Process Create ASIM parser for VMware Carbon Black Cloud
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimProcessCreateVMwareCarbonBlackCloud |
| Built-in Parser | _ASim_ProcessEvent_CreateVMwareCarbonBlackCloud |
| Schema | ProcessEvent |
| Schema Version | 0.1.4 |
| Parser Type | 🔌 Source (product-specific) |
| Product | VMware Carbon Black Cloud |
| Parser Version | 0.1.1 (version history) |
| Last Updated | Dec 11, 2023 |
| Unifying Parser | ASimProcessEvent, ASimProcessEventCreate |
| Source File | Parsers\ASimProcessEvent\Parsers\ASimProcessCreateVMwareCarbonBlackCloud.yaml |
Description
This ASIM parser supports normalizing VMware Carbon Black Cloud logs to the ASIM Process Create normalized schema. VMware Carbon Black Cloud events are captured through VMware Carbon Black Cloud data connector which ingests Carbon Black Audit, Notification and Event data into Microsoft Sentinel through the REST API.
Source Tables
This parser reads from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CarbonBlackEvents_CL 🔶 |
✗ | ✓ | ✗ |
CarbonBlackNotifications_CL 🔶 |
✗ | ✓ | ✗ |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| VMwareCarbonBlack | VMware Carbon Black Cloud (legacy connector) |
Solutions: VMware Carbon Black Cloud (legacy connector)
References
- ASIM Process Schema
- ASIM
- [VMware Carbon Black Cloud documentation](https://developer.carbonblack.com/reference/carbon-black-cloud/data-forwarder/schema/latest/endpoint.event-1.0.0/ https://developer.carbonblack.com/reference/cb-threathunter/latest/event-search-fields/)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