---
title: "From weeks to minutes: How Sumo Logic’s historic baselining supercharges UEBA"
page_name: "From weeks to minutes: How Sumo Logic’s historic baselining supercharges UEBA"
type: "blog"
slug: "sumo-logic-historic-baselining"
published_at: "2025-08-07"
modified_at: "2025-08-07"
url: "https://www.sumologic.com/blog/sumo-logic-historic-baselining"
canonical: "https://www.sumologic.com/blog/sumo-logic-historic-baselining"
markdown_url: "https://www.sumologic.com/blog/sumo-logic-historic-baselining.md"
lang: "en"
excerpt: "Discover the latest update to Sumo Logic’s Cloud SIEM: historic baselining. Learn how it enhances UEBA and accelerates threat detection to improve your security operations."
taxonomy_blog_category:
  - "Cloud SIEM"
---

[ All blogs ](https://www.sumologic.com/blog "blog")[Cloud SIEM](https://www.sumologic.com/blog/cloud-siem)

# From weeks to minutes: How Sumo Logic’s historic baselining supercharges UEBA

[Adam White](#blog-author-block-334)

August 7, 2025

2 min read 

[Cloud SIEM](https://www.sumologic.com/blog/cloud-siem)

##### Table of contents

 

 

 

Spotting threats fast and knowing whether they really matter is the name of the game in cybersecurity. That’s where [user and entity behavior analytics (UEBA)](https://www.sumologic.com/glossary/ueba) comes in, and why Sumo Logic’s latest innovation, historic baselining, is a big deal.

With this release, Sumo Logic has turned the old UEBA model on its head, delivering insights that used to take weeks of learning time in just minutes. Here’s how and why that’s a game changer.

## What is UEBA?

UEBA is a way of detecting threats based on user behaviors and patterns instead of static rules. It tracks how users, devices, and systems typically operate, and flags suspicious activity.

Think of it like a smart security guard who learns everyone’s routines. When someone shows up at an odd time or tries to enter a restricted area, the guard knows something’s off.

The catch? Traditional UEBA needs time to learn. Most tools take weeks (or even months) of data before they’re useful. Meanwhile, alerts are either overly generic or riddled with false positives. But historic baselining alleviates this, so you can quickly respond to threats.

## Sumo Logic’s breakthrough: Historic baselining

With its[ June 2025 Cloud SIEM update](https://help.sumologic.com/release-notes-cse/2025/06/02/application/), Sumo Logic introduced historic baselining, which allows teams to use weeks of historical behavior data immediately.

That means:

- No more waiting for the system to “learn” over time.
- No more guesswork on whether something is normal.
- And no more being blindsided by an anomaly that slipped through the cracks.

Sumo Logic now blends historical intelligence with real-time detection, giving you the context you need, when you need it.

## Where it works

This capability now powers key detection methods in Sumo Logic’s[ Cloud SIEM](https://www.sumologic.com/solutions/cloud-siem):

- [Outlier Rules](https://help.sumologic.com/docs/cse/rules/write-outlier-rule/#baselines-for-outlier-rules) now use percentile-based baselines across weeks of data, not just static thresholds, so your alerts are based on your environment’s real patterns, not arbitrary numbers.
- [First Seen Rules](https://help.sumologic.com/docs/cse/rules/write-first-seen-rule/#baselines-for-first-seen-rules) now account for how often something has appeared historically, reducing false positives from rare-but-legitimate events.

In both cases, Sumo Logic is using past behavior to make smarter decisions instantly.

## What’s the big win?

The value of historic baselining comes down to speed and accuracy. Security teams don’t have the luxury of time when threats hit, and they can’t afford to chase down every anomaly that ends up being nothing.

With this feature, you get:

- [Rapid threat detection](https://www.sumologic.com/solutions/threat-detection) with the context of weeks of behavior
- Significantly reduced false positives
- No long learning curves or tuning cycles
- Smarter alerts, better prioritization, and faster response

With this update, you can [build an intelligent security operation](https://www.sumologic.com/blog/rsac-intelligent-security-operations) to help you work faster and improve your security workflow.

## Bottom line: Security teams just got a whole lot smarter

Sumo Logic’s UEBA historic baselining is more than a feature; it’s a rethink of how behavioral analytics should work.

You get the depth of long-term analytics with the speed of real-time insights. In a threat landscape where every minute counts, that’s a massive upgrade.

Want to see how it works in action? Explore [Sumo Logic Cloud SIEM.](https://www.sumologic.com/demo/complete-threat-detection-investigation-and-response-demo)

### Article Tags

- [Cloud SIEM](https://www.sumologic.com/blog/cloud-siem)

Adam White

Senior Director Technical Marketing

Adam White is a seasoned leader in technical marketing and solutions engineering, specializing in go-to-market strategy, messaging, and enablement. With nearly two decades of experience, he has built and led high-performing teams, driven revenue growth, and shaped industry-leading programs across a variety of business functions. Adam is a husband and father of three teenagers. In his spare time, he’s a vintage electronics and hi-fi nerd (think vacuum tubes) and a collector of too many amplifiers, guitars, and effects pedals.

[](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=From%20weeks%20to%20minutes%3A%20How%20Sumo%20Logic%E2%80%99s%20historic%20baselining%20supercharges%20UEBA&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fsumo-logic-historic-baselining "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fsumo-logic-historic-baselining "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fsumo-logic-historic-baselining "Linkedin")

[Previous blog

See entity-centric detection in action at Black Hat 2025](https://www.sumologic.com/blog/entity-centric-detection-black-hat-2025)[Next blog

Why Prometheus isn’t enough to monitor complex environments](https://www.sumologic.com/blog/prometheus-monitoring)

People who read this also enjoyed

[  

Before you replace your SIEM: AI-driven security requires operational context, not just centralized data

May 21, 2026

 

 ](https://www.sumologic.com/blog/before-you-replace-your-siem)[  

Closing the AI compliance and visibility gap: Integrate the Claude Compliance API with Sumo Logic

May 21, 2026

 

 ](https://www.sumologic.com/blog/sumo-logic-claude-compliance-api-integration)[  

How to secure cloud workloads without building a full-scale SOC

April 30, 2026

 

 ](https://www.sumologic.com/blog/secure-cloud-workloads-with-limited-resources)[  

Observability is security (We just pretended it wasn’t)

April 28, 2026

 ](https://www.sumologic.com/blog/observability-is-security)

[AI Instructions](https://www.sumologic.com/ai-instructions.md)