Skip to main content
Sumo Logic

Lab 4 - Using Simple Operators in AWS Security Use Cases

Learn how analyze AWS data to detect when there has been unauthorized root account usage, monitor security groups, and logins from two different IP addresses.
Community Post: Security-Related Queries for AWS


  1. From the Learn tab in Sumo Logic, select Community > Query Library and go to a post titled "Security-related Queries for AWS".  You can run one that interests you, or all 3 queries in this post. Keep in mind that obtaining no results in these queries is not a bad thing. This means you do not have and security issues/breaches/potential issues in your data.

    • Lab 4A: Monitor AWS Root Account Usage

    • Lab 4B: Monitor Security Groups created with "Ingress Any" privileges

    • Lab 4C: Monitor a User's login from two different IP addresses


For Lab 4C, use the geo lookup operator to map locations of the IP addresses.