Abstract: A method includes obtaining an incoming event log, splitting the incoming event log into a set of tokens, and identifying a subset of the tokens as anchor tokens. The method also includes utilizing an ordered list of the anchor tokens to traverse through a set of anchor token trees and, responsive to identifying a path from (i) a root node of a given one of the anchor token trees to (ii) a given leaf node of the given anchor token tree corresponding to the ordered list of the anchor tokens, selecting a given parser associated with the given leaf node. The method further includes extracting data from the incoming event log utilizing the given parser, detecting one or more security threats affecting at least one asset in an enterprise system based on the extracted data, and applying at least one remediation action to mitigate the detected security threats.

Abstract: A method includes obtaining an incoming event log, splitting the incoming event log into a set of tokens, and identifying a subset of the tokens as anchor tokens. The method also includes utilizing an ordered list of the anchor tokens to traverse through a set of anchor token trees and, responsive to identifying a path from (i) a root node of a given one of the anchor token trees to (ii) a given leaf node of the given anchor token tree corresponding to the ordered list of the anchor tokens, selecting a given parser associated with the given leaf node. The method further includes extracting data from the incoming event log utilizing the given parser, detecting one or more security threats affecting at least one asset in an enterprise system based on the extracted data, and applying at least one remediation action to mitigate the detected security threats.