Security and Threat Detection
Docs for Sumo apps for Security and Threat Detection.
Sumo provides a variety of apps for security products and platforms, from firewalls and endpoint protection to security automation and orchestration. This guide has documentation for those apps.
- Carbon Black
- The Carbon Black App provides comprehensive visibility into the security posture of your endpoints, enabling you to determine the effects of a breach across your environment. The App provides visibility into key endpoint security data with preconfigured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices and network status.
- Cisco ASA
- The Cisco ASA App gives you insight into website visitor patterns, monitors infrastructure operations, and provides easy access to threat monitoring. The App uses a predefined parser, searches, and Dashboards which provide visibility into your environment for analysis of overall usage and threats.
- CloudPassage Halo
- The CloudPassage Halo App enables security operators and administrators to correlate security events across their Halo-managed infrastructure. You can leverage the security visibility provided by CloudPassage's Halo platform with Sumo Logic’s correlation and visualization capabilities to deliver a security reporting and analysis tool.
- CrowdStrike Falcon Platform
- The CrowdStrike Falcon Platform App enables you to analyze CrowdStrike security events by type, status, and detection method. You can use the App to investigate CrowdStrike-specific events and provide operational visibility to team members from pre-configured searches and Dashboards, without logging into the CrowdStrike console.
- Cylance
- The Cylance App enables you to analyze Cylance security events by type, status, and detection method. You can use the App to investigate Cylance-specific events and provide operational visibility to team members without logging into Cylance.
- Duo Security
- The Duo Security App helps you monitor your Duo account’s authentication logs, administrator logs, and telephony logs. Duo provides two-factor authentication, endpoint remediation, and secure single sign-on tools.
- Evident.io Evident Security Platform
- The Evident.io ESP App provides pre-configured searches and Dashboards that allow you to investigate Evident-specific events and provide operational visibility to team members without logging into Evident.io. The Evident.io Evident Security Platform (ESP) streamlines and optimizes vulnerability and risk management.
- F5 - BIG-IP LTM
- The F5 - BIG-IP Local Traffic Manager (LTM) App helps you optimize and secure network traffic patterns coming into your data center using the F5 BIG-IP platform.
- Imperva - Incapsula Web Application Firewall
- The Imperva Incapsula - Web Application Firewall (WAF) App helps you monitor your web application protection service. The preconfigured dashboards provide insights on the threat alerts events on the BOT access control, blocked countries, and user agents.
- Netskope
- The Netskope App created by Sumo Logic provides visibility into security posture for your applications, as well as allowing you to determine the overall usage of software and SaaS applications in your environment. Netskope is a Cloud Access Security Broker (CASB) hosted in the cloud, primarily used to enforce security policies for cloud-based resources.
- Observable Networks
- The Observable Networks App allows you to monitor your Observable Networks deployment from Sumo Logic. The App Overview Dashboard provides insight to high-level data about your network.
- Palo Alto Networks 6
- The Palo Alto Networks 6 App provides four dashboards, giving you several ways to discover threats, consumption, traffic patterns, and other security-driven issues, providing additional insight for investigations.
- Palo Alto Networks 8
- The Palo Alto Networks 8 App gives you visibility into firewall and traps activity, including information about firewall configuration changes, details about rejected and accepted firewall traffic, traffic events that match the Correlation Objects and Security Profiles you have configured in PAN, and events logged by the Traps Endpoint Security Manager.
- Threat Intel Quick Analysis
- The Threat Intel Quick Analysis App correlates CrowdStrike's threat intelligence data with your own log data, providing security analytics that helps you to detect threats in your environment, while also protecting against sophisticated and persistent cyber-attacks. The Threat Intel Quick Analysis App scans selected logs for threats based on IP, URL, domain, Hash 256, and email.
- Trend Micro Deep Security
- The Trend Micro Deep Security App works with system and security events to monitor event history such as anti-malware, IPS, web reputation, firewall, integrity and log inspection events.
- Zscaler Web Security
- The Zscaler Web Security App collects logs from Zscaler with Nanolog Streaming Service (NSS) to populate pre-configured searches and Dashboards. The dashboards provide easy-to-access visual insights into web traffic behaviors, security, user browsing activities, and risk.