Security ContentExabeam Security Content in the Legacy Structure

Regexes extract data to ingest into the Exabeam platform. Creating the correct regex is crucial to getting all the value that Advanced Analytics offers, such as rule scoring and modeling.

You can use multiple regexes for a single field name. Typically, this is used when the format of a field differs within a log. In that situation, you can use multiple regexes to be sure that that one of them will parse the field correctly. In the case that both regexes will be matched against the log, the regex that appears later (further below in the fields array) will have higher precedence, and thus its value for the field will be used.

For example, in the Parser Parameter Definition example, two regexes can parse the app field. If the first regex works, and an app value is parsed, and the second regex also works, the data parsed by the second regex will overwrite what was initially parsed for app by the first regex.