This is an archive of the 2019 Sumo Logic Service Release Notes. The current Service Release Notes are here.
December 20, 2019 (Collection)
New - Configure logs for VMware vRealize Log Insight and then forward your logs to Sumo Logic. VMware vRealize Log Insight is a log management and analytics tool.
December 10, 2019 (Search)
Update - Relative time range expressions are now supported in URLs that run a search.
December 9, 2019 (Security)
Update - We've improved the authentication process for Sumo users that have multiple accounts. Now, you can seamlessly switch between accounts, either on the same deployment or different deployments, without re-authenticating. For more information, see Multi-Account Access.
December 9, 2019 (Collection)
New - Amazon MSK Prometheus metrics collection page provides instructions for configuring metrics collection for Amazon MSK. As part of Amazon MSK's Open Monitoring, Kafka metrics are exposed to third-party sources for monitoring and troubleshooting MSK clusters.
Beta- Archive lets you forward log data from Installed Collectors to AWS S3 buckets to collect at a later time. If you have logs that you don't need to search immediately, you can archive them for later and ingest them on-demand with hourly granularity. To get started, contact your Sumo account executive or sign up for an enterprise trial account.
The key new components provided are:
AWS Archive bucket a Data Forwarding destination that lets you set up your AWS S3 buckets as archive destinations.
Archive messages that match aProcessing Rule that lets you archive log data with Installed Collector Sources.
AWS S3 Archive aHosted Collector Source allows you to ingest data from an archive destination.
AWS S3 Archive Source to ingest a specific time range of data from your Archive at any time.
December 9, 2019 (Metrics)
New - Content sharing for metric queries is now available. You can save metric queries with the time range, chart, outlier detection, and quantization settings to the Sumo Logic Library. You can export or import a saved metric query, copy it, share it with others, and delete it from the library.
November 20, 2019 (Search)
New - The Field Browser has the following enhancements:
- Nested fields, such as those seen in JSON, are grouped together based on their innate structure that is easy to traverse.
- You can search for fields in the Field Browser, a feature that is especially useful when you have hundreds of fields parsed from messages.
November 8, 2019 (Collection)
Update -- The Sumo Logic Netskope collector has been optimized for better performance and to ensure continuous ingestion throughout the collection process.
November 4, 2019 (Security)
Update - It won't take long to notice we've sped up the Sumo Logic login process.
November 4, 2019 (Apps)
New - The Sumo Logic App for Acquia provides visibility into the key components of the Acquia platform with preconfigured dashboards for Apache, Varnish, PHP, FPM and Drupal. Sumo Logic provides instant visibility across the critical components of the Acquia Platform, helping organizations become more proactive in their site monitoring as well as reducing the mean time to identify and resolve issues.
October 18, 2019 (Apps)
New - The CrowdStrike Falcon App provides visibility into the security posture of your endpoints as analyzed by the CrowdStrike Falcon platform deployed in your network. The app allows you to analyze indicators of compromise (IOCs) by affected users, tactic, technique, and objective, and identify hosts on your network with the highest malware detections. The dashboards in this app help identify malware, from which you can drill down to investigate malicious behavior.
The CrowdStrike Falcon Platform is a cloud-native framework that protects endpoints to stop breaches and improve performance with the robust power of the cloud combined with an intelligent, lightweight agent.
Note: This version of the CrowdStrike Falcon App and its collection process have been tested with SIEM Connector Version 2.1.0+001-siem-release-2.1.0.
New - The Palo Alto Networks 9 App utilizes PANOS 9 new features in predefined dashboards to provide extensive security analytics throughout your Palo Alto Networks environment. New PANOS 9 features include:
- GlobalProtect
- Panorama
- User-ID
- App-ID
- Content Inspection
- DNS Security
Palo Alto Networks 9 provides consistent protection across the data center, perimeter, branch, mobile and cloud networks.
Update - The JFrog Xray App now includes three methods from which you can choose to configure log collection from JFrog Xray:
September 10, 2019 (Apps)
New - The Sumo Logic App for Twistlock provides a comprehensive monitoring and analysis solution for detecting vulnerabilities and potential threats within your Kubernetes and containerized environments. Twistlock is a cloud native cybersecurity platform for hosts, containers, and serverless setups that ensures the protection of all your workloads across any environment.
New - The Sumo Logic App for Istio provides visibility into the health and performance of Istio and its control plane components, including Mixer, Galley, Citadel, Pilot and Envoy. App dashboards also allow you to monitor how services and applications are performing in Istio Mesh, providing insights into service latency, errors, network traffic, and request workloads. Istio reduces the complexity of managing Kubernetes deployments by providing a uniform platform for securing, connecting, and monitoring microservices.
