Skip to main content
Sumo Logic

Service Release Notes

August 5, 2019

Operators

New - You can use the bin operator to sort results in a histogram to easily observe the distribution of your data.

July 29, 2019

Ingestion

Update - To help you keep track of the capacity usage of your ingest budgets we have provided an audit threshold setting. Previously the threshold was fixed at 85% capacity, now it is customizable.

July 12, 2019

Apps

Update - The Jenkins App allows you to monitor multiple Jenkins master nodes from a single-pane of glass. This version of the app provides new and updated dashboards, and supports freestyle and pipeline jobs, as well as pipeline, maven  and multi-branch pipeline projects. 

Jenkins_Audit.png

July 10, 2019

Security

Update - We've added the ability to provide descriptions to Service Whitelists to help you identify and manage whitelisted IP addresses.

IP Whitelist with description.gif

July 8, 2019

Metrics

Update - AWS users take note:  you can now use the same AWS metadata tags you use to manage your Amazon resources to control what metrics you ingest to Sumo!  We've expanded our support for filtering CloudWatch metrics by AWS tags to most AWS namespaces. You can also use AWS tags in metrics queries. For more information see Amazon CloudWatch Source for Metrics

June 24, 2019

Apps

The Sumo Logic Amazon GuardDuty Benchmark App integrates Global Intelligence Service (GIS) with Amazon GuardDuty for continuous machine learning and statistical baselines for KPIs (key performance indicators) and KRIs (key risk indicators). These baselines enable you to optimize security configuration and threat detection on all your AWS accounts. The App includes preconfigured dashboards and searches with visual displays for global threat baselines and real-time threat detection across your AWS environment.

Amazon GuardDuty is an intelligence threat detection service that provides accurate, continuous monitoring to protect AWS accounts and workloads.

GuardDuty_BM_Threat_Overview.png

June 5, 2019

Security

New - The new Enterprise Audit Event Index provides additional events and event information in JSON format. These messages provide more context on the interactions and events occurring within your account allowing administrators an easy way to reconstruct the series of user interactions that led to an object’s current state. This new Audit Event Index and the associated Apps are available to any Customer on a Sumo Logic Enterprise Plan.

June 3, 2019

Apps

Update - The Enterprise Audit Apps are now Generally Available. The following Enterprise Audit Apps present information on account management activities, user activities, as well as management of library content (searches, dashboards/reports, and folders) for your Sumo Logic account:

Metrics

Update - Attention metrics users:  we’ve enhanced Sumo Logic data metric ingestion volume logging. Now, you can track the volume of metrics generated by your logs-to-metrics rules, in addition to tracking data points ingested by collector, source, source name, source category, and source host. For more information, see Metrics Data Volume Index

May 31, 2019

Metrics

New - We've released the histogram_quantile operator which calculates the φ-quantile (0 ≤ φ ≤ 1) from the buckets of a Prometheus histogram. It is only for the Prometheus Histogram data type. 

May 28, 2019

Apps

Update - Box App event collection has been streamlined for ease of use.

May 13, 2019

UI Navigation

We’ve updated tab navigation to help you manage multiple search, metric, and dashboard tabs. The Tab Browser is available from the details icon near the New tab, and your current tab is highlighted to help you get around.

TabBrowsermov.gif

May 2, 2019

Apps

New - The Barracuda WAF App analyzes traffic flowing through the Barracuda WAF and provides pre-configured dashboards that allow you to monitor WAF traffic as well to analyze various types of attacks detected both by Barracuda and Sumo Logic’s own Threat Intelligence database. The Barracuda Web Application Firewall protects your web, mobile and API applications from being compromised, prevents data breaches, ensure protection from web attacks, provide control access and authentication.

BarracudaWAF_Security_Overview.png

Update - The Apache App has been updated with the following new dashboards as well as performance enhancements:

  • Apache - Error Overview Dashboard provides a high-level view of log level breakdowns,  comparisons, and trends. 
  • Apache - Threat Analysis Dashboard provides an at-a-glance view of threats to Apache servers on your network.
  • Apache -  Outlier Analysis Dashboard provides a high-level view of Apache server outlier metrics for bytes served, number of visitors, and server errors. 

