Common data dictionary for network connections

Brass Contributor



Has there emerged a common data dictionary for network connections or firewall logs? Consider a situation where you want to do analytics across network logs from a wide variety of devices. each device type logs with different names (or no names at all - e.g. pfSense logs as comma separated value with no headers). It makes sense to bring all logs to common data dictionary - same, common names.


Has anything like that emerged in Sentinel community?

1 Reply

@truekonrads : a normalized schema for network events is currently in private preview.  You can join the preview program here: