Sumo Logic’s AI capabilities span from classical machine learning to generative and agentic AI. At the center is Dojo AI, our multi-agent platform that brings specialized agents into security and observability workflows. This page covers all of these capabilities: what they do, how they work together, and how to get started.

Dojo AI​

Dojo AI is Sumo Logic’s multi-agent AI platform, bringing specialized agents across security and observability workflows. Agents work together to detect threats, investigate incidents, explore data, and answer platform questions, with a human in the loop at every step. Dojo AI is built and deployed on AWS and is available through Sumo Logic and in AWS Marketplace. Learn more.

Mobot​

Mobot is the conversational interface for Dojo AI. Ask questions in plain language to analyze log data, investigate incidents, or get answers sourced from official documentation, without writing queries. Mobot connects you to two specialized agents:

• Query Agent. Translates natural-language questions into log search queries and helps you refine them step by step to speed data exploration and investigation.
• Knowledge Agent. Answers how-to questions about Sumo Logic, from setup to troubleshooting and best practices, sourced directly from our official documentation.

Summary Agent​

The Summary Agent automatically generates a concise summary of each Cloud SIEM insight, explaining the threat incidents that triggered it. Summaries help security teams quickly understand scope and prioritize response.

SOC Analyst Agent​

The SOC Analyst Agent, now in Public Preview, applies agentic reasoning to triage and investigate Cloud SIEM insights. It delivers automated verdicts (malicious, suspicious, or benign) using evidence-backed analysis, and supports hypothesis-driven investigation to map relationships, connect entities, and summarize findings.

MCP server​

The Sumo Logic MCP server is coming soon. It will let MCP-compatible AI tools, such as Claude Code CLI, connect to Sumo Logic to query logs, investigate security insights, manage alerts and dashboards, and more using natural language. Contact your Sumo Logic account representative for early access information.

Observability​

Sumo Logic AI for Observability functionality equips developers and SREs with powerful tools to efficiently manage and optimize their technology stack.

Through comprehensive discovery, monitoring, diagnosis, recovery, and prevention capabilities, we ensure minimized downtime, reduced false positives, faster incident resolution, and proactive issue prevention, all aimed at enhancing the overall health and performance of your applications and services. These capabilities include discovering app, service, and infrastructure stack relationships; utilizing M.E.L.T. telemetry to minimize detection time and false positives; diagnosing incidents swiftly; accelerating recovery times; and preventing future incidents.

LogReduce​

LogReduce® utilizes AI-driven algorithms to cluster log messages based on string similarity and distill thousands of log lines into easy-to-understand patterns. Separate the signal from the noise and detect anomalous behavior with Outlier Detection. LogReduce employs fuzzy logic to group similar messages into signatures, enabling quick assessment of activity patterns. You can refine results based on your preferences, teaching LogReduce for more specific outcomes.

LogCompare​

LogCompare compares log data from different time periods to identify changes or anomalies, helping with troubleshooting and root cause analysis. It clusters logs into patterns using baseline and target queries, then highlights significant differences over time. You can refine results by promoting, demoting, or splitting signatures, and set up alerts for new or changed patterns.

AI in alerting​

Anomaly detection​

Anomaly Detection, powered by ML, efficiently flags suspicious activities by establishing baseline behavior and minimizing false positives. It also automatically fine-tunes anomaly detection with minimal user input, and you can associate it with a playbook to link anomaly responses with monitors, streamlining incident response.

Automated playbooks​

With Automated playbooks, you can set up a predefined set of actions and conditional statements that respond to an events like security incidents proactively by running an automated workflow without manual intervention. Configuration is easy - browse our 500+ existing playbooks in the Automation Service App Central, then choose and/or customize it. You can access playbooks when creating a monitor, viewing an alert, or directly from the Automation Service.

App integrations for AI platforms​

Sumo Logic offers integrations with AI platforms for monitoring, governance, and security analysis. The following are some popular examples that let you collect, analyze, and act on data from AI tools directly within Sumo Logic:

• Amazon Bedrock
• Amazon Bedrock AgentCore
• Amazon SageMaker
• ChatGPT Compliance
• Databricks Audit
• GitHub Copilot
• Google Cloud Vertex AI
• LiteLLM
• Microsoft Foundry
• OpenLLMetry

Security​

Our Sumo Logic AI for Security functionality empowers SOC analysts and threat hunters to effectively safeguard their technology stack against evolving threats. By integrating advanced tools for discovery, detection, investigation, response, and protection, we minimize dwell time, reduce false positives, accelerate incident resolution, and proactively prevent future incidents, ensuring robust security and resilience for your cloud, container, and on-prem resources.

Cloud SIEM​

Insight summary​

The Summary Agent generates a synopsis of each insight that describes the threat incidents that triggered it, helping security teams understand incidents faster and accelerate response time.

SOC Analyst Agent​

The SOC Analyst Agent triages and investigates Cloud SIEM insights using agentic AI reasoning. Available in Public Preview.

Rules​

Sumo Logic's Cloud SIEM rules leverage AI for the following:

• Insight Trainer. Utilizes ML and AI to deliver outcome-based recommendations, reducing false positives without compromising detection value.
• First-seen rule. Identifies novel threats based on first occurrences.
• Outlier rule. Detects abnormal behavior indicating potential security breaches.

Global Intelligence​

The Global Intelligence Service apps provide security teams with real-time security intelligence to scale detection, prioritization, investigation, and workflow to prevent potentially harmful service configurations that could lead to a costly data breach.

FAQ​

General​

Security and privacy​

Technical​

Additional resources​

• Dojo AI Overview
• Welcome to Dojo AI: Where AI agents strengthen your SOC
• New agents in the Dojo: Expanded Sumo Logic Dojo AI
• The SOC Analyst Agent: Bring an agentic approach to work with your SOC team
• The AI SOC explained: Intelligent security for modern threats
• Join operator and Query Agent for smarter log analysis