “SERVER.SEARCH”) or VM images (labeled as “VM_IMAGE” in Lucidum)
You could then:
-
specify that you want to use the query results in a webhook
-
select the fields to include in the payload of the webhook. For example, for each VM, server, or workstation, you could include fields for the Lucidum Asset Name, Department, Data Category, External Ports, External Services.
-
Specify how frequently to send the webhook
Generating a URL for Sumo Logic #
-
In Sumo Logic, we created a hosted collector for Lucidum. For details on creating a hosted collector, see the Sumo Logic documentation https://help.sumologic.com/docs/send-data/hosted-collectors/configure-hosted-collector.
-
In Sumo Logic, we defined an HTTP source for our Lucidum demo system. For details on creating an http source, see the Sumo Logic documentation https://help.sumologic.com/docs/send-data/hosted-collectors/http-source/logs-metrics.
-
We generated a URL for our HTTP source. For details, see https://help.sumologic.com/docs/send-data/hosted-collectors/http-source/generate-new-url/.
Defining a Webhook Configuration for Sumo Logic #
To define the Webhook Configuration for Sumo Logic:
-
Choose Action Center from the left pane.
-
In the Action Center, choose the Webhook icon in the right pane.
-
To create a configuration for the action, click the Configuration (gear) icon. A configuration provides the connection and authorization information to communicate with the external solution.
-
In the Manage Action Configurations page, you can either click the Add Configuration icon (plus sign) or edit the Default configuration by clicking the Edit icon (pencil).
-
In the Manage Action Configurations page, we entered the following:
-
-
Configuration Name. A name that describes the new Webhook configuration. We entered “Sumo Demo Dashboard Data”.
-
webhook_url. The URL on the solution or application that listens for webhooks from Lucidum. This is the URL that we generated in the section on Generating a URL for Sumo Logic.
-
Header Key. We accepted the default value “Content-Type”.
-
Header Key Value. We accepted the default value “application/json”.
-
Max request payload records. You can specify a maximum size for the payload. We accepted the default value, 100 records.
-
Defining a Webhook Action for Sumo Logic #
To define the Webhook Action for Sumo Logic:
-
In the Create a New Action page, in the General step, enter:
-
Action Type. This field was pre-populated with Send Webhook.
-
Configuration Name. We selected “Sumo Demo Dashboard Data”, the configuration we defined in the section Defining a Webhook Configuration for Sumo Logic.
-
Action Name. Provide a name for the webhook action. We entered “Feed VMs, Servers & Workstations to demo dashboard in Sumo Logic”.
-
Description. Provide a description for the webhook action. This field is optional.
-
-
Click the Next (>) icon.
-
In the Filters page, click Configure Filters.
-
The Configure Filters for Action page appears.
-
In the Configure Filters for Action page, you define the query for the assets or users that the action will act upon. For existing actions, the query is already loaded in this page.
-
For details on creating and editing queries in Lucidum, see the section on Building Queries.
-
In the Refine Scope page, you define the query for the assets or users that the action will act upon.
-
We created the following query:
-
This query specifies:
-
show all the assets that are either VMs or servers or workstations
-
exclude all assets that are either Kubernetes instances (labeled as “SERVER.SEARCH”) or VM images (labeled as “VM_IMAGE” in Lucidum)
-
-
Click the Apply (page and pencil) icon.
-
Click the Next (>) icon.
-
In the Schedule step, enter:
-
Schedule Type. Define the schedule for the action. We chose “Recurrence” and specified that the action should run once a day at midnight.
-
Do not trigger the action unless. Specify the number of results from Filters as a prerequisite for executing the action. We specified “greater than 0”.
-
-
Click the Next (>) icon.
-
In the Details step, enter the following:
-
Output Fields. We selected a custom list of fields to include in the webhook payload.
-
Payload template. This field formats the webhook payload before sending it. We accepted the default template.
-
Dedup previous jobs. In this field, you specify whether you want duplicates of asset IDs (if your query is for assets) or user IDs (if your query is for users). We specfieid “0” (zero), so Lucidum includes all the records from the query in each delivery of the webhook.
-
-
Click the Save (disc) icon to save the Webhook Action.
Viewing Lucidum Data on Sumo Logic #
We can see the following Lucidum data in the Messages tab in Sumo Logic:
Using Lucidum Data in Sumo Logic Dashboards #
The following Sumo Logic dashboard uses data from Lucidum: