ASIM Parsers by Product
This index organizes ASIM parsers by the product or data source they normalize. Use this view to find ASIM support for a specific product, including which schemas are supported and which tables contain the source data.
Browse: 馃彔 路 Solutions 路 Connectors 路 Methods 路 Tables 路 Content 路 Parsers 路 ASIM Parsers 路 ASIM Products 路 馃搳
91 products with 89 source parser pairs covering 11 schemas. See 馃搳 Statistics for detailed breakdowns.
Products Overview
Apache HTTP Server
Schemas: WebSession
Tables: ApacheHTTPServer_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimWebSessionApacheHTTPServer vim: vimWebSessionApacheHTTPServer |
WebSession | ApacheHTTPServer_CL | 0.1.0 |
AppGate SDP
Schemas: NetworkSession
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionAppGateSDP vim: vimNetworkSessionAppGateSDP |
NetworkSession | Syslog | 0.2.0 |
AWS
Schemas: Authentication
Tables: AWSCloudTrail
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationAWSCloudTrail vim: vimAuthenticationAWSCloudTrail |
Authentication | AWSCloudTrail | 0.2.2 |
AWS Cloud Trail
Schemas: FileEvent, UserManagement
Tables: AWSCloudTrail
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventAWSCloudTrail vim: vimFileEventAWSCloudTrail |
FileEvent | AWSCloudTrail | 0.1.0 |
| ASim: ASimUserManagementAWSCloudTrail vim: vimUserManagementAWSCloudTrail |
UserManagement | AWSCloudTrail | 0.1.0 |
AWS CloudTrail
Schemas: AuditEvent
Tables: AWSCloudTrail, Operation
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventAWSCloudTrail vim: vimAuditEventAWSCloudTrail |
AuditEvent | AWSCloudTrail, Operation | 0.1.0 |
AWS VPC
Schemas: NetworkSession
Tables: AWSVPCFlow
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionAWSVPC vim: vimNetworkSessionAWSVPC |
NetworkSession | AWSVPCFlow | 0.3 |
Azure Firewall
Schemas: Dns, NetworkSession, WebSession
Tables: AZFWApplicationRule, AZFWDnsQuery, AZFWIdpsSignature, AZFWNatRule, AZFWNetworkRule, AZFWThreatIntel, AzureDiagnostics
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsAzureFirewall vim: vimDnsAzureFirewall |
Dns | AZFWDnsQuery, AzureDiagnostics | 0.4.0 |
| ASim: ASimNetworkSessionAzureFirewall vim: vimNetworkSessionAzureFirewall |
NetworkSession | AZFWIdpsSignature, AZFWNatRule, AZFWNetworkRule, AZFWThreatIntel, AzureDiagnostics | 0.2.0 |
| ASim: ASimWebSessionAzureFirewall vim: vimWebSessionAzureFirewall |
WebSession | AZFWApplicationRule | 0.1.0 |
Azure Key Vault
Schemas: AuditEvent
Tables: AZKVAuditLogs, AzureDiagnostics
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventAzureKeyVault vim: vimAuditEventAzureKeyVault |
AuditEvent | AZKVAuditLogs, AzureDiagnostics | 0.