Skip to main content
Sumo Logic

Service Release Notes

June 5, 2020

Apps

New - We are pleased to announce Global Intelligence for AWS CloudTrail DevOps, which guides infrastructure engineers, on-call staff and DevOps users to accelerate root cause analysis for incidents through error rate and configuration insights benchmarked from our AWS customers for the following AWS services:

  • EC2
  • Lambda
  • Auto Scaling
  • S3
  • ELB
  • RDS
  • DynamoDB
  • ElastiCache
  • Redshift

The benchmarks rely on 15 million data points per week from AWS CloudTrail logs and baseline service availability, throttling, account quota and insufficient capacity/out-of-stock errors in 27 AWS regions by AWS service, API, account, and instance type. The app recommends configuration improvements to key AWS services based on baseline usage such as memory and concurrency settings for AWS Lambda, provisioned IOPS for DynamoDB and min/max sizes of EC2 Auto Scaling groups.

GI CloudTrail DevOps - 01. AWS Service Availability.png

May 21, 2020

Collection

New - We have Extended HTTP Metadata Collection capabilities. HTTP Sources receiving log data can now process headers into metadata fields.

New - Kubernetes Collection 1.0.0 introduces multiple enhancements to the collection process.

  • Standardized and reorganized the configuration options in the values.yaml for clarity and ease of use.
  • Exposed full control of the Fluentd pipeline with values.yaml you to easily extend the collection process. You can fork data to multiple destinations, add custom log sources, and attach additional filters to the Fluentd pipeline.
  • Reduced the default collected metrics to only what the Kubernetes apps require.
  • Split the FluentD Deployment into two StatefulSets, one for logs and one for metrics. This change enables better use of persistent volumes and improved buffering.
  • Falco has been disabled with an upgrade to a more recent version which disables the BitCoin mining rule that affected AWS GuardDuty users. We have also disabled Falco by default while we work through the incompatibilities with certain operating systems.

You can read more about the changes in our migration document.

Since this is a breaking change if you're running earlier versions of collection, we have provided a migration guide and migration script to make it much easier for you to upgrade to this release.

May 20, 2020

Manage

Screen Shot 2020-05-20 at 10.56.10 AM.png
We've made it easier for you to Manage Logs and Metrics settings by removing the generic Settings area. This should help you easily locate which settings you want to manage for Logs or Metrics:

Logs Fields, Field Extraction Rules (FERs), Partitions, Scheduled Views, Data Forwarding
Metrics Metrics Rules, Logs-to-Metrics, Metrics Transformation Rules

May 18, 2020

Security

New - We added a new role capability you can use to control access to the Account Overview page in Sumo Logic. Previously, any Sumo user had view-only access to this page. The new capability is View Account Overview, and your Account Owner, and users with the Admin role now have it. Your Sumo administrator can assign the capability to other users or roles, as desired. Because users without the capability won't be able to see the Account Overview page, where your Organization ID is shown, we’ve updated the Preferences page in the Sumo Logic UI to also display your Organization ID. That way, users who can’t view the Account Overview page can find your Organization ID, useful when dealing with Sumo Support.


If you previously had access to the Account Overview page and need the information it contains, contact your Sumo administrator to obtain access.

May 5, 2020

Collection

Sumo Logic now supports collection from AWS GovCloud regions. AWS GovCloud is a set of specific regions authorized to a FedRAMP-High baseline. GovCloud regions meet higher regulatory and compliance requirements set by government agencies and U.S. customers that manage sensitive data in the cloud. These regions are where users with strict compliance requirements may operate in adherence with ITAR, FedRAMP, and DoD requirements. Users of Sumo Logic can now collect logs and metrics from AWS services and sources running with GovCloud, assuring that customers can continue to meet their regulatory requirements while utilizing Sumo Logic's Operational Intelligence Platform.

