Skip to main content
Sumo Logic

Install the AWS Security Hub App and view the Dashboards

This page shows you how to install the Sumo App for AWS, and provides descriptions of each of the app dashboards.

This page provides instructions for installing the Sumo App for AWS, as well as the descriptions of each of the app dashboards. Click a link to jump to a section:

Install the app

Now that you have set up ingested and collected findings for AWS Security Hub, you can install the Sumo Logic App for AWS Security Hub and use the preconfigured searches and Dashboards that provide insight into your data. 

To install the Sumo Logic App for AWS Security Hub, do the following:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboard filters 

Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that narrow search results across the entire dashboard.

AWS_SecurityHub_DashboardFilter.png

Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

AWS_SecurityHub_PanelFilter.png

Overview Dashboard

The AWS Security Hub - Overview Dashboard provides a high-level view of findings results. Panels display data aggregated by the number of providers, findings by provider, total findings, findings in AWS accounts by severity, top recent findings, findings by resource type and severity, most severe findings, and critical findings comparison. Each panel provides the ability to drill down for a more granular view of the data.

Use this dashboard to:

  • Track findings from different finding providers.
  • Get a high-level overview of actionable items from a security perspective.

AWS_SecurityHub_Overview.png

Types Dashboard

The AWS Security Hub - Types Dashboard provides a visual analysis of findings by AWS accounts and types namespace for: category, classifier, timeline, severity distribution, and severity Box Plot. Each panel provides the ability to drill down for a more granular view of the data.

Use this dashboard to:

  • Isolate important security findings based on finding types.
  • Analyze the findings distribution across AWS accounts and their severity.

AWS_SecurityHub_Types.png

Compliance Dashboard

The AWS Security Hub - Compliance Dashboard provides a high-level visual analysis of compliance status, resource failures, AWS account failures, failed events, status timelines, status and severity distribution and finding types. Each panel provides the ability to drill down for a more granular view of the data.

Use this dashboard to:

  • Monitor failing compliance checks.
  • Analyze the distribution of failed compliance checks across AWS accounts, their severity and finding types.

AWS_SecurityHub_Compliance.png

Resources Affected Dashboard

The AWS Security Hub - Resources Affected Dashboard provides a high-level visual analysis of findings by resource type by time interval, top critical resource IDs, AWS account, and the findings details. Each panel provides the ability to drill down for a more granular view of the data.

Use this dashboard to:

  • Discover which critical resources are affected.
  • Analyze how they are distributed across AWS accounts.
  • Filter on Finding Type, Resource Type, Provider, AWS Account, Title, Category, Resource Type with the Finding details panel.

AWS_SecurityHub_ResourcesAffected.png