Cloud SIEM Enterprise
Cloud SIEM Enterprise (CSE) is a cloud-based security information and event management (SIEM) system that provides the following functionality:
- Collection of log and event data from your infrastructure and applications, on-premise and in-cloud.
- Correlation of the collected data to reduce the volume of info you need to sift through to investigate issues.
- A rich interface that analysts and admins can use to investigate security issues and administer Cloud SIEM itself.
- Integration with the Sumo Logic core platform.
In this section, we'll introduce the following concepts:
Get Started with Cloud SIEM
Learn how to start using Cloud SIEM for threat hunting.
Records, Signals, Entities, and Insights
Learn about Insight generation, working with Entities, and how to query CSE Records.
Learn how to configure ingestion for supported products and services.
Learn how to write rules, rules syntax, and CSE built-in rules.
Learn about CSE Schema v3, schema attributes, and the Record processing pipeline.
CSE Sensors collect log and event data from your infrastructure and applications.
CSE integration with Sumo Logic and threat intel sources, and leveraging the CSE Insight Enrichment Server.
Match Lists and Suppressed Lists
Learn about creating a Match list and their usage in rules.
Learn how the Automation Service helps you automate smart actions.
Learn how to set up user accounts and roles, Actions, Network Blocks, custom Insight status and sub-resolutions, and more.