Introduction
Hemanth from the Alliance Department here. This time, I would like to share the changes and updates that took place in Sumo Logic during the month of January 2024.
Sumo Logic
Sumo Logic is a leading AI-driven SaaS log analytics platform, unifying application telemetry for Dev, Sec, and Ops teams to make data-driven decisions, ensuring application reliability, security against modern threats, and gaining insights into cloud infrastructures. It simplifies log data analysis, providing real-time visibility into operational and security insights through an open standard approach to data collection with OpenTelemetry.
The information below is used as reference, so if you want to check all the latest information, please check from the URL below
Release Notes Service - January 2, 2024
The Index field is now displayed as metadata at the bottom of each message row, among other metadata. This allows to change the search query by clicking the index name or view the surrounding messages by selecting the dropmenu.
[Index Field (Search) | Sumo Logic Docs]
Release Notes Service - January 11, 2024
The Updated Account Overview page, where you can easily keep an eye on child org consumption data in a single, convenient view. Also learn about the usage and consumption patterns of credit in all child organizations. Navigate to specific accounts with ease for further in-depth examination. Consequently, take advantage of the most recent update for simplified usage management for your company.
[Sumo Orgs - New View for Child Org Usages (Manage) | Sumo Logic Docs]
Release Notes CSE(SEIM) (Content Release) - January 12, 2024
The most recent changes include new log mappers, parsers, and normalization schema metadata in addition to Cloud SIEM rules. In addition, a number of rules have been improved to include more accurate MITRE ATT&CK® method and strategy tags.
Rules
Improved expressions for more precise detections and a reduction in false positives in event matching are one of the updated rules. AWS and Azure activities, DLL loads, suspicious Lambda functions, RAT activities, script executions, process spawning, and modifications to Windows Update Agent DLLs and XSL script processing are just a few of the threat scenarios that are covered by this update.
Log Mappers
New 1Password audit and usage actions, new Zeek DNS and HTTP activities and new Zeek conn activity.
Parsers
New /Parsers/System/1Password/1Password, new /Parsers/System/1PasswordC2C/1PasswordC2C and new /Parsers/System/Zeek/Zeek.
Schema
[New] metadata_sourceBlockId: _blockId of the original log message (from Sumo Logic)
Release Notes Service - January 15, 2024
An update for better efficiency and data collecting has been made to the Active Directory JSON - OpenTelemetry program. The sumo.datasource value changes from Active Directory to Windows, resolving double data ingestion for users with both apps installed. Note: The Active Directory app will not display pre-upgrade data. Update the collection configuration by following the procedures if you're upgrading just the Active Directory app.
1.Open the configuration file located in C:\ProgramData\Sumo Logic\OpenTelemetry Collector\config\conf.d.
2.Update the following attributes:
key: sumo.datasource
value: windows
action: insert
3.Restart the collector by using the following Powershell command Restart-Service -Name OtelcolSumo.
To avoid consuming twice the data, if both apps are installed, remove the Active Directory OTEL YAML configuration. If you merely have Windows - OpenTelemetry installed, nothing needs to be done.
[Active Directory App Update (Apps) | Sumo Logic Docs]
Release Notes Service - January 18, 2024
The release of updated Log Search query visualizations with individually adjustable chart settings. Also experience a cohesive platform with uniform graphing across all Sumo Logic platforms.
[New Visualizations (Search) | Sumo Logic Docs]
Release Notes Service - January 19, 2024
The Cloud Infrastructure Security for AWS is now generally available, providing unified visibility into active threats, security control failures, and suspicious activity across your AWS environment. Key features include risk overviews, active threat detection, misconfiguration alerts, and suspicious activity assessments. Register and turn on AWS Security Hub and Amazon GuardDuty to get started. See technical documentation for instruction on how to get started.
[Cloud Infrastructure Security for AWS (Apps) | Sumo Logic Docs]
Release Notes Collector (Version 19.478-2) - January 25, 2024
Security Fixes
Upgraded collector JRE to Amazon Corretto Version 8.402.06.1, updated Install4j to version 10.0.6 for Linux aarch, and addressed known vulnerabilities by updating org.json:json, org.apache.avro:avro, and bcprov-jdk15on.
Bug Fix
Resolved the Docker Stats Source issue that caused metrics to be missing in specific scenarios.
Release Notes Service - January 30, 2024
Optimized Metrics queries that use aggregations (avg, min, max, total, or count) from the previous day in order to improve performance. These searches can now aggregate data from a greater number of time series and are faster.
[Cloud Infrastructure Security for AWS (Apps) | Sumo Logic Docs]
Release Notes Service - January 31, 2024
Customers using POV Trial plans are now notified by Sumo Logic of the expiration date of their trial term in two UI locations: the Child org table and the details view of the selected organization. The prior automatic downgrade to the Free plan at the conclusion of the 45-day trial period has been replaced by this modification.
[Indicators for POV Trial Period Expiry (Manage) | Sumo Logic Docs]
16
