February 13, 2020
Beta - Collection Health Events allow you to keep track of the health of your Collectors and Sources. You can use them to find and investigate common errors and warnings that are known to cause collection issues. When used in combination with our Enterprise Audit Apps, Health Events provide a proactive monitoring framework, differentiated from our competitors’ reactive solutions, where you need to debug data collection after having suffered data loss or downtime. At present, Health Events provide observability for Collectors and Sources, however it will expand to other areas of our service as development continues. This is available as a closed Beta to Enterprise accounts. To participate contact your Sumo Logic account executive or sign up for an enterprise trial account.
February 12, 2020
New - Lookup autonomous system information for an IP address with the ASN Lookup operator.
February 10, 2020
Update - Webhook alerts now support sending an alert for each result returned from a scheduled search.
February 7, 2020
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. The Sumo Logic App for Global Intelligence for Amazon GuardDuty analyzes GuardDuty threats from the Sumo Logic population to create baselines of threats. These baselines enable you to optimize security posture and remediation based on how unusual your GuardDuty findings are compared to Sumo Logic customers. The App includes pre-configured dashboards and searches with visual displays for global threat baselines and real-time threat detection across your AWS environment.
The Global Intelligence for AWS CloudTrail App enables you to detect potentially malicious configuration changes in your AWS account by comparing AWS CloudTrail events in your account against a cohort of AWS customers. CloudTrail events are curated from AWS penetration tests and operational best practices.
January 13, 2020
Connections and Integrations
New - You can now set up a ServiceNow Incident Webhook connection, and create scheduled searches for the connection. Webhook connections allow you to send Sumo Logic alerts to third-party applications that accept incoming Webhooks.