Skip to main content

Cloud SIEM

Cloud SIEM is a cloud-based security information and event management (SIEM) system that provides the following functionality: 

  • Collection of log and event data from your infrastructure and applications, on-premise and in-cloud.
  • Correlation of the collected data to reduce the volume of info you need to sift through to investigate issues.
  • A rich interface that analysts and admins can use to investigate security issues and administer Cloud SIEM itself.
  • Integration with the Sumo Logic core platform.

This section contains the following topics:

Shield on a cloud icon

Get Started with Cloud SIEM

Learn how to start using Cloud SIEM for threat hunting.

Shield on a cloud icon

Records, Signals, Entities, and Insights

Learn about Insight generation, working with Entities, and how to query Cloud SIEM Records.

Shield on a cloud icon

Ingestion

Learn how to configure ingestion for supported products and services.

Shield on a cloud icon

Rules

Learn how to write rules, rules syntax, and Cloud SIEM built-in rules.

Shield on a cloud icon

Schema

Learn about Cloud SIEM Schema v3, schema attributes, and the Record processing pipeline.

Shield on a cloud icon

Sensors

Cloud SIEM Sensors collect log and event data from your infrastructure and applications.

Shield on a cloud icon

Integrations

Cloud SIEM integration with Sumo Logic and threat intel sources, and leveraging the Cloud SIEM Insight Enrichment Server.

Shield on a cloud icon

Match Lists and Suppressed Lists

Learn about creating a Match list and their usage in rules.

Shield on a cloud icon

Automation

Learn how to configure automations to create notifications and enrichments in Cloud SIEM.

Shield on a cloud icon

Administration

Learn how to set up user accounts and roles, Actions, Network Blocks, custom Insight status and sub-resolutions, and more.

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.