Skip to main content
Sumo Logic

Log Types for the CSE App

The CSE app gives you visibility into what’s going on in Cloud SIEM Enterprise. The app dashboards present high-level and detailed views into the Records that were created, the Signals that have fired, and the Insights generated by CSE. You can also get insight in CSE rules, including rule management activity, and which rules have fired.

The CSE app gives you visibility into what’s going on in Cloud SIEM Enterprise. The app dashboards present high-level and detailed views into the Records that were created, the Signals that have fired, and the Insights generated by CSE. You can also get insight in CSE rules, including rule management activity, and which rules have fired.

Log types

The CSE App relies on data that is already available in Sumo Logic, so you don’t need to configure data collection. 

CSE Records 

CSE  Records are stored in the following Sumo Logic partitions: 

  • sec_record_audit
  • sec_record_authentication
  • sec_record_email
  • sec_record_endpoint
  • sec_record_failure
  • sec_record_network
  • sec_record_notification

CSE Signals

CSE Signals are stored in the following partition:

  • sec_signal

CSE Insights

CSE Insight activity is written to these Audit Event Index partitions:

 

  • sumologic_audit_events— User actions performed on Insights 
  • sumologic_system_events— System actions performed on Insights are logged 


Logs written to either of the partitions above are assigned the source category cseinsight. Note that the Audit Event Index contains logs for a variety of Sumo Logic subsystems, so when searching either partition for Insights, include the source category in your search scope.