📄️ View the "Send your data" Options
The Send your data pages contain detailed instructions on how to send data from various sources to your Logz.io account.
📄️ SIEM Summary Dashboard
The Summary dashboard is the default screen that you can see when accessing your Cloud SIEM account.
📄️ Investigate Events
The Summary dashboard has a dedicated section for events, which are security rules or alerts that got executed.
📄️ Creating Security Rules
Security rules define events and their execution conditions. A rule can contain one or more queries. You can create a security rule either from scratch or by using an existing rule.
📄️ Adding Notification and SOAR Endpoints
A notification endpoint defines where a notification of a rule execution needs to be sent to. Logz.io has a number of pre-configured endpoints, such as Slack or Opsgenie. Otherwise you can easily add any notification endpoint using the Custom feature. The latter option is currently used to integrate with SOARs.
📄️ Configure SIEM to Automatically Create JIRA Tickets by Alert
You can configure the notification endpoint to create a JIRA ticket in your preferred board, every time there is a new alert.
📄️ Edit Rules and Protected Rules
There are two types of rules in Cloud SIEM:
📄️ Managing Security Events
Cloud SIEM has an integrated platform for security events management. Here you can view security events that have occured, edit them, assign a security rule to a team member. You can filter the list using the top menu filters and the search bar.
📄️ Manage Your Threat Feeds
There are two types of threat feeds in Cloud SIEM:
📄️ Select Dashboards For Your Cloud SIEM Summary Page
Choosing a dashboard