Skip to main content
Sumo Logic

Service Release Notes

December 9, 2019

Security

Update - We’ve improved the authentication process for Sumo users that have multiple  accounts. Now, you can seamlessly switch between accounts, either on the same deployment or different deployments, without re-authenticating. For more information, see Multi-Account Access

December 2, 2019

Collection for apps

New - Amazon MSK Prometheus metrics collection page provides instructions for configuring metrics collection for Amazon MSK. As part Amazon MSK’s Open Monitoring, Kafka metrics are exposed to third-party sources for monitoring and troubleshooting MSK clusters.

Metrics

New - Content sharing for metric queries is now available. You can save metric queries with the time range, chart, outlier detection, and quantization settings to the Sumo Logic Library. You can export or import a saved metric query, copy it, share it with others, and delete in from the library. 

November 20, 2019

Dashboard

New - The Field Browser has the following enhancements:

  • Nested fields, such as those seen in JSON, are grouped together based on their innate structure that is easy to traverse.
  • You can search for fields in the Field Browser, a feature that is especially useful when you have hundreds of fields parsed from messages.

November 8, 2019

Collection for apps

Update – The Sumo Logic Netskope collector has been optimized for better performance and to ensure continuous ingestion throughout the collection process.

November 4, 2019

Security

Update - It won't take long to notice we've sped up the Sumo Logic login process.

Apps

New - The Sumo Logic App for Acquia provides visibility into the key components of the Acquia platform with preconfigured dashboards for Apache, Varnish, PHP, FPM and Drupal. Sumo Logic provides instant visibility across the critical components of the Acquia Platform, helping organizations become more proactive in their site monitoring as well as reducing the mean time to identify and resolve issues.

Acquia_Overview.png

October 18, 2019

Apps

New - The CrowdStrike Falcon App provides visibility into the security posture of your endpoints as analyzed by the CrowdStrike Falcon platform deployed in your network. The app allows you to analyze indicators of compromise (IOCs) by affected users, tactic, technique, and objective, and identify hosts on your network with the highest malware detections. The dashboards in this app help identify malware, from which you can drill down to investigate malicious behavior.

The CrowdStrike Falcon Platform is a cloud-native framework that protects endpoints to stop breaches and improve performance with the robust power of the cloud combined with an intelligent, lightweight agent.

CSF_Platform_Overview.png

New - The Palo Alto Networks 9 App utilizes PANOS 9 new features in predefined dashboards to provide extensive security analytics throughout your Palo Alto Networks environment. New PANOS 9 features include:

  • GlobalProtect
  • Panorama
  • User-ID
  • App-ID
  • Content Inspection
  • DNS Security

Palo Alto Networks 9 provides consistent protection across the data center, perimeter, branch, mobile and cloud networks. 

PANOS9_Overview.png

Update - The JFrog Xray App now includes three methods from which you can choose to configure log collection from JFrog Xray:

September 10, 2019

Apps

New - The Sumo Logic App for Twistlock provides a comprehensive monitoring and analysis solution for detecting vulnerabilities and potential threats within your Kubernetes and containerized environments. Twistlock is a cloud native cybersecurity platform for hosts, containers, and serverless setups that ensures the protection of all your workloads across any environment.

twistlock scans dashboard.png

New - The Sumo Logic App for Istio  provides visibility into the health and performance of Istio and its control plane components, including Mixer, Galley, Citadel, Pilot and Envoy. App dashboards also allow you to monitor how services and applications are performing in Istio Mesh, providing insights into service latency, errors, network traffic, and request workloads. Istio reduces the complexity of managing Kubernetes deployments by providing a uniform platform for securing, connecting, and monitoring microservices. 

Istio_Apps_and_Services.png

Explore

Explore provides visual hierarchy of the clusters in your environment that allows you to view and switch between clusters with a single click. Explore, used in conjunction with the  Sumo Logic Kubernetes App, allows you to intuitively monitor and troubleshoot issues as they arise.

image5.gif

Metrics

New - Metrics Transformation Rules allow you control how long raw metrics are retained. You can also aggregate metrics at collection time, improving query performance, and specify a separate retention period for the aggregated metrics.

New - Understand the Kubernetes Metrics that you can collect with our Kubernetes collection and then visualize with Explore.

Logs

New - Enriching your logs with metadata is now easier and more robust. Log metadata is configured in Sumo as fields consisting of key-value pairs that are tagged to logs during collection.

  • Fields are now manageable, you can view fields in use, what features are referencing them, and delete any that are unneeded.
  • You can now define fields on Sources and Collectors so they enrich your logs when collected.
  • Log data sent to HTTP Sources now support fields passed with the X-Sumo-Fields HTTP header.
  • Our AWS Metadata Source now supports tagging log data ingested by Installed Collectors on EC2 instances.

See Data Enrichment using Log Metadata for more details.

September 9, 2019

Apps

New - The JFrog Xray app provides visibility into the state of artifacts and components in your JFrog Artifactory repository. The pre-configured dashboards present information about issues detected in your software components in Artifactory, including vulnerable containers, artifacts and components; license and security issues; and top Common Vulnerabilities and Exposures (CVEs).

jfrog-xray-overview.png

New - The Sumo Logic App for Kubernetes provides visibility into the worker nodes that comprise a cluster, as well as application logs of the worker nodes. The App is a single-pane-of-glass through which you can monitor and troubleshoot container health, replication, load balancing, pod state and hardware resource allocation. The App utilizes Falco events to monitor and detect anomalous container, application, host, and network activity.

K8s_Cluster_Overview.png

New - The Sumo Logic App for Kubernetes Control Plane manages the master node control plane, including the API server, etcd, kube-system and worker nodes. The App utilizes Falco Kubernetes Audit events to monitor and detect notable or suspicious activity such as creating pods that are privileged, mount sensitive host paths, use host networking, and the like. Seamlessly integrated with the Sumo Logic Kubernetes App, preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.

K8s_CP_Health_Check.png

New - The Sumo Logic App for Amazon EKS Control Plane provides visibility into the EKS control plane with operational insights into the api server, scheduler, control manager, and worker nodes. The app’s preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.

EKS_API_Server_Audit_Overview.png

New - Sumo Logic App for Azure Kubernetes Service (AKS) Control Plane provides visibility into the AKS control plane with operational insights into the API server, scheduler, control manager, and worker nodes. The app's preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets. 

AKS_Scheduler.png

New - Sumo Logic App for Google Kubernetes Engine (GKE) Control Plane allows you to monitor resource-related logs and metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets. The app provides visibility into the GKE control plane with operational insights into the api server, control manager, and worker nodes. This App works in conjunction with Sumo Logic Kubernetes app, that provides visibility into worker node metrics and application logs.

GKE_Node_Logs.png

August 30, 2019

Apps

New - The Sumo Logic App for Slack provides monitoring and data analytics for Slack users, channels, access logs for workspaces with free, standard, plus and enterprise  plans. The app is focused on public channels only.

Slack is a  cloud-based set of software tools and online services that provides for secure collaboration across teams, departments, offices and countries.

Slack_Overview.png

August 26, 2019

Apps

New - The Sumo Logic App for MongoDB Atlas is now available. The MongoDB Atlas App allows you to monitor database operations, performance KPIs and provides visibility into the security posture of your clusters. with the following dashboard types:  

  • Operations: For monitoring database operations and cluster health
  • Performance: For insights into slow queries, database and hardware metrics
  • Security: For visibility into user logins, audit events, project and organizational activity, incoming threats, and IOCs.

MongoDB Atlas is a global cloud database service designed specifically for cloud-based applications. MongoDB Atlas runs in AWS, Azure, or GCP environments, with guaranteed availability, scalability, and compliance with data security and privacy standards.

MongoDB_Atlas_Overview.png

Security

Update - The user interaction for resetting your Sumo Logic password has been simplified. Now, when you click the Forgot your password link, Sumo sends you an email with a link to a page where you can immediately reset your password. You no longer have to log in with a temporary password before resetting your password.

August 19, 2019

Security and threat detection

New - The Sumo Logic app for Cisco Meraki is released. The app provides a single-pane-of-glass for monitoring and troubleshooting network security, end-to-end performance, switch port management, and device management of your Cisco Meraki wireless infrastructure management platform.


 

August 5, 2019

Operators

New - You can use the bin operator to sort results in a histogram to easily observe the distribution of your data.

July 29, 2019

Ingestion

Update - To help you keep track of the capacity usage of your ingest budgets we have provided an audit threshold setting. Previously the threshold was fixed at 85% capacity, now it is customizable.

July 12, 2019

Apps

Update - The Jenkins App allows you to monitor multiple Jenkins master nodes from a single-pane of glass. This version of the app provides new and updated dashboards, and supports freestyle and pipeline jobs, as well as pipeline, maven  and multi-branch pipeline projects. 

Jenkins_Audit.png

July 10, 2019

Security

Update - We've added the ability to provide descriptions to Service Whitelists to help you identify and manage whitelisted IP addresses.

IP Whitelist with description.gif

July 8, 2019

Metrics

Update - AWS users take note:  you can now use the same AWS metadata tags you use to manage your Amazon resources to control what metrics you ingest to Sumo!  We've expanded our support for filtering CloudWatch metrics by AWS tags to most AWS namespaces. You can also use AWS tags in metrics queries. For more information see Amazon CloudWatch Source for Metrics

June 24, 2019

Apps

New - The Sumo Logic Amazon GuardDuty Benchmark App integrates Global Intelligence Service (GIS) with Amazon GuardDuty for continuous machine learning and statistical baselines for KPIs (key performance indicators) and KRIs (key risk indicators). These baselines enable you to optimize security configuration and threat detection on all your AWS accounts. The App includes preconfigured dashboards and searches with visual displays for global threat baselines and real-time threat detection across your AWS environment.

Amazon GuardDuty is an intelligence threat detection service that provides accurate, continuous monitoring to protect AWS accounts and workloads.

GuardDuty_BM_Threat_Overview.png

June 5, 2019

Security

New - The new Enterprise Audit Event Index provides additional events and event information in JSON format. These messages provide more context on the interactions and events occurring within your account allowing administrators an easy way to reconstruct the series of user interactions that led to an object’s current state. This new Audit Event Index and the associated Apps are available to any Customer on a Sumo Logic Enterprise Plan.

June 3, 2019

Apps

Update - The Enterprise Audit Apps are now Generally Available. The following Enterprise Audit Apps present information on account management activities, user activities, as well as management of library content (searches, dashboards/reports, and folders) for your Sumo Logic account:

Metrics

Update - Attention metrics users:  we’ve enhanced Sumo Logic data metric ingestion volume logging. Now, you can track the volume of metrics generated by your logs-to-metrics rules, in addition to tracking data points ingested by collector, source, source name, source category, and source host. For more information, see Metrics Data Volume Index

May 31, 2019

Metrics

New - We've released the histogram_quantile operator which calculates the φ-quantile (0 ≤ φ ≤ 1) from the buckets of a Prometheus histogram. It is only for the Prometheus Histogram data type. 

May 28, 2019

Apps

Update - Box App event collection has been streamlined for ease of use.

May 13, 2019

UI Navigation

We’ve updated tab navigation to help you manage multiple search, metric, and dashboard tabs. The Tab Browser is available from the details icon near the New tab, and your current tab is highlighted to help you get around.

TabBrowsermov.gif

May 2, 2019

Apps

New - The Barracuda WAF App analyzes traffic flowing through the Barracuda WAF and provides pre-configured dashboards that allow you to monitor WAF traffic as well to analyze various types of attacks detected both by Barracuda and Sumo Logic’s own Threat Intelligence database. The Barracuda Web Application Firewall protects your web, mobile and API applications from being compromised, prevents data breaches, ensure protection from web attacks, provide control access and authentication.

