Cloud-to-Cloud Integration Framework
The Cloud-to-Cloud Integration Framework is a fully-managed collection system that collects logs and events directly from SaaS and Cloud platforms. This data often includes custom events and user data critical for operations monitoring, security, and compliance use cases. As a fully managed collection system, integrations running within the Cloud-to-Cloud Integration Framework provide a secure endpoint to receive event data in your account. Integration authentication, scheduling, and state tracking are all managed by the framework
note
This framework is not available in the Fed deployment.
Limitations
- The number of Cloud-to-Cloud Sources is limited to 20.
- You are warned when you have 16 Sources or 80% of the limit.
- You are notified when you have reached the Source limit.
Static IP addresses
The following table provides the static IP addresses used for Cloud-to-Cloud Integration Sources by deployment. These are provided in case you want to explicitly allow the IP addresses on your third-party target SaaS or Cloud platform.
| Deployment | Static IP addresses |
|---|---|
| AU | 13.210.38.180, 54.253.14.8, 52.63.30.49 |
| CA | 3.96.85.212, 3.97.51.58, 3.96.95.249 |
| DE | 52.28.151.126, 18.193.176.46, 18.192.147.254 |
| EU | 54.74.133.34, 18.200.219.230, 54.216.109.182 |
| IN | 65.0.114.18, 3.7.177.71, 3.6.131.26 |
| JP | 52.69.8.121, 54.248.157.127, 18.182.95.102 |
| US1 | 54.209.19.175, 23.22.90.93, 23.22.11.54, 34.228.131.3, 34.237.107.105, 3.88.82.220 |
| US2 | 54.149.79.97, 54.218.43.134, 44.239.32.230, 35.161.2.93 |
Integrations
The topics below are the available integrations. In Sumo Logic these are called Sources. Check out the Sources we have available in beta. You are invited to request new Sources for the Cloud-to-Cloud Integration Framework from our Ideas Portal.
Versions
Sources in the Cloud-to-Cloud Integration Framework need updates over time to maintain data collection. Updates can vary in severity and may not require any input from you. See Cloud-to-Cloud Source Versions for details on how to upgrade and how versions are structured.
Guide contents
In this section, we will introduce the following concepts:
📄️ Akamai SIEM API Source
The Akamai SIEM API Source provides a secure endpoint to receive security events generated on the Akamai platform by leveraging the V1 SIEM API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ AWS Cost Explorer Source
The AWS Cost Explorer Source collects cost and usage reports from AWS Cost Explorer. You have the option to collect from one or more specific AWS cost types and set how often reports are collected.
📄️ Azure Event Hubs Source
The Azure Event Hubs Source provides a secure endpoint to receive data from Azure Event Hubs. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Carbon Black Cloud Source
The Carbon Black Cloud Source provides a secure endpoint to receive data from the Carbon Black Cloud, Enriched Event Search, and Alerts APIs. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Carbon Black Inventory Source
The Carbon Black Inventory Source provides a secure endpoint to receive data from the CB Devices API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Cisco AMP Source
The Cisco AMP Source provides a secure endpoint to receive data from the Cisco Amp System Log API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Cloud-to-Cloud Source Versions
Sources in the Cloud-to-Cloud IntegrationFramework need updates over time to maintain data collection. Updates can vary in severity and may not require any input from you.
📄️ Crowdstrike FDR Source
The CrowdStrike Falcon Data Replicator (FDR) Source provides a secure endpoint to ingest Falcon Data Replicator events using the S3 ingestion capability by consumed SQS notifications of new S3 objects. It securely stores the required authentication, scheduling, and state tracking information.
📄️ CrowdStrike Source
The CrowdStrike Source provides a secure endpoint to receive event data from the CrowdStrike Streams API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ CSE AWS EC2 Inventory Source
The CSE AWS EC2 Inventory Source provides a secure endpoint to receive event data from the EC2 describe instances API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Cybereason Source
The Cybereason Source provides a secure endpoint to receive authentication logs from the Cybereason Malops API. It securely stores the required authentication, scheduling, and state
📄️ Dropbox Source
The Dropbox Source provides a secure endpoint to receive team events from the Get Events API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Duo Source
The Duo Source provides a secure endpoint to receive authentication logs from the Duo Authentication Logs API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Google Workspace Source
The Google Workspace Source collects a list of users from the Google Workspace Users API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Microsoft Azure AD Inventory Source
The Microsoft Azure AD Inventory Source collects user and device data from the Microsoft Graph API Security endpoint. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Microsoft Graph Security API Source
The Microsoft Graph Security API Source provides a secure endpoint to receive alerts from the Microsoft Graph Security API endpoint. It securely stores the required authentication, scheduling, and state tracking information. One threat event is reported for each
📄️ MS Graph Azure AD Reporting Source
The Microsoft Graph Azure AD Reporting Source collects Directory Audit, Sign-in, and Provisioning data from the Microsoft Graph API Azure AD activity reports. It securely stores the required authentication, scheduling, and state tracking information.
📄️ MS Graph Identity Protection Source
The Microsoft Graph Identity Protection Source collects Risk Detection and Risky User data from the Microsoft Graph Identity Protection API. It
📄️ Netskope Source
The Netskope Source provides a secure endpoint to receive event data from the Netskope API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Okta Source
The Okta Source provides a secure endpoint to receive event data from the Okta System Log API and Users API.
📄️ Palo Alto Cortex XDR Source
The Palo Alto Cortex XDR Source provides a secure endpoint to receive alerts from the Get Alerts Incident Management API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Proofpoint On Demand Source
The Proofpoint On Demand (PoD) Source collects data from the Proofpoint On Demand (PoD) Log Service and uses the secure WebSocket (WSS) protocol to stream logs. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Proofpoint TAP Source
The Proofpoint TAP Source provides a secure endpoint to receive data from the Proofpoint TAP SIEM API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ SailPoint Source
The SailPoint Source provides a secure endpoint to receive Events and User Inventory data from the IdentityNow V3 API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Salesforce Source
The Salesforce Source provides a secure endpoint to receive event data from the Salesforce through its Rest API. The source securely stores the required authentication, scheduling, and state tracking information.
📄️ SentinelOne Mgmt API Source
The SentinelOne Mgmt API Source collects data from the SentinelOne Management Console. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Sophos Central Source
The Sophos Central Source provides a secure endpoint to receive authentication logs from the Sophos Central APIs. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Symantec Web Security Service Source
The Symantec Web Security Service Source provides a secure endpoint to receive WSS Access logs from the Symantec WSS API. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Tenable Source
The Tenable Source provides a secure endpoint to ingest audit-log events, vulnerability, and asset data from the Tenable.io APIs. It securely stores the required authentication, scheduling, and state tracking information.
📄️ Workday Source
When you create a Workday Source, you add it to a Hosted Collector. Before creating the Source, identify the Hosted Collector you want to use or create a new Hosted Collector. For instructions, see Configure a Hosted Collector.