REAL-TIME PUSH API FOR LOG EVENTS IN ENTERPRISE THREAT DETECTION

摘要

A log entry is received at a streaming component of an enterprise threat detection (ETD) system from a real-time push application programming interface (API) associated with a backend computing system. The received log entry is parsed using a runtime parser associated with the streaming component into mapped data in an ETD format compatible with the ETD system. The mapped data is transferred to an ETD streaming project and enriched. The streaming component writes the enriched data into a database associated with the ETD system.