This Python script pulls events from the Banyan API and sends them to SumoLogic as multiline JSON, where you can see them in the Log Viewer. Based on https://github.com/banyansecurity/integrations/tree/master/siem/datadog
It's designed to be run every 10 minutes as an AWS Lambda function.
- Python 3.9 (At least 3.7 is required, but see notes below)
pybanyanmodule- Environment variables set up as below
BANYAN_REFRESH_TOKEN- get one from your Banyan profile page, or generate an API key if using SAML to login to Banyan.BANYAN_API_URL- (optional) defaults tohttps://net.banyanops.comSUMO_WEBHOOK- the webhook URL for your Sumo HTTP source
- The
cryptographyandcffimodules (which come along withpybanyan) are OS specific, so unless you are devloping this on the same OS that Lambda uses, you will have problems with them when you upload to Lambda. - Use the following Pip commands to download the packages specific to the Amazon linux OS, then extract the whl and copy to your distro package. You may end up with v3.9 packages depending on your dev environment, so make sure to set the python interpreter accordingly to match.
pip download cffi --platform manylinux2014_x86_64 --no-deps -d path_to_save_download
pip download cryptography --platform manylinux2014_x86_64 --no-deps -d path_to_save_download