Support & Downloads

Quisque actraqum nunc no dolor sit ametaugue dolor. Lorem ipsum dolor sit amet, consyect etur adipiscing elit.

Contact Info
198 West 21th Street, Suite 721
New York, NY 10010
+88 (0) 101 0000 000
Follow Us

Real Time Multi-Dimensional Data and Log Enrichment with SureLog SIEM

Data enrichment is the key ingredient required for effective threat detection, investigation, and response. Using enriched data makes dealing with security threats easier and more efficient.

You can use the data and log enrichment feature to add data from your existing data, scheme or external sources to parsed events.

For example, you can use the log and data enrichment to:

  • Identify web services or vendors based on known IP addresses
  • Network maps and geolocation (such as internal network classification for cross border analytics)
  • Process parsed evet (schema) to modify and/or add additional fields
  • Identity context (such as identity and access management (IAM) systems, directories, enterprise resource planning (ERP) systems, and Active Directory (AD))
  • User context
  • Asset context

The ability to overlay multiple data sets is essential to create the additional context in real time needed for correlation&detection algorithms to provide better insights.

Data enrichment involves combining, correcting or adding to data, and it requires special expertise to understand what data needs to be enriched and how. SureLog automates this process.

Enriching Events with Post-Processing Directives

Let’s imagine we have event source, Physical Access System (PAS), and events from this source have usernames like and a firewall log source has a username format like jamessmith and an AD with username format anet-canada\jamessmith. If we need to correlate events from those log sources over the username, we have to transform them into the same format as jamessmith in order to use it in the correlation. SureLog post-processing directives are used for this transformation to an additional field like Extrafield1.