--- title: "Csi: cloud (pilot coming soon to your AWS stack.)" page_name: "CSI: Cloud (Pilot coming soon to your AWS stack.)" type: "blog" slug: "csi-cloud-pilot-coming-soon-to-your-aws-stack" published_at: "2015-08-17" modified_at: "2025-05-09" url: "https://www.sumologic.com/blog/csi-cloud-pilot-coming-soon-to-your-aws-stack" canonical: "https://www.sumologic.com/blog/csi-cloud-pilot-coming-soon-to-your-aws-stack" markdown_url: "https://www.sumologic.com/blog/csi-cloud-pilot-coming-soon-to-your-aws-stack.md" lang: "en" excerpt: "ExtraHop integrates with Sumo Logic | Analyze both AWS-based wire & log data in real time | Faster remediation | Better performance | Higher availability" taxonomy_blog_category: - "AWS" --- [ All blogs ](https://www.sumologic.com/blog "blog")[AWS](https://www.sumologic.com/blog/aws) # CSI: Cloud (Pilot coming soon to your AWS stack.) [Sumo Logic](#blog-author-block-1) August 17, 2015 0 min read [AWS](https://www.sumologic.com/blog/aws) ##### Table of contents You know how they get the bad guys on CSI. We have seen the “police procedural” drama played out so often, it’s almost second nature: 1. Listen to what they *say* they did. 2. Examine the physical evidence to see what they *actually* did*.* 3. Compare and confront (the fun part). It’s the discrepancies that drive the drama. This is a powerful metaphor for troubleshooting your application stack in the cloud (bear with me… it’s worth it). Let’s say you are seeing an issue with your cloud-based app. You have metrics from CloudTrail, CloudWatch—or maybe from New Relic or another performance monitoring system. They are telling you a “crime” has occurred… an SLA has been violated or a KPI threshold has been exceeded. Or even worse, a customer has suffered and wants you to suffer too. What do you do to find the culprits and bring them to justice? 1. Look at the logs ( = what your app servers, web servers, load balancers, database servers, etc. *say* they did), using an AWS-based log analysis solution like Sumo Logic. 2. Look at the wire data ( = how your app servers, web servers, load balancers, database servers, etc. *behaved* – what they actually did), using a deep packet sniffing solution like Extra Hop. 3. Compare and correlate. This model makes sense. But where is the “wire” (the data, not the TV series) when you are deployed in AWS? It turns out that ExtraHop offers a “virtual tap” for AWS instances, i.e. a bit of software that emulates a network tap, allowing ExtraHop to collect packet data for real-time inspection and analysis. It further turns out that ExtraHop provides a direct, out-of-the-box integration with Sumo Logic, so that data from ALL your AWS-based sources can be analyzed in real- time. This means you get wire data (the behavior) alongside the log/audit data (the testimony) from AWS and your running instances. You can search, aggregate and correlate AWS events from CloudTrail, CloudWatch, and ELB together with your own logs (app, web, database), and with the wire-derived events from ExtraHop. The result? Dramatically reduced Mean Time To Identify (MTTI) the root cause, which means faster remediation, higher availability, and better performance. ### Article Tags - [AWS](https://www.sumologic.com/blog/aws) Sumo Logic [](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=CSI%3A%20Cloud%20%28Pilot%20coming%20soon%20to%20your%20AWS%20stack.%29&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fcsi-cloud-pilot-coming-soon-to-your-aws-stack "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fcsi-cloud-pilot-coming-soon-to-your-aws-stack "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fcsi-cloud-pilot-coming-soon-to-your-aws-stack "Linkedin") [Previous blog Centralizing Your Application Log Data](https://www.sumologic.com/blog/centralizing-your-application-log-data-2)[Next blog Why You Should Add Wire Data to Your Sumo Logic](https://www.sumologic.com/blog/why-you-should-add-wire-data-to-your-sumo-logic) People who read this also enjoyed [ Eight best practices for a successful cloud migration strategy June 16, 2026 ](https://www.sumologic.com/blog/best-practices-for-cloud-migration-strategy)[ OCSF for Security Hub: Sumo Logic and AWS speaking the same language September 30, 2025 ](https://www.sumologic.com/blog/sumo-logic-aws-ocsf-security-hub)[ Enhance your cloud security visibility with the updated AWS CloudTrail app July 16, 2025 ](https://www.sumologic.com/blog/enhance-your-cloud-security-visibility-with-updated-aws-cloudtrail-app)[ How to create and monitor an AWS Lambda function in Java 11 April 15, 2025 ](https://www.sumologic.com/blog/how-to-write-aws-lambda-function-in-java8) [AI Instructions](https://www.sumologic.com/ai-instructions.md)