Take the Next Step

Request More Information

Browse the Resource Center

Attend a Live Webinar

Common Event Format

The Common Event Format (CEF) is an open log management standard that improves the interoperability of security-related information from different security and network devices and applications. CEF is based on expertise from building support for over 275 products across more than 35 solution categories and is the first log management standard to support a broad range of device types. CEF enables technology companies and customers to use a common event log format so that data can easily be collected and aggregated for analysis by an enterprise management system.

CEF Standard
CEF is an extensible, text-based, high-performance format designed to support multiple device types from both security and non-security devices and applications in the most simple manner possible, unlike other standards that target a single component of the security infrastructure, are tied to a specific transport protocol, or are designed specifically for applications and cannot support today’s high-performance, real-time security requirements

ArcSight is leading the security industry by developing a standard that can be leveraged by all SIM/SEM vendors, partners, and customers. The release of CEF will allow ArcSight and other SIM/SEM vendors to develop innovations in other more valuable areas of security technology.

For more information on the Common Event Format, please request  the CEF standard document. For additional questions, please contact CEF@arcsight.com.

CEF Connector
The CEF connector allows ArcSight ESM to connect to, aggregate, filter, correlate, and analyze events from applications and devices which output their logs in the CEF standard, utilizing the syslog transport protocol. For example you can use this powerful text-based log format to collect logs from your customized or home grown applications if you modify their output to the CEF standard.

Partner Certification Program
To assist technology companies that want to adopt, test, and certify their compatibility with the CEF standard, ArcSight has formed a Common Event Format certification program. The objective of this program is to provide an all-encompassing program that provides partners with documentation, access to a hosted ArcSight ESM solution, for testing and Web support as part of the CEF certification process. For more information regarding this partner program, please contact CEF@arcsight.com.

CEF Materials

• Standard Could Unify Security Apps
  DarkReading, August 2006

• ArcSight Simplifies SIM with New Standard
  SC Magazine, August 2006