Fixed full scans iteration and updated documentation

README.md

@@ -11,6 +11,7 @@ This tool supports the following connectors:
 - Elasticsearch
 - WebHook
 - Slack
+- SumoLogic
 
 ### Other SIEM Integrations
 
@@ -134,6 +135,38 @@ if __name__ == '__main__':
     errors = bigquery.add_dataset(issue_data, streaming=True)
 ```
 
+### SumoLogic
+
+The SumoLogic plugin will send results to a HTTP Collector URL for SumoLogic
+
+Initializing Options:
+
+| Option | Required | Default | Description                                       |
+|--------|----------|---------|---------------------------------------------------|
+| http_source_url  | True     | None    | This is the HTTP Collector URL to send results to |
+
+```python
+import os
+from socketsync.core import Core
+from socketsync.connectors.sumologic import Sumologic
+
+if __name__ == '__main__':
+    socket_org = os.getenv("SOCKET_ORG") or exit(1)
+    api_key = os.getenv("SOCKET_API_KEY") or exit(1)
+    days_ago = os.getenv("DAYS_AGO") or exit(1)
+    http_source_url = os.getenv("SUMO_HTTP_URL")
+
+    from_time = days_ago * 24 * 60 * 60 #Convert days to seconds
+
+    core = Core(
+        api_key=api_key,
+        from_time=from_time,
+    )
+    issue_data = core.get_issues()
+    sumo = Sumologic(http_source_url=http_source_url)
+    sumo.send_events(issue_data, "socket-sync-alerts")
+```
+
 ### Panther
 The Panther connector requires you to have an HTTP connector setup in the Panther UI. In this example I used a bearer token but this can be overriden by using custom headers if desired.
 

socket-integration-example.py

@@ -8,6 +8,7 @@
 from socketsync.connectors.csv import CSV
 from socketsync.connectors.webhook import Webhook
 from socketsync.connectors.slack import Slack
+from socketsync.connectors.sumologic import Sumologic
 
 from datetime import datetime, timezone
 start_date = "2024-09-10 10:00"
@@ -25,7 +26,8 @@
     core = Core(
         api_key=api_key,
         from_time=from_time,
-        request_timeout=300
+        request_timeout=300,
+        report_id="a96abb17-5750-4452-9e7e-33673070f0f2"
     )
     # logging.basicConfig(level=logging.DEBUG)
     # core.set_log_level(logging.DEBUG)
@@ -38,6 +40,12 @@
     )
     csv.write_csv(issue_data)
 
+    # Sumologic Example
+    sumo_logic_http_source_url = os.getenv("SUMO_LOGIC_HTTP_SOURCE_URL", None)
+    sumo = Sumologic(sumo_logic_http_source_url)
+    sumo_status = sumo.send_events(issue_data, "socket-siem-connector")
+    print(f"Sumologic Result: {sumo_status}")
+
     # Elasticsearch Example
     elastic_token = os.getenv('ELASTIC_TOKEN') or exit(1)
     elastic_cloud_id = os.getenv('ELASTIC_CLOUD_ID') or exit(1)

socketsync/__init__.py

@@ -2,7 +2,7 @@
 
 
 __author__ = "socket.dev"
-__version__ = "1.0.21"
+__version__ = "1.0.22"
 __all__ = ["log", "__version__", "columns", "default_headers"]
 
 log = logging.getLogger("socketdev")

socketsync/connectors/sumologic.py

@@ -0,0 +1,61 @@
+import requests
+import io
+import json
+from socketsync.classes import IssueRecord
+
+
+class Sumologic:
+    def __init__(self, http_source_url: str):
+        """
+        Initializes the Sumo Logic client with credentials and HTTP source URL.
+
+        :param http_source_url: The Sumo Logic HTTP source URL
+        """
+        self.http_source_url = http_source_url
+
+    def send_events(self, events: list, plugin_name: str) -> None:
+        """
+        Will iterate through events and send to SIEM
+        :param events: A list containing the events to send:
+        :param plugin_name: A string of the plugin name to use for the file name
+        :return: A list of errors, if there are no errors the list size will be 0:
+        """
+
+        for event in events:
+            event_file = io.StringIO()
+            event: IssueRecord
+            event_json = json.dumps(event.__dict__)
+            event_file.write(event_json + "\n")
+
+            # Reset the cursor of the file-like object to the start
+            event_file.seek(0)
+            file_name = f"{plugin_name}.json"
+            files = {
+                file_name: (file_name, event_file)
+            }
+            self.send_event(files)
+
+    def send_event(self, event_data: dict) -> dict:
+        """
+        Sends an event to the Sumo Logic HTTP source.
+
+        :param event_data: A dictionary containing the event data
+        :return: A dictionary with the response status and content
+        """
+
+        try:
+            response = requests.post(
+                self.http_source_url,
+                files=event_data
+            )
+            if response.status_code == 200:
+                return {"status": "success", "message": "Event sent successfully."}
+            else:
+                return {
+                    "status": "error",
+                    "message": f"Failed to send event. Status code: {response.status_code}",
+                    "response": response.text
+                }
+        except requests.exceptions.RequestException as e:
+            return {"status": "error", "message": f"An error occurred: {str(e)}"}
+

socketsync/core.py

@@ -260,7 +260,7 @@ def get_reports(self) -> list:
         next_page = None
         while not done:
             results = socket.fullscans.get(org_slug, {"from": int(report_from_time), "page": next_page})
-            if next_page == 1:
+            if next_page == 0:
                 done = True
             next_page = results.get("nextPage")
             if results.get("success") is False: