Skip to main content

Integrate Contrast Security ADR with Sumo Logic (Northstar)

The Contrast Security ADR integration with Sumo Logic® enables ADR to send incident details to your SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation and Response), and XDR (Extended Detection and Response) environments, contextualizing incidents with other threat detection and response solutions.

How it works

When configured, the Contrast Security ADR sends detected attack events from the Contrast Security platform to your Sumo Logic instance over HTTPs.

The Contrast Security ADR for Sumo Logic app enables Sumo Logic to:

  • Parse and normalize the data received over the HTTPs

  • Display Contrast Security ADR attack events in Sumo Logic, for consumption in the provided Contrast Security ADR Dashboard in Sumo Logic, or search and correlation in Sumo Logic Cloud SIEM

Before you begin

Before you start, you must have:

  • Sumo Logic

  • Applications instrumented with a Contrast agent

Step 1: Set Up Sumo Logic

Set up Sumo Logic for Contrast ADR.

  1. Find the official Contrast Security ADR parser template by following the instructions here.

    1. Go to the Sumo Logic Parsers configuration page.

    2. Search for Contrast.

  2. Copy the parser template path by following steps 1-3 here.

    1. Use the three-dot icon on the line for the Contrast ADR parser and select Copy Path.

    2. Continue with step 4 in the instructions if you have already set up an HTTP Logs and Metrics Collector you prefer to use; otherwise, continue with step 3 below.

  3. Set up an HTTP Logs and Metrics Source in a Hosted Collector by following the instructions here.

    1. Select the Forward to SIEM option.

    2. Select +Add Field.

    3. When the two blank fields appear, under any fields that have already been defined for the source, enter _parser as the field name and the path to your parser as the value (as in Step 1.2.a).

    4. When the URL associated with the source is displayed, copy the URL so you can use it to configure Contrast Security in Step 2.

Step 2: Configure Contrast Security ADR to send Attack Events to Sumo Logic

Configure the integration in Contrast to send attack events to the Sumo Logic app.

  1. Go to the left navigation and select Administration > Integrations.

  2. Select the Sumo Logic option under the ADR Integrations section.

    ADRSumoLogicNS_EN.png

  3. Under the Sumo Logic fields, enter the Sumo Logic collector URL you copied at the end of Step 1.

    ADRSumoLogic1NS_EN.png

  4. Select Enable Integration and select Save.

See also

In this section: