reference deployment

Sumo Logic Security Integrations on AWS

Automated collection of security events from AWS security services

This Quick Start automatically deploys Sumo Logic Security Integrations on the Amazon Web Services (AWS) Cloud.

Sumo Logic is focused on continuous intelligence, a new category of software that addresses data challenges presented by digital transformations, modern applications, and cloud computing. The Sumo Logic Continuous Intelligence Platform automates the collection, ingestion, and analysis of applications, infrastructure, security, and Internet of Things (IoT) data to derive actionable insights.

Similar to security information and event management (SIEM) software, Sumo Logic uses apps to collect security events generated by AWS and other security services to provide an aggregate view of overall security and compliance posture. This Quick Start deployment is for users who want to set up and configure the Sumo Logic console for 12 AWS services that provide security analytics.

portworx logo

This Quick Start was developed by Sumo Logic
in collaboration with AWS. Sumo Logic
is an APN Partner.

  •  What you'll build
  •  How to deploy
  •  Cost and licenses
  •  What you'll build
  • Use this Quick Start to automatically set up the following serverless architecture on AWS:

    • Amazon GuardDuty to detect malicious activity and behavior to protect AWS accounts and workloads.
    • Amazon Virtual Private Cloud (Amazon VPC) Flow Logs to capture information about IP traffic going to and from network interfaces.
    • AWS Security Hub to assess security alerts and security posture across AWS accounts. Security Hub relays security events to Amazon CloudWatch.
    • AWS WAF to protect your web applications from common web exploits.
    • AWS Config to record and evaluate configurations of your AWS resources.
    • AWS CloudTrail to track user activity and API (application programming interface) usage.
    • Amazon CloudWatch for relaying the VPC logs to the Lambda function.
    • Amazon Kinesis Data Firehose delivery streams to transfer logs from AWS WAF to Amazon Simple Storage Service (Amazon S3) buckets.
    • A Lambda function to create a collector and install apps.
    • S3 buckets to capture logs from the various services.
    • Sumo Logic collector and sources to receive logs from the S3 buckets.
    • Amazon Simple Notification Service (Amazon SNS), which is triggered by S3 bucket events.
    Amazon Simple Storage Service (Amazon S3)
    Amazon Simple Storage Service (Amazon S3)
  •  How to deploy
  • To deploy Sumo Logic Security Integrations on AWS, follow the instructions in the deployment guide. The deployment process takes about 10 minutes and includes these steps:

    1. Prepare your Sumo Logic account. If you don’t already have a Sumo Logic enterprise account, create one at https://sumologic.com.
    2. If you don't already have an AWS account, sign up at https://aws.amazon.com, and sign in to your account.
    3. Launch the Quick Start.
    4. Test the deployment.
    5. Post-deployment steps.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.  

  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start. There is no additional cost for using the Quick Start. For Sumo Logic pricing information, see the Sumo Logic website.

    The AWS CloudFormation templates for this Quick Start include configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy the Quick Start, we recommend that you enable the AWS Cost and Usage Report to track costs associated with the Quick Start. This report delivers billing metrics to an S3 bucket in your account. It provides cost estimates based on usage throughout each month, and finalizes the data at the end of the month. For more information about the report, see the AWS documentation.