Skip to main content
Sumo Logic

Install the CSE App and View the Dashboards

Install the CSE app and view the dashboards.

Install the Sumo Logic App

  1. From the App Catalog, search for and select the app. 
  2. Select the version of the service you're using and click Add to Library.
  3. To install the app, complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.
    2. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

CSE Insights Closed

This dashboard displays metrics on closed Insights, including breakdowns by severity, resolution status, assignee, Entity type, Rule ID and more.

CSE-Insights-Closed.png

CSE Insights Created

This dashboard presents metrics about Insight creation in your environment. You can see information like how many insights have been created, average time to detection, and Insight Confidence statistics. There are breakdowns of Insights created by severity, primary Entity, rule ID, Entity type, and more.

CSE-Insights-Created.png

CSE Insights Overview

This dashboard displays a high level view of Insight activity in your environment. You can see counts of Insights created and  closed over time, and the top Insights by Confidence Level.

CSE-Insights-Overview.png

CSE Rules and Mapping Changes

This dashboard is useful for monitoring rule management activities. It has information about CSE rules, including content management activities like rule creation, modification, and deletion. You can also see more detailed information about rule management events, such as the associated user, and the rule’s enablement and prototype status.

CSE-Rules-And-Mapping-Changes.png

Record Analysis Failed Records

This dashboard is useful for understanding if you have messages or data sources for which  CSE is unable to create normalized Records.

Record-Analysis-Failed-Records.png

Record Analysis Audit Records

This dashboard displays metrics about Records created by CSE of the type Audit. Typically, this Record type is used for log sources that leave a basic audit trail.

Record-Analysis-Audit-Records.png

Record Analysis Authentication Records

This dashboard displays metrics about Records created by CSE of the type Authentication. Typically, this Record type is used for log sources that report successful or unsuccessful authentication events.

Record-Analysis-Authentication-Records.png

Record Analysis Email Records

This dashboard displays metrics about Records created by CSE of the type Email. Typically, this Record type is used for log sources that report successful or unsuccessful authentication events.

Record-Analysis-Email-Records.png

Record Analysis Endpoint Records

This dashboard displays metrics about Records created by CSE of the type Endpoint. Typically, this Record type is used for messages from endpoint security services.

Record-Analysis-Endpoint-Records.png

Record Analysis Network Records

This dashboard displays metrics about Records created by CSE of the type Network. Typically, this Record type is used for messages from log sources that describe network events.

Record-Analysis-Network-Records.png

Record Analysis Notification Records

This dashboard displays metrics about Records created by CSE of the type Notification. Typically, this Record type is used for messages from services that issue notifications or alerts, like threat detection and response systems. 

Record-Analysis-Notification-Records.png

Record Analysis Record Overview

This dashboard provides an overview of CSE Records by source, destination, volume,  and vendor and product.

Record-Analysis-Record-Overview.png

CSE Signal Analysis

This dashboard presents metrics about Signals that have been fired, including breakdowns by rulle, host, and IP address.

CSE-Signal-Analysis.png

CSE Signal Analysis Rules

This dashboard provides trend analysis of triggered rules, rules by match expression and top rules triggered.

CSE-Signal-Analysis-Rules.png

CSE Signal Monitoring

This dashboard provides times-based metrics for CSE Signals, and Signal disappearance metrics.

CSE-Signal-Monitoring.png

CSE Signals Overview

This dashboard provides an overview of Signal activity, including Signal count over time, and a table of summary information for generated Signals.

CSE-Signals-Overview.png

CSE Signals by Product

This dashboard shows breakdowns of Signal by product and vendor.CSE-Signals-by-Product.png