Skip to main content

CSE Schema

This guide has information about Cloud SIEM Enterprise (CSE) schemas. In this section, we'll introduce the following concepts:

icon

Record Processing Pipeline

Learn how CSE transforms incoming raw messages into Records.

icon

CSE Schema Attributes

Learn about CSE schema attributes.

icon

Mappable Attributes

Learn what CSE schema attributes you can map to Records.

icon

Record Types

Learn about the Record types to which you can map schema attributes.

icon

Parsing Language Reference

Parsing is the first step in the CSE Record processing pipeline.

icon

Log Mapping

Learn how to create a log mapping for structured messages.

icon

Normalized Classification

Set up schema fields with an enforced, CSE-defined output.

icon

Field Mappings

Set up field mappings for messages that you want to be processed by CSE's normalized threat rules.

icon

Parser Editor

Learn how to use the Parser Editor to configure and test a custom parser.

icon

Username and Hostname Normalization

Learn how to import YARA rules from GitHub into CSE.

icon

Parser Troubleshooting

Learn how to troubleshoot problems with parsers.

Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.