История

Ofer Shezaf 8ce266d4b8 asim/workspace-region-deploy		2023-04-18 14:12:09 +03:00
..
ARM	asim/workspace-region-deploy	2023-04-18 14:12:09 +03:00
test	ASIM parser development guideline (#7673 )	2023-04-05 08:42:26 -07:00
README.md	ASIM rename and update links	2022-02-06 16:04:11 +02:00

README.md

Microsoft Windows Events ASIM parsers

This template deploys all [Microsoft Windows Event] ASIM parsers. The template is part of the Advanced Security Information Model (ASIM).The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

For more information, see:

Normalization and the Advanced Security Information Model (ASIM)

The template deploys the following:

vimRegistryEventMicrosoftWindowsEvent
vimProcessCreateMicrosoftWindowsEvents
vimProcessTerminateMicrosoftWindowsEvents
vimAuthenticationMicrosoftWindowsEvent