loader image
Mindflow won the Jury Prize at the FIC 2022 Startup Award! Get a demo to transform your SecOps forever.

TYPE OF TOOLS

CATEGORIES

Sumo Logic SIEM x Mindflow

Sumo Logic SIEM

By mindflow

Mindflow and Cloud Logic have partnered to enable users to automate their incident management and better protect their information systems.

Sumo Logic SIEM Overview

Sumo Logic SIEM is a cloud-native solution that automatically analyzes and correlates alert data to increase your SOC efficiency to discover and resolve threats.

Security Signals

Sumo Logic SIEM first relies on Signals. Signals are a collection of alerts that have been identified through pattern and threat intelligence matching, correlation logic, statistical evaluation, and anomaly detection of your log data by Sumo Logic. Each of these Signals is tagged according to the MITRE ATT&CK framework to provide context.

Actionable insights

Insights are the key output of Sumo Logic SIEM Enterprise, designed to enlighten security analysts and focus their time and attention on crucial threats to the business.

Insight uses a Signal clustering algorithm to group related Signals to accelerate alert triage. It also provides a powerful view back in time, evaluating all Signals associated with a device for the last 30 days. Once the algorithm determines aggregated risk surpasses a threshold, it automatically generates an Insight.

Threat investigation

Sumo Logic Cloud SIEM ingests and analyzes security telemetry and event logs and reassembles network traffic flows into rich protocol-level network sessions, extracted files, and security information. Sumo’s deep library of cloud API integrations can pull security telemetry directly from sources such as VMware Carbon Black, Okta, AWS GuardDuty, and Office 365. Analysts can see raw network traffic details, related connections, and protocol activity and gain visibility into East/West network traffic.

Intuitive collaborationBenefits

  • Collaboration across users, networks, devices, alerts, cloud services to enrich contextualization
  • Automation of manual and repetitive validation tasks to free up analysts’ time to make advancements in identifying new threats
  • Cloud-native infrastructure makes Sumo Logic capabilities scalable to significant data ingestion
  • Enables analysts to perform high-value risk-reduction activities like threat hunting, response, and remediation
  • Threat Signals grouping into Insights, reducing manual triage efforts and bringing context

Related integrations