CSE Administration
In this section, we'll introduce the following concepts:
ποΈ Network Blocks
A Network Block is a CIDR block of IP addresses from your infrastructure that you label to provide context that can be leveraged in rules and is helpful in investigating CSE Insights.
ποΈ Create a Custom Tag Schema
Custom tag schemas allow you to ensure that users apply consistent tag values.
ποΈ Create a Custom Threat Intel Source
Learn how to create and manage custom threat sources.
ποΈ Create CSE Actions
You can use CSE Actions to issue notifications to another service when certain events occur in CSE.
ποΈ Create Context Actions
Learn about Context Actions, options that a CSE analyst can use to query an external system for information about an Entity, IOC, or data encountered in Record.
ποΈ APIs
Learn how to access CSE APIs and API documentation.
ποΈ Data Retention
See retention periods for different types of CSE data.
ποΈ Audit Logging
Learn how to search the Audit Event Index for CSE log events.
ποΈ CSE User Accounts and Roles
Learn how to create users and roles for CSE.
ποΈ Custom Inventory Source
Learn how to extract inventory data from your data sources
ποΈ Save Inventory Data to a Lookup Table
Learn how to use a saved Sumo Logic search to populate a Lookup Table with CSE inventory data.
ποΈ Manage Custom Insight Resolutions
Learn how to create custom sub-resolutions that you can select when closing an Insight.
ποΈ Custom Insight Statuses
Learn how to create and manage custom Insight statuses.
ποΈ Sensor Zones
You can use sensor zones to distinguish among Entities in CSE that have the same IP address.
ποΈ Inventory Sources and Data
Inventory data is information about computers and users in your environment that CSE uses to provide context to Entities in the CSE UI.
