Cloud SOAR can receive alerts from Sumo Logic Monitors and Scheduled Searches to create Incidents. First, you'll need to create a Cloud SOAR connection. Then you can use the connection as the Connection Type in a Monitor or the Alert Type in a Scheduled Search.
You need to have Cloud SOAR enabled on your account for this connection to be available.
You'll need the Manage connections role capability to create webhook connections.
This section demonstrates how to create a webhook connection from Sumo Logic to Cloud SOAR.
- In Sumo Logic, go to Manage Data > Monitoring > Connections.
- Click + Add and choose Cloud SOAR as the connection type.
- Enter a Name and give an optional Description to the connection.
- The URL and Authorization Header are automatically defined by Sumo Logic. You should not edit these.
- The Templates dropdown shows a list of all incident templates, by name, configured in your Cloud SOAR environment.
- The default Payload synchronizes with the selected template and the associated
template_idfield is automatically defined in the default payload. A
template_idis required in the payload in order to configure the connection. For details on variables you can use as parameters within your JSON object, see Webhook Payload Variables.
- Click Save.