Cloud SIEM Enterprise
Cloud SIEM Enterprise (CSE) is a cloud-based security information and event management (SIEM) system that provides the following functionality:
- Collection of log and event data from your infrastructure and applications, on-premise and in-cloud.
- Correlation of the collected data to reduce the volume of info you need to sift through to investigate issues.
- A rich interface that analysts and admins can use to investigate security issues and administer Cloud SIEM itself.
- Integration with the Sumo Logic core platform.
This section contains the following topics:

Introduction to Cloud SIEM
Learn basic concepts about Cloud SIEM.

Get Started with Cloud SIEM
Learn how to start using Cloud SIEM for threat hunting.

Records, Signals, Entities, and Insights
Learn about Insight generation, working with Entities, and how to query CSE Records.

Ingestion
Learn how to configure ingestion for supported products and services.

Rules
Learn how to write rules, rules syntax, and CSE built-in rules.

Schema
Learn about CSE Schema v3, schema attributes, and the Record processing pipeline.

Sensors
CSE Sensors collect log and event data from your infrastructure and applications.

Integrations
CSE integration with Sumo Logic and threat intel sources, and leveraging the CSE Insight Enrichment Server.

Match Lists and Suppressed Lists
Learn about creating a Match list and their usage in rules.

Automation Service
Learn how the Automation Service helps you automate smart actions.

Administration
Learn how to set up user accounts and roles, Actions, Network Blocks, custom Insight status and sub-resolutions, and more.