The Cloud-to-Cloud Integration Framework is a fully-managed collection system that collects logs and events directly from SaaS and Cloud platforms. This data often includes custom events and user data critical for operations monitoring, security, and compliance use cases. As a fully managed collection system, integrations running within the Cloud-to-Cloud Integration Framework provide a secure endpoint to receive event data in your account. Integration authentication, scheduling, and state tracking are all managed by the framework.
- The number of Cloud-to-Cloud Sources is limited to 20 for free accounts, and 50 for all other accounts.
- You are warned when you reach 80% of the limit (16 Sources for free accounts, and 40 Sources for other accounts).
- You are notified when you have reached the Source limit.
- In the Fed deployment, supported Cloud-to-Cloud Sources are limited.
Static IP addresses
The following table provides the static IP addresses used for Cloud-to-Cloud Integration Sources by deployment. These are provided in case you want to explicitly allow the IP addresses on your third-party target SaaS or Cloud platform.
|Static IP addresses
|22.214.171.124, 126.96.36.199, 188.8.131.52
|184.108.40.206, 220.127.116.11, 18.104.22.168
|22.214.171.124, 126.96.36.199, 188.8.131.52
|184.108.40.206, 220.127.116.11, 18.104.22.168
|22.214.171.124, 126.96.36.199, 188.8.131.52
|184.108.40.206, 220.127.116.11, 18.104.22.168
|22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168
|22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206
For the Federal environments, a different set of Static IPs is available for each C2C deployment.
|Static IP addresses
|Fed C2C 1A
|Fed C2C 1B
|Fed C2C 1C
|Fed C2C 1D
|Fed C2C 1E
|Fed C2C 1F
The topics below are the available integrations. In Sumo Logic these are called Sources. Check out the Sources we have available in beta.
Sources in the Cloud-to-Cloud Integration Framework need updates over time to maintain data collection. Updates can vary in severity and may not require any input from you. See Cloud-to-Cloud Source Versions for details on how to upgrade and how versions are structured.
In this section, we'll introduce the following concepts:
Learn the basics of setting up Cloud-to-Cloud Integration Framework sources.
Provides a secure endpoint to receive Sign-in Attempts and Item Usage from the 1Password Event API.
Abnormal Security Source
Abnormal Security Source helps to collect abnormal threat log from the Abnormal Security platform.
Airtable Source helps to retrieve Airtable audit logs into the Sumo Logic environment.
Akamai SIEM API
Provides a secure endpoint to receive security events generated on the Akamai platform.
Armis API Source
Armis API Source helps to fetch device and alert logs from the Armis platform and send it to Sumo Logic.
Learn to retrieve Asana audit logs into the Sumo Logic environment.
AWS Cost Explorer
Learn to collect cost and usage reports from AWS Cost Explorer Source.
Azure Event Hubs
Provides a secure endpoint to receive data from Azure Event Hubs.
Azure Event Hubs C2C Source Migration
This source is available in all deployments, including FedRAMP.
The Box API integration ingests events from the GetEvents API.
Carbon Black Cloud (Tag)
Provides a secure endpoint to receive data from the Carbon Black Cloud, Enriched Event Search, and Alerts APIs.
Carbon Black Inventory
Provides a secure endpoint to receive data from the CB Devices API.
Cato Networks Source helps to retrieve Cato audit and security logs into the Sumo Logic environment.
Provides a secure endpoint to receive data from the Cisco Amp System Log API.
Provides a secure endpoint to receive data from the Cisco Meraki API.
Cisco Vulnerability Management
Provides a secure endpoint to receive assets data from Asset API and vulnerabilities data from Vulnerability API.
Citrix Cloud Source
Provides a secure endpoint to receive System Log data from the Citrix Cloud System Log API.
Cloud SIEM AWS EC2 Inventory
Provides a secure endpoint to receive event data from the EC2 describe instances API.
Sources in the Cloud-to-Cloud Integration Framework need updates over time to maintain data collection.
