Skip to content

tdiderich/sumologic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
boilerplate
boilerplate
 
 
cip-cse-sync/dashboard-on-insight
cip-cse-sync/dashboard-on-insight
 
 
cip-script-sources
cip-script-sources
 
 
cip
cip
 
 
cse-onboarding
cse-onboarding
 
 
export
export
 
 
insights
insights
 
 
lookups/csv-upload
lookups/csv-upload
 
 
match-lists/sync-lookup-table
match-lists/sync-lookup-table
 
 
metrics/funnel-metrics
metrics/funnel-metrics
 
 
migration
migration
 
 
mssp
mssp
 
 
network-blocks
network-blocks
 
 
onboarding/cip
onboarding/cip
 
 
rules
rules
 
 
signals
signals
 
 
threat-intelligence/import-from-csv
threat-intelligence/import-from-csv
 
 
.env_sample
.env_sample
 
 
.gitignore
.gitignore
 
 
Pipfile
Pipfile
 
 
Pipfile.lock
Pipfile.lock
 
 
README.md
README.md
 
 
nav.json
nav.json
 
 

Repository files navigation

Sumo Logic Script HUB

Background

Requirements (Global)

  1. Python 3.8+
  2. pipenv - https://pypi.org/project/pipenv/

Configuration Explained

  1. There is a sample environment variables file called .env_sample under the root folder of this project
  2. You will clone this file and create one called .env where you actually input all of your secrets (API Keys + Access Key Pairs)

Parameters - explainations of what you see in .env_sample

  1. CSE_API_KEY - Sumo Logic Cloud SIEM Enterprise API Key
  2. CSE_TENANT_NAME - Sumo Logic Cloud SIEM Enterprise Tenant Name (https://{YOUR_TENANT_NAME}.jask.portal.ai)
  3. CIP_ACCESS_ID - Sumo Logic Continuous Intelligence Platform Access ID
  4. CIP_ACCESS_KEY - Sumo Logic Continuous Intelligence Platform Access Key
  5. VT_API_KEY - VirusTotal API Key. Enterprise is recommended since these scripts DO NOT monitor for API call limitations with the persomal key.

Getting Started

  1. Clone this repository
git clone https://github.com/tdiderich/sumologic.git
  1. Clone .env_sample to .env under the same directory
cp .env_sample .env
  1. Update all of the secrets needed based on the script you'd like to run (NOTE: you need to rerun pipenv shell anytime you update these values to reload them)
# SUMO CONFIG PARAMETERS 
cse_api_key = 'ADD_ME'
cse_tenant_name = 'ADD_ME'
cip_access_id 'ADD_ME'
cip_access_key = 'ADD_ME'

# THIRD PARTY CONFIG PARAMETERS
vt_api_key = 'ADD_ME'
  1. Create pip environment
pipenv --three
  1. Install dependancies
pipenv install
  1. Enter pipenv
pipenv shell
  1. Run scripts
python3 foo/bar.py

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

9 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages