Sumo Logic Mo Copilot: AI assistant for faster incident response and simplified troubleshooting

AI is transforming industries at an unprecedented pace. From generative AI tools revolutionizing creative work to AI assistants reshaping enterprise workflows, one thing is clear: this technology is no longer a nice-to-have; it’s a must-have.

But what about DevSecOps - the teams tasked with safeguarding our modern apps and infrastructure and ensuring their reliability?

These teams face a daunting reality: massive and growing amounts of logs telemetry, making it hard to drive insights that could prevent security breaches, minimize downtime, and optimize performance.

Our CEO, Joe Kim, noted that many AI solutions fail to deliver real value, with many falling into “AI-washing” solutions that are looking for problems to solve. We’ve taken a different approach. Instead of AI for AI’s sake, Sumo Logic has built a system of insight designed to empower even early career developers and security teams to troubleshoot and investigate incidents.

Enter Sumo Logic Mo Copilot, the AI assistant purpose-built for DevSecOps. Designed to bridge the gap between overwhelming data and actionable insights, Copilot empowers teams to act decisively, collaborate seamlessly, and solve problems faster.

To understand Mo’s impact, we spoke to Kui Jia, our VP of AI Engineering and AI and John Visneski, our Chief Information Security Officer. Their stories reveal how Copilot transforms daily work for security and development teams, empowering everyone from junior staff to seasoned experts.

The why: overcoming data overload

DevOps, security, and IT operations teams are drowning in telemetry generated by today’s modern apps and their infrastructure. Logs are the first and last line of defense for critical insights during troubleshooting and investigations. Typically, only a handful of power users can query and interpret these logs effectively, creating bottlenecks during an incident when every second counts.

The stakes for security teams couldn’t be higher. John shared, “Threat actors are evolving faster than our ability to scale resources and train staff. The result? Overwhelmed teams spending too much time searching for answers in fragmented tools.”

On the development side, Kui, whose team built Mo Copilot, echoed similar frustrations. “Modern applications are incredibly distributed, with connected services interacting in complex ways and with the underlying infrastructure. Troubleshooting in this environment without the right tools is tedious and overwhelming.”

A day in the life: simplifying complexity

Imagine a junior security analyst responding to an early-morning alert about unusual login attempts. Instead of panicking, they can begin investigating with an initial question to Mo Visualize login attempts by the minute.

“Beyond generating results from logs search, Copilot also automatically charts the results,” John explained. “Further, it provides contextual insights that represent potential next steps. Each interaction enriches context and suggests further insights so that our junior analysts can confidently understand the incident, learn to form hypotheses and formulate them as additional questions and, thus, narrow down issues before escalating them.”

Kui’s team faced a similar challenge during a critical deployment. A junior engineer investigating an API response time spike asked, ‘Why are API response times high?’

Kui noted, “Copilot not only returned relevant data but also suggested additional insights pertaining to the impact and probable causes, including response times by service, endpoint, geolocation and so on. It’s like having a senior DevOps engineer guiding them step by step.”

Copilot Storylane

The core capabilities of Sumo Logic Mo Copilot

Copilot’s four capabilities deliver three outcomes for DevSecOps teams: faster incident response, a unified view across data, and simplified troubleshooting for all skill levels.

Natural language interaction with conversation history

Mo Copilot allows users to ask questions in plain English, automatically translating them into precise Sumo Logic queries. Our customers often compare Copilot to ChatGPT. The difference? Copilot is purpose-built for DevSecOps troubleshooting and investigations contexts.

It’s designed with guardrails to deliver reliable, actionable results - or fail fast if outside its scope - so users always trust the contextual security or developer) insights it provides.

This capability empowers every team member, regardless of technical expertise, to confidently resolve issues faster

Outcome: Faster incident response

AI-guided troubleshooting

Copilot doesn’t just surface data; it provides context-aware recommendations tailored to the problem, guiding users through troubleshooting. In essence, Mo knows whether it’s guiding a security practitioner or developer and uses that context to provide recommendations unique to those needs.

“It’s like having an AI-powered coach for every investigation,” John shared. “Copilot doesn’t just surface raw data - it guides our team toward insights, saving time.”

By offering actionable signals, Copilot enhances productivity and minimizes reliance on senior experts, enabling faster more accurate resolutions. With conversation history, teams and first responders can pick up where they left off.

Outcome: Simplified troubleshooting for all

System of insight

With structured and unstructured logs consolidated into the Sumo Logic Platform, Copilot centralizes quick insights for all logs-driven use cases.

“No more switching between tools,” John added. “We analyze everything in one place, cutting down context-switching and improving efficiency. It’s a game changer for collaborative troubleshooting.”

This unified approach ensures complete visibility and eliminates blind spots, enabling informed and faster decision-making.

Outcome: Unified AI-powered insights

Automated data visualization

Understanding raw data can be challenging, but Copilot transforms it into intuitive dashboards and visualizations automatically tailored to the query and data results.

“These visualizations turn query results into actionable insights,” Kui explained. “Operational monitoring for new features is an ongoing requirement. With Copilot, even new team members can quickly analyze logs and build dashboards.”

From identifying security risks to optimizing performance, these visualizations save time and boost productivity. Typically, building dashboards and visualizations requires time and resources from power users, but with Copilot, this capability is accessible to all users regardless of their technical know-how.

Outcome: Faster incident response

These capabilities are built on Amazon Bedrock. Its security and compliance posture ensures our customers’ data remains private and secure, a crucial requirement for Gen AI adoption.

Towards AI-assisted DevSecOps

Mo Copilot is built on a scalable foundation that analyzes 3.5 exabytes of data daily. As we often highlight, without this foundation, even the best AI features would fail.

Copilot isn’t just a tool; it’s an intelligent teammate. It bridges the gap between data and insights, empowering teams to upskill and act faster and smarter. And we’re just getting started.

Try Copilot today!

Want to learn more about Copilot? Visit us at AWS re:Invent.

Not going to re:Invent? Download our Mo Copilot solution brief or try it for yourself in our 30-day free trial.

Let’s simplify the complexity of DevSecOps, together.