SumoLogic · jpipkin1 · Mar 29, 2025 · Mar 31, 2025
@@ -28,25 +28,15 @@ This screenshot shows the **Insights** page in list view.
 
 <img src={useBaseUrl('img/cse/insights-page.png')} alt="Insights page" style={{border: '1px solid gray'}} width="800"/>
 
-Here’s one row from the List view. The numbered definitions below correspond to the labels in the screenshot.
-
-<img src={useBaseUrl('img/cse/insight-summary.png')} alt="Insight summary" style={{border: '1px solid gray'}} width="800"/>
-
-1. **Creation date and time**. When the insight was created.
-1. **Detection time**. The time between when the first event happened (when the first record in the insight occurred) and when the insight was generated. (This differs from "dwell time", which is the time between when the first record and the last record occurred in an insight.)
-1. **Age**. The elapsed time since the insight was created.
-1. **Insight name**. The insight name, made up of the insight ID, and the MITRE stage or stages associated with the signals in the insight. 
-1. **Related incidents**. Incidents that share common entities and other characteristics.
-1. **Global Confidence**. If sufficient data is available, a [Global Confidence score](/docs/cse/records-signals-entities-insights/global-intelligence-security-insights/) for the insight is shown. 
-1. **Assignee**. The analyst assigned to the Incident.
-1. The [MITRE ATT&CK](https://attack.mitre.org/) tactics and techniques exhibited by the insight.
-1. **Severity**. The severity of the insight. The value is a function of the configured entity activity score threshold for insight generation. For more information, see [About insight severity](/docs/cse/get-started-with-cloud-siem/insight-generation-process#about-insight-severity).
-1. **Entity**. The entity associated with the insight.
-1. **Signal Data**. This area has three bits of information:
-   * The count of signals that caused the insight to be created.
-   * The total count of signals on the insight entity during the detection window.
-   * How long it's been since the last signal fired associated with the insight fired.
-1. The visualization plots the insight's signals over time (x-axis) by severity (y-axis).
+* **Status**. The [status](/docs/cse/administration/manage-custom-insight-statuses/) of the insight.
+* **ID**. The insight name, made up of the insight ID, and the MITRE stage or stages associated with the signals in the insight.
+* **Created**. When the insight was created.
+* **Assignee**. The analyst assigned to the Incident.
+* **Age**. The elapsed time since the insight was created.
+* **Entity**. The [entity](/docs/cse/records-signals-entities-insights/view-manage-entities/) associated with the insight.
+* **Severity**. The severity of the insight. The value is a function of the configured entity activity score threshold for insight generation. For more information, see [About insight severity](/docs/cse/get-started-with-cloud-siem/insight-generation-process#about-insight-severity).
+* **Global Confidence**. If sufficient data is available, a [Global Confidence score](/docs/cse/records-signals-entities-insights/global-intelligence-security-insights/) for the insight is shown.
+* **Signals**. The total count of signals on the insight entity during the detection window.
 
 ### Board view
 

@@ -43,7 +43,7 @@ Watch this micro lesson to learn more about Global Intelligence for insights.
 ## What is a Global Confidence score?
 An insight’s Global Confidence score represents a level of confidence, predicted by Sumo Logic’s Global Intelligence machine learning model, that the insight is actionable. 
 
-<img src={useBaseUrl('img/cse/closeup.png')} alt="Global confidence score example" style={{border: '1px solid gray'}} width="400"/>
+<img src={useBaseUrl('img/cse/closeup.png')} alt="Global confidence score example" style={{border: '1px solid gray'}} width="300"/>
 
 The score is generated based on the underlying pattern of signals in an insight. The model compares this pattern to previously observed patterns from insights that were closed with either a **False Positive** or **Resolved** resolution. The model does such comparisons broadly—across the global installed base of Cloud SIEM customers—so it can generate a Confidence score based on the patterns seen at one customer when encountered at another. In addition to leveraging the patterns discovered across the Cloud SIEM installed base, the model customizes scores for insights in your account based on your customized content, including tuned and custom rules.
 
@@ -60,7 +60,7 @@ The only prerequisite for taking full advantage of Confidence scores is to make
 ## Using Global Confidence scores
 The Global Confidence score is a valuable data point to consider when prioritizing which insights to triage first.
 
-An insight’s Confidence score is shown for each insight on the insights list page. You can sort the insight list by the Global Confidence score, as well as by Severity.
+An insight’s Confidence score is shown for each insight on the insights list page. On the board page, you can sort the insight list by the Global Confidence score, as well as by Severity.
 
-<img src={useBaseUrl('img/cse/Confidence-Screenshot.png')} alt="Global confidence screen image example" width="800"/>
+<img src={useBaseUrl('img/cse/Confidence-Screenshot.png')} alt="Global confidence screen image example" width="250"/>
 
@@ -39,15 +39,9 @@ summarizes this behavior.
 
 ## View tags
 
-You can view tags on the pages that provide summary views of insights, signals, entities, and rules. You can also view the tags assigned to an item on the detailed page you see when you navigate to a particular insight, signal, entity, or rule. 
+You can view tags on the details pages of insights, signals, entities, or rules. 
 
-This is an overview of an insight from the insights page. Multiple schema key tags are attached to the insight.
-
-<img src={useBaseUrl('img/cse/insight-list-tags.png')} alt="Insight list tags" style={{border: '1px solid gray'}} width="800"/>
-
-The screenshot below shows an entity to which a schema tag is attached.
-
-<img src={useBaseUrl('img/cse/entity-list-tags.png')} alt="Entity list tags" style={{border: '1px solid gray'}} width="800"/>
+Following is the details view of an insight showing multiple schema key tags attached to the insight:<br/><img src={useBaseUrl('img/cse/insight-list-tags.png')} alt="Insight list tags" style={{border: '1px solid gray'}} width="300"/>
 
 ## Tag actions
 
@@ -75,7 +69,7 @@ difference is where you do the tagging.
 1. The UI for tagging is at the bottom of the **Details** pane.
 2. To add a tag, follow the instructions in [Add a keyword tag](#apply-a-keyword-tag).<br/><img src={useBaseUrl('img/cse/tag-an-entity.png')} alt="Tag an entity" style={{border: '1px solid gray'}} width="350"/>
 
-### UI for tagging an Cloud SIEM-generated insight
+### UI for tagging a Cloud SIEM-generated insight
 
 Note that in addition to tags that you manually assign to an insight, an insight will inherit any tags that were applied to the content that went into the insight—the entity and the rule(s) or custom insight definitions that created the included signals—will automatically be inherited (and aggregated) by the insight. 
 
@@ -121,16 +115,4 @@ Note that in addition to tags that you manually assign to an insight, an insight
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Rules**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Rules**. You can also click the **Go To...** menu at the top of the screen and select **Rules**.  
 1. Click in the **Filters** area and select **Tags** from the **Fields** list.<br/><img src={useBaseUrl('img/cse/search-rules-by-tag.png')} alt="Search rules by tag" style={{border: '1px solid gray'}} width="400"/>
 1. Choose **contain** or **do not contain** from the **Operators** list.<br/><img src={useBaseUrl('img/cse/operators-for-rules.png')} alt="Operators" style={{border: '1px solid gray'}} width="250"/>  
-1. Select a tag from either the **Schema Keys** or **Keyword Tags** list. If you select a tag from the **Schema Keys** list, you are prompted to select a value, and items that match are listed. If you select a tag from the **Keywords Tags** list, items that match are listed. Note that if an item has a Mitre-related tag, an icon appears next to it. Click the icon to view a Mitre page on the Tactic or Technique.
-
-### Filter a list view by clicking a tag
-
-On the insights, signals, rules, or entities page, you can click a tag to filter the list. For example, if you click the **Tactic: TA0005 - Defense Evasion** tag on an insight, like this:
-
-<img src={useBaseUrl('img/cse/filter-list-by-tag.png')} alt="Filter list by tag" style={{border: '1px solid gray'}} width="800"/>
-
-the page will be filtered to show only insights that have that tag:
-
-<img src={useBaseUrl('img/cse/filtered-list.png')} alt="Filtered list" style={{border: '1px solid gray'}} width="800"/>
-
-
+1. Select a tag from either the **Schema Keys** or **Keyword Tags** list. If you select a tag from the **Schema Keys** list, you are prompted to select a value, and items that match are listed. If you select a tag from the **Keywords Tags** list, items that match are listed. Note that if an item has a MITRE-related tag, an icon appears next to it. Click the icon to view a MITRE page on the Tactic or Technique.