A key step in the Red Canary on-boarding process is understanding customers’ processes and tools so we can configure integrations that minimize the need for IT and security analysts to break workflow and access yet another system. When everything from our context-rich detections to raw endpoint telemetry is integrated with your existing systems, you get immediately useful context without needing to learn a new tool or workflow.
We are going to walk you through the process of integrating Red Canary data with analytics provider Sumo Logic. Sumo Logic is a platform we often hear our customers rave about and they’ve made it easy for customers to send any volume of machine data into their cloud-based analysis platform. Because endpoint log data is already being collected within Sumo Logic, it only makes sense to push Red Canary detection information–complete with event timeline and indicators of attack and/or compromise–into this platform as well.
Select Manage -> Collectors and choose Hosted Collector.
Name the detector and provide a category.
Opt to add a data source and choose HTTP.
Provide a name, optional source host and category, and Save.
Record the collector URL that you will use when we send data from Red Canary into Sumo Logic.
Sending Red Canary detections to Sumo Logic is as simple as a Python script that uses the Red Canary API:
# Replace URL with the data source URL provided above.
SUMO_COLLECTOR = 'https://collectors.us2.sumologic.com/receiver/v1/http/...'
red_canary = redcanary.RedCanaryClient()
for detection in red_canary.detections:
r = requests.post(SUMO_COLLECTOR, data=detection.as_json)
Once detection data is processed by Sumo Logic, you have access to Red Canary analyst observations, threat classification, and details about the affected endpoint, user, and a timeline of related events. Each of these elements can be immediately correlated with data from other Sumo Logic data sources and accessed via their powerful dashboards, search (below), or API.
This is just one of many integrations that are possible and exemplifies the power of open, API-based platforms like Red Canary and Sumo Logic. It takes just minutes to get started with either Red Canary or Sumo Logic, and a few more to integrate the two together.
All 2021 Threat Detection Report content is fully available through this website. If you prefer to download a PDF, just fill out this form and let us know what email to send it to.
Thanks for your interest!
Check your inbox, the 2021 Threat Detection Report is headed your way.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.