Integrating Sumo Logic with imper.ai enables the platform to securely deliver real-time security alerts—such as verification outcomes (e.g., success, failure, risk indicators), session context (e.g., verification ID, timestamp), and identity event details (e.g., challenge responses, authentication methods)—directly to your organization's Sumo Logic SIEM environment. By routing imper.ai verification events to Sumo Logic as a centralized logging destination, security teams can correlate identity verification data with broader organizational telemetry, enabling faster threat detection, streamlined incident response, and comprehensive audit trails for compliance and forensic analysis.

Only imper.ai admin users can integrate Sumo Logic with imper.ai.

Sumo Logic admin is required for the deployment.

Permissions

The permissions required for the Sumo Logic admin is manageCollectors (see how to create a new collection in Sumo Logic below).

Sumo Logic Integration

1. Login to imper.ai admin console

2. Navigate to the Integrations page

   

                             imper.ai integrations page

3. Click on Connect Sumo Logic. 

1. You’ll be prompted to provide a http source URL:

                                       Connect Sumo Logic

Create a Sumo Logic Data Source URL

In Sumo Logic New UI

1. Log in with a user who has a manageCollectors capability.

2. Navigate to Data Management → Collection.
   

                                                Sumo Logic Data Collection

3. Add a Collector

   • If you already have a Hosted Collector, you may skip this step. Otherwise, do the following:

     1. Click Add Collector

     2. Select Hosted Collector

     3. Type in the required fields, and click Save

                      Add Hosted Collector Dialog

4. Add a Source

   • On chosen/recently created collector, click Add Source

   • Choose the OTLP/HTTP Source

     • Type in the required fields, and click Save

       

              Add Hosted Collector Dialog

• Copy the supplied URL into the imper.ai Sumo Logic Integration

Add Hosted Collector Dialog

Data Format & Schema

The following JSON object represents a single, complete verification event sent from imper.ai to your Sumo Logic HTTP Source. This payload is the core of the integration, providing all the necessary data points for threat detection and audit trails.

The data structure is designed to be easily ingested and correlated within your SIEM environment and includes critical information such as:

• User and Session Context: Includes the verified user's identity (name, email) and details about the specific meeting or session.

• Analysis Report: A breakdown of risk assessments across different vectors (network, device, user behavior), including a list of any detected reasons and a corresponding risk score for each.

• Overall Risk: The final risk_score and verification_status for the entire event.

• Extra Data: Environment metadata, such as IP address, device type, timezone, and platform.

{

  "user_name": "John Smith",

  "user_email": "john.smith@acme.com",

  "analysis_report": {

    "network": {

      "reason": ["Address location mismatch", "High Risk VPN"],

      "risk_score": 3.0

    },

    "device": {

      "reason":  ["No risk detected"],

      "risk_score": 0.0

    },

    "user_behavior": {

      "reason":  ["No risk detected"],

      "risk_score": 0.0

    }

  },

  "verification_status": "risk_detected",

  "meeting_name": "Interview: John Smith - SW Engineer",

  "meeting_host": {

   "host_name: Sara Levi"

   "host_email: sara.levi@acme.com"

   }.

  "extra_data": {

    "isp": "T-Mobile Czech Republic a.s.",

    "timezone": "Europe/Prague",

    "device_type": "macOS Desktop",

    "country_code": "CZ",

    "ip_address": "223.26.17.2",

    "platform": "Chrome Browser",

  },

  "risk_score": 3.0,

  "log": "imper.ai verification completed"

}