We created some open source parsers for Logstash, customized for some common software products (Symantec, CarbonBlack etc.): https://github.com/empow/logstash-parsers/
I would love to hear your opinions - how useful could these be for security analysts?
The intent here is to save time-consuming and tricky work of "deciphering" the data in log chunks. The logic uses Grok, MITRE and maps to ECS.