This guide has information about Cloud SIEM schemas. In this section, we'll introduce the following concepts:
Record Processing Pipeline
Learn how Cloud SIEM transforms incoming raw messages into Records.
Cloud SIEM Schema Attributes
Learn about Cloud SIEM schema attributes.
Learn what Cloud SIEM schema attributes you can map to Records.
Learn about the Record types to which you can map schema attributes.
Parsing Language Reference
Parsing is the first step in the Cloud SIEM Record processing pipeline.
Learn how to create a log mapping for structured messages.
Set up schema fields with an enforced, Cloud SIEM-defined output.
Set up field mappings for messages that you want to be processed by Cloud SIEM's normalized threat rules.
Learn how to use the Parser Editor to configure and test a custom parser.
Username and Hostname Normalization
Learn how to import YARA rules from GitHub into Cloud SIEM.
Learn how to troubleshoot problems with parsers.