Install the Sumo Logic App
Now that you have set up collection for Amazon Inspector, install the Sumo Logic App for Amazon Inspector to use the pre-configured Searches and Dashboards that provide visibility into your environment for real-time analysis of overall usage.
To install the app:
- Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
- Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
- In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
- Select either of these options for the log data source.
- Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
- Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (
- Click Add to Library.
Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.
Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.
Amazon Inspector - Overview
Events by Template. Displays events by template in a stacked bar chart for the last seven days.
Top 5 Findings. Displays the top 5 findings in a bar chart for the last seven days.
Finding Severity by InstanceID. Shows the finding severity by InstanceID in a stacked bar chart for the last seven days.
Top 5 RulesPackages by Findings. Provides details on the top 5 RulesPackages by findings in a bar chart for the last seven days.
Finding Severity by Template. Displays the severity of findings by template in a bar chart for the last seven days.
Trend of Findings by RulesPackage. Shows the trend of findings by RulesPackage in a trend line chart on a timeline for the last seven days.
Last Run by Template. Shows the last run by template in a table chart, including details on the template, lastrun, lastevent, and timestamp for the last seven days.
Trend of Findings by Template. Shows the trend of findings by template in a trend line chart on a timeline for the last seven days.
Amazon Inspector - Findings
Finding Severity Over Time. Shows the finding severity over time in a stacked column chart on a timeline for the last seven days.
Outlier Indicator of Non-Information Findings. Displays the indicator of non-informational findings in an outlier chart for the last seven days.
Templates Not Run in a Day. Provides information on templates that have not been run in a day in a table chart, including details on the template, last event, and last event date for the last seven days.
Finding Details. Displays complete finding details in a table chart, including information on the finding title, description, create date, template, run, and finding severity for the last seven days.
Finding Severity by Template and Run. Shows the details of finding severity by template and run in a table chart including information on the template, run, create date, and medium or informational severity for the last seven days.
Persistent Findings. Displays persistent findings in a table chart, including details on the finding title, template, finding severity, and number of runs for the last seven days.