After applying enrichment, a log displays additional information not collected initially during log collection. For example, consider a device with the IP address 129.26.3.192 used by an employee named Bob. The logs collected from this device may lack details about Bob, such as his department, email, location, and manager. However, configuring an enrichment source fetches these details from the ODBC server and inserts them into the logs whenever the IP address in a log matches Bob’s IP.
The second of the following two screenshots shows what an enriched log looks like compared to an unenriched one.
Unenriched Log Sample¶
Enriched Log Sample¶