Sumo Logic Cloud SIEM

Sumo Logic Cloud SIEM provides threat detection and incident response for modern IT environments. This content pack will allow you to apply automation to perform actual SOC analyst workflows. Using this content pack you will be able to fetch Incidents via Insights, update status of an Insight, add items to match list, add Threat Intel Indicators to Threat Intel Sources, and so on.

The integration in this pack enables interactions with Sumo Logic Cloud SIEM. It can be used to fetch Incidents via Insights, update status of an Insight, add items to match list, search Entities/Signals/Insights/Threat Intel indicators, and more.

What does this pack do?

This pack enables you to run commands that:

Fetch Incidents via Insights
Search Entities, Signals, Insights and Threat Intel indicators
Change status of Insight
Get Insight comments
Add items to match list
Add Threat Intel Indicators to Threat Intel Sources
Mirror IN and OUT Sumo Logic Insights and Signals to XSOAR incidents

Note: This pack replaces the legacy JASK pack. For further details about the migration from JASK, visit our reference docs.

What does this pack do?

This pack enables you to run commands that:

Fetch Incidents via Insights
Search Entities, Signals, Insights and Threat Intel indicators
Change status of Insight
Get Insight comments
Add items to match list
Add Threat Intel Indicators to Threat Intel Sources
Mirror IN and OUT Sumo Logic Insights and Signals to XSOAR incidents

Note: This pack replaces the legacy JASK pack. For further details about the migration from JASK, visit our reference docs.

Automations

Name	Description
SumoLogicCloseLinkSignalIncidents	Close the linked signal incidents when the main Insight incident is closed
SumoLogicLinkSignalIncidents	Command to link associated Signal Incidents to the Insight Incident

Classifiers

Name	Description
Sumo Logic Insight Classifier	Classifier for Sumo Logic Insight and Signal
Sumo Logic Cloud SIEM Classifier	Classifier for Sumo Logic Insight and Signal
Sumo Logic Insight - Mapper	Sumo Logic Cloud SIEM Mapper

Incident Fields

Name	Description
Sumo Logic Cloud SIEM Insight Involved Entities	Entities involved with Insight
Sumo Logic Cloud SIEM Signal Records
Sumo Logic Cloud SIEM Record Fields	Sumo Logic Cloud SIEM Record Fields
Sumo Logic Cloud SIEM Insight Signals	List of Insight Signals
Sumo Logic Cloud SIEM Signal Entity	Entity associated with Signal
Sumo Logic Cloud SIEM Insight Entity	Entity associated with Insight
Sumo Logic Cloud SIEM Insight URL	Sumo URL for the Insight

Incident Types

Name	Description
Sumo Logic Signal
Sumo Logic Insight

Integrations

Name	Description
Sumo Logic Cloud SIEM (Partner Contribution)	Freeing the analyst with autonomous decisions.

Layouts

Name	Description
Sumo Logic Insight	Layout for Sumo Logic Insight Incident
Sumo Logic Signal	Layout for Sumo Logic Signal Incident

Playbooks

Name	Description
Sumo Logic Cloud SIEM - Link Signal Incidents	Playbook to link Sumo Logic Signal Incidents to the corresponding Insight Incident

Automations

Name	Description
SumoLogicCloseLinkSignalIncidents	Close the linked signal incidents when the main Insight incident is closed
SumoLogicCloseLinkSignalAlerts	Close the linked signal alerts when the main Insight alert is closed
SumoLogicLinkSignalIncidents	Command to link associated Signal Incidents to the Insight Incident
SumoLogicLinkSignalAlerts	Command to link associated Signal Alerts to the Insight Alert

Classifiers

Name	Description
Sumo Logic Cloud SIEM Classifier	Classifier for Sumo Logic Insight and Signal
Sumo Logic Insight Classifier	Classifier for Sumo Logic Insight and Signal
Sumo Logic Insight - Mapper	Sumo Logic Cloud SIEM Mapper

Incident Fields

Name	Description
Sumo Logic Cloud SIEM Record Fields	Sumo Logic Cloud SIEM Record Fields
Sumo Logic Cloud SIEM Insight Signals	List of Insight Signals
Sumo Logic Cloud SIEM Signal Entity	Entity associated with Signal
Sumo Logic Cloud SIEM Insight Entity	Entity associated with Insight
Sumo Logic Cloud SIEM Signal Records
Sumo Logic Cloud SIEM Insight URL	Sumo URL for the Insight
Sumo Logic Cloud SIEM Insight Involved Entities	Entities involved with Insight

Incident Types

Name	Description
Sumo Logic Insight
Sumo Logic Signal

Integrations

Name	Description
Sumo Logic Cloud SIEM (Partner Contribution)	Freeing the analyst with autonomous decisions.