Apache_Error_Overview.png

April 30, 2019

Collection

New - Ingest Budgets allow you to track and control how much data is ingested into your account to avoid overages in environments where data ingestion can spike unexpectedly. See how to control your data flow with Ingest Budgets.

Search

Update - Right-Click Selected Text.  We’ve changed the click interactions on the Search page based on your feedback. Instead of giving you a list of menu options automatically after you highlight text, you now have to right-click to get menu options.

Self-Service.gif

April 23, 2019

Apps

Update — The AWS Security Hub App has an updated collection process, to collect findings. Sumo Logic provides a serverless solution for creating a CloudWatch events rule and a Lambda function(SecurityHubCollector) to extract findings from AWS Security Hub.

April 18, 2019

Apps

Update - The Cloudflare App now has a Security (Bot Management) dashboard that reliably detects and mitigates bad bots to prevent credential stuffing, spam registration, content scraping, click fraud, inventory hoarding, and other malicious activities.

Cloudflare_Security_Bot_Management.png

April 12, 2019

Apps

Update - The Cisco ASA App now has a Logs and Analytics dashboard with the following panel displays:

  • Count of ASA Logs by LogLevel. Displays the logs by LogLevel and Severity.
  • Count by Severity Code. Displays the logs by Severity Code.
  • Parameterized Search. Log Details with counts.

Cisco_ASA_Logs_Analytics.png

April 9, 2019

Apps

Update - The Azure Web Apps collection procedure has been improved. The Collect Logs for Azure Web Apps process is now similar to Blob Storage Collection. The Azure Web Apps App allows you to collect Azure web server and application diagnostics logs and monitor the health of your Azure Web Apps environment. The App provides preconfigured Dashboards that allow you to monitor server operation and traffic requests and response times.

April 5, 2019

Apps 

Update - The IIS 7 App has dark-theme dashboards. The IIS 7 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. Additionally, you can monitor customer paths and interactions to learn how customers are using your product. The app consists of predefined searches and Dashboards, which provide visibility into your environment for real time or historical analysis.

Overview.png

Update - Microsoft SQL Server App has updated collection scripts and collection configuration instructions. The Microsoft SQL Server App provides insight into your SQL server performance metrics and errors. 

April 1, 2019

Apps

Update - The G Suite App allows you to monitor and analyze activities across all G Suite applications from a single location. Comprehensive dashboards display information on administrative and user activities, Google Drive usage, and logins. Dashboards also provide full visibility into alerts from G Suite Alert Center, allowing you to investigate and correlate alerts and monitor potential threats across all G Suite apps.

GSuite_AlertCenter_Overview.png

March 25, 2019

Apps

New - Enterprise Audit Apps are JSON based to provide for more meaningful audit messages. The Apps generate queries that are compatible with the new Sumo Logic Audit Event Index. The Enterprise Audit Apps do not support the previous version of the Audit Index.

EA_Collector_Sources_Activities.png

March 22, 2019

APIs

Update - The security services of our API framework has been upgraded. API requests with multiple forward slashes (//) will receive a "500 Internal Server Error" response.

Apps

New - The Opsgenie App provides at-a-glance views and detailed analytics for alerts on your DevOps environment, allowing you to effectively monitor and gain valuable insights into your incidents and incident handling operations.

Opsgenie is an incident management platform for operating services that are on 24/7. Opsgenie allows you to plan for service disruptions and stay in control during incidents. Opsgenie centralizes alerts and reliably notifies the correct contacts to ensure timely analysis and efficient action.

OpsGenie_Alert_Breakdown.png

New - The IIS 10 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. This app also provides the ability to monitor customer paths and interactions, so you can analyze how customers are using your product. The app provides predefined searches and Dashboards, that give visibility into your environment for real-time and historical analysis.

IIS 10 App uses IIS version 10 logs. For information on the default log formats used for IIS 10 and IIS 8.5, see Collect logs for the IIS 10 App.

