Data Dictionary #
Data Dictionary simplifies the ingestion, analytics, and hunting processes by providing consistent and easy to understand labels for data ingested from various datasources. These labels provide uniformity to data ingested from multiple datasources within a functionality.
Content developers can use these mapped labels to create policies that can be used for multiple datasources. This reduces the time and effort a content developer has to spend on creating policies for different datasources. The unified labels help security analysts to get valuable context and query data efficiently in Spotter.
As part of the out-of-box content, Securonix provides functionalities with new labels mapped to SNYPR attributes. You can view and edit these labels from the Data Dictionary screen.
Only users with the role as ROLE_CONTENT_ADMIN can access the Data Dictionary screen. This role can be assigned from Menu > Administrator > Access Control > User.
What are Securonix Attributes? #
SNYPR uses an Open Event Format (OEF) schema built on the ArcSight Common Event Format for the transfer of information. OEF uses common attributes to consistently use the same attribute in SNYPR to represent the same attributes from disparate data sources. This enables SNYPR to provide content for datasources based on their functionality, even if the datasources use entirely different conventions for their attributes.
Why is the OEF Important? #
Many organizations have adopted big data technologies to build vast data lakes to store and process event data. The goal of the data lake is simple: store once and use multiple times.
OEF provides a standardized framework for the storage, streaming, querying, and analyzing of all types of machine generated events. Events generated by devices, applications, network sensors, and other environment sensors must be stored, processed, queried, and analyzed in order to meet a number of objectives, such as:
Business Process Monitoring Decision Making Performance Monitoring Security Monitoring Compliance requirements Fraud detection Forensic investigations Several well-known formats for structuring event data include Syslog, CLF, ELF, CEF, LEEF, CIM, CEE, IDMEF, etc. System and application developers may chose any of these formats when writing audit events or log messages, or can chose from their own format.
No one knows exactly how the data we are gather today will be used in the future, but by storing data in an OEF (the widely adopted standard), organizations can confidently control and use their data, no matter the analytical technique or technology that may come along.