All Collections
Workspace monitoring
How to export analytics data from Cerby to Sumo Logic
How to export analytics data from Cerby to Sumo Logic

This article describes how to configure the integration to export analytics data from Cerby to Sumo Logic.

Cerby Team avatar
Written by Cerby Team
Updated over a week ago

With Cerby, you can export the analytics data of your workspace to a security information and event management (SIEM) solution like Sumo Logic via an integration. This is a feature that customers can request from the Cerby Customer Support team.

The integration leverages an Amazon S3 bucket, where Cerby exports the logs of analytic events in JSON files every minute as long as Cerby has registered events. The bucket is the data source for Sumo Logic via a hosted collector.

This article describes the instructions to configure the analytics data export to Sumo Logic.

Configure the analytics data export to Sumo Logic

To configure the export of the analytics data that Cerby registers and stores for a workspace, you must complete the following main steps:

  1. Create and configure an Amazon S3 bucket

  2. Add and configure a hosted collector in Sumo Logic

The following sections describe each main step.

1. Create and configure an Amazon S3 bucket

To create and configure an Amazon S3 bucket, complete the following steps:

  1. Create an Amazon S3 bucket for storing objects by following the instructions in the Create your first S3 bucket official documentation.

    NOTE: Make sure to select the ACLs disabled and Block all public access options when creating your bucket.

  2. Add a bucket policy to grant Cerby writing permissions on the bucket by following the instructions in the Adding a bucket policy by using the Amazon S3 console official documentation. Use the following policy:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "Statement1",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::<cerby_account>:role/<cerby_role>"
                },
                "Action": [
                    "s3:GetObject",
                    "s3:GetObjectVersion",
                    "s3:PutObject",
                    "s3:DeleteObject"
                ],
                "Resource": "arn:aws:s3:::<your-bucket-name>/*"
            },
            {
                "Sid": "Statement2",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::<cerby_account>:role/<cerby_role>"
                },
                "Action": [
                    "s3:ListBucket",
                    "s3:ListBucketVersions",
                    "s3:GetBucketLocation"
                ],
                "Resource": "arn:aws:s3:::<your-bucket-name>"
            }
        ]
    }

    IMPORTANT: Contact the Cerby Customer Support team to ask for the cerby_account and cerby_role values. Ensure you add the name of your bucket in the Resource parameters.

  3. Share the bucket name and its path with the Cerby Customer Support team.

The next step is 2. Add and configure a hosted collector in Sumo Logic.

2. Add and configure a hosted collector in Sumo Logic

To add and configure a hosted collector in Sumo Logic, complete the following steps:

  1. Add a hosted collector in Sumo Logic by following the instructions in the Configure a Hosted Collector and Source official documentation.

  2. Configure the Amazon S3 bucket as a reading source for the hosted collector by following the instructions in the Grant Access to an AWS Product official documentation.

Now you’re done with the configuration.

Did this answer your question?