31 строка
840 B
YAML
31 строка
840 B
YAML
|
|
Parser:
|
|
Title: ASIM Source Agnostic File Events Parser
|
|
Version: '0.1'
|
|
LastUpdated: July 5, 2021
|
|
Product:
|
|
Name: Source Agnostic
|
|
Normalization:
|
|
Schema: FileEvent
|
|
Version: '0.1.0'
|
|
References:
|
|
- Title: ASIM File Event Schema
|
|
Link: https://aka.ms/AzSentinelFileEventsDoc
|
|
- Title: ASIM
|
|
Link: https://aka.ms/AzSentinelNormalization
|
|
Description: |
|
|
ASIM Source Agnostic File Events Parser
|
|
ParserName: imFileEvent
|
|
ParserQuery: |
|
|
union isfuzzy=true
|
|
vimFileEventEmpty,
|
|
vimFileEventLinuxSysmonFileCreated,
|
|
vimFileEventLinuxSysmonFileDeleted,
|
|
vimFileEventAzureBlobStorage,
|
|
vimFileEventM365D,
|
|
vimFileEventAzureFileStorage,
|
|
vimFileEventAzureQueueStorage,
|
|
vimFileEventMicrosoftSharePoint,
|
|
vimFileEventMicrosoftSysmonCreated,
|
|
vimFileEventMicrosoftSysmonDeleted,
|
|
vimFileEventAzureTableStorage |