API Connector
Sumologic Data Analytics for Kisi
Common use cases:
- Compliance for long term access log retention (SOC2, PCI event audits)
- Easier alerting within Sumologic (door held open and forced open alerts with contact sensors and REX buttons)
- Trend mapping and other visualizations within Sumologic. For example, if an auditor or HR wants to know who went into the Network closet in the past 90 days. index=pac sourcetype=kisi:access door="Network Closet" | table _time, door, user, — search should return in a few seconds
- user behavior analytics, track physical access with software based access, example John Smith went into room and logged into this machine (need data from machine there)
Ways to build integration:
- Sumologic add-on to ingest the logs using scripted input aka python scripts against kisi API (need to check indiv. differences)
- AWS: Kisi sends to S3 bucket, sumologic reads from S3 bucket with AWS add-on. Cisco apparently does a good job at this. https://support.umbrella.com/hc/en-us/articles/231248448-Cisco-Umbrella-Log-Management-in-Amazon-S3