Playbooks

Name	Description
Sumo Logic Cloud SIEM - Link Signal Alerts	Playbook to link Sumo Logic Signal Alerts to the corresponding Insight Alert

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (4)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR

1.1.23 - 938811 (April 7, 2024)

Scripts

SumoLogicLinkSignalIncidents

Updated the Docker image to: demisto/python3:3.10.14.90585.

SumoLogicCloseLinkSignalIncidents

Updated the Docker image to: demisto/python3:3.10.14.90585.

Related pull requests:
- 33641
- 33516
- 33519
- 33515
- 33329
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458
- 33535
- 33534
- 33537
- 33552
- 33580
- 33553
- 33418
- 33583
- 33555
- 33556
- 33559
- 33560
- 33619
- 33591
- 33602
- 33600
- 33314
- 33318
- 33328
- 33357
- 33344
- 33359
- 33458

Download

1.1.22 - 870683 (March 5, 2024)

Incident Fields

Sumo Logic Cloud SIEM Insight Signals
- Fixed a bug when sumourl column has invalid value.

Related pull requests:
- 33219

Download

1.1.21 - 762016 (January 14, 2024)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32183

Download

1.1.20 - 733853 (January 2, 2024)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31878

Download

1.1.19 - 6608983 (October 15, 2023)

Integrations

Sumo Logic Cloud SIEM

For each 'signals' object retrieved from the fetch-incidents command, remove fields that begin with the 'bro' prefix and have values that are either empty lists [], empty strings "", empty tuples (), or empty objects {}.
Updated the Docker image to: demisto/python3:3.10.13.75921.

Related pull requests:
- 30079
- 30149

Download

1.1.18 - R6592021 (October 13, 2023)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29341

Download

1.1.17 - 6069807 (August 16, 2023)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29000

Download

1.1.16 - 5914533 (July 31, 2023)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28612

Download

1.1.15 - R5866730 (July 25, 2023)

Scripts

SumoLogicCloseLinkSignalIncidents

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28182

Download

1.1.14 - 5746599 (July 12, 2023)

Scripts

SumoLogicLinkSignalIncidents

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28088

Download

1.1.13 - R5692327 (July 5, 2023)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27709

Download

1.1.12 - 5456534 (June 6, 2023)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27243

Download

1.1.11 - 5318720 (May 21, 2023)

Scripts

SumoLogicCloseLinkSignalIncidents

Transform automation names from "incident" to "alert" in XSIAM.
Updated the Docker image to: demisto/python3:3.10.11.58677.

SumoLogicLinkSignalIncidents

Transform automation names from "incident" to "alert" in XSIAM.
Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26365

Download

1.1.10 - 5277943 (May 16, 2023)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26476

Download

1.1.9 - R5170573 (May 2, 2023)

Classifiers

Sumo Logic Insight Classifier

Updated to include Sumo Logic Cloud SIEM Signal Incident type

Sumo Logic Cloud SIEM Classifier

New: Added a classifier called Sumo Logic Cloud SIEM classifier for future deprecation of the current classifier Sumo Logic Insight Classifier. It is, however, identical to the classifier Sumo Logic Insight Classifier

Incident Fields

New: Added the field Sumo Logic Cloud SIEM Record Fields to contain the field fields of the first record associated with a Sumo Logic SIEM Signal
Sumo Logic Cloud SIEM Insight Signals
New: Added the field Sumo Logic Cloud SIEM Signal Entity for the Entity element of a Sumo Logic SIEM Signal
New: Added the field Sumo Logic Cloud SIEM Signal Records to contain all records associated with a Sumo Logic SIEM Signal
The field Sumo Logic Cloud SIEM Insight URL is being deprecated. Use the standard XSOAR field External Link instead
Sumo Logic Cloud SIEM Insight Entity
Sumo Logic Cloud SIEM Insight Involved Entities

Incident Types

Sumo Logic Insight
New: Added a new Incident Type called Sumo Logic Signal that will be linked to the corresponding Insight incident for easier analysis and investigation

Integrations

Sumo Logic Cloud SIEM

Updated to support the new Sumo Logic Signal incident type
New: Added a command sumologic-sec-insight-add-comment to add a comment to an existing Sumo Logic Insight:
The integration now supports MIRROR IN and OUT between XSOAR and Sumo Logic Cloud SIEM. Note: The mirror works for Sumo Logic Insight incidents only, as Sumo Logic Signals are immutable by their nature
For Mirror IN, the resolution mappings are: Duplicate -> Duplicate; False Positive -> False Positive; Resolved, No Action -> Resolved; Any custom Sumo Logic Cloud SIEM resolution -> Same custom close reason in XSOAR
For Mirror OUT, the resolution mappings are: Duplicate -> Duplicate; False Positive -> False Positive; Resolved, Other -> Resolved; Any custom XSOAR close reason -> Same custom resolution in Sumo Logic Cloud SIEM
Updated the Docker image to: demisto/python3:3.10.11.54132.

