Understanding the Log

Welcome to Exabeam Security Content
- Security Content in the Legacy Structure
What is Security Content?
- The Security Content Pipeline
- The Content Library
Understanding the Log
- Do You Need a Parser?
  - Parsing for Data Lake
  - Parsing for Advanced Analytics
- Log Process Example
Exabeam Parsers
Exabeam Event Building
Exabeam Enrichment
Exabeam Persistence and Templates
Exabeam Models
Exabeam Rules

Exabeam can ingest logs directly from a source, fetch logs from SIEM log repositories, or ingest logs via Syslog - including from Exabeam Data Lake. These logs provide insight into the activity of both users and entities (like servers and workstations) and they help surface security issues across your enterprise. Context sources outside of the logs contribute additional information that help make sense of the log data.

Once logs have been collected, they can be parsed in Data Lake and Advanced Analytics. The following topics discuss how to determine which logs are worth parsing and how to identify fields of interest within the logs.

Security ContentExabeam Security Content in the Legacy Structure

Table of ContentsTable of Contents

Understanding the Log