Skip to main content

Security ContentExabeam Security Content in the Common Information Model

Exabeam Enrichment

UIP-pipeline-enrichers.png

Enrichment refers to adding contextual information to an event. Contextual information can come from log data that is not specifically parsed, or it can be collected from other sources. Most enrichment adds new values, modifies them, or creates new fields based either on existing fields or on data stored in context tables.

Within a single enricher, multiple fields can be enriched. Fields higher up in an enricher can even be further enriched by lower expressions in the enricher.