The CSE app gives you visibility into what’s going on in Cloud SIEM Enterprise. The app dashboards present high-level and detailed views into the Records that were created, the Signals that have fired, and the Insights generated by CSE. You can also get insight in CSE rules, including rule management activity, and which rules have fired.
The CSE App relies on data that is already available in Sumo Logic, so you don’t need to configure data collection.
CSE Records are stored in the following Sumo Logic partitions:
CSE Signals are stored in the following partition:
CSE Insight activity is written to these Audit Event Index partitions:
- sumologic_audit_events— User actions performed on Insights
- sumologic_system_events— System actions performed on Insights are logged
Logs written to either of the partitions above are assigned the source category cseinsight. Note that the Audit Event Index contains logs for a variety of Sumo Logic subsystems, so when searching either partition for Insights, include the source category in your search scope.