Skip to main content

About the Automation Service

The Automation Service allows you to set up actions that run automatically when certain conditions are met in Sumo Logic. These automated actions help you to respond quickly to a wide arrange of events.

To use the Automation Service, execute playbooks to run actions in a workflow. Actions are provided by integrations with Sumo Logic and third-party vendors. The Automation Service has number of integrations, actions, and playbooks that you can customize. You can also create your own.

Where you can run automations

You can use the Automation Service to run automations for the following:

  • Cloud SIEM. Use the Automation Service with Cloud SIEM to create notifications and add enrichments for Insights and Entities, speeding the time to respond to security incidents.

Automation Service UI

The Automation Service UI is composed of the following tabs:

  • App Central. Displays a central repository of integrations and playbooks you can install to your environment.
    App Central screen
  • Playbook. Shows playbooks, which are workflows you can run to perform automations.
    Playbook screen
  • Integration. Lists integrations with Sumo Logic and third-party vendors that provide actions used in playbooks.
    Integrations screen
  • Bridge. Shows connections between on-premises servers and the Sumo Logic cloud. A bridge allows you to create a custom integration in your own system and use it to for automation.
    Bridge screen

Access the Automation Service

info

Before you can access the Automation Service, you must first configure role capabilities.

From the Sumo Logic screen

  1. Go to the main menu.
  2. Click Automation.
    Automation menu option in the nav bar
    note

    The Automation option appears in the main menu only if you have Cloud SIEM installed. If you also have Cloud SOAR installed, a Cloud SOAR option appears instead, since all automation services are provided by Cloud SOAR when it installed in conjunction with Cloud SIEM.

  3. The Automation Service screen opens on the Playbook tab.
    Playbook screen

From Cloud SIEM

  1. Click the Configuration button (gear icon) at the top of the Cloud SIEM UI.
  2. Under Integrations, select Automation.
    Automation menu option
    The list of available automations appears. Each automation runs a playbook.
    Automations list
  3. At the top of the screen, click Manage Playbooks.
    Manage Playbooks menu option
  4. The Automation Service screen opens on the Playbook tab.Automation Playbook list

Prerequisites

Configure role capabilities

Access to the Automation Service is controlled by role capabilities in the Sumo Logic platform. To get access to the Automation Service:

  1. In the left navigation bar of Sumo Logic, select Administration > Users and Roles.
  2. Click the Roles tab.
  3. Click Add Role to create a new role for users of the Automation Service. Alternatively, you can select an existing role in the Roles tab and click Edit.
  4. Add the following capabilities:
    • Automation Service
      • Task Access
      • Task Access all
      • Task Edit
      • Task Reassign
      • App Central Access
      • App Central Export
      • Integrations Access
      • Integrations Configure
      • Playbooks Access
      • Playbooks Configure
      • Bridge Monitoring Access
      • Observability Access
      • Observability Configure

Configure the connection for an integration resource

To use integrations, you must configure the connection for their resources.

  1. Click Integrations in the left navigation bar.
  2. Select the integration whose resource you want to configure the connection for.
  3. Hover over the resource name and click the Edit button that appears.
    Edit a resource
  4. Enter the connection configuration needed by the resource. What you enter is specific to the resource you're using. Each resource's configuration screen may be different, but in most cases, you will need information such as IP addresses, API tokens, usernames, and passwords for the application you're integrating with. For example, in the following screen enter the API URL and API Key.
    Edit a resource
  5. Click Save to save the configuration.

Actions limit

To prevent abuse of system resources or runaway processes, the Automation Service limits the number of playbook actions your organization can execute to 50 per hour by default. To see how many actions your organization has used in the current hour, see the Current hour actions count in the App Central UI. All actions running in the cloud or via the bridge are included in this limit.

Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.