Support for additional log sources (including custom or application-specific log sources) by submitting a Log Source Request in the Quantum Armor Support Portal. Quantum Armor will configure ingestion using either the native platform-supported ingestion methods (such as syslog/CEF) or API-based integrations. The process of adding these additional use cases is described below in the section titled “SIEM Rule Lifecycle.”
...
Log source support has two major components: schemas and parsers. Schemas define the data model to which data incoming log events are mapped and parsers are the code modules that actually perform the mapping. Quantum Armor can create these for you on a professional services basis to add support for your custom or unsupported log sources.
...
Alignment to Open Frameworks
Where possible, Quantum Armor aligns to open frameworks and only augments them with custom fields or constructs when absolutely necessary. Our primary base model is the Open-Source Security Events Metadata (OSSEM) and property definitions and conventions are sourced from this framework by default.
...
| Step | Description | Timeframe* |
|---|---|---|
| Schema Identification | Based on the new log source’s classification, Quantum Armor will identify whether or not it matches an existing schema or if a new schema needs to be created. | < 1 day |
| Schema Creation | If one or more new schemas are required, Quantum Armor will source a representative sample of the device’s logs and extract the relevant field data and build a schema. | 2-10 days |
| Parser Creation | Parsing code is written to translate raw logs from the new log source into the data model defined in the new and/or an existing schemas. | 2-10 days |
| Ingestion Configuration | Ingestion of the new log source’s events are configured using the appropriate ingestion method (described above). | 1-2 days |
...