September 10, 2019 (Explore)
Explore provides visual hierarchy of the clusters in your environment that allows you to view and switch between clusters with a single click. Explore, used in conjunction with the Sumo Logic Kubernetes App, allows you to intuitively monitor and troubleshoot issues as they arise.
September 10, 2019 (Metrics)
New - Metrics Transformation Rules allow you control how long raw metrics are retained. You can also aggregate metrics at collection time, improving query performance, and specify a separate retention period for the aggregated metrics.
New - Understand the Kubernetes Metrics that you can collect with our Kubernetes collection and then visualize with Explore.
September 10, 2019 (Logs)
New - Enriching your logs with metadata is now easier and more robust. Log metadata is configured in Sumo as fields consisting of key-value pairs that are tagged to logs during collection.
- Fields are now manageable, you can view fields in use, what features are referencing them, and delete any that are unneeded.
- You can now define fields on Sources and Collectors so they enrich your logs when collected.
- Log data sent to HTTP Sources now support fields passed with the X-Sumo-Fields HTTP header.
- Our AWS Metadata Source now supports tagging log data ingested by Installed Collectors on EC2 instances.
See Data Enrichment using Log Metadata for more details.
September 9, 2019 (Apps)
New - The JFrog Xray app provides visibility into the state of artifacts and components in your JFrog Artifactory repository. The pre-configured dashboards present information about issues detected in your software components in Artifactory, including vulnerable containers, artifacts and components; license and security issues; and top Common Vulnerabilities and Exposures (CVEs).
New - The Sumo Logic App for Kubernetes provides visibility into the worker nodes that comprise a cluster, as well as application logs of the worker nodes. The App is a single-pane-of-glass through which you can monitor and troubleshoot container health, replication, load balancing, pod state and hardware resource allocation. The App utilizes Falco events to monitor and detect anomalous container, application, host, and network activity.
New - The Sumo Logic App for Kubernetes Control Plane manages the master node control plane, including the API server, etcd, kube-system and worker nodes. The App utilizes Falco Kubernetes Audit events to monitor and detect notable or suspicious activity such as creating pods that are privileged, mount sensitive host paths, use host networking, and the like. Seamlessly integrated with the Sumo Logic Kubernetes App, preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.
New - The Sumo Logic App for Amazon EKS Control Plane provides visibility into the EKS control plane with operational insights into the api server, scheduler, control manager, and worker nodes. The app's preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.
New - Sumo Logic App for Azure Kubernetes Service (AKS) Control Plane provides visibility into the AKS control plane with operational insights into the API server, scheduler, control manager, and worker nodes. The app's preconfigured dashboards display resource-related metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets.
New - Sumo Logic App for Google Kubernetes Engine (GKE) Control Plane allows you to monitor resource-related logs and metrics for Kubernetes deployments, clusters, namespaces, pods, containers, and daemonsets. The app provides visibility into the GKE control plane with operational insights into the api server, control manager, and worker nodes. This App works in conjunction with Sumo Logic Kubernetes app, that provides visibility into worker node metrics and application logs.
August 30, 2019 (Apps)
New - The Sumo Logic App for Slack provides monitoring and data analytics for Slack users, channels, access logs for workspaces with free, standard, plus and enterprise plans. The app is focused on public channels only.
Slack is a cloud-based set of software tools and online services that provides for secure collaboration across teams, departments, offices and countries.
August 26, 2019 (Apps)
New - The Sumo Logic App for MongoDB Atlas is now available. The MongoDB Atlas App allows you to monitor database operations, performance KPIs and provides visibility into the security posture of your clusters. with the following dashboard types:
- Operations: Formonitoring database operationsand cluster health
- Performance: For insights into slow queries, database and hardware metrics
- Security: For visibility into user logins, audit events, project and organizational activity, incoming threats, and IOCs.
The MongoDB Atlas App supports MongoDB Version 3.4 and above.
MongoDB Atlas is a global cloud database service designed specifically for cloud-based applications. MongoDB Atlas runs in AWS, Azure, or GCP environments, with guaranteed availability, scalability, and compliance with data security and privacy standards.
August 26, 2019 (Security)
Update - The user interaction for resetting your Sumo Logic password has been simplified. Now, when you click the Forgot your password link, Sumo sends you an email with a link to a page where you can immediately reset your password. You no longer have to log in with a temporary password before resetting your password.
