File delete activity ASIM parser for Sysmon for Linux
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimFileEventLinuxSysmonFileDeleted |
| Built-in Parser | _ASim_FileEvent_LinuxSysmonFileDeleted |
| Schema | FileEvent |
| Schema Version | 0.1.0 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Microsoft Sysmon for Linux |
| Parser Version | 0.2.1 (version history) |
| Last Updated | Nov 17, 2023 |
| Unifying Parser | ASimFileEvent |
| Source File | Parsers\ASimFileEvent\Parsers\ASimFileEventLinuxSysmonFileDeleted.yaml |
Description
This ASIM parser supports normalizing Sysmon for Linux events 23 and 26, stored in the Syslog table, to the ASIM file activity schema file delete event.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Syslog |
SyslogMessage has "<Provider Name="SyslogMessage has_any "<EventID>23</EventID>,<EventID>26</EventID>" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| SyslogAma | Syslog |
Solutions: Syslog
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