SOC Experts Community - Beta
0 like 0 dislike
in SIEM by (1.2k points)

2 Answers

0 like 0 dislike
by (1.8k points)

Meaning of Parsing says,

Breaking a data block into smaller chunks by following a set of rules, so that it can be more easily interpreted, managed, or transmitted by a computer. 

For example,

Spreadsheet programs parse a data to fit it into a cell of certain size.

At the same time SIEM parsing says,

The biggest challenge in collecting data in the context of SIEM is overcoming the variety of log formats. A SIEM system, by its very nature, will be pulling data from a large number of layers — servers, firewalls, network routers, databases — to name just a few, each logging in a different format.

As data sources (or devices) are defined to the SIEM tool, they are categorized by those data source type or device type so that the SIEM’s parsing engine knows how to interpret the data, i.e., what kinds of log records are generated by the device type, and for each log record type, the data elements that are contained in the record, how the data are held, each data element's position in the record or its associated keyword, etc.

0 like 0 dislike
by (5.4k points)
converting unstructured log format into structured log format by chopping up of logs and putting them in proper field

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses