📄️ ASIM
The Advanced Security Information Model is a layer between the data and the user to configure what and how to ingest data from a source and to route it to a destination. ASIM provides standardization for security-focused log data.
📄️ CEF
The Common Event Format is a standardized security event logging layout. Its creator is ArcSight, and it has been widely adopted by the industry. Features include:
📄️ CIM
The Common Information Model (CIM) is a standardized data model developed by Splunk. It provides:
📄️ CSL
The Common Security Log (CSL) is a standardized schema developed by Microsoft for Azure Sentinel (now Microsoft Sentinel). It provides:
📄️ ECS
Elastic Common Schema (ECS) is a specification that defines a common set of fields for ingesting data into Elasticsearch. Field groups include:
📄️ eStreamer
Cisco's event streaming protocol used by Firepower Management Center (FMC) to send events to export security event data, intrusion alerts, connection logs, and other network telemetry in real-time. It enables integration with external SIEMs and analytics platforms, providing deep visibility into network security events.
📄️ LEEF
The Log Event Extended Format is an enterprise security event logging format created by IBM QRadar.
📄️ NetFlow
A network protocol developed by Cisco for collecting, analyzing, and monitoring network traffic. It captures metadata about IP traffic flows, providing insights into bandwidth usage, security threats, and network performance. NetFlow records include key details such as source and destination IPs, ports, protocol types, and timestamps.