Network Session ASIM filtering parser

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index

---

Parser Information

Property	Value
Parser Name	imNetworkSession
Built-in Parser	_Im_NetworkSession
Schema	NetworkSession
Schema Version	0.2.7
Parser Type	📦 Union (schema-level)
Parser Version	0.6.3 (version history)
Last Updated	Mar 30, 2026
Source File	Parsers\ASimNetworkSession\Parsers\imNetworkSession.yaml

Description

This ASIM parser supports filtering and normalizing Network Session logs from all supported sources to the ASIM Network Session normalized schema.

Products

This union parser includes parsers for the following products:

Product	Source Parser	Solutions
AWS VPC	_Im_NetworkSession_AWSVPC	AWS VPC Flow Logs
AppGate SDP	_Im_NetworkSession_AppGateSDP	Syslog
Azure Firewall	_Im_NetworkSession_AzureFirewall	Azure Firewall
Azure NSG flows	_Im_NetworkSession_AzureNSG
Barracuda WAF	_Im_NetworkSession_BarracudaCEF	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Barracuda WAF	_Im_NetworkSession_BarracudaWAF
CheckPointFirewall	_Im_NetworkSession_CheckPointFirewall	Common Event Format VirtualMetric DataStream Zscaler Internet Access
CheckPointSmartDefense	_Im_NetworkSession_CheckPointSmartDefense	Common Event Format VirtualMetric DataStream Zscaler Internet Access
CiscoASA	_Im_NetworkSession_CiscoASA	CiscoASA Common Event Format VirtualMetric DataStream Zscaler Internet Access
Cisco Firepower	_Im_NetworkSession_CiscoFirepower	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Cisco ISE	_Im_NetworkSession_CiscoISE	Syslog
Cisco Meraki	_Im_NetworkSession_CiscoMeraki	CiscoMeraki CustomLogsAma
Cisco Meraki	_Im_NetworkSession_CiscoMeraki	CiscoMeraki CustomLogsAma
Cisco Meraki	_Im_NetworkSession_CiscoMerakiSyslog	Syslog
Corelight Zeek	_Im_NetworkSession_CorelightZeek	Corelight
CrowdStrike Falcon Endpoint Protection	_Im_NetworkSession_CrowdStrikeFalconHost	Common Event Format VirtualMetric DataStream Zscaler Internet Access
ForcePointFirewall	_Im_NetworkSession_ForcePointFirewall	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Fortinet FortiGate	_Im_NetworkSession_FortinetFortiGate	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Illumio SaaS Core	_Im_NetworkSession_IllumioSaaSCore	IllumioSaaS
Sysmon for Linux	_Im_NetworkSession_LinuxSysmon	Syslog
Microsoft Defender for IoT	_Im_NetworkSession_MD4IoTAgent
Microsoft Defender for IoT	_Im_NetworkSession_MD4IoTSensor
M365 Defender for Endpoint	_Im_NetworkSession_Microsoft365Defender
Windows Firewall	_Im_NetworkSession_MicrosoftSecurityEventFirewall	Microsoft Exchange Security - Exchange On-Premises Windows Security Events
Windows Sysmon	_Im_NetworkSession_MicrosoftSysmon
Windows Sysmon	_Im_NetworkSession_MicrosoftSysmonWindowsEvent	Windows Forwarded Events
Windows Firewall	_Im_NetworkSession_MicrosoftWindowsEventFirewall	Windows Forwarded Events
Azure NTANetAnalytics	_Im_NetworkSession_NTANetAnalytics
Native	_Im_NetworkSession_Native	Cisco Meraki Events via REST API SynqlyIntegrationConnector VMware Carbon Black Cloud
Palo Alto PanOS	_Im_NetworkSession_PaloAltoCEF	Common Event Format VirtualMetric DataStream Zscaler Internet Access
Palo Alto Cortex Data Lake	_Im_NetworkSession_PaloAltoCortexDataLake	Common Event Format VirtualMetric DataStream Zscaler Internet Access
SentinelOne	_Im_NetworkSession_SentinelOne
SonicWall	_Im_NetworkSession_SonicWallFirewall	Common Event Format VirtualMetric DataStream Zscaler Internet Access
VMConnection	_Im_NetworkSession_VMConnection
VMware Carbon Black Cloud	_Im_NetworkSession_VMwareCarbonBlackCloud
Vectra AI Streams	_Im_NetworkSession_VectraAI	CustomLogsAma Vectra AI Stream
WatchGuard Fireware OS	_Im_NetworkSession_WatchGuardFirewareOS	Syslog
Zscaler ZIA Firewall	_Im_NetworkSession_ZscalerZIA	Common Event Format VirtualMetric DataStream Zscaler Internet Access

Parameters

Name	Type	Default
starttime	datetime	datetime(null)
endtime	datetime	datetime(null)
srcipaddr_has_any_prefix	dynamic	dynamic([])
dstipaddr_has_any_prefix	dynamic	dynamic([])
ipaddr_has_any_prefix	dynamic	dynamic([])
dstportnumber	int	int(null)
hostname_has_any	dynamic	dynamic([])
dvcaction	dynamic	dynamic([])
eventresult	string	*
pack	bool	False

References

• ASIM NetworkSession Schema
• ASIM

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index