История

github-actions[bot] ef185b1662 [ASIM Parsers] Generate deployable ARM templates from KQL function YAML files.		2024-07-30 10:29:53 +00:00
..
ARM	[ASIM Parsers] Generate deployable ARM templates from KQL function YAML files.	2024-07-30 10:29:53 +00:00
Field Mappings/Templates	renamed files	2024-04-08 11:42:13 +05:30
Parsers	updated	2024-07-30 15:56:22 +05:30
test	Merge branch 'master' into ASimFileEventMicrosoftWindowsEvents.yaml-28	2024-07-30 11:42:14 +05:30
README.md	ASIM rename and update links	2022-02-06 16:04:11 +02:00

README.md

Advanced Security Information Model (ASIM) FileEvent parsers

This template deploys all ASIM FileEvent parsers. The template is part of the Advanced Security Information Model (ASIM).

The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

For more information, see:

The template deploys parsers for the following products:

vimFileEventEmpty - An empty FileEvent table
vimFileEventGeneric - Source agnostic parser
vimFileEventMicrosoftDefender - Microsoft Defender
vimFileEventMicrosoftFileStorage - Microsoft Azure File Storage
vimFileEventMicrosoftSharePoint - Microsoft SharePoint
vimFileEventMicrosoftSysmonFileCreated - Sysmon File Created event (EventId 11)
vimFileEventMicrosoftSysmonFileDeleted - Sysmon File Deleted events (EventId 23, 26)