{"id":80,"date":"2024-10-14T13:56:24","date_gmt":"2024-10-14T13:56:24","guid":{"rendered":"http:\/\/www.sumologic.com\/?page_id=80"},"modified":"2026-01-14T22:43:43","modified_gmt":"2026-01-15T06:43:43","slug":"response-center","status":"publish","type":"page","link":"https:\/\/www.sumologic.com\/solutions\/security\/response-center","title":{"rendered":"Security response center"},"content":{"rendered":"\n<section class=\"e-stn e-stn-e29c1412f8521d8d563da1604836dba45a7358a5 e-stn--main-banner\"><style>@media only screen and (max-width: 9999px) {\n\t\t\t\t\t\t\t\t\t.e-stn.e-stn-e29c1412f8521d8d563da1604836dba45a7358a5 { \n\t\t\t\t\t\t\t\t\t\tbackground-color: #101827; \n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}<\/style><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-30cf6e0d31fd8780616c8617a3382c2b2c7f4e3b e-col--content-wrapper  col-sm-12 col-lg-6\">\n<h1 class=\"wp-block-heading has-pure-white-color has-text-color has-link-color wp-elements-b4c50e2ce22f729dfdb99b32150e8970\" id=\"security-response-center\">Security response center<\/h1>\n\n\n\n<p class=\"description has-chinese-silver-color has-text-color has-link-color wp-elements-4a3c878d868dd1b68aa329a6e7e56c06\">Companies of all sizes are facing heightened cyber security threats in response to state actors, increasing supply chain attacks and open source vulnerabilities. Keeping customers informed, enabled and protected is Sumo Logic&#8217;s highest priority.<\/p>\n\n\n\n<div class=\"e-div e-div-b8650eb23605cc1c3c2b0261ca56a62af47c216e e-div--button-wrapper\"><div class=\"e-btn e-btn--blue-button-with-right-arrow\"><a class=\"e-btn__link\" href=\"https:\/\/www.sumologic.com\/feed\/security-response\" target=\"_blank\">\n<p class=\"title\">Subscribe to RSS<\/p>\n<\/a><\/div>\n\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-15df7f642de35e557df618afb20d16d065041e70 e-col--media-wrapper  col-sm-12 col-lg-6\">\n<div class=\"e-div e-div-c798c7a4466427637118b74d5226a20455577ae2 e-div--media-wrapper\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"725\" height=\"603\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/hero-continuous_intelligence_platform_hero.png\" alt=\"\" class=\"wp-image-9384\" title=\"\" srcset=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/hero-continuous_intelligence_platform_hero.png 725w, https:\/\/www.sumologic.com\/wp-content\/uploads\/hero-continuous_intelligence_platform_hero-300x250.png 300w, https:\/\/www.sumologic.com\/wp-content\/uploads\/hero-continuous_intelligence_platform_hero-575x478.png 575w\" sizes=\"auto, (max-width: 725px) 100vw, 725px\" \/><\/figure>\n<\/div>\n\n<div class=\"e-img e-img--section-bg\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/sumo-wp-marketing-site-assets.s3.amazonaws.com\/uploads\/2024\/10\/main-banner-bg-blur.svg\" alt=\"\" class=\"wp-image-1076\" title=\"\"><\/figure>\n<\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section id=\"section-7\" class=\"e-stn e-stn-6c51ddd2b8dd9ec12d632c35a61b62586cd316c6 e-stn--faq-accordion\"><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-029c01502d78b7cff6900cd3b2a145337ca3a946  col-sm-12 col-md-4\">\n<h2 class=\"wp-block-heading has-delft-blue-color has-text-color has-link-color wp-elements-26d98a6dde2f14b284de1fba65c90894\" id=\"recent-security-threats-1\">Recent security threats<\/h2>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-1535be63930f7ed2ef76cc949c67e8736d5f40d3  col-sm-12 col-md-8\">\n<div class=\"accordion-block\"><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">MongoDB &#8211; MongoBleed Server Vulnerability<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>January 2, 2026<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the recently disclosed MongoBleed vulnerability (CVE-2025-14847) affecting multiple MongoDB Server versions. After a thorough review of our systems, we have confirmed that Sumo Logic is not impacted as no MongoDB services were and currently are not actively running. No customer action is required at this time.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Remote Code Execution (RCE) Vulnerabilities in React and Next.js<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>December 4, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the recently disclosed Remote Code Execution (RCE) vulnerabilities affecting the react-server and Next.js frameworks (CVE-2025-55182 and CVE-2025-66478). After a thorough review of our systems, we have confirmed that Sumo Logic is not impacted, as the affected components are not used within our environment. No customer action is required at this time.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Gainsight Salesforce Incident<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>November 24, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of Gainsight\u2019s security incident related to their Salesforce-connected applications. After a thorough investigation, we have determined that there is no impact to Sumo Logic and no action is required from our customers at this time. We will continue to monitor and update as appropriate.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Cisco ASA RCE and Privilege Escalation<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>September 29, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the new RCE and privilege escalation vulnerabilities in Cisco ASA (CVE-2025-20333 and CVE-2025-20362).\u00a0 Following a review of our system, we have confirmed that Sumo Logic is not affected by the Cisco ASA vulnerabilities, as this product is not part of our environment. No customer action is required.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">\u201cShai-Hulud\u201d NPM Supply Chain Worm<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>September 24, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the recent \u201cShai-Hulud\u201d worm and npm supply chain attack.\u00a0Our investigation suggests that Sumo Logic is not impacted by any of the affected packages.\u00a0 We do not utilize or reference any affected npm packages in our products or services. Currently, no action is required from our customers, but we will continue to monitor and update as appropriate.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Salesloft Drift Breach<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>September 2, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the recent Salesloft Drift breach. After a thorough investigation, we have determined that Sumo Logic is not impacted, as our products and services do not use Drift. Our current assessment is that no action is required from our customers, but we will continue to monitor and update as appropriate.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Microsoft SharePoint Zero Day Exploit a.k.a Toolshell vulnerability and Cisco ISE Critical API vulnerability<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>July 23, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the recent zero-day in Microsoft SharePoint a.k.a. Toolshell (CVE-2025-53770) and Cisco ISE Critical API vulnerabilities (<a href=\"https:\/\/thehackernews.com\/2025\/06\/critical-rce-flaws-in-cisco-ise-and-ise.html\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-20281<\/a>,\u00a0<a href=\"https:\/\/thehackernews.com\/2025\/07\/cisco-warns-of-critical-ise-flaw.html\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-20337<\/a>,\u00a0<a href=\"https:\/\/thehackernews.com\/2025\/06\/critical-rce-flaws-in-cisco-ise-and-ise.html\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-20282<\/a>). After a thorough investigation, we have determined Sumo Logic is not impacted, as our products and services do not use these tools\/technologies. Our current assessment is that no action is required from our customers, but we will continue to monitor and update as appropriate.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Oracle Cloud Server Breach<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>April 8, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the recent Oracle Cloud server data breach. Following our initial investigation and system review, we have confirmed that Sumo Logic is not impacted, as we do not use Oracle\u2019s Cloud platform or SSO\/identity management products. At this time, there is no impact on our customers, and no action is required. We will continue to monitor the situation and share updates as necessary.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Ingress-nginx RCE a.k.a IngressNightmare<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>April 4, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the unauthenticated remote code execution vulnerability in\u00a0<strong>Ingress-nginx<\/strong>\u00a0Controller (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-1974\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-1974<\/a>). After a thorough investigation, we have determined that Sumo Logic is not affected by the vulnerability. At this time, no action is needed from our customers. However, we will continue to monitor the situation and provide updates as appropriate.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Github Tj-actions<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>March 20, 2025<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the\u00a0<strong>tj-actions\/changed-files<\/strong>\u00a0supply chain attack (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2025-30066\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-30066<\/a>), Our extensive investigation suggests that Sumo Logic is not impacted by the compromised tj-action\/changed-files. Our current assessment is that no action is required from our customers, but we will continue to monitor and update as appropriate.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Linguistic Lumberjack: Fluent Bit<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>May 23, 2024<\/strong> <\/p>\n                        \n<p>On May 20, 2024, Tenable Research&nbsp;<a href=\"https:\/\/www.tenable.com\/blog\/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323\" target=\"_blank\" rel=\"noreferrer noopener\">discovered<\/a>&nbsp;a critical memory corruption vulnerability dubbed Linguistic Lumberjack in Fluent Bit (CVE-2024-4323), a core component in the monitoring infrastructure of many cloud services. Sumo Logic has updated all applicable systems to ensure we are not vulnerable and is continuing to monitor our corporate security posture as well as our third-party vendors to ensure they are dealing with the situation as appropriate.<\/p>\n\n\n\n<p>From an open source perspective, although by default none of our solutions are exposed to the internet, some do leverage the impacted versions of Fluent Bit. We have released updated versions in those instances. See below for details.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tailing sidecar operator version\u00a0<a href=\"https:\/\/github.com\/SumoLogic\/tailing-sidecar\/releases\/tag\/v0.13.0\" target=\"_blank\" rel=\"noreferrer noopener\">0.13.0<\/a>\u00a0contains the fix.<\/li>\n\n\n\n<li>Kubernetes Collection Helm Chart\u00a0<a href=\"https:\/\/github.com\/SumoLogic\/sumologic-kubernetes-collection\/releases\/tag\/v4.7.1\" target=\"_blank\" rel=\"noreferrer noopener\">v4.7.1<\/a>\u00a0contains the above fix.<\/li>\n\n\n\n<li>Kubernetes Collection Helm Chart\u00a0<a href=\"https:\/\/github.com\/SumoLogic\/sumologic-kubernetes-collection\/releases\/tag\/v3.19.3\" target=\"_blank\" rel=\"noreferrer noopener\">v3.19.3<\/a>\u00a0contains the above fix and a separate upgrade to Fluent Bit.<\/li>\n\n\n\n<li>No upgrades available for Kubernetes Collection Helm Chart version 2. Support for this version ended on 2023-07-20. Customers are encouraged to upgrade to\u00a0<a href=\"https:\/\/github.com\/SumoLogic\/sumologic-kubernetes-collection\/releases\/tag\/v4.7.1\" target=\"_blank\" rel=\"noreferrer noopener\">v4.7.1<\/a>.<\/li>\n\n\n\n<li>No upgrades available for Helm Operator. An upgrade to version 4 of the Helm Chart (where there\u2019s no Fluent Bit) is in progress.<\/li>\n<\/ul>\n\n\n\n<p>We will continue to monitor and update as appropriate.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">STATUS UPDATE November 20, 2023 \u2013 3:30 PM PST<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>November 20, 2023<\/strong> <\/p>\n                        \n<p><strong>Update: Sumo Logic Security Incident<\/strong><\/p>\n\n\n\n<p>To our valued customers:<\/p>\n\n\n\n<p>We want to provide you with an update on Sumo Logic\u2019s recent security incident. We take the safety and reliability of our platform seriously. This is why we took immediate action to secure our platform as soon as we detected a potential security incident, including the recommendation to rotate all credentials.<\/p>\n\n\n\n<p>We are grateful to share that the diligent investigation led by our security and engineering teams uncovered no proof of customer data impact and no threat of customer data impact present. These findings were verified by third-party forensic experts and the investigation of this incident is now complete and closed.<\/p>\n\n\n\n<p>We remain committed to providing all of our customers with secure and reliable digital experience and are doing everything we can to emerge safer from this incident. To that end, we will be undertaking additional evaluation to learn from this incident and identify any measures or modifications to prevent future incidents.<\/p>\n\n\n\n<p>As we have done throughout this process, we encourage you to keep an eye on the&nbsp;<a href=\"https:\/\/www.sumologic.com\/solutions\/security\/response-center\">Security Response Center<\/a>&nbsp;where we have posted pertinent updates. We also would like to provide you with additional tools and information.<\/p>\n\n\n\n<p><strong>FURTHER STEPS YOU CAN TAKE<\/strong><\/p>\n\n\n\n<p>While this investigation is complete and closed, and there is no proof of customer data impact and no threat of customer data impact present, Sumo Logic is providing the Indicators of Compromise (IOCs) and supporting documentation so customers can inspect their own environments, which we recommend.<\/p>\n\n\n\n<p><strong>Indicators of Compromise<\/strong><\/p>\n\n\n\n<p>34.201.113.45<\/p>\n\n\n\n<p>66.225.222.68<\/p>\n\n\n\n<p>159.223.118.253<\/p>\n\n\n\n<p>54.183.5.235<\/p>\n\n\n\n<p>34.207.95.146<\/p>\n\n\n\n<p>44.203.0.45<\/p>\n\n\n\n<p>45.154.98.33<\/p>\n\n\n\n<p>18.189.57.10<\/p>\n\n\n\n<p>185.220.101.56<\/p>\n\n\n\n<p>34.238.239.207<\/p>\n\n\n\n<p>185.220.101.58<\/p>\n\n\n\n<p>45.76.10.28<\/p>\n\n\n\n<p><strong>How to Inspect Your Own Environments<\/strong><\/p>\n\n\n\n<p>As we formally close this investigation, we want to share some of the techniques we used internally, leveraging the Sumo Logic platform to further guide you in further inspecting your environments and ensuring your security posture.<\/p>\n\n\n\n<p>We used our own solutions within Sumo Logic. In this particular instance, we used both our Cloud SIEM to search our environment for Indicators of Compromise (IOCs) and malicious IPs. In addition, we also used our Cloud Infrastructure Security (CIS) solution for enterprise audit activities such as access key creation, deletion and active vs. inactive. Below is a sample query you can run within your Sumo Logic instance. This will return any source categories where the IOCs are present and will show you where to do further investigation.<\/p>\n\n\n\n<p><strong>Example Search in Sumo Logic<\/strong><\/p>\n\n\n\n<p>_sourcecategory=* (\u201c34.201.113.45\u201d or \u201c66.225.222.68\u201d or \u201c159.223.118.253\u201d or \u201c54.183.5.235\u201d or \u201c34.207.95.146\u201d or \u201c44.203.0.45\u201d or \u201c45.154.98.33\u201d or \u201c18.189.57.10\u201d or \u201c185.220.101.56\u201d or \u201c34.238.239.207\u201d or \u201c185.220.101.58\u201d or \u201c45.76.10.28\u201d)<br>| timeslice 1m<br>| parse regex \u201c(?&lt;ioc_ip&gt;\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\u201d multi<br>| where ioc_ip in (\u201c34.201.113.45\u2033,\u201d66.225.222.68\u2033,\u201d159.223.118.253\u2033,\u201d54.183.5.235\u201d, \u201c34.207.95.146\u201d, \u201c44.203.0.45\u201d, \u201c45.154.98.33\u201d, \u201c18.189.57.10\u201d, \u201c185.220.101.56\u201d, \u201c34.238.239.207\u201d, \u201c185.220.101.58\u201d, \u201c45.76.10.28\u201d)<br>| count _timeslice, _sourcecategory, ioc_ip<\/p>\n\n\n\n<p>If you have questions about this guidance, don\u2019t hesitate to get in touch with our customer support team at&nbsp;<a href=\"https:\/\/support.sumologic.com\/support\/s\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.sumologic.com\/support\/s\/<\/a><\/p>\n\n\n\n<p>Thank you for your patience and understanding throughout this process. We look forward to continuing to help our customers turn insights into action and deliver reliable and secure digital experiences.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">STATUS UPDATE November 14, 2023 \u2013 6:00PM PST<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>November 14, 2023<\/strong> <\/p>\n                        \n<p>We continue to make progress with the investigation. We are still strongly advising customers to rotate the Sumo Logic API access credentials as soon as possible, and no later than 48 hours. Specifically, we advise you to rotate immediately:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sumo Logic API access keys<\/li>\n<\/ul>\n\n\n\n<p>What you could also rotate as an additional precautionary measure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Third-party credentials that have been stored with Sumo as part of webhook connection configuration<\/li>\n<\/ul>\n\n\n\n<p>If you have questions about steps to take, don\u2019t hesitate to get in touch with our customer support team at&nbsp;<a href=\"https:\/\/support.sumologic.com\/support\/s\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.sumologic.com\/support\/s\/<\/a><\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">STATUS UPDATE November 12, 2023 \u2013 3:30PM PST<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>November 12, 2023<\/strong> <\/p>\n                        \n<p>We continue to make progress with the investigation. However, the substantial guidance we have as of today remains the same as provided on November 10th.<\/p>\n\n\n\n<p>\u2014\u2014\u2014<\/p>\n\n\n\n<p>If you have questions about steps to take, don\u2019t hesitate to get in touch with our customer support team at&nbsp;<a href=\"https:\/\/support.sumologic.com\/support\/s\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.sumologic.com\/support\/s\/<\/a><\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">STATUS UPDATE November 11, 2023 \u2013 3:30PM PST<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>November 11, 2023<\/strong> <\/p>\n                        \n<p>We continue to make progress with the investigation. However, the substantial guidance we have as of today remains the same as provided on November 10th.<\/p>\n\n\n\n<p>\u2014\u2014\u2014<\/p>\n\n\n\n<p>If you have questions about steps to take, don\u2019t hesitate to get in touch with our customer support team at&nbsp;<a href=\"https:\/\/support.sumologic.com\/support\/s\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.sumologic.com\/support\/s\/<\/a><\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">NEW UPDATE FOR REDUCED ACTIONS<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>November 10, 2023<\/strong> <\/p>\n                        \n<p><strong>WHAT SHOULD YOU DO (if you have not done so yet):<\/strong><br>We recommend that customers rotate credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systems.<\/p>\n\n\n\n<p>Specifically, we advise you to rotate immediately:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sumo Logic API access keys<\/li>\n<\/ul>\n\n\n\n<p>What you could also rotate as an additional precautionary measure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Third-party credentials that have been stored with Sumo as part of webhook connection configuration<\/li>\n<\/ul>\n\n\n\n<p>\u2014\u2014\u2014<\/p>\n\n\n\n<p><strong>WE NO LONGER RECOMMEND THE FOLLOWING MEASURES FOR THIS INCIDENT:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sumo Logic installed collector credentials<\/li>\n\n\n\n<li>Third-party credentials that have been stored with Sumo for the purpose of data collection by the hosted collector (e.g., credentials for S3 access)<\/li>\n\n\n\n<li>User passwords to Sumo Logic accounts<\/li>\n<\/ul>\n\n\n\n<p>\u2014\u2014\u2014<\/p>\n\n\n\n<p>If you have questions about steps to take, don\u2019t hesitate to get in touch with our customer support team at&nbsp;<a href=\"https:\/\/support.sumologic.com\/support\/s\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.sumologic.com\/support\/s\/<\/a><\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Sumo Logic Security Notice<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>November 9, 2023<\/strong> <\/p>\n                        \n<p>Per the recommendations mentioned in the November 7th &amp; 8th Security Notices, we have created a playbook to guide our customers through the process of updating their API access keys.<\/p>\n\n\n\n<p>Here is a direct link to the playbook:&nbsp;<a href=\"https:\/\/help.sumologic.com\/docs\/manage\/security\/rotating-credentials-playbooks\/\" target=\"_blank\" rel=\"noreferrer noopener\">link<\/a><\/p>\n\n\n\n<p><em>The information contained in this website is provided \u201cas is,\u201d without any warranty of any kind, either express or implied. Users are solely responsible for adequate protection and backup of the data and equipment used in connection herewith. If Users require assistance, please contact our Support team via opening a ticket using our Support Console.<\/em><\/p>\n\n\n\n<p><strong>November 8, 2023<\/strong><\/p>\n\n\n\n<p>As an outcome of our ongoing investigation, we are reducing the scope of the additional precautionary measures mentioned in our November 7th message. Here is the updated recommendation:<\/p>\n\n\n\n<p>What you could also rotate as an additional precautionary measure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Third-party credentials that have been stored with Sumo as part of webhook connection configuration<\/li>\n<\/ul>\n\n\n\n<p><strong>November 7, 2023<\/strong><\/p>\n\n\n\n<p><strong>To Our Valued Customers:<\/strong><\/p>\n\n\n\n<p>At Sumo Logic, ensuring the security and reliability of our customers\u2019 digital experience is our top priority. We have always placed great emphasis on protecting our customers against threats, and we understand and deeply value the trust our customers place in us.<\/p>\n\n\n\n<p>To that end, we are writing to notify you, as a precautionary measure, of a possible security incident within our platform.<\/p>\n\n\n\n<p><strong>WHAT HAPPENED<\/strong>:<\/p>\n\n\n\n<p>On Friday, November 3rd, 2023, Sumo Logic discovered evidence of a potential security incident. The activity identified used a compromised credential to access a Sumo Logic AWS account. We have not at this time discovered any impacts to our networks or systems, and customer data has been and remains encrypted.<\/p>\n\n\n\n<p><strong>WHAT HAVE WE DONE<\/strong>:<\/p>\n\n\n\n<p>Immediately upon detection we locked down the exposed infrastructure and rotated every potentially exposed credential for our infrastructure out of an abundance of caution. We are continuing to thoroughly investigate the origin and extent of this incident. We have identified the potentially exposed credentials and have added extra security measures to further protect our systems. This includes improved monitoring and fixing any possible gaps to prevent any similar events and we are continuing to monitor our logs to look for further signs of malicious activity. We have taken actions to stop the threat to our infrastructure and are advising customers to rotate their credentials.<\/p>\n\n\n\n<p><strong>WHAT SHOULD YOU DO<\/strong>:<\/p>\n\n\n\n<p>We recommend that customers rotate credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systems. Specifically:<\/p>\n\n\n\n<p>What we advise you rotate immediately:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sumo Logic API access keys (If you need assistance with this, please contact Sumo Support at\u00a0<a href=\"https:\/\/support.sumologic.com\/support\/s\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.sumologic.com\/support\/s\/<\/a>)<\/li>\n<\/ul>\n\n\n\n<p>What you could also rotate as an additional precautionary measure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sumo Logic installed collector credentials<\/li>\n\n\n\n<li>Third-party credentials that have been stored with Sumo for the purpose of data collection by the hosted collector (e.g., credentials for S3 access)<\/li>\n\n\n\n<li>Third-party credentials that have been stored with Sumo as part of webhook connection configuration<\/li>\n\n\n\n<li>User passwords to Sumo Logic accounts<\/li>\n<\/ul>\n\n\n\n<p>If you have questions about steps to take, please do not hesitate to contact our customer support team at&nbsp;<a href=\"https:\/\/support.sumologic.com\/support\/s\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.sumologic.com\/support\/s\/<\/a><\/p>\n\n\n\n<p><strong>WHAT HAPPENS NEXT<\/strong>:<\/p>\n\n\n\n<p>While the investigation into this incident is ongoing, we remain committed to doing everything we can to promote a safe and secure digital experience.<\/p>\n\n\n\n<p>We will directly notify customers if evidence of malicious access to their Sumo Logic accounts is found. Customers may find updates at our Security Response Center.<\/p>\n\n\n\n<p>Your security remains our top priority and we want to reiterate how much we value you putting your trust in us. Thank you for your understanding through this process.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">libwebp Vulnerability October 26, 2023<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>October 26, 2023<\/strong> <\/p>\n                        \n<p>Last month Google published\u00a0<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-5129\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-5129<\/a>\u00a0(marked as a duplicate) and\u00a0<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-4863\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-4863<\/a>\u00a0indicating vulnerabilities existed within libwebp and as a result within a number of downstream applications leveraging it. Sumo Logic has updated all applicable systems to ensure we are not vulnerable and are continuing to monitor our corporate security posture as well as our third-party vendors to ensure they are dealing with the situation as appropriate.<\/p>\n\n\n\n<p><\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">HTTP\/2 Rapid Reset Attack<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>October 26, 2023<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the vulnerability\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-44487\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-44487<\/a>, also known as \u201cHTTP\/2 Rapid Reset Attack.\u201d Sumo Logic has mitigations in place that we inherit from AWS mechanisms. We do not believe we are susceptible based on our scanning, testing, and inherited mitigations from our AWS-based infrastructure. We have followed the current\u00a0<a href=\"https:\/\/aws.amazon.com\/security\/security-bulletins\/AWS-2023-011\/\" target=\"_blank\" rel=\"noreferrer noopener\">guidance published by AWS<\/a>\u00a0in this regard.<\/p>\n\n\n\n<p><\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">libwebp Vulnerability September 28, 2023<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>September 28, 2023<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the vulnerabilities (CVE-2023-5129 and CVE-2023-4863) that Google published indicating a critical vulnerability in libwebp. We are actively investigating to identify any and all areas where we may be leveraging the vulnerable versions of this library. As of now our investigations have revealed no indications of compromise. We will keep this page up to date as our investigations continue.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">MOVEit vulnerabilities<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>June 20, 2023<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the published vulnerabilities (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-34362\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-34362<\/a>,\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-35036\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-35036<\/a>, and\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-35708\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-35708<\/a>) by Progress software indicating that the MOVEit Transfer tool was vulnerable to multiple SQL injection vulnerabilities. Our investigation suggests that Sumo Logic is not impacted as our products and services do not use MOVEit Transfer tool. Our current assessment is that no action is required from our customers, but we will continue to monitor and update as appropriate.<\/p>\n\n\n\n<p><\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">OpenSSL Vulnerability<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>November 4, 2022<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of the recently announced OpenSSL vulnerabilities (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-3786\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-3786<\/a>\u00a0and\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-3602\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-3602<\/a>). Our initial investigation suggests that\u00a0<strong>Sumo Logic is not impacted<\/strong>\u00a0as our products and services do not rely on OpenSSL. Our current assessment is that no action is required from our customers, but we will continue to monitor and update as appropriate.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Spring4Shell April 1, 2022<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>April 1, 2022<\/strong> <\/p>\n                        \n<p>Sumo Logic has validated that we do not use any part of the vulnerable Spring Cloud framework found in\u00a0<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22963\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-22963<\/a>. We have also reviewed\u00a0<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22965\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-22965<\/a>\u00a0and have validated that Sumo Logic is not vulnerable to known exploitable methods. Out of an abundance of caution, we will be updating our Sumo Logic Service; however, no action is required on your part. The Sumo Logic collector is not vulnerable to known Spring Cloud framework exploitation methods.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Spring4Shell March 31, 2022<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>March 31, 2022<\/strong> <\/p>\n                        \n<p>Sumo Logic is aware of CVE-2022-22963, which is an exploitable Remote Code Execution (RCE) in Spring Cloud Functions. Our initial investigation suggests that Sumo Logic is not impacted. Our current assessment is that no action is required on your part at this time, but we will continue to monitor and keep you posted as our analysis progresses.<\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Okta evolving situation<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>January 21, 2022<\/strong> <\/p>\n                        \n<p>Our Global Operations Center investigated Okta\u2019s evolving situation as Sumo Logic currently leverages Okta\u2019s federated identity solution.\u00a0<strong>So far we have no evidence that Sumo Logic, our employees or services are impacted in any way.<\/strong><\/p>\n\n\n\n<p><\/p>\n<\/div>\n                    <\/div><div class=\"accordion-item\">\n                        <button class=\"accordion-title\">Log4j\/Log4Shell<span class=\"accordion-icon\">+<\/span><\/button>\n                        <div class=\"accordion-content\">\n                        <p class=\"date\"><strong>December 11, 2021<\/strong> <\/p>\n                        \n<p>Beginning early in the morning on Dec. 10th, Sumo Logic\u2019s security team investigated and validated the nature and severity of the exploit against potential points of compromise and determined&nbsp;<strong>that at NO time was Sumo Logic exploited.<\/strong><\/p>\n\n\n\n<p>We use a custom SumoLog4Layout library that never invokes custom lookups (as compared to Apache Log4j) so the Sumo Logic Service was never impacted.