Azure-Sentinel/Parsers/ASim Sysmon for Linux

ASIM parsers for Sysmon for Linux

This template deploys all the upcoming Sysmon for Linux Microsoft Sentinel ASIM parsers. The template is part of the Advanced Security Information Model (ASIM). The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

When deploying the parsers, you make sure that telemetry from Sysmon for Linux is analyzed using the built-in Microsoft Sentinel Analytics. You also enable analysts easier access to the telemetry using a known, standard, schema.

Note: to get the best value from ASIM and make sure that Sysmon for Linux telemetry is included in Microsoft Sentinel Analytics, deploy the full ASIM parser suite.

The template deploys the following:

• ASIM Sysmon for Linux File Activity parsers - vimFileEventLinuxSysmonFileCreated, vimFileEventLinuxSysmonFileDeleted
• ASIM Sysmon for Linux Process Events parser - vimProcessCreateLinuxSysmon, vimProcessTerminateLinuxSysmon
• ASIM Sysmon for Linux Network Sessions parser - vimNetworkSessionLinuxSysmon