Skip to main content
Sumo Logic

Lab 5 - Find the "needle in the haystack"

Use LogReduce to efficiently detect more prevalent or rarer security security events from many thousands of log messages.
Explore the functionality of LogReduce, which allows you to distill unique messages from the noise by identifying recurring Signatures in your data.

 

  1. Run LogReduce on your Snort security data to identify unusual activity (i.e. intrusions) in the last 60 minutes.

_sourceCategory=labs/snort

| logreduce

  1. Sort your results by count to identify those that happen only once. Click on the count (1) to view the unusual message. Now click on the host to view surrounding messages to identify the context of the intrusion.

Image of surrounding time selection prompt