Learn about onboarding tasks and best practices for Cloud SIEM Enterprise administrators. In this section, we'll introduce the following concepts:
Filter and Search
Learn how to filter and search CSE list pages.
Learn about Network Blocks, their purpose, and instructions for setting them up and using them.
Create a Custom Tag Schema
Learn how to create a custom tag schema in CSE.
Create a Custom Threat Intelligence Source
Learn how to create and manage Custom Threat Sources.
Create CSE Actions
Learn how to issue a notification to another service when certain events occur in CSE.
Create CSE Context Actions
Learn to query an external system for details about an Entity, IOC, or data encountered in a Record.
Learn how to access CSE APIs and API documentation.
Learn about retention periods for different types of CSE data.
Learn how to search the Audit Event Index for CSE log events.
CSE User Accounts and Roles
Learn how to create and manage user accounts and roles for CSE.
Custom Inventory Source
Learn how to extract Inventory Data from logs in Sumo Logic and send it to CSE.
Save Inventory Data to a Lookup Table
Learn how to use a saved Sumo Logic search to populate a Lookup Table with CSE inventory data.
Manage Custom Insight Resolutions
Learn how to create and manage Custom Insight Resolutions.
Managing Custom Insight Statuses
Learn how to create and manage Custom Insight Statuses.
Learn how to use Sensor Zones to distinguish between CSE Entities that have the same IP address.
Inventory Sources and Data
Learn about Inventory Sources and the Inventory Data they collect.