Cloud SIEM

Cloud SIEM is a cloud-based security information and event management (SIEM) system that provides the following functionality:

Collection of log and event data from your infrastructure and applications, on-premise and in-cloud.
Correlation of the collected data to reduce the volume of info you need to sift through to investigate issues.
A rich interface that analysts and admins can use to investigate security issues and administer Cloud SIEM itself.
Integration with the Sumo Logic core platform.

This section contains the following topics:

Learn basic concepts about Cloud SIEM.

Learn how to start using Cloud SIEM for threat hunting.

Learn about Insight generation, working with Entities, and how to query Cloud SIEM Records.

Learn how to configure ingestion for supported products and services.

Learn how to write rules, rules syntax, and Cloud SIEM built-in rules.

Learn about Cloud SIEM Schema v3, schema attributes, and the Record processing pipeline.

Cloud SIEM Sensors collect log and event data from your infrastructure and applications.

Cloud SIEM integration with Sumo Logic and threat intel sources, and leveraging the Cloud SIEM Insight Enrichment Server.

Learn about creating a Match list and their usage in rules.

Learn how to configure automations to create notifications and enrichments in Cloud SIEM.

Learn how to set up user accounts and roles, Actions, Network Blocks, custom Insight status and sub-resolutions, and more.