Skip to content

Sumo Logic Access Token

Service Name: Sumo Logic

Service Description: Sumo Logic is a cloud-based log management and analytics service that enables the collection and analysis of machine data from various sources for monitoring, troubleshooting, and security purposes.

Service Address: https://www.sumologic.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through IP allowlisting in the security settings.

Secret Access Scope: Grants programmatic access to Sumo Logic APIs, allowing management of collectors, sources, dashboards, and the ability to query logs and metrics data.

Secret Revokement URL: https://help.sumologic.com/docs/manage/security/access-keys/#manage-access-keys

Secret Example: sumo1234abcdef567890ghijklmnopqrstuvwxyz1234567890abcdefghijklm

Suspicious Activity Investigation Instructions:

  • Review the audit index in Sumo Logic for unauthorized API calls or unusual access patterns
  • Check for unexpected collector or source creations or modifications
  • Monitor for unusual query patterns or data exports
  • Verify if there are any unexpected changes to dashboards, alerts, or scheduled searches
  • Look for access from unusual IP addresses or locations

Mitigation Instructions:

  • Log in to the Sumo Logic web interface
  • Navigate to Administration > Security > Access Keys
  • Locate the compromised access key
  • Click the delete icon (trash can) next to the key
  • Confirm deletion when prompted
  • Create a new access key if needed
  • Update any legitimate applications or services using the old key
  • Review and update IP allowlisting settings if necessary
  • Consider enabling multi-factor authentication for all users