Skip to main content

Cloud SIEM

Cloud SIEM is a cloud-based security information and event management (SIEM) system that provides the following functionality: 

  • Collection of log and event data from your infrastructure and applications, on-premise and in-cloud.
  • Correlation of the collected data to reduce the volume of info you need to sift through to investigate issues.
  • A rich interface that analysts and admins can use to investigate security issues and administer Cloud SIEM itself.
  • Integration with the Sumo Logic core platform.

This section contains the following topics:

icon

Introduction to Cloud SIEM

Learn basic concepts about Cloud SIEM.

icon

Get Started with Cloud SIEM

Learn how to start using Cloud SIEM for threat hunting.

icon

Records, Signals, Entities, and Insights

Learn about Insight generation, working with Entities, and how to query Cloud SIEM Records.

icon

Ingestion

Learn how to configure ingestion for supported products and services.

icon

Rules

Learn how to write rules, rules syntax, and Cloud SIEM built-in rules.

icon

Schema

Learn about Cloud SIEM Schema v3, schema attributes, and the Record processing pipeline.

icon

Sensors

Cloud SIEM Sensors collect log and event data from your infrastructure and applications.

icon

Integrations

Cloud SIEM integration with Sumo Logic and threat intel sources, and leveraging the Cloud SIEM Insight Enrichment Server.

icon

Match Lists and Suppressed Lists

Learn about creating a Match list and their usage in rules.

icon

Automation

Learn how to configure automations to create notifications and enrichments in Cloud SIEM.

icon

Administration

Learn how to set up user accounts and roles, Actions, Network Blocks, custom Insight status and sub-resolutions, and more.

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.