Data enrichment means adding external or contextual information to raw security events so analysts can interpret them more effectively. Attaching reputation scores and other threat-intelligence details to IP addresses or domains observed in log events enriches the data with actionable context, improving correlation and detection. Compressing, purging, or mirroring logs change storage or availability but do not add new context, so they are not examples of enrichment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is threat intelligence data?
Open an interactive chat with Bash
What is a SIEM platform?
Open an interactive chat with Bash
What is data enrichment in the context of cybersecurity?