In enterprise threat detection (ETD), log events are typically written in several log persistencies by applications connected to an ETD system. These log entries are then read asynchronously (for example, periodically every minute) by an application interface associated with each application, converted into a particular format, and sent to the ETD system. Asynchronous operation in ETD is inefficient and introduces unnecessary complexity.
Additionally, some logging is configurable. In case a log is not configured (or only partly configured) or incorrectly configured, required log events will not be written/transferred to the ETD system. Other events that may be useful/necessary for proper ETD are not written to any log or configured to be part of ETD due to time and cost reasons. The lack of received logs (due to errors or lack of set up), reduces the effectiveness of ETD functionality.