Skip to main content

Cloud-to-Cloud Integration Framework Sources

The Cloud-to-Cloud Integration Framework is a fully-managed collection system that collects logs and events directly from SaaS and Cloud platforms. This data often includes custom events and user data critical for operations monitoring, security, and compliance use cases. As a fully managed collection system, integrations running within the Cloud-to-Cloud Integration Framework provide a secure endpoint to receive event data in your account. Integration authentication, scheduling, and state tracking are all managed by the framework.

Limitations

  • The number of Cloud-to-Cloud Sources is limited to 20 for free accounts, and 50 for all other accounts.
  • You are warned when you reach 80% of the limit (16 Sources for free accounts, and 40 Sources for other accounts).
  • You are notified when you have reached the Source limit.
  • In the Fed deployment, supported Cloud-to-Cloud Sources are limited.

Static IP addresses

The following table provides the static IP addresses used for Cloud-to-Cloud Integration Sources by deployment. These are provided in case you want to explicitly allow the IP addresses on your third-party target SaaS or Cloud platform.

DeploymentStatic IP addresses
AU13.210.38.180, 54.253.14.8, 52.63.30.49
CA3.96.85.212, 3.97.51.58, 3.96.95.249
DE52.28.151.126, 18.193.176.46, 18.192.147.254
EU54.74.133.34, 18.200.219.230, 54.216.109.182
IN65.0.114.18, 3.7.177.71, 3.6.131.26
JP52.69.8.121, 54.248.157.127, 18.182.95.102
KR13.209.100.246, 3.37.181.174, 3.38.126.107
US154.209.19.175, 23.22.90.93, 23.22.11.54, 34.228.131.3, 34.237.107.105, 3.88.82.220
US254.149.79.97, 54.218.43.134, 44.239.32.230, 35.161.2.93

For the Federal environments, a different set of Static IPs is available for each C2C deployment.

DeploymentStatic IP addresses
Fed C2C 1A50.19.6.130
Fed C2C 1B174.129.156.86
Fed C2C 1C52.202.74.197
Fed C2C 1D100.25.65.170
Fed C2C 1E3.226.78.211
Fed C2C 1F23.22.209.147

Integrations

The topics below are the available integrations. In Sumo Logic these are called Sources. Check out the Sources we have available in beta.

Versions

Sources in the Cloud-to-Cloud Integration Framework need updates over time to maintain data collection. Updates can vary in severity and may not require any input from you. See Cloud-to-Cloud Source Versions for details on how to upgrade and how versions are structured.

Guide contents

In this section, we'll introduce the following concepts:

Thumbnail icon

Cloud-to-Cloud Info

Learn the basics of setting up Cloud-to-Cloud Integration Framework sources.

Thumbnail icon

1Password

Provides a secure endpoint to receive Sign-in Attempts and Item Usage from the 1Password Event API.

icon

Abnormal Security Source

Abnormal Security Source helps to collect abnormal threat log from the Abnormal Security platform.

icon

Airtable Source

Airtable Source helps to retrieve Airtable audit logs into the Sumo Logic environment.

Thumbnail icon

Akamai SIEM API

Provides a secure endpoint to receive security events generated on the Akamai platform.

icon

Armis API Source

Armis API Source helps to fetch device and alert logs from the Armis platform and send it to Sumo Logic.

icon

Asana Source

Learn to retrieve Asana audit logs into the Sumo Logic environment.

icon

Atlassian Source

Learn how to retrieve Atlassian audit logs into the Sumo Logic environment.

icon

Automox Source

Learn how to retrieve all events objects, audit trail events, and device inventory details into the Sumo Logic environment.

icon

AWS Cost Explorer

Learn to collect cost and usage reports from AWS Cost Explorer Source.

icon

Azure Event Hubs

Provides a secure endpoint to receive data from Azure Event Hubs.

icon

Azure Event Hubs C2C Source Migration

This source is available in all deployments, including FedRAMP.

box-logo.svg

Box

The Box API integration ingests events from the GetEvents API.

thumbnail icon

Carbon Black Cloud (Tag)

Provides a secure endpoint to receive data from the Carbon Black Cloud, Enriched Event Search, and Alerts APIs.

thumbnail icon

Carbon Black Inventory

Provides a secure endpoint to receive data from the CB Devices API.

icon

Cato Networks

Cato Networks Source helps to retrieve Cato audit and security logs into the Sumo Logic environment.

icon

Cisco AMP

Provides a secure endpoint to receive data from the Cisco Amp System Log API.

icon

Cisco Meraki

Provides a secure endpoint to receive data from the Cisco Meraki API.

icon

Cisco Vulnerability Management

Provides a secure endpoint to receive assets data from Asset API and vulnerabilities data from Vulnerability API.

icon

Citrix Cloud Source

Provides a secure endpoint to receive System Log data from the Citrix Cloud System Log API.

icon

Cloud SIEM AWS EC2 Inventory

Provides a secure endpoint to receive event data from the EC2 describe instances API.

icon

Cloud-to-Cloud Versions

Sources in the Cloud-to-Cloud Integration Framework need updates over time to maintain data collection.

icon

Code42 Incydr

Learn how to collect alerts, file events, and audit logs from Code42 Incydr.

thumbnail icon

Crowdstrike

Provides a secure endpoint to receive event data from the CrowdStrike Streams API.

thumbnail icon

CrowdStrike FDR

Provides a secure endpoint to ingest Falcon Data Replicator events using the S3 ingestion.

thumbnail icon

CrowdStrike FDR Host Inventory

Provides a secure endpoint to receive device data from the CrowdStrike Host and Host Group Management APIs.

thumbnail icon

CrowdStrike FileVantage

Learn how to collect file integrity monitoring logs from the CrowdStrike FileVantage platform.

thumbnail icon

CrowdStrike Spotlight

Learn how to collect combined endpoint vulnerabilities data from the CrowdStrike Spotlight platform.

icon

CyberArk EPM

Before configuring an AWS Source give Sumo Logic access to your AWS product

icon

Cybereason

Provides a secure endpoint to receive authentication logs from the Cybereason Malops API.

Thumbnail icon

Digital Guardian

Learn how to collect export data from the Digital Guardian and send it to Sumo Logic.

Thumbnail icon

DocuSign

Learn how to collect customer event data from the DocuSign and send it to Sumo Logic.

dropbox-icon.png

Dropbox

Provides a secure endpoint to receive team events from the Get Events API.

thumbnail icon

Druva

Learn how to configure the Druva C2C source setup in your Sumo Logic environment.

thumbnail icon

Druva Cyber Resilience

Learn how to configure the Druva Cyber Resilience C2C source setup in your Sumo Logic environment.

thumbnail icon

Duo

Provides a secure endpoint to receive authentication logs from the Duo Authentication Logs API.

Gmail

Gmail Trace Logs

Pulls Gmail log data using BigQuery Library APIs.

Gmail

Google BigQuery

Learn how to collect data using the BigQuery API.

thumbnail icon

Google Workspace AlertCenter

Configure Google Workspace AlertCenter Cloud-to-Cloud connector.

thumbnail icon

Google Workspace

Collects a list of users from the Google Workspace Users API.

icon

Jamf

Collect inventory data from the Jamf platform.

icon

JFrog Xray

Collect violation events from JFrog Xray.

icon

JumpCloud Directory Insights

Collect events data from the JumpCloud Directory Insight.

icon

Kaltura Source

Learn how to collect Audit Trail and Base Entry events from Kaltura platform.

icon

Kandji Source

Learn how to collect threat details, devices list, device activities, and device details from the Kandji platform.

icon

KnowBe4 API Source

Collects user events data into Sumo Logic for storage, analysis, and alerting.

icon

LastPass Source

Collects audit reporting events from the LastPass platform.

thumbnail icon

Microsoft Azure AD Inventory (Tag)

Collects user and device data from the Microsoft Graph API Security endpoint.

icon

Microsoft Exchange Trace Logs

Collects email trace logs from the Office 365 reporting web service.

icon

Microsoft Graph Azure AD Reporting

Collects Directory Audit, Sign-in, and Provisioning data from MS Graph API Azure AD activity reports.

icon

Microsoft Graph Identity Protection

Collects Risk Detection and Risky User data from the Microsoft Graph Identity Protection API.

icon

Microsoft Graph Security API

Provides a secure endpoint to receive alerts from the Microsoft Graph Security API endpoint.

icon

Mimecast

Supports collecting SIEM, DLP, Audit, and Hold Message List data from the Mimecast API.

icon

Miro

Ingests audit logs obtained from the Audit log API.

thumbnail icon

Netskope

Provides a secure endpoint to receive event data from the Netskope API.

thumbnail icon

Netskope WebTx

The Netskope WebTx API integration ingests Web Transaction logs from Netskope Event Stream.

Thumbnail icon

Okta

Provides a secure endpoint to receive event data from the Okta System Log API and Users API.

thumbnail icon

Palo Alto Cortex XDR

Allows you to ingest incidents from your Cortex XDR application.

icon

Proofpoint On Demand

Collects data and uses the secure WebSocket protocol to stream logs.

icon

Proofpoint TAP

Provides a secure endpoint to receive data from the Proofpoint TAP SIEM API.

qualys-icon.png

Qualys VMDR

The Qualys VMDR Source tracks errors, reports its health, and start-up progress.

Rapid7

Collects asset and vulnerabilities data from Rapid7 InsightVM.

SailPoint

Provides a secure endpoint to receive Events and User Inventory data from the IdentityNow V3 API.

Thumbnail icon

Salesforce

Provides a secure endpoint to receive event data from the Salesforce through its Rest API.

sentinelone-icon.png

SentinelOne Mgmt API

Collects data from the SentinelOne Management Console.

Thumbnail icon

Slack

Learn about the Slack Source, part of Sumo Logic's Cloud-to-Cloud Integration Framework.

Thumbnail icon

Smartsheet

Learn how to collect events from Smartsheet platform.

icon

Sophos Central

Learn to receive authentication logs from the Sophos Central APIs.

icon

Symantec Endpoint Security Source

Learn to collect incidents and incident events from the Symantec Endpoint Security platform.

icon

Symantec Web Security Service

Learn to receive WSS Access logs from the Symantec WSS API.

icon

Tenable

Learn to ingest audit-log events, vulnerability, and asset data from the Tenable.io APIs.

icon

Trellix mVision ePO

Learn how to collect event logs using the Trellix mVision ePO.

Thumbnail icon

Webex

Learn to collect admin audit events using Webex API.

Thumbnail icon

Workday

Learn to create a Workday Source.

Thumbnail icon

Zendesk

Learn to collect audit logs from the Zendesk platform.

Thumbnail icon

Zero Networks Segment

Learn to collect audit logs and network activity data from Zero Networks Segment.

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.