Skip to main content

Ingest Signal Sciences WAF Data into Cloud SIEM

To ingest Signal Sciences data into Cloud SIEM:

  1. Configure an HTTP Logs and Metrics source on a collector. When you configure the source, do the following:
    1. Select the Forward to SIEM option in the source configuration UI. This will ensure all logs for this source are forwarded to Cloud SIEM.
    2. Make note of the Source Category. You'll supply it in a later step.
    3. After saving the source, click the Show URL link and make note of the HTTP source URL. You'll supply it in a later step.
  2. Configure Signal Sciences WAF to send log messages to the Sumo Logic platform:
    1. Go to the SigSci Site Tools > Integrations in the SigSci dashboard.
    2. Click Add for Generic Webhook.
    3. Paste the HTTP source URL from the previous step into the Webhook URL field and click Add. For more information on Generic Webhooks refer to the Generic Webhooks page in Fastly help.
  3. Configure a Sumo Logic Ingest Mapping in Cloud SIEM for the source category assigned to the source. The mapping tells Cloud SIEM the information it needs to select the right mapper to process messages that have been tagged with that source category. 
    1. Classic UI. In the top menu select Configuration, and then under Integrations select Sumo Logic.
      New UI. In the top menu select Configuration, and then under Cloud SIEM Integrations select Ingest Mappings. You can also click the Go To... menu at the top of the screen and select Ingest Mappings.
    2. On the Ingest Mappings tab, click + Add Ingest Mapping.
    3. On the Add Ingest Mapping popup:
      • Source Category. Enter the category you assigned to the HTTP source you created earlier. 
      • Format. Enter JSON.
      • Vendor. Enter SignalSciences.
      • Product. Enter WAF
      • Event ID. Enter .*
    4. Click Create to save the mapping.
  4. To verify that your logs are successfully making it into Cloud SIEM:
    1. Classic UI. In the top menu select Configuration, and then under Incoming Data select Log Mappings.
      New UI. In the top menu select Configuration, and then under Cloud SIEM Integrations select Log Mappings. You can also click the Go To... menu at the top of the screen and select Log Mappings.
    2. On the Log Mappings page search for "Signal Sciences" and check the Records columns.
      Signal Sciences record volume
    3. For a more granular look at the incoming records, you can also search the Sumo Logic platform for Signal Sciences WAF security records:
      _index=sec_record* and metadata_product = "Signal Sciences"
Edit this page
Last updated on by John Pipkin (Sumo Logic)
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.