Code42 + Sumo Logic

GET STARTED

Correlate actionable risk insights to speed insider threat response

Code42 integrates with Sumo Logic via a command-line interface (CLI) to send file exfiltration events and alert information from Code42 into custom dashboards within Sumo Logic for correlation and triage.

Code42’s insider risk detection lenses surface insights for subsets of users more likely to put data at risk, such as users with access to proprietary information or departing employees. Extracting this data into Sumo Logic provides security teams with actionable insights that can be applied to existing SOC workflows to substantiate insider threat investigations and speed response.

Benefits of the Code42 + Sumo Logic integration

Prioritized risk


Manage insider risk throughout the employee lifecycle and across users more likely to put data at risk.

Reduced complexity


Apply Code42 file exposure and exfiltration events into Sumo Logic dashboards or workflows.

Faster response


Speed response to insider threat incidents with actionable insights to substantiate investigations.

Integration features

Actionable alerts

Extract alert information from Code42 into existing Sumo Logic workflows for correlation and triage.

Custom dashboards

Create custom dashboards within Sumo Logic using Code42 data—with the ability to tailor queries based on file, vector or user (i.e. only files that have been uploaded via a browser).

Open API

Deliver alerts into Sumo Logic using JavaScript Object Notation (JSON) or Common Event Format (CEF).

Prioritized risk detection

Use the CLI to manage users on the high risk or departing employee lists within Sumo Logic.

Insider threat ecosystem

Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.

Integration features

Actionable alerts

Extract alert information from Code42 into existing Sumo Logic workflows for correlation and triage.

Custom dashboards

Create custom dashboards within Sumo Logic using Code42 data—with the ability to tailor queries based on file, vector or user (i.e. only files that have been uploaded via a browser).

Open API

Deliver alerts into Sumo Logic using JavaScript Object Notation (JSON) or Common Event Format (CEF).

Prioritized risk detection

Use the CLI to manage users on the high risk or departing employee lists within Sumo Logic.

Insider threat ecosystem

Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.

Featured Use Case

Extract Code42 data into Sumo Logic for actionable insights, correlation and triage of insider threats

Challenge

Challenge: Policy-driven approaches to mitigating insider risk have left organizations blind to the data security events that are hard to tag or categorize.

Solution

Solution: Code42 logs every file event then enriches it with context on the vector, file and user to determine what represents real risk. Risk detection lenses are purpose-built for common insider threat scenarios but can be customized to your environment. When file exposure or exfiltration is detected, high-fidelity alert information is extracted into Sumo Logic for correlation and triage. This ensures Code42 data can be applied to existing SOC workflows while ensuring complete file context to support investigations and speed response.

Benefit

Benefit: Streamlining alert information and incident triage within Sumo Logic reduces complexity by correlating event information to deliver actionable insights that speed insider threat response.