Skip to main content
Skip table of contents

Sumo Logic

What is Sumo Logic?

Sumo Logic is an all-in-one data analytics platform focused on Security, Operations, and Business Intelligence use cases.

Why Should You Use the Sumo Logic Connector?

The Sumo Logic connector provides visibility into the assets in your environment. You can use this visibility to:

  • ensure assets are managed per your security policies

  • derive relationships between assets, users, applications, and data

How Does This Connector Work?

Lucidum executes read-only requests to the Sumo Logic REST API and ingests only meta-data about Sumo Logic devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum

Field

Description

Example

Profile Name

Profile Name for the connection between Lucidum and Sumo Logic

lucidum-sumologic

Access Key ID

Unique ID for a Sumo Logic access key. The Access Key should have View access to the Sumo Logic assets and users you want to ingest in Lucidum.

If you have the Create Access Keys capability, you can use the Preferences > My Access Keys page to create access keys.

If your role grants you the Manage Access Keys capability, you can manage access keys in the Administration > Security > Access Keys page.

su7iQSdsdm7MGP

Access Key Secret

Password for a Sumo Logic access key.

If your role grants you the Manage Access Keys capability, you can manage access keys in the Administration > Security > Access Keys page.

***********

Asset Data Query

Query, using the Sumo Logic Search Query Language, to filter the list of assets.

_sourceHost=ldapserver AND _sourceCategory="hr-dept"

Asset Data Mapping

Maps field values from Sumo Logic to fields in the Lucidum Asset database.

“device_hostname”->Asset_Name

User Data Query

Query, using the Sumo Logic Search Query Language, to filter the list of assets.

"uid=" | parse regex "uid=(?<userId>\d+)"

User Data Mapping

Maps field values from Sumo Logic to fields in the Lucidum User database.

“user_username”->Owner_Name

Asset Data Mapping

Lucidum has populated the Asset Data Mapping field with most commonly used Lucidum fields. The value on the right side of the mapping is the Lucidum field.

To create a mapping:

  1. You can map only the Lucidum fields (values to the right of ->) that are already included in the Asset Data Mapping field. Currently, uou cannot add new mappings.

  2. Put your cursor in the Asset Data Mapping field.

  3. Note the name of the Lucidum Field you want to map. Then delete it (garbage can icon).

  4. Enter

    “Sumo Logic field name”->Lucidum field name.

    where:

    • “Sumo Logic field name” is a field name used in Sumo Logic.

    • Lucidum_Field_Name is the name of the field in the Lucidum Asset database.

  5. Press Enter.

  6. The new mapping appears in the Asset Data Mapping field.

User Data Mapping

Lucidum has populated the User Data Mapping field with most commonly used Lucidum fields. The value on the right side of the mapping is the Lucidum field.

To create a mapping:

  1. You can map only the Lucidum fields (values to the right of ->) that are already included in the User Data Mapping field. Currently, you cannot add new mappings.

  2. Put your cursor in the User Data Mapping field.

  3. Note the name of the Lucidum Field you want to map. Then delete it (garbage can icon).

  4. Enter

    “Sumo Logic field name”->Lucidum field name.

    where:

    • “Elastic field name” is a field name used in Sumo Logic.

    • Lucidum_Field_Name is the name of the field in the Lucidum Asset database.

  5. Press Enter.

  6. The new mapping appears in the User Data Mapping field.

Source Documentation

Creating Credentials

To create an access key, your account Sumo Logic account must have the Manage Access Keys permission.

To create an access key ID and access key secret that Lucidum can use to communicate with Sumo Logic:

https://help.sumologic.com/docs/manage/security/access-keys/#manage-all-users-access-keys-on-access-keys-page

Required Permissions

The access key for the Lucidum connector should have at least View access to the Sumo Logic assets and Sumo Logic users you want to ingest in Lucidum.

Asset Data Query and User Data Query

https://help.sumologic.com/docs/search/search-query-language/

API Documentation

https://help.sumologic.com/docs/api/

https://api.sumologic.com/docs/#tag/userManagement

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.