Integrating Sumo Logic with Dome9

In this topic:

    In this how-to article we’ll go step by step to send all Dome9 events into the Sumo Logic service.
    We assume you are already familiar with Sumo Logic - a SaaS log management and analytics service. If not, check them out at: http://www.sumologic.com/

    This integration is based on the Dome9->AWS SNS integration, with an extra step of forwarding the events from SNS into Sumo. All of the integration components are 100% hosted - so no script needed to be run / maintained by the end user. 

    You’ll need to have access to Dome9, AWS and Sumo logic consoles. 

    Here are the steps:

    1. Connect your Dome9 events feed into SNS.
    2. Verify the Dome9-SNS integration by subscribing an email address to the SNS feed and generating some events in the Dome9 system (log-in / access leases...) 
    3. In Sumo, add a new collector:
      - Manage -> Collectors -> Add Collector
      - Select 'Hosted Collector'
      - Name it with something like 'Dome9 Audit'
      - Add desc / category if needed.
      - Save
    4. 'Add source' to the newly created collector: 
      - Type: HTTP
      - Name: Dome SNS (or whatever)
      - Check: Advanced->Enable 'One Message Per Request’
      - Save.
    5. Copy the HTTP source address presented in the popup. 

      1_sumo.jpg

    6. Go To AWS SNS console, and select your Dome9 SNS topic. Click 'Create Subscription'
      Protocol: HTTPS
      Endpoint: the Sumo endpoint you have just copied
      2_sumo.jpg

    7. Click Subscribe. Now, SNS will send a confirmation message to Sumo.
    8. Go to Sumo Console. You should see the SNS confirmation message. (alternately, search string SubscriptionConfirmation can be used)
      Expand this message and copy the SubscribeURL field.
      3_sumo.jpg
    9. Open this URL in another browser window. You should see a confirmation message from SNS (in XML format)
    10. Verify in AWS SNS console that the new subscription status was changed from 'pending' state and now have a valid subscription ID.
    11. That's it, from now on every Dome9 Audit event will be visible on your Sumo account. Time to create alerts, reports and dashboards.