Skip to content
Log in

Normalisation

Definition

The process of converting log data from different vendors and formats into a common schema so that fields can be compared across sources. A timestamp from a Windows event log, a syslog entry, and a firewall log are mapped to a single time field in the SIEM's data model.

Related terms

Alert triage
The process of reviewing SIEM-generated alerts to determine which are genuine security events and which are false positives. In forensic investigations, alert...
Chain of custody
The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
Log correlation
The process of matching related events from different log sources using shared attributes such as IP address, username, timestamp, or session ID....
Retention policy
An organisation's rule specifying how long log data is stored before deletion or archiving. Policies are typically driven by compliance requirements and...
SIEM
Security Information and Event Management. A platform that ingests log streams from multiple sources, normalises them to a common schema, and applies...

Explained in

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account