Severity and state mappings for Sumo Logic
Alert priority and resolution state mapping between Sumo Logic and Incident Response.
Sumo Logic alert priority mapping
Sumo Logic’s alert priority is based on one field in the payload.
The field of interest is: TriggerType
| Sumo Logic payload field | Sumo Logic payload value | Incident Response alert priority value |
|---|---|---|
| TriggerType | CRITICAL | P1-Critical |
| WARNING | P3-Moderate | |
| SCHEDULED SEARCH | P4-Low | |
| MISSINGDATA | P4-Low | |
| MISSING DATA | P4-Low |
Sumo Logic resolution state mapping
The field of interest is: TriggerType
| Sumo Logic payload field | Sumo Logic payload value | Incident Response alert resolution state value |
|---|---|---|
| TriggerType | RESOLVEDCRITICAL | Closing |
| RESOLVEDWARNING | Closing | |
| RESOLVEDMISSINGDATA | Closing | |
| RESOLVEDMISSING DATA | Closing | |
| CRITICAL | New | |
| WARNING | New | |
| SCHEDULED SEARCH | New | |
| MISSING DATA | New | |
| MISSINGDATA | New |
Note: If you require any other severity and state mappings, use the
Generic webhook integration.