Cloud Sensor Guide
The CSE Cloud Sensor has reached end of life and is no longer supported. Please migrate to a Sumo Logic Hosted Collector. For more information, see the end of life notice.
This section has instructions for configuring CSE Cloud Sensor integrations, which allow you to collect log data from a variety of cloud-based applications and storage services.
Cloud Sensor Overview
The CSE Cloud Sensor is a sensor that is hosted by CSE. There are two types of integrations available for the Cloud Sensor:
Cloud-based app integrations. These integrations allow you to collect log data from cloud-based apps, for example, Amazon GuardDuty, or Microsoft Office 365.
Cloud-based storage integrations. These integrations allow you to collect log data from AWS S3, AWS SQS, or Microsoft EventHub. This is useful if you forward log data from applications to one of these storage services.
You configure Cloud Sensor integrations on the edit page for your Cloud Sensor. When you add an integration, you are prompted to supply a number of configuration parameters. For example, when you add integrations for AWS services, you are prompted to supply your AWS access key, secret key, and data that identifies the resources you want to monitor. For an example configuration procedure, see Configure an API integration, below.
Supported App integrations
The following table lists the integrations supported by CSE.
| Vendor | Products |
|---|---|
| Amazon Web Services (AWS) | CloudTrail GuardDuty SQS Forwarding S3 Forwarding Virtual Private Cloud (VPC) Flow Records |
| Carbon Black | Defense |
| Cisco | AMP Umbrella |
| Cloudflare | Logpush |
| Cylance | PROTECT |
| Duo Security | Multi-Factor Authentication (MFA) |
| Endgame | Protect API |
| G Suite | |
| Illumio | Adaptive Security Platform (ASP) |
| Lacework | Cloud Security Platform |
| Microsoft | Azure Azure EventHub Forwarding Office 365 |
| Mimecast | Message Transfer Agent (MTA) |
| Netskope | Security Cloud |
| Okta | Authentication |
| Proofpoint | TAP |
| Redlock | Cloud Threat Defense |
| Salesforce | Platform |
| Sophos | SIEM API (Alerts and Events) |
| Tenable | Events |
Supported Cloud Storage Integrations
This section lists the CSE’s cloud storage integrations.
| Storage service | Integrations |
|---|---|
| AWS S3 | AWS CloudTrail via S3 AWS GuardDuty via Tenable Events via S3 Cisco Umbrella via S3 |
| AWS SQS | AWS CloudTrail via SQS AWS S3 via SQS Amazon GuardDuty via SQS RedLock Cloud threat Defense via SQS Lacework Cloud Security Platform via SQS Cisco Umbrella via SQS Illumino ASP via SQS |
| Microsoft | Azure Eventhub |
Configure an API integration
In the CSE web UI, click the gear icon, then click Sensors.
Click Cloud Sensor's Edit icon.
Click ADD under the INTEGRATIONS section.
Select the Type of integration you would like to configure, fill in the required fields, and click **ADD.
**The new integration is listed under the Cloud Sensor's INTEGRATIONS section labeled by the Name you provided for that Integration. (Not the Type of Integration)
The Cloud Sensor will begin to automatically collect data from your new integration. To confirm, click on the Info icon next to "Cloud Sensor" to view the integration's configuration and Records Seen Since Start.
