Audit event ASIM filtering parser.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | imAuditEvent |
| Built-in Parser | _Im_AuditEvent |
| Schema | AuditEvent |
| Schema Version | 0.1 |
| Parser Type | 📦 Union (schema-level) |
| Parser Version | 0.1.6 (version history) |
| Last Updated | March 10, 2026 |
| Source File | Parsers\ASimAuditEvent\Parsers\imAuditEvent.yaml |
Description
This ASIM parser supports normalizing audit events from all supported sources to the ASIM Audit Event activity normalized schema. This is an similar to to the ASIM version, but using different exclusion keys.
Products
This union parser includes parsers for the following products:
Parameters
| Name | Type | Default |
|---|---|---|
starttime |
datetime | datetime(null) |
endtime |
datetime | datetime(null) |
srcipaddr_has_any_prefix |
dynamic | dynamic([]) |
actorusername_has_any |
dynamic | dynamic([]) |
operation_has_any |
dynamic | dynamic([]) |
eventtype_in |
dynamic | dynamic([]) |
eventresult |
string | * |
object_has_any |
dynamic | dynamic([]) |
newvalue_has_any |
dynamic | dynamic([]) |
pack |
bool | False |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