Sumo Logic Security Solutions
Sumo Logic's security solutions support the entire spectrum of security use cases, from security analytics to SIEM and SOAR:
- Logs for Security
Provides enhanced insight for security analysts into threat activity via logs. Collect security log and event data from your infrastructure and applications, on-premises and in-cloud. Analyze your security data with pre-built and custom dashboards, out-of-the-box security apps, and robust queries. - Threat detection, investigation, and response
After you have collected logs for security, you can use them with the following solutions for threat detection, investigation, and response:- Cloud SIEM
Gives SOC (security operations center) analysts prioritized and contextualized actionable threats with automated security workflows. Out-of-the-box automated detection reduces manual work, saving valuable resource time and enabling your team to be more effective by allowing them to focus on higher-value security functions. - Cloud SOAR
Fully automates triage, investigation, and remediation of threats for any security professional. The open integrations framework allows you to connect to a multitude of third-party applications. The platform provides full incident response lifecycle management with machine learning and threat hunting, accelerating mean time to respond (MTTR). |
- Cloud SIEM
Security feature comparison
Following are features available with our security solutions. If you have any questions on availability or a free trial, you can reach out to your Sumo Logic account team.
| Feature | Logs for Security | Cloud SIEM | Cloud SOAR |
|---|---|---|---|
| Log collection |  | | |
| App catalog (out-of-the-box analytics) | | | |
| Dashboard | | | |
| Deep search (Sumo Logic Search Query Language) | | | |
| Advanced analytics with machine learning (GIS for GuardDuty and CloudTrail) | | | |
| Monitoring | | | |
| Alerts | | | |
| Threat Intelligence (threat intel feed and threat analysis app) | | | |
| Normalization with parsing of unstructured data and Field Extraction Rules | | | |
| Normalization with parsing, mapping, and enrichment | | ||
| Streaming processing | | ||
| Out-of-the-box detection contents | | ||
| Advanced analytics for user behavior | | ||
| Rules Engine (built-in, types, custom, criticality, Rule Expression tuning) | | ||
| Correlation of Signals to an Entity | | ||
| Insight Engine (including case management) | | ||
| Entity Types (Entity Normalization, Related Entities, Entity Criticality) | | ||
| Entity Relationship Graph | | ||
| Entity Timeline | | ||
| Machine learning capabilities (Global Confidence Score for Insights, Insight Trainer) | | ||
| Tags (MITRE ATT&CK, custom tag schema, network blocks) | | ||
| Automation Service | | | |
| Open Integration Framework (OIF) | | | |
| App Central | | | |
| Playbook | | | |
| SecOps dashboard | | ||
| Case Manager | | ||
| War Room | | ||
| Supervised active intelligence with alert triage and playbooks suggestions | | ||
| Progressive automation | | ||
| Highly customizable dashboards and KPIs | | ||
| Automatic incident reports | |