- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
PrevNext
Event Template
Event templates are used to display fields associated with an event in the UI. The sample below shows the structure of a VpnLoginTemplate
event, and below it the template. The template is used to display the fields associated with the vpn-login
event in the UI. It includes fields such as time, user, account, src_ip, src_host, source, and more.
VpnLoginTemplate { rows = [ { columns = [ { label = "TIME" value = "time|event.time" }, { label = "USER" value = "user|event.user" }, { label = "ACCOUNT" value = "user|event.account" icon = "AccountSwitch" } ] }, { columns = [ { label = "SOURCE IP" value = "asset|event.src_ip" }, { label = "SOURCE HOST" value = "asset|event.src_host" }, { label = "SOURCE" value = "default|event.source" } ] }, { columns = [ { label = "COUNTRY" value = "location.country|event.getvalue('country_code', src_ip)" }, { label = "ISP" value = "location.isp|event.getvalue('isp', src_ip)" }, { label = "VPN ASSIGNED IP" value = "default|event.src_translated_ip" } ] }, { columns = [ { label = "VPN SERVER" value = "default|event.dest_host" }, { label = "VPN SERVER IP" value = "default|event.dest_ip" } ] }, { columns = [ { label = "VPN VENDOR" value = "default|event.vendor" }, { label = "VPN REALM" value = "default|event.realm" }, { label = "OS" value = "default|event.os" } ] } ] }