История

Ofer Shezaf 9b8247c42e Rename product		2021-11-03 10:40:18 +02:00
..
ARM	Rename product	2021-11-03 10:40:18 +02:00
ProductParsers	Rename product	2021-11-03 10:40:18 +02:00
FileEventEmpty.yaml	Fix spelling errors in file event schema	2021-10-12 00:08:20 -05:00
FileEventGeneric.yaml	Updating ARM to yamls (#2783 )	2021-08-03 22:01:22 +03:00
FullDeploymentFileEvent.json	FileEvent Linking AzureStorage	2021-08-03 20:25:01 +03:00
README.md	Rename product	2021-11-03 10:40:18 +02:00

README.md

Advanced SIEM Information Model (ASIM) FileEvent parsers

This template deploys all ASIM FileEvent parsers. The template is part of the Advanced SIEM Information Model (ASIM).

The Advanced SIEM Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

For more information, see:

The template deploys parsers for the following products:

vimFileEventEmpty - An empty FileEvent table
vimFileEventGeneric - Source agnostic parser
vimFileEventMicrosoftDefender - Microsoft Defender
vimFileEventMicrosoftFileStorage - Microsoft Azure File Storage
vimFileEventMicrosoftSharePoint - Microsoft SharePoint
vimFileEventMicrosoftSysmonFileCreated - Sysmon File Created event (EventId 11)
vimFileEventMicrosoftSysmonFileDeleted - Sysmon File Deleted events (EventId 23, 26)