LEEF

The Log Event Extended Format is an enterprise security event logging format created by IBM QRadar.

Features:

• Lightweight parsing requirements
• Fixed header fields: version, vendor, product, version, eventID
• Variable attributes section
• Optimized for SIEM processing