AiStrike Documentation

Sumo Logic

Create a read-only service account in Sumo Logic with access to Cloud SIEM, SOAR, alerts, dashboards, search, insights, indexes, and monitors so AiStrike can integrate via API.

Step 1: Log in with admin access

Log in to your Sumo Logic instance with an administrative account.

Step 2: Create a read-only role

Go to Administration → Security → Roles → Add Role. Name it AiStrikeReadOnlyRole and enable read-only ("View") permissions across:

  • Data Management — View Collectors, Fields, Connections, Scheduled Views, Partitions, Account Overview, Download Search Results (View All).

  • Cloud SOAR — View Cloud SOAR.

  • Cloud SIEM — View Cloud SIEM, Rules, Threat Intelligence, Match List, File Analysis, Customer Insights, Network Blocks, Mappings, Entity (View All).

  • Automation Service — Task View.

  • Content — View Rules, Threat Intelligence, Match Lists, File Analysis, Custom Insights, Network Blocks, Suppressed Entities (View All).

  • Alerting — View Monitors, Alerts, Muting Schedules (View All).

  • Organizations — View Organizations.

  • Optional: Configuration and Threat Intel view permissions.

Step 3: Assign index access

Under Roles → AiStrikeReadOnlyRole → Index Access, select All Indexes (or the required ones) and click Save.

Step 4: Create a service account

Go to Administration → Security → Service Accounts → Add Service Account. Name it AiStrike_ReadOnly_Service_Account, assign the AiStrikeReadOnlyRole, and generate a new access key/secret (default scope). Copy and securely store the Access Key and Access Secret.

Step 5: Provide to AiStrike

Share the Access Key and Access Secret with the AiStrike team.

For any issues, reach out to the AiStrike technical team.