Skip to main content

Webhook Connection for Cloud SOAR


Cloud SOAR can receive alerts from Sumo Logic Monitors and Scheduled Searches to create Incidents. First, you'll need to create a Cloud SOAR connection. Then you can use the connection as the Connection Type in a Monitor or the Alert Type in a Scheduled Search.

before you begin
  • You need to have Cloud SOAR enabled on your account for this connection to be available.
  • You'll need the Manage connections role capability to create webhook connections.

To create a webhook connection from Sumo Logic to Cloud SOAR:

  1. In the main Sumo Logic menu, select Manage Data > Monitoring > Connections.
  2. Click + Add and choose Cloud SOAR as the connection type.
    SOAR webhook icon.png
  3. Enter a Name and give an optional Description to the connection.
  4. The URL and Authorization Header are automatically defined by Sumo Logic. You should not edit these.
  5. The Templates dropdown shows a list of all incident templates, by name, configured in your Cloud SOAR environment.
  6. The default Payload synchronizes with the selected template and the associated template_id field is automatically defined in the default payload. A template_id is required in the payload in order to configure the connection. For details on variables you can use as parameters within your JSON object, see Webhook Payload Variables.
  7. Click Save.

For more detailed instructions, see Configure a webhook for Cloud SOAR.

Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.