Introduction
Hemanth from the Alliance Department here. This time, I would like to share the changes and updates that took place in Sumo Logic during the month of December 2023.
Sumo Logic
Sumo Logic is a leading AI-driven SaaS log analytics platform, unifying application telemetry for Dev, Sec, and Ops teams to make data-driven decisions, ensuring application reliability, security against modern threats, and gaining insights into cloud infrastructures. It simplifies log data analysis, providing real-time visibility into operational and security insights through an open standard approach to data collection with OpenTelemetry.
The information below is used as reference, so if you want to check all the latest information, please check from the URL below
Release Notes CSE(SEIM) (Application Update) - December 6, 2023
Automation Service Enhancements
Containment action types are now supported by the Automation Service, enabling reactions such as firewall blocking and password resets. The "Waiting user interaction" status is displayed by User Choice nodes, which allow playbook pausing for user interactions. All playbooks are now included in the Create New Automation Cloud SIEM dialog, as there was previously a restriction on playbook visibility. More integrations in App Central feature confinement actions. User Choice nodes may cause playbook operations to halt and ask users to make decisions. For complete information on these improvements, consult the Automation Service documentation.
Minor Changes and Enhancements
Entity Groups now support second-level unnormalized attributes (fields.
Bug Fixes
Users faced issues manually changing Entity Criticality. Duplicating a rule resulted in a 500 error for users
Rule Expression Validation
Cloud SIEM Rules that have non-normalized fields or type mismatches may pass validation but fail at execution. It's possible that errors in the way a rule is executed during testing are unclear. For such mismatches, Log Search produces errors and yields no results, but the Rules engine avoids runtime errors. A bug keeps records from being shown in the event that the log search fails, despite recent revisions to the Signal and Insight detail pages intended to simplify multi-signal Rule displays.
Due to identified issues, the Rules Details page now prompts users to check Rule/Tuning Expressions if a log search test encounters errors. Additionally, on Signal and Insight Details pages, all attached records are displayed, even if the log search query fails. Note that fixing rule expressions won't retroactively resolve issues with already generated Signals or Insights; users must manually adjust log search strings using the View in Log Search feature.
Malformed tuning expressions impact linked rules, whether Sumo Logic given or custom-written. In expressions, it is best to use only schema fields. The parsers of Sumo Logic are updated frequently in order to add mappings and expand the schema.
Release Notes CSE(SEIM) (Application Update) - December 14, 2023
Minor changes and enhancements
The Signal and Insight data given by the API endpoints GET /signals/{id} and GET /insights/{id} have a new attribute section added to them. The log search string, start and finish times, and other information in this section to get the records that have been queried for a specific Signal. This is how the stanza appears:
"recordSearchDetails": {
"query": "{string}",
"queryStartTime": "{timestamp}",
"queryEndTime": "{timestamp}"
},
Bug fixes
In the user interface, users came across duplicate schema tags (with an extra "s"). When users attempted to enter comments for insights, the user interface (UI) responded slowly. Furthermore, the user interface did not enforce the rule names' 100-character restriction, showing an unexplained warning for names that were too long.
Release Notes Service - December 18, 2023
The introduction of Auto Discovery feature for OpenTelemetry! This advanced capability effortlessly identifies and recommends optimal monitoring services that align perfectly with the data gathered from the server hosting the collector. For a deeper dive into the possibilities, click here.
16
