{"id":49982,"date":"2025-08-07T10:29:58","date_gmt":"2025-08-07T18:29:58","guid":{"rendered":"https:\/\/www.sumologic.com\/?post_type=blog&#038;p=49982"},"modified":"2025-08-07T10:30:01","modified_gmt":"2025-08-07T18:30:01","slug":"sumo-logic-historic-baselining","status":"publish","type":"blog","link":"https:\/\/www.sumologic.com\/blog\/sumo-logic-historic-baselining","title":{"rendered":"From weeks to minutes: How Sumo Logic\u2019s historic baselining supercharges UEBA"},"content":{"rendered":"\n<section class=\"e-stn e-stn-0d652506f82b000a392973813b918ee25d5b4211 e-stn--glossary-inner-content e-stn--table-of-content\"><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-1f7b3997080fc292474d26ff00c905d99d3520fa e-col--content-wrapper  col-sm-12 col-lg-12 col-xl-12\">\n<div class=\"e-div e-div-a1b32f66e1749758df41d5aea14f647cd10e362c e-div--card-btn-link\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"200\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/UEBA-baselining_header_700x200.png\" alt=\"\" class=\"wp-image-49989\" title=\"\" srcset=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/UEBA-baselining_header_700x200.png 700w, https:\/\/www.sumologic.com\/wp-content\/uploads\/UEBA-baselining_header_700x200-300x86.png 300w, https:\/\/www.sumologic.com\/wp-content\/uploads\/UEBA-baselining_header_700x200-575x164.png 575w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Spotting threats fast and knowing whether they really matter is the name of the game in cybersecurity. That\u2019s where <a href=\"https:\/\/www.sumologic.com\/glossary\/ueba\">user and entity behavior analytics (UEBA)<\/a> comes in, and why Sumo Logic\u2019s latest innovation, historic baselining, is a big deal.<\/p>\n\n\n\n<p>With this release, Sumo Logic has turned the old UEBA model on its head, delivering insights that used to take weeks of learning time in just minutes. Here\u2019s how and why that\u2019s a game changer.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-is-ueba\">What is UEBA?<\/h2>\n\n\n\n<p>UEBA is a way of detecting threats based on user behaviors and patterns instead of static rules. It tracks how users, devices, and systems typically operate, and flags suspicious activity.<\/p>\n\n\n\n<p>Think of it like a smart security guard who learns everyone\u2019s routines. When someone shows up at an odd time or tries to enter a restricted area, the guard knows something\u2019s off.<\/p>\n\n\n\n<p>The catch? Traditional UEBA needs time to learn. Most tools take weeks (or even months) of data before they\u2019re useful. Meanwhile, alerts are either overly generic or riddled with false positives. But historic baselining alleviates this, so you can quickly respond to threats.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"sumo-logic-s-breakthrough-historic-baselining\">Sumo Logic\u2019s breakthrough: Historic baselining<\/h2>\n\n\n\n<p>With its<a href=\"https:\/\/help.sumologic.com\/release-notes-cse\/2025\/06\/02\/application\/\" target=\"_blank\" rel=\"noopener\"> June 2025 Cloud SIEM update<\/a>, Sumo Logic introduced historic baselining, which allows teams to use weeks of historical behavior data immediately.<\/p>\n\n\n\n<p>That means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>No more waiting for the system to \u201clearn\u201d over time.<br><\/li>\n\n\n\n<li>No more guesswork on whether something is normal.<br><\/li>\n\n\n\n<li>And no more being blindsided by an anomaly that slipped through the cracks.<br><\/li>\n<\/ul>\n\n\n\n<p>Sumo Logic now blends historical intelligence with real-time detection, giving you the context you need, when you need it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"where-it-works\">Where it works<\/h2>\n\n\n\n<p>This capability now powers key detection methods in Sumo Logic\u2019s<a href=\"https:\/\/www.sumologic.com\/solutions\/cloud-siem\"> Cloud SIEM<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/help.sumologic.com\/docs\/cse\/rules\/write-outlier-rule\/#baselines-for-outlier-rules\" target=\"_blank\" rel=\"noopener\">Outlier Rules<\/a> now use percentile-based baselines across weeks of data, not just static thresholds, so your alerts are based on your environment\u2019s real patterns, not arbitrary numbers.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/help.sumologic.com\/docs\/cse\/rules\/write-first-seen-rule\/#baselines-for-first-seen-rules\" target=\"_blank\" rel=\"noopener\">First Seen Rules<\/a> now account for how often something has appeared historically, reducing false positives from rare-but-legitimate events.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>In both cases, Sumo Logic is using past behavior to make smarter decisions instantly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-s-the-big-win\">What\u2019s the big win?<\/h2>\n\n\n\n<p>The value of historic baselining comes down to speed and accuracy. Security teams don\u2019t have the luxury of time when threats hit, and they can\u2019t afford to chase down every anomaly that ends up being nothing.<\/p>\n\n\n\n<p>With this feature, you get:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.sumologic.com\/solutions\/threat-detection\">Rapid threat detection<\/a> with the context of weeks of behavior<\/li>\n\n\n\n<li>Significantly reduced false positives<\/li>\n\n\n\n<li>No long learning curves or tuning cycles<\/li>\n\n\n\n<li>Smarter alerts, better prioritization, and faster response<\/li>\n<\/ul>\n\n\n\n<p>With this update, you can <a href=\"https:\/\/www.sumologic.com\/blog\/rsac-intelligent-security-operations\">build an intelligent security operation<\/a> to help you work faster and improve your security workflow.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"bottom-line-security-teams-just-got-a-whole-lot-smarter\">Bottom line: Security teams just got a whole lot smarter<\/h2>\n\n\n\n<p>Sumo Logic\u2019s UEBA historic baselining is more than a feature; it\u2019s a rethink of how behavioral analytics should work.<\/p>\n\n\n\n<p>You get the depth of long-term analytics with the speed of real-time insights. In a threat landscape where every minute counts, that\u2019s a massive upgrade.<\/p>\n\n\n\n<p>Want to see how it works in action? Explore <a href=\"https:\/\/www.sumologic.com\/demo\/complete-threat-detection-investigation-and-response-demo\">Sumo Logic Cloud SIEM.<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":334,"featured_media":49984,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"2","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"blog-category":[126],"blog-tag":[],"translation_priority":[221]},"selected_primary_terms":{"blog-category":[]},"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"71176,71070,71043","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"blog-category":[126],"blog-tag":[],"class_list":["post-49982","blog","type-blog","status-publish","has-post-thumbnail","hentry","blog-category-cloud-siem"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/49982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/334"}],"version-history":[{"count":6,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/49982\/revisions"}],"predecessor-version":[{"id":50260,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/49982\/revisions\/50260"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media\/49984"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=49982"}],"wp:term":[{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog-category?post=49982"},{"taxonomy":"blog-tag","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog-tag?post=49982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}