Skip to content

Sumo Logic Access Keys

Service Name: Sumo Logic

Service Description: Sumo Logic is a cloud-based log management and analytics service that enables the collection and analysis of machine data from on-premises and cloud infrastructure, providing real-time insights through search, analytics, and visualization.

Service Address: https://www.sumologic.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through access keys and CIDR notation.

Secret Access Scope: Grants programmatic access to Sumo Logic APIs, allowing management of collectors, sources, dashboards, and the ability to search and analyze log data.

Secret Revokement URL: https://help.sumologic.com/docs/manage/security/access-keys/#manage-your-access-keys

Secret Example:

Suspicious Activity Investigation Instructions:

  • Review the audit index in Sumo Logic for unusual API calls or access patterns
  • Check for unauthorized collector creation or modification
  • Monitor for unusual search patterns or data exports
  • Verify if there are any unexpected changes to dashboards or alerts
  • Look for access from unusual IP addresses or locations Access ID: suYdTGnbFbGhJk5tNt7C Access Key: gX2JGnbTvM5tNt7CsuYdTGnbFbGhJk5tNt7C

Mitigation Instructions:

  • Log in to the Sumo Logic web interface
  • Navigate to Administration > Security > Access Keys
  • Identify the compromised access key
  • Click on the three dots next to the key and select "Delete"
  • Confirm the deletion
  • Create a new access key if needed
  • Update any legitimate applications or services that were using the old key
  • Review and update IP restrictions for access keys if applicable
  • Consider implementing SAML authentication for enhanced security
  • Review collector configurations to ensure they haven't been modified