Security ContentExabeam Security Content in the Legacy Structure

If time is not available in the raw log, use the syslog field headers.

Without parsing a user, src_ip, dest_ip, dest_host, or src_host , Advanced Analytics cannot process the event and the log will be of no value to you.

Parsers are organized into major vendors . For example, parsers for logs generated by Carbon Black products can be found in config/default/parsers_carbonblack.conf.