Azure-Sentinel/Parsers/ASim WindowsEvent/README.md

850 B

Microsoft Windows Events ASIM parsers

This template deploys all [Microsoft Windows Event] ASIM parsers. The template is part of the Advanced SIEM Information Model (ASIM).The Advanced SIEM Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

For more information, see:


Deploy to Azure


The template deploys the following:

  • vimRegistryEventMicrosoftWindowsEvent
  • vimProcessCreateMicrosoftWindowsEvents
  • vimProcessTerminateMicrosoftWindowsEvents
  • vimAuthenticationMicrosoftWindowsEvent