IIS10_Server_Operation_Errors.png

March 15, 2019

Security

New - Cross-origin resource sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. CORS support allows you to restrict Sumo API calls, or to securely allow remote Web to applications to access Sumo Logic, based on request origin. To leverage CORS support, you associate a whitelist of domains with a Sumo access key. For more information, see Access Keys.

March 1, 2019

Apps

New - The Carbon Black App provides a complete security analytics solution by allowing you to correlate, validate and investigate Carbon Black endpoint alerts with alerts from other security vendors and security threat feeds to identify and remediate the root causes of new security threats.

The Sumo Logic App for Carbon Black provides visibility into key endpoint security data from Carbon Black Response and Defense with preconfigured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices, and network status.

  • Carbon Black Response is an incident response and threat hunting solution designed for security operations center (SOC) teams. CB Response continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain.
  • Carbon Black Defense is a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is available through MSSPs or directly as software as a service via Carbon Black’s Predictive Security Cloud (PSC).

CB_Response-Threat-Intelligence.png

Update - The Cylance App now supports the following event and log types:

  • Device (Device Mgmt - Register, Remove, Updates, SystemSecurity)
  • Threat (Threats identified and actioned)
  • ScriptControl (Script Execution control and actions)
  • ExploitAttempt (Memory Protection)
  • Threat Classification (Threat classification by Cylance research team)
  • AuditLog (User Actions performed from Cylance Web Console)
  • DeviceControl (Control external device like USB, storage connected to system under monitoring)
  • AppControl

Cylance_Threat_Classification.png

February 22, 2019

Apps

Update - The Azure Network Watcher App and Azure Blob Storage App have an enhanced collection processes. The Sumo Logic App for Azure Network Watcher leverages Network Security Group (NSG) flow logs to provide real-time visibility and analysis of your Azure Network. The Sumo Logic App for Azure Blob Storage is a Sumo integration that provides a event-based pipeline for shipping monitoring data from Azure Blob Storage to an HTTP source on Sumo Logic.

February 20, 2019

Apps

New - The Neskope App provides visibility into the security posture of your applications and helps you determine the overall usage of software and SaaS applications.

Netskope is a Cloud Access Security Broker (CASB) hosted in the cloud. The Netskope product is primarily used for enforcing security policies for cloud-based resources, such as Box and Microsoft Office 365. Customers purchase a CASB to address cloud service risks, enforce security policies, and comply with regulations, even when cloud services are beyond their perimeter and out of their direct control.

Netskope_Alert_Overview.png

February 13, 2019

APIs

New - User and Role APIs allow administrators to programmatically create and manage users and roles, making it easy to integrate Sumo into existing onboarding/offboarding business workflows.

February 5, 2019

Metrics

New - Metrics now supports Single Value Charts. A single value metric chart is useful for summarizing a time series in a single value, and making that value stand out at a glance. For more information, see Create and Tailor Single Value Metric Charts.

single-value-chart.png

February 4, 2019

Dashboards

New - We've added the following enhancements for editing dashboard charts:

February 1, 2019

Apps

New - The Amazon ElastiCache Redis ULM App is a unified logs and metrics (ULM) App that provides visibility into key event and performance analytics that enables proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics.

AmazonER-ULM_Event-Overview.png


Metrics

Update - Sumo now logs a message to the audit index when it blacklists a metric source or logs-to-metrics rule. For more information, see Blacklisted Metrics Sources and Logs-to-Metrics.

January 29, 2019

Apps

New - The F5 - BIG-IP Local Traffic Manager (LTM) App helps you optimize and secure network traffic patterns coming into your data center using the F5 BIG-IP platform.

F5-BIGIPLTM-Overview.png

January 11, 2019

Apps

Update - An update to the Sumo Logic App for Threat Intel for AWS was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template, as well as AWS CloudTrail Logs and AWS ELB Logs.

Update - An update to the PCI Compliance for Amazon VPC Flow Logs was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template.