- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
PrevNext
Matching Parsers to Event Builders
A single event builder can match the output of multiple parsers. This flexibility is necessary to handle scenarios where there are multiple available formats for a given event and each requires a different parser. This can reduce the number of event builders in the system and make them easier to manage.
It's also possible that the output of a single parser can be matched to multiple event builders that will create different types of events. Flexibility in this direction allows event building to vary based on the information extracted from the log. Typically in this scenario, mutually exclusive conditions ensure that the parsed message is matched with the correct event builder.