Alert Event ASIM filtering parser
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | imAlertEvent |
| Built-in Parser | _Im_AlertEvent |
| Schema | AlertEvent |
| Schema Version | 0.1 |
| Parser Type | 📦 Union (schema-level) |
| Parser Version | 0.1.0 (version history) |
| Last Updated | Mar 11 2024 |
| Source File | Parsers\ASimAlertEvent\Parsers\imAlertEvent.yaml |
Description
This ASIM parser supports filtering and normalizing Alert logs from all supported sources to the ASIM 'Alert' normalized schema.
Products
This union parser includes parsers for the following products:
| Product | Source Parser | Solutions |
|---|---|---|
| Microsoft Defender XDR | _Im_AlertEvent_MicrosoftDefenderXDR | |
| SentinelOne | _Im_AlertEvent_SentinelOneSingularity |
Parameters
| Name | Type | Default |
|---|---|---|
starttime |
datetime | datetime(null) |
endtime |
datetime | datetime(null) |
ipaddr_has_any_prefix |
dynamic | dynamic([]) |
hostname_has_any |
dynamic | dynamic([]) |
username_has_any |
dynamic | dynamic([]) |
attacktactics_has_any |
dynamic | dynamic([]) |
attacktechniques_has_any |
dynamic | dynamic([]) |
threatcategory_has_any |
dynamic | dynamic([]) |
alertverdict_has_any |
dynamic | dynamic([]) |
eventseverity_has_any |
dynamic | dynamic([]) |
pack |
bool | False |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