CSE Ingestion

The topics in this section provide data ingestion guides for supported products and services.

In this section, we will introduce the following concepts:

📄️ CSE Ingestion Best Practices

This topic has information about sending log messages collected by a Sumo Logic Source or Cloud-to-Cloud Connector on to CSE to be transformed into Records.

📄️ Products with Log Mappings

This topic lists products and services, organized by vendor, for

📄️ View a List of Log Mappers for a Product

This topic has instructions for find the log mappers that CSE provides for particular product or service.

📄️ Auth0

Step 1: Configure collection

📄️ AWS Application Load Balancer

This page has instructions for collecting AWS Application Load Balancer log messages via AWS S3 and sending them to Sumo Logic to be ingested by CSE.

📄️ AWS CloudTrail

This page has instructions for collecting AWS CloudTrail log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ AWS GuardDuty

This page has instructions for collecting AWS GuardDuty log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ AWS Network Firewall

This page has instructions for collecting AWS Network Firewall log messages from AWS S3 and sending them to Sumo Logic to be ingested by CSE.

📄️ AWS VPC Flow

This page has instructions for collecting AWS VPC Flow log messages from AWS S3 and sending them to Sumo Logic to be ingested by CSE.

📄️ Check Point Firewall

This page has instructions for collecting Check Point Firewall log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Cisco ASA

This page has instructions for collecting Cisco ASA log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Cisco Meraki

This page has instructions for collecting Cisco Meraki log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Corelight Zeek

This page has instructions for collecting Corelight Zeek log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Fortigate Firewall

This page has instructions for collecting FortiGate log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Google G Suite Apps Audit

Step 1: Configure collection

📄️ G Suite Alert Center

Step 1: Configure collection

📄️ Kemp LoadMaster

This page has instructions for collecting Kemp LoadMaster messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Linux OS Syslog

This page has instructions for collecting Linux OS Syslog log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Microsoft 365 Audit (Office 365 Audit)

This topic has instructions for collecting Microsoft 365 audit logs and sending them to Sumo Logic to be ingested by CSE.

📄️ Microsoft Azure Activity Log

This page has instructions for collecting Azure Activity log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Microsoft Windows

Step 1: Configure collection

📄️ Nginx Access Logs

This page has instructions for collecting Nginx Access Log Syslog messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Okta

Step 1: Configure collection

📄️ OneLogin

This page has instructions for collecting OneLogin log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Osquery

This page has instructions for collecting osquery log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Palo Alto Firewall

This page has instructions for collecting Palo Alto Firewall log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ SentinelOne

This page has instructions for collecting SentinelOne log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Signal Sciences WAF

This page has instructions for collecting Signal Sciences WAF log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Symantec Proxy Secure Gateway

This page has instructions for collecting Symantec Proxy Secure Gateway (ProxySG) log messages as comma separated values (CSV) and sending them to Sumo Logic to be ingested by CSE. While this document shows how to configure and ingest logs as CSV, CSE also supports Common Event Format (CEF) ProxySG logs.

📄️ Symantec Proxy Secure Gateway (Blue Coat Proxy)

This page has instructions for collecting Symantec Proxy Secure Gateway (ProxySG) log messages as comma-separated values (CSV) and sending them to Sumo Logic to be ingested by CSE. While this document shows how to configure and ingest logs as CSV, CSE also supports Common Event Format (CEF) ProxySG logs.

📄️ ZScaler NSS

This page has instructions for collecting ZScaler NSS log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Zscaler Private Access

This page has instructions for collecting Zscaler Private Access (ZPA) log messages and sending them to Sumo Logic to be ingested by CSE.

📄️ Configure a Sumo Logic Ingest Mapping

This topic has instructions for creating a CSE ingest mapping for a data source. An ingest mapping gives CSE the information it needs in order to map message fields to Record attributes. These are referred to as mapping hints, and include: Format, Vendor, Product, and Event ID Pattern.