Process Create Event ASIM parser for Sysmon for Linux
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimProcessCreateLinuxSysmon |
| Built-in Parser | _ASim_ProcessEvent_CreateLinuxSysmon |
| Schema | ProcessEvent |
| Schema Version | 0.1.0 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Sysmon for Linux |
| Parser Version | 0.2.1 (version history) |
| Last Updated | Feb 23, 2022 |
| Unifying Parser | ASimProcessEvent, ASimProcessEventCreate |
| Source File | Parsers\ASimProcessEvent\Parsers\ASimProcessCreateLinuxSysmon.yaml |
Description
This ASIM parser supports normalizing Sysmon for Linux process create events (event 1) collected using the Syslog connector to the ASIM Process Event normalized schema.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Syslog |
SyslogMessage has_all "<Provider Name=" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| SyslogAma | Syslog |
Solutions: Syslog
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