Logsign Unified SecOps Platform allows you to do an advanced categorizing in the column names.
Most of other SIEM products send the source information as src or client. This information can be the IP, MAC or username of the client. In this case, the users have to keep the results in their minds. On the other hand, Logsign Unified SecOps Platform uses a column architecture which consists of two layers. For example, in Logsign Unified SecOps Platform, source IP does not appear as src or client, it appears as Source.IP.
Through this architecture, the column names consist of two layers. While the first layer shows the main characteristics, the second one shows the details of it.
As an example, let's consider an application. While the first layer is called Application, the second layer shows the details of this application. The column name is shown as Application.Name.
For both layers, the first letters must be written in upper case and the others must be written in lower case. If the name has less than 3 letters (such as IP, MAC, ID, etc.), you should type all letters in upper case.