Nested Column Architecture

Logsign Unified SecOps Platform allows you to do an advanced categorizing in the column names.


Most of other SIEM products send the source information as src or client. This information can be the IP, MAC or username of the client. In this case, the users have to keep the results in their minds. On the other hand, Logsign Unified SecOps Platform uses a column architecture which consists of two layers. For example, in Logsign Unified SecOps Platform, source IP does not appear as src or client, it appears as Source.IP.



Through this architecture, the column names consist of two layers. While the first layer shows the main characteristics, the second one shows the details of it.


As an example, let's consider an application. While the first layer is called Application, the second layer shows the details of this application. The column name is shown as Application.Name.


For both layers, the first letters must be written in upper case and the others must be written in lower case. If the name has less than 3 letters (such as IP, MAC, ID, etc.), you should type all letters in upper case.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.