While Sumo Logic does provide collection of logs and metrics from GovCloud regions, Sumo Logic does not itself run in AWS GovCloud. Please be aware, collection of data from AWS GovCloud means logs, metrics, and data will be leaving a FedRAMP-high environment. For this reason, we recommend that customers with elevated compliance and regulatory requirements use our FedRamp deployment.

April 30, 2020

Apps

New - The Infrequent Data Tier App provides visibility into the On-demand Search usage and costs associated with Infrequent Data Tier by providing intuitive pre-configured dashboard and searches.Infrequent Data Tiers are an economical, fully managed log analytics solution for high volume, infrequently accessed data. With Infrequent Data Tiers, organizations have a solution that can aggregate, store and analyze verbose sources such as App Debug, CDN, Load Balancer, and other infrequently accessed logs at a dramatically lower price point.

IDT_Data_Scanned_by_Users.png 

Collection

New - Sometimes good things come in threes. That’s true of our Data Tiers—we have added the Infrequent tier to keep the Continuous and Frequent tiers company. (Data Tiers are what we previously called Analytics Tiers.) 

The Infrequent tier is a cost-effective, fully managed log analytics solution for high volume, infrequently accessed data. This tier allows you aggregate, store, and analyze verbose data that you access infrequently, like debug, CDN, and load balancer logs—at a dramatically lower price point, starting at only 10 cents per GB ingested. 

The Infrequent tier is only available only in Enterprise Suite available with Cloud Flex Credits packaging. 

April 17, 2020

Integrations

New - VMware AirWatch Integration with Sumo Logic provides visibility for monitoring enterprise mobility management in your deployment. The unified digital workspace platform simplifies and secures app access and IT management throughout your environment. VMware AirWatch is an enterprise mobility management (EMM) software and standalone management systems for content, applications and email. 

April 13, 2020

Apps

New - The Zoom App provides visibility into how Zoom is being used across your organization, displaying analytics on performance, availability, security, and user activity. The app aggregates and reports on data so you can correlate and investigate trends and respond to incidents across all of your IT tools in a consistent and timely manner. Zoom uses Webhook events, that are documented in full on this Zoom web page.

Zoom_Meeting_Security.png

Update - The Kubernetes App has two new dashboards:

  • The Kubernetes - DPM dashboard provides insights into where Data Points Per Minute (DPMs) originate so you can determine ways to reduce them for optimum performance. Panel analytics show DPMs by collector, namespace, pod, container, and cluster.
  •  The Kubernetes - DPM Timeseries dashboard provides visibility into the number of DPM timeseries and their breakdowns. This, combined with DPM analytics, enables you to determine ways to reduce DPMs for optimum performance.

March 30, 2020

Solutions

New - The Atlassian Solution integrates all of your Atlassian cloud tools to provide real-time DevOps monitoring and troubleshooting capabilities throughout your environment. By leveraging data from multiple Atlassian products, the Sumo Logic Atlassian solution enables development teams to benchmark their performance in minutes against the industry-leading metrics and drill down into actionable insights to continuously improve their software delivery performance.

Sumo Logic Apps for the Atlassian products:

  • Jira Cloud - Provides insights into project management issues to more effectively plan, assign, track, report, and manage work across multiple teams.
  • Jira (Server) - Provides insights into Jira usage, request activity, issues, security, sprint events, and user events.
  • Bitbucket - Provides insights into project management to more effectively plan and manage development and deployments. 
  • Opsgenie - Provides at-a-glance views and detailed analytics for alerts on your DevOps environment.
  • Atlassian - Integrates access to all your Atlassian cloud tools with real-time monitoring capabilities across your environment.

March 27, 2020

Security

New - We've added a new Sumo Logic security policy—Per User Concurrent Sessions Limit—that you can use to limit the number of sessions users can have open at a time. For increased account security you can implement this new policy to help prevent user account sharing.

