Skip to main content
Sumo Logic

Cloud Sensor Guide

Learn about the Cloud Sensor Integrations and functionality.

This page has instructions for configuring CSE Cloud Sensor integrations, which allow you to collect log data from a variety of cloud-based applications and storage services.

Cloud Sensor Overview

The CSE Cloud Sensor is a sensor that is hosted by CSE. There are two types of integrations available for the Cloud Sensor:

  • Cloud-based app integrations. These integrations allow you to collect log data from cloud-based apps, for example, Amazon GuardDuty, or Microsoft Office 365. 

  • Cloud-based storage integrations. These integrations allow you to collect log data from AWS S3, AWS SQS, or Microsoft EventHub. This is useful if you forward log data from applications to one of these storage services. 

You configure Cloud Sensor integrations on the edit page for your Cloud Sensor. When you add an integration, you are prompted to supply a number of configuration parameters. For example, when you add integrations for AWS services, you are prompted to supply your AWS access key, secret key, and data that identifies the resources you want to monitor. For an example configuration procedure, see Configure an API integration, below.

Supported App integrations

The following table lists the integrations supported by CSE. 

Vendor Products
Amazon Web Services (AWS
  • CloudTrail
  • GuardDuty
  • SQS Forwarding
  • S3 Forwarding
  • Virtual Private Cloud (VPC) Flow Records
Carbon Black
  • Defense
Cisco
  • AMP
  • Umbrella
Cloudflare
  • Logpush
Cylance
  • PROTECT
Duo Security
  • Multi-Factor Authentication (MFA)
Endgame
  • Protect API
Google
  • G Suite
Illumio
  • Adaptive Security Platform (ASP)
Lacework
  • Cloud Security Platform
Microsoft
  • Azure
  • Azure EventHub Forwarding
  • Office 365
Mimecast
  • Message Transfer Agent (MTA)
Netskope
  • Security Cloud
Okta
  • Authentication
Proofpoint
  • TAP
Redlock
  • Cloud Threat Defense
Salesforce
  • Platform
Sophos
  • SIEM API (Alerts and Events)
Tenable
  • Events

Supported Cloud Storage Integrations

This section lists the CSE’s cloud storage integrations.

Storage service Integrations
AWS S3
  • AWS CloudTrail via S3
  • AWS GuardDuty via
  • Tenable Events via S3
  • Cisco Umbrella via S3
AWS SQS
  • AWS CloudTrail via SQS
  • AWS S3 via SQS
  • Amazon GuardDuty via SQS
  • RedLock Cloud threat Defense via SQS
  • Lacework Cloud Security Platform via SQS
  • Cisco Umbrella via SQS
  • Illumino ASP via SQS
Microsoft
  • Azure Eventhub

Configure an API integration 

  1. In the CSE web UI, click the gear icon, then click Sensors.

    Sensor_UI.png
  2. Click Cloud Sensor's Edit icon.

    Cloud_Sensor_Edit.png
  3. Click ADD under the INTEGRATIONS section.

    Integration_ADD.png
  4. Select the Type of integration you would like to configure, fill in the required fields, and click ADD.

    Integration_Type.png
  5. The new integration is listed under the Cloud Sensor's INTEGRATIONS section labeled by the Name you provided for that Integration. (Not the Type of Integration)
  6. The Cloud Sensor will begin to automatically collect data from your new integration. To confirm, click on the Info icon next to "Cloud Sensor" to view the integration's configuration and Records Seen Since Start.

    info.png

    Records_Seen_Since_Start.png