Sumo Logic MCP server
Search logs and triage Cloud SIEM signals from your AI agents.
About
Connect Tracecat to Sumo Logic to search the log index and walk Cloud SIEM signals for SOC analysts running alert triage at ingest scale. You can run a Sumo Logic query as part of a triage workflow without an analyst writing the query by hand. From there, pull related Cloud SIEM signals, browse dashboard content, and pass enriched context to the rest of your security stack with every call attributed to the connected user and recorded on the Tracecat case timeline.
Setup
- 1
Create an API key
The Sumo Logic MCP server authenticates with a Sumo Logic access ID and access key pair. Keys inherit the permissions of the user that created them, so create them under a least-privilege role. Confirm with vendor docs.
- 2
Select the
Sumo Logictile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theSumo Logictile, and paste your API key. - 3
Enable
Sumo Logicin your agentIn your
ai.agentaction orAgents→toolstab, selectSumo Logicfrom theMCP integrationsdropdown.
Tools
Sumo Logic MCP tools | The MCP server exposes Sumo Logic search, Cloud SIEM, and content management tools. Specific tool names depend on the release. Confirm with vendor docs. |