diff --git a/blog-cse/2023/12-31.md b/blog-cse/2023/12-31.md index a458b74899..d0e017ce09 100644 --- a/blog-cse/2023/12-31.md +++ b/blog-cse/2023/12-31.md @@ -922,7 +922,7 @@ Some of the highlights of Insight Trainer include: * **Machine Learning/AI-Driven Analytics** - Insight Trainer leverages machine learning and AI to deliver outcome-based recommendations geared towards the reduction of false positive and non-actionable Insights without compromising the actual detection value or true positive Insights in Cloud SIEM. * **Easy Adoption** - The dashboard is available as an update to our already existing Enterprise Audit Cloud SIEM application and can be set up to run with no additional configuration or data science knowledge. -Periodic application of the recommended changes will improve the quality of Insights generated by Cloud SIEM. For more information about the Insight Trainer, see our detailed [online documentation](/docs/integrations/sumo-apps/cse/#insight-trainer). +Periodic application of the recommended changes will improve the quality of Insights generated by Cloud SIEM. For more information about the Insight Trainer, see our detailed [online documentation](/docs/cse/rules/insight-trainer/). #### Bug Fixes diff --git a/docs/cse/rules/insight-trainer.md b/docs/cse/rules/insight-trainer.md index 52302a882c..03c63ebede 100644 --- a/docs/cse/rules/insight-trainer.md +++ b/docs/cse/rules/insight-trainer.md @@ -12,7 +12,7 @@ keywords: import useBaseUrl from '@docusaurus/useBaseUrl'; import Iframe from 'react-iframe'; -[Cloud SIEM - Insight Trainer](/docs/integrations/sumo-apps/cse#insight-trainer) is a dashboard in the Enterprise Audit - Cloud SIEM app. Insight Trainer offers suggestions for making adjustments to rules, such as writing rule tuning expressions and changing severities. Implementing the recommendations causes rules to be more effective at creating high-fidelity signals, resulting in generation of more meaningful insights. +[Cloud SIEM - Insight Trainer](/docs/integrations/sumo-apps/cse/#cloud-siem---insight-trainer) is a dashboard in the Enterprise Audit - Cloud SIEM app. Insight Trainer offers suggestions for making adjustments to rules, such as writing rule tuning expressions and changing severities. Implementing the recommendations causes rules to be more effective at creating high-fidelity signals, resulting in generation of more meaningful insights. :::sumo Micro Lesson @@ -66,7 +66,7 @@ The dashboard makes two kinds of suggestions, either a “tunability” score to ## Cloud SIEM - Insight Trainer page -After installing the [Enterprise Audit - Cloud SIEM app](/docs/integrations/sumo-apps/cse), access the [Cloud SIEM - Insight Trainer](/docs/integrations/sumo-apps/cse#insight-trainer) dashboard by clicking the [Library](/docs/get-started/library) icon in the left nav bar. +After installing the [Enterprise Audit - Cloud SIEM app](/docs/integrations/sumo-apps/cse), access the [Cloud SIEM - Insight Trainer](/docs/integrations/sumo-apps/cse/#cloud-siem---insight-trainer) dashboard by clicking the [Library](/docs/get-started/library) icon in the left nav bar. The dashboard has the following sections: * [Filters](#filters) diff --git a/docs/cse/troubleshoot/troubleshoot-mappers.md b/docs/cse/troubleshoot/troubleshoot-mappers.md index cf901fe340..6e3af496d8 100644 --- a/docs/cse/troubleshoot/troubleshoot-mappers.md +++ b/docs/cse/troubleshoot/troubleshoot-mappers.md @@ -21,7 +21,7 @@ For information about creating log mappers, see [Create a Structured Log Mapping ### Failed Records dashboard -The [Enterprise Audit - Cloud SIEM app](/docs/integrations/sumo-apps/cse/) provides dashboards and queries for greater visibility into Cloud SIEM activity. Troubleshooting parser failures is aided by the [Cloud SIEM - Record Analysis - Failed Records](/docs/integrations/sumo-apps/cse/#record-analysis-failed-records) dashboard and query found within the app. (The Enterprise Audit - Cloud SIEM app must be installed). +The [Enterprise Audit - Cloud SIEM app](/docs/integrations/sumo-apps/cse/) provides dashboards and queries for greater visibility into Cloud SIEM activity. Troubleshooting parser failures is aided by the [Cloud SIEM - Record Analysis - Failed Records](/docs/integrations/sumo-apps/cse/#cloud-siem---record-analysis---failed-records) dashboard and query found within the app. (The Enterprise Audit - Cloud SIEM app must be installed). Common failure types: * **Parser failures**. Include parser path and specific parsing error. diff --git a/docs/cse/troubleshoot/troubleshoot-parsers.md b/docs/cse/troubleshoot/troubleshoot-parsers.md index c34b623b04..1dba073dfd 100644 --- a/docs/cse/troubleshoot/troubleshoot-parsers.md +++ b/docs/cse/troubleshoot/troubleshoot-parsers.md @@ -65,7 +65,7 @@ Following these fundamentals will help prevent common parsing issues and simplif ### Failed Records dashboard -The [Enterprise Audit - Cloud SIEM app](/docs/integrations/sumo-apps/cse/) provides dashboards and queries for greater visibility into Cloud SIEM activity. Troubleshooting parser failures is aided by the [Cloud SIEM - Record Analysis - Failed Records](/docs/integrations/sumo-apps/cse/#record-analysis-failed-records) dashboard and query found within the app. (The Enterprise Audit - Cloud SIEM app must be installed). +The [Enterprise Audit - Cloud SIEM app](/docs/integrations/sumo-apps/cse/) provides dashboards and queries for greater visibility into Cloud SIEM activity. Troubleshooting parser failures is aided by the [Cloud SIEM - Record Analysis - Failed Records](/docs/integrations/sumo-apps/cse/#cloud-siem---record-analysis---failed-records) dashboard and query found within the app. (The Enterprise Audit - Cloud SIEM app must be installed). Common failure types: * **Parser failures**. Include parser path and specific parsing error. diff --git a/docs/integrations/sumo-apps/cse.md b/docs/integrations/sumo-apps/cse.md index b03badfdc8..8b29aa7384 100644 --- a/docs/integrations/sumo-apps/cse.md +++ b/docs/integrations/sumo-apps/cse.md @@ -8,7 +8,7 @@ description: The Enterprise Audit - Cloud SIEM app gives you visibility into wha import useBaseUrl from '@docusaurus/useBaseUrl'; import Iframe from 'react-iframe';  -The Enterprise Audit - Cloud SIEM app gives you visibility into what’s going on in Cloud SIEM. The app dashboards present high-level and detailed views into the Records that were created, the Signals that have fired, and the Insights generated by Cloud SIEM. You can also get insight in Cloud SIEM rules, including rule management activity, and which rules have fired. +The Enterprise Audit - Cloud SIEM app gives you visibility into what’s going on in Cloud SIEM. The app dashboards present high-level and detailed views into the records that were created, the signals that have fired, and the insights generated by Cloud SIEM. You can also get insight in Cloud SIEM rules, including rule management activity, and which rules have fired. :::sumo Micro Lesson @@ -45,40 +45,73 @@ Watch this micro lesson to learn more about the Enterprise Audit - Cloud SIEM ap The Enterprise Audit - Cloud SIEM App relies on data that is already available in Sumo Logic, so you don’t need to configure data collection. -### Cloud SIEM Records +### Cloud SIEM records -Cloud SIEM Records are stored in the following Sumo Logic partitions: +Cloud SIEM records are stored in the following Sumo Logic partitions: -* sec_record_audit -* sec_record_authentication -* sec_record_email -* sec_record_endpoint -* sec_record_failure -* sec_record_network -* sec_record_notification +* `sec_record_audit` +* `sec_record_authentication` +* `sec_record_email` +* `sec_record_endpoint` +* `sec_record_failure` +* `sec_record_network` +* `sec_record_notification` -### Cloud SIEM Signals +### Cloud SIEM signals -Cloud SIEM Signals are stored in the following partition: +Cloud SIEM signals are stored in the following partition: -* sec_signal +* `sec_signal` -### Cloud SIEM Insights +### Cloud SIEM insights -Cloud SIEM Insight activity is written to these Audit Event Index partitions: +Cloud SIEM insight activity is written to these Audit Event Index partitions: -* sumologic_audit_events. User actions performed on Insights -* sumologic_system_events, System actions performed on Insights are logged +* `sumologic_audit_events`. User actions performed on