Skip to content

SumoLogic-Labs/sumologic-rfsync

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
archives
archives
 
 
bin
bin
 
 
content
content
 
 
doc
doc
 
 
etc
etc
 
 
LICENSE
LICENSE
 
 
Pipfile
Pipfile
 
 
Pipfile.lock
Pipfile.lock
 
 
readme.md
readme.md
 
 

Repository files navigation

Sumo Logic Recorded Future Integration

Sumo Logic is proud to partner with Recorded Future to provide integration between these two platforms.

This integration allows Recorded Future's comprehensive threat intelligence to enhance Sumo Logic queries.

The result? On the fly ability to lookup/enhance events with threat intelligence to better respond to events.

1 Configuring the Feed: Getting started!

Let's get started! Integrating Recorded Future feeds with Sumo Logic products, please follow the steps:

in the order listed.

Current Integrations

Product Name Recorded Future Feeds Support Ad Hoc Enrichment
Sumo Logic CIP All Recorded Future feeds Browser Plugin
Sumo Logic CSE All Recorded Future feeds except vulnerability Within the SIEM

Current Data Feeds

Recorded Future Feeds
ip - ip addresses
hash - file hashes
domain - DNS domains
url - web URLS
vulnerability - CVE list
Recorded Future Fusion Files
Public Fusion Files
Personal Fusion Files

Included Sumo Logic Content

The following content is provided so you can monitor your Recorded Future feed, as well as base new content on these examples.

Content Name
Recorded Future Index Consolidated Content
Recorded Future Index Individual Queries

Features:

  • Support for AWS Lambda, EC2, and installed collector support for data collection ( both Windows and Linux )

  • Support for getting Recorded Future Demo Events, Threat Intelligence and curated Fusion Files

  • Support for creating Sumo Logic lookup files as well as Sumo Logic index for correlation

  • Included Sumo Logic content; dashboards showing the health of your threat intelligence feed

  • Support for actions and response using Sumo Logic webhooks

License

Copyright 2020 Wayne Kirk Schmidt https://www.linkedin.com/in/waynekirkschmidt

Licensed under the Apache 2.0 License (the "License");

You may not use this file except in compliance with the License. You may obtain a copy of the License at

license-name   APACHE 2.0
license-url    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Support

Feel free to e-mail me with issues to:

I will provide "best effort" fixes and extend the scripts.

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages