Sold by: Sumo Logic Inc.
Deployed on AWS
Monitor your entire AWS environment in minutes. Sumo Logic integrates with your AWS SaaS services, providing unparalleled visibility into your cloud infrastructure and security data at scale.
4.4
Overview
Logs for Security provides a unified security and compliance audit view of your AWS infrastructure and insight into threat activity across that environment. It leverages native AWS tools and telemetry to accelerate the work of development, operations, security, and reliability management teams in maintaining security, monitoring their environment, and managing their risk and attack surface.
Modern ever-changing cloud environments need ongoing audits of configuration, vulnerability, versioning, activity, and other factors to ensure they are well maintained and not subject to vulnerability created by aging or drifting configuration, access rights, or software. Logs for Security helps teams get rapid, ongoing security visibility into the diverse aspects of their environment and provides customizable alerting, evaluation, and remediation of issues.
Sumo Logic rapid onboarding process makes setup easy, allowing AWS users to visualize and begin improving the security posture of their environments in minutes.
New Sumo Logic AWS Built In automation and integration. An AWS Certified deployment that reduces the time and effort to configure your multi-account environment, starting with AWS Control Tower and key Cloud Foundational Services to achieve a stronger security posture that drives efficiency and reduces risk in your business critical applications.
The price below is for a two year subscription to ingest up to 5 GB per day. If you require more than 5 GB per day, please contact your AWS sales representative.
Highlights
- Unified security visibility and analytics across your entire AWS environment using native and 3rd-party data sources.
- Integrated threat intel which accelerates threat detection and reduces the time to detect and investigate
- Global Intelligence Service that creates statistical baselines for Amazon GuardDuty and AWS CloudTrail to help accurately pinpoint investigations and resources
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/24 months |
|---|---|---|
5GB/Day Ingest | 5GB/day ingest with 365 days retention | $13,350.00 |
Vendor refund policy
Please see seller website for refund details.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Start by visiting Sumo Logic Support at https://support.sumologic.com/support/s/ or email us directly at support@sumologic.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Sumo Logic Inc.
By CrowdStrike
By Rapid7
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Security Monitoring
Provides unified security and compliance audit view of AWS infrastructure with comprehensive threat activity insights
Threat Detection
Integrates native AWS tools and telemetry to accelerate security monitoring and risk management across cloud environment
Cloud Configuration Analysis
Performs ongoing audits of configuration, vulnerability, versioning, and activity to identify potential security drifts
Threat Intelligence Integration
Leverages Global Intelligence Service to create statistical baselines for Amazon GuardDuty and AWS CloudTrail for precise investigations
Multi-Account Security Management
Supports automated deployment and integration across multi-account AWS environments using AWS Control Tower and Cloud Foundational Services
Cloud Security Posture Management
Unified cloud security platform providing continuous monitoring and management of cloud infrastructure security configurations
Threat Detection and Response
Advanced threat intelligence and detection capabilities with real-time monitoring and response across cloud environments
Container and Kubernetes Protection
Comprehensive security solution for containerized applications and Kubernetes environments with runtime protection
Multi-Cloud Coverage
Seamless security protection across AWS, Azure, and GCP cloud platforms with consistent security controls
Workload Runtime Protection
Automated discovery and protection for cloud workloads with lightweight agent-based security monitoring
Log Aggregation and Monitoring
Monitors entire IT environment by ingesting logs from CloudTrail, GuardDuty, EC2 network traffic, multiple AWS accounts, cloud services, on-premises networks, and remote endpoints
Threat Detection Analytics
Utilizes user and attacker behavior analytics with 900+ out-of-the-box detections and community threat intelligence to minimize false alarms
Compliance Monitoring
Supports log, event, and File Integrity Monitoring (FIM) requirements for compliance frameworks like PCI, HIPAA, and GDPR
Advanced Defense Mechanisms
Implements layered security defenses through honeypots, honey credentials, and honey files to detect potential intrusions
Investigation Capabilities
Provides detailed log timelines and automated response workflows to cut investigation times and enable rapid incident response
Standard contract
No
No
No
Customer reviews
Migell Roberts
Security insights have enabled faster incident response and streamlined cross-team collaboration
Reviewed on Jan 15, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Sumo Logic Security is relying on it for security insights when it comes to security alerts. This is heavily used by people who are on a weekly on-call rotation to ensure that security incidents from Sumo insights are actioned on and remediated.
