История

Ofer Shezaf 9b8247c42e Rename product		2021-11-03 10:40:18 +02:00
..
MicrosoftWindowsEventFullDeployment.json	Update MicrosoftWindowsEventFullDeployment.json	2021-11-02 08:02:11 +02:00
README.md	Rename product	2021-11-03 10:40:18 +02:00

README.md

Microsoft Windows Events ASIM parsers

This template deploys all [Microsoft Windows Event] ASIM parsers. The template is part of the Advanced SIEM Information Model (ASIM).The Advanced SIEM Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

For more information, see:

Normalization and the Advanced SIEM Information Model (ASIM)

The template deploys the following:

vimRegistryEventMicrosoftWindowsEvent
vimProcessCreateMicrosoftWindowsEvents
vimProcessTerminateMicrosoftWindowsEvents
vimNetworkSessionMicrosoftWindowsEventFirewall