Sumologic Data Analytics for Kisi

Common use cases:

• Compliance for long term access log retention (SOC2, PCI event audits)
• Easier alerting within Sumologic (door held open and forced open alerts with contact sensors and REX buttons)
• Trend mapping and other visualizations within Sumologic. For example, if an auditor or HR wants to know who went into the Network closet in the past 90 days. index=pac sourcetype=kisi:access door="Network Closet" | table _time, door, user, — search should return in a few seconds
• user behavior analytics, track physical access with software based access, example John Smith went into room and logged into this machine (need data from machine there)

Ways to build integration:

• Sumologic add-on to ingest the logs using scripted input aka python scripts against kisi API (need to check indiv. differences)
• AWS: Kisi sends to S3 bucket, sumologic reads from S3 bucket with AWS add-on. Cisco apparently does a good job at this. https://support.umbrella.com/hc/en-us/articles/231248448-Cisco-Umbrella-Log-Management-in-Amazon-S3