Auto Parser Generator Now Available for Customers

Auto Parser Generator Now Available for Customers

Published
November 12, 2020

Author
Vicky Ngo-Lam

Exabeam recently released Auto Parser Generator, a new tool in the Exabeam Cloud Studio, for general availability. In this post, you will learn about parsers, common problems, and how Auto Parser Generator from Exabeam can help.

What are parsers?

Analysts may find the journey to harnessing their SIEM for threat detection to be a challenging one. Log feeds come in many shapes and sizes, and parsers serve to ingest and normalize these different data sources. Specifically, parsers take a specific log format and convert it to a normalized structured data, often called a common information model (CIM). SIEMs can include hundreds or thousands of parsers written to process logs for common systems.

Parsing with Exabeam

Exabeam provides thousands of out-of-the-box parsers to ingest log feeds from data sources spanning firewalls, web security, EDR platforms, identity tools, network traffic, and IoT systems. We even have developed parsers for physical access like badge readers and printers. 

Parsers are particularly important to Exabeam. Unlike traditional SIEMs, we have parsers not only to index data but also, parsers specifically designed to unlock key functionality within Exabeam Advanced Analytics. Parsers must comply with our out-of-the-box security content to ensure the right values are mapped to the right fields to populate detail in timelines, enrich data, populate threat detection models, and trigger detection rules. 

Parsers are painful!

Typically, building or modifying existing parsers can take days or even weeks, and often requires engaging support services. With the sheer volume of parsers needed to keep your SIEM detection accurate, automation is key. 


Drive-by Compromise Technique
A SOC’s only hope to achieve comprehensive, effective monitoring and analysis coverage is to leverage tools that automate the early stages of monitoring, including event collection, parsing, storage and triage.
 

Introducing Auto Parser Generator

Exabeam Auto Parser Generator (APG) is a tool in Cloud Studio, our offering enabling internal and external users to easily create content on Exabeam platforms. The APG guides you through creating and deploying a custom parser in a simple, intuitive user experience.

 

How it works

APG first analyzes a log sample uploaded by the user and attempts to match it to any existing parsers.


Drive-by Compromise Technique
APG indicates the number of parsers matched immediately after analyzing for you to further review
 

Next, you can either build a new parser for any unmatched sample log or modify an existing one.


Drive-by Compromise Technique
You can quickly and easily review matched parsers to determine if any modifications or tweaks are needed.
 

Then step through a simple UI to select conditions, collect details on certain parameters, and map event type fields to log values.   


Drive-by Compromise Technique
Use a point-and-click interface to select conditions to match the parser to. Click on the image to view the gif.
 


Drive-by Compromise Technique
You can generate a JRegex pattern from a list of keys APG recommends by looking at common field extractions that already exist in parsers.
 


Drive-by Compromise Technique
Map fields easily by using a point-and-click interface in the log sample.
 

Once you have reviewed your new parser, you can download a zip file and install your new parser in your instance of Advanced Analytics. For customers, this will soon be available via Content over Cloud, a new feature for content administration and management in our release of i54. 

What’s next?

Existing customers can access our documentation to learn more about how to use APG. Make sure to also check out our community resources to learn how to get access to APG.

Recent SIEM Articles

Combating Cyber Attacks With SOAR

Read More

Detecting Zerologon CVE-2020-1472 Using Exabeam Data Lake

Read More

Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Read More

Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

Read More

New Features in Exabeam Content Library Now Available 

Read More



Recent Information Security Articles

Calling all SOC Warriors: Announcing The 2021 Exabeam Cybersecurity Excellence Awards!

Read More

Helping Retailers Deliver a Secure Omnichannel Experience

Read More

Detecting the Exploitation of Pentesting Tools: Gaining Power Over PowerShell

Read More

Demystifying the SOC, Part 5: The New SOC Maturity Model based on Outcomes

Read More

Integrating Exabeam with Google Cloud IDS

Read More