CSE Administration

In this section, we'll introduce the following concepts:

📄️ Network Blocks

A Network Block is a CIDR block of IP addresses from your infrastructure that you label to provide context that can be leveraged in rules and is helpful in investigating CSE Insights.

📄️ Create a Custom Tag Schema

Custom tag schemas allow you to ensure that users apply consistent tag values.

📄️ Create a Custom Threat Intel Source

Learn how to create and manage custom threat sources.

📄️ Create CSE Actions

You can use CSE Actions to issue notifications to another service when certain events occur in CSE.

📄️ Create Context Actions

Learn about Context Actions, options that a CSE analyst can use to query an external system for information about an Entity, IOC, or data encountered in Record.

📄️ APIs

Learn how to access CSE APIs and API documentation.

📄️ Data Retention

See retention periods for different types of CSE data.

📄️ Audit Logging

Learn how to search the Audit Event Index for CSE log events.

📄️ CSE User Accounts and Roles

Learn how to create users and roles for CSE.

📄️ Custom Inventory Source

Learn how to extract inventory data from your data sources

📄️ Save Inventory Data to a Lookup Table

Learn how to use a saved Sumo Logic search to populate a Lookup Table with CSE inventory data.

📄️ Manage Custom Insight Resolutions

Learn how to create custom sub-resolutions that you can select when closing an Insight.

📄️ Custom Insight Statuses

Learn how to create and manage custom Insight statuses.

📄️ Sensor Zones

You can use sensor zones to distinguish among Entities in CSE that have the same IP address.

📄️ Inventory Sources and Data

Inventory data is information about computers and users in your environment that CSE uses to provide context to Entities in the CSE UI.