User Management ASIM filtering parser

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index

Parser Information

Property	Value
Parser Name	`imUserManagement`
Built-in Parser	`_Im_UserManagement`
Schema	UserManagement
Schema Version	0.1
Parser Type	📦 Union (schema-level)
Parser Version	0.1.3 (version history)
Last Updated	May 30, 2024
Source File	Parsers\ASimUserManagement\Parsers\imUserManagement.yaml

Description

This ASIM parser supports normalizing User Management logs from all supported sources to the ASIM User Management normalized schema.

Products

This union parser includes parsers for the following products:

Product	Source Parser	Solutions
AWS Cloud Trail	_Im_UserManagement_AWSCloudTrail	Amazon Web Services
Cisco ISE	_Im_UserManagement_CiscoISE	Syslog
Microsoft	_Im_UserManagement_LinuxAuthpriv	Syslog
Microsoft Security Event	_Im_UserManagement_MicrosoftSecurityEvent	Windows Security Events
Microsoft Windows Event	_Im_UserManagement_MicrosoftWindowsEvent	Windows Forwarded Events
Native	_Im_UserManagement_Native	SynqlyIntegrationConnector
SentinelOne	_Im_UserManagement_SentinelOne

Parameters

Name	Type	Default
`starttime`	datetime	datetime(null)
`endtime`	datetime	datetime(null)
`srcipaddr_has_any_prefix`	dynamic	dynamic([])
`targetusername_has_any`	dynamic	dynamic([])
`actorusername_has_any`	dynamic	dynamic([])
`eventtype_in`	dynamic	dynamic([])
`pack`	bool	False

References

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index