Create a read-only service account in Sumo Logic with access to Cloud SIEM, SOAR, alerts, dashboards, search, insights, indexes, and monitors so AiStrike can integrate via API.
Step 1: Log in with admin access
Log in to your Sumo Logic instance with an administrative account.
Step 2: Create a read-only role
Go to Administration → Security → Roles → Add Role. Name it AiStrikeReadOnlyRole and enable read-only ("View") permissions across:
-
Data Management — View Collectors, Fields, Connections, Scheduled Views, Partitions, Account Overview, Download Search Results (View All).
-
Cloud SOAR — View Cloud SOAR.
-
Cloud SIEM — View Cloud SIEM, Rules, Threat Intelligence, Match List, File Analysis, Customer Insights, Network Blocks, Mappings, Entity (View All).
-
Automation Service — Task View.
-
Content — View Rules, Threat Intelligence, Match Lists, File Analysis, Custom Insights, Network Blocks, Suppressed Entities (View All).
-
Alerting — View Monitors, Alerts, Muting Schedules (View All).
-
Organizations — View Organizations.
-
Optional: Configuration and Threat Intel view permissions.
Step 3: Assign index access
Under Roles → AiStrikeReadOnlyRole → Index Access, select All Indexes (or the required ones) and click Save.
Step 4: Create a service account
Go to Administration → Security → Service Accounts → Add Service Account. Name it AiStrike_ReadOnly_Service_Account, assign the AiStrikeReadOnlyRole, and generate a new access key/secret (default scope). Copy and securely store the Access Key and Access Secret.
Step 5: Provide to AiStrike
Share the Access Key and Access Secret with the AiStrike team.
For any issues, reach out to the AiStrike technical team.