Sumo Logic October 2023 Update: What’s New and What’s Changed
Introduction
Hemanth from the Alliance Department here. This time, I would like to share the changes and updates that took place in Sumo Logic during the month of October 2023.
Sumo Logic
A cloud-based log management and analytics software called Sumo Logic which enables businesses to exploit their machine data for useful insights. Sumo Logic's flexible capabilities make log data analysis simple and offer real-time visibility into operational and security insights.
The information below is used as reference, so if you want to check all the latest information, please check from the URL below
Release Notes CSE (Application Update) - October 2, 2023
MITRE ATT&CK® Threat Coverage Explorer
Correlate adversary actions with Rules, Signals, and log sources to find coverage gaps and threats in Sumo Logic's MITRE Explorer. It provides views for Recent Activity, All Community Activity, and Theoretical Coverage and is accessed through the Content Menu. For in-depth insights, use the API, export data in JSON format, and apply filters for tactics, techniques, and sub-techniques.
Release Notes Service - October 2, 2023
Classic Dashboards Deprecation
The ability to create or duplicate Classic Dashboards on the Sumo Logic platform has been discontinued. When opening, existing Classic dashboards will be immediately updated to new versions, allowing users to choose between using the updated dashboard or the classic one. Sumo Logic will stop supporting the viewing of classic dashboards on January 8, 2024. Any dashboards that are still in the classic format will be automatically migrated and removed from the Library.
Release Notes Service - October 4,5,18 2023
New Setup Guides for GCP, AWS and Security Apps
To make it easier for users to connect numerous GCP services to the platform, Sumo Logic has added 37 new setup guides to the App Catalog. In addition, seven new setup guidelines for integrating different security services and 41 new configuration guides for combining various AWS services have been made available. These manuals provide easy-to-follow setups for effective data collection and analysis in Sumo Logic.
[Setup Guides for Google Cloud Platform (GCP) Services (Apps) | Sumo Logic Docs]
[Setup Guides for Amazon Web Service (AWS) (Apps) | Sumo Logic Docs]
[New Setup Guides for Security (Apps) | Sumo Logic Docs]
Release Notes CSE (Content Release) - October 11, 2023
Content Release
The rules mostly related to Microsoft Azure OAUTH Application Registration, NSG, and Key Vault services are included in this content release. This release includes a new rule (FIRST-S00040), which is relevant to CVE-2023-38545 and CVE-2023-38546, to help identify unexpected cURL tool usage by a user that might be related to exploitation of these vulnerabilities.
Release Notes CSE (Application Update) - October 18, 2023
Legacy Signal Forwarding Deprecation
As of July 2022, Cloud SIEM offers improved search capabilities at no additional cost by automatically storing Signals in a standardized sec_signal index for two years. As a result, starting on November 15, 2023, new signals will be routed to the sec_signal index, and the Legacy Signal Forwarding capability will be discontinued. Users who continue to use the legacy feature should update their apps to use the new index, taking note of the content differences between the two.
Release Notes Service - October 25, 2023
Scheduled View ID (Manage)
Scheduled view ID on scheduled view details pane is introduced, which enables faster debugging and improved internal operation efficiency.
For more information about the scheduled view, please refer to this blog. While it is written in Japanese, you can use the translate feature of Google chrome to easily understand the content.
[Scheduled View ID (Manage) | Sumo Logic Docs]
Release Notes Collector - October 26, 2023
Version 19.461-1
After the Windows feature update, the collector start issue was fixed. If the collector is operating as a custom user—that is, a user account other than the default one—this may occur. You must grant the custom user account complete access in order to resolve this issue. When you install or update the collector, you have the option to use the Advanced UI Installer Settings to accomplish this. For information on giving collectors operating as custom users complete access, see Advanced UI Installer Settings.
Release Notes CSE - October 26, 2023
Content Release
The most recent content release includes clean, annotated versions of the Cloud SIEM parser templates for simple customisation. Existing Rules have also undergone a number of revisions, including better descriptions and remedies for particular problems. New parser templates for a variety of data formats, including CEF, CSV, JSON, Key Value Pair, LEEF, Unstructured, Windows XML, and XML, are included in the version.