Records, Signals, Entities, and Insights

Learn about insight generation, working with entities, and how to query Cloud SIEM records.

In this section, we'll introduce the following concepts:

Learn how to configure the detection window and the threshold activity score for insight generation.

Learn how to triage and prioritize insights.

Learn how to set up custom insight configurations.

Learn about all the entities in Cloud SIEM and their activity scores.

Learn how to adjust the severity of signals for specific entities.

Learn how to create custom entity types in Cloud SIEM.

Learn how to automatically group entities in terms of criteria like name or IP address.

Learn how to normalize the names of users and hosts (machines) in your environment.

Learn how to view records associated with a signal in Cloud SIEM.

Learn about ways to suppress and exclude Cloud SIEM signals from the insight generation process.

Learn to search the Sumo Logic platform for records and signals that have been forwarded from Cloud SIEM.

Learn how to add context to Cloud SIEM items, and search and filter items by tag.