Welcome to the Exabeam common information model.
The Information model defines the structure of security content across Exabeam products. The hierarchical framework informs every aspect of security content usage throughout the flow of Exabeam processes.
The common information model includes a set of layered interfaces that each inherit the configuration of the previous layer. Together they create a complete picture of an event, according to the information model. Note that, with this layered approach, if an element is shown with an empty field array, it is by design because the element's field structure is defined in another interface. For more information, see Common Information Model Interface
You can follow the links below to explore individual interfaces or view the entire Information model in a JSON format.
In addition to the elements represented in the Common Information Model interfaces, the model also preserves other types of information with event data. You can follow the links below to explore these elements.
-
Platforms and Landscapes – A list of platforms listed by landscape
-
Field Descriptions – A list of available fields and their descriptions
-
Product Categories – A list of supported product categories with descriptions (redirects to the New-Scale Content Library)
-
Vendors and Products – A list of products listed by vendors (redirects to the New-Scale Content Library)
To upgrade from earlier Exabeam products to the New-Scale Security Operations Platform, existing content must be migrated so that it complies with Common Information Model standards. The following resources provide the mapping information necessary to migrate the content.
-
Field Mapping by Events - A table that maps old events and fields to the corresponding Common Information Model activity types and fields
-
Parser Names Matrix - A set of alphabetical tables that map old parser names to New-Scale parser names that comply with the Common Information Model (redirects to the New-Scale Content Library)
-
Metadata Field Mapping - A table that maps old metadata field names to field names that comply with the Common Information Model.