Skip to main content
Sumo Logic

Service Release Notes

March 27, 2020

Security

New - We've added a new Sumo Logic security policy—Per User Concurrent Sessions Limit—that you can use to limit the number of sessions users can have open at a time. For increased account security you can implement this new policy to help prevent user account sharing.

Update - If you’re a Sumo Logic administrator, check out our new and improved UI for managing users and roles in Sumo Logic. The new UI provides a more streamlined experience with a side  panel for creating and editing users and roles.

new-user.gif  

March 25, 2020

Solutions

New - The Work From Home Solution is a suite of in-depth apps to support businesses transitioning to a remote workforce. This Solution provides visibility and management for your remote workforce with SSO, remote access, endpoint security and productivity SaaS apps to ensure that your employees can work from home productively and safely. Monitor availability, performance, user activity and collaboration, and security across your workforce locations.

March 17, 2020

Metrics

Update - The rate metric operator now supports two new options: increasing and decreasing. These options are useful when you are calculating the rate of change of a counter over time. If you use the increasing option, the operator will consider only those pairs of consecutive points where the second point in the pair is greater than the first point. Similarly, if you use the the decreasing option, the operator will consider only those pairs of consecutive points where the second point in the pair is less than the first point.  

March 10, 2020

Apps

Update - Audit app has added a new Scheduled Search - Triggered Summary dashboard that provides information on scheduled searches that have been triggered, along with details on related alerts and Webhooks.

A_ScheduleSearch_Triggered_Summary.png 

March 3, 2020

Partner Apps

New - Partner App for Alcide kAudit. The Alcide kAudit app automatically analyzes Kubernetes audit logs to detect anomalous behavior of users and service accounts. kAudit automatically detects security-related issues related to Kubernetes' administrative actions, especially anomalous behavior that can only be detected from observing extended context over multiple activities. In addition, kAudit supports Audit rules to detect violations of organization compliance policies regarding Kubernetes usage. Incident forensics, along with audit statistics, are presented in graphical and tabular summaries for easy investigation and analysis.

New - Partner App for ARIA Packet Intelligence app. The ARIA Packet Intelligence app, by ARIA Cybersecurity, creates unsampled NetFlow or IPFIX metadata for every network packet. This allows for the detection of network-borne attacks, incluing ransomware, malware, APTs and intrusions early in the kill chain before significant harm occurs. It provides visualization and profiling of all internal network traffic, within a Sumo Logic environment, to detect possible threats and verify connectivity policies.

March 2, 2020

Metrics

Update - We’ve simplified the configuration options for metric monitors. Previously, the condition for triggering a critical or warning alert was based on a threshold metric value, a time duration, and the percentage of the time duration that metrics were above or below the threshold value. We removed the percentage of time option because we found that customer usage of it was very low.  

February 13, 2020

Collection

Beta - Collection Health Events allow you to keep track of the health of your Collectors and Sources. You can use them to find and investigate common errors and warnings that are known to cause collection issues. When used in combination with our Enterprise Audit Apps, Health Events provide a proactive monitoring framework, differentiated from our competitors’ reactive solutions, where you need to debug data collection after having suffered data loss or downtime. At present, Health Events provide observability for Collectors and Sources, however it will expand to other areas of our service as development continues. This is available as a closed Beta to Enterprise accounts. To participate contact your Sumo Logic account executive or sign up for an enterprise trial account.

February 7, 2020

Apps

New - Global Intelligence for Amazon GuardDuty 

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. The Sumo Logic App for Global Intelligence for Amazon GuardDuty analyzes GuardDuty threats from the Sumo Logic population to create baselines of threats. These baselines enable you to optimize security posture and remediation based on how unusual your GuardDuty findings are compared to Sumo Logic customers. The App includes pre-configured dashboards and searches with visual displays for global threat baselines and real-time threat detection across your AWS environment.

GI_GuardDuty_Global_Baseline.png

New - Global Intelligence for AWS CloudTrail

The Global Intelligence for AWS CloudTrail App enables you to detect potentially malicious configuration changes in your AWS account by comparing AWS CloudTrail events in your account against a cohort of AWS customers. CloudTrail events are curated from AWS penetration tests and operational best practices.

03Tactics_by_Resource_Type.png

January 13, 2020

Connections and Integrations 

New - You can now set up a ServiceNow Incident Webhook connection, and create scheduled searches for the connection. Webhook connections allow you to send Sumo Logic alerts to third-party applications that accept incoming Webhooks.