insights. +* `sumologic_system_events`. System actions performed on insights. -Logs written to either of the partitions above are assigned the source category cseinsight. Note that the Audit Event Index contains logs for a variety of Sumo Logic subsystems, so when searching either partition for Insights, include the source category in your search scope. +Insight event logging written to either of the partitions above is assigned the source category `cseinsight`. + +Note that the Audit Event Index contains logs for a variety of Sumo Logic subsystems, so when searching either partition for insights, include the source category in your search scope. For more information, see [Cloud SIEM Audit Logging](/docs/cse/administration/cse-audit-logging/). ## Install the Enterprise Audit - Cloud SIEM app -import AppInstallNoDataSourceV2 from '../../reuse/apps/app-install-index-apps-v2.md'; +### Install and configure Cloud SIEM + +The Enterprise Audit - Cloud SIEM app provides data on your Cloud SIEM installation. Therefore, before you can install the app, you must install and configure Cloud SIEM. See [Onboarding Checklist for Cloud SIEM Administrators](/docs/cse/get-started-with-cloud-siem/onboarding-checklist-cse/) for an overview. + +Most importantly, before you can see data in the app dashboards, you must have already set up data ingestion to Cloud SIEM. See [Cloud SIEM Ingestion Best Practices](/docs/cse/ingestion/cse-ingestion-best-practices/) for an introduction. + +### Install the Enterprise Audit - Cloud SIEM app + +To install the app: +1. Ensure Cloud SIEM is installed and is receiving collected data. +1. Select **App Catalog**. +1. In the **Search Apps** field, search for and then select the **Enterprise Audit - Cloud SIEM** app. +1. Click **Install App**. +1. Click **Next**. The app installs. +1. Look for the dialog confirming that your app was installed successfully. + +Dashboard panels will automatically start to fill with data matching the time range query received since you installed the app. Results won't be available immediately, but within about 20 minutes, you'll see completed graphs and maps. + +### View the app in the Installed Apps folder + +Once the app is installed, it will appear in the **Installed Apps** folder of your [library](/docs/get-started/library/). From there, you can share the app with other users in your organization. + +#### Subfolders under the app + +Dashboards for the app are organized in subfolders: +* **Health Monitoring**. Dashboards monitoring the health of your Cloud SIEM parsing, mapping, and rules. +* **Insight Analysis**. Dashboards analyzing Cloud SIEM insights in the system. +* **Record Analysis**. Dashboards analyzing the records collected for use in signals. +* **Signal Analysis**. Dashboards analyzing the signals used to generate insights. +* **SOC Analysis**. Dashboards useful for security operations center (SOC) analysts. + +#### Example queries - +The **Enterprise Audit - Cloud SIEM** folder in the library not only contains dashboards, but also example queries that you can use to work with Cloud SIEM data. For example, the **SOC Analysis** folder contains the **Scheduled View Threat Hunting** query that you can use to create a new scheduled view for queries over large time windows. ## Viewing the Enterprise Audit - Cloud SIEM app dashboards @@ -86,137 +119,197 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md'; -### Insight Trainer +### Cloud SIEM - Failed Records Analysis + +The **Cloud SIEM - Failed Records Analysis** dashboard provides a summary of failed records. + +Cloud SIEM - Failed Records Analysis dashboard + +### Cloud SIEM - Insight Explorer + +The **Cloud SIEM - Insight Explorer** dashboard provides details of an insight. + +Cloud SIEM - Insight Explorer dashboard + +### Cloud SIEM - Insight Report + +The **Cloud SIEM - Insight Report** dashboard provides all comments (and other status changes) for an insight provided in the filter. + +Cloud SIEM - Insight Report dashboard + +### Cloud SIEM - Insight Trainer + +The **Cloud SIEM - Insight Trainer** dashboard offers suggestions for making adjustments to rules, such as writing rule tuning expressions and changing