Update - If you’re a Sumo Logic administrator, check out our new and improved UI for managing users and roles in Sumo Logic. The new UI provides a more streamlined experience with a side  panel for creating and editing users and roles.

new-user.gif  

March 25, 2020

Solutions

New - The Work From Home Solution is a suite of in-depth apps to support businesses transitioning to a remote workforce. This Solution provides visibility and management for your remote workforce with SSO, remote access, endpoint security and productivity SaaS apps to ensure that your employees can work from home productively and safely. Monitor availability, performance, user activity and collaboration, and security across your workforce locations.

March 17, 2020

Metrics

Update - The rate metric operator now supports two new options: increasing and decreasing. These options are useful when you are calculating the rate of change of a counter over time. If you use the increasing option, the operator will consider only those pairs of consecutive points where the second point in the pair is greater than the first point. Similarly, if you use the the decreasing option, the operator will consider only those pairs of consecutive points where the second point in the pair is less than the first point.  

March 10, 2020

Apps

Update - Audit app has added a new Scheduled Search - Triggered Summary dashboard that provides information on scheduled searches that have been triggered, along with details on related alerts and Webhooks.

A_ScheduleSearch_Triggered_Summary.png 

March 3, 2020

Partner Apps

New - Partner App for Alcide kAudit. The Alcide kAudit app automatically analyzes Kubernetes audit logs to detect anomalous behavior of users and service accounts. kAudit automatically detects security-related issues related to Kubernetes' administrative actions, especially anomalous behavior that can only be detected from observing extended context over multiple activities. In addition, kAudit supports Audit rules to detect violations of organization compliance policies regarding Kubernetes usage. Incident forensics, along with audit statistics, are presented in graphical and tabular summaries for easy investigation and analysis.

New - Partner App for ARIA Packet Intelligence app. The ARIA Packet Intelligence app, by ARIA Cybersecurity, creates unsampled NetFlow or IPFIX metadata for every network packet. This allows for the detection of network-borne attacks, incluing ransomware, malware, APTs and intrusions early in the kill chain before significant harm occurs. It provides visualization and profiling of all internal network traffic, within a Sumo Logic environment, to detect possible threats and verify connectivity policies.

March 2, 2020

Metrics

Update - We’ve simplified the configuration options for metric monitors. Previously, the condition for triggering a critical or warning alert was based on a threshold metric value, a time duration, and the percentage of the time duration that metrics were above or below the threshold value. We removed the percentage of time option because we found that customer usage of it was very low.  

February 13, 2020

Collection

Beta - Collection Health Events allow you to keep track of the health of your Collectors and Sources. You can use them to find and investigate common errors and warnings that are known to cause collection issues. When used in combination with our Enterprise Audit Apps, Health Events provide a proactive monitoring framework, differentiated from our competitors’ reactive solutions, where you need to debug data collection after having suffered data loss or downtime. At present, Health Events provide observability for Collectors and Sources, however it will expand to other areas of our service as development continues. This is available as a closed Beta to Enterprise accounts. To participate contact your Sumo Logic account executive or sign up for an enterprise trial account.

February 7, 2020

Apps

New - Global Intelligence for Amazon GuardDuty 

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. The Sumo Logic App for Global Intelligence for Amazon GuardDuty analyzes GuardDuty threats from the Sumo Logic population to create baselines of threats. These baselines enable you to optimize security posture and remediation based on how unusual your GuardDuty findings are compared to Sumo Logic customers. The App includes pre-configured dashboards and searches with visual displays for global threat baselines and real-time threat detection across your AWS environment.

GI_GuardDuty_Global_Baseline.png

New - Global Intelligence for AWS CloudTrail

The Global Intelligence for AWS CloudTrail App enables you to detect potentially malicious configuration changes in your AWS account by comparing AWS CloudTrail events in your account against a cohort of AWS customers. CloudTrail events are curated from AWS penetration tests and operational best practices.

03Tactics_by_Resource_Type.png

January 13, 2020

Connections and Integrations 

New - You can now set up a ServiceNow Incident Webhook connection, and create scheduled searches for the connection. Webhook connections allow you to send Sumo Logic alerts to third-party applications that accept incoming Webhooks.