You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: blog-service/2025-06-16-apps.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,17 +15,17 @@ To support this update, Sumo Logic has revised several AWS apps and Cloud SIEM p
15
15
16
16
To learn more, see [Important changes to CloudTrail events for AWS IAM Identity Center](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/).
17
17
18
-
## Impact following the AWS CloudTrail updates
18
+
###Impact following the AWS CloudTrail updates
19
19
20
20
AWS is updating CloudTrail events for IAM Identity Center, affecting how user identity data is structured. So, if you are using the updated fields in your Cloud SIEM content or across the Sumo Logic platform, you need to update any saved queries, dashboards, or detection rules to reflect these changes and ensure continued functionality.
21
21
22
22
Key actions required while updating the AWS CloudTrail include:
23
23
- Sumo Logic provided apps must be manually reinstalled to incorporate the updated event field mappings.
24
24
- Cloud SIEM parsers have auto-updated and require no customer intervention.
25
25
26
-
## Action plan for Sumo Logic users
26
+
###Action plan for Sumo Logic users
27
27
28
-
### Step 1: Reinstall the relevant Sumo Logic apps
28
+
####Step 1: Reinstall the relevant Sumo Logic apps
29
29
30
30
If you're using any of the following apps that consume CloudTrail data, you must reinstall them:
31
31
-[Amazon CloudTrail – Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail/)
@@ -45,7 +45,7 @@ To reinstall any of the above apps, follow the steps below:
45
45
These are Classic apps (V1), and reinstalling them will create a new folder in your Content Library with updated dashboards.
46
46
:::
47
47
48
-
### Step 2: Update the custom saved searches and dashboards
48
+
####Step 2: Update the custom saved searches and dashboards
49
49
50
50
If you’ve created custom content based on CloudTrail fields, manual field updates as given below will be required to accommodate the new schema:
51
51
- Move the `userName` field from the `userIdentity` element to the `additionalEventData` element.
@@ -60,8 +60,8 @@ AWS plans to implement these enhancements on [July 14, 2025](https://aws.amazon.
60
60
Sumo Logic apps are backward-compatible, allowing you to update the apps ahead of time. For any custom content outside of Sumo Logic’s apps or parsers, ensure your changes are backward compatible and deploy updates before July 14, 2025.
61
61
:::
62
62
63
-
## FAQ
63
+
###FAQ
64
64
65
-
### What happens if I don’t update my applications or searches?
65
+
####What happens if I don’t update my applications or searches?
66
66
67
67
Failure to update your apps, saved searches, or dashboards will result in user-related fields not being parsed correctly. Consequently, visualizations and panels relying on those fields will appear empty or display inaccurate data.
0 commit comments