Sumo Logic SOAR
Sumo Logic SOAR allows clients and partners to create an integration with various tools in 3 days average time, with no advanced coding experience required beforehand. Thanks to orchestration, you can connect all the technologies SecOps need through API connectors. This permits replication and improvement of SOC processes, and security analysts have all the information they need on one unique SOAR platform. This way you can benefit from the full power of Check Point Next-Gen Firewalls by calling up their actions within runbooks to respond quickly to threats.
Arcanna - Sumo Logic SOAR integration
The Arcanna integration will soon be available in the Sumo Logic Marketplace. Currently we are in a reviewing process. This will enable the users to request a decision from Arcanna at any point in a given playbook as well as to automatically close the feedback-loop by providing feedback to Arcanna when an incident is reviewed.
Steps to configure Arcanna integration:
Prerequisites
- A valid Arcanna.ai instance - for setup, follow this user guide.
- A Sumo Logic Cloud SOAR account.
How to connect
Go to Arcanna instance:
-
Create an Arcanna Falcon Fusion integration:
- Go to the Integrations tab
- Search for Crowdstrike Falcon Fusion integration and click on it:
- Fill in all the fields as shown below using your own API Key and Title, and then click Confirm:
-
Create an Arcanna job using the Falcon Fusion integration:
- Go to AI Jobs tab and click Create job
- Complete the Title and select the Falcon Fusion integration just created as the input, as shown below:
- Click Save and run to save and start the job.