August 19, 2019 (Security)
New - The Sumo Logic app for Cisco Meraki is released. The app provides a single-pane-of-glass for monitoring and troubleshooting network security, end-to-end performance, switch port management, and device management of your Cisco Meraki wireless infrastructure management platform.
August 5, 2019 (Search)
New - You can use the bin operator to sort results in a histogram to easily observe the distribution of your data.
July 29, 2019 (Collection)
Update - To help you keep track of the capacity usage of your ingest budgets we have provided an audit threshold setting. Previously the threshold was fixed at 85% capacity, now it is customizable.
July 12, 2019 (Apps)
Update - The Jenkins App allows you to monitor multiple Jenkins master nodes from a single-pane of glass. This version of the app provides new and updated dashboards, and supports freestyle and pipeline jobs, as well as pipeline, maven and multi-branch pipeline projects.
July 10, 2019 (Security)
Update - We've added the ability to provide descriptions to Service Whitelists to help you identify and manage whitelisted IP addresses.
July 8, 2019 (Metrics)
Update - AWS users take note: you can now use the same AWS metadata tags you use to manage your Amazon resources to control what metrics you ingest to Sumo! We've expanded our support for filtering CloudWatch metrics by AWS tags to most AWS namespaces. You can also use AWS tags in metrics queries. For more information see Amazon CloudWatch Source for Metrics.
June 24, 2019 (Apps)
New - The Sumo Logic Amazon GuardDuty Benchmark App integrates Global Intelligence Service (GIS) with Amazon GuardDuty for continuous machine learning and statistical baselines for KPIs (key performance indicators) and KRIs (key risk indicators). These baselines enable you to optimize security configuration and threat detection on all your AWS accounts. The App includes preconfigured dashboards and searches with visual displays for global threat baselines and real-time threat detection across your AWS environment.
Amazon GuardDuty is an intelligence threat detection service that provides accurate, continuous monitoring to protect AWS accounts and workloads.
June 5, 2019 (Security)
New - The new Enterprise Audit Event Index provides additional events and event information in JSON format. These messages provide more context on the interactions and events occurring within your account allowing administrators an easy way to reconstruct the series of user interactions that led to an object's current state. This new Audit Event Index and the associated Apps are available to any Customer on a Sumo Logic Enterprise Plan.
June 3, 2019 (Apps)
Update - The Enterprise Audit Apps are now Generally Available. The following Enterprise Audit Apps present information on account management activities, user activities, as well as management of library content (searches, dashboards/reports, and folders) for your Sumo Logic account:
- Enterprise Audit - Collector and Data Forwarding Management App presents information on Collector, Sources activities, and data forwarding trends by destination types.
- Enterprise Audit - Content Management App provides information on content activities, such as content that is created, updated, deleted, imported, exported, copied, moved, publicly accessed, made visible to the public, and application installed.
- Enterprise Audit - User & Role Management App provides visibility on user activities such as creating, deleting, and modifying user roles, email account, and password changes. You can also review various user session data.
- Enterprise Audit - Security Management App provides visibility into security posture, such as Access Key Activities, SAML Activities, Password Policy, Multi-Factor Authorization (MFA), and Service WhiteList activities within your Sumo Logic Environment.
June 3, 2019 (Metrics)
Update - Attention metrics users: we've enhanced Sumo Logic data metric ingestion volume logging. Now, you can track the volume of metrics generated by your logs-to-metrics rules, in addition to tracking data points ingested by collector, source, source name, source category, and source host. For more information, see Metrics Data Volume Index.
May 31, 2019 (Metrics)
New - We've released the histogram_quantile operator which calculates the φ-quantile (0 ≤ φ ≤ 1) from the buckets of a Prometheus histogram. It is only for the Prometheus Histogram data type.
May 28, 2019 (Apps)
Update - Box App event collection has been streamlined for ease of use.
May 13, 2019 (UI Navigation)
We've updated tab navigation to help you manage multiple search, metric, and dashboard tabs. The Tab Browser is available from the details icon near the New tab, and your current tab is highlighted to help you get around.
May 2, 2019 (Apps)
New - The Barracuda WAF App analyzes traffic flowing through the Barracuda WAF and provides pre-configured dashboards that allow you to monitor WAF traffic as well to analyze various types of attacks detected both by Barracuda and Sumo Logic's own Threat Intelligence database. The Barracuda Web Application Firewall protects your web, mobile and API applications from being compromised, prevents data breaches, ensure protection from web attacks, provide control access and authentication.
Update - The Apache App has been updated with the following new dashboards as well as performance enhancements:
- Apache - Error Overview Dashboard provides a high-level view of log level breakdowns, comparisons, and trends.
- Apache - Threat Analysis Dashboard provides an at-a-glance view of threats to Apache servers on your network.
- Apache - Outlier Analysis Dashboard provides a high-level view of Apache server outlier metrics for bytes served, number of visitors, and server errors.
April 30, 2019 (Collection)
New - Ingest Budgets allow you to track and control how much data is ingested into your account to avoid overages in environments where data ingestion can spike unexpectedly. See how to control your data flow with Ingest Budgets.
April 30, 2019 (Search)
Update - Right-Click Selected Text. We've changed the click interactions on the Search page based on your feedback. Instead of giving you a list of menu options automatically after you highlight text, you now have to right-click to get menu options.
April 23, 2019 (Apps)
Update --- The AWS Security Hub App has an updated collection process, to collect findings. Sumo Logic provides a serverless solution for creating a CloudWatch events rule and a Lambda function(SecurityHubCollector) to extract findings from AWS Security Hub.
April 18, 2019 (Apps)
Update - The Cloudflare App now has a Security (Bot Management) dashboard that reliably detects and mitigates bad bots to prevent credential stuffing, spam registration, content scraping, click fraud, inventory hoarding, and other malicious activities.
April 12, 2019 (Apps)
Update - The Cisco ASA App now has a Logs and Analytics dashboard with the following panel displays:
- Count of ASA Logs by LogLevel. Displays the logs by LogLevel and Severity.
- Count by Severity Code. Displays the logs by Severity Code.
- Parameterized Search. Log Details with counts.
April 9, 2019 (Apps)
Update - The Azure Web Apps collection procedure has been improved. The Collect Logs for Azure Web Apps process is now similar to Blob Storage Collection. The Azure Web Apps App allows you to collect Azure web server and application diagnostics logs and monitor the health of your Azure Web Apps environment. The App provides preconfigured Dashboards that allow you to monitor server operation and traffic requests and response times.
April 5, 2019 (Apps)
Update - The IIS 7 App has dark-theme dashboards. The IIS 7 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. Additionally, you can monitor customer paths and interactions to learn how customers are using your product. The app consists of predefined searches and Dashboards, which provide visibility into your environment for real time or historical analysis.
Update - Microsoft SQL Server App has updated collection scripts and collection configuration instructions. The Microsoft SQL Server App provides insight into your SQL server performance metrics and errors.
April 1, 2019 (Apps)
Update - The G Suite App allows you to monitor and analyze activities across all G Suite applications from a single location. Comprehensive dashboards display information on administrative and user activities, Google Drive usage, and logins. Dashboards also provide full visibility into alerts from G Suite Alert Center, allowing you to investigate and correlate alerts and monitor potential threats across all G Suite apps.
March 25, 2019 (Apps)
New - Enterprise Audit Apps are JSON based to provide for more meaningful audit messages. The Apps generate queries that are compatible with the new Sumo Logic Audit Event Index. The Enterprise Audit Apps do not support the previous version of the Audit Index. :::Note This feature is in Beta. To participate contact your Sumo account executive. :::
- Enterprise Audit - Collector and Data Forwarding Management App presents information on Collector, Sources activities, and data forwarding trends by destination types.
- Enterprise Audit - Content Management App provides information on content activities, such as content that is created, updated, deleted, imported, exported, copied, moved, publicly accessed, made visible to the public, and application installed.
- Enterprise Audit - User & Role Management App provides visibility on user activities such as creating, deleting, and modifying user roles, email account, and password changes. You can also review various user session data.
- Enterprise Audit - Security Management App provides visibility into security posture, such as Access Key Activities, SAML Activities, Password Policy, Multi-Factor Authorization (MFA), and Service WhiteList activities within your Sumo Logic Environment.
March 22, 2019 (APIs)
Update - The security services of our API framework has been upgraded. API requests with multiple forward slashes (//) will receive a "500 Internal Server Error" response.
March 22, 2019 (Apps)
New - The Opsgenie App provides at-a-glance views and detailed analytics for alerts on your DevOps environment, allowing you to effectively monitor and gain valuable insights into your incidents and incident handling operations.
Opsgenie is an incident management platform for operating services that are on 24/7. Opsgenie allows you to plan for service disruptions and stay in control during incidents. Opsgenie centralizes alerts and reliably notifies the correct contacts to ensure timely analysis and efficient action.
New - The IIS 10 App monitors the performance and reliability of your Microsoft Internet Information Services (IIS) infrastructure, identifying customer-facing and internal operational issues. This app also provides the ability to monitor customer paths and interactions, so you can analyze how customers are using your product. The app provides predefined searches and Dashboards, that give visibility into your environment for real-time and historical analysis.
