This repository serves as a single place to view Cloud SIEM content (Rules, Mappers, Parsers, and Normalization Schema) in both markdown form and CSVs. This catalog is automatically generated based on content included out of the box as it is released. Changes manually introduced to individual markdown files will be overwritten by said automation.
Use the table of contents below to navigate. If you use the directory structure above, it will be harder to navigate.
You can also use GitHub search to easily find markdown files containing key words.
| Ordered Types | Description |
|---|---|
| Rules | Actual platform logic within the Cloud SIEM product to satisfy user stories |
| Schema | The Cloud SIEM schema/data model in which data is normalized and enhanced |
| Mappings | How data from various formats is normalized and transformed into the Cloud SIEM schema |
| Parsers | Sumo Logic Log Parsers which extract/formulate key value pairs from raw log data |
| Products | Details around what products and log types we support |
| Vendors | High level vendor information |