Process Create ASIM parser
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | imProcessCreate |
| Built-in Parser | _Im_ProcessCreate |
| Schema | ProcessEvent |
| Schema Version | 0.1.0 |
| Parser Type | 📦 Union (schema-level) |
| Parser Version | 0.1.2 (version history) |
| Last Updated | Feb 23, 2022 |
| Source File | Parsers\ASimProcessEvent\Parsers\imProcessCreate.yaml |
Description
This ASIM parser supports normalizing process create event logs from all supported sources to the ASIM ProcessEvent normalized schema.
Products
This union parser includes parsers for the following products:
| Product | Source Parser | Solutions |
|---|---|---|
| _Im_ProcessCreateTrendMicroVisionOne | ||
| _Im_ProcessCreate_LinuxSysmon | ||
| _Im_ProcessCreate_MD4IoT | ||
| _Im_ProcessCreate_MicrosoftSecurityEvents | ||
| _Im_ProcessCreate_MicrosoftWindowsEvents | ||
| SentinelOne | _Im_ProcessCreate_SentinelOne | |
| _Im_ProcessCreate_VMwareCarbonBlackCloud | ||
| Sysmon | _Im_ProcessEvent_CreateMicrosoftSysmon | |
| Microsoft 365 Defender for endpoint | _Im_ProcessEvent_Microsoft365D | |
| Native | _Im_ProcessEvent_Native | SynqlyIntegrationConnector VMware Carbon Black Cloud |
Parameters
| Name | Type | Default |
|---|---|---|
starttime |
datetime | datetime(null) |
endtime |
datetime | datetime(null) |
commandline_has_any |
dynamic | dynamic([]) |
commandline_has_all |
dynamic | dynamic([]) |
commandline_has_any_ip_prefix |
dynamic | dynamic([]) |
actingprocess_has_any |
dynamic | dynamic([]) |
targetprocess_has_any |
dynamic | dynamic([]) |
parentprocess_has_any |
dynamic | dynamic([]) |
targetusername_has |
string | * |
dvcipaddr_has_any_prefix |
dynamic | dynamic([]) |
dvchostname_has_any |
dynamic | dynamic([]) |
hashes_has_any |
dynamic | dynamic([]) |
eventtype |
string | * |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