From fb383fc07cdd958baa4b629ae0382f99caeacbd0 Mon Sep 17 00:00:00 2001 From: Matthew Virga <89219147+mvirga-sumo@users.noreply.github.com> Date: Fri, 26 Jul 2024 10:13:25 -0400 Subject: [PATCH 1/2] Update automation-service-bridge.md - Ammend SIEM_URL setting --- .../automation-service/automation-service-bridge.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/platform-services/automation-service/automation-service-bridge.md b/docs/platform-services/automation-service/automation-service-bridge.md index 9a8c29e11f..918acd367e 100644 --- a/docs/platform-services/automation-service/automation-service-bridge.md +++ b/docs/platform-services/automation-service/automation-service-bridge.md @@ -123,10 +123,14 @@ An example of a configuration file would be: { "SOAR_URL":"API_ENDPOINT_FROM_FIREWALL_DOC_FOR_YOUR_REGION", "SOAR_TOKEN":"TOKEN_FROM_ADMINISTRATION_-->_SECURITY_-->_INSTALLATION TOKEN", - "SIEM_URL":"https://YOUR_CLOUD_SIEM_URL/sec", + "SIEM_URL":"The HTTPS Source Endpoint URL From a Hosted Sumo Logic Collector", "ALIAS":"YOUR_ALIAS_NO_SPACES_LESS_THAN_20_CHARACTERS" } ``` +To create a Hosted Sumo Logic Collector See: [Sumo Logic Hosted Collector](/docs/send-data/hosted-collectors/) +To add an HTTPS Source to a Hosted Collector See: [Sumo Logic HTTP Logs and Metrics Source](https://help.sumologic.com/docs/send-data/hosted-collectors/http-source/logs-metrics/) + +By adding this endpoint to SIEM_URL, this will enable the automation-bridge logs to be forwarded to Sumo Logic Log Analytics / CIP ### Bridge ALIAS @@ -246,7 +250,7 @@ The automation bridge needs to be able to communicate with the Docker API to wor |:------------------------------------|:---------------|:----------| |`API_URL_HERE` | To determine which is the correct SOAR_URL, see [Sumo Logic Endpoints by Deployment and Firewall Security](/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security) and get the URL under the API Endpoint column. For example: `https://api.eu.sumologic.com/api/` | | |`SOAR_TOKEN_HERE` | Log in to Sumo Logic and create a new [installation token](/docs/manage/security/installation-tokens/) with the name prefix `csoar-bridge-token`. | | -|`SIEM_URL_HERE` | The HTTP Sumo Logic collector to send the bridge logs. | NONE | +|`SIEM_URL_HERE` | The HTTPS Source Endpoint URL From a Hosted Sumo Logic Collector | NONE | |`BRIDGE_ALIAS_HERE` | Provide the alias name. With bridge ALIAS, it is possible to distinguish which integration resources will be executed with this automation bridge. When a new integration resource is created or edited, it is possible to select the default ALIAS or to create a new one. So every automatic action configured to use this resource will be performed with the bridge that has the same ALIAS. | NONE | ### Methodologies From f0db5c13af15a251259118b363b6d75799ede130 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Fri, 26 Jul 2024 10:20:42 -0500 Subject: [PATCH 2/2] Updates from reivew --- .../automation-service/automation-service-bridge.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/platform-services/automation-service/automation-service-bridge.md b/docs/platform-services/automation-service/automation-service-bridge.md index 918acd367e..1a6b94e427 100644 --- a/docs/platform-services/automation-service/automation-service-bridge.md +++ b/docs/platform-services/automation-service/automation-service-bridge.md @@ -123,14 +123,13 @@ An example of a configuration file would be: { "SOAR_URL":"API_ENDPOINT_FROM_FIREWALL_DOC_FOR_YOUR_REGION", "SOAR_TOKEN":"TOKEN_FROM_ADMINISTRATION_-->_SECURITY_-->_INSTALLATION TOKEN", - "SIEM_URL":"The HTTPS Source Endpoint URL From a Hosted Sumo Logic Collector", + "SIEM_URL":"The HTTPS Source endpoint URL from a Hosted Sumo Logic Collector", "ALIAS":"YOUR_ALIAS_NO_SPACES_LESS_THAN_20_CHARACTERS" } ``` -To create a Hosted Sumo Logic Collector See: [Sumo Logic Hosted Collector](/docs/send-data/hosted-collectors/) -To add an HTTPS Source to a Hosted Collector See: [Sumo Logic HTTP Logs and Metrics Source](https://help.sumologic.com/docs/send-data/hosted-collectors/http-source/logs-metrics/) +To create a Hosted Sumo Logic Collector, see [Hosted Collectors](/docs/send-data/hosted-collectors/). To add an HTTPS Source to a Hosted Collector, see [HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/). -By adding this endpoint to SIEM_URL, this will enable the automation-bridge logs to be forwarded to Sumo Logic Log Analytics / CIP +By adding this endpoint to `SIEM_URL`, this will enable the automation bridge logs to be forwarded to Sumo Logic Log Analytics. ### Bridge ALIAS @@ -250,7 +249,7 @@ The automation bridge needs to be able to communicate with the Docker API to wor |:------------------------------------|:---------------|:----------| |`API_URL_HERE` | To determine which is the correct SOAR_URL, see [Sumo Logic Endpoints by Deployment and Firewall Security](/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security) and get the URL under the API Endpoint column. For example: `https://api.eu.sumologic.com/api/` | | |`SOAR_TOKEN_HERE` | Log in to Sumo Logic and create a new [installation token](/docs/manage/security/installation-tokens/) with the name prefix `csoar-bridge-token`. | | -|`SIEM_URL_HERE` | The HTTPS Source Endpoint URL From a Hosted Sumo Logic Collector | NONE | +|`SIEM_URL_HERE` | The HTTPS Source endpoint URL from a Hosted Sumo Logic Collector. | NONE | |`BRIDGE_ALIAS_HERE` | Provide the alias name. With bridge ALIAS, it is possible to distinguish which integration resources will be executed with this automation bridge. When a new integration resource is created or edited, it is possible to select the default ALIAS or to create a new one. So every automatic action configured to use this resource will be performed with the bridge that has the same ALIAS. | NONE | ### Methodologies