Cloud SIEM
Cloud SIEM is a cloud-based security information and event management (SIEM) system that provides the following functionality:Â
- Collection of log and event data from your infrastructure and applications, on-premise and in-cloud.
- Correlation of the collected data to reduce the volume of info you need to sift through to investigate issues.
- A rich interface that analysts and admins can use to investigate security issues and administer Cloud SIEM itself.
- Integration with the Sumo Logic core platform.
This section contains the following topics:
Get Started with Cloud SIEM
Learn how to start using Cloud SIEM for threat hunting.
Records, Signals, Entities, and Insights
Learn about Insight generation, working with Entities, and how to query Cloud SIEM Records.
Ingestion
Learn how to configure ingestion for supported products and services.
Rules
Learn how to write rules, rules syntax, and Cloud SIEM built-in rules.
Schema
Learn about Cloud SIEM Schema v3, schema attributes, and the Record processing pipeline.
Sensors
Cloud SIEM Sensors collect log and event data from your infrastructure and applications.
Integrations
Cloud SIEM integration with Sumo Logic and threat intel sources, and leveraging the Cloud SIEM Insight Enrichment Server.
Match Lists and Suppressed Lists
Learn about creating a Match list and their usage in rules.
Automation
Learn how to configure automations to create notifications and enrichments in Cloud SIEM.
Administration
Learn how to set up user accounts and roles, Actions, Network Blocks, custom Insight status and sub-resolutions, and more.