История

Ofer Shezaf 8ce266d4b8 asim/workspace-region-deploy		2023-04-18 14:12:09 +03:00
..
test	ASIM parser development guideline (#7673 )	2023-04-05 08:42:26 -07:00
MD4IoTFullDeployment.json	asim/workspace-region-deploy	2023-04-18 14:12:09 +03:00
README.md	ASIM rename and update links	2022-02-06 16:04:11 +02:00

README.md

ASIM parsers for Microsoft Defender for IoT - Endpoint

This template deploys all Microsoft Defender for IoT - Endpoint Microsoft Sentinel ASIM parsers. The template is part of the Advanced Security Information Model (ASIM).The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

When deploying the parsers, you make sure that telemetry from MD4IoT is analyzed using the built-in Microsoft Sentinel Analytics. You also enable analysts easier access to the telemetry using a known, standard, schema.

Note: to get the best value from ASIM and make sure that Microsoft Defender for IoT - Endpoint telemetry is included in Microsoft Sentinel Analytics, deploy the full ASIM parser suite.

For more information, see:

The template deploys the following:

ASIM Process Events parser for MD4IoT-Endpoint - vimProcessEventMD4IoT
ASIM Authentication Events parser for MD4IoT-Endpoint - vimAuthenticationMD4IoT
ASIM Network Session Events parser for MD4IoT-Endpoint - vimNetworkSessionMD4IoT