Sumo Logic December 2023 Update: What’s New and What’s Changed



Hemanth from the Alliance Department here. This time, I would like to share the changes and updates that took place in Sumo Logic during the month of December 2023.

Sumo Logic

Sumo Logic is a leading AI-driven SaaS log analytics platform, unifying application telemetry for Dev, Sec, and Ops teams to make data-driven decisions, ensuring application reliability, security against modern threats, and gaining insights into cloud infrastructures. It simplifies log data analysis, providing real-time visibility into operational and security insights through an open standard approach to data collection with OpenTelemetry.

The information below is used as reference, so if you want to check all the latest information, please check from the URL below

  • What's new
  • Release Notes Service
  • Release Notes CSE
  • Release Notes SOAR
  • Release Notes Collector
  • Release Notes CSE(SEIM) (Application Update) - December 6, 2023

    Automation Service Enhancements

    Containment action types are now supported by the Automation Service, enabling reactions such as firewall blocking and password resets. The "Waiting user interaction" status is displayed by User Choice nodes, which allow playbook pausing for user interactions. All playbooks are now included in the Create New Automation Cloud SIEM dialog, as there was previously a restriction on playbook visibility. More integrations in App Central feature confinement actions. User Choice nodes may cause playbook operations to halt and ask users to make decisions. For complete information on these improvements, consult the Automation Service documentation.

    Minor Changes and Enhancements

    Entity Groups now support second-level unnormalized attributes (fields..). Log Mappings can be enabled or disabled through the PUT /log-mappings/{id}/enabled API endpoint. Sumo Logic-provided Chain Rules now allow overriding the Record Count field.

    Bug Fixes

    Users faced issues manually changing Entity Criticality. Duplicating a rule resulted in a 500 error for users

    Rule Expression Validation

    Cloud SIEM Rules that have non-normalized fields or type mismatches may pass validation but fail at execution. It's possible that errors in the way a rule is executed during testing are unclear. For such mismatches, Log Search produces errors and yields no results, but the Rules engine avoids runtime errors. A bug keeps records from being shown in the event that the log search fails, despite recent revisions to the Signal and Insight detail pages intended to simplify multi-signal Rule displays.

    Due to identified issues, the Rules Details page now prompts users to check Rule/Tuning Expressions if a log search test encounters errors. Additionally, on Signal and Insight Details pages, all attached records are displayed, even if the log search query fails. Note that fixing rule expressions won't retroactively resolve issues with already generated Signals or Insights; users must manually adjust log search strings using the View in Log Search feature.

    Malformed tuning expressions impact linked rules, whether Sumo Logic given or custom-written. In expressions, it is best to use only schema fields. The parsers of Sumo Logic are updated frequently in order to add mappings and expand the schema.

    Release Notes CSE(SEIM) (Application Update) - December 14, 2023

    Minor changes and enhancements

    The Signal and Insight data given by the API endpoints GET /signals/{id} and GET /insights/{id} have a new attribute section added to them. The log search string, start and finish times, and other information in this section to get the records that have been queried for a specific Signal. This is how the stanza appears:

    "recordSearchDetails": { "query": "{string}", "queryStartTime": "{timestamp}", "queryEndTime": "{timestamp}" },

    Bug fixes

    In the user interface, users came across duplicate schema tags (with an extra "s"). When users attempted to enter comments for insights, the user interface (UI) responded slowly. Furthermore, the user interface did not enforce the rule names' 100-character restriction, showing an unexplained warning for names that were too long.

    Release Notes Service - December 18, 2023

    The introduction of Auto Discovery feature for OpenTelemetry! This advanced capability effortlessly identifies and recommends optimal monitoring services that align perfectly with the data gathered from the server hosting the collector. For a deeper dive into the possibilities, click here.

    [Download SAML Metadata XML (Manage) | Sumo Logic Docs]