Skip to main content
Sumo Logic

Install the Threat Intel Quick Analysis App and view the Dashboards

When you install the Sumo Logic Threat Intel Quick Analysis App, you can see pre-built Dashboards and sample queries that you can modify.

Install the Sumo Logic App

Now that you have set up collection, install the Sumo Logic App for Threat Intel Quick Analysis to use the preconfigured searches and Dashboards that provide insight into your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. 
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the Source Category from list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

All Dashboards include filters that you can use in Interactive Mode for further analysis of your Threat Intel Quick Analysis data. Because the Threat Intel Quick Analysis has the most bearing on recent threats, most panels are set to the 15 minute time range. You can adjust time ranges as needed.

Threat Intel Quick Analysis - Overview

See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.

Threat Intel Analysis Overview

  • Welcome to the Threat Intel Quick Analysis App. Informational panel to help you find information on optimization and FAQs on working with the Threat Intel database.
  • Number of Log Lines (Events) Scanned for Threats. Count of log lines scanned across all selected sources for the last 15 minutes.  
  • IP Threat Count. Count of threats related to malicious IPs, for the last 15 minutes. 
  • File Name Threat Count. Count of threats related to malicious file names, for the last 15 minutes.  
  • URL Threat Count. Count of threats related to malicious URLs, for the last 15 minutes.  
  • Email Threat Count. Count of threats related to malicious email addresses, for the last 15 minutes.  
  • Domain Threat Count. Count of threats related to malicious domains, for the last 15 minutes.  
  • Threats by Malicious Confidence.  Qualifies all threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.

Threat Intel Quick Analysis - Domain

See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.

  • Threat Count. Count of threats related to malicious domains, for the last 15 minutes.  
  • Threats by Malicious Confidence. Qualifies domain threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.  
  • Threats by Actor. Count of threats related to malicious domains, broken by Actors, for the last 15 minutes. Actors are identified individuals, groups or nation-states associated to threats.
  • Threats by Sources. Count of threats related to malicious domains, broken by Sources, for the last 15 minutes.  
  • Threats Over Time. Trends of domain threats over time for the last 60 minutes.  
  • Threats Over Time by Sources. Trends of domain threats over time, broken by Sources for the last 60 minutes.  
  • Threats Table. Listing of all domain threats, including Malicious Confidence, Actors and Sources.   

Threat Intel Quick Analysis - Email

See the frequency of Email threats by Actor, Log Source, Malicious Confidence, and view trends over time.

  • Threat Count. Count of threats related to malicious emails addresses, for the last 15 minutes.  
  • Threats by Malicious Confidence. Qualifies email address threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.  
  • Threat Breakdown by Sources. Count of threats related to malicious email addresses, broken by Sources, for the last 15 minutes.  
  • Threats Over Time. Trends of email address threats over time for the last 60 minutes.  
  • Threats Over Time by Sources. Trends of email address threats over time, broken by Sources for the last 60 minutes.  
  • Threats by Actor. Count of threats related to malicious email addresses, broken by Actors, for the last 15 minutes. Actors are identified individuals, groups or nation-states associated to threats.
  • Threats Table. Listing of all domain threats, including Malicious Confidence, Actors and Sources. 

Threat Intel Quick Analysis - IP

See the frequency of IP threats by Actor, Log Source, Malicious Confidence, and view trends over time.

  • Threat Count. Count of threats related to malicious IPs, for the last 15 minutes.  
  • Threats by Geo Location. Count of threats related to malicious IPs, broken by geo location, for the last 15 minutes.
  • Threat Breakdown by Sources. Count of threats related to malicious IPs, broken by Sources, for the last 15 minutes.  
  • Threats by Malicious Confidence. Qualifies IP threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.  
  • Threats by Actors. Count of threats related to malicious IPs, broken by Actors, for the last 15 minutes. Actors are identified individuals, groups or nation-states associated to threats.  
  • Threats Over Time. Trends of IP threats over time for the last 60 minutes.  
  • Threats Table. Listing of all IP threats, including Malicious Confidence, Actors and Sources.  
  • Threats Over Time by Sources. Trends of IP threats over time, broken by Sources for the last 60 minutes. 

Threat Intel Quick Analysis - File Name

See the frequency of File Name threats by Actor, Log Source, Malicious Confidence, and view trends over time.

  • Threat Count. Count of threats related to malicious file names, for the last 15 minutes.  
  • Threats by Malicious Confidence. Qualifies file name threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
  • Threats by Source. Count of threats related to malicious file names, broken by Sources, for the last 15 minutes.
  • Threats by Actors. Count of threats related to malicious file names, broken by Actors, for the last 15 minutes. Actors are identified individuals, groups or nation-states associated to threats.
  • Threats Over Time. Trends of file name threats over time for the last 60 minutes.
  • Threats Over Time by Sources. Trends of file name threats over time, broken by Sources for the last 60 minutes.
  • Threats Table. Listing of all file name threats, including Malicious Confidence, Actors and Sources.

Threat Intel Quick Analysis - URL

See the frequency of URL threats by Actor, Log Source, Malicious Confidence, and view trends over time.

  • Threat Count. Count of threats related to malicious URLs, for the last 15 minutes.  
  • Threats by Sources. Count of threats related to malicious URLs, broken by Sources, for the last 15 minutes.
  • Threats by Actors. Count of threats related to malicious URLs, broken by Actors, for the last 15 minutes. Actors are identified individuals, groups or nation-states associated to threats.
  • Threats by Malicious Confidence. Qualifies URLP threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
  • Threats Over Time. Trends of URL threats over time for the last 60 minutes.
  • Threats Over Time by Sources. Trends of URL threats over time, broken by Sources for the last 60 minutes.
  • Threat Table. Listing of threats identified by URL, including information on Malicious Confidence, Actors, Source, and count.

Threat Intel Quick Analysis - Hash 256

See the frequency of Hash 256 threats by Actor, Log Source, Malicious Confidence, and view trends over time.

Threat Intel Hash 256 Dashboard

  • Threat Count. Count of total Hash 256 threats over the last 15 minutes.
  • Threats by Malicious Confidence. Qualifies Hash 256 threats for the last 60 minutes  into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine and displayed as a pie chart.
  • Threat Breakdown by Sources. Pie chart of Hash 256 threats over the last 60 minutes broken down by source.
  • Threats Over Time. Line chart of the number of Hash 256 threats over the last 60 minutes.
  • Threat Breakdown by Source. Line chart of the number of Hash 256 threats over the last 60 minutes, broken down by source.
  • Threats by Actor. Identifies Actors, if any, that can be attributed to Hash 256 threats over the last 15 minutes. Actors are identified individuals, groups or nation-states associated to threats.
  • Threat Table. Aggregation Table of Hash 256 threats over the last 15 minutes.