Sumo Logic

the sumo logic connector enables seamless integration with sumo logic's analytics platform, allowing users to automate actions and gain valuable insights from log data sumo logic is a cloud native, machine data analytics platform delivering real time continuous intelligence across the entire application lifecycle and stack this connector enables swimlane turbine users to integrate sumo logic's powerful analytics and insights directly into their security workflows by leveraging this integration, users can automate the addition and removal of tags to insights, manage search jobs, retrieve messages and records, and update insight statuses and assignees this enhances incident response capabilities, streamlines threat hunting, and provides actionable intelligence for security operations prerequisites before integrating sumo logic with swimlane turbine, ensure you have the following http basic authentication with the following parameters url endpoint for sumo logic api access access id unique identifier for sumo logic api authentication access key secret key for authenticating api requests capabilities this connector provides the following capabilities add tag to insight create search job delete search job get an insight get insights get messages found by search job get records found by search job get search job status remove tag from insight update insight assignee update insight status insert or update a lookup table row configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username access id string required password access key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add tag to insight adds a specified tag to an existing sumo logic insight identified by its unique id endpoint url api/sec/v1/insights/{{id}}/tags method post input argument name type required description id string required unique identifier tagname string required name of the resource output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier readableid string unique identifier name string name of the resource description string output field description timestamp string output field timestamp source string output field source assignedto string output field assignedto teamassignedto string output field teamassignedto created string output field created closed string output field closed closedby string output field closedby severity string output field severity confidence number unique identifier assignee object output field assignee username string name of the resource displayname string name of the resource status object status value name string name of the resource displayname string name of the resource resolution string output field resolution subresolution string output field subresolution entity object output field entity example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {} } } ] create search job initiates a new search job in sumo logic using specified query parameters and time frame endpoint url api/v1/search/jobs method post input argument name type required description query string required parameter for create search job from string required parameter for create search job to string required parameter for create search job timezone string required parameter for create search job byreceipttime boolean optional time value autoparsingmode string optional parameter for create search job output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier link object output field link rel string output field rel href string output field href example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "id" "12345678 1234 1234 1234 123456789abc", "link" {} } } ] delete search job removes a specified search job from sumo logic using the unique job identifier provided in path parameters endpoint url api/v1/search/jobs/{{id}} method delete input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "id" "12345678 1234 1234 1234 123456789abc" } } ] get an insight retrieve a specific insight from sumo logic using the provided id and optional summary fields endpoint url api/sec/v1/insights/{{id}} method get input argument name type required description id string required unique identifier recordsummaryfields array required a list of fields to aggregate from the records of each insight into a summarized list directly on the insight object of the response exclude array optional a comma separated list of subfields to be excluded from the response output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier readableid string unique identifier name string name of the resource description string output field description timestamp string output field timestamp source string output field source assignedto string output field assignedto teamassignedto string output field teamassignedto created string output field created closed string output field closed closedby string output field closedby severity string output field severity confidence number unique identifier assignee object output field assignee username string name of the resource displayname string name of the resource status object status value name string name of the resource displayname string name of the resource resolution string output field resolution subresolution string output field subresolution entity object output field entity example \[ { "status code" 200, "response headers" { "date" "mon, 29 jan 2024 16 08 07 gmt", "content type" "application/json", "content length" "123", "connection" "keep alive", "set cookie" "awsalb=ompd6ekocbj7wwuppizabugz6ixm7onx9hn/dwiwck0qrmxvncxxad1735q11plbjfudhlw9x ", "expires" "thu, 01 jan 1970 00 00 00 gmt", "strict transport security" "max age=15552000", "x xss protection" "1; mode=block", "x frame options" "deny", "x content type options" "nosniff" }, "reason" "ok", "json body" { "data" {} } } ] get insights retrieve insights from sumo logic using specified summary fields to tailor the output data endpoint url api/sec/v1/insights/all method get input argument name type required description q string optional parameter for get insights nextpagetoken string optional parameter for get insights recordsummaryfields array required parameter for get insights expand array optional parameter for get insights output parameter type description status code number http status code of the response reason string response reason phrase data object response data nextpagetoken string output field nextpagetoken objects array output field objects id string unique identifier readableid string unique identifier name string name of the resource description string output field description timestamp string output field timestamp source string output field source assignedto string output field assignedto teamassignedto string output field teamassignedto created string output field created closed string output field closed closedby string output field closedby severity string output field severity confidence number unique identifier assignee object output field assignee username string name of the resource displayname string name of the resource status object status value name string name of the resource displayname string name of the resource resolution string output field resolution example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {} } } ] get messages found by search job retrieve messages from a sumo logic search job using the searchjobid, with options to specify offset and limit endpoint url api/v1/search/jobs/{{searchjobid}}/messages method get input argument name type required description searchjobid string required unique identifier offset number required parameter for get messages found by search job limit number required parameter for get messages found by search job output parameter type description status code number http status code of the response reason string response reason phrase fields array output field fields name string name of the resource fieldtype string type of the resource keyfield boolean output field keyfield messages array response message map object output field map count string count value sourcecategory string output field sourcecategory example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "fields" \[], "messages" \[] } } ] get records found by search job retrieve the number of records produced by a sumo logic search job, including details on aggregation, using the searchjobid, offset, and limit endpoint url api/v1/search/jobs/{{searchjobid}}/records method get input argument name type required description searchjobid string required unique identifier offset number required parameter for get records found by search job limit number required parameter for get records found by search job output parameter type description status code number http status code of the response reason string response reason phrase fields array output field fields name string name of the resource fieldtype string type of the resource keyfield boolean output field keyfield records array output field records map object output field map count string count value sourcecategory string output field sourcecategory example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "fields" \[], "records" \[] } } ] get search job status obtain the current status of a search job in sumo logic using the provided searchjobid endpoint url api/v1/search/jobs/{{searchjobid}} method get input argument name type required description searchjobid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase state string output field state messagecount number response message histogrambuckets array output field histogrambuckets length number output field length count number count value starttimestamp number output field starttimestamp pendingerrors array error message if any file name string name of the resource file string output field file pendingwarnings array output field pendingwarnings file name string name of the resource file string output field file recordcount number count value example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "state" "string", "messagecount" 123, "histogrambuckets" \[], "pendingerrors" \[], "pendingwarnings" \[], "recordcount" 123 } } ] insert or update a lookup table row insert or update a row in a sumo logic lookup table; a new row is added if the primary key is unique endpoint url /api/v1/lookuptables/{{id}}/row method put input argument name type required description id string required identifier of the lookup table row array required a list of all the field identifiers and their corresponding values columnname string required name of the column of the table columnvalue string required value of the specified column output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 204, "response headers" {}, "reason" "ok" } ] remove tag from insight removes a specified tag from an insight in sumo logic using the insight's id and the tag name endpoint url api/sec/v1/insights/{{id}}/tags/{{tagname}} method delete input argument name type required description id string required unique identifier tagname string required name of the resource output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier readableid string unique identifier name string name of the resource description string output field description timestamp string output field timestamp source string output field source assignedto string output field assignedto teamassignedto string output field teamassignedto created string output field created closed string output field closed closedby string output field closedby severity string output field severity confidence number unique identifier assignee object output field assignee username string name of the resource displayname string name of the resource status object status value name string name of the resource displayname string name of the resource resolution string output field resolution subresolution string output field subresolution entity object output field entity example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {} } } ] update insight assignee updates the assignee for a specific insight in sumo logic using the insight's id and the new assignee details endpoint url api/sec/v1/insights/{{id}}/assignee method put input argument name type required description id string required unique identifier assignee object required parameter for update insight assignee type string required type of the resource value string required value for the parameter output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier readableid string unique identifier name string name of the resource description string output field description timestamp string output field timestamp source string output field source assignedto string output field assignedto teamassignedto string output field teamassignedto created string output field created closed string output field closed closedby string output field closedby severity string output field severity confidence number unique identifier assignee object output field assignee username string name of the resource displayname string name of the resource status object status value name string name of the resource displayname string name of the resource resolution string output field resolution subresolution string output field subresolution entity object output field entity example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {} } } ] update insight status updates the status of a specified insight in sumo logic using the provided insight id endpoint url api/sec/v1/insights/{{id}}/status method put input argument name type required description id string required id of status to be updated status string optional the status to update this insight to default values are "new", "inprogress", and "closed", but custom statuses can also be created in the ui resolution string optional the resolution reason for closing this insight output parameter type description status code number http status code of the response reason string response reason phrase data object response data id string unique identifier readableid string unique identifier name string name of the resource description string output field description timestamp string output field timestamp source string output field source assignedto string output field assignedto teamassignedto string output field teamassignedto created string output field created closed string output field closed closedby string output field closedby severity string output field severity confidence number unique identifier assignee object output field assignee username string name of the resource displayname string name of the resource status object status value name string name of the resource displayname string name of the resource resolution string output field resolution subresolution string output field subresolution entity object output field entity example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "data" {} } } ] response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 123 content type the media type of the resource application/json date the date and time at which the message was originated mon, 29 jan 2024 16 08 07 gmt expires the date/time after which the response is considered stale thu, 01 jan 1970 00 00 00 gmt set cookie http response header set cookie awsalb=ompd6ekocbj7wwuppizabugz6ixm7onx9hn/dwiwck0qrmxvncxxad1735q11plbjfudhlw9xcswxjn6ldgxaidbevshmbrrsrdm67p8edxizzq5vaoiqmxlgn4a; expires=mon, 05 feb 2024 16 08 07 gmt; path=/, awsalbcors=ompd6ekocbj7wwuppizabugz6ixm7onx9hn/dwiwck0qrmxvncxxad1735q11plbjfudhlw9xcswxjn6ldgxaidbevshmbrrsrdm67p8edxizzq5vaoiqmxlgn4a; expires=mon, 05 feb 2024 16 08 07 gmt; path=/; samesite=none; secure, sumoapiid=node08z5fwybx9i1z6ebzu7o38tn51837873 node0; path=/; secure; httponly strict transport security http response header strict transport security max age=15552000 x content type options http response header x content type options nosniff x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block notes documentation sumo logic cse api https //api sumologic com/docs/sec/ https //api sumologic com/docs/sec/ sumo logic search api https //help sumologic com/docs/api/search job/ https //help sumologic com/docs/api/search job/ sumo logic reference api https //api au sumologic com/docs/#operation/truncatetable https //api au sumologic com/docs/#operation/truncatetable