<\/p>\n<\/div>\n                    <\/div><\/div>\n        \n        <script>\n            document.addEventListener(\"DOMContentLoaded\", function () {\n                var accordionButtons = document.querySelectorAll(\".accordion-title\");\n\n                accordionButtons.forEach(function (btn) {\n                    btn.addEventListener(\"click\", function () {\n                        var faqItem = this.closest(\".accordion-item\"); \/\/ Get the parent FAQ item\n                        var answer = faqItem.querySelector(\".accordion-content\"); \/\/ Find the answer within the same item\n                        var icon = this.querySelector(\".accordion-icon\");\n\n                        \/\/ Close all other open answers and remove active class\n                        document.querySelectorAll(\".accordion-item\").forEach(function (item) {\n                            if (item !== faqItem) {\n                                item.classList.remove(\"active\");\n                                item.querySelector(\".accordion-content\").style.display = \"none\";\n                                item.querySelector(\".accordion-icon\").textContent = \"+\";\n                            }\n                        });\n\n                        \/\/ Toggle the clicked answer and add active class\n                        if (answer.style.display === \"block\") {\n                            answer.style.display = \"none\";\n                            faqItem.classList.remove(\"active\");\n                            icon.textContent = \"+\";\n                        } else {\n                            answer.style.display = \"block\";\n                            faqItem.classList.add(\"active\");\n                            icon.textContent = \"\u2212\";\n                        }\n                    });\n                });\n            });\n        <\/script>\n        \n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section id=\"section-2\" class=\"e-stn e-stn-9594aa7a6ffc8e863a3f9110c090f8a79fdaab3f e-stn--repeatable-content-cards e-mt-0 e-pt-30 e-mb-0 e-pb-30\"><style>@media only screen and (max-width: 9999px) {\n\t\t\t\t\t\t\t\t\t.e-stn.e-stn-9594aa7a6ffc8e863a3f9110c090f8a79fdaab3f { \n\t\t\t\t\t\t\t\t\t\tbackground-color: #f8f8f8; \n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}<\/style><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-15df7f642de35e557df618afb20d16d065041e70 e-col--media-wrapper  col-sm-12 col-lg-6\">\n<h2 class=\"wp-block-heading\" id=\"secure-saas-and-cloud-based-applications\">Recent security alert: Okta access compromised<\/h2>\n\n\n\n<p><strong>Summary<\/strong><\/p>\n\n\n\n<p>A support engineer&#8217;s laptop at the Identity and Authentication (IAM) firm, Okta was compromised<\/p>\n\n\n\n<p><strong>What steps has Sumo Logic taken?<\/strong><\/p>\n\n\n\n<p>Our Global Operations Center investigated Okta\u2019s evolving situation as Sumo Logic currently leverages Okta&#8217;s federated identity solution.&nbsp;<strong>So far we have no evidence that Sumo Logic, our employees or services are impacted in any way.<\/strong><\/p>\n\n\n\n<p><strong>What can I do?<\/strong><\/p>\n\n\n\n<p>Customers and prospects in a currently 30-day trial can use the Okta app to determine if they are compromised and leverage Cloud SIEM targeted searches.<\/p>\n\n\n<div class=\"e-btn e-btn--underline-black-common-link-with-arrow\"><a class=\"e-btn__link\" href=\"https:\/\/www.sumologic.com\/blog\/okta-evolving-situation-am-i-impacted\" target=\"_self\">\n<p class=\"title\">Sumo Logic blog: Okta evolving situation: Am I impacted?<\/p>\n<\/a><\/div><\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-30cf6e0d31fd8780616c8617a3382c2b2c7f4e3b e-col--content-wrapper  col-sm-12 col-lg-6\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"647\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-okta-access-compromised.png\" alt=\"\" class=\"wp-image-9387\" title=\"\" srcset=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-okta-access-compromised.png 1600w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-okta-access-compromised-300x121.png 300w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-okta-access-compromised-1024x414.png 1024w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-okta-access-compromised-768x311.png 768w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-okta-access-compromised-1536x621.png 1536w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-okta-access-compromised-575x233.png 575w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\" \/><\/figure>\n<\/div><\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"page-section resource-card-section gsbp-585e707 alignfull\" id=\"section-6\">\n<div>\n<div class=\"box-container resource-card-section__container\">\n<div class=\"resource-card-section__heading-wrapper\">\n<h2 class=\"resource-card-section__heading\">Additional resources<\/h2>\n<\/div>\n\n\n\n<div class=\"grid--l-3 grid--m-2 grid--s-1 gap--l resource-block-wrapper mt-3 grid--4\">\n<a class=\"resource-block\" href=\"https:\/\/www.linkedin.com\/events\/7091843143762923520\/about\/\" target=\"_blank\" rel=\"noopener\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-linkedin-live-v2.jpg\" alt=\"\" width=\"652\" height=\"367\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">video<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">SEC Rules for Cybersecurity Disclosures<\/h3>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Watch video<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/www.sumologic.com\/blog\/sec-cybersecurity-disclosure-rules\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-SEC-passed-new-cybersecurity-rules-social-v3.png\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">blog<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">SEC rules on cybersecurity disclosure<\/h3>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Read blog<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/www.sumologic.com\/blog\/okta-evolving-situation-am-i-impacted\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-specops-min-1.png\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">blog<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">Okta evolving situation: Am I impacted?