Skip to content
/ SumoLogic-Detection-as-Code-Demo Public

Reference implementation for managing Sumo Logic Log Analytics monitors and Cloud SIEM rules with Terraform

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jyding/SumoLogic-Detection-as-Code-Demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
scripts
scripts
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

About

SumoLogic’s Terraform provider makes it easy to manage both Log Analytics monitors and Cloud SIEM rules.

This demo uses four main components: Sumo Logic Terraform Provider, AWS S3 (for remote state storage), Github, and Github Actions.

Github/Github Actions is used for both version control and CI/CD. Some customers might have these two components separate like a git repository and Jenkins for CI/CD

image

1. Sumo Logic Terraform Provider

What It Does:
The Sumo Logic Terraform Provider allows us to define and manage both Log Analytics monitors and Cloud SIEM (CSE) rules as code.

How It Works in the Demo:
Files like sumo_monitor.tf and csiem_okta_logins.tf contain resource blocks that define our detection rules. You can add more detection rules or update the existing ones here.

When you run terraform plan or terraform apply, Terraform interacts with Sumo Logic’s API to create or update these rules.

2. AWS Remote State

What It Does:
AWS Remote State uses an S3 bucket (with optional DynamoDB for locking) to store Terraform’s state file. This allows for:

  • Collaboration: Team members can work on the same state file.
  • Reliability: The state file is safely stored and versioned in AWS.

How It Works in the Demo:
The backend block in main.tf configures Terraform to use an S3 bucket:

backend "s3" {
  bucket         = "terraformdemojyd02394-test"  # Your S3 bucket name
  key            = "terraform/state/terraform.tfstate"
  region         = "us-east-1"         # Your AWS region
  encrypt        = true                # Enable encryption at rest
}

3. GitHub Actions

What It Does:

  • Continuous Deployment: Every change in our Terraform code triggers an automated plan and apply process.
  • Integration with Secrets: AWS credentials, Sumo Logic API tokens, and other sensitive data are securely managed through GitHub Secrets.

How It Works in the Demo:

The workflow file (.github/workflows/main.yml) is triggered on pushes and pull requests.

It performs the following steps:

  1. Checks out the repository.
  2. Sets up AWS credentials (for remote state management).
  3. Initializes Terraform.
  4. Runs terraform plan and terraform apply to update the detection rules in Sumo Logic.

This automation ensures that our infrastructure (detection rules) is always up to date with the code in the repository.

About

Reference implementation for managing Sumo Logic Log Analytics monitors and Cloud SIEM rules with Terraform

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages