Records, Signals, Entities, and Insights
Learn about Insight generation, working with Entities, and how to query CSE Records.Β
In this section, we'll introduce the following concepts:
ποΈ Insight Generation
Learn how CSE correlates Signals by entity to create Insights.
ποΈ View and Manage Entities
The Entities page lists all of the Entities in CSE and their Activity Scores.
ποΈ Custom Entity Types
Learn how to create a custom Entity type.
ποΈ Entity Groups
You can use Entity Groups to automatically group entities in terms of criteria like name or IP Address.
ποΈ Insight Generation Settings
Learn how to configure the detection window and the threshold Activity Score for Insight generation.
ποΈ Entity Criticality
You can use Entity Criticality to adjust the severity of Signals for specific Entities based on some risk factor or other consideration.
ποΈ Global Intelligence
Insight Confidence scores, predicted by Sumo Logicβs Global Intelligence machine learning model, help you triage and prioritize Insights.
ποΈ Using Tags
Tags are metadata you can attach to Insights, Signals, Entities, and Rules. Tags are useful for adding context to these CSE items. You can also search for and filter items by tag.
ποΈ Search Sumo Logic for CSE Records
Learn how to search the Sumo Logic platform for CSE Records.
ποΈ View Records for a Signal
Learn how to view Records associated with a Signal.
ποΈ Signal Suppression
Learn about the ways that CSE Signals can be suppressed, and so excluded from the Insight generation process.
ποΈ CSE Insight UI
Learn about the contents of the Insights UI in CSE.
ποΈ Entity Lookup Tables
Entity Lookup Tables allow you to normalize the names of users and hosts (machines) in your environment
ποΈ Custom Insights
Learn how to set up Custom Insight configurations, which you can use to automatically generate Insights on some basis other than Entity Activity Scores.
ποΈ CSE Heads Up Display
Learn about CSE's Heads Up Display (HUD), a UI that provides an at-a-glance overview of Insight status and activity.
