Sending CloudPassage Halo Event Logs to Sumo Logic

Automating your server security is about more than just one great tool – it’s also about linking together multiple tools to empower you with the information you need to make decisions.  For customers of Halo, a cloud server security platform from CloudPassage, and Sumo Logic, linking those tools to secure cloud servers is as easy as it is powerful.

The Halo Event Connector enables you to pull security event logs from Halo into your Sumo Logic dashboard, including alerts from your configuration, file integrity, and software vulnerability scans. Halo can also deliver unprecedented visibility of your cloud servers, directly into your log management console. You can track server events such as your server rebooting, shutting down, changing IP addresses, and much more.

The purpose of the Halo event script is to retrieve event data from a CloudPassage Halo account and import it into Sumo Logic for indexing or processing. It is designed to execute repeatedly, keeping the Sumo Collector up-to-date with Halo events as time passes and new events occur.

Using the scripts and documentation posted on Github, you can quickly and easily add Halo as a “source” to your Sumo Collector, so events generated by Halo will feed into your log management system, giving you centralized, and more complete visibility across your server environment.

Halo Event Connector is free to use, and will work with any Halo subscription.  To get started integrating Halo events into Sumo Logic, make sure you have set up accounts for CloudPassage Halo and Sumo Logic.

Then, generate an API key in your CloudPassage Halo portal.  Once you have an API key, follow the steps provided in the Halo – Sumo Logic Documentation, using the scripts provided on Github. The documentation available with those files on GitHub walks you through the process of testing the Halo Event Connector script.

Once you have tested the script, you will then add the output as a “Source” by selecting “Script” in Sumo Logic (see below).

Sumo Logic Dashboard

When you have finished adding the new data source that integrates the Halo Event Connector with Sumo Logic (as detailed in the .pdf documentation), you will be taken back to the “Collectors” tab where the newly added Script source will be listed.

Sumo Logic Dashboard - Halo events

Once the Connector runs successfully and is importing event data into Sumo Logic, you will see Halo events such as the following appear in your Sumo Logic searches:

Sumo Logic Dashboard chart

Try it out today – we are eager to hear your feedback! We hope that integrating these two tools make your server security automation even more powerful.

Related Posts