In this how-to article we’ll go step by step to send all Dome9 events into the Sumo Logic service.
We assume you are already familiar with Sumo Logic - a SaaS log management and analytics service. If not, check them out at: http://www.sumologic.com/
This integration is based on the generic Dome9->AWS SNS integration, with an extra step of forwarding the events from SNS into Sumo. All of the integration components are 100% hosted - so no script needed to be run / maintained by the end user.
You’ll need to have access to Dome9, AWS and Sumo logic consoles.
It should take 5-10 minutes.
Connect your Dome9 events feed into SNS. The process is fully described here.
Verify the Dome9-SNS integration by subscribing an email address to the SNS feed and generating some events in the Dome9 system (log-in / access leases...)
In Sumo, add a new collector:
Manage->Collectors->Add Collector select 'Hosted Collector' Name it with something like 'Dome9 Audit' Add desc / category if needed. Save
'Add source' to the newly created collector:
Type:HTTP Name: Dome SNS (or whatever) Check: Advanced->Enable 'One Message Per Request’ Save.
Copy the HTTP source address presented in the popup.
Go To AWS SNS console, and select your Dome9 SNS topic. Click 'Create Subscription'
Endpoint: the Sumo endpoint you have just copied
Click Subscribe. Now, SNS will send a confirmation message to Sumo.
Go to Sumo Console. In a minute or Two you should see the SNS confirmation message. (you can search for SubscriptionConfirmation)
Expand this message and copy the SubscribeURL field.
Open this URL in another browser window. You should see a confirmation message from SNS (in XML format)
Verify in AWS SNS console that the new subscription status was changed from 'pending' state and now have a valid subscription ID.
That's it, from now on every Dome9 Audit event will be visible on your Sumo account. Time to create alerts, reports and dashboards. Happy Sumo’ing.