Data LakeData Lake Migration Guide

The introduction of the common information model represents a shift in the way events are defined and built across Exabeam products. While events can be represented in Data Lake in exa_activity_types, there is no direct one-to-one mapping between these components and common information model events - now known as activity types. To successfully convert your Data Lake content, it will be useful to understand the new activity type structure.

In the common information model, activity type structure is based on a combination of three elements: subject, activity, and outcome. This new structure provides consistency in event classification across the Exabeam Security Operations Platform. Here are some sample activity types in the new format:

For more information about this activity type structure, see Common Information Model Impact on Event Classification in the Security Content Guide. To view a list of the available activity types, you can explore the Activity Type Interface in the Common Information Model Library ( a GitHub repository).