Audit Event ASIM parser for VMware Carbon Black Cloud
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimAuditEventVMwareCarbonBlackCloud |
| Built-in Parser | _ASim_AuditEvent_VMwareCarbonBlackCloud |
| Schema | AuditEvent |
| Schema Version | 0.1 |
| Parser Type | 🔌 Source (product-specific) |
| Product | VMware Carbon Black Cloud |
| Parser Version | 0.2.0 (version history) |
| Last Updated | Jan 31 2024 |
| Unifying Parser | ASimAuditEvent |
| Source File | Parsers\ASimAuditEvent\Parsers\ASimAuditEventVMwareCarbonBlackCloud.yaml |
Description
This ASIM parser supports normalizing VMware Carbon Black Cloud logs to the ASIM Audit Event normalized schema. VMware Carbon Black Cloud events are captured through VMware Carbon Black Cloud data connector which ingests Carbon Black Audit, Notification and Event data into Microsoft Sentinel through the REST API.
Source Tables
This parser reads from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CarbonBlackAuditLogs_CL 🔶 |
? | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