Cloud SIEM Enterprise
Cloud SIEM Enterprise (CSE) is a cloud-based SIEM that provides the following functionality:
- Collection of log and event data from your infrastructure and applications, on-premise and in-cloud.
- Correlation of the collected data to reduce the volume of info you need to sift through to investigate issues.
- A rich interface that analysts and admins can use to investigate security issues and administer CSE itself.
- Integration with the Sumo Logic platform.
In this section, we'll introduce the following concepts:
Learn how to set up user accounts and roles, Actions, Network Blocks, custom Insight status and sub-resolutions, and more.
Learn how to configure ingestion for supported products and services.
CSE integration with Sumo Logic and threat intel sources, and leveraging the CSE Insight Enrichment Server.
Learn how to write rules, rules syntax, and CSE built-in rules.
Learn about CSE Schema v3, schema attributes, and the Record processing pipeline.
CSE Sensors collect log and event data from your infrastructure and applications.
Match Lists and Suppressed Lists
Learn about creating a Match list and their usage in rules.
Records, Signals, Entities, and Insights
Learn about Insight generation, working with Entities, and how to query CSE Records.