IT and Security Teams collect data from as many sources as possible with the mindset of detecting malicious activities, anomalies, performance monitoring or troubleshooting.
Data can tell more than just what the log shows.
The contemplator approach is about understanding your data and what else it can tell through enrichment, even if it is not related to the primary purpose of the log. For this approach, data enrichment is classified in 3 categories: format, intelligence and labeling. Each category helps in understanding what type of enrichment can be applied to given fields in a log.
Data enrichment increases the context, opening human and machine learning eyes to a wider picture of happenings.
Happenings can be used for security monitoring, security reporting, compliance or business intelligence.
Data enrichment can be used to detect licensed software downloaded from an embargoed country, acquisitions involving competitors, network scans and DDoS orchestrated using a given network carrier, scam calls, pricing espionage in ecommerce websites, companies looking at your website content, and more.
You only see what your logs want you to see. What else can you see?