You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We’re pleased to announce a new method for downloading the latest version of our OpenTelemetry collectors for Linux, macOS, and Windows. While the static URL method is still available, you now have the option to use a CDN URL via UI for better performance.
11
+
12
+
:::info
13
+
This change does not affect the UI itself. The download process looks the same, but the underlying URL now uses a CDN to improve reliability and speed.
Sumo Logic has introduced a change to the way group-to-role mapping is handled when performing on-demand role provisioning during SAML authentication. Previously, all groups included in a SAML assertion were validated against roles in Sumo Logic. Going forward, only the groups that match existing roles in Sumo Logic will be applied to the authenticating user. Any non-matching groups will be ignored. Only if no roles match with the groups passed in the assertion will an authentication fail.
13
+
14
+
For more information about SAML configuration for roles provisioning, see [Configure on-demand roles provisioning](/docs/manage/security/saml/set-up-saml/#configure-on-demand-roles-provisioning).
Copy file name to clipboardExpand all lines: docs/apm/traces/search-query-language-support-for-traces.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,6 +35,8 @@ To search your tracing data do the following:
35
35
36
36
A Keyword Search Expression defines the scope of data for the query. You need to specify `_index=_trace_spans` in the scope to reference your trace data.
37
37
38
+
Keyword searching is supported for tracing indexes across all fields, unlike other indexes where only the `_raw` field is searched.
39
+
38
40
#### _any option
39
41
40
42
In scenarios where users are not familiar with the schema and would like to search across all the fields, `_any` modifier provides a means to search for a specified value from all of the Ingest Time Fields in your data. For example, to search for data with any field that has a value of success you would put `_any=success` in the scope of your query.
Copy file name to clipboardExpand all lines: docs/cse/records-signals-entities-insights/search-cse-records-in-sumo.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -162,6 +162,8 @@ You can search Cloud SIEM fields by keyword, for example:
162
162
163
163
`_index=sec_record_authentication kerberos`
164
164
165
+
Keyword searching is supported for security indexes across all fields, unlike other indexes where only the `_raw` field is searched.
166
+
165
167
### Referencing nested JSON fields
166
168
167
169
The **Security Record Details** field contains a JSON object with all of the fields from the underlying record or signal. Some of the data is nested in one or more sub-objects, like the `fields` object for record., shown expanded in the screenshot below. The fields object contains the contents of the [fields](/docs/cse/schema/schema-attributes) field in the underlying record, which is all of the unnormalized data from the original log message before it was normalized to the Cloud SIEM schema.
Copy file name to clipboardExpand all lines: docs/get-started/ai-machine-learning.md
+24-9Lines changed: 24 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,6 +16,16 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
16
16
17
17
In this document, you'll learn about Sumo Logic features that leverage artificial intelligence (AI), machine learning (ML), and pattern recognition to support cloud security management, mitigate risks, reduce manual workloads for your team, and streamline incident response and resolution.
18
18
19
+
## What’s new: Dojo AI for the SOC
20
+
21
+
Sumo Logic Dojo AI is our agentic AI platform for security teams. It brings specialized agents that reduce manual triage, summarize investigations at the insight level, and help analysts move from reactive to proactive workflows. Dojo AI is built and deployed on AWS and focuses on governed, context-first automation designed for enterprise SOCs.
22
+
23
+
***Query Agent**. Translate plain-language questions into efficient Sumo queries to speed exploration and scoping. Works hand in hand with Mobot to improve query quality and outcomes.
24
+
***Summary Agent**. Generate clear, insight-level summaries that help teams understand incidents faster and respond with confidence. Available in Cloud SIEM.
25
+
***Availability**. Dojo AI is available through Sumo Logic and in AWS Marketplace.
26
+
27
+
For more information, see: [Sumo Logic brings agentic AI into the enterprise security stack with the launch of Dojo AI on Amazon Web Services](https://www.sumologic.com/newsroom/sumo-logic-brings-agentic-ai-into-enterprise-security-stack-with-launch-of-dojo-ai-on-amazon-web-services).
28
+
19
29
<details>
20
30
<summary>What do these terms mean?</summary>
21
31
@@ -43,7 +53,7 @@ Through comprehensive discovery, monitoring, diagnosis, recovery, and prevention
43
53
44
54
### Mobot
45
55
46
-
Mobot is our AI-based assistant designed that simplifies log analysis by allowing you to ask questions in plain English and provides search suggestions without the need to write log queries. Through plain English queries and automatic log query generation, Mobot simplifies the investigation process, allowing even users without extensive log analysis expertise to pinpoint anomalies and potential threats efficiently.
56
+
Mobot is our AI-based assistant designed that simplifies log analysis by allowing you to ask questions in plain language and provides search suggestions without the need to write log queries. Through plain language queries and automatic log query generation, Mobot simplifies the investigation process, allowing even users without extensive log analysis expertise to pinpoint anomalies and potential threats efficiently.
47
57
48
58
With Mobot, you can effortlessly investigate complex issues without writing intricate log queries manually. Its intuitive interface guides users through each step of the investigation, refining queries based on AI prompts and feedback. This streamlined approach accelerates the identification of security threats, empowering users to make informed decisions rapidly and proactively detect potential risks. [Learn more](/docs/search/mobot).
49
59
@@ -81,11 +91,20 @@ Sumo Logic offers seamless integrations with various AI-driven platforms to enab
81
91
82
92
Our Sumo Logic AI for Security functionality empowers SOC analysts and threat hunters to effectively safeguard their technology stack against evolving threats. By integrating advanced tools for discovery, detection, investigation, response, and protection, we minimize dwell time, reduce false positives, accelerate incident resolution, and proactively prevent future incidents, ensuring robust security and resilience for your cloud, container, and on-prem resources.
83
93
94
+
### Dojo AI (agentic AI for the SOC)
95
+
96
+
Dojo AI brings governed, specialized agents into daily SOC workflows so you can cut manual triage, accelerate query-to-answer steps, and get consistent, insight-level investigation summaries. Built and deployed on AWS, Dojo AI focuses on measurable gains in accuracy and response time with a human in the loop.
97
+
98
+
***Query Agent**. Ask questions in plain language and get optimized Sumo Logic queries that speed data exploration.
99
+
***Summary Agent**. See AI-generated summaries on insights in Cloud SIEM to understand incidents faster.
100
+
***Get it**. Available from Sumo Logic and in AWS Marketplace.
101
+
84
102
### Cloud SIEM
85
103
86
104
#### Insight summary
87
105
88
-
Sumo Logic's Dojo AI Summary Agent, an agentic AI tool, generates a synopsis for each insight that describes the threat incidents that led to its creation. This helps security teams understand incidents faster and accelerate response time. [Learn more](/docs/cse/get-started-with-cloud-siem/insight-summary/).
106
+
Sumo Logic's Dojo AI **Summary** Agent, an agentic AI tool, generates a synopsis for each insight that describes the threat incidents that led to its creation. This helps security teams understand incidents faster and accelerate response time. [Learn more](/docs/cse/get-started-with-cloud-siem/insight-summary/).
107
+
89
108
90
109
#### Rules
91
110
@@ -102,15 +121,11 @@ Our Global Intelligence Service apps provide security teams with valuable real-t
102
121
## Additional resources
103
122
104
123
* Guide: [Understanding artificial intelligence for log analytics](https://www.sumologic.com/guides/machine-data-analytics)
105
-
* Blogs:
124
+
* Blogs:
125
+
*[Welcome to Dojo AI: Where AI agents strengthen your SOC](https://www.sumologic.com/blog/welcome-dojo-ai-agents-soc)
106
126
*[What are the differences between artificial intelligence, machine learning, deep learning and generative AI?](https://www.sumologic.com/blog/machine-learning-deep-learning)
107
127
*[DevSecOps in an AI world requires disruptive log economics](https://www.sumologic.com/blog/devsecops-ai-disruptive-log-economics)
108
128
*[Generative AI: The latest example of systems of insight](https://www.sumologic.com/blog/generative-ai-latest-example-systems-of-insight)
109
129
*[Harnessing the power of artificial intelligence in log analytics](https://www.sumologic.com/blog/power-ai-log-analytics/)
110
130
*[Reduce alert noise, automate incident response and keep coding with AI-driven alerting](https://www.sumologic.com/blog/ai-driven-low-noise-alerts/)
111
-
112
-
<!--
113
-
-Bashyam's blog about how we trained our AI
114
-
-Flex Pricing? The more log data ingested, the sharper your analytics and ML/AI insights become. By eliminating ingest limitations and empowering an ML/AI-driven single source of truth for analytics, Flex enables DevOps and DevSecOps teams to troubleshoot faster, accelerate release velocity, and ensure reliable, secure digital experiences.
115
-
-Splunk-to-Sumo conversion migration tool?
116
-
-->
131
+
* News: [Dojo AI launch announcement](https://www.sumologic.com/newsroom/sumo-logic-brings-agentic-ai-into-enterprise-security-stack-with-launch-of-dojo-ai-on-amazon-web-services)
The Duo Source provides a secure endpoint to receive authentication logsfrom the Duo[Authentication Logs API](https://duo.com/docs/adminapi#logs). It securely stores the required authentication, scheduling, and state tracking information.
16
+
The Duo Source collects logsfrom multiple DuoAPI endpoints. It securely stores the required authentication, scheduling, and state tracking information.
17
17
18
18
## Data collected
19
19
20
20
| Polling Interval | Data |
21
21
| :--- | :--- |
22
-
| 5 min |[Authentication Logs](https://duo.com/docs/adminapi#logs)|
1.**Duo Domain**. Provide your **API hostname**, such as `api-********.duosecurity.com`.
49
53
1.**Integration Key**. Provide the Duo Integration Key you want to use to authenticate collection requests.
50
54
1.**Secret Key**. Provide the Duo Secret Key you want to use to authenticate collection requests.
55
+
1.**Supported APIs to Collect**. Choose the API endpoints you wish to collect logs from.
56
+
1.**Collect User Inventory Every 24h**. Check this box if you want to collect user inventory every 24 hours.
51
57
1. (Optional) The **Polling Interval** is set for 300 seconds by default, you can adjust it based on your needs. This sets how often the Source checks for new data.
52
58
1. When you are finished configuring the Source, click **Submit**.
53
59
@@ -81,6 +87,8 @@ Sources can be configured using UTF-8 encoded JSON files with the Collector Ma
81
87
| domain | String | Yes |`null`| Provide your API hostname, such as api-********.duosecurity.com.||
82
88
| integration_key | String | Yes |`null`| Provide the Duo Integration Key you want to use to authenticate collection requests. ||
83
89
| secret_key | String | Yes |`null`| Provide the Duo Secret Key you want to use to authenticate collection requests. ||
90
+
| supported_apis| String Array| Yes | All APIs|Add an element for each of the APIs the integration should collect from.|`["authentication", "administrator", "telephony", "activity"]`|
91
+
| collectUserInventory | Boolean | No | True| Set to true if the integration should collect user inventory logs. |`True`|
84
92
| polling_interval | Integer | No | 300 | This sets how often the Source checks for new data. ||
Copy file name to clipboardExpand all lines: docs/send-data/opentelemetry-collector/install-collector/linux.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,10 +38,10 @@ You can install our OpenTelemetry Collector using one of the following methods:
38
38
39
39
1.[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **OpenTelemetry Collection**. You can also click the **Go To...** menu at the top of the screen and select **OpenTelemetry Collection**. <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > OpenTelemetry Collection**.
40
40
1. On the OpenTelemetry Collection page, click **Add Collector**.
41
-
1. On the left panel, select **Linux** as the platform.<br/> <img src={useBaseUrl('img/send-data/opentelemetry-collector/linux-terminal.png')} alt="linux-terminal" style={{border: '1px solid gray'}} width="900"/>
41
+
1. On the left panel, select **Linux** as the platform.<br/> <img src={useBaseUrl('img/send-data/opentelemetry-collector/linux-install-ui.png')} alt="linux-terminal" style={{border: '1px solid gray'}} width="900"/>
42
42
1. Select/create installation token and customize your tags.
43
43
1. (Optional) In the **Collector Settings**, select the **Ephemeral** checkbox to auto-delete your collector after 12 hours, and select the **Locally Manage Collector** checkbox if you want to configure, maintain, and monitor your collector locally.
44
-
1. Copy the command and execute it in your system terminal where the collector needs to be installed.<br/> <img src={useBaseUrl('img/send-data/opentelemetry-collector/linux-terminal-installation.png')} alt="execute command in terminal" width="900"/>
44
+
1. Copy the command and execute it in your system terminal where the collector needs to be installed.<br/> <img src={useBaseUrl('img/send-data/opentelemetry-collector/linux-install-command.png')} alt="execute command in terminal" width="900"/>
45
45
1. Wait for the installation process to complete, then click **Next** to proceed.
46
46
1. On the next screen, you will see a list of available Source Templates. Select the required Source Template and proceed with the data configuration.
47
47
@@ -63,11 +63,11 @@ You can run the script in two ways:
Refer to [BoringCrypto and FIPS compliance](https://github.com/SumoLogic/sumologic-otel-collector/blob/main/docs/fips.md) in our repository for more details.
@@ -334,13 +334,13 @@ The recommended way to uninstall the OpenTelemetry Collector depends on how you
334
334
If you installed the Collector with the install script, you can this command to uninstall the Collector:
0 commit comments