DNS activity ASIM filtering parser.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | imDns |
| Built-in Parser | _Im_Dns |
| Schema | Dns |
| Schema Version | 0.1.7 |
| Parser Type | 📦 Union (schema-level) |
| Parser Version | 0.5.2 (version history) |
| Last Updated | June 7, 2024 |
| Source File | Parsers\ASimDns\Parsers\imDns.yaml |
Description
This ASIM parser supports filtering and normalizing DNS activity logs from all supported sources to the ASIM DNS activity normalized schema.
Products
This union parser includes parsers for the following products:
| Product | Source Parser | Solutions |
|---|---|---|
| Azure Firewall | _Im_Dns_AzureFirewall | Azure Firewall |
| Cisco Umbrella | _Im_Dns_CiscoUmbrella | CiscoUmbrella |
| Corelight Zeek | _Im_Dns_CorelightZeek | Corelight |
| Fortinet FortiGate | _Im_Dns_FortinetFortiGate | Common Event Format VirtualMetric DataStream Zscaler Internet Access |
| GCP Cloud DNS | _Im_Dns_Gcp | |
| Infoblox BloxOne | _Im_Dns_InfobloxBloxOne | Common Event Format VirtualMetric DataStream Zscaler Internet Access |
| Infoblox NIOS | _Im_Dns_InfobloxNIOS | Syslog |
| MS DNS Events | _Im_Dns_MicrosoftNXlog | NXLogDNSLogs |
| MS DNS Events | _Im_Dns_MicrosoftOMS | Windows Server DNS |
| Microsoft Windows Events Sysmon | _Im_Dns_MicrosoftSysmon | |
| Microsoft Windows Events Sysmon | _Im_Dns_MicrosoftSysmonWindowsEvent | Windows Forwarded Events |
| Native | _Im_Dns_Native | SynqlyIntegrationConnector |
| SentinelOne | _Im_Dns_SentinelOne | |
| Vectra AI Streams | _Im_Dns_VectraAI | CustomLogsAma Vectra AI Stream |
| Zscaler ZIA DNS | _Im_Dns_ZscalerZIA | Common Event Format VirtualMetric DataStream Zscaler Internet Access |
Parameters
| Name | Type | Default |
|---|---|---|
starttime |
datetime | datetime(null) |
endtime |
datetime | datetime(null) |
srcipaddr |
string | * |
domain_has_any |
dynamic | dynamic([]) |
responsecodename |
string | * |
response_has_ipv4 |
string | * |
response_has_any_prefix |
dynamic | dynamic([]) |
eventtype |
string | lookup |
pack |
bool | False |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