ASIM ASIM Source Agnostic File Events Parser

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to ASIM Index

Parser Information

Property Value
Parser Name imFileEvent
Built-in Parser _Im_FileEvent
Schema FileEvent
Schema Version 0.2.1
Parser Type 📦 Union (schema-level)
Parser Version 0.2.2 (version history)
Last Updated Feb 06, 2026
Source File Parsers\ASimFileEvent\Parsers\imFileEvent.yaml

Description

This ASIM parser supports normalizing File activity logs from all supported sources to the ASIM File Event normalized schema.

Products

This union parser includes parsers for the following products:

Product Source Parser Solutions
AWS Cloud Trail _Im_FileEvent_AWSCloudTrail Amazon Web Services
Microsoft Azure Blob Storage _Im_FileEvent_AzureBlobStorage Azure Storage
Microsoft Azure File Storage _Im_FileEvent_AzureFileStorage Azure Storage
Microsoft Azure Queue Storage _Im_FileEvent_AzureQueueStorage Azure Storage
Microsoft Azure Table Storage _Im_FileEvent_AzureTableStorage Azure Storage
Google Workspace _Im_FileEvent_GoogleWorkspace
Microsoft Sysmon for Linux _Im_FileEvent_LinuxSysmonFileCreated Syslog
Microsoft Sysmon for Linux _Im_FileEvent_LinuxSysmonFileDeleted Syslog
Microsoft 365 Defender for EndPoint _Im_FileEvent_Microsoft365D
Microsoft Windows Events _Im_FileEvent_MicrosoftSecurityEvents Windows Security Events
Microsoft SharePoint _Im_FileEvent_MicrosoftSharePoint
Windows Sysmon _Im_FileEvent_MicrosoftSysmon
Windows Sysmon _Im_FileEvent_MicrosoftSysmonWindowsEvent Windows Forwarded Events
Microsoft Windows Events _Im_FileEvent_MicrosoftWindowsEvents Windows Forwarded Events
Native _Im_FileEvent_Native SynqlyIntegrationConnector
VMware Carbon Black Cloud
SentinelOne _Im_FileEvent_SentinelOne
VMware Carbon Black Cloud _Im_FileEvent_VMwareCarbonBlackCloud

Parameters

Name Type Default
starttime datetime datetime(null)
endtime datetime datetime(null)
eventtype_in dynamic dynamic([])
srcipaddr_has_any_prefix dynamic dynamic([])
actorusername_has_any dynamic dynamic([])
targetfilepath_has_any dynamic dynamic([])
srcfilepath_has_any dynamic dynamic([])
hashes_has_any dynamic dynamic([])
dvchostname_has_any dynamic dynamic([])
disabled bool False
pack bool False

References

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to ASIM Index