Authentication ASIM filtering parser

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index

---

Parser Information

Property	Value
Parser Name	imAuthentication
Built-in Parser	_Im_Authentication
Schema	Authentication
Schema Version	0.1.4
Parser Type	📦 Union (schema-level)
Parser Version	0.3.10 (version history)
Last Updated	Apr 09, 2026
Source File	Parsers\ASimAuthentication\Parsers\imAuthentication.yaml

Description

This ASIM parser supports filtering and normalizing Authentication logs from all supported sources to the ASIM Authentication normalized schema.

Products

This union parser includes parsers for the following products:

Product	Source Parser	Solutions
Microsoft Entra ID	_Im_Authentication_AADManagedIdentitySignInLogs	Microsoft Entra ID
Microsoft Entra ID	_Im_Authentication_AADNonInteractiveUserSignInLogs	Microsoft Entra ID
Microsoft Entra ID	_Im_Authentication_AADServicePrincipalSignInLogs	Microsoft Entra ID
AWS	_Im_Authentication_AWSCloudTrail	Amazon Web Services
Barracuda WAF	_Im_Authentication_BarracudaWAF	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Cisco Adaptive Security Appliance (ASA)	_Im_Authentication_CiscoASA	CiscoASA Common Event Format VirtualMetric DataStream Zscaler Internet Access
Cisco IOS	_Im_Authentication_CiscoIOS	Syslog
Cisco ISE	_Im_Authentication_CiscoISE	Syslog
Cisco ISE Administrator	_Im_Authentication_CiscoISEAdministrator	Syslog
Cisco Meraki	_Im_Authentication_CiscoMeraki	CiscoMeraki CustomLogsAma
Cisco Meraki	_Im_Authentication_CiscoMerakiSyslog	Syslog
CrowdStrike Falcon Endpoint Protection	_Im_Authentication_CrowdStrikeFalconHost	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Fortigate	_Im_Authentication_FortinetFortigate	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Google Workspace	_Im_Authentication_GoogleWorkspace
Illumio	_Im_Authentication_IllumioSaaSCore	IllumioSaaS
M365 Defender for EndPoint	_Im_Authentication_M365Defender
Microsoft Defender for IoT	_Im_Authentication_MD4IoT
Windows Security Events	_Im_Authentication_MicrosoftWindowsEvent	Microsoft Exchange Security - Exchange On-Premises Windows Forwarded Events Windows Security Events
Native	_Im_Authentication_Native	SynqlyIntegrationConnector VMware Carbon Black Cloud
Okta	_Im_Authentication_OktaSSO	Okta Single Sign-On
Okta	_Im_Authentication_OktaSystemLogs
Okta	_Im_Authentication_OktaV2	Okta Single Sign-On
Palo Alto Cortex Data Lake	_Im_Authentication_PaloAltoCortexDataLake	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Palo Alto PAN-OS GlobalProtect	_Im_Authentication_PaloAltoGlobalProtect	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Palo Alto PAN-OS	_Im_Authentication_PaloAltoPanOS	Common Event Format VirtualMetric DataStream Zscaler Internet Access
PostgreSQL	_Im_Authentication_PostgreSQL	CustomLogsAma
Salesforce Service Cloud	_Im_Authentication_SalesforceSC
SentinelOne	_Im_Authentication_SentinelOne
Microsoft Entra ID	_Im_Authentication_SigninLogs	Microsoft Entra ID
OpenSSH	_Im_Authentication_Sshd	Syslog
su	_Im_Authentication_Su	Syslog
sudo	_Im_Authentication_Sudo	Syslog
VMware Carbon Black Cloud	_Im_Authentication_VMwareCarbonBlackCloud
VMware vCenter	_Im_Authentication_VMwareVCenter	CustomLogsAma
Vectra	_Im_Authentication_VectraXDRAudit	Vectra XDR

Parameters

Name	Type	Default
starttime	datetime	datetime(null)
endtime	datetime	datetime(null)
username_has_any	dynamic	dynamic([])
targetappname_has_any	dynamic	dynamic([])
srcipaddr_has_any_prefix	dynamic	dynamic([])
srchostname_has_any	dynamic	dynamic([])
eventtype_in	dynamic	dynamic([])
eventresultdetails_in	dynamic	dynamic([])
eventresult	string	*
pack	bool	False

References

• ASIM Authentication Schema
• ASIM

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index