Sumo Logic October 2023 Update: What’s New and What’s Changed

Sumo Logic October 2023 Update: What’s New and What’s Changed

Clock Icon2023.11.02

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

Introduction

Hemanth from the Alliance Department here. This time, I would like to share the changes and updates that took place in Sumo Logic during the month of October 2023.

Sumo Logic

A cloud-based log management and analytics software called Sumo Logic which enables businesses to exploit their machine data for useful insights. Sumo Logic's flexible capabilities make log data analysis simple and offer real-time visibility into operational and security insights.

The information below is used as reference, so if you want to check all the latest information, please check from the URL below

  • What's new
  • Release Notes Service
  • Release Notes CSE
  • Release Notes SOAR
  • Release Notes Collector
  • Release Notes CSE (Application Update) - October 2, 2023

    MITRE ATT&CK® Threat Coverage Explorer

    Correlate adversary actions with Rules, Signals, and log sources to find coverage gaps and threats in Sumo Logic's MITRE Explorer. It provides views for Recent Activity, All Community Activity, and Theoretical Coverage and is accessed through the Content Menu. For in-depth insights, use the API, export data in JSON format, and apply filters for tactics, techniques, and sub-techniques.

    Release Notes Service - October 2, 2023

    Classic Dashboards Deprecation

    The ability to create or duplicate Classic Dashboards on the Sumo Logic platform has been discontinued. When opening, existing Classic dashboards will be immediately updated to new versions, allowing users to choose between using the updated dashboard or the classic one. Sumo Logic will stop supporting the viewing of classic dashboards on January 8, 2024. Any dashboards that are still in the classic format will be automatically migrated and removed from the Library.

    Release Notes Service - October 4,5,18 2023

    New Setup Guides for GCP, AWS and Security Apps

    To make it easier for users to connect numerous GCP services to the platform, Sumo Logic has added 37 new setup guides to the App Catalog. In addition, seven new setup guidelines for integrating different security services and 41 new configuration guides for combining various AWS services have been made available. These manuals provide easy-to-follow setups for effective data collection and analysis in Sumo Logic.

    [Setup Guides for Google Cloud Platform (GCP) Services (Apps) | Sumo Logic Docs]

    [Setup Guides for Amazon Web Service (AWS) (Apps) | Sumo Logic Docs]

    [New Setup Guides for Security (Apps) | Sumo Logic Docs]

    Release Notes CSE (Content Release) - October 11, 2023

    Content Release

    The rules mostly related to Microsoft Azure OAUTH Application Registration, NSG, and Key Vault services are included in this content release. This release includes a new rule (FIRST-S00040), which is relevant to CVE-2023-38545 and CVE-2023-38546, to help identify unexpected cURL tool usage by a user that might be related to exploitation of these vulnerabilities.

    Release Notes CSE (Application Update) - October 18, 2023

    Legacy Signal Forwarding Deprecation

    As of July 2022, Cloud SIEM offers improved search capabilities at no additional cost by automatically storing Signals in a standardized sec_signal index for two years. As a result, starting on November 15, 2023, new signals will be routed to the sec_signal index, and the Legacy Signal Forwarding capability will be discontinued. Users who continue to use the legacy feature should update their apps to use the new index, taking note of the content differences between the two.

    Release Notes Service - October 25, 2023

    Scheduled View ID (Manage)

    Scheduled view ID on scheduled view details pane is introduced, which enables faster debugging and improved internal operation efficiency.

    For more information about the scheduled view, please refer to this blog. While it is written in Japanese, you can use the translate feature of Google chrome to easily understand the content.

    [Scheduled View ID (Manage) | Sumo Logic Docs]

    Release Notes Collector - October 26, 2023

    Version 19.461-1

    After the Windows feature update, the collector start issue was fixed. If the collector is operating as a custom user—that is, a user account other than the default one—this may occur. You must grant the custom user account complete access in order to resolve this issue. When you install or update the collector, you have the option to use the Advanced UI Installer Settings to accomplish this. For information on giving collectors operating as custom users complete access, see Advanced UI Installer Settings.

    Release Notes CSE - October 26, 2023

    Content Release

    The most recent content release includes clean, annotated versions of the Cloud SIEM parser templates for simple customisation. Existing Rules have also undergone a number of revisions, including better descriptions and remedies for particular problems. New parser templates for a variety of data formats, including CEF, CSV, JSON, Key Value Pair, LEEF, Unstructured, Windows XML, and XML, are included in the version.

    Share this article

    facebook logohatena logotwitter logo

    © Classmethod, Inc. All rights reserved.