Records, Signals, Entities, and Insights
Learn about Insight generation, working with Entities, and how to query CSE Records.ย
In this section, we'll introduce the following concepts:
๐๏ธ Insight Generation
Learn how CSE correlates Signals by entity to create Insights.
๐๏ธ View and Manage Entities
The Entities page lists all of the Entities in CSE and their Activity Scores.
๐๏ธ Custom Entity Types
Learn how to create a custom Entity type.
๐๏ธ Entity Groups
You can use Entity Groups to automatically group entities in terms of criteria like name or IP Address.
๐๏ธ Insight Generation Settings
Learn how to configure the detection window and the threshold Activity Score for Insight generation.
๐๏ธ Entity Criticality
You can use Entity Criticality to adjust the severity of Signals for specific Entities based on some risk factor or other consideration.
๐๏ธ Global Intelligence
Insight Confidence scores, predicted by Sumo Logicโs Global Intelligence machine learning model, help you triage and prioritize Insights.
๐๏ธ Using Tags
Tags are metadata you can attach to Insights, Signals, Entities, and Rules. Tags are useful for adding context to these CSE items. You can also search for and filter items by tag.
๐๏ธ Search Sumo Logic for CSE Records
Learn how to search the Sumo Logic platform for CSE Records.
๐๏ธ View Records for a Signal
Learn how to view Records associated with a Signal.
๐๏ธ Signal Suppression
Learn about the ways that CSE Signals can be suppressed, and so excluded from the Insight generation process.
๐๏ธ CSE Insight UI
Learn about the contents of the Insights UI in CSE.
๐๏ธ Entity Lookup Tables
Entity Lookup Tables allow you to normalize the names of users and hosts (machines) in your environment
๐๏ธ Custom Insights
Learn how to set up Custom Insight configurations, which you can use to automatically generate Insights on some basis other than Entity Activity Scores.
๐๏ธ CSE Heads Up Display
Learn about CSE's Heads Up Display (HUD), a UI that provides an at-a-glance overview of Insight status and activity.
