Skip to main content

Integrations

Integrations are connectors to applications from industry-leading network and security vendors. Playbooks run actions provided by resources in integrations.

Integrations that are already installed to your environment appear in the Integrations menu in the Automation Service.

info

Before you can use actions from an integration resource, you must configure the connection for the resource to work with the Automation Service.

note

By default, no more than 50 playbook actions can be executed per hour. For more information, see Actions limit.

View integrations

The following procedure describes how to view integrations already installed to your environment. You can also install new integrations using App Central, or create a custom integration.

  1. Click the Configuration button (gear icon) at the top of the UI.
  2. Under Integrations, select Automation.
  3. From the Automation screen, click Manage Playbooks.
    Manage Playbooks menu option
  4. Click Integrations in the left navigation bar.
    Integrations list
  5. Select an integration to see the actions on the resource. You call these actions when you add an action node to a playbook.
    Actions on an integration
tip

To add a new resource to an integration, click the + button to the left of Resources. This is useful if you have another instance of the vendor application you want to connect to.

Certified integrations

Certified integrations are those that are provided by Sumo Logic. You can install certified integrations using App Central.

Certified integrations are designated by a Certified Integration check mark.
Certified integration

After you select the integration resource and click the View Code button, the certified integration code is set to read-only mode. The certified integrations code can’t be edited using the Cloud SIEM internal IDE. This is also true for the actions available for that integration.
Certified integration message in resource code

Certified actions are designated by a Certified Action check mark.
Certified action

You can add resources to the certified integration by clicking the + button, or you use it as-is.
Add a resource

Duplicate an integration

To modify an integration's code, you must first duplicate the integration and make your modifications in the duplicated version. When you click the Duplicate integration button, a new integration will be created in the integrations list with an incremented name.
Duplicate certified integration

Following is a duplicated integration:
Duplicated integration

If the certified integration resource was configured before the duplication process, all the settings will be saved and replicated inside the duplicated integration. There is no need to reset the duplicated integration.

Note that in the following example a (2) follows the duplicated integration's name, as well as the resource name. A (3) would follow the name of the next duplicate, (4) the next, and so on. Also note that the actions listed in the integration do not have the Certified Actions check mark, because they exist on a duplicated integration.
No changes to duplicated resource actions

If you choose a duplicated resource when you add an acton node to a playbook, the actions available will be the ones belonging to the duplicated resource. The following example shows selecting an action from a duplicated resource.
Add comment to issue

Available integrations

For a complete list of integrations that are available to install, see the Integrations tab in App Central.

Edit this page
Last updated on by John Pipkin (Sumo Logic)
Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.