Sumo Logic Access Keys
Service Name: Sumo Logic
Service Description: Sumo Logic is a cloud-based log management and analytics service that enables the collection and analysis of machine data from on-premises and cloud infrastructure, providing real-time insights through search, analytics, and visualization.
Service Address: https://www.sumologic.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through access keys and CIDR notation.
Secret Access Scope: Grants programmatic access to Sumo Logic APIs, allowing management of collectors, sources, dashboards, and the ability to search and analyze log data.
Secret Revokement URL: https://help.sumologic.com/docs/manage/security/access-keys/#manage-your-access-keys
Secret Example:
Suspicious Activity Investigation Instructions:
- Review the audit index in Sumo Logic for unusual API calls or access patterns
- Check for unauthorized collector creation or modification
- Monitor for unusual search patterns or data exports
- Verify if there are any unexpected changes to dashboards or alerts
- Look for access from unusual IP addresses or locations Access ID: suYdTGnbFbGhJk5tNt7C Access Key: gX2JGnbTvM5tNt7CsuYdTGnbFbGhJk5tNt7C
Mitigation Instructions:
- Log in to the Sumo Logic web interface
- Navigate to Administration > Security > Access Keys
- Identify the compromised access key
- Click on the three dots next to the key and select "Delete"
- Confirm the deletion
- Create a new access key if needed
- Update any legitimate applications or services that were using the old key
- Review and update IP restrictions for access keys if applicable
- Consider implementing SAML authentication for enhanced security
- Review collector configurations to ensure they haven't been modified