Layouts

New: Sumo Logic Signal
New layout for the new Sumo Logic Signal incident type (Available from Cortex XSOAR 6.5.0).
Sumo Logic Insight
The layout for the Sumo Logic Insight incident type has been updated to better show data around the Insight

Mappers

Sumo Logic Insight - Mapper

The mapper has been updated to map more standard XSOAR fields (e.g External Url, AlertID, Destination IP, etc.) for both the existing Sumo Logic Insight and new Sumo Logic Signal incident type

Playbooks

New: Sumo Logic Cloud SIEM - Link Signal Incidents

Playbook to link Sumo Logic Signal Incidents to the corresponding Insight Incident (Available from Cortex XSOAR 6.8.0).

Scripts

New: SumoLogicLinkSignalIncidents

Command to link associated Signal Incidents to the Insight Incident (Available from Cortex XSOAR 6.5.0).

New: SumoLogicCloseLinkSignalIncidents

Close the linked signal incidents when the main Insight incident is closed (Available from Cortex XSOAR 6.5.0).

Related pull requests:
- 25414
- 25818

Download

1.1.8 - 4760018 (March 7, 2023)

Incident Fields

Sumo Logic Cloud SIEM Insight Signals

Related pull requests:
- 25093

Download

1.1.7 - 4718798 (March 1, 2023)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24958

Download

1.1.6 - R4646022 (February 19, 2023)

Layouts

Sumo Logic Insight
This item is no longer supported in XSIAM.

Related pull requests:
- 24223

Download

1.1.5 - 3305407 (July 21, 2022)

Classifiers

New: Sumo Logic Insight Classifier

Added the classifier for Sumo Logic Insight.

Incident Fields

New: Sumo Logic Cloud SIEM Insight Signals
Added the new Sumo Logic Cloud SIEM Insight Signals field corresponding to all Sumo Logic Cloud SIEM Signals contributing to the Insight.
New: Sumo Logic Cloud SIEM Insight Entity
Added the new Sumo Logic Cloud SIEM Insight Entity field corresponding to the Sumo Logic Cloud SIEM Entity associated with the Insight.
New: Sumo Logic Cloud SIEM Insight Involved Entities
Added the new Sumo Logic Cloud SIEM Insight Involved Entities field corresponding to all entities involved in the Insight.

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.10.5.31928.
Added the new property called SumoUrl to fetched incidents which contains the link to the corresponding Sumo Logic Insight.
Added the new property called SumoUrl to each fetched signal which contains the link to the corresponding Sumo Logic Signal.

Layouts

New: Sumo Logic Insight
Added the new layout for Sumo Logic Insights (Available from Cortex XSOAR 6.2.0).

Related pull requests:
- 20138

Download

1.1.4 - R2146019 (December 21, 2021)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.1.3 - 2042391 (December 2, 2021)

Integrations

Sumo Logic Cloud SIEM

Documentation fixes

Download

1.1.2 - 7740378 (September 23, 2021)

Integrations

Sumo Logic Cloud SIEM

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.1.1 - 406668 (August 5, 2021)

Integrations

Sumo Logic Cloud SIEM

Updated documentation to proper TLD

Download

1.1.0 - 402821 (July 27, 2021)

Integrations

Sumo Logic Cloud SIEM

Added record summary fields to the Insight calls
Use "created" timestamp when querying for Insights
Use paging when fetching incidents (Insights)
Update support email address
Updated the Docker image to: demisto/python3:3.9.5.21272.

Download

1.0.2 - R400461 (July 20, 2021)

Integrations

Sumo Logic Cloud SIEM

Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

Certification	Certified	Read more
Supported By	Partner
Created	May 26, 2021
Last Release	April 7, 2024

Sumo Logic Cloud SIEM

What does this pack do?

What does this pack do?

Scripts

SumoLogicLinkSignalIncidents

SumoLogicCloseLinkSignalIncidents

Incident Fields

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Scripts

SumoLogicCloseLinkSignalIncidents

Scripts

SumoLogicLinkSignalIncidents

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Scripts

SumoLogicCloseLinkSignalIncidents

SumoLogicLinkSignalIncidents

Integrations

Sumo Logic Cloud SIEM

Classifiers

Sumo Logic Insight Classifier

Sumo Logic Cloud SIEM Classifier

Incident Fields

Incident Types

Integrations

Sumo Logic Cloud SIEM

Layouts

Mappers

Sumo Logic Insight - Mapper

Playbooks

New: Sumo Logic Cloud SIEM - Link Signal Incidents

Scripts

New: SumoLogicLinkSignalIncidents

New: SumoLogicCloseLinkSignalIncidents

Incident Fields

Integrations

Sumo Logic Cloud SIEM

Layouts

Classifiers

New: Sumo Logic Insight Classifier

Incident Fields

Integrations

Sumo Logic Cloud SIEM

Layouts

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

Integrations

Sumo Logic Cloud SIEM

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER