Extended Event Type Fields

Welcome to Exabeam Security Content
- Security Content in the Legacy Structure
What is Security Content?
- The Security Content Pipeline
- The Content Library
Understanding the Log
- Do You Need a Parser?
  - Parsing for Data Lake
  - Parsing for Advanced Analytics
- Log Process Example
Exabeam Parsers
Exabeam Event Building
Exabeam Enrichment
Exabeam Persistence and Templates
Exabeam Models
Exabeam Rules

Information contained in extended event type fields help rules and models detect anomalies.

When Event Builder creates an event from a log, it matches certain information in the log to an event type's extended fields, if the information exist. Risk Engine uses the information contained in the extended fields to train models and evaluate the event against rules.

For example, the vpn-login event type has an os extended field. The VPN29 - VPN Operating Systems model trains on this os information. If the model considers the os anomalous, it may trigger the VPN32 - First VPN from OS rule.

Security ContentExabeam Security Content in the Legacy Structure

Table of ContentsTable of Contents

Extended Event Type Fields