- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
Using the Common Information Model to Create Custom Content
In the common information model structure, context elements are fundamental to event building. For this reason, creation of custom security content, relies on a thorough understanding of the information model structure, conventions, and methodologies. Familiarity with these aspects of the information model can streamline the process of creating any type of new content, including parsers, event builders, enrichers, models, and rules, For background information about the role of context elements in the information model, see Common Information Model Context Elements.
The sections below describe how to identify specific context elements for the creation of new content. Each section examines a different context element and explores both typical examples and unique cases. When classifying context elements for event building, it's critical to identify the subject first and then the activity type. The remaining context elements can be identified in any order.