CSE Administration

Learn about onboarding tasks and best practices for Cloud SIEM Enterprise administrators. In this section, we'll introduce the following concepts:

Learn how to filter and search CSE list pages.

Learn about Network Blocks, their purpose, and instructions for setting them up and using them.

Learn how to create a custom tag schema in CSE.

Learn how to create and manage Custom Threat Sources.

Learn how to issue a notification to another service when certain events occur in CSE.

Learn to query an external system for details about an Entity, IOC, or data encountered in a Record.

Learn how to access CSE APIs and API documentation.

Learn about retention periods for different types of CSE data.

Learn how to search the Audit Event Index for CSE log events.

Learn how to create and manage user accounts and roles for CSE.

Learn how to extract Inventory Data from logs in Sumo Logic and send it to CSE.

Learn how to use a saved Sumo Logic search to populate a Lookup Table with CSE inventory data.

Learn how to create and manage Custom Insight Resolutions.

Learn how to create and manage Custom Insight Statuses.

Learn how to use Sensor Zones to distinguish between CSE Entities that have the same IP address.

Learn about Inventory Sources and the Inventory Data they collect.