A specific example of a security incident where Sumo Logic Security played a key role is when, about a couple of weeks ago, we had an incident where a user was a victim of a click-fix attack. Sumo Logic Security was able to determine that this user had performed some risky activity and also correlated the fact that the URL was associated with that incident. We were able to determine the involved entities, which included the user's device, and we were able to quickly action on it and perform a reset of the user's account in order to begin the remediation process.
In addition to the previous points, I use Sumo Logic Security for a lot of the enrichments when it comes to insights as well. An example of this is when we receive insights regarding a user entity, we are able to use Sumo enrichment automation to get user details including their manager. This is definitely beneficial in an example such as the one I provided earlier where a user was compromised, where we can at least know who the proper chain of command is if that needed to be used in that specific incident.
What is most valuable?
The best features Sumo Logic Security offers, in my opinion, are the ones that allow you to use dashboards as enrichments. For example, we had a situation where there was a suspected compromise on a specific server, a database server to be exact, and so we linked an enrichment action in the CSE component to then point us to a Qualys dashboard. In this specific case, the suspected server was suspected as being compromised, and we were able to check any available vulnerabilities from the Qualys dashboard itself by using it as an action in Sumo Logic Security.
We use the dashboard enrichment feature in Sumo Logic Security when alerts pertain to specific entities, and we use it a lot. For example, we will get insights for server entities, and it is easy for us to pivot over to a dashboard when it comes to an enrichment perspective to determine if there are any actual vulnerabilities related to it. Another example is if we have an AWS related entity, we can pivot over using an enrichment action to navigate to one of the AWS dashboards to get some quick information pertaining to the specific entity involved in the insight.
Sumo Logic Security has positively impacted my organization by increasing engagement with different teams. For example, we have the database team being onboarded to Sumo Logic Security regarding their database logs, where they use it to monitor their database when it comes to informational all the way up to critical types of events, and they use it for alerting as well. This is due to the fact that they were not able to find any solution that can provide this type of functionality for them, and they have pivoted to Sumo Logic Security for their needs.
From this increased engagement, we are able to respond faster to incidents. For example, if they are seeing a type of activity that involves a user or an admin that is not supposed to be logging in at a specific time, they do get alerts on that. In addition to that, they are able to save time on fewer alerts because we are able to perform tuning on the logs to be able to only get relevant or security relevant incidents.
What needs improvement?
To improve Sumo Logic Security, I would appreciate the tool being easier to use from a search perspective. For example, we have a few teams that want to use the tool itself, but they are not as savvy when it comes to creating searches from the core platform. I understand that Mobot has come out and is in the works, and it really does assist non-savvy users when it comes to querying the platform. As far as that is concerned, I wish that could be improved a bit more, but I do know that that is in the works.
I would add that I wish for improved documentation. For example, we are using Sumo Playbooks and automation integrations along with that, but I have found that there has been a lack of documentation, very little to none at all when it comes to that. With regards to automation integrations as well, there are very few details included in them. I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS.
I chose eight out of ten because to make it a nine or ten, I would lean heavily on the documentation. A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking. There are instances also where some security best practices are not being followed. So, if we are able to set up an integration that is not only secure, following security best practices, and has complete documentation, I believe it would alleviate the issue of having to go back and forth with support to check the documentation and things of that nature.
My impression of the built-in threat intelligence feature in Sumo Logic Security is that it is comprehensive, but I would say that it could do a little bit better. For example, we have the TAXI feeds, which is STIX and TAXI integrated into the core platform, but the issue I am running into is that I am able to use that feed into a CSE alert; however, I am not able to see the contents of that feed. If I integrate CISA, which we do have integrated, I cannot see what IOCs are in that feed in the core platform, and I hope that is the case because, in order for us to better tune our alerts, we need to be able to see what is in the contents of that threat intelligence feed.
For how long have I used the solution?
I have been using Sumo Logic Security for three years.
What other advice do I have?
We are actually using both out-of-the-box and custom rules from Cloud SIEM Enterprise, and it has been really great because we have a variety of ways to create rules based on our needs, such as match rules. What I really do appreciate are the first-seen rules that we can use in a fashion to determine a baseline of normal versus unexpected behavior depending on the entity, and I really do enjoy these.
In terms of threat intelligence, I was able to integrate, as an example, AlienVault , and using their actions, automated integrated actions into playbooks to enrich certain entities such as IPs, domains, URLs, and hashes. It has been very paramount to how we operate due to the fact we can all stay in the same single platform of Sumo Logic Security without having to reach out to different third-party sources, opening up different browsers, essentially saving time on trying to respond to an incident or review an incident. It has been really good in terms of integrating and using the threat intelligence features.
