The best features Sumo Logic Security offers, in my opinion, are the ones that allow you to use dashboards as enrichments. For example, we had a situation where there was a suspected compromise on a specific server, a database server to be exact, and so we linked an enrichment action in the CSE component to then point us to a Qualys dashboard. In this specific case, the suspected server was suspected as being compromised, and we were able to check any available vulnerabilities from the Qualys dashboard itself by using it as an action in Sumo Logic Security.

We use the dashboard enrichment feature in Sumo Logic Security when alerts pertain to specific entities, and we use it a lot. For example, we will get insights for server entities, and it is easy for us to pivot over to a dashboard when it comes to an enrichment perspective to determine if there are any actual vulnerabilities related to it. Another example is if we have an AWS related entity, we can pivot over using an enrichment action to navigate to one of the AWS dashboards to get some quick information pertaining to the specific entity involved in the insight.

Sumo Logic Security has positively impacted my organization by increasing engagement with different teams. For example, we have the database team being onboarded to Sumo Logic Security regarding their database logs, where they use it to monitor their database when it comes to informational all the way up to critical types of events, and they use it for alerting as well. This is due to the fact that they were not able to find any solution that can provide this type of functionality for them, and they have pivoted to Sumo Logic Security for their needs.

From this increased engagement, we are able to respond faster to incidents. For example, if they are seeing a type of activity that involves a user or an admin that is not supposed to be logging in at a specific time, they do get alerts on that. In addition to that, they are able to save time on fewer alerts because we are able to perform tuning on the logs to be able to only get relevant or security relevant incidents.

The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.

Sumo Logic's diverse log sources support very much for my digital transformation, and this is a strong side of the system. They have wide support for connectors, enabling me to implement almost any system with webhooks and connect whatever I want, so this aspect is definitely a strong side of this product.

Sumo Logic Security offers a single dashboard and customization, which are the most valuable features. Additionally, it has a cost-effective structure because it is based on data storage and the number of scans, rather than uploading data. This cost model impacts the customers positively by offering a more straightforward pricing structure.

The Log Analytics platform is the most effective. If we cannot find the data in other tools, like email security or NDR, we can fetch those logs in the Log Analytics platform of Sumo Logic. That is the one best feature that I can suggest.

Sumo Logic Security is a good solution for searching the logs and identifying the issues. Sumo Logic Security searches the logs to identify issues easily. Suppose we got an issue related to the application 500 error. We store the application logs in Sumo Logic Security. We can easily search those logs to identify where exactly we are facing the application 500 error.

The solution is automated. It has a good number of extensions like CrowdStrike and AWS extensions. It is very useful. We can integrate threat intelligence solutions into the product.

The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI.

It offers real-time observability. We're able to catch real issues right away. 

We can manage multiple screens with multiple panels. 

It's an easy solution to learn. It's also very easy to use.

The solution has been very stable.

Technical support is always great. They are very helpful.

It can scale well.

Pricing is reasonable. 

The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs.

What I like most is the ability to create custom alerts.

They have a really, really rich query language. I don't know the name of the product offering. I'm sure they have a specific name in the solution, but basically being able to pull all that data in, and be able to build queries in a query language and map that to actions; whether that's alerting or triggering events. And that's really where our SecOps team spends most of their time — trying to look at the forensics, look at the information, and map it to some meaningful event. And they just build all these different queries that map to those events or alerts.

The tool has key features like operability. It will alert the admins whenever a device is onboarded.

There are a lot of things we like about this product. 

One is the log aggregation. It basically gives a list of matching patterns on most of the logs. When dealing with something like live error messages etc., you can group by similarities.  That way it is very easy to know where things are in real-time. It has helped us in terms of doing a top-down debugging. If, for example, you see a certain error message or an exception, then you double click to see where exactly it has affected the system. That way, at every stage you are able to go one level deeper until you find the root cause, through the logs or by other means. This is something which I find it really helpful. There are other ways within a window you can search as well. You can find out what happened one or two days before or one or two minutes before this message. It helps you follow a trail of events that will lead you to a particular state.

Users can also do a comparison with regard to the filing. Let's say, for example, you see a certain error come up today, and if you are interested in how was it yesterday or the day before, or maybe 17 days ago, you can take a look. This is one of the features that I found really helpful. 

The solution offers capture host metrics as well. Basically it could be the RAM utilization, CPU, or pretty much everything around the host, including the health of the host. That also comes in handy when we are debugging.

The out of the box applications were very useful for us. We also use the Threat Intelligence integration for our security monitoring.

• It's reliable.
• The Curry language is easy to use once you get used to it. 
• The user interface is pretty responsive. 

Therefore, it was a cost value proposition decision.

With the alerting dashboards, you can set up some patterns. Then, on these patterns, you will automatically get alerts.

• The tools that they have for searching through logs.
• Doing log comparisons.
• Time shifting the logs.
• The dashboards are good.

Being able to join logs together across many services and servers.

The key features that we have been using:

• The ability to troubleshoot production issues.
• Set up monitoring for errors. 

• The search
• Email alerts

The dashboards are great. We use them for monitoring certain events when they happen to see if we want to act upon them. The monitoring pages and the alerting pages are also very handy.

We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues.