Support Center > Search Results > SecureKnowledge Details
Integrating Sumo Logic with CloudGuard Dome9 Technical Level

Integrating Sumo Logic with CloudGuard Dome9

In this how-to article we’ll go step by step to send all CloudGuard Dome9 events into the Sumo Logic service.

We assume you are already familiar with Sumo Logic - a SaaS log management and analytics service. If not, check them out at:

This integration is based on the Dome9->AWS SNS integration, with an extra step of forwarding the events from SNS into Sumo. All of the integration components are 100% hosted - so no script needed to be run / maintained by the end user.

You’ll need to have access to CloudGuard Dome9, AWS and Sumo logic consoles.

Here are the steps:

  1. Connect your Dome9 events feed into SNS.
  2. Verify the Dome9-SNS integration by subscribing an email address to the SNS feed and generating some events in the Dome9 system (log-in / access leases...)
  3. In Sumo, add a new collector:
    - Manage -> Collectors -> Add Collector
    - Select 'Hosted Collector'
    - Name it with something like 'Dome9 Audit'
    - Add desc / category if needed.
    - Save
  4. 'Add source' to the newly created collector:
    - Type: HTTP
    - Name: Dome SNS (or whatever)
    - Check: Advanced->Enable 'One Message Per Request’
    - Save.
  5. Copy the HTTP source address presented in the popup.

  6. Go To AWS SNS console, and select your Dome9 SNS topic. Click 'Create Subscription'
    Protocol: HTTPS
    Endpoint: the Sumo endpoint you have just copied

  7. Click Subscribe. Now, SNS will send a confirmation message to Sumo.
  8. Go to Sumo Console. You should see the SNS confirmation message. (alternately, search string SubscriptionConfirmation can be used)
    Expand this message and copy the SubscribeURL field.
  9. Open this URL in another browser window. You should see a confirmation message from SNS (in XML format)
  10. Verify in AWS SNS console that the new subscription status was changed from 'pending' state and now have a valid subscription ID.
  11. That's it, from now on every CloudGuard Dome9 Audit event will be visible on your Sumo account. Time to create alerts, reports and dashboards.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document