Webhook Connection for Cloud SOAR
Cloud SOAR can receive alerts from Sumo Logic Monitors and Scheduled Searches to create Incidents. First, you'll need to create a Cloud SOAR connection. Then you can use the connection as the Connection Type in a Monitor or the Alert Type in a Scheduled Search.
before you begin
- You need to have Cloud SOAR enabled on your account for this connection to be available.
- You'll need the Manage connections role capability to create webhook connections.
To create a webhook connection from Sumo Logic to Cloud SOAR:
- In the main Sumo Logic menu, select Manage Data > Monitoring > Connections.
- Click + Add and choose Cloud SOAR as the connection type.
- Enter a Name and give an optional Description to the connection.
- The URL and Authorization Header are automatically defined by Sumo Logic. You should not edit these.
- The Templates dropdown shows a list of all incident templates, by name, configured in your Cloud SOAR environment.
- The default Payload synchronizes with the selected template and the associated
template_id
field is automatically defined in the default payload. Atemplate_id
is required in the payload in order to configure the connection. For details on variables you can use as parameters within your JSON object, see Webhook Payload Variables. - Click Save.
For more detailed instructions, see Configure a webhook for Cloud SOAR.