Introduction
Hemanth from the Alliance Department here. This time, I would like to share the changes and updates that took place in Sumo Logic during the month of November 2023.
Sumo Logic
Sumo Logic is a leading AI-driven SaaS log analytics platform, unifying application telemetry for Dev, Sec, and Ops teams to make data-driven decisions, ensuring application reliability, security against modern threats, and gaining insights into cloud infrastructures. It simplifies log data analysis, providing real-time visibility into operational and security insights through an open standard approach to data collection with OpenTelemetry.
The information below is used as reference, so if you want to check all the latest information, please check from the URL below
Release Notes CSE(SEIM) (Application Update) - November 1, 2023
Multi-record Signals now display all involved records directly in the UI. Queried Records tab is removed; the first record is attached, and others are gathered automatically. Outlier Rule Signals also show all related records, simplifying the user interface. The Automation Service now supports automatic logging of events, such as integration updates and playbook execution, to Sumo Logic Audit Logging indices. In Bug Fixes there were cases, Insights would appear to be open after they had been closed/resolved.
Release Notes Service - November 2, 2023
AWS observability 2.7.0
The 2.7.0 includes out-of-the-box dashboards for Amazon RDS logs (especially MySQL for diagnosing slow queries), Terraform 5.x support, and Lambda function enhancements for CloudWatch log subscriptions and metric streams using Python 3.11 runtime.
[AWS observability 2.7.0 | Sumo Logic Docs]
Release Notes CSE(SEIM) (Content Release) - November 2, 2023
This release brings new support for parsing and mapping Claroty xDome logs in Common Event Format (CEF). Specific log mappers for Claroty xDome alerts, communications events, and vulnerabilities have been added. Additionally, parser templates have been updated, removing unnecessary comments, and new parsers for Claroty xDome in CEF format are now available.
Release Notes Service - November 7, 2023
Time Zone Settings for Monitors (Alerts)
Now you can choose your preferred time zone for alert monitor notifications during setup.
[Time Zone Settings for Monitors (Alerts) | Sumo Logic Docs]
Release Notes Collector (Version 19.467-2) - November 13, 2023
The latest release improves Collector security and stability by incorporating support for security patches and bug fixes.
Security Fixes
The Collector's underlying components, like Java and libraries, have been upgraded to newer versions to fix known security issues (CVEs) and enhance overall security. Specific upgrades include Java Runtime Environment, Apache Commons Compress, Snappy-Java, Bouncy Castle, and Google Tink libraries.
Bug Fixes
This update resolves issues on Windows, addressing both AWS archive temporary files cleanup and general temporary files problems during installation, with a note that a collector restart may be needed after upgrading from a previous version.
Release Notes CSE(SEIM) (Content Release) - November 13, 2023
Rules
The new rule MATCH-S00894 identifies the creation of HAR files, which store session and network data in browsers; users are advised to verify and sanitize these files to protect sensitive information from potential unauthorized access.
Log Mappers
It is possible to now link the client field to the resource in Microsoft Office 365 Exchange Mailbox Audit Events, enhancing mapping for easier interpretation.
Parsers
Updates to Microsoft Office 365 and Windows JSON parsers improve user agent parsing and ensure compatibility with upcoming format changes, addressing event ID issues for better mapping.
Release Notes CSE(SEIM) (Application Update) - November 17, 2023
Links in Rule Description Field
In Rules, you can now include clickable links in description fields using standard markdown syntax, facilitating easier access to documentation or runbooks during security event investigations.
Minor Changes and Enhancements
Wildcards can now be used in Entity Group Value fields, allowing flexible specifications like OU=TCH,OU=PAR,OU=EUR. Update also includes using second-level unnormalized inventory attributes, non-CSE playbooks in Automation, new API endpoints for Log Mappings, Entity listing with pagination, deprecation of JASK forwarding, and UI changes reflecting product name updates without altering URLs or API endpoints.
Bug Fixes
It Addresses issues where users couldn't reuse deleted rule names and where links in the Insights by Status panel weren't properly enabled on the HUD.
Release Notes Service - November 21, 2023
New Partner Apps
New Sumo Logic Partner apps: Dataminr Pulse aids rapid threat detection, while Jamf Protect offers detailed Mac security insights and streamlined investigation for Apple device fleets.
[New Partner Apps (Apps) | Sumo Logic Docs]
Release Notes Service - November 27, 2023
Cloud Infrastructure Security for AWS (Apps)
This App provides a unified view of threats, security control failures, and suspicious activity for comprehensive visibility into your AWS environment's security posture. Key features include a risk overview dashboard and insights into active threats, misconfigurations, and suspicious activity, facilitating informed and actionable security measures.
[Cloud Infrastructure Security for AWS (Apps) | Sumo Logic Docs]
Release Notes - November 28, 2023
Service logs for Monitoring and Troubleshooting for AWS
Exciting enhancements to AWS Observability now include an all-in-one hub for easy access to dashboards, alerts, and performance reports, along with simplified log searches for efficient troubleshooting within your AWS environment.
[logs for Monitoring and Troubleshooting for AWS | Sumo Logic Docs]
Release Notes Service - November 29, 2023
Download SAML Metadata XML (Manage)
You can now download the metadata XML of your SAML configurations in Sumo Logic, making it simple to share setup details with identity provider administrators for an easier SAML configuration process.
16
