Cloud SIEM Administration

Learn about onboarding tasks and best practices for Cloud SIEM administrators. In this section, we'll introduce the following concepts:

Learn how to filter and search Cloud SIEM list pages.

Learn about network blocks, their purpose, and instructions for setting them up and using them.

Learn how to create a custom tag schema in Cloud SIEM.

Learn how to create and manage Custom Threat Sources.

Learn how to issue a notification to another service when certain events occur in Cloud SIEM.

Learn to query an external system for details about an entity, IOC, or data encountered in a record.

Learn how to access Cloud SIEM APIs and API documentation.

Learn about retention periods for different types of Cloud SIEM data.

Learn how to search the Audit Event Index for Cloud SIEM log events.

Learn how to create and manage user accounts and roles for Cloud SIEM.

Learn how to extract Inventory Data from logs in Sumo Logic and send it to Cloud SIEM.

Learn how to use a saved Sumo Logic search to populate a Lookup Table with Cloud SIEM inventory data.

Learn how to create and manage custom insight resolutions.

Learn how to create and manage custom insight statuses.

Learn how to use Sensor Zones to distinguish between Cloud SIEM entities that have the same IP address.

Learn about Inventory Sources and the Inventory Data they collect.

Learn how well you are prepared to detect adversary attacks based on the tactics and techniques in the MITRE ATT&CK Enterprise Matrix.