Configure Sumo Logic as a Log system for CloudGuard Dome9
This note describes how to configure Dome9 to send compliance findings to Sumo Logic. This involves the configuration of an HTTP Event Collector on your Sumo Logic instance, and the configuration of a Compliance Notification Policy on Dome9.
Configure an HTTP Endpoint on Sumo Logic
You must have admin priviledges on Sumo Logic to configure an HTTP Endpoint.
- Sign in to Sumo Logic (as admin).
- Select Set Up Streaming Data in the Setup Wizard.
- Click All Other Sources for the Data Type.
- Select HTTPS Source for the Set up Collection.
- Enter Dome9-Collector for the Source Category, and then click Continue.
- Copy the HTTP Source URL, and then click Continue.
Configure a Dome9 Compliance Notification Policy
- Sign in to the Dome9 Web app (https://secure.dome9.com), and navigate to the Notification page in the Compliance & Governance menu.
- Click ADD NOTIFICATION.
- Enter a name for the notification (for example, SumoLogic), and a description.
- Select Send to HTTP Endpoint in the Immediate Notification section.
- Enter the HTTP Source URL, from the previous section, in the Endpoint URL field.
- Leave the Authentication Type as No Authentication and the format as JSON-Full entity.
- Click SAVE.
This notification policy will forward findings to the SumoLogic HTTP collector, configured above.
Configure a Dome9 Compliance Policy
This step configures a Dome9 continous compliance policy, for a selected cloud account and Dome9 Ruleset, to send any findings to the SumoLogic collector.
- In the Dome9 Web Application, navigate to Policies in the Compliance & Governance menu.
- Click ADD POLICY.
- Select the cloud platform and account on which the Ruleset will be applied.
- Select the Rulesets to be applied to the selected accounts.
- Select the SumoLogic notification policy, and then click SAVE.
The rulesets in the policy will be applied to the selected accounts continuously (approximately every hour). Any findings will be forwarded to the SumoLogic Collector.