CSE Schema

In this section, we'll introduce the following concepts:

📄️ Record Processing Pipeline

How CSE transforms incoming raw messages into Records.

📄️ Attributes

Learn about CSE schema attributes.

📄️ Mappable Attributes

Learn what CSE schema attributes you can map to Records.

📄️ Record Types

Learn about the Record types to which you can map schema attributes.

📄️ Parsing Language Reference

Parsing is the first step in the Cloud SIEM Enterprise (CSE) Record processing pipeline

📄️ Log Mapping

Learn how to create a log mapping for structured messages.

📄️ Normalized Classification

Learn about CSE's Normalized Classification Fields, schema fields that have an enforced output defined by CSE.

📄️ Field Mappings

Learn how to set up field mappings for messages that you want to be processed by CSE's normalized threat rules.

📄️ Parser Editor

Learn how to use the Parser Editor to configure and test a custom parser.

📄️ Username and Hostname Normalization

Learn about how CSE normalizes usernames and hostnames during mapping and parsing.