Skip to main content

Sumo Logic Cloud SIEM

Sumo Logic Cloud SIEM provides threat detection and incident response for modern IT environments. This content pack will allow you to apply automation to perform actual SOC analyst workflows. Using this content pack you will be able to fetch Incidents via Insights, update status of an Insight, add items to match list, add Threat Intel Indicators to Threat Intel Sources, and so on.

The integration in this pack enables interactions with Sumo Logic Cloud SIEM. It can be used to fetch Incidents via Insights, update status of an Insight, add items to match list, search Entities/Signals/Insights/Threat Intel indicators, and more.

What does this pack do?

This pack enables you to run commands that:

  • Fetch Incidents via Insights
  • Search Entities, Signals, Insights and Threat Intel indicators
  • Change status of Insight
  • Get Insight comments
  • Add items to match list
  • Add Threat Intel Indicators to Threat Intel Sources

Note: This pack replaces the legacy JASK pack. For further details about the migration from JASK, visit our reference docs.

PUBLISHER

Sumo Logic

INFO

CertificationRead more
Supported ByPartner
CreatedMay 26, 2021
Last ReleaseDecember 21, 2021
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.