Network Session ASIM parser for Microsoft Windows Firewall Events
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimNetworkSessionMicrosoftSecurityEventFirewall |
| Built-in Parser | _ASim_NetworkSession_MicrosoftSecurityEventFirewall |
| Schema | NetworkSession |
| Schema Version | 0.2.6 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Windows Firewall |
| Parser Version | 0.5.0 (version history) |
| Last Updated | Jul 17, 2024 |
| Unifying Parser | ASimNetworkSession |
| Source File | Parsers\ASimNetworkSession\Parsers\ASimNetworkSessionMicrosoftSecurityEventFirewall.yaml |
Description
This ASIM parser supports normalizing Microsoft Windows Firewall Events logs ingested in 'SecurityEvent' table to the ASIM Network Session schema. Event IDs which are parsed as part of this parser: 5150, 5151, 5152, 5153, 5154, 5155, 5156, 5167, 5158, 5159
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Event |
✓ | ✓ | ? | |
SecurityEvent |
EventID in "5152,5154,5155,5156,5157,5158,5159" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| ESI-Opt34DomainControllersSecurityEventLogs | Microsoft Exchange Security - Exchange On-Premises |
| SecurityEvents | Windows Security Events |
| WindowsSecurityEvents | Windows Security Events |
Solutions: Microsoft Exchange Security - Exchange On-Premises, Windows Security Events
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