This guide has information about Cloud SIEM Enterprise (CSE) schemas. In this section, we'll introduce the following concepts:
Record Processing Pipeline
Learn how CSE transforms incoming raw messages into Records.
CSE Schema Attributes
Learn about CSE schema attributes.
Learn what CSE schema attributes you can map to Records.
Learn about the Record types to which you can map schema attributes.
Parsing Language Reference
Parsing is the first step in the CSE Record processing pipeline.
Learn how to create a log mapping for structured messages.
Set up schema fields with an enforced, CSE-defined output.
Set up field mappings for messages that you want to be processed by CSE's normalized threat rules.
Learn how to use the Parser Editor to configure and test a custom parser.
Username and Hostname Normalization
Learn how to import YARA rules from GitHub into CSE.
Learn how to troubleshoot problems with parsers.