- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
Common Information Model
The Exabeam common information model defines the structure of security content across Exabeam products. The hierarchical information model framework informs every aspect of security content usage throughout the flow of Exabeam processes.
The common information model is designed around a central task: defining events. It uses a layered approach that relies on a hierarchy of context elements to form a minimalist but detailed structure. This contextual granularity ensures accurate and consistent event classification. The layered approach also provides a framework that allows for future augmentation across all data and metadata elements within the common information model.
The following sections provide detailed information about what the Exabeam common information model is and how it can be used.