Skip to main content
Sumo Logic

View the GI GuardDuty App Dashboards

This page has instructions for installing the Sumo App for GI GuardDuty and descriptions of each of the app dashboards.

Availability

This feature is available in the following account plans.

Account Type Account Level
CloudFlex Trial, Enterprise
Credits Trial, Enterprise Security, Enterprise Suite

This page provides examples and descriptions for the Sumo Logic App for GI Guard Duty Benchmark.

Dashboard filters  

Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.

GI_GuardDuty_Dashboard_filter.png

Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

GuardDuty_BM_Panel_filter.png

GI GuardDuty - 01. Global Baseline

GI GuardDuty - 01. Global Baseline dashboard provides a high-level baseline of threats across Sumo Logic customers. Panels display graphs for threat and severity distribution, targeted resources, and relative rarity.

Use this dashboard to:

  • Determine if you are being attacked by a particular region or actor around the globe.
  • Assess rare threats found by Amazon GuardDuty in your AWS environment.
  • Analyze threat shares targeted resources and severity.

GI_GuardDuty_Global_Baseline.png

GI GuardDuty - 02. Your Company v. Global Baseline

GI GuardDuty - 02. Your Company v. Global Baseline dashboard compares your AWS environment against all Sumo Logic customers. The threat score (0=LOW RISK, 100=HIGH RISK) is a composite view of risk associated with GuardDuty findings and is impacted by severity, number of findings, deviation from global baseline and rarity of threats within Sumo Logic customers. In addition to the latest score, the trend line panel shows the 7 day trend of the threat score. My Prioritized Action Plan lists the change management actions in order of impact on GuardDuty security posture.

Use this dashboard to:

  • Understand top level threat score and trends.
  • How your company’s GuardDuty findings compare to Sumo Logic customers.
  • How your company’s findings severity compares to Sumo Logic customers.
  • Understand which threats to remediate prioritized based on the greatest impact to threat score. 
  • Review a prioritized action plan for your company.

GI_GuardDuty_Your_Company_v_Baseline.png

GI GuardDuty - 03. Findings Analysis

GI GuardDuty - 03. Findings Analysis dashboard provides a high-level view of threats to your AWS environment. Panels display information on threats by threat purpose, geography, impacted resource type, account, severity and trends. 

Use this dashboard to:

  • Understand the mix of threats in your environment.
  • Identify the source and target of threats in your environment.
  • Review your company's threats by severity and resource type.
  • Review your company's threats by account, security group, EC2 instances, and threat trends.

GI_GuardDuty_Findings_Analysis.png