My main use case for Sumo Logic Security is relying on it for security insights when it comes to security alerts. This is heavily used by people who are on a weekly on-call rotation to ensure that security incidents from Sumo insights are actioned on and remediated.

A specific example of a security incident where Sumo Logic Security played a key role is when, about a couple of weeks ago, we had an incident where a user was a victim of a click-fix attack. Sumo Logic Security was able to determine that this user had performed some risky activity and also correlated the fact that the URL was associated with that incident. We were able to determine the involved entities, which included the user's device, and we were able to quickly action on it and perform a reset of the user's account in order to begin the remediation process.

In addition to the previous points, I use Sumo Logic Security for a lot of the enrichments when it comes to insights as well. An example of this is when we receive insights regarding a user entity, we are able to use Sumo enrichment automation to get user details including their manager. This is definitely beneficial in an example such as the one I provided earlier where a user was compromised, where we can at least know who the proper chain of command is if that needed to be used in that specific incident.

The main use case for Sumo Logic Security is as a SIEM platform where our customers prefer it to gather logs from multiple places and have good detections, especially Sumo Logic insights, which is helping us a great deal to detect and correlate logs from different platforms and consolidate them into one insight. It helps for investigation and analysis. The major part is threat detection and threat analysis.

Sumo Logic Security encompasses all three areas: SIEM, SOAR, and log management.

My main use cases with Sumo Logic Security are the same as Splunk; it is not log management, but rather security events and information, a security information system like SIEM.

I use Sumo Logic Security.

My clients use Sumo Logic Security depending on their needs. Some of my clients are looking for network visibility and observability, while others focus on the security aspects, utilizing the Sumo Logic SIEMs.

We primarily use Sumo Logic as a SIEM, Security information and event management tool. It serves as a Cloud SIEM and is utilized for alert monitoring, insight monitoring, and as a continuous intelligence platform.

We use Sumo Logic Security for logging purposes. We store and monitor application logs and VPC flow logs in the solution.

The product is a log aggregator of all the logs from all our environments, including AWS. Our infrastructure is deployed on AWS. We ship all logs to Sumo Logic. Based on the logs, we create alerts. These alerts are sent to an email ID, which creates tickets.

We are using Sumo Logic Security for security monitoring.

We primarily use the solution for security as well as application monitoring. We use it for security as well. 

Our primary use case for this solution is logging and monitoring. We have dashboards for monitoring the performance and health of our applications and logins.

I use it for the log monitoring of our legacy site. We typically monitor the event timestamps.

We've got it integrated into all of our production assets and our IT assets, like Okta and all the SaaS stuff that we need to manage our IT environment. It's plugged into pretty much everything.

Primarily, we use it for security alerting. We plug it into Amazon and it lets us know when people log into different accounts, change privileges, log into production, etc. We also have it integrated on the IT side too — we have it integrated into our SSO provider. We want to know if someone logs in too many times or how frequently they try to log in, whether they get locked out or not. It generates alerts. We're starting to roll it out in terms of forensics on our audit logs.

Company-wide, if it is part of our certification process, if we buy a SaaS service, it has to integrate with a SIM — it has to provide audit logs. There are a couple of other criteria that we have: it's got to have a split SSO, it has to have a supported SIM, and it's got to support audit logs. All the read-only audit logs get dumped into Sumo Logic as well, and the security team monitors all of that.

Our DevSecOps team mainly uses this solution.

We mainly use the solution to take advantage of the debugging logs and application logs, which are the production systems that we have. All of these are running these Sumo Logic agents. They keep communicating with the logs and are pushing to the Sumo Logic servers. Basically, we use it for our application debugging. 

We also push the balance of our logs to Sumo Logic. That is for our workarounds. It helps us to get to know the health of our application from the load balancer point of view. We pull for certain error messages within the logs, let's say, for example, exceptions, or errors, etc. We use certain patterns that we want to be highlighted for notification purposes. These are running continuously and whenever certain text patterns are found and are beyond a certain threshold, we get notified so that we can take some corrective actions.

Logging all operational and security events in our enterprise environment. We use Sumo Logic to monitor all the applications that we run in the Amazon AWS cloud; we use Sumo Logic to monitor the security posture of our AWS IaaS with CloudTrail, VPC flow, S3 audit, GuardDuty, and EKS services. 

We use it for logging and alerting for cloud only applications.

We are only use it from the cloud.

Sumo Logic is for logging. You can use it as a centralized logging management system. You can send all your application logs to Sumo Logic, then you will receive a clear dashboard where you can see if there are any issues in you operations. It is pretty easy to troubleshoot any issues on your application using Sumo Logic.

We use it for monitoring and alerting on application logs.

We use it to keep our information database.

Our primary use case is application log tracing and monitoring. It does a good job of meeting our needs, in terms of alert monitoring.

The primary use is incident alerting.

We use it for ingestion of VPC flow logs, CloudTrail logs, and config logs from AWS.

It is primarily for storing logs, then making reports out of the logs and also alert. If something goes up or down, or reaches a threshold, then we are on alert for that.

We use it to send our devices logs. It looks for application errors during the development, QA, and production. We also use it for troubleshooting in a production environment.

We use only the AWS version.