SureLog standardizes the category of activities collected from log and machine data.
SureLog has a common taxonomy which provides many advantages. The basic idea here is that SureLog attempt to map various properties of the event into standard taxonomies or classifications.
This feature is more important than parsing since it allows security admins to search for and correlate events across any source using standard terms. For example, a security admin might want to see all authentication events from their firewalls: without taxonomy, this could be extremely difficult — different vendors might have different terms like “login,” “session created,” and so forth to refer to the same basic type of activity, and identifying all the enterprise’s firewalls might itself be a challenge. The analyst doesn’t have to know the exact format of logs for each device. Just search for “Authentication. Success”.
Sample SureLog Taxonomy List
SureLog utilizes taxonomies to capture trends of activities visually without requiring many searches.