Auto Parser Generator Now Available for Customers

Auto Parser Generator Now Available for Customers

Published
November 12, 2020

Exabeam recently released Auto Parser Generator, a new tool in the Exabeam Cloud Studio, for general availability. In this post, you will learn about parsers, common problems, and how Auto Parser Generator from Exabeam can help.

What are parsers?

Analysts may find the journey to harnessing their SIEM for threat detection to be a challenging one. Log feeds come in many shapes and sizes, and parsers serve to ingest and normalize these different data sources. Specifically, parsers take a specific log format and convert it to a normalized structured data, often called a common information model (CIM). SIEMs can include hundreds or thousands of parsers written to process logs for common systems.

Parsing with Exabeam

Exabeam provides thousands of out-of-the-box parsers to ingest log feeds from data sources spanning firewalls, web security, EDR platforms, identity tools, network traffic, and IoT systems. We even have developed parsers for physical access like badge readers and printers. 

Parsers are particularly important to Exabeam. Unlike traditional SIEMs, we have parsers not only to index data but also, parsers specifically designed to unlock key functionality within Exabeam Advanced Analytics. Parsers must comply with our out-of-the-box security content to ensure the right values are mapped to the right fields to populate detail in timelines, enrich data, populate threat detection models, and trigger detection rules. 

Parsers are painful!

Typically, building or modifying existing parsers can take days or even weeks, and often requires engaging support services. With the sheer volume of parsers needed to keep your SIEM detection accurate, automation is key. 


Drive-by Compromise Technique
A SOC’s only hope to achieve comprehensive, effective monitoring and analysis coverage is to leverage tools that automate the early stages of monitoring, including event collection, parsing, storage and triage.
 

Introducing Auto Parser Generator

Exabeam Auto Parser Generator (APG) is a tool in Cloud Studio, our offering enabling internal and external users to easily create content on Exabeam platforms. The APG guides you through creating and deploying a custom parser in a simple, intuitive user experience.

 

How it works

APG first analyzes a log sample uploaded by the user and attempts to match it to any existing parsers.


Drive-by Compromise Technique
APG indicates the number of parsers matched immediately after analyzing for you to further review
 

Next, you can either build a new parser for any unmatched sample log or modify an existing one.


Drive-by Compromise Technique
You can quickly and easily review matched parsers to determine if any modifications or tweaks are needed.
 

Then step through a simple UI to select conditions, collect details on certain parameters, and map event type fields to log values.   


Drive-by Compromise Technique
Use a point-and-click interface to select conditions to match the parser to. Click on the image to view the gif.
 


Drive-by Compromise Technique
You can generate a JRegex pattern from a list of keys APG recommends by looking at common field extractions that already exist in parsers.
 


Drive-by Compromise Technique
Map fields easily by using a point-and-click interface in the log sample.
 

Once you have reviewed your new parser, you can download a zip file and install your new parser in your instance of Advanced Analytics. For customers, this will soon be available via Content over Cloud, a new feature for content administration and management in our release of i54. 

What’s next?

Existing customers can access our documentation to learn more about how to use APG. Make sure to also check out our community resources to learn how to get access to APG.

Recent SIEM Articles
Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Exabeam recently released i54, the latest version of Exabeam...

Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

The SolarWinds compromise that affected multiple key federal...

New Features in Exabeam Content Library Now Available 

Exabeam recently released an update to its Content Library, ...

Escaping Dante’s SOC Inferno: Greed and the Gimme Mindset 

Let’s face it, we live in a mobile-first, always-on, data-...

Escaping Dante’s SOC Inferno: The Anger of Shattered Dreams  

What the…Hell? (An Open Letter) Cutting straight to th...




Recent Information Security Articles
Advanced Analytics Use Case: Detecting Compromised Credentials 

Stolen credentials have been a persistent problem, and organ...

Outcomes Above All: Helping Security Teams Outsmart the Odds

Author: Sherry Lowe, Chief Marketing Officer The world’s g...

Ethical Hacking: Why It’s Important & What Makes a Good Hacker

What Is ethical hacking? Ethical hacking is a practice where...

Understanding Cloud DLP: Key Features and Best Practices

Cloud DLP enables organizations to protect data residing in ...

How Lineas, Europe’s Largest Private Rail Freight Operator Found the Right Cybersecurity Tool

Vital infrastructure has become an area of concern for cyber...

What Is an Insider Threat? Understand the Problem and Discover 4 Defensive Strategies

Learn what an insider threat is and how they can hurt an org...