Exabeam Parsers

Welcome to Exabeam Security Content
- Security Content in the Legacy Structure
What is Security Content?
- The Security Content Pipeline
- The Content Library
Understanding the Log
- Do You Need a Parser?
  - Parsing for Data Lake
  - Parsing for Advanced Analytics
- Log Process Example
Exabeam Parsers
Exabeam Event Building
Exabeam Enrichment
Exabeam Persistence and Templates
Exabeam Models
Exabeam Rules

Parser definitions are contained in a set of configuration files, mostly named for the vendors whose products they apply to (<vendor_name>.conf ). Each parser definition describes the following:

Which logs to extract values from
Which values to extract from the log
Which Exabeam fields these values should be mapped to

When a log is ingested, the values of interest must be extracted from it and mapped to Exabeam fields. These activities are performed by parsers. Parsing log files effectively is key to downstream functionality for both Advanced Analytics and Data Lake.

Exabeam products are delivered with a large set of default parsers which are stored in the following path: /opt/exabeam/config/default. Note that while all of the default parsers can be used in Data Lake, only a subset of them can be used by Advanced Analytics.

If you create custom parsers, they should be stored in the path: opt/exabeam/config/custom.

Security ContentExabeam Security Content in the Legacy Structure

Table of ContentsTable of Contents

Exabeam Parsers