Bindplane is excited to join Dynatrace!Learn more
Back to Blueprints

Process Security Logs for ClickHouse

Optimizes security and audit logs for ClickHouse SIEM analytics. Preserves authentication events and security signals while masking PII, normalizing timestamps, and parsing event details.

Included Processors

1

Parse JSON Body

Parses JSON security log body into attributes for analysis.

2

Coalesce Action Fields

Normalizes action field variants to a standard "event.action" attribute.

3

Coalesce Severity Fields

Normalizes severity field variants to a standard "severity" attribute.

4

Map Severity to OTEL Standard

Maps firewall, Windows, and syslog severity strings into OTEL-standard severity_text and severity_number for ClickHouse SeverityNumber queries.

5

Mask PII Data

Redacts PII while preserving security identifiers in hashed form.

6

Enrich Failed Auth Events

Adds security signal marker for failed authentication attempts.

7

Batch Logs

Batches security logs with lower latency for timely alerting.

8

Delete Empty Fields

Removes null and empty values to optimize storage.

Related Blueprints