Sumo Logic Dashboard Navigation Demo Lab

00:00

everyone welcome back to the course. So in the last video, we just briefly showed you how to sign up for a trial version of sumo logic again. In this course, I'm using a demo version that I've got preset, pre configured and everything. So I'll be using a different data set than you'll be using, but you can use a trial version. You can ingest your own data in there

00:19

and play around a little bit to get familiar with sumo logic.

00:23

So in this video, we're just gonna go over a brief navigation of the dashboard, at least the screen that I'm going to be using. So the demo environment I'm using and then in the next couple of videos in the next module, we're gonna go ahead and jump into a couple of different case studies again. I want to stress all the downloadable resource is for this course are under the resource tab. So

00:42

be sure you download that. You can continue on with the course.

00:46

So as I mentioned after we log into the Suma Logic dashboard, we're just gonna take a basic navigation here, and then we'll install some maps. Once we do the actual case studies will install some maps and you'll see what I'm talking about here in just a moment or so.

01:00

So the first thing we're going to do once we've logging is on the left side. We're going to select down here on the left. Worst has managed data

01:06

were to select that and then we're to choose to collection option. You see, we got some other options here with alerts, etcetera. But we're gonna look at collections who we can actually take a look at our data.

01:17

So once we've selected collection will be at this screen here, and then we can go ahead. And what we want to do is we want to search for AWS services. So you'll see. I've already searched for it in the past, so I'm just gonna select that, but you can type years in,

01:30

and then we're just gonna go ahead and search for that particular data.

01:34

So once we make that search, what you'll notice is that we can see things like our cloud trail data. For example, we get CRL be or elastic load balancer data.

01:44

We can also see things like rvp see flow date. If we scroll down here a little bit. You see, the VPC right there

01:49

landed data, etcetera, so we could see you. Basically all of our AWS data, Right?

01:53

So the next thing we're going to do is take a look over here and you notice that all of this all these data sets have a particular tag with them and we'll come back to the tags in the key studies, you'll notice that we're gonna add some tags in the Kate when we do the case studies. But just keep in mind that you can tag the data,

02:13

and basically these tax could be used to set up visual alerts later on.

02:17

So, under the AWS cloud trail data, let's just go ahead and pick on that one there. And what we're going to do is we're gonna select this option right here that says open and log search again. If you're following along with this course, your data sets gonna be looking probably different and you'll see different data coming in. But if you've ingested data from your AWS environment,

02:37

you should have some AWS cloud trail data in most instances.

02:40

So we're going to select this open and log search option here.

02:44

What this is going to show us is it's going to show us the raw data that's coming in for cloud trail. So these were going to be the actual cloud trail events that are being recorded.

02:53

And

02:54

really, this isn't human readable, right? Some humans can read this, but it's really not very visually appealing to us. So it's It's a little challenging for most people to be able to read what we're seeing here. So the way we're going to do this is we're gonna use the sumo logic app catalogue, and I talked about the case studies we're gonna be doing, So we're gonna be basically

03:13

in case study number one that's coming up in the next video.

03:15

We're gonna be taking this raw data and putting it in to an app to make it a little more human readable so we can understand what this data is, what we're actually seeing here

03:25

now if we select here on the left side of re selecting APP catalogue, that's where we'll be going in the next couple of videos. But in the APP catalogue, you'll see here that we've got all sorts of APS for all sorts of various AWS services. Right, So we see a cloud trail, which we will be using in case case study number one in the next video, we'll also see things like our guard duty,

03:46

our VPC flow, elastic load balancing, etcetera, etcetera, right. There's all sorts of gaps in this catalog here.

03:53

Now, in case study number two, we're gonna be using a crowdstrike app for threat until

03:59

and we see a little pop up there there, we could ignore that.

04:01

So if you get a message like that, I just got in here again. I'm in a demo environment, so I get some of those pop ups here and there, but we've got various APS here. You can ignore that particular air if you see it on your side if it's not relevant to what you're doing.

04:15

So we've got various APS in the catalogue here that we can use, and again we're gonna be taking a look. A couple of those coming up in the case studies and then also on the left side here, you got your basic administration, etcetera. Now, one thing you'll see in the case studies is that as we add some of the apse. You'll notice them showing up here. You'll notice a folder being created. For example,

04:32

you'll notice AWS Cloud Trail will have a folder Creative for that.

04:36

And then also when we do the threatened intel app from card strike will also have that folder is Well, once we added to our library.