A company leverages an outsourced billing platform and struggles to integrate that platform’s data with its local security monitoring. The logs have fields named differently than those in the company’s environment. What measure best ensures that the organization can correlate events from both sources effectively?
Reformat external data to match the existing log structure through normalization tools
Discard external data that does not align with the internal log fields
Create separate alerts for each source so the team can bypass structural discrepancies
Disable fields that produce output beyond existing internal log schemas
Converting external data to the same naming and field structure as the local logs creates consistency for correlation across multiple sources. This approach yields insight into comprehensive events. Using separate alerts, discarding data, or disabling fields leads to fragmented visibility or missed information.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is log normalization?
Open an interactive chat with Bash
Why is log correlation important in security monitoring?
Open an interactive chat with Bash
What tools are commonly used for log normalization?