Learn how to collect alerts, file events, and audit logs from Code42 Incydr.
Provides a secure endpoint to receive event data from the CrowdStrike Streams API.
Provides a secure endpoint to ingest Falcon Data Replicator events using the S3 ingestion.
CrowdStrike FDR Host Inventory
Provides a secure endpoint to receive device data from the CrowdStrike Host and Host Group Management APIs.
Learn how to collect file integrity monitoring logs from the CrowdStrike FileVantage platform.
Learn how to collect combined endpoint vulnerabilities data from the CrowdStrike Spotlight platform.
Before configuring an AWS Source give Sumo Logic access to your AWS product
Provides a secure endpoint to receive authentication logs from the Cybereason Malops API.
Learn how to collect customer event data from the DocuSign and send it to Sumo Logic.
Provides a secure endpoint to receive team events from the Get Events API.
Learn how to configure the Druva C2C source setup in your Sumo Logic environment.
Druva Cyber Resilience
Learn how to configure the Druva Cyber Resilience C2C source setup in your Sumo Logic environment.
Provides a secure endpoint to receive authentication logs from the Duo Authentication Logs API.
Gmail Trace Logs
Pulls Gmail log data using BigQuery Library APIs.
Learn how to collect data using the BigQuery API.
Google Workspace AlertCenter
Configure Google Workspace AlertCenter Cloud-to-Cloud connector.
Collects a list of users from the Google Workspace Users API.
JumpCloud Directory Insights
Collect events data from the JumpCloud Directory Insight.
Learn how to collect Audit Trail and Base Entry events from Kaltura platform.
KnowBe4 API Source
Collects user events data into Sumo Logic for storage, analysis, and alerting.
Microsoft Azure AD Inventory (Tag)
Collects user and device data from the Microsoft Graph API Security endpoint.
Microsoft Exchange Trace Logs
Collects email trace logs from the Office 365 reporting web service.
Microsoft Graph Azure AD Reporting
Collects Directory Audit, Sign-in, and Provisioning data from MS Graph API Azure AD activity reports.
Microsoft Graph Identity Protection
Collects Risk Detection and Risky User data from the Microsoft Graph Identity Protection API.
Microsoft Graph Security API
Provides a secure endpoint to receive alerts from the Microsoft Graph Security API endpoint.
Supports collecting SIEM, DLP, Audit, and Hold Message List data from the Mimecast API.
Ingests audit logs obtained from the Audit log API.
Provides a secure endpoint to receive event data from the Netskope API.
The Netskope WebTx API integration ingests Web Transaction logs from Netskope Event Stream.
Provides a secure endpoint to receive event data from the Okta System Log API and Users API.
Palo Alto Cortex XDR
Allows you to ingest incidents from your Cortex XDR application.
Proofpoint On Demand
Collects data and uses the secure WebSocket protocol to stream logs.
Provides a secure endpoint to receive data from the Proofpoint TAP SIEM API.
The Qualys VMDR Source tracks errors, reports its health, and start-up progress.
Collects asset and vulnerabilities data from Rapid7 InsightVM.
Provides a secure endpoint to receive Events and User Inventory data from the IdentityNow V3 API.
Provides a secure endpoint to receive event data from the Salesforce through its Rest API.
SentinelOne Mgmt API
Collects data from the SentinelOne Management Console.
Learn about the Slack Source, part of Sumo Logic's Cloud-to-Cloud Integration Framework.
Learn to receive authentication logs from the Sophos Central APIs.
Symantec Web Security Service
Learn to receive WSS Access logs from the Symantec WSS API.
Learn to ingest audit-log events, vulnerability, and asset data from the Tenable.io APIs.
Trellix mVision ePO
Learn how to collect event logs using the Trellix mVision ePO.
Learn to collect admin audit events using Webex API.
Learn to create a Workday Source.
Zero Networks Segment
Learn to collect audit logs and network activity data from Zero Networks Segment.