Get over SIEM event normalization

Despite being known to some, I am pretty sure the topic of this post will relate to many and perhaps even hurt a few.

Let’s start by addressing this well-known term, one of the main challenges for all SIEM or Log Management practitioners.

Event Normalization

While there are many definitions out there, most associate it with the process of following a standard for reducing records to common event attributes. That is, common field names and values.