Sumo Logic Keys

Description

General

• Documentation: https://help.sumologic.com/APIs
• Summary: Sumo Logic is a cloud-based data analytics company. It exposes an API to interact with the Sumo Logic platform. This detector aims at catching Sumo Logic keys in the form of an accessId and an accessKey.
• IPs allowlist: The use of Sumo Logic credentials can be restricted to some IP addresses. This specific documentation gives more information on how to create a whitelist for IP.
• Scopes: This feature is currently not supported.

Revoke the secret

API credentials can be revoked and regenerated from the administration tab of the user's dashboard. Credentials can also be temporarily deactivated from this page.

Check for suspicious activity

This feature is currently not supported.

Details for Sumologic keys

• Family: Api

• Category: Monitoring

• Company: Sumo Logic

• High recall: False

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.01

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^lock$
    - ^storyboard(c|er)?~?$
    - ^xib$
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - secret
    - token
    - key
- type: ContentWhitelistPreValidator
  patterns:
    - su[a-z0-9]{12}

Examples

- text: |
    sumologic.accessId = "suzAlcKzTi3hAO"
    sumologic.accessKey = "XPU8IIaT6arXZkVMX3wVvOMHeqpkNM0N4s8dIh6IQVV0H8tFphZxMTy5TBhnpCBB"
  client_id: suzAlcKzTi3hAO
  client_secret: XPU8IIaT6arXZkVMX3wVvOMHeqpkNM0N4s8dIh6IQVV0H8tFphZxMTy5TBhnpCBB