SlideShare uma empresa Scribd logo

Security Certification: Security Analytics using Sumo Logic - Oct 2018

Sumo Logic
Sumo Logic

Get Certified as a Sumo Security Power User! With security threats on the rise, come join our Security and Compliance experts to learn how Sumo Logic’s Threat Intelligence can help you stay on top of your environment by matching IOCs like IP address, domain names, URL, email addresses, MD5 hashes and more, to increase velocity and accuracy of threat detection. Hands on labs help cement the knowledge learned.

Tecnologia
1 de 53
Baixar para ler offline
Become a Sumo Security User Security Certification
Sumo Logic Confidential Become a Sumo Security Power User 1. Learn How Security Analytics works for you 2. Develop a Toolset for Basic and Advanced Analytics 3. Monitor Trends & Critical Events 4. Learn about Sumo’s Security and Compliance Apps 5. Next steps: where do you go from here?
Sumo Logic Confidential Tutorial: Hands-on Exercises Training Environment: 1. service.sumologic.com 2. The username and password is on your handout Security Hands-on Labs: ● sumologic.com/learn/certifications
Sumo Logic Confidential Sumo Logic Security Analytics Real-time insights for streamlined Compliance and Security • Meet compliance deadlines • Reduce security risks • Identify potential security breaches • Neutralize new threat patterns • Transform reactive/manual processes into integrated/proactive/automated Automate Threat Detection • Detect threats across microservices, container services, cloud-based technology, operating systems, applications, storage devices, servers, workstations, and more.
Sumo Logic Confidential Examples of Security Use Cases • Monitor “Root” Logins • Monitor Multiple Failed Logins • Monitor Web Activity • Monitor Ingress/Outgress Rules • Identify publicly exposed Security Group (0.0.0.0/0 with <open port>) • Identify Services out of Compliance (no patches in “n” days) • Identify Application Threats (Libraries, Botnets, compromised credentials) • Monitor Malicious Threats and IOCs ➢ What’s your use case?
Sumo Logic Confidential Filter and Provide Structure Search and Parse
Sumo Logic Confidential Search and Parse Search and Filter your data Search and Filter your data • _metadata • Keywords • Live Tail Parse fields to provide structure to your data • Query Parsing • Implement your Field Extraction Rules
Sumo Logic Confidential Security Certification: Hands-on Labs Labs 1-3: Search and Parse • Search Basics: Metadata and Keywords • Parsing Operators and Options • Grouping Results • Field Extraction Rules Security Analytics
Sumo Logic Confidential Conditional Logic, Filtering, Formatting Results Simple Analytics
Sumo Logic Confidential Review ⇨ Query Syntax Syntax: metadata Keywords and operators, separated by pipes, that build on top of each other |parse |filter |aggregate |format keywords
Sumo Logic Confidential Simple Analytics Aggregation | count[] | sum | avg | min() | max() Conditional | if() | []matches[] | <>in() | filter | where Formatting | transpose | fields | limit | sort by | top
Sumo Logic Confidential Cheat Sheet Community Learn Tab
Sumo Logic Confidential Security Certification: Hands-On Labs Lab 4A: Monitor AWS Root Account Usage Community > Query Library > Security-related Queries for AWS Security Analytics
Sumo Logic Confidential Parse key fields Perform additional parsing on key fields Don’t drop messages that do not match parse criteriaFurther Filter results Aggregate by desired fields Filter using metadata and keywords
Sumo Logic Confidential Security Certification: Hands-On Labs Lab 4B: Monitor Security Groups Created Community > Query Library > Security-related Queries for AWS Security Analytics
Sumo Logic Confidential Security Certification: Hands-On Labs Lab 4C: Monitor “Impossible Travel” scenario Community > Query Library > Security-related Queries for AWS Security Analytics
Sumo Logic Confidential Outliers, Trends, Needle in the Haystack Advanced Analytics
Sumo Logic Confidential Advanced Analytics Find the ”needle in the haystack” by identifying patterns. Compare today’s patterns with patterns in the past. _sourceCategory=Labs/security/snort | logreduce _sourceCategory=Labs/security/snort | logcompare -24h LogReduce ➜ New security attacks/breaches. LogCompare ➜ Compare attacks/breaches to other time periods.
Sumo Logic Confidential Advanced Analytics _sourceCategory=Labs/AWS/CloudTrail | parse ""eventName":"*"" as eventName nodrop | parse ""responseElements":{"ConsoleLogin":"*"}" as loginResult nodrop | where eventName="ConsoleLogin" and loginresult="Failure" | timeslice 30m | count(eventName) as failed_login_attempts by _timeslice | outlier failed_login_attempts _sourceCategory=Labs/security/Proofpoint and Mexico | timeslice 5m | count as rogue_traffic by _timeslice | predict rogue_traffic by 5m forecast=12 Outlier ➜ Anomalies in number of Failed Logins Predict ➜ Traffic from a Rogue Country/State
Sumo Logic Confidential Advanced Analytics _sourceCategory=Labs/PaloAltoNetworks and ",TRAFFIC," | where action="deny" | count action | compare with timeshift 15m 4 avg | if(isNull(_count), 0, _count) as _count | if(isNull(_count_60m_avg), 0, _count_60m_avg) as _count_60m_avg | where _count>(5 * _count_60m_avg) _sourceCategory=Labs/PaloAltoNetworks and ",TRAFFIC," | lookup latitude, longitude, country_code, country_name, city from geo://location on ip=dest_ip | where country_code<>"US" | count by latitude, longitude, country_code, country_name, city Time Compare ➜ Identify a 5-fold increase in Denied Traffic Geo Lookup ➜ Traffic Destinations outside the US
Sumo Logic Confidential Security Certification: Hands-On Labs Lab 5-8: Advanced Analytics ● Finding the needle in the haystack ● Comparing time periods ● Identifying Outliers Security Analytics
Sumo Logic Confidential Advanced Analytics ((_sourceCategory=Labs/PaloAltoNetworks ",THREAT,") or (_sourceCategory=Labs/PaloAltoNetworks ",TRAFFIC," action=allow)) | concat(dest_ip,":", dest_port) as destination | transactionize src_ip (merge type, destination, src_ip takeFirst) | where type matches "*TRAFFIC*" and type matches "*THREAT*" | count src_ip, type, destination | fields - _count ((_sourceCategory=Labs/security/snort "[Classification: Web Application Attack]") or _sourceCategory=Labs/Apache/Access) | parse "{TCP} *:* -> *:*" as src_ip, src_port, dest_ip, dest_port nodrop | parse regex "(?<src_ip>d{1,3}.d{1,3}.d{1,3}.d{1,3})" | transaction on src_ip with states %"Labs/security/snort", %"Labs/Apache/Access" in _sourceCategory | where %"Labs/security/snort">0 and %"Labs/Apache/Access">0 Transactionize ➜ Follow a Transaction Transaction ➜ Correlate Traffic Data
Sumo Logic Confidential Security Certification: Hands-On Labs Labs 9-14: Lookups and Data Correlation ● Using Threat Intel Lookup ● Creating Query Templates ● Creating Custom Lookups ● Correlating Data ○ Transaction ○ Transactionize ○ Subqueries Security Analytics
Sumo Logic Confidential Dashboards and Alerts Monitoring your Data
Sumo Logic Confidential Monitoring Your Data Visualize your data through Dashboards ● Chart your Data ● Create Panels ● Share your Content! Receive notification of your Critical Events ● Schedule Your Searches ● Use Webhook Connections to reach your audience ● Create Meaningful Alerts
Sumo Logic Confidential Security Certification: Hands-On Labs Labs 15-18: Visualizing and Monitoring ● Create a Dashboard ● Add Panels to an Existing Dashboard ● Create Meaningful Alerts Security Analytics
Sumo Logic Confidential Out-of-the-Box Content Security and Compliance Apps
Sumo Logic Confidential Security and Compliance Apps ● Simplify Compliance Management ● Set up Real-time monitoring and Alerts ● Security Analytics with Threat Intelligence
Sumo Logic Confidential Apps: Palo Alto Networks Discover threats, consumption, traffic patterns, and other security-driven issues, providing additional insight for investigations.
Sumo Logic Confidential Apps: AWS CloudTrail Track user behavior patterns, administrator activity, or correlate with other data sets to get a broader understanding of events from operating systems, intrusion detection systems or application logs.
Sumo Logic Confidential Apps: AWS VPC Flow Logs Track your IP network traffic and troubleshoot security issues with real-time visibility and analysis of your environment.
Sumo Logic Confidential Apps: AWS GuardDuty Detect unexpected and potentially malicious activities in your AWS account. Analyze threats by severity, VPC, IP, account ID, region, and resource type. GuardDuty analyzes and processes VPC Flow Logs and AWS CloudTrail event logs.
Sumo Logic Confidential Apps: Threat Intelligence for AWS Correlate CrowdStrike threat intelligence data with your AWS log data, for real-time security analytics to detect threats and protect against cyber-attacks. The Threat Intel for AWS App scans AWS CloudTrail, AWS ELB and AWS VPC Flow logs for threats based on IP address.
Sumo Logic Confidential Apps: Threat Intelligence Quick Analysis Correlate CrowdStrike threat intelligence data with your own log data, for real-time security analytics to detect threats and protect against cyber-attacks. This app scans your selected logs for threats based on IP, filename, URL, domain, Hash 256, and email.
Sumo Logic Confidential Apps: CrowdStrike Analyze CrowdStrike security events by type, status and detection method. The CrowdStrike Falcon platform provides Endpoint Detection and Response, Antivirus and Threat Intelligence services via the cloud.
Sumo Logic Confidential Apps: O365 Monitor and analyze your complete Office 365 system for administrator and user activity. This app monitors Audit logs for Azure Active Directory, Exchange and SharePoint.
Sumo Logic Confidential Security Certification: Hands-On Labs Labs 19-20: Sumo Logic Apps ● Installing AWS CloudTrail App ● Installing the Threat Intel App for OSSEC data Using Sumo Logic
Sumo Logic Confidential ”How To” templates to implement in your Environment Use Cases
Sumo Logic Confidential General Use Cases How to Create and Alert on Ratios or Percentages ● Outlier How to Compare and Alert on Historical Data ● Compare and Outlier Detect Patterns and Changes Across Environments and Time ● LogCompare Visualize Trends in Your Signatures ● LogReduce and Timeslice
Sumo Logic Confidential Security Use Cases ● Security Queries for PAN (Firewalls) ● Security Queries for AWS ● Security Queries for Linux ● Security Queries for Windows
Sumo Logic Confidential Training, Docs, Community, Support Where do I go from here?
Need knowledge? ⇨ try the Learn tab Explore the tutorials
Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Explore the tutorials
Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Explore the tutorials
Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Explore the tutorials
Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Explore the tutorials
Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials
Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials Open a Support case
Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials Open a Support case
Questions?
Security Labs https://bit.ly/2MyZ7vi
Sumo Logic Confidential Sumo Logic Confidential In order to get credit for the exam, In YOUR OWN INSTANCE, go to Certification Tab. • Online Exam • 30 Multiple choice questions • 60-minute time limit • 3 attempts
Security Certification: Security Analytics using Sumo Logic - Oct 2018

Recomendados

Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Sumo Logic
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
Sumo Logic
 
Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018
Sumo Logic
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security Analytics
Sumo Logic
 
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - Administration
Sumo Logic
 
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get CertifiedSumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic
 

Recomendados

Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018Level 3 Certification: Setting up Sumo Logic - Oct 2018
Level 3 Certification: Setting up Sumo Logic - Oct 2018
Sumo Logic
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
Sumo Logic
 
Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018Level 2 Certification: Using Sumo Logic - Oct 2018
Level 2 Certification: Using Sumo Logic - Oct 2018
Sumo Logic
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security Analytics
Sumo Logic
 
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic Certification - Level 2 (Using Sumo)
Sumo Logic
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - Administration
Sumo Logic
 
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get CertifiedSumo Logic QuickStart Webinar - Get Certified
Sumo Logic QuickStart Webinar - Get Certified
Sumo Logic
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - Fundamentals
Sumo Logic
 
Welcome Webinar Slides
Welcome Webinar SlidesWelcome Webinar Slides
Welcome Webinar Slides
Sumo Logic
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic
 
Welcome Webinar PDF
Welcome Webinar PDFWelcome Webinar PDF
Welcome Webinar PDF
Sumo Logic
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic
 
Sumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search MasterySumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search Mastery
Sumo Logic
 
Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic
 
Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job API
Sumo Logic
 
Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016
Sumo Logic
 
Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017
Sumo Logic
 
Sumo Logic Quickstart Training 10/14/2015
Sumo Logic Quickstart Training 10/14/2015Sumo Logic Quickstart Training 10/14/2015
Sumo Logic Quickstart Training 10/14/2015
Sumo Logic
 
Sumo Logic QuickStart
Sumo Logic QuickStartSumo Logic QuickStart
Sumo Logic QuickStart
Sumo Logic
 
"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic
Sumo Logic
 
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and MetricsHow Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
Sumo Logic
 
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic
 
Sumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic
 
Develop IoT project with AirVantage M2M Cloud
Develop IoT project with AirVantage M2M CloudDevelop IoT project with AirVantage M2M Cloud
Develop IoT project with AirVantage M2M Cloud
Crystal Lam
 
Sumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic "How to" Webinar: Advanced AnalyticsSumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic
 
Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic
 
Sumo Logic "How To" Webinar: Apps
Sumo Logic "How To" Webinar: AppsSumo Logic "How To" Webinar: Apps
Sumo Logic "How To" Webinar: Apps
Sumo Logic
 

Mais conteúdo relacionado

Mais procurados

How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and MetricsHow Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
Sumo Logic
 

Mais procurados (20)

Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 
Sumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - FundamentalsSumo Logic Cert Jam - Fundamentals
Sumo Logic Cert Jam - Fundamentals
 
Welcome Webinar Slides
Welcome Webinar SlidesWelcome Webinar Slides
Welcome Webinar Slides
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Welcome Webinar PDF
Welcome Webinar PDFWelcome Webinar PDF
Welcome Webinar PDF
 
Sumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics MasterySumo Logic Cert Jam - Metrics Mastery
Sumo Logic Cert Jam - Metrics Mastery
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Sumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search MasterySumo Logic Cert Jam - Search Mastery
Sumo Logic Cert Jam - Search Mastery
 
Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016
 
Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job API
 
Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016Sumo Logic Quickstart - Nv 2016
Sumo Logic Quickstart - Nv 2016
 
Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017
 
Sumo Logic Quickstart Training 10/14/2015
Sumo Logic Quickstart Training 10/14/2015Sumo Logic Quickstart Training 10/14/2015
Sumo Logic Quickstart Training 10/14/2015
 
Sumo Logic QuickStart
Sumo Logic QuickStartSumo Logic QuickStart
Sumo Logic QuickStart
 
"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic"How to" Webinar: Sending Data to Sumo Logic
"How to" Webinar: Sending Data to Sumo Logic
 
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and MetricsHow Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
How Hudl and Cloud Cruiser Leverage Sumo Logic's Unified Logs and Metrics
 
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016
 
Sumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host Metrics
 
Develop IoT project with AirVantage M2M Cloud
Develop IoT project with AirVantage M2M CloudDevelop IoT project with AirVantage M2M Cloud
Develop IoT project with AirVantage M2M Cloud
 
Sumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic "How to" Webinar: Advanced AnalyticsSumo Logic "How to" Webinar: Advanced Analytics
Sumo Logic "How to" Webinar: Advanced Analytics
 

Semelhante a Security Certification: Security Analytics using Sumo Logic - Oct 2018

AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
Amazon Web Services
 
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
Sumo Logic
 
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
Sumo Logic
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...
Erkang Zheng
 

Semelhante a Security Certification: Security Analytics using Sumo Logic - Oct 2018 (20)

Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016Sumo Logic QuickStart Webinar - Jan 2016
Sumo Logic QuickStart Webinar - Jan 2016
 
Sumo Logic "How To" Webinar: Apps
Sumo Logic "How To" Webinar: AppsSumo Logic "How To" Webinar: Apps
Sumo Logic "How To" Webinar: Apps
 
Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017Setting Up Sumo Logic - Sep 2017
Setting Up Sumo Logic - Sep 2017
 
Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017Setting up Sumo Logic - June 2017
Setting up Sumo Logic - June 2017
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
 
Sumo Logic QuickStat - Apr 2017
Sumo Logic QuickStat - Apr 2017Sumo Logic QuickStat - Apr 2017
Sumo Logic QuickStat - Apr 2017
 
Sumo Logic QuickStart Webinar
Sumo Logic QuickStart WebinarSumo Logic QuickStart Webinar
Sumo Logic QuickStart Webinar
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
L400-P1 Overview.pdf
L400-P1 Overview.pdfL400-P1 Overview.pdf
L400-P1 Overview.pdf
 
Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017Setting Up Sumo Logic - Apr 2017
Setting Up Sumo Logic - Apr 2017
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Swascan Cyber Security Testing Platform
Swascan Cyber Security Testing PlatformSwascan Cyber Security Testing Platform
Swascan Cyber Security Testing Platform
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
 
Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51Why Penetration Testing Services Cyber51
Why Penetration Testing Services Cyber51
 
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
 
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
 
Sumo Logic QuickStart Webinar July 2016
Sumo Logic QuickStart Webinar July 2016Sumo Logic QuickStart Webinar July 2016
Sumo Logic QuickStart Webinar July 2016
 
Sumo Logic QuickStart - May 2016
Sumo Logic QuickStart - May 2016Sumo Logic QuickStart - May 2016
Sumo Logic QuickStart - May 2016
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 

Mais de Sumo Logic

Machine Analytics: Correlate Your Logs and Metrics
Machine Analytics: Correlate Your Logs and MetricsMachine Analytics: Correlate Your Logs and Metrics
Machine Analytics: Correlate Your Logs and Metrics
Sumo Logic
 
Bring your Graphite-compatible metrics into Sumo Logic
Bring your Graphite-compatible metrics into Sumo LogicBring your Graphite-compatible metrics into Sumo Logic
Bring your Graphite-compatible metrics into Sumo Logic
Sumo Logic
 

Mais de Sumo Logic (7)

Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)Sumo Logic Cert Jam - Fundamentals (Spanish)
Sumo Logic Cert Jam - Fundamentals (Spanish)
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOps
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
 
Machine Analytics: Correlate Your Logs and Metrics
Machine Analytics: Correlate Your Logs and MetricsMachine Analytics: Correlate Your Logs and Metrics
Machine Analytics: Correlate Your Logs and Metrics
 
Scaling Your Tools for Your Modern Application
Scaling Your Tools for Your Modern ApplicationScaling Your Tools for Your Modern Application
Scaling Your Tools for Your Modern Application
 
Bring your Graphite-compatible metrics into Sumo Logic
Bring your Graphite-compatible metrics into Sumo LogicBring your Graphite-compatible metrics into Sumo Logic
Bring your Graphite-compatible metrics into Sumo Logic
 
Sumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled SearchesSumo Logic: Optimizing Scheduled Searches
Sumo Logic: Optimizing Scheduled Searches
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Security Certification: Security Analytics using Sumo Logic - Oct 2018

  • 1. Become a Sumo Security User Security Certification
  • 2. Sumo Logic Confidential Become a Sumo Security Power User 1. Learn How Security Analytics works for you 2. Develop a Toolset for Basic and Advanced Analytics 3. Monitor Trends & Critical Events 4. Learn about Sumo’s Security and Compliance Apps 5. Next steps: where do you go from here?
  • 3. Sumo Logic Confidential Tutorial: Hands-on Exercises Training Environment: 1. service.sumologic.com 2. The username and password is on your handout Security Hands-on Labs: ● sumologic.com/learn/certifications
  • 4. Sumo Logic Confidential Sumo Logic Security Analytics Real-time insights for streamlined Compliance and Security • Meet compliance deadlines • Reduce security risks • Identify potential security breaches • Neutralize new threat patterns • Transform reactive/manual processes into integrated/proactive/automated Automate Threat Detection • Detect threats across microservices, container services, cloud-based technology, operating systems, applications, storage devices, servers, workstations, and more.
  • 5. Sumo Logic Confidential Examples of Security Use Cases • Monitor “Root” Logins • Monitor Multiple Failed Logins • Monitor Web Activity • Monitor Ingress/Outgress Rules • Identify publicly exposed Security Group (0.0.0.0/0 with <open port>) • Identify Services out of Compliance (no patches in “n” days) • Identify Application Threats (Libraries, Botnets, compromised credentials) • Monitor Malicious Threats and IOCs ➢ What’s your use case?
  • 6. Sumo Logic Confidential Filter and Provide Structure Search and Parse
  • 7. Sumo Logic Confidential Search and Parse Search and Filter your data Search and Filter your data • _metadata • Keywords • Live Tail Parse fields to provide structure to your data • Query Parsing • Implement your Field Extraction Rules
  • 8. Sumo Logic Confidential Security Certification: Hands-on Labs Labs 1-3: Search and Parse • Search Basics: Metadata and Keywords • Parsing Operators and Options • Grouping Results • Field Extraction Rules Security Analytics
  • 9. Sumo Logic Confidential Conditional Logic, Filtering, Formatting Results Simple Analytics
  • 10. Sumo Logic Confidential Review ⇨ Query Syntax Syntax: metadata Keywords and operators, separated by pipes, that build on top of each other |parse |filter |aggregate |format keywords
  • 11. Sumo Logic Confidential Simple Analytics Aggregation | count[] | sum | avg | min() | max() Conditional | if() | []matches[] | <>in() | filter | where Formatting | transpose | fields | limit | sort by | top
  • 12. Sumo Logic Confidential Cheat Sheet Community Learn Tab
  • 13. Sumo Logic Confidential Security Certification: Hands-On Labs Lab 4A: Monitor AWS Root Account Usage Community > Query Library > Security-related Queries for AWS Security Analytics
  • 14. Sumo Logic Confidential Parse key fields Perform additional parsing on key fields Don’t drop messages that do not match parse criteriaFurther Filter results Aggregate by desired fields Filter using metadata and keywords
  • 15. Sumo Logic Confidential Security Certification: Hands-On Labs Lab 4B: Monitor Security Groups Created Community > Query Library > Security-related Queries for AWS Security Analytics
  • 16. Sumo Logic Confidential Security Certification: Hands-On Labs Lab 4C: Monitor “Impossible Travel” scenario Community > Query Library > Security-related Queries for AWS Security Analytics
  • 17. Sumo Logic Confidential Outliers, Trends, Needle in the Haystack Advanced Analytics
  • 18. Sumo Logic Confidential Advanced Analytics Find the ”needle in the haystack” by identifying patterns. Compare today’s patterns with patterns in the past. _sourceCategory=Labs/security/snort | logreduce _sourceCategory=Labs/security/snort | logcompare -24h LogReduce ➜ New security attacks/breaches. LogCompare ➜ Compare attacks/breaches to other time periods.
  • 19. Sumo Logic Confidential Advanced Analytics _sourceCategory=Labs/AWS/CloudTrail | parse ""eventName":"*"" as eventName nodrop | parse ""responseElements":{"ConsoleLogin":"*"}" as loginResult nodrop | where eventName="ConsoleLogin" and loginresult="Failure" | timeslice 30m | count(eventName) as failed_login_attempts by _timeslice | outlier failed_login_attempts _sourceCategory=Labs/security/Proofpoint and Mexico | timeslice 5m | count as rogue_traffic by _timeslice | predict rogue_traffic by 5m forecast=12 Outlier ➜ Anomalies in number of Failed Logins Predict ➜ Traffic from a Rogue Country/State
  • 20. Sumo Logic Confidential Advanced Analytics _sourceCategory=Labs/PaloAltoNetworks and ",TRAFFIC," | where action="deny" | count action | compare with timeshift 15m 4 avg | if(isNull(_count), 0, _count) as _count | if(isNull(_count_60m_avg), 0, _count_60m_avg) as _count_60m_avg | where _count>(5 * _count_60m_avg) _sourceCategory=Labs/PaloAltoNetworks and ",TRAFFIC," | lookup latitude, longitude, country_code, country_name, city from geo://location on ip=dest_ip | where country_code<>"US" | count by latitude, longitude, country_code, country_name, city Time Compare ➜ Identify a 5-fold increase in Denied Traffic Geo Lookup ➜ Traffic Destinations outside the US
  • 21. Sumo Logic Confidential Security Certification: Hands-On Labs Lab 5-8: Advanced Analytics ● Finding the needle in the haystack ● Comparing time periods ● Identifying Outliers Security Analytics
  • 22. Sumo Logic Confidential Advanced Analytics ((_sourceCategory=Labs/PaloAltoNetworks ",THREAT,") or (_sourceCategory=Labs/PaloAltoNetworks ",TRAFFIC," action=allow)) | concat(dest_ip,":", dest_port) as destination | transactionize src_ip (merge type, destination, src_ip takeFirst) | where type matches "*TRAFFIC*" and type matches "*THREAT*" | count src_ip, type, destination | fields - _count ((_sourceCategory=Labs/security/snort "[Classification: Web Application Attack]") or _sourceCategory=Labs/Apache/Access) | parse "{TCP} *:* -> *:*" as src_ip, src_port, dest_ip, dest_port nodrop | parse regex "(?<src_ip>d{1,3}.d{1,3}.d{1,3}.d{1,3})" | transaction on src_ip with states %"Labs/security/snort", %"Labs/Apache/Access" in _sourceCategory | where %"Labs/security/snort">0 and %"Labs/Apache/Access">0 Transactionize ➜ Follow a Transaction Transaction ➜ Correlate Traffic Data
  • 23. Sumo Logic Confidential Security Certification: Hands-On Labs Labs 9-14: Lookups and Data Correlation ● Using Threat Intel Lookup ● Creating Query Templates ● Creating Custom Lookups ● Correlating Data ○ Transaction ○ Transactionize ○ Subqueries Security Analytics
  • 24. Sumo Logic Confidential Dashboards and Alerts Monitoring your Data
  • 25. Sumo Logic Confidential Monitoring Your Data Visualize your data through Dashboards ● Chart your Data ● Create Panels ● Share your Content! Receive notification of your Critical Events ● Schedule Your Searches ● Use Webhook Connections to reach your audience ● Create Meaningful Alerts
  • 26. Sumo Logic Confidential Security Certification: Hands-On Labs Labs 15-18: Visualizing and Monitoring ● Create a Dashboard ● Add Panels to an Existing Dashboard ● Create Meaningful Alerts Security Analytics
  • 27. Sumo Logic Confidential Out-of-the-Box Content Security and Compliance Apps
  • 28. Sumo Logic Confidential Security and Compliance Apps ● Simplify Compliance Management ● Set up Real-time monitoring and Alerts ● Security Analytics with Threat Intelligence
  • 29. Sumo Logic Confidential Apps: Palo Alto Networks Discover threats, consumption, traffic patterns, and other security-driven issues, providing additional insight for investigations.
  • 30. Sumo Logic Confidential Apps: AWS CloudTrail Track user behavior patterns, administrator activity, or correlate with other data sets to get a broader understanding of events from operating systems, intrusion detection systems or application logs.
  • 31. Sumo Logic Confidential Apps: AWS VPC Flow Logs Track your IP network traffic and troubleshoot security issues with real-time visibility and analysis of your environment.
  • 32. Sumo Logic Confidential Apps: AWS GuardDuty Detect unexpected and potentially malicious activities in your AWS account. Analyze threats by severity, VPC, IP, account ID, region, and resource type. GuardDuty analyzes and processes VPC Flow Logs and AWS CloudTrail event logs.
  • 33. Sumo Logic Confidential Apps: Threat Intelligence for AWS Correlate CrowdStrike threat intelligence data with your AWS log data, for real-time security analytics to detect threats and protect against cyber-attacks. The Threat Intel for AWS App scans AWS CloudTrail, AWS ELB and AWS VPC Flow logs for threats based on IP address.
  • 34. Sumo Logic Confidential Apps: Threat Intelligence Quick Analysis Correlate CrowdStrike threat intelligence data with your own log data, for real-time security analytics to detect threats and protect against cyber-attacks. This app scans your selected logs for threats based on IP, filename, URL, domain, Hash 256, and email.
  • 35. Sumo Logic Confidential Apps: CrowdStrike Analyze CrowdStrike security events by type, status and detection method. The CrowdStrike Falcon platform provides Endpoint Detection and Response, Antivirus and Threat Intelligence services via the cloud.
  • 36. Sumo Logic Confidential Apps: O365 Monitor and analyze your complete Office 365 system for administrator and user activity. This app monitors Audit logs for Azure Active Directory, Exchange and SharePoint.
  • 37. Sumo Logic Confidential Security Certification: Hands-On Labs Labs 19-20: Sumo Logic Apps ● Installing AWS CloudTrail App ● Installing the Threat Intel App for OSSEC data Using Sumo Logic
  • 38. Sumo Logic Confidential ”How To” templates to implement in your Environment Use Cases
  • 39. Sumo Logic Confidential General Use Cases How to Create and Alert on Ratios or Percentages ● Outlier How to Compare and Alert on Historical Data ● Compare and Outlier Detect Patterns and Changes Across Environments and Time ● LogCompare Visualize Trends in Your Signatures ● LogReduce and Timeslice
  • 40. Sumo Logic Confidential Security Use Cases ● Security Queries for PAN (Firewalls) ● Security Queries for AWS ● Security Queries for Linux ● Security Queries for Windows
  • 41. Sumo Logic Confidential Training, Docs, Community, Support Where do I go from here?
  • 42. Need knowledge? ⇨ try the Learn tab Explore the tutorials
  • 43. Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Explore the tutorials
  • 44. Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Explore the tutorials
  • 45. Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Explore the tutorials
  • 46. Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Explore the tutorials
  • 47. Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials
  • 48. Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials Open a Support case
  • 49. Need knowledge? ⇨ try the Learn tab Access comprehensive lists of operators and more Every feature and tool covered in docs Find out What’s New Find answers or post your questions to Community Attend/review training and get certified Explore the tutorials Open a Support case
  • 52. Sumo Logic Confidential Sumo Logic Confidential In order to get credit for the exam, In YOUR OWN INSTANCE, go to Certification Tab. • Online Exam • 30 Multiple choice questions • 60-minute time limit • 3 attempts