Skip to main content
Sumo Logic

Service Release Notes

April 18, 2019

Apps

Update - The Cloudflare App now has a Security (Bot Management) dashboard that reliably detects and mitigates bad bots to prevent credential stuffing, spam registration, content scraping, click fraud, inventory hoarding, and other malicious activities.

Cloudflare_Security_Bot_Management.png

April 12, 2019

Apps

Update - The Cisco ASA App now has a Logs and Analytics dashboard with the following panel displays:

  • Count of ASA Logs by LogLevel. Displays the logs by LogLevel and Severity.
  • Count by Severity Code. Displays the logs by Severity Code.
  • Parameterized Search. Log Details with counts.

Cisco_ASA_Logs_Analytics.png

April 9, 2019

Apps

Update - The Azure Web Apps collection procedure has been improved. The Collect Logs for Azure Web Apps process is now similar to Blob Storage Collection. The Azure Web Apps App allows you to collect Azure web server and application diagnostics logs and monitor the health of your Azure Web Apps environment. The App provides preconfigured Dashboards that allow you to monitor server operation and traffic requests and response times.

April 5, 2019

Apps 

Update - The IIS 7 App has dark-theme dashboards. The IIS 7 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. Additionally, you can monitor customer paths and interactions to learn how customers are using your product. The app consists of predefined searches and Dashboards, which provide visibility into your environment for real time or historical analysis.

Overview.png

Update - Microsoft SQL Server App has updated collection scripts and collection configuration instructions. The Microsoft SQL Server App provides insight into your SQL server performance metrics and errors. 

April 1, 2019

Apps

Update - The G Suite App allows you to monitor and analyze activities across all G Suite applications from a single location. Comprehensive dashboards display information on administrative and user activities, Google Drive usage, and logins. Dashboards also provide full visibility into alerts from G Suite Alert Center, allowing you to investigate and correlate alerts and monitor potential threats across all G Suite apps.

GSuite_AlertCenter_Overview.png

March 25, 2019

Apps

New - Enterprise Audit Apps are JSON based to provide for more meaningful audit messages. The Apps generate queries that are compatible with the new Sumo Logic Audit Event Index. The Enterprise Audit Apps do not support the previous version of the Audit Index.

EA_Collector_Sources_Activities.png

March 22, 2019

APIs

Update - The security services of our API framework has been upgraded. API requests with multiple forward slashes (//) will receive a "500 Internal Server Error" response.

Apps

New - The Opsgenie App provides at-a-glance views and detailed analytics for alerts on your DevOps environment, allowing you to effectively monitor and gain valuable insights into your incidents and incident handling operations.

Opsgenie is an incident management platform for operating services that are on 24/7. Opsgenie allows you to plan for service disruptions and stay in control during incidents. Opsgenie centralizes alerts and reliably notifies the correct contacts to ensure timely analysis and efficient action.

OpsGenie_Alert_Breakdown.png

New - The IIS 10 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. This app also provides the ability to monitor customer paths and interactions, so you can analyze how customers are using your product. The app provides predefined searches and Dashboards, that give visibility into your environment for real-time and historical analysis.

IIS 10 App uses IIS version 10 logs. For information on the default log formats used for IIS 10 and IIS 8.5, see Collect logs for the IIS 10 App.

IIS10_Server_Operation_Errors.png

March 15, 2019

Security

New - Cross-origin resource sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. CORS support allows you to restrict Sumo API calls, or to securely allow remote Web to applications to access Sumo Logic, based on request origin. To leverage CORS support, you associate a whitelist of domains with a Sumo access key. For more information, see Access Keys.

March 1, 2019

Apps

New - The Carbon Black App provides a complete security analytics solution by allowing you to correlate, validate and investigate Carbon Black endpoint alerts with alerts from other security vendors and security threat feeds to identify and remediate the root causes of new security threats.

The Sumo Logic App for Carbon Black provides visibility into key endpoint security data from Carbon Black Response and Defense with preconfigured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices, and network status.

  • Carbon Black Response is an incident response and threat hunting solution designed for security operations center (SOC) teams. CB Response continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain.
  • Carbon Black Defense is a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is available through MSSPs or directly as software as a service via Carbon Black’s Predictive Security Cloud (PSC).

CB_Response-Threat-Intelligence.png

Update - The Cylance App now supports the following event and log types:

  • Device (Device Mgmt - Register, Remove, Updates, SystemSecurity)
  • Threat (Threats identified and actioned)
  • ScriptControl (Script Execution control and actions)
  • ExploitAttempt (Memory Protection)
  • Threat Classification (Threat classification by Cylance research team)
  • AuditLog (User Actions performed from Cylance Web Console)
  • DeviceControl (Control external device like USB, storage connected to system under monitoring)
  • AppControl

Cylance_Threat_Classification.png

February 22, 2019

Apps

Update - The Azure Network Watcher App and Azure Blob Storage App have an enhanced collection processes. The Sumo Logic App for Azure Network Watcher leverages Network Security Group (NSG) flow logs to provide real-time visibility and analysis of your Azure Network. The Sumo Logic App for Azure Blob Storage is a Sumo integration that provides a event-based pipeline for shipping monitoring data from Azure Blob Storage to an HTTP source on Sumo Logic.

February 20, 2019

Apps

New - The Neskope App provides visibility into the security posture of your applications and helps you determine the overall usage of software and SaaS applications.

Netskope is a Cloud Access Security Broker (CASB) hosted in the cloud. The Netskope product is primarily used for enforcing security policies for cloud-based resources, such as Box and Microsoft Office 365. Customers purchase a CASB to address cloud service risks, enforce security policies, and comply with regulations, even when cloud services are beyond their perimeter and out of their direct control.

Netskope_Alert_Overview.png

February 13, 2019

APIs

New - User and Role APIs allow administrators to programmatically create and manage users and roles, making it easy to integrate Sumo into existing onboarding/offboarding business workflows.

February 5, 2019

Metrics

New - Metrics now supports Single Value Charts. A single value metric chart is useful for summarizing a time series in a single value, and making that value stand out at a glance. For more information, see Create and Tailor Single Value Metric Charts.

single-value-chart.png

February 4, 2019

Dashboards

New - We've added the following enhancements for editing dashboard charts:

February 1, 2019

Apps

New - The Amazon ElastiCache Redis ULM App is a unified logs and metrics (ULM) App that provides visibility into key event and performance analytics that enables proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics.

AmazonER-ULM_Event-Overview.png


Metrics

Update - Sumo now logs a message to the audit index when it blacklists a metric source or logs-to-metrics rule. For more information, see Blacklisted Metrics Sources and Logs-to-Metrics.

January 29, 2019

Apps

New - The F5 - BIG-IP Local Traffic Manager (LTM) App helps you optimize and secure network traffic patterns coming into your data center using the F5 BIG-IP platform.

F5-BIGIPLTM-Overview.png

January 11, 2019

Apps

Update - An update to the Sumo Logic App for Threat Intel for AWS was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template, as well as AWS CloudTrail Logs and AWS ELB Logs.

Update - An update to the PCI Compliance for Amazon VPC Flow Logs was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template.