Install the Sumo Logic App
Now that you have set up collection for Amazon Inspector, install the Sumo Logic App for Amazon Inspector to use the pre-configured Searches and Dashboards that provide visibility into your environment for real-time analysis of overall usage.
To install the app:
Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.
- From the App Catalog, search for and select the app.
- To install the app, click Add to Library and complete the following fields.
- App Name. You can retain the existing name, or enter a name of your choice for the app.
- Data Source. Select either of these options for the data source.
- Choose Source Category, and select a source category from the list.
- Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
- Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
- Click Add to Library.
Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization.
Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.
Amazon Inspector - Overview
Events by Template. Displays events by template in a stacked bar chart for the last seven days.
Top 5 Findings. Displays the top 5 findings in a bar chart for the last seven days.
Finding Severity by InstanceID. Shows the finding severity by InstanceID in a stacked bar chart for the last seven days.
Top 5 Rules Packages by Findings. Provides details on the top 5 Rules Packages by findings in a bar chart for the last seven days.
Finding Severity by Template. Displays the severity of findings by template in a bar chart for the last seven days.
Trend of Findings by RulesPackage. Shows the trend of findings by RulesPackage in a trend line chart on a timeline for the last seven days.
Last Run by Template. Shows the last run by template in a table chart, including details on the template, lastrun, lastevent, and timestamp for the last seven days.
Trend of Findings by Template. Shows the trend of findings by template in a trend line chart on a timeline for the last seven days.
Amazon Inspector - Findings
Finding Severity Over Time. Shows the finding severity over time in a stacked column chart on a timeline for the last seven days.
Outlier Indicator of Non-Information Findings. Displays the indicator of non-informational findings in an outlier chart for the last seven days.
Templates Not Run in a Day. Provides information on templates that have not been run in a day in a table chart, including details on the template, last event, and last event date for the last seven days.
Finding Details. Displays complete finding details in a table chart, including information on the finding title, description, create date, template, run, and finding severity for the last seven days.
Finding Severity by Template and Run. Shows the details of finding severity by template and run in a table chart including information on the template, run, create date, and medium or informational severity for the last seven days.
Persistent Findings. Displays persistent findings in a table chart, including details on the finding title, template, finding severity, and number of runs for the last seven days.