Skip to main content
Sumo Logic

Install the Threat Intel Quick Analysis App

Install the Sumo Logic Threat Intel Quick Analysis App to see pre-built dashboards and queries you can modify for your reporting needs.

As an administrator, you can install the Threat Intel Quick Analysis App from the Sumo Logic library in just a few minutes.

To install the App:

  1. In the Library, click the App tab.
  2. Select Threat Intel Quick Analysis.
  3. Click Install.
    Threat Intel Quick Analysis Install
  4. In the Install Application dialog box, select Select from _sourceCategory values and choose the Source Category you want to run Threat Intel Quick Analysis on:

    For example: Apache/Access

    Threat Intel Quick Start Standard

    Or, if you want to use more than one data source with the App, select Custom data filter:

    (_sourceCategory= aws* or _sourceCategory= github or _sourceCategory= Apache/Access)
    Threat Intel Quick Analysis Custom Install

    It can be any log sources you choose. The more you choose, the slower your query may become if you don’t take advantage of Field Extraction Rules.  

    Also, If you use * in the custom filter then the App will scan all of your ingested logs for threat, and depending on volume of logs it can impact the performance of the search query and the App.

  5. Click Install.
  6. When the Confirm dialog displays, click Go to navigate to the installed app.

After the Install

Once an app is installed, it will appear in your Personal folder. From here, you can publish it to share it with your organization.

Panels will start and fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps.