- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
PrevNext
Exabeam Enrichment
Enrichment refers to adding contextual information to an event. Contextual information can come from log data that is not specifically parsed, or it can be collected from other sources. Most enrichment adds new values, modifies them, or creates new fields based either on existing fields or on data stored in context tables.
Within a single enricher, multiple fields can be enriched. Fields higher up in an enricher can even be further enriched by lower expressions in the enricher.