With Cerby, you can export the analytics data of your workspace to a security information and event management (SIEM) solution like Sumo Logic via an integration. This is a feature that customers can request from the Cerby Customer Support team.
The integration leverages an Amazon S3 bucket, where Cerby exports the logs of analytic events in JSON files every minute as long as Cerby has registered events. The bucket is the data source for Sumo Logic via a hosted collector.
This article describes the instructions to configure the analytics data export to Sumo Logic.
Configure the analytics data export to Sumo Logic
To configure the export of the analytics data that Cerby registers and stores for a workspace, you must complete the following main steps:
The following sections describe each main step.
1. Create and configure an Amazon S3 bucket
To create and configure an Amazon S3 bucket, complete the following steps:
Create an Amazon S3 bucket for storing objects by following the instructions in the Create your first S3 bucket official documentation.
NOTE: Make sure to select the ACLs disabled and Block all public access options when creating your bucket.
Add a bucket policy to grant Cerby writing permissions on the bucket by following the instructions in the Adding a bucket policy by using the Amazon S3 console official documentation. Use the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<cerby_account>:role/<cerby_role>"
},
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::<your-bucket-name>/*"
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<cerby_account>:role/<cerby_role>"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::<your-bucket-name>"
}
]
}IMPORTANT: Contact the Cerby Customer Support team to ask for the
cerby_account
andcerby_role
values. Ensure you add the name of your bucket in theResource
parameters.Share the bucket name and its path with the Cerby Customer Support team.
The next step is 2. Add and configure a hosted collector in Sumo Logic.
2. Add and configure a hosted collector in Sumo Logic
To add and configure a hosted collector in Sumo Logic, complete the following steps:
Add a hosted collector in Sumo Logic by following the instructions in the Configure a Hosted Collector and Source official documentation.
Configure the Amazon S3 bucket as a reading source for the hosted collector by following the instructions in the Grant Access to an AWS Product official documentation.
Now you’re done with the configuration.