IIS 10 App uses IIS version 10 logs. For information on the default log formats used for IIS 10 and IIS 8.5, see Collect logs for the IIS 10 App.
March 15, 2019 (Security)
New - Cross-origin resource sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. CORS support allows you to restrict Sumo API calls, or to securely allow remote Web to applications to access Sumo Logic, based on request origin. To leverage CORS support, you associate a whitelist of domains with a Sumo access key. For more information, see Access Keys.
March 1, 2019 (Apps)
New - The Carbon Black App provides a complete security analytics solution by allowing you to correlate, validate and investigate Carbon Black endpoint alerts with alerts from other security vendors and security threat feeds to identify and remediate the root causes of new security threats.
The Sumo Logic App for Carbon Black provides visibility into key endpoint security data from Carbon Black Response and Defense with preconfigured dashboards for alerts, threats intelligence, feeds, sensors, alerts, users, hosts, processes, IOCs, devices, and network status.
Carbon Black Response is an incident response and threat hunting solution designed for security operations center (SOC) teams. CB Response continuously records and stores unfiltered endpoint data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain.
Carbon Black Defense is a next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is available through MSSPs or directly as software as a service via Carbon Black's Predictive Security Cloud (PSC).
Update - The Cylance App now supports the following event and log types:
Device (Device Mgmt - Register, Remove, Updates, SystemSecurity)
Threat (Threats identified and actioned)
ScriptControl (Script Execution control and actions)
ExploitAttempt (Memory Protection)
Threat Classification (Threat classification by Cylance research team)
AuditLog (User Actions performed from Cylance Web Console)
DeviceControl (Control external device like USB, storage connected to system under monitoring)
AppControl
February 22, 2019 (Apps)
Update - The Azure Network Watcher App and Azure Blob Storage App have an enhanced collection processes. The SumoLogic App for Azure Network Watcher leverages Network Security Group (NSG) flow logs to provide real-time visibility and analysis of your Azure Network. The Sumo Logic App for Azure Blob Storage is a Sumo integration that provides a event-based pipeline for shipping monitoring data from Azure Blob Storage to an HTTP source on Sumo Logic.
February 20, 2019 (Apps)
New - The Neskope App provides visibility into the security posture of your applications and helps you determine the overall usage of software and SaaS applications.
Netskope is a Cloud Access Security Broker (CASB) hosted in the cloud. The Netskope product is primarily used for enforcing security policies for cloud-based resources, such as Box and Microsoft Office 365. Customers purchase a CASB to address cloud service risks, enforce security policies, and comply with regulations, even when cloud services are beyond their perimeter and out of their direct control.
February 13, 2019 (APIs)
New - User and Role APIs allow administrators to programmatically create and manage users and roles, making it easy to integrate Sumo into existing onboarding/offboarding business workflows.
February 5, 2019 (Metrics)
New - Metrics now supports Single Value Charts. A single value metric chart is useful for summarizing a time series in a single value, and making that value stand out at a glance. For more information, see Create and Tailor Single Value Metric Charts.
February 4, 2019 (Dashboards)
New - We've added the following enhancements for editing dashboard charts:
- You can now Change the Line Properties of a Chart, using smooth curved lines (splines), adding markers, and choosing the style of marker for your chart.
- You can now Change the Label Size for any chart with an X axis.
February 1, 2019 (Apps)
New - The Amazon ElastiCache Redis ULM App is a unified logs and metrics (ULM) App that provides visibility into key event and performance analytics that enables proactive diagnosis and response to system and environment issues. Use the preconfigured dashboards for at-a-glance analysis of event status trends, locations, successes and failures, as well as system health and performance metrics.
February 1, 2019 (Metrics)
Update - Sumo now logs a message to the audit index when it blacklists a metric source or logs-to-metrics rule. For more information, see Blacklisted Metrics Sources and Logs-to-Metrics.
January 29, 2019 (Apps)
New - The F5 - BIG-IP Local Traffic Manager (LTM) App helps you optimize and secure network traffic patterns coming into your data center using the F5 BIG-IP platform.
January 11, 2019 (Apps)
Update - An update to the Sumo Logic App for Threat Intel for AWS was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template, as well as AWS CloudTrail Logs and AWS ELB Logs.
Update - An update to the PCI Compliance for Amazon VPC Flow Logs was released today. The updated app supports a new collection method. You can now Collect Amazon VPC Flow Logs using AWS S3 source and Amazon VPC Flow Logs using a CloudFormation template.