<\/h3>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Read blog<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/www.sumologic.com\/app-catalog\/okta\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-sumo-security-analytics-demo-thumb-1.jpg\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">Integration<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">Okta Integration for Sumo Logic<\/h3>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">See integration<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/www.sumologic.com\/blog\/mind-your-single-sign-on-sso-logs\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-platform-security-thumb-1.jpg\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">blog<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">Mind your Single Sign-On (SSO) logs<\/h3>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Read blog<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/www.sumologic.com\/solutions\/security\/log4j\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-Day-in-the-life-with-Sumo-Logic-Cloud-SIEM-1.png\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">Solution<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">Log4j vulnerability response center<\/h3>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Learn more<\/div>\n<\/div>\n<\/a>\n\n\n\n<a class=\"resource-block\" href=\"https:\/\/www.sumologic.com\/briefs\/strengthening-detection-of-software-supply-chain-attacks\">\n<div class=\"resource-block__img-wrap\">\n<figure class=\"resource-block__figure\">\n<img decoding=\"async\" class=\"resource-block__img\" src=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/thumb-esentire-brief-card-v2.png\" alt=\"\" width=\"652\" height=\"366\" loading=\"lazy\" title=\"\">\n<\/figure>\n<\/div>\n\n\n\n<div class=\"resource-block__body-wrap\">\n<div class=\"resource-block__sub-heading\">brief<\/div>\n\n\n\n<h3 class=\"resource-block__heading\">Strengthening the detection of software supply chain attacks<\/h3>\n\n\n\n<div class=\"btn-right-arrow resource-block__link\">Download brief<\/div>\n<\/div>\n<\/a>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\" id=\"section-5\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:25%\"><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<h3 class=\"wp-block-heading has-text-align-center\" id=\"best-in-class-economics\">External resources<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.sec.gov\/news\/press-release\/2023-139\" target=\"_blank\" rel=\"noreferrer noopener\">SEC adopts rules on cybersecurity risk management, strategy, governance, and incident disclosure by public companies<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/sec-cyberincident-disclosure-four\/\" target=\"_blank\" rel=\"noreferrer noopener\">SEC wants cyber-incident disclosure within four days<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2022\/03\/21\/statement-by-president-biden-on-our-nations-cybersecurity\/\" target=\"_blank\" rel=\"noreferrer noopener\">Statement by President Biden on our Nation\u2019s Cybersecurity<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/news.yahoo.com\/exclusive-ransomware-attacks-on-us-supply-chain-are-undermining-national-security-customs-and-border-protection-bulletin-warns-191403260.html\" target=\"_blank\" rel=\"noreferrer noopener\">Exclusive: Ransomware attacks on U.S. supply chain are undermining national security, CBP bulletin warns<\/a><\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:25%\"><\/div>\n<\/div>\n\n\n\n<section id=\"section-4\" class=\"e-stn e-stn-10a351e6bb5969caf72fbed0d6d835aabc660dd1 e-stn--dynamic-grid-section e-mt-0 e-mb-0\"><style>@media only screen and (max-width: 9999px) {\n\t\t\t\t\t\t\t\t\t.e-stn.e-stn-10a351e6bb5969caf72fbed0d6d835aabc660dd1 { \n\t\t\t\t\t\t\t\t\t\tbackground-color: #ffffff; \n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}<\/style><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row justify-content-center\">\n<div class=\"wp-block-b3rg-column e-col e-col-23c491b9590ceaa0fec0c4d0a346887f5f358584  col-sm-7\">\n<h2 class=\"wp-block-heading has-text-align-center has-pure-black-color has-text-color has-link-color wp-elements-babe3ea0eb9cbf82e8ae37cc603a05a1\" id=\"the-advantage-of-sumo-logic-cloud-soar\">How can Sumo Logic help?<\/h2>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-row e-row row justify-content-center e-row--dlt\">\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"45\" height=\"45\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-security-2-color.svg\" alt=\"\" class=\"wp-image-9388\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<p class=\"has-pure-black-color has-text-color has-link-color wp-elements-a952a09a99ff3a2ba21b0e303169fa4d\"><strong>Actively monitoring current threats in real-time to ensure customers are not impacted<\/strong><\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"64\" height=\"64\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-manage-2-color-icon.svg\" alt=\"\" class=\"wp-image-9389\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<p class=\"has-pure-black-color has-text-color has-link-color wp-elements-ab1d78cde29cdcd242b1f3e7c0bebe6e\"><strong>Creating easy-to-copy search queries and filters customers can use to determine if they are at risk<\/strong>.<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-fb16d19c19a5d501f2ddbce9412fd9f46af6fdf6  col-sm-4\">\n<div class=\"e-div e-div-431e405250f2ce8249058d3c4dd9ba0fc1b25722\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"64\" height=\"64\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/icon-queries-2-color-icon.svg\" alt=\"\" class=\"wp-image-9390\" style=\"aspect-ratio:1;width:63px\" title=\"\"><\/figure>\n<\/div>\n\n\n<p class=\"has-pure-black-color has-text-color has-link-color wp-elements-cc63f8e9f4b6737639b564683f2bb130\"><strong>Providing security-specific onboarding to prospects in our 30-day trial to help them determine if they are compromised.