Integrate Halo Event Logs into Sumo Logic
The Halo Event Connector enables you to pull security event logs from Halo into Sumo Logic, including alerts from your configuration, file integrity, and software vulnerability scans. Halo can also deliver unprecedented visibility of your cloud servers, directly into your log management console. You can track server events such as your server rebooting, shutting down, changing IP addresses, and much more.
Using the scripts and documentation posted on GitHub https://github.com/cloudpassage/halo-event-connector-python, you can quickly and easily set up a Source so events generated by Halo will feed into your log management system, giving you centralized, and more complete visibility across your server environment.
The Halo Event Connector is free to use, and will work with any Halo subscription.
To integrate Halo events into Sumo Logic:
- Make sure you have set up accounts for CloudPassage Halo and Sumo Logic.
- Generate an API key in your CloudPassage Halo portal. To retrieve your API Keys, access the Halo Portal web interface, select a group in the group tree, and navigate to Edit Group Settings > API Keys. The existing keys for that group are listed.
- Once you have an API key, follow the steps provided in the Sumo Logic - Halo Documentation, using the files provided on GitHub.
The documentation available with those files on GitHub walks you through the process of testing the Halo Event Connector script.