The Sumo Logic App for Threat Intel for AWS utilizes AWS logs and VPC Flow Logs.
Configure Collectors and Sources
If you are not already collecting your AWS logs, follow the instructions below to collect data from one or more of these data sources:
VPC Flow Logs can be published to Amazon CloudWatch Logs and Amazon S3. Each method has advantages. Using an AWS S3 source is more reliable, while using a CloudFormation template allows you to customize your logs by adding more information and filtering unwanted data. You can use either of the following methods to collect Amazon VPC Flow Logs: