Stay organized with collections
Save and categorize content based on your preferences.
Sumo Logic
Integration version: 16.0
Configure Sumo Logic integration in Google Security Operations
For detailed instructions on how to configure an integration in
Google SecOps, see Configure
integrations.
Actions
Ping
Description
Test connectivity to Sumo Logic.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name
Value Options
Example
success
True/False
success:False
JSON Result
N/A
Search
Description
Run a query and get the search results from Sumo Logic.
Parameters
Parameter
Type
Default Value
Description
Query
String
N/A
Sumo Logic query to run. Example: _collector=*
Delete Search Job
Checkbox
Un-Checked
If checked, delete the jobs after a search is completed.
Since
String
N/A
Start date of the search, ISO-8601 or unixtime. Example: 1970-01-01T00:00:00. Default: 1 (unixtime).
To
String
N/A
End date of the search, ISO-8601 or unixtime. Example: 1970-01-01T00:00:00. Default: now (current utc unixtime).
Limit
String
N/A
Number of results to return. Example: 10. Default: 25.
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name
Value Options
Example
results
N/A
N/A
JSON Result
[{"_messageid":"-9223372036854773772","_messagetime":"1359407049529","_blockid":"-9223372036854775674","_sourcecategory":"service","_format":"plain:atp:o:0:l:29:p:yyyy-MM-dd HH:mm:ss,SSS ZZZZ","_sourcename":"/Users/christian/Development/sumo/ops/assemblies/latest/service-20.1-SNAPSHOT/logs/service.log","_source":"service","_receipttime":"1359407051885","_collectorid":"1579","_sourceid":"1640","_raw":"2013-01-28 13:04:09,529 -0800 INFO[module=SERVICE][logger=com.netflix.config.sources.DynamoDbConfigurationSource] [thread=pollingConfigurationSource] Successfully polled Dynamo for a new configuration based on table:raychaser-chiapetProperties","_size":"246","_collector":"local","_messagecount":"2035","_sourcehost":"Chiapet.local"}]
Connectors
Sumo Logic Connector
Description
Sumo Logic Connector.
Configure Sumo Logic Connector in Google SecOps
For detailed instructions on how to configure a connector in
Google SecOps, see Configuring the
connector.
Connector parameters
Use the following parameters to configure the connector:
Parameter
Type
Default Value
Description
DeviceProductField
String
device_product
The field name used to determine the device product. Example: _type
EventClassId
String
name
The field name used to determine the event name (sub-type). Example: _source_match_event_id
PythonProcessTimeout
String
60
The timeout limit (in seconds) for the python process running current script.
API Root
String
null
The Sumo Logic Api root, for example: https://api.{region}.sumologic.com
Access ID
String
null
Sumo Logic access ID.
Access Key
Password
null
Sumo Logic access key.
Verify SSL
Checkbox
FALSE
Whether to use ssl on connection or not.
Alert Name Field
String
null
The name of the field where the alert name is located (flat field path). Example: _sourcecategory
Timestamp Field
String
null
The name of the field where the timestamp is located (flat field path). Example: _receipttime
Environment Field
String
null
The name of the field where the environment is located (flat field path). Example: _collector
Indexes
String
null
Indexes to get alerts in".
Alerts Count Limit
Integer
10
Max count of alerts to pull in one cycle. Example: 20
Max Days Backwards
Integer
1
Max number of days to fetch alerts since. Example: 3
Proxy Server Address
String
null
The address of the proxy server to use.
Proxy Username
String
null
The proxy username to authenticate with.
Proxy Password
Password
null
The proxy password to authenticate with.
Connector rules
Proxy support
The connector supports proxy.
Dynamic/whitelist rule support
This will run a single search job for each query added as a rule. If both were
supplied: indexes and queries, queries have priority over the connector's
'indexes' parameter.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eThis integration connects Google Security Operations SOAR with Sumo Logic, with the current version being 16.0.\u003c/p\u003e\n"],["\u003cp\u003eThe "Ping" action tests the connectivity to Sumo Logic without requiring any parameters.\u003c/p\u003e\n"],["\u003cp\u003eThe "Search" action allows users to run queries on Sumo Logic, providing parameters such as "Query," "Since," "To," and "Limit" to refine search criteria, with the option to delete jobs after completion.\u003c/p\u003e\n"],["\u003cp\u003eThe Sumo Logic connector facilitates data ingestion, enabling configuration of parameters like API Root, Access ID, and Access Key, and supports both proxy and dynamic/whitelist rule.\u003c/p\u003e\n"],["\u003cp\u003eThe connector can pull a set amount of alerts from Sumo Logic and will run a search job for every query set up.\u003c/p\u003e\n"]]],[],null,["# Sumo Logic\n==========\n\nIntegration version: 16.0\n\nConfigure Sumo Logic integration in Google Security Operations\n--------------------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n-------\n\n### Ping\n\n#### Description\n\nTest connectivity to Sumo Logic.\n\n#### Parameters\n\nN/A\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n### Search\n\n#### Description\n\nRun a query and get the search results from Sumo Logic.\n\n#### Parameters\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n [\n {\n \"_messageid\": \"-9223372036854773772\",\n \"_messagetime\": \"1359407049529\",\n \"_blockid\": \"-9223372036854775674\",\n \"_sourcecategory\": \"service\",\n \"_format\": \"plain:atp:o:0:l:29:p:yyyy-MM-dd HH:mm:ss,SSS ZZZZ\",\n \"_sourcename\": \"/Users/christian/Development/sumo/ops/assemblies/latest/service-20.1-SNAPSHOT/logs/service.log\",\n \"_source\": \"service\",\n \"_receipttime\": \"1359407051885\",\n \"_collectorid\": \"1579\",\n \"_sourceid\": \"1640\",\n \"_raw\": \"2013-01-28 13:04:09,529 -0800 INFO\n [module=SERVICE]\n [logger=com.netflix.config.sources.DynamoDbConfigurationSource] [thread=pollingConfigurationSource] Successfully polled Dynamo for a new configuration based on table:raychaser-chiapetProperties\",\n \"_size\": \"246\",\n \"_collector\": \"local\",\n \"_messagecount\": \"2035\",\n \"_sourcehost\": \"Chiapet.local\"\n }\n ]\n\nConnectors\n----------\n\n### Sumo Logic Connector\n\n#### Description\n\nSumo Logic Connector.\n\n#### Configure Sumo Logic Connector in Google SecOps\n\nFor detailed instructions on how to configure a connector in\nGoogle SecOps, see [Configuring the\nconnector](/chronicle/docs/soar/ingest/connectors/ingest-your-data-connectors).\n\n##### Connector parameters\n\nUse the following parameters to configure the connector:\n\n#### Connector rules\n\n##### Proxy support\n\nThe connector supports proxy.\n\n##### Dynamic/whitelist rule support\n\nThis will run a single search job for each query added as a rule. If both were\nsupplied: indexes and queries, queries have priority over the connector's\n'indexes' parameter.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
