CCNA CyberOps SECOPS – Objective 4.2

Interpret common data values into a universal format

Implementing Cisco Cybersecurity Operations (210-255)

For this objective, I would suggest using Security Onion to collect some data from a firewall and IPS. Within the Security Onion stack is a tool called ELSA. ELSA is an open-source SEIM product. It takes the logs and puts them into a normalized format. This allows disparate log types to be analyzed together.

As you can see below in the screenshot, the normalized form parses the data into fields. The fields use the same names for all log files which allows correlation of data that contain the same fields.

Image from https://www.syslog-ng.com/community/b/blog/posts/elsa-web-interface-for-syslog-ng-and-patterndb

Other tools like QRadar and Splunk also do similar tasks with data to allow analysts to better understand the mountain of data devices produce.