- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
Exabeam Parsers
Exabeam products are delivered with a large set of default parsers. You can tune these parsers, or create your own custom parsers in Log Stream.
Parser definitions are contained in a set of configuration files. Each parser definition describes the following:
Which logs to extract values from
Which values to extract from the log
Which Exabeam fields these values should be mapped to
In the unified ingestion pipeline, when a log is ingested, the values of interest must be extracted from it and mapped to Exabeam fields. These activities are performed by parsers. Parsing log files effectively is key to the functionality of downstream Exabeam applications.
Default parser names follow a standardized set of conventions that ensure consistency across Exabeam products. For more information, see Parser Naming Conventions. If you've been using Exabeam products prior to the introduction of this parser naming convention, consult the the Parser Names Matrix in the New-Scale Content Library (a GitHub repository).