Skip to main content
Sumo Logic

Install the Amazon Inspector App and View the Dashboards

Install the Amazon Inspector app.

This topic provides instructions for installing the Sumo Logic app for Amazon Inspector, and describes the app dashboards. 

Install the app

Once you've set up ingestion of findings from AWS Security Hub, you can install the Sumo Logic app for Amazon Inspector and use the pre-configured searches and Dashboards. 

To install the Sumo Logic App for Amazon Inspector

  1. From the App Catalog, search for and select the app. 
  2. You're prompt to select an application version. Select Amazon Inspector, and click Add to Library.
  3. To install the app, complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom data filter. 

    2. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or another folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboard filters 

The dashboard has a set of filters that you can apply to the entire dashboard. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that narrow search results across the entire dashboard. You can filter by AWS account ID, finding ID, finding type, normalized severity, and title.

inspector-app-filters.png

Amazon Inspector - Overview dashboard

The dashboard provides an overview of Security Hub findings broken down by severity.

inspector-app-overview.png

Findings Summary

The top panel of the dashboard presents:

  • All Findings. The count of total security findings during the last 24 hours by default, or during the currently selected time range.  
  • Findings by Severity. A stacked line chart showing the count of findings by severity, during the last 24 hours by default, or during the currently selected time range.
  • Last 20 Findings. A table detailing the 20 most recent findings. 

Critical, high, medium, low severity findings

The other panels on the dashboard, for Critical, High, Medium, and Low Severity findings, have similar content. The only difference is they each are filtered by the listed severity level.

  • Severity Findings. The count of findings at this severity during the last 24 hours by default, or during the currently selected time range.  
  • Severity Outliers. Shows the trending volume of findings at this severity level during the last 24 hours by default, or during the currently selected time range. The gray shaded area corresponds to 3 standard deviations of the past 10 mean values. Pink triangles show values that exceed that threshold and are likely points of investigation considering the large change in volume of findings.
  • Last 20 Severity Findings. A table detailing the 20 most recent findings at this severity level.