<\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\" id=\"section-5\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:25%\"><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<h2 class=\"wp-block-heading has-text-align-center\" id=\"best-in-class-economics\">Take these steps to improve your security posture<\/h2>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:25%\"><\/div>\n<\/div>\n\n\n\n<section id=\"section-2\" class=\"e-stn e-stn-5deb0a4d3ac7bfa1b90a05c3a814ce3c00d0f60d e-stn--repeatable-content-cards e-mt-0 e-pt-30 e-mb-0 e-pb-30\"><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-15df7f642de35e557df618afb20d16d065041e70 e-col--media-wrapper  col-sm-12 col-lg-6\">\n<h2 class=\"wp-block-heading has-large-font-size\" id=\"secure-saas-and-cloud-based-applications\">Start a 30 Day trial<\/h2>\n\n\n\n<p>Leverage our application integrations and log ingesting capabilities to determine if your organization has been compromised<\/p>\n\n\n<div class=\"e-btn e-btn--black-border-button\"><a class=\"e-btn__link\" href=\"https:\/\/www.sumologic.com\/sign-up\" target=\"_blank\">\n<p class=\"title\">Start free trial<\/p>\n<\/a><\/div><\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-30cf6e0d31fd8780616c8617a3382c2b2c7f4e3b e-col--content-wrapper  col-sm-12 col-lg-6\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2092\" height=\"1448\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-application_monitoring-2.png\" alt=\"\" class=\"wp-image-9393\" title=\"\" srcset=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-application_monitoring-2.png 2092w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-application_monitoring-2-300x208.png 300w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-application_monitoring-2-1024x709.png 1024w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-application_monitoring-2-768x532.png 768w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-application_monitoring-2-1536x1063.png 1536w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-application_monitoring-2-2048x1418.png 2048w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-application_monitoring-2-575x398.png 575w\" sizes=\"auto, (max-width: 2092px) 100vw, 2092px\" \/><\/figure>\n<\/div><\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section id=\"section-1\" class=\"e-stn e-stn-43b62cf0c372c16d54653566af4e2ae40e9f466f e-stn--repeatable-content-cards e-mt-0 e-pt-30 e-mb-0 e-pb-30\"><style>@media only screen and (max-width: 9999px) {\n\t\t\t\t\t\t\t\t\t.e-stn.e-stn-43b62cf0c372c16d54653566af4e2ae40e9f466f { \n\t\t\t\t\t\t\t\t\t\tbackground-color: #f8f8f8; \n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}<\/style><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-30cf6e0d31fd8780616c8617a3382c2b2c7f4e3b e-col--content-wrapper  col-sm-12 col-lg-6\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2092\" height=\"1448\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-Kubernetes_monitoring-1.png\" alt=\"\" class=\"wp-image-9395\" title=\"\" srcset=\"https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-Kubernetes_monitoring-1.png 2092w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-Kubernetes_monitoring-1-300x208.png 300w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-Kubernetes_monitoring-1-1024x709.png 1024w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-Kubernetes_monitoring-1-768x532.png 768w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-Kubernetes_monitoring-1-1536x1063.png 1536w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-Kubernetes_monitoring-1-2048x1418.png 2048w, https:\/\/www.sumologic.com\/wp-content\/uploads\/dashboard-Kubernetes_monitoring-1-575x398.png 575w\" sizes=\"auto, (max-width: 2092px) 100vw, 2092px\" \/><\/figure>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-b3rg-column e-col e-col-30cf6e0d31fd8780616c8617a3382c2b2c7f4e3b e-col--content-wrapper  col-sm-12 col-lg-6\">\n<h2 class=\"wp-block-heading has-large-font-size\" id=\"talk-to-our-security-experts\">Talk to our security experts<\/h2>\n\n\n\n<p>Take a tour of our security capabilities and Cloud SIEM. Our team can walk you through common threat response scenarios and how to build pro-active threat monitoring.<\/p>\n\n\n<div class=\"e-btn e-btn--black-border-button\"><a class=\"e-btn__link\" href=\"https:\/\/www.sumologic.com\/request-demo\" target=\"_blank\">\n<p class=\"title\">Request demo<\/p>\n<\/a><\/div><\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"<p>External resources Take these steps to improve your security posture<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":8550,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"2","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"translation_priority":[221]},"selected_primary_terms":[],"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":".gsbp-de6fb79{display:flex;justify-content:center;flex-direction:column;align-items:center;padding-right:var(--wp--custom--spacing--side, min(3vw, 20px));padding-left:var(--wp--custom--spacing--side, min(3vw, 20px));margin-top:0;margin-bottom:0;position:relative;padding-top:var(--cf-space-xl);padding-bottom:var(--cf-space-xl)}.gsbp-26a38c9{max-width:100%;width:1380px}.related-items__left-col{display:flex;flex-direction:column;column-gap:var(--cf-space-m);row-gap:var(--cf-space-3xs)}body .related-items__heading:is(h1,h2,h3,h4,h5,h6){font-size:var(--cf-text-2xl)}.related-items__right-col{display:flex;column-gap:var(--space-l);row-gap:var(--space-l)}.related-items__item{padding-top:var(--cf-space-s);padding-bottom:var(--cf-space-s);padding-left:var(--cf-space-s);padding-right:var(--cf-space-s);display:flex;flex-direction:column;row-gap:var(--cf-space-xs);text-decoration:none;border-width:1px;border-style:solid;border-color:var(--cf-primary-30)}.related-items__item .relate-items__item-img{max-width:100%;height:auto;object-fit:cover}.gsbp-272627e,.gsbp-29cd881,.gsbp-5c7c4b3,.gsbp-7023b7d,.gsbp-7fe00f2,.gsbp-a1fdc5e,.gsbp-ff98567{object-fit:contain}body .relate-items__item-title:is(h1,h2,h3,h4,h5,h6){text-decoration:none;color:var(--cf-primary)}.related-items__item .relate-items__item-img{text-decoration:none;margin-bottom:var(--cf-space-4xs)}.related-items__item .relate-items__item-title{text-decoration:none;font-size:var(--cf-text-l)}.related-items__item .related-items__item-btn{color:var(--cf-primary);padding-top:var(--cf-space-xs);padding-bottom:var(--cf-space-xs);padding-left:var(--cf-space-xs);padding-right:var(--cf-space-xs);border-width:1px;border-style:solid;max-width:150px;display:flex;justify-content:center}.related-items__item .related-items__item-text{color:var(--cf-primary)}","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"class_list":["post-80","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages\/80","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/comments?post=80"}],"version-history":[{"count":23,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages\/80\/revisions"}],"predecessor-version":[{"id":66596,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages\/80\/revisions\/66596"}],"up":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/pages\/8550"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}