- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
PrevNext
Event Template
Event templates are used to display fields associated with an event in the UI. The sample below shows the structure of a VpnLoginTemplate event, and below it the template. The template is used to display the fields associated with the vpn-login event in the UI. It includes fields such as time, user, account, src_ip, src_host, source, and more.
VpnLoginTemplate {
rows = [
{
columns = [
{
label = "TIME"
value = "time|event.time"
},
{
label = "USER"
value = "user|event.user"
},
{
label = "ACCOUNT"
value = "user|event.account"
icon = "AccountSwitch"
}
]
},
{
columns = [
{
label = "SOURCE IP"
value = "asset|event.src_ip"
},
{
label = "SOURCE HOST"
value = "asset|event.src_host"
},
{
label = "SOURCE"
value = "default|event.source"
}
]
},
{
columns = [
{
label = "COUNTRY"
value = "location.country|event.getvalue('country_code', src_ip)"
},
{
label = "ISP"
value = "location.isp|event.getvalue('isp', src_ip)"
},
{
label = "VPN ASSIGNED IP"
value = "default|event.src_translated_ip"
}
]
},
{
columns = [
{
label = "VPN SERVER"
value = "default|event.dest_host"
},
{
label = "VPN SERVER IP"
value = "default|event.dest_ip"
}
]
},
{
columns = [
{
label = "VPN VENDOR"
value = "default|event.vendor"
},
{
label = "VPN REALM"
value = "default|event.realm"
},
{
label = "OS"
value = "default|event.os"
}
]
}
]
}