SaltMiner Data Schema

 

SaltMiner uses The Elastic Common Schema (ECS), an open source specification, developed with support from the Elastic user community. ECS defines a common set of fields to be used when storing event data in Elasticsearch, such as logs and metrics.

ECS specifies field names and Elasticsearch datatypes for each field, and provides descriptions and example usage. ECS also groups fields into ECS levels, which are used to signal how much a field is expected to be present. You can learn more about ECS levels in [ecs-guidelines]. Finally, ECS also provides a set of naming guidelines for adding custom fields.

The goal of ECS is to enable and encourage users of Elasticsearch to normalize their event data, so that they can better analyze, visualize, and correlate the data represented in their events. ECS has been scoped to accommodate a wide variety of events, spanning:

  • Event sources: whether the source of your event is an Elastic product, a third- party product, or a custom application built by your organization.

  • Ingestion architectures: whether the ingestion path for your events includes Beats processors, Logstash, Elasticsearch ingest node, all of the above, or none of the above.

  • Consumers: whether consumed by API, Kibana queries, dashboards, apps, or other means.

 

SaltMiner: Our Solution for Enterprise Application Security ManagementLearn More
+ +