Cloud SIEM Administration
Learn about onboarding tasks and best practices for Cloud SIEM administrators. In this section, we'll introduce the following concepts:
Filter and Search
Learn how to filter and search Cloud SIEM list pages.
Network Blocks
Learn about Network Blocks, their purpose, and instructions for setting them up and using them.
Create a Custom Tag Schema
Learn how to create a custom tag schema in Cloud SIEM.
Create a Custom Threat Intelligence Source
Learn how to create and manage Custom Threat Sources.
Create Cloud SIEM Actions
Learn how to issue a notification to another service when certain events occur in Cloud SIEM.
Create Cloud SIEM Context Actions
Learn to query an external system for details about an entity, IOC, or data encountered in a record.
Cloud SIEM APIs
Learn how to access Cloud SIEM APIs and API documentation.
Data Retention
Learn about retention periods for different types of Cloud SIEM data.
Audit Logging
Learn how to search the Audit Event Index for Cloud SIEM log events.
Cloud SIEM User Accounts and Roles
Learn how to create and manage user accounts and roles for Cloud SIEM.
Custom Inventory Source
Learn how to extract Inventory Data from logs in Sumo Logic and send it to Cloud SIEM.
Save Inventory Data to a Lookup Table
Learn how to use a saved Sumo Logic search to populate a Lookup Table with Cloud SIEM inventory data.
Manage Custom Insight Resolutions
Learn how to create and manage custom insight resolutions.
Managing Custom Insight Statuses
Learn how to create and manage custom insight statuses.
Sensor Zones
Learn how to use Sensor Zones to distinguish between Cloud SIEM entities that have the same IP address.
Inventory Sources and Data
Learn about Inventory Sources and the Inventory Data they collect.
MITRE Coverage
Learn how well you are prepared to detect adversary attacks based on the tactics and techniques in the MITRE ATT&CK Enterprise Matrix.