Layer 3: Processing

This layer is responsible for extracting the information from the original events, understanding their mapping and their data types, and generating the final documents that will be indexed in the Data Lake. The parsing, enrichment and processing pipelines are managed by Transformation Pipelines, that can be configured by SOC analysts and whose operation is explained in its own section.

Transformation Pipelines is a framework to integrate any data source. Flexibility in the construction of Transformation Pipelines is fundamental in projects in which it is necessary to incorporate IT, OT and Telecommunications infrastructure devices and services, for which traditional SIEMs connectors have not been designed and usually is required vendor support with extra professional services contract.