- Welcome to Exabeam Security Content
- What is Security Content?
- Common Information Model
- What is the Common Information Model?
- Common Information Model Context Elements
- Common Information Model Interface
- Common Information Model Event-naming Format
- Common Information Model Impact on Downstream Processes
- Using the Common Information Model to Create Custom Content
- Transitioning to the Common Information Model
- Understanding the Log
- Exabeam Parsers
- Exabeam Event Building
- Exabeam Enrichment
- Exabeam Persistence and Templates
- Exabeam Models
- Exabeam Rules
Parsing for SIEM and Log Management Applications
In Log Stream, Search, and Correlation Rules, parsing is based on the Exabeam common information model. When considering how a log should be parsed, keep in mind that the goal of parsing log data for these applications is to facilitate the following types of activities:
Index and search log data
Generate dashboards and other types of data visualizations
Create rules on your data
Add searchable context to log data
You can create or tune parsers in Log Stream. While compliance with the Exabeam common information model is not enforced through the CDI methodology for Log Stream, Search, and Correlation Rules, it's a good idea to understand the context elements of the information model. These context elements inform categorization methods across products. Context elements are also key to querying and filtering data in ways that are both accurate and granular.