Skip to main content

Cloud SIEM Enterprise

Cloud SIEM Enterprise (CSE) is a cloud-based security information and event management (SIEM) system that provides the following functionality: 

  • Collection of log and event data from your infrastructure and applications, on-premise and in-cloud.
  • Correlation of the collected data to reduce the volume of info you need to sift through to investigate issues.
  • A rich interface that analysts and admins can use to investigate security issues and administer Cloud SIEM itself.
  • Integration with the Sumo Logic core platform.

This section contains the following topics:

icon

Introduction to Cloud SIEM

Learn basic concepts about Cloud SIEM.

icon

Get Started with Cloud SIEM

Learn how to start using Cloud SIEM for threat hunting.

icon

Records, Signals, Entities, and Insights

Learn about Insight generation, working with Entities, and how to query CSE Records.

icon

Ingestion

Learn how to configure ingestion for supported products and services.

icon

Rules

Learn how to write rules, rules syntax, and CSE built-in rules.

icon

Schema

Learn about CSE Schema v3, schema attributes, and the Record processing pipeline.

icon

Sensors

CSE Sensors collect log and event data from your infrastructure and applications.

icon

Integrations

CSE integration with Sumo Logic and threat intel sources, and leveraging the CSE Insight Enrichment Server.

icon

Match Lists and Suppressed Lists

Learn about creating a Match list and their usage in rules.

icon

Automation Service

Learn how the Automation Service helps you automate smart actions.

icon

Administration

Learn how to set up user accounts and roles, Actions, Network Blocks, custom Insight status and sub-resolutions, and more.

Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.