BarracudaWAF_Security_Overview.png

Update - The Apache App has been updated with the following new dashboards as well as performance enhancements:

  • Apache - Error Overview Dashboard provides a high-level view of log level breakdowns,  comparisons, and trends. 
  • Apache - Threat Analysis Dashboard provides an at-a-glance view of threats to Apache servers on your network.
  • Apache -  Outlier Analysis Dashboard provides a high-level view of Apache server outlier metrics for bytes served, number of visitors, and server errors. 

Apache_Error_Overview.png

April 30, 2019

Collection

New - Ingest Budgets allow you to track and control how much data is ingested into your account to avoid overages in environments where data ingestion can spike unexpectedly. See how to control your data flow with Ingest Budgets.

Search

Update - Right-Click Selected Text.  We’ve changed the click interactions on the Search page based on your feedback. Instead of giving you a list of menu options automatically after you highlight text, you now have to right-click to get menu options.

Self-Service.gif

April 23, 2019

Apps

Update — The AWS Security Hub App has an updated collection process, to collect findings. Sumo Logic provides a serverless solution for creating a CloudWatch events rule and a Lambda function(SecurityHubCollector) to extract findings from AWS Security Hub.

April 18, 2019

Apps

Update - The Cloudflare App now has a Security (Bot Management) dashboard that reliably detects and mitigates bad bots to prevent credential stuffing, spam registration, content scraping, click fraud, inventory hoarding, and other malicious activities.

Cloudflare_Security_Bot_Management.png

April 12, 2019

Apps

Update - The Cisco ASA App now has a Logs and Analytics dashboard with the following panel displays:

  • Count of ASA Logs by LogLevel. Displays the logs by LogLevel and Severity.
  • Count by Severity Code. Displays the logs by Severity Code.
  • Parameterized Search. Log Details with counts.

Cisco_ASA_Logs_Analytics.png

April 9, 2019

Apps

Update - The Azure Web Apps collection procedure has been improved. The Collect Logs for Azure Web Apps process is now similar to Blob Storage Collection. The Azure Web Apps App allows you to collect Azure web server and application diagnostics logs and monitor the health of your Azure Web Apps environment. The App provides preconfigured Dashboards that allow you to monitor server operation and traffic requests and response times.

April 5, 2019

Apps 

Update - The IIS 7 App has dark-theme dashboards. The IIS 7 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. Additionally, you can monitor customer paths and interactions to learn how customers are using your product. The app consists of predefined searches and Dashboards, which provide visibility into your environment for real time or historical analysis.

Overview.png

Update - Microsoft SQL Server App has updated collection scripts and collection configuration instructions. The Microsoft SQL Server App provides insight into your SQL server performance metrics and errors. 

April 1, 2019

Apps

Update - The G Suite App allows you to monitor and analyze activities across all G Suite applications from a single location. Comprehensive dashboards display information on administrative and user activities, Google Drive usage, and logins. Dashboards also provide full visibility into alerts from G Suite Alert Center, allowing you to investigate and correlate alerts and monitor potential threats across all G Suite apps.

GSuite_AlertCenter_Overview.png

March 25, 2019

Apps

New - Enterprise Audit Apps are JSON based to provide for more meaningful audit messages. The Apps generate queries that are compatible with the new Sumo Logic Audit Event Index. The Enterprise Audit Apps do not support the previous version of the Audit Index.

EA_Collector_Sources_Activities.png

March 22, 2019

APIs

Update - The security services of our API framework has been upgraded. API requests with multiple forward slashes (//) will receive a "500 Internal Server Error" response.

Apps

New - The Opsgenie App provides at-a-glance views and detailed analytics for alerts on your DevOps environment, allowing you to effectively monitor and gain valuable insights into your incidents and incident handling operations.

Opsgenie is an incident management platform for operating services that are on 24/7. Opsgenie allows you to plan for service disruptions and stay in control during incidents. Opsgenie centralizes alerts and reliably notifies the correct contacts to ensure timely analysis and efficient action.

OpsGenie_Alert_Breakdown.png

New - The IIS 10 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. This app also provides the ability to monitor customer paths and interactions, so you can analyze how customers are using your product. The app provides predefined searches and Dashboards, that give visibility into your environment for real-time and historical analysis.

IIS 10 App uses IIS version 10 logs. For information on the default log formats used for IIS 10 and IIS 8.5, see Collect logs for the IIS 10 App.

IIS10_Server_Operation_Errors.png

March 15, 2019

Security

New - Cross-origin resource sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. CORS support allows you to restrict Sumo API calls, or to securely allow remote Web to applications to access Sumo Logic, based on request origin. To leverage CORS support, you associate a whitelist of domains with a Sumo access key. For more information, see Access Keys.

March 1, 2019

Apps

New - The Carbon Black App provides a complete security analytics solution by allowing you to correlate, validate and investigate Carbon Black endpoint alerts with alerts from other security vendors and security threat feeds to identify and remediate the root causes of new security threats.

The Sumo Logic App for Carbon Black provides visibility into key endpoint security data from Carbon Black Response and Defense with preconfigured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices, and network status.

  • Carbon Black Response is an incident response and threat hunting solution designed for security operations center (SOC) teams. CB Response continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain.
  • Carbon Black Defense is a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is available through MSSPs or directly as software as a service via Carbon Black’s Predictive Security Cloud (PSC).

CB_Response-Threat-Intelligence.png

Update - The Cylance App now supports the following event and log types:

  • Device (Device Mgmt - Register, Remove, Updates, SystemSecurity)
  • Threat (Threats identified and actioned)
  • ScriptControl (Script Execution control and actions)
  • ExploitAttempt (Memory Protection)
  • Threat Classification (Threat classification by Cylance research team)
  • AuditLog (User Actions performed from Cylance Web Console)
  • DeviceControl (Control external device like USB, storage connected to system under monitoring)
  • AppControl

Cylance_Threat_Classification.png

February 22, 2019

Apps

Update - The Azure Network Watcher App and Azure Blob Storage App have an enhanced collection processes. The Sumo Logic App for Azure Network Watcher leverages Network Security Group (NSG) flow logs to provide real-time visibility and analysis of your Azure Network. The Sumo Logic App for Azure Blob Storage is a Sumo integration that provides a event-based pipeline for shipping monitoring data from Azure Blob Storage to an HTTP source on Sumo Logic.

February 20, 2019

Apps

New - The Neskope App provides visibility into the security posture of your applications and helps you determine the overall usage of software and SaaS applications.

Netskope is a Cloud Access Security Broker (CASB) hosted in the cloud. The Netskope product is primarily used for enforcing security policies for cloud-based resources, such as Box and Microsoft Office 365. Customers purchase a CASB to address cloud service risks, enforce security policies, and comply with regulations, even when cloud services are beyond their perimeter and out of their direct control.

Netskope_Alert_Overview.png

February 13, 2019

APIs

New - User and Role APIs allow administrators to programmatically create and manage users and roles, making it easy to integrate Sumo into existing onboarding/offboarding business workflows.

February 5, 2019

Metrics

New - Metrics now supports Single Value Charts. A single value metric chart is useful for summarizing a time series in a single value, and making that value stand out at a glance. For more information, see Create and Tailor Single Value Metric Charts.

single-value-chart.png

February 4, 2019

Dashboards

New - We've added the following enhancements for editing dashboard charts:

February 1, 2019

Apps

New - The Amazon ElastiCache Redis ULM App is a unified logs and metrics (ULM) App that provides visibility into key event and performance analytics that enables proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics.

AmazonER-ULM_Event-Overview.png


Metrics

Update - Sumo now logs a message to the audit index when it blacklists a metric source or logs-to-metrics rule. For more information, see Blacklisted Metrics Sources and Logs-to-Metrics.

January 29, 2019

Apps

New - The F5 - BIG-IP Local Traffic Manager (LTM) App helps you optimize and secure network traffic patterns coming into your data center using the F5 BIG-IP platform.

F5-BIGIPLTM-Overview.png

January 11, 2019

Apps

Update - An update to the Sumo Logic App for Threat Intel for AWS was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template, as well as AWS CloudTrail Logs and AWS ELB Logs.

Update - An update to the PCI Compliance for Amazon VPC Flow Logs was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template.