XDR Alliance, a group created by Exabeam that helps organizations implement eXtended detection and response (XDR) capabilities across their IT environments, now offers an open-source version of its Common Information Model (CIM) via public GitHub with Apache 2.0 licensing. The group made the announcement at the Black Hat USA 2022 conference in Las Vegas, Nevada.
CIM provides organizations with "a common foundation for understanding, normalizing, getting deeper visibility into and enriching log data across technologies," XDR Alliance stated. In doing so, CIM helps organizations integrate XDR capabilities into their IT environments.
How XDR Alliance's Open-Source CIM Works
CIM is a hierarchical interface model for classifying and representing security events accurately, Exabeam stated. It defines the structure of security content across Exabeam products and features a hierarchical framework based on security content usage throughout the flow of Exabeam processes.
MSSPs and other organizations can use CIM to ingest security data and determine how logs are classified and which fields should be extracted for parsing, XDR Alliance stated. The model indicates which fields satisfy the core, detection and informational requirements of pre-packaged security content. It also parses security data, builds security events and performs analysis tasks.
Furthermore, organizations can access the Common Information Model Library via GitHub. This online repository allows organizations to explore CIM, examine interfaces that comprise the model and view hierarchical schema in a JSON format, Exabeam noted.
What Is XDR Alliance? Here's What MSSPs Need to Know
Exabeam founded XDR Alliance in August 2021. The group consists of MSSPs, MSPs, managed detection and response (MDR) providers and other cybersecurity and information technology companies that help organizations use XDR for threat detection, investigation and response.
Along with Exabeam, XDR Alliance members include:
- Google Cloud
- Recorded Future
Meanwhile, XDR Alliance looks poised to continue to add members. U.S. security and information technology providers can join XDR Alliance if they have an XDR solution or deliver at least one "component" of the XDR technology stack or provide management, implementation or tuning of an XDR solution on behalf of end-users.