Sumo Logic

the sumo logic connector enables seamless integration with sumo logic's analytics platform, allowing users to automate actions and gain valuable insights from log data sumo logic is a cloud native, machine data analytics platform delivering real time continuous intelligence across the entire application lifecycle and stack this connector enables swimlane turbine users to integrate sumo logic's powerful analytics and insights directly into their security workflows by leveraging this integration, users can automate the addition and removal of tags to insights, manage search jobs, retrieve messages and records, and update insight statuses and assignees this enhances incident response capabilities, streamlines threat hunting, and provides actionable intelligence for security operations prerequisites before integrating sumo logic with swimlane turbine, ensure you have the following http basic authentication with the following parameters url endpoint for sumo logic api access access id unique identifier for sumo logic api authentication access key secret key for authenticating api requests capabilities this connector provides the following capabilities add tag to insight create search job delete search job get an insight get insights get messages found by search job get records found by search job get search job status remove tag from insight update insight assignee update insight status insert or update a lookup table row notes documentation sumo logic cse api https //api sumologic com/docs/sec/ sumo logic search api https //help sumologic com/docs/api/search job/ sumo logic reference api https //api au sumologic com/docs/#operation/truncatetable configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username access id string required password access key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add tag to insight adds a specified tag to an existing sumo logic insight identified by its unique id endpoint url api/sec/v1/insights/{{id}}/tags method post input argument name type required description path parameters id string required parameters for the add tag to insight action tagname string optional name of the resource input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"tagname" "example name"} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data readableid string response data data name string response data data description string response data data timestamp string response data data source string response data data assignedto string response data data teamassignedto string response data data created string response data data closed string response data data closedby string response data data severity string response data data confidence number response data data assignee object response data data assignee username string response data data assignee displayname string response data data status object response data data status name string response data data status displayname string response data data resolution string response data data subresolution string response data data entity object response data output example {"data" {"id" "12345678 1234 1234 1234 123456789abc","readableid" "string","name" "example name","description" "string","timestamp" "2024 01 01t00 00 00z","source" "string","assignedto" "string","teamassignedto" "string","created" "2024 01 01t00 00 00z","closed" "string","closedby" "string","severity" "string","confidence" 123,"assignee" {"username" "example name","displayname" "example name"},"status" {"name" "example name","displayname" "example name"}}} create search job initiates a new search job in sumo logic using specified query parameters and time frame endpoint url api/v1/search/jobs method post input argument name type required description query string optional parameter for create search job from string optional parameter for create search job to string optional parameter for create search job timezone string optional parameter for create search job byreceipttime boolean optional time value autoparsingmode string optional parameter for create search job input example {"json body" {"query" "| count sourcecategory","from" "2019 05 03t12 00 00","to" "2019 05 03t12 05 00","timezone" "ist","byreceipttime"\ true,"autoparsingmode" "autoparse"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier link object output field link link rel string output field link rel link href string output field link href output example {"id" "3eac1be90cf82845","link" {"rel" "self","href" "https //api sumologic com/api/v1/search/jobs/3eac1be90cf82845"}} delete search job removes a specified search job from sumo logic using the unique job identifier provided in path parameters endpoint url api/v1/search/jobs/{{id}} method delete input argument name type required description path parameters id string required parameters for the delete search job action input example {"path parameters" {"id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier output example {"id" "4e710fa73030fcbe"} get an insight retrieve a specific insight from sumo logic using the provided id and optional summary fields endpoint url api/sec/v1/insights/{{id}} method get input argument name type required description path parameters id string required parameters for the get an insight action parameters recordsummaryfields array required a list of fields to aggregate from the records of each insight into a summarized list directly on the insight object of the response parameters exclude array optional a comma separated list of subfields to be excluded from the response input example {"parameters" {"recordsummaryfields" \[""],"exclude" \[""]},"path parameters" {"id" "1"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data readableid string response data data name string response data data description string response data data timestamp string response data data source string response data data assignedto string response data data teamassignedto string response data data created string response data data closed string response data data closedby string response data data severity string response data data confidence number response data data assignee object response data data assignee username string response data data assignee displayname string response data data status object response data data status name string response data data status displayname string response data data resolution string response data data subresolution string response data data entity object response data output example {"status code" 200,"response headers" {"date" "mon, 29 jan 2024 16 08 07 gmt","content type" "application/json","content length" "123","connection" "keep alive","set cookie" "awsalb=ompd6ekocbj7wwuppizabugz6ixm7onx9hn/dwiwck0qrmxvncxxad1735q11plbjfudhlw9x ","expires" "thu, 01 jan 1970 00 00 00 gmt","strict transport security" "max age=15552000","x xss protection" "1; mode=block","x frame options" "deny","x content type options" "nosniff"},"reason" "ok","json body" {"data" {"id" "string","reada get insights retrieve insights from sumo logic using specified summary fields to tailor the output data endpoint url api/sec/v1/insights/all method get input argument name type required description parameters q string optional parameters for the get insights action parameters nextpagetoken string optional parameters for the get insights action parameters recordsummaryfields array required parameters for the get insights action parameters expand array optional parameters for the get insights action input example {"parameters" {"q" "string","nextpagetoken" "string","recordsummaryfields" \["string"],"expand" \["string"]}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data nextpagetoken string response data data objects array response data data objects id string response data data objects readableid string response data data objects name string response data data objects description string response data data objects timestamp string response data data objects source string response data data objects assignedto string response data data objects teamassignedto string response data data objects created string response data data objects closed string response data data objects closedby string response data data objects severity string response data data objects confidence number response data data objects assignee object response data data objects assignee username string response data data objects assignee displayname string response data data objects status object response data data objects status name string response data data objects status displayname string response data data objects resolution string response data output example {"data" {"nextpagetoken" "string","objects" \[{}]}} get messages found by search job retrieve messages from a sumo logic search job using the searchjobid, with options to specify offset and limit endpoint url api/v1/search/jobs/{{searchjobid}}/messages method get input argument name type required description path parameters searchjobid string required parameters for the get messages found by search job action parameters offset number required parameters for the get messages found by search job action parameters limit number required parameters for the get messages found by search job action input example {"parameters" {"offset" 0,"limit" 10},"path parameters" {"searchjobid" "37589506f194fc80"}} output parameter type description status code number http status code of the response reason string response reason phrase fields array output field fields fields name string name of the resource fields fieldtype string type of the resource fields keyfield boolean output field fields keyfield messages array response message messages map object response message messages map count string response message messages map sourcecategory string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"fields" \[{},{}],"messages" \[{}]}} get records found by search job retrieve the number of records produced by a sumo logic search job, including details on aggregation, using the searchjobid, offset, and limit endpoint url api/v1/search/jobs/{{searchjobid}}/records method get input argument name type required description path parameters searchjobid string required parameters for the get records found by search job action parameters offset number required parameters for the get records found by search job action parameters limit number required parameters for the get records found by search job action input example {"parameters" {"offset" 0,"limit" 10},"path parameters" {"searchjobid" "37589506f194fc80"}} output parameter type description status code number http status code of the response reason string response reason phrase fields array output field fields fields name string name of the resource fields fieldtype string type of the resource fields keyfield boolean output field fields keyfield records array output field records records map object output field records map records map count string count value records map sourcecategory string output field records map sourcecategory output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"fields" \[{},{}],"records" \[{}]}} get search job status obtain the current status of a search job in sumo logic using the provided searchjobid endpoint url api/v1/search/jobs/{{searchjobid}} method get input argument name type required description path parameters searchjobid string required parameters for the get search job status action input example {"path parameters" {"searchjobid" "37589506f194fc80"}} output parameter type description status code number http status code of the response reason string response reason phrase state string output field state messagecount number response message histogrambuckets array output field histogrambuckets histogrambuckets length number output field histogrambuckets length histogrambuckets count number count value histogrambuckets starttimestamp number output field histogrambuckets starttimestamp pendingerrors array error message if any pendingerrors file name string name of the resource pendingerrors file string error message if any pendingwarnings array output field pendingwarnings pendingwarnings file name string name of the resource pendingwarnings file string output field pendingwarnings file recordcount number count value output example {"state" "done gathering results","messagecount" 90,"histogrambuckets" \[{"length" 60000,"count" 1,"starttimestamp" 1359404820000},{"length" 60000,"count" 1,"starttimestamp" 1359405480000},{"length" 60000,"count" 1,"starttimestamp" 1359404340000}],"pendingerrors" \[],"pendingwarnings" \[],"recordcount" 1} insert or update a lookup table row insert or update a row in a sumo logic lookup table; a new row is added if the primary key is unique endpoint url /api/v1/lookuptables/{{id}}/row method put input argument name type required description path parameters id string required identifier of the lookup table row array optional a list of all the field identifiers and their corresponding values row\ columnname string required name of the column of the table row\ columnvalue string required value of the specified column input example {"json body" {"row" \[{"columnname" "user id","columnvalue" "user1"}]},"path parameters" {"id" "0000000001c41ee4"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 204,"response headers" {},"reason" "ok"} remove tag from insight removes a specified tag from an insight in sumo logic using the insight's id and the tag name endpoint url api/sec/v1/insights/{{id}}/tags/{{tagname}} method delete input argument name type required description path parameters id string required parameters for the remove tag from insight action path parameters tagname string required parameters for the remove tag from insight action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc","tagname" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data readableid string response data data name string response data data description string response data data timestamp string response data data source string response data data assignedto string response data data teamassignedto string response data data created string response data data closed string response data data closedby string response data data severity string response data data confidence number response data data assignee object response data data assignee username string response data data assignee displayname string response data data status object response data data status name string response data data status displayname string response data data resolution string response data data subresolution string response data data entity object response data output example {"data" {"id" "string","readableid" "string","name" "string","description" "string","timestamp" "2023 07 20t06 25 22z","source" "algorithm","assignedto" "string","teamassignedto" "string","created" "2023 07 20t06 25 22z","closed" "2023 07 20t06 25 22z","closedby" "string","severity" "critical","confidence" 0,"assignee" {"username" "string","displayname" "string"},"status" {"name" "string","displayname" "string"}}} update insight assignee updates the assignee for a specific insight in sumo logic using the insight's id and the new assignee details endpoint url api/sec/v1/insights/{{id}}/assignee method put input argument name type required description path parameters id string required parameters for the update insight assignee action assignee object optional parameter for update insight assignee assignee type string required type of the resource assignee value string required value for the parameter input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"assignee" {"type" "string","value" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data readableid string response data data name string response data data description string response data data timestamp string response data data source string response data data assignedto string response data data teamassignedto string response data data created string response data data closed string response data data closedby string response data data severity string response data data confidence number response data data assignee object response data data assignee username string response data data assignee displayname string response data data status object response data data status name string response data data status displayname string response data data resolution string response data data subresolution string response data data entity object response data output example {"data" {"id" "12345678 1234 1234 1234 123456789abc","readableid" "string","name" "example name","description" "string","timestamp" "2024 01 01t00 00 00z","source" "string","assignedto" "string","teamassignedto" "string","created" "2024 01 01t00 00 00z","closed" "string","closedby" "string","severity" "string","confidence" 123,"assignee" {"username" "example name","displayname" "example name"},"status" {"name" "example name","displayname" "example name"}}} update insight status updates the status of a specified insight in sumo logic using the provided insight id endpoint url api/sec/v1/insights/{{id}}/status method put input argument name type required description path parameters id string required id of status to be updated status string optional the status to update this insight to default values are "new", "inprogress", and "closed", but custom statuses can also be created in the ui resolution string optional the resolution reason for closing this insight input example {"json body" {"status" "new","resolution" "reason"},"path parameters" {"id" "xyzstr1"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data id string response data data readableid string response data data name string response data data description string response data data timestamp string response data data source string response data data assignedto string response data data teamassignedto string response data data created string response data data closed string response data data closedby string response data data severity string response data data confidence number response data data assignee object response data data assignee username string response data data assignee displayname string response data data status object response data data status name string response data data status displayname string response data data resolution string response data data subresolution string response data data entity object response data output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"data" {"id" "string","readableid" "string","name" "string","description" "string","timestamp" "2024 04 22t09 18 50z","source" "algorithm","assignedto" "string","teamassignedto" "string","created" "2024 04 22t09 18 50z","closed" "2024 04 22t09 18 50z","closedby" "string","severity" "critical","confidence" 0,"assignee" {},"status" {}}}} response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 123 content type the media type of the resource application/json date the date and time at which the message was originated mon, 29 jan 2024 16 08 07 gmt expires the date/time after which the response is considered stale thu, 01 jan 1970 00 00 00 gmt set cookie http response header set cookie awsalb=ompd6ekocbj7wwuppizabugz6ixm7onx9hn/dwiwck0qrmxvncxxad1735q11plbjfudhlw9xcswxjn6ldgxaidbevshmbrrsrdm67p8edxizzq5vaoiqmxlgn4a; expires=mon, 05 feb 2024 16 08 07 gmt; path=/, awsalbcors=ompd6ekocbj7wwuppizabugz6ixm7onx9hn/dwiwck0qrmxvncxxad1735q11plbjfudhlw9xcswxjn6ldgxaidbevshmbrrsrdm67p8edxizzq5vaoiqmxlgn4a; expires=mon, 05 feb 2024 16 08 07 gmt; path=/; samesite=none; secure, sumoapiid=node08z5fwybx9i1z6ebzu7o38tn51837873 node0; path=/; secure; httponly strict transport security http response header strict transport security max age=15552000 x content type options http response header x content type options nosniff x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block