severities. Implementing the recommendations causes rules to be more effective at creating high-fidelity signals, resulting in generation of more meaningful insights. For more information, see [Improve Rules with Insight Trainer](/docs/cse/rules/insight-trainer). + +Cloud SIEM - Insight Trainer dashboard -The **Cloud SIEM - Insight Trainer** dashboard offers suggestions for making adjustments to rules, such as writing rule tuning expressions and changing severities. Implementing the recommendations causes rules to be more effective at creating high-fidelity Signals, resulting in generation of more meaningful Insights. For more information, see [Improve Rules with Insight Trainer](/docs/cse/rules/insight-trainer). +### Cloud SIEM - Insights Closed -Cloud SIEM dashboard +The **Cloud SIEM - Insights Closed** dashboard displays metrics on closed insights, including breakdowns by severity, resolution status, assignee, entity type, Rule ID and more. -### Insights Closed +Cloud SIEM - Insights Closed dashboard -The **Cloud SIEM - Insights Closed** dashboard displays metrics on closed Insights, including breakdowns by severity, resolution status, assignee, Entity type, Rule ID and more. +### Cloud SIEM - Insights Created -Cloud SIEM dashboard +The **Cloud SIEM - Insights Created** dashboard presents metrics about insight creation in your environment. You can see information like how many insights have been created, average time to detection, and insight Confidence statistics. There are breakdowns of insights created by severity, primary entity, rule ID, entity type, and more. -### Insights Created +Cloud SIEM - Insights Created dashboard -The **Cloud SIEM - Insights Created** dashboard presents metrics about Insight creation in your environment. You can see information like how many insights have been created, average time to detection, and Insight Confidence statistics. There are breakdowns of Insights created by severity, primary Entity, rule ID, Entity type, and more. +### Cloud SIEM - Insights Overview -Cloud SIEM dashboard +The **Cloud SIEM - Insights Overview** dashboard displays a high level view of insight activity in your environment. You can see counts of insights created and closed over time, and the top insights by Confidence Level. -### Insights Overview +Cloud SIEM - Insights Overview dashboard -The **Cloud SIEM - Insights Overview** dashboard displays a high level view of Insight activity in your environment. You can see counts of Insights created and closed over time, and the top Insights by Confidence Level. +### Cloud SIEM - Overview -Cloud SIEM dashboard +The **Cloud SIEM - Overview** dashboard provides metrics related to insight, signals and records. Use dashboard filters to look for specific insight, signals and records. -### Parsing and Mapping Troubleshooting +Cloud SIEM - Overview dashboard + +### Cloud SIEM - Parsing and Mapping Troubleshooting The **Cloud SIEM - Parsing and Mapping Troubleshooting** dashboard shows breakdowns of cloud SIEM parsing and mapping troubleshooting. -Cloud SIEM Parsing and Mapping Troubleshooting +Cloud SIEM - Parsing and Mapping Troubleshooting dashboard -### Rules and Mapping Changes +### Cloud SIEM - Record Analysis - Audit Records -The **Cloud SIEM - Rules and Mapping Changes** dashboard is useful for monitoring rule management activities. It has information about Cloud SIEM rules, including content management activities like rule creation, modification, and deletion. You can also see more detailed information about rule management events, such as the associated user, and the rule’s enablement and prototype status. +The **Cloud SIEM - Record Analysis - Audit Records** dashboard displays metrics about records created by Cloud SIEM of the type Audit. Typically, this record type is used for log sources that leave a basic audit trail. + +Cloud SIEM - Record Analysis - Audit Records dashboard + +### Cloud SIEM - Record Analysis - Authentication Records + +The **Cloud SIEM - Record Analysis - Authentication Records** dashboard displays metrics about records created by Cloud SIEM of the type Authentication. Typically, this record type is used for log sources that report successful or unsuccessful authentication events. + +Cloud SIEM - Record Analysis - Authentication Records dashboard -Cloud SIEM dashboard +### Cloud SIEM - Record Analysis - Email Records -### Record Analysis Failed Records +The **Cloud SIEM - Record Analysis - Email Records** dashboard displays metrics about records created by Cloud SIEM of the type Email. Typically, this record type is used for log sources containing email information such as email protection applications and services. -The **Cloud SIEM - Record Analysis Failed Records** dashboard is useful for understanding if you have messages or data sources for which Cloud SIEM is unable to create normalized Records. +Cloud SIEM - Record Analysis - Email Records dashboard -Cloud SIEM dashboard +### Cloud SIEM - Record Analysis - Endpoint Records -### Record Analysis Audit Records +The **Cloud SIEM - Record Analysis - Endpoint Records** dashboard displays metrics about records created by Cloud SIEM of the type Endpoint. Typically, this record type is used for messages from endpoint security services. -The **Cloud SIEM - Record Analysis Audit Records** dashboard displays metrics about Records created by Cloud SIEM of the type Audit. Typically, this Record type is used for log sources that leave a basic audit trail. +Cloud SIEM - Record Analysis - Endpoint Records dashboard -Cloud SIEM dashboard +### Cloud SIEM - Record Analysis - Failed Records -### Record Analysis Authentication Records +The **Cloud SIEM - Record Analysis - Failed Records** dashboard is useful for understanding if you have messages or data sources for which Cloud SIEM is unable to create normalized records. -The **Cloud SIEM - Record Analysis Authentication Records** dashboard displays metrics about Records created by Cloud SIEM of the type Authentication. Typically, this Record type is used for log sources that report successful or unsuccessful authentication events. +Cloud SIEM - Record Analysis - Failed Records dashboard -Cloud SIEM dashboard +### Cloud SIEM - Record Analysis - Network Records -### Record Analysis Email Records +The **Cloud SIEM - Record Analysis - Network Records** dashboard displays metrics about records created by Cloud SIEM of the type Network. Typically, this record type is used for messages from log sources that describe network events. -The **Cloud SIEM - Record Analysis Email Records** dashboard displays metrics about Records created by Cloud SIEM of the type Email. Typically, this Record type is used for log sources containing email information such as email protection applications and services. +Cloud SIEM - Record Analysis - Network Records dashboard -Cloud SIEM dashboard +### Cloud SIEM - Record Analysis - Notification Records -### Record Analysis Endpoint Records +The **Cloud SIEM - Record Analysis - Notification Records** dashboard displays metrics about records created by Cloud SIEM of the type Notification. Typically, this record type is used for messages from services that issue notifications or alerts, like threat detection and response systems. -The **Cloud SIEM - Record Analysis Endpoint Records** dashboard displays metrics about Records created by Cloud SIEM of the type Endpoint. Typically, this Record type is used for messages from endpoint security services. +Cloud SIEM - Record Analysis - Notification Records dashboard -Cloud SIEM dashboard +### Cloud SIEM - Record Analysis - Record Overview -### Record Analysis Network Records +The **Cloud SIEM - Record Analysis - Record Overview** dashboard provides an overview of Cloud SIEM records by source, destination, volume, and vendor and product. -The **Cloud SIEM - Record Analysis Network Records** dashboard displays metrics about Records created by Cloud SIEM of the type Network. Typically, this Record type is used for messages from log sources that describe network events. +Cloud SIEM - Record Analysis - Record Overview dashboard -Cloud SIEM dashboard +### Cloud SIEM - Record Parsing and Analysis -### Record Analysis Notification Records +The **Cloud SIEM - Record Parsing and Analysis** dashboard provides analysis on records parsing. -The **Cloud SIEM - Record Analysis Notification Records** dashboard displays metrics about Records created by Cloud SIEM of the type Notification. Typically, this Record type is used for messages from services that issue notifications or alerts, like threat detection and response systems. +Cloud SIEM - Record Parsing and Analysis dashboard -Cloud SIEM dashboard +### Cloud SIEM - Rule Overview + +The **Cloud SIEM - Rule Overview** dashboard look in depth at a Cloud SIEM rule to assist with rule tuning. + +Cloud SIEM - Rule Overview + +### Cloud SIEM - Rules and Mapping Changes + +The **Cloud SIEM - Rules and Mapping Changes** dashboard is useful for monitoring rule management activities. It has information about Cloud SIEM rules, including content management activities like rule creation, modification, and deletion. You can also see more detailed information about rule management events, such as the associated user, and the rule’s enablement and prototype status. -### Record Analysis Record Overview +Cloud SIEM - Rules and Mapping Changes dashboard -The **Cloud SIEM - Record Analysis Record Overview** dashboard provides an overview of Cloud SIEM Records by source, destination, volume, and vendor and product. +### Cloud SIEM - Security Operations Overview -Cloud SIEM dashboard +The **Cloud SIEM - Security Operations Overview** dashboard explores Cloud SIEM insights using Sumo Logic audit events. -### Signal Analysis +Cloud SIEM - Security Operations Overview dashboard -The **Cloud SIEM - Signal Analysis** dashboard presents metrics about Signals that have been fired, including breakdowns by rule, host, and IP address. +### Cloud SIEM - Signal Analysis -Cloud SIEM dashboard +The **Cloud SIEM - Signal Analysis** dashboard presents metrics about signals that have been fired, including breakdowns by rule, host, and IP address. -### Signal Analysis Rules +Cloud SIEM - Signal Analysis dashboard -The **Cloud SIEM - Signal Analysis Rules** dashboard provides trend analysis of triggered rules, rules by match expression and top rules triggered. +### Cloud SIEM - Signal Analysis - Rules -Cloud SIEM dashboard +The **Cloud SIEM - Signal Analysis - Rules** dashboard provides trend analysis of triggered rules, rules by match expression and top rules triggered. -### Signal Monitoring +Cloud SIEM - Signal Analysis - Rules dashboard -The **Cloud SIEM - Signal Monitoring** dashboard provides times-based metrics for Cloud SIEM Signals, and Signal disappearance metrics. +### Cloud SIEM - Signal Monitoring -Cloud SIEM dashboard +The **Cloud SIEM - Signal Monitoring** dashboard provides times-based metrics for Cloud SIEM signals, and signal disappearance metrics. -### Signals Overview +Cloud SIEM - Signal Monitoring dashboard -The **Cloud SIEM - Signal Overview** dashboard provides an overview of Signal activity, including Signal count over time, and a table of summary information for generated Signals. +### Cloud SIEM - Signals by Product -Cloud SIEM dashboard +The **Cloud SIEM - Signals by Product** dashboard shows breakdowns of signal by product and vendor. -### Signals by Product +Cloud SIEM - Signals by Product dashboard -The **Cloud SIEM - Signals by Product** dashboard shows breakdowns of Signal by product and vendor. +### Cloud SIEM - Signals Overview -Cloud SIEM dashboard +The **Cloud SIEM - Signal Overview** dashboard provides an overview of signal activity, including signal count over time, and a table of summary information for generated signals. -### SIEM SOC Insights +Cloud SIEM - Signal Overview dashboard -The **Cloud SIEM - Signal SOC Insights** dashboard shows breakdowns of SOC insights. +### Cloud SIEM - SOC Insights -Cloud SIEM SOC Insights +The **Cloud SIEM - SOC Insights** dashboard shows breakdowns of SOC insights. -### SOC Standup Overview +Cloud SIEM - SOC Insights -The **Cloud SIEM - Signal Standup Overview** dashboard provides an overview of total alerts, infrequent alerts breakdown, trending alerts breakdown, and detailed daily alerts breakdow. +### Cloud SIEM - SOC KPIs -Cloud SIEM SOC Standup Overview +The **Cloud SIEM - SOC KPIs** dashboard provides SOC KPIs related metrics. -### User Telemetry +Cloud SIEM - SOC KPIs + +### Cloud SIEM - SOC KRIs + +The **Cloud