I find Sumo Logic Security's AI-driven analytics effective in reducing analyst workload and response times, and I have seen a difference since using those features. For example, we are using the anomaly-based AI detections in Sumo monitors, and I would say that it has been good, but the reason I say it could be better is the fact that we are seeing a bit of some false positives when it comes to understanding what is typical normal behavior and relying on AI to understand what normal behavior is versus what is unexpected. I found that when using this type of monitor, I do have to do quite a bit of tuning, which I would hope the AI would be a little bit more robust and essentially leave me hands-off when it comes to this.
My advice to others looking into using Sumo Logic Security is to look at the customer service side of things. The product can be great, but if the customer service side of things fails, I think pretty much the rest follows. I would also advise them to look at the automation features, for which Sumo Logic Security has been pretty great in expanding that realm. I think those are going to be the two main things as we are moving a lot more towards being hands-off with automation and also being able to utilize support and getting timely answers. Those would be the two key factors of looking at or giving advice when it comes to Sumo Logic Security.
I have additional thoughts about Sumo Logic Security in that I do appreciate the product. It can be as vague as you want to or as detailed as you want to when it comes to getting telemetry information from the product itself. That is what I appreciate about Sumo Logic Security. Overall, I am happy with the product, just a few hiccups here and there. I provided a rating of eight out of ten for this review.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Accounting
Powerful, Fast, and Effortless Data Insights
Reviewed on Jan 12, 2026
Review provided by G2
What do you like best about the product?
The platform remains incredibly powerful yet accessible. The ease of use in terms of getting data in and the speed of the query language are top-tier. I appreciate how quickly you can go from a raw log to a meaningful visualization. The pre-built dashboards and the App Catalog make it easy to get immediate value without having to build everything from scratch. It feels like a platform built for engineers who need answers fast, not just a storage bin for data.
What do you dislike about the product?
The new UI is a significant pain point. Specifically, the removal of the internal tabbing system has disrupted my workflow. In the old UI, I could manage multiple searches and dashboards within one browser window effortlessly. The new "browser-native" tab approach feels cluttered and makes it much harder to pivot between concurrent investigations without losing my place. Additionally, the navigation in the new UI feels more "click-heavy" and less intuitive for those of us who grew used to the classic layout.
What problems is the product solving and how is that benefiting you?
Sumo Logic solves the problem of data silos. Before using it, we had to hop between different servers and cloud consoles to find logs; now, everything is indexed in one place. This has drastically reduced our Mean Time to Resolution (MTTR). The benefit is that my team spends less time "hunting" for the cause of a bug and more time actually fixing it, which keeps our systems more reliable for our users.
Oren A.
Powerful Log Analysis, But Pricing and Learning Curve Need Improvement
Reviewed on Jan 11, 2026
Review provided by G2
What do you like best about the product?
Good log aggregation and analysis capabilities with a decent search functionality
What do you dislike about the product?
The pricing model can be complex and expensive for growing businesses, and the query language has a steep learning curve
What problems is the product solving and how is that benefiting you?
Sumo Logic helps with centralized log management and monitoring, making it easier to track application performance and troubleshoot issues across distributed systems
Arvind K.
Robust Log Ingestion Across AWS, Kubernetes, and SaaS
Reviewed on Dec 30, 2025
Review provided by G2
What do you like best about the product?
Robust at ingesting logs from multiple sources and environments (AWS, Kubernetes, SaaS services).
What do you dislike about the product?
Steeper learning curve compared to simpler tools.
Query language and setup can be tricky for new users
Query language and setup can be tricky for new users
What problems is the product solving and how is that benefiting you?
Modern systems generate tons of logs across servers, apps, cloud services, containers, databases, etc. Sumo Logic collects all these in one place so you can search, analyze, and correlate events without juggling siloed log sources.
arvind k.
Game-Changer for Cloud-Native Observability
Reviewed on Dec 20, 2025
Review provided by G2
What do you like best about the product?
Sumo Logic excels at unifying logs from Kubernetes and AWS, slashing MTTR through real-time correlation, my favorite for chaotic microservices debugging.
What do you dislike about the product?
Query learning curve frustrates quick starts, though power users adapt fast.
What problems is the product solving and how is that benefiting you?
Transforms security noise into prioritized alerts, cutting false positives and compliance audits effortlessly