Step 1: Enable console access
Having read-only access to the interface of your technology allows Expel to dig deeper when performing incident investigations. Our device health team uses this access to investigate potential health issues with your tech.
- Sign in to the Sumo Logic CIP console to create a new user.
- Navigate to Administration > Users and Roles > Users and click the Add User button at the top right of the page.
- FIll in the below information.
- For First Name type Expel.
- For Last Name type SOC.
- For Email type: soc+<your_company_name>@expel.io.
- For Roles select the analyst role.
- Click Add New User.
- Verify that Expel SOC now appears on the Users page.
- Sign into Sumo Logic CSE console.
- Navigate to Accounts.
- Click on Invite at the top right of the page.
- Invite the Sumo Logic CIP user from step 1 with a role of Analyst.
Step 2: Generate API credentials
To integrate the technology with Expel, we need to create secure credentials to the API. Depending on the permissions allowed in Step 1, Expel may be able to generate API credentials. If you're unsure, reach out to your Expel Customer Success Engineer, or email firstname.lastname@example.org.
- Edit the Sumo Logic CSE user created in step 1.
- Select API Key Enabled.
- Select YES, REGENERATE API KEY.
- Click UPDATE and log out.
- Log back into Sumo Logic CSE console with the new user created in step 1.
- Click on user profile at the top right of the page.
- Copy API Key and make note of it.
Step 3: Configure the technology in Workbench
Now that we have all the correct access configured and noted the credentials, we can integrate Sumo Logic with Expel.
Register devices in Expel Workbench
- In a new browser tab, log into https://workbench.expel.io.
- On the console page, navigate to Settings and click Security Devices.
- At the top right of the page, select Add Security Device.
- Search for and select Sumo Logic Cloud.
- Type Name and Location. For example Sumo Logic and Expel Lab.
After a few minutes, refresh the Security Devices page and you see your device status reporting as Healthy, or if there is an issue, you see details of what the issue may be.
To check if alerts are coming through, navigate to Alerts on the console page. Click the icon in the upper right to switch to grid view, then check the list for device alerts.