Registry Event ASIM Parser

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index

---

Parser Information

Property	Value
Parser Name	imRegistry
Built-in Parser	_Im_RegistryEvent
Schema	RegistryEvent
Schema Version	0.1.2
Parser Type	📦 Union (schema-level)
Parser Version	0.1.4 (version history)
Last Updated	Jun 3, 2024
Source File	Parsers\ASimRegistryEvent\Parsers\imRegistryEvent.yaml

Description

This ASIM parser supports normalizing Registry Event logs from all supported sources to the ASIM Registry Event normalized schema.

Products

This union parser includes parsers for the following products:

Product	Source Parser	Solutions
Microsoft 365 Defender for Endpoint	_Im_RegistryEvent_Microsoft365D	Microsoft Defender XDR
Security Events	_Im_RegistryEvent_MicrosoftSecurityEvent	Windows Security Events
Microsoft Sysmon	_Im_RegistryEvent_MicrosoftSysmon
Microsoft Sysmon	_Im_RegistryEvent_MicrosoftSysmonWindowsEvent	Windows Forwarded Events
Security Events	_Im_RegistryEvent_MicrosoftWindowsEvent	Windows Forwarded Events
Native	_Im_RegistryEvent_Native	SynqlyIntegrationConnector VMware Carbon Black Cloud
SentinelOne	_Im_RegistryEvent_SentinelOne
Trend Micro Vision One	_Im_RegistryEvent_TrendMicroVisionOne	Trend Micro Vision One
VMware Carbon Black Cloud	_Im_RegistryEvent_VMwareCarbonBlackCloud

Parameters

Name	Type	Default
starttime	datetime	datetime(null)
endtime	datetime	datetime(null)
eventtype_in	dynamic	dynamic([])
actorusername_has_any	dynamic	dynamic([])
registrykey_has_any	dynamic	dynamic([])
registryvalue_has_any	dynamic	dynamic([])
registrydata_has_any	dynamic	dynamic([])
dvchostname_has_any	dynamic	dynamic([])
disabled	bool	False
pack	bool	False

References

• ASIM Registry Schema
• ASIM

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index