CSE Ingestion

The topics in this section provide data ingestion guides for supported products and services.

In this section, we'll introduce the following concepts:

📄️ CSE Ingestion Best Practices

Learn how to send log messages collected by a Sumo Logic Source or Cloud-to-Cloud Connector on to CSE to be transformed into Records.

📄️ Products with Log Mappings

See the product and services that CSE supports with log mappings and parsers.

📄️ Viewing Log Mappers for a Product

Learn how to find what mappers CSE provides for a product or service.

📄️ Auth0 system parser

Configure an HTTP source to ingest Auth0 log messages and send them to CSE’s Auth0 system parser.

📄️ AWS Application Load Balancer

Configure collection and ingestion of AWS Application Load Balancer (ALB) log messages from an S3 bucket to be parsed by CSE's AWS ALB system parser.

📄️ AWS CloudTrail

Configure a CloudTrail source on a hosted collector to ingest CloudTrail log messages to be parsed by CSE's CloudTrail system parser.

📄️ AWS GuardDuty

Configure an HTTP source to ingest AWS GuardDuty log messages and send them to GuardDuty system parser.

📄️ AWS Network Firewall

Configure collection and ingestion of AWS Network Firewall log messages from an S3 bucket to be parsed by CSE's AWS Network Firewall system parser.

📄️ AWS VPC Flow

Configure collection and ingestion of VPC Flow logs from an S3 bucket to be parsed by CSE's AWS VPC Flow system parser.

📄️ Carbon Black Cloud

Configure collection of Carbon Black Cloud logs messages from an S3 bucket to be parsed by CSE's system parser for Carbon Black Cloud.

📄️ Check Point Firewall

Configure a syslog source to ingest Check Point Firewall log messages to be parsed by CSE’s system parser for Check Point Firewall.

📄️ Cisco ASA

Configure a syslog source to ingest Cisco ASA log messages to be parsed by CSE’s system parser for Cisco ASA.

📄️ Cisco Meraki

Configure a syslog source to ingest Cisco Meraki log messages to be parsed by CSE’s system parser for Cisco Meraki.

📄️ Corelight Zeek

Configure a syslog source to ingest Corelight Zeek log messages and send them to the CSE Corelight log mapper.

📄️ Fortigate Firewall

Configure a syslog source to ingest Fortigate Firewall log messages to be parsed by CSE’s system parser for Fortigate Firewall.

📄️ Google G Suite Apps Audit

Configure an G Suite Apps Audit Source to collect G Suite log messages to be parsed by CSE's system parser for G Suite Audit.

📄️ G Suite Alert Center

Collect log messages from G Suite Alert Center to be parsed by CSE's system parser for G Suite Alert Center.

📄️ Kemp LoadMaster

Configure a syslog source to ingest Kemp LoadMaster messages to be parsed by CSE’s system parser for Kemp LoadMaster.

📄️ Linux OS Syslog

Configure a syslog source to ingest Linux OS log messages to be parsed by CSE’s system parser for Linux OS Syslog.

📄️ Microsoft 365 Audit (Office 365 Audit)

Configure collection of Microsoft 365 log messages to be parsed by CSE's system parser for Microsoft 365. 

📄️ Microsoft Azure Activity Log

Configure an HTTP Source to ingest Microsoft Azure Activity Log messages and to be parsered by CSE's system parser for Azure Activity Log.

📄️ Microsoft Windows

Configure collection of Windows Event Log messages and send them to the CSE Windows Event Log mapper.

📄️ Nginx Access Logs

Configure a syslog source to ingest Nginx Access log messages to be parsed by CSE’s system parser for Nginx.

📄️ Okta

Configure an HTTP source to ingest Okta log messages and send them to CSE’s Okta system parser.

📄️ OneLogin

Learn how to collect OneLogin log messages and send them to Sumo Logic to be ingested by CSE.

📄️ Osquery

Configure an HTTP source to ingest osquery log messages and send them to the osquery system parser.

📄️ Palo Alto Firewall

Configure collection of Palo Alto Firewall log messages to be parsed by CSE's system parser for Palo Alto Firewall.

📄️ SentinelOne

Learn how to collect SentinelOne log messages and send them to Sumo Logic to be ingested by CSE.

📄️ Signal Sciences WAF

Lean how to collect Signal Sciences WAF log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Symantec Proxy Secure Gateway

Configure a syslog source to ingest Symantec Proxy Secure Gateway log messages to be parsed by CSE’s system parser for Symantec Proxy Secure Gateway.

📄️ Symantec Proxy Secure Gateway

Learn how to configure a Syslog source to collect and send Symantec Proxy Secure Gateway (ProxySG) log messages to Sumo Logic to be ingested by CSE.

📄️ ZScaler NSS

Configure collection of ZScaler NSS log messages to be parsed by CSE's system parser for ZScaler NSS.

📄️ Zscaler Private Access

Configure an HTTP source to ingest Zscaler Private Access log messages and send them to CSE’s Zscaler Private Access system parser.

📄️ Configure a Sumo Logic Ingest Mapping

Learn how to configure Sumo Logic and CSE to enable Sumo Logic to send log messages to CSE, and CSE to select a mapper to process the messages it receives from Sumo Logic.