Skip to main content
Sumo Logic

View the Amazon GuardDuty Benchmark App Dashboards

This page provides examples and descriptions of the  Sumo Logic App for Amazon GuardDuty Benchmark dashboards.

availabilityTrialandEnterprise.png

Amazon GuardDuty is an intelligence threat detection service that provides accurate, continuous monitoring to protect AWS accounts and workloads. The Sumo Logic Amazon GuardDuty Benchmark App integrates Sumo Logic Global Intelligence Service (GIS) with Amazon GuardDuty for statistical baselines for KRIs (key risk indicators). These baselines enable you to optimize security configuration and threat detection on all your AWS accounts. The App includes preconfigured dashboards for global threat baselines and threat detection across your AWS environment.

This page provides examples and descriptions for the Sumo Logic App for Amazon Guard Duty Benchmark.

Dashboard filters  

Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.

GuardDuty_BM_Dashboard_filter.png

Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

GuardDuty_BM_Panel_filter.png

1. Amazon GuardDuty Global Baseline

The Amazon GuardDuty Global Baseline dashboard displays a collection of stats averaged over Amazon GuardDuty findings for all Sumo Logic customers over the prior 7 days.

Use this dashboard to:

  • Determine if you are being attacked from a particular region or actor around the globe.
  • Assess rare threats found by Amazon GuardDuty in your AWS environment.
  • Analyze threat shares targeted resource and severity.

GDB_Global_Baseline.png

2. My Company's Amazon GuardDuty Threats

The My Company's Amazon GuardDuty Threats dashboard shows a company's stats for Amazon GuardDuty findings over the specified time interval. This provides detailed and summary for your company's threat mix, threat maps, threat shares, and threat resources.

Use this dashboard to:

  • Determine the number of threats in your AWS account.
  • Determine the geographic origins of threats to your AWS account.
  • Analyze threats by resource type, severity, account ID, and AWS Security Group.

GDB_My_Comany_Amazon_GuardDuty_Threats.png

3. My Company v. Global Baseline: All Threats

The My Company v. Global Baseline: All Threats dashboard compares your company's threat profile, based on Amazon GuardDuty findings, with the average threat profile of Sumo Logic customers.  

Use this dashboard to:

  • Understand how you company differs from other Sumo Logic customers with respect to GuardDuty security findings.
  • View overall threat posture on a 0 (high risk) to 100 (low risk) scale based on scoring your company's threat, their rarity, and severity. 
  • Create an action plan for GuardDuty findings prioritized on their potential to improve GuardDuty posture.
  • Assess trends in GuardDuty posture scores and the reason for changes in security posture over time.
  • Compare the severity mix of your company versus Sumo Logic customers.

GDB_My_Company_v_Global_Baseline_All_Threats.png

4. My Company v. Global Baseline: Rare Threats

The My Company v. Global Baseline: Rare Threats dashboard compares your company against Sumo Logic customers with respect to rare threats, defined as threats that account for less than 0.2% of total GuardDuty findings. 

Use this dashboard to:

  • Understand how you company differs from other Sumo Logic customers with respect to rare GuardDuty security findings.
  • View the total number of rare threats in your environment.
  • Create an action plan for rare GuardDuty findings prioritized on their potential to improve GuardDuty posture.
  • Assess trends in rare GuardDuty findings.

GDB_My_Company_v_Global_Baseline_Rare_Threats.png

5. My Company's Threats: Timeline

The My Company's Threats: Timeline dashboard provides a high-level view of threats in your AWS environment over time. Panels show threats over time, broken down by region, as well as a one day comparison.

Use this dashboard to:

  • Review threat activity in your account over a specified time.  
  • Analyze threats to your account by region.  

GDB_My_Company_Threats_Timeline.png