Auto Parser Generator Now Available for Customers

Auto Parser Generator Now Available for Customers

Published
November 12, 2020

Author
Vicky Ngo-Lam

Exabeam recently released Auto Parser Generator, a new tool in the Exabeam Cloud Studio, for general availability. In this post, you will learn about parsers, common problems, and how Auto Parser Generator from Exabeam can help.

What are parsers?

Analysts may find the journey to harnessing their SIEM for threat detection to be a challenging one. Log feeds come in many shapes and sizes, and parsers serve to ingest and normalize these different data sources. Specifically, parsers take a specific log format and convert it to a normalized structured data, often called a common information model (CIM). SIEMs can include hundreds or thousands of parsers written to process logs for common systems.

Parsing with Exabeam

Exabeam provides thousands of out-of-the-box parsers to ingest log feeds from data sources spanning firewalls, web security, EDR platforms, identity tools, network traffic, and IoT systems. We even have developed parsers for physical access like badge readers and printers. 

Parsers are particularly important to Exabeam. Unlike traditional SIEMs, we have parsers not only to index data but also, parsers specifically designed to unlock key functionality within Exabeam Advanced Analytics. Parsers must comply with our out-of-the-box security content to ensure the right values are mapped to the right fields to populate detail in timelines, enrich data, populate threat detection models, and trigger detection rules. 

Parsers are painful!

Typically, building or modifying existing parsers can take days or even weeks, and often requires engaging support services. With the sheer volume of parsers needed to keep your SIEM detection accurate, automation is key. 


Drive-by Compromise Technique
A SOC’s only hope to achieve comprehensive, effective monitoring and analysis coverage is to leverage tools that automate the early stages of monitoring, including event collection, parsing, storage and triage.
 

Introducing Auto Parser Generator

Exabeam Auto Parser Generator (APG) is a tool in Cloud Studio, our offering enabling internal and external users to easily create content on Exabeam platforms. The APG guides you through creating and deploying a custom parser in a simple, intuitive user experience.

 

How it works

APG first analyzes a log sample uploaded by the user and attempts to match it to any existing parsers.


Drive-by Compromise Technique
APG indicates the number of parsers matched immediately after analyzing for you to further review
 

Next, you can either build a new parser for any unmatched sample log or modify an existing one.


Drive-by Compromise Technique
You can quickly and easily review matched parsers to determine if any modifications or tweaks are needed.
 

Then step through a simple UI to select conditions, collect details on certain parameters, and map event type fields to log values.   


Drive-by Compromise Technique
Use a point-and-click interface to select conditions to match the parser to. Click on the image to view the gif.
 


Drive-by Compromise Technique
You can generate a JRegex pattern from a list of keys APG recommends by looking at common field extractions that already exist in parsers.
 


Drive-by Compromise Technique
Map fields easily by using a point-and-click interface in the log sample.
 

Once you have reviewed your new parser, you can download a zip file and install your new parser in your instance of Advanced Analytics. For customers, this will soon be available via Content over Cloud, a new feature for content administration and management in our release of i54. 

What’s next?

Existing customers can access our documentation to learn more about how to use APG. Make sure to also check out our community resources to learn how to get access to APG.

Recent SIEM Articles

Combating Cyber Attacks With SOAR

Read More

Detecting Zerologon CVE-2020-1472 Using Exabeam Data Lake

Read More

Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Read More

Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

Read More

New Features in Exabeam Content Library Now Available 

Read More



Recent Information Security Articles

An XDR Prerequisite; Prescriptive, Threat-Centric Use Cases

Read More

Exabeam Launches Cloud-delivered Fusion SIEM and Fusion XDR to Address Security Needs at Scale

Read More

Demystifying the SOC, Part 1: Whether You Know It or Not, You Need a SOC

Read More

Open XDR versus Native XDR

Read More

Insider Threat Examples: 3 Famous Cases and 4 Preventive Measures

Read More

Equipping Sitech Services with the Tools to Tackle Insider Threats Head-On

Read More