📄️ ASIM
The Advanced Security Information Model is a layer between the data and the user to configure what and how to ingest data from a source and to route it to a destination. ASIM provides standardization for security-focused log data.
📄️ CEF
The Common Event Format is a standardized security event logging layout. Its creator is ArcSight, and it has been widely adopted by the industry. Features include:
📄️ CIM
The Common Information Model (CIM) is a standardized data model developed by Splunk. It provides:
📄️ CSL
The Common Security Log (CSL) is a standardized schema used in Microsoft Sentinel. It provides:
📄️ ECS
Elastic Common Schema (ECS) is a specification that defines a common set of fields for ingesting data into Elasticsearch. Field groups include:
📄️ LEEF
The Log Event Extended Format is an enterprise security event logging format created by IBM QRadar.