Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
default.png

XML Compiled Normalizer

XMLNormalizer consists of XMLCompiledNormalizer that normalizes the XML event logs in the XML format from various sources.

Release Details
Release date:2020-12-23
Supported On:Logpoint v6.7.4 and later
SHA 256: 4bfd3fd129c99f1e2b8b713356d3b01ff089ae59071841bcc717dffac35d05f0
Download

Package Details

 

 

 

 

 

 

 

 

Enhancement

Description
Issue ID
Reference ID

Enhanced the performance of XMLCompiledNormalizer to enable fast and efficient normalization of large volume of logs.

 KB-13468 56461

 

Installation

To install XMLNormalizer:

  1. Download the .pak file from the Download link above. 
  2. Go to Settings >> System Settings from the navigation bar and click Applications.
  3. Click Import.
  4. Browse to the downloaded .pak file. 
  5. Click Upload.

Expected Log Sample 

XML

<29>1 2018-02-13T04:10:49.0Z LOGPOINT EPOEvents - EventFwd [agentInfo@3401 tenantId="1"] <?xml version="1.0" encoding="UTF-8"?><BehaviourBlockEvent><MachineInfo><MachineName>HQ-IMPR</MachineName><AgentGUID>{xxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}</AgentGUID><IPAddress>1.1.1.1</IPAddress><OSName>Windows Server 2012</OSName><UserName>XXXXX</UserName><TimeZoneBias>-60</TimeZoneBias><RawMACAddress>xxxxx</RawMACAddress></MachineInfo><ScannerSoftware ProductName="ABC" ProductVersion="8.8" ProductFamily="XYZ"><EngineVersion>0</EngineVersion><DATVersion>0</DATVersion><ScannerType>OAS</ScannerType><TaskName>OAS</TaskName><ProductFamily>TVD</ProductFamily><ProductName>VirusScan Enterprise</ProductName><ProductVersion>8.8</ProductVersion><BlockedBehaviourInfo><EventID>1092</EventID><Severity>2</Severity><GMTTime>2018-02-13T16:50:51</GMTTime><UTCTime>2018-02-13T15:50:51</UTCTime><RuleName>Common Standard Protection:Prevent termination of McAfee processes</RuleName><ProcessName>C:\Windows\system32\svchost.exe</ProcessName><FileName>C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe</FileName><Source>xxxxx</Source><ActionsBlocked>9</ActionsBlocked><szActionsBlocked>xxxxx</szActionsBlocked></BlockedBehaviourInfo></ScannerSoftware></BehaviourBlockEvent><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='xx'/><EventID Qualifiers='0'>4113</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2017-02-13T16:05:14.000000000Z'/><EventRecordID>88050</EventRecordID><Channel>ABC Event Log</Channel><Computer>xxxxx</Computer><Security/></System><EventData><Data>this is data</Data></EventData><RenderingInfo Culture='fr-FR'><Message>this is message</Message><Level>Erreur</Level><Task></Task><Opcode>Informations</Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classique</Keyword></Keywords></RenderingInfo></Event>

Changes in the Previous Version

Changes in XML Compiled Normalizer v5.0.0

Release Date: April 21, 2021

Supported On: LogPoint v6.7.4 and later

Download: XML_5.0.0.pak

SHA256: c53cf3d20ca25e23bcc1c2cde07f09acd30fb0babe125b9b70e8bb7661ca8116

Support

If you have any queries or require assistance, create a support ticket here. 

6905fadb-7444-43ae-bf66-d8d8001e90ce.png

Comments

Article is closed for comments.

Follow

Related articles

  • Windows
  • Universal Normalizer
  • Zeek
  • Creation of a new normalization request
  • DUO Security
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.