Skip to main content

Integrate Contrast Security ADR with Sumo Logic (Northstar)

The Contrast Security ADR integration with Sumo Logic® enables ADR to send incident details to your Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), and Extended Detection and Response (XDR) environments, which contextualizes incidents with other threat detection and response solutions.

How it works

When configured, the Contrast Security ADR sends detected attack events from the Contrast Security platform to your Sumo Logic instance over HTTPS.

The Contrast Security ADR for Sumo Logic app enables Sumo Logic to:

  • Parse and normalize the data received over HTTPS.

  • Display Contrast Security ADR attack events in Sumo Logic, for consumption in the provided Contrast Security ADR Dashboard in Sumo Logic, or search and correlation in Sumo Logic Cloud SIEM.

Before you begin

Before you start, you must have:

  • Sumo Logic.

  • Applications instrumented with a Contrast Security agent.

Set Up Sumo Logic

Set up Sumo Logic for Contrast Security ADR.

  1. Find the official Contrast Security ADR parser template by following the instructions icon-external-link-outline.svgon the relevant documentation page.

  2. Go to the Sumo Logic Parsers configuration page.

  3. Search for Contrast.

  4. Copy the parser template path by following steps 1-3 icon-external-link-outline.svgon the relevant documentation page.

    • Use the three-dot icon on the line for the Contrast ADR parser and select Copy Path.

  5. Continue with step 4 in the instructions if you have already set up an HTTP Logs and Metrics Collector you prefer to use; otherwise, continue with step 3 below. Continue with step 4 in the instructions if you have already set up an HTTP Logs and Metrics Collector you prefer to use; otherwise, continue with the following step.

  6. Set up an HTTP Logs and Metrics Source in a Hosted Collector by following the instructions on icon-external-link-outline.svgthe relevant documentation page.

  7. Select the Forward to SIEM option.

  8. Select +Add Field.

  9. When the two blank fields appear, under any fields that have already been defined for the source, enter _parser as the field name and the path to your parser as the value (as in this step).

  10. When the URL associated with the source is displayed, copy the URL so you can use it to configure Contrast Security in Configure Contrast Security ADR to send Attack Events to Sumo Logic.

Configure Contrast Security ADR to send attack events to Sumo Logic

Configure the integration in Contrast Security to send attack events to the Sumo Logic app.

  1. Go to the left navigation and select Administration > Integrations.

  2. Select the Sumo Logic option under the ADR Integrations section.

    ADRSumoLogicNS_EN.png

  3. Under the Sumo Logic fields, enter the Sumo Logic collector URL you copied in step 10 in the section above.

    ADRSumoLogic1NS_EN.png

  4. Select Enable Integration and select Save.

See also

In this section: