Registry Event ASIM parser for Microsoft 365 Defender for Endpoint
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimRegistryEventMicrosoft365D |
| Built-in Parser | _ASim_RegistryEvent_Microsoft365D |
| Schema | RegistryEvent |
| Schema Version | 0.1.0 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Microsoft 365 Defender for Endpoint |
| Parser Version | 0.1.3 (version history) |
| Last Updated | Feb 26, 2026 |
| Unifying Parser | ASimRegistry |
| Source File | Parsers\ASimRegistryEvent\Parsers\ASimRegistryEventMicrosoft365D.yaml |
Description
This ASIM parser supports normalizing Microsoft 365 Defender for endpoint logs, produced by the Microsoft Sentinel Microsoft 365 Defender connector, to the ASIM Registry Event normalized schema.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
DeviceRegistryEvents |
ActionType in "RegistryKeyDeleted,RegistryKeyRenamed,RegistryValueDeleted,RegistryValueSet" |
✓ | ✗ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| MicrosoftThreatProtection | Microsoft Defender XDR |
Solutions: Microsoft Defender XDR
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