Security ContentExabeam Security Content in the Common Information Model

The default configuration for event templates is located in the event_templates_default.conf file (directory path: /opt/exabeam/config/tequila/default/ ). Every event type has an associated template defined. The name of the associated template is listed in the DetailsTemplate parameter for that event in the EventFormats section of the default configuration file.

For example, to find the template associated with the vpn-login event, search for vpn-login in the EventFormats section of the default configuration file. The sample entry below shows that the associated template, VpnLoginTemplate, is listed in the DetailsTemplate parameter for the vpn-login event.

EventFormats {
  -------------------------
  -------------------------
  vpn-login {
    DisplayName = "VPN login"
    Description = "Remote access VPN login attempt either from a public IP address or from an internal network address was successful."
    HeaderTemplate = "VPN login from {location.country|event.getvalue('country_code', src_ip)}"
    DetailsTemplate = "VpnLoginTemplate"
  }
  -------------------------
  -------------------------
}

To find the corresponding template configuration, search for the template name VpnLoginTemplate, in the Templates section of the default configuration file. The corresponding event template , is shown in the sample below:

Templates {
 -----------------------------
 -----------------------------
VpnLoginTemplate {
  rows = [
    {
      columns = [
        {
          label = "TIME"
          value = "time|event.time"
        },
        {
           label = "USER"
           value = "user|event.user"
        },
        {
           label = "ACCOUNT"
           value = "user|event.account"
           icon = "AccountSwitch"
        }
      ]
  },
  {
     columns = [
     {
        label = ------- 
        value = ------
     }
   ]
  },
  --------------------
  --------------------
}
----------------------
----------------------
}