SIEM - SOC KRIs** dashboard provides SOC KRIs related metrics. + +Cloud SIEM - SOC KRIs dashboard + +### Cloud SIEM - SOC Standup Overview + +The **Cloud SIEM - SOC Standup Overview** dashboard provides an overview of total alerts, infrequent alerts breakdown, trending alerts breakdown, and detailed daily alerts breakdow. + +Cloud SIEM - SOC Standup Overview dashboard + +### Cloud SIEM - User Telemetry The **Cloud SIEM - User Telemetry** dashboard shows breakdowns of Cloud SIEM user telemetry. -Cloud SIEM User Telemetry +Cloud SIEM - User Telemetry dashboard + +### Signal Analysis - Suppression + +The **Signal Analysis - Suppression** dashboard shows an overview and some detailed tabular views for reflected Cloud SIEM signal events, specifically mapping, parsers, and suppression. + +Signal Analysis - Suppression dashboard ## Upgrade/Downgrade the Enterprise Audit - Cloud SIEM app (Optional) diff --git a/static/img/integrations/sumo-apps/cloud-siem-failed-records-analysis-dashboard.png b/static/img/integrations/sumo-apps/cloud-siem-failed-records-analysis-dashboard.png new file mode 100644 index 0000000000..1c0483581e Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-failed-records-analysis-dashboard.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-insight-explorer-dashboard.png b/static/img/integrations/sumo-apps/cloud-siem-insight-explorer-dashboard.png new file mode 100644 index 0000000000..04c7b7ffbe Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-insight-explorer-dashboard.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-insight-report-dashboard.png b/static/img/integrations/sumo-apps/cloud-siem-insight-report-dashboard.png new file mode 100644 index 0000000000..249de66ba5 Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-insight-report-dashboard.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-overview-dashboard.png b/static/img/integrations/sumo-apps/cloud-siem-overview-dashboard.png new file mode 100644 index 0000000000..287ed3a21d Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-overview-dashboard.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-record-parsing-and-analysis-dashboard.png b/static/img/integrations/sumo-apps/cloud-siem-record-parsing-and-analysis-dashboard.png new file mode 100644 index 0000000000..43f3b86bd6 Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-record-parsing-and-analysis-dashboard.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-rule-overview-dashboard.png b/static/img/integrations/sumo-apps/cloud-siem-rule-overview-dashboard.png new file mode 100644 index 0000000000..46b09c7b37 Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-rule-overview-dashboard.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-security-operations-overview-dashboard.png b/static/img/integrations/sumo-apps/cloud-siem-security-operations-overview-dashboard.png new file mode 100644 index 0000000000..6ff70eb883 Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-security-operations-overview-dashboard.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-signal-analysis-suppression.png b/static/img/integrations/sumo-apps/cloud-siem-signal-analysis-suppression.png new file mode 100644 index 0000000000..2cb989164d Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-signal-analysis-suppression.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-soc-kpis.png b/static/img/integrations/sumo-apps/cloud-siem-soc-kpis.png new file mode 100644 index 0000000000..8d25694972 Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-soc-kpis.png differ diff --git a/static/img/integrations/sumo-apps/cloud-siem-soc-kris-dashboard.png b/static/img/integrations/sumo-apps/cloud-siem-soc-kris-dashboard.png new file mode 100644 index 0000000000..2c4c015946 Binary files /dev/null and b/static/img/integrations/sumo-apps/cloud-siem-soc-kris-dashboard.png differ diff --git a/static/img/integrations/sumo-apps/rules-and-mapping-chanages.png b/static/img/integrations/sumo-apps/rules-and-mapping-changes.png similarity index 100% rename from static/img/integrations/sumo-apps/rules-and-mapping-chanages.png rename to static/img/integrations/sumo-apps/rules-and-mapping-changes.png