Azure-Sentinel/Parsers/ASim Microsoft Defender for...
Ofer Shezaf 9b8247c42e Rename product 2021-11-03 10:40:18 +02:00
..
MD4IoTFullDeployment.json Initial 2021-09-13 00:44:02 +03:00
README.md Rename product 2021-11-03 10:40:18 +02:00

README.md

ASIM parsers for Microsoft Defender for IoT - Endpoint

This template deploys all Microsoft Defender for IoT - Endpoint Microsoft Sentinel ASIM parsers. The template is part of the Advanced SIEM Information Model (ASIM).The Advanced SIEM Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

When deploying the parsers, you make sure that telemetry from MD4IoT is analyzed using the built-in Microsoft Sentinel Analytics. You also enable analysts easier access to the telemetry using a known, standard, schema.

Note: to get the best value from ASIM and make sure that Microsoft Defender for IoT - Endpoint telemetry is included in Microsoft Sentinel Analytics, deploy the full ASIM parser suite.

For more information, see:


Deploy to Azure


The template deploys the following:

  • ASIM Process Events parser for MD4IoT-Endpoint - vimProcessEventMD4IoT
  • ASIM Authentication Events parser for MD4IoT-Endpoint - vimAuthenticationMD4IoT
  • ASIM Network Session Events parser for MD4IoT-Endpoint - vimNetworkSessionMD4IoT