Quickly leverage and centralize visibility into the security of your AWS environment
Rapid security insights
Gain rapid insights into the severity and frequency of GuardDuty findings for more rapid and effective remediation efforts.
Click to fix
Simply click on any AWS GuardDuty finding from the Sumo Logic dashboard and instantly be routed to your AWS EC2 environment for rapid remediation efforts.
Granular search and analytics
GuardDuty findings and raw log data can easily be filtered by “tags” for more granular search and detailed analysis. Search “Tag” types include User ID, Region, VPC, subnet, instance ID, ports, IPs, Principle ID, Access Key ID, etc.
Pre-built Sumo Logic GuardDuty Dashboards
Sumo Logic provides a single pane of glass to reduce the complexity of managing multiple environments, with pre-configured, user friendly and customizable dashboards that take GuardDuty’s linear data format and layers-on rich graphical reporting and depictions of trends over time.
Rapid & Intelligent Threat Detection
Complete visibility into the health and protection of your AWS environment through pre-built GuardDuty dashboards. Insightful graphic representation of the overall health of your deployment, to quickly spot, analyze and inspect any indications of non-standard security events.
- GuardDuty “findings” can be prioritized and customized for severity and risk.
- Monitor trends over time to better predict potential events before they occur.
- Simplify the management of your AWS environment with simple, “out-of-the box” dashboards that enrich and enhance GuardDuty analytics
- Simply “click to fix” with instant routing to your EC2 environment for remediation efforts needed.
- GuardDuty search tags allow for more granular investigation of events and findings, such as the IP address and geo-location of the attacker, for rapid isolation of events
Value-added Context Beyond GuardDuty
The Sumo Logic GuardDuty App adds additional sources of analytics for deeper and wider visibility in the AWS environment and context across the organization including full stack visibility into application/infra logs, Application/Elastic Load Balancer (ALB/ELB) performance, and supplemental threat intel provided by Crowdstrike for management of resources outside of AWS.
