|
| 1 | +--- |
| 2 | +title: Sumo Logic Automation Tools |
| 3 | +description: '' |
| 4 | +--- |
| 5 | + |
| 6 | +import useBaseUrl from '@docusaurus/useBaseUrl'; |
| 7 | + |
| 8 | +<img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/sumo-logic-notifications.png')} alt="sumo-logic-notifications" width="100"/> |
| 9 | + |
| 10 | +***Version: 1.0 |
| 11 | +Updated: Sep 9, 2024*** |
| 12 | + |
| 13 | +Sumo Logic Automation Tools simplifies CloudSOAR playbooks with data processing and automation. |
| 14 | + |
| 15 | +### Actions |
| 16 | + |
| 17 | +* **Buffer** (*Custom*) - [Description](#buffer) |
| 18 | +* **Data Transform** (*Custom*) - [Description](#data-transform) |
| 19 | +* **Build JSON Object** (*Custom*) - [Description](#build-json-object) |
| 20 | +* **Build Signal Output** (*Custom*) - [Description](#build-signal-output) |
| 21 | + |
| 22 | +## Actions Details |
| 23 | + |
| 24 | +### Buffer |
| 25 | +- Takes a JSON string or object and returns it as a JSON result. Helpful for dumping a JSON blob in string format and rendering in JSON format. |
| 26 | + |
| 27 | +### Data Transform |
| 28 | +- Provides various functions to more easily transform data in a playbook: |
| 29 | + - **String Input** - The value to transform. |
| 30 | + - **Transform Function** - Which string operation to use. Valid options are 'Split', 'Strip', 'Replace' or 'Regex' |
| 31 | + - **Split**: Splits a string into an array based on the delimiter provided in the "Transform Argument" parameter. |
| 32 | + - **Strip / lstrip / rstrip**: Removes leading and trailing characters from a string. Space is the default character to remove, unless specified otherwise in the "Transform Argument" parameter. |
| 33 | + - **Append**: Attaches a string to the end of a string (String Input > Transform Argument) |
| 34 | + - **Prepend**: Attaches a string to the beginning of a string (Transform Argument > String Input) |
| 35 | + - **Replace**: Replace a specified string/word/character with the value specified in the "Transform Argument" and "Replace" parameters. |
| 36 | + - **Regex Replace**: Replace a specified string/word/character with the value specified as a regular expression. This allows for user-provided value to be replace within the 'Transform Argument' and an user-provided value to be replace with in the 'Replace' argument. |
| 37 | + - **Regex**: Match a string with a regex pattern (python regex). Currently, this will return only the first capture group/match in an array. Could be further modified to accept an array num input. |
| 38 | + - **Encode UTF8 / Encode ASCII**: Encodes a string in UTF8 or ASCII formats |
| 39 | + - **Lowercase / Uppercase / Title Case / Capitalize**: Converts the case of a string based on the desired case type. |
| 40 | + - **Transform Argument** - Function input (e.g. regex pattern (w/ capture groups), replace argument (a,b) or split delimiter). |
| 41 | + - **Array Element** - Optional: if using 'split' function, select the element to return. Otherwise return the entire array. |
| 42 | + |
| 43 | +### Build JSON Object |
| 44 | +- Provide the action with JSON key placeholder or string to build a new JSON object with the specified key/values. |
| 45 | + |
| 46 | +### Build Signal Output |
| 47 | +- Get Insight V2 action from the the Sumo Logic CSE integration and then takes all signals from the output and converts it into a formatted signal output to be used (example: the output has been used in an email, ticketing system, or a notes section of the CSOAR incident) |
| 48 | +- Exclude fields take precedence over include fields |
| 49 | +- Must add the field signals to the output section of the Get Insight V2 action from the Sumo Logic CSE integration |
| 50 | +- The output format of the signal can be chosen between (HTML or plain text), with the option to include line breaks in the output. |
| 51 | + |
| 52 | +## Change Log |
| 53 | + |
| 54 | +* Sep 09, 2024 - First upload |
0 commit comments