Just curious, Id like a general consensus on how companies are leveraging security analytics for custom log formats, and custom parsers that they need? Are you guys writing your own parsers? If so, are you using the legacy envision tool? Or are relying on RSA to modify/create them? Please advise.
We are using all of the above. For the RSA "canned" parser that need to be updated, we are having RSA modify them. We are also in the process of creating some custom parsers for some applications we have built in-house.