Skip to main content
Sumo Logic

Lab 4 - Install the Twistlock App and view the Dashboards

Install the App

This section shows you how to install the Twistlock App. 

To install the Twistlock app, do the following:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. Click App Catalog in the left nav.

    Screen Shot 2019-09-03 at 8.39.50 AM.png
     
  2. Enter Twistlock in the search field, and press Return to show the matching apps.
    We will be selecting the Twistlock app to use our latest dashboards.

    Screen Shot 2019-09-12 at 10.10.56 AM.png
  3. Double-click Twistlock to open its app page, click Add to Library.

    Screen Shot 2019-09-03 at 8.37.26 AM.pngClicking this button isn't the final installation. Instead it will launch a window with a few options for the app.You can name it something else if you want more than one copy of the app in your personal folder, for example. For now, keep the name Twistlock.
     
  4. You can choose a data source or enter a custom data filter. For now, let's choose from our existing data sources. For the Twistlock Log Source, Choose Source Category and pick Labs/Twistlock as the data source. 
     
  5. Click Add to Library in the dialog box to confirm your selection.
    Screen Shot 2019-09-03 at 8.38.23 AM.png

Once an app is installed, it will appear in your Personal folder. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Once the dashboards are loaded we can use them to dig into our Kubernetes and container environments.  

Twistlock - Overview

The Twistlock - Overview dashboard provides an at-a-glance overview of the state of your Kubernetes and container environments, including the number of hosts, containers, audit events, rules triggered, and defender incidents. The panels also display information on a variety of critical vulnerabilities by type, severity, and affected containers.

From this dashboard we can understand which common vulnerabilities and exposures (CVE) have fixes available and use that information to triage and remediate packages by installing the fixes.

twistlock overview dashboard.png

We now see that there are Fixes Available to resolve CVEs. To take a closer look at the fixes we can drill into the Twistlock - CVE Status.

Twistlock - CVE Status

The Twistlock - CVE Status dashboard combines high-level views of common vulnerabilities and exposures (CVE) along with detailed information. Panels display at-a-glance views for host, image, and registry scans, and available fixes.

Here we can see what CVE fixes are available to protect against Host Vulnerabilities. In this example we see that some of our kernel packages are out of date and we should make sure we are prioritize updating the ones marked with a Critical or Important severity.  

twistlock cve status dashboard.png

Quiz (True/False)

  1. Sumo Logic provides access to more than 20 different apps?
  2. Dashboards provide easy-to-access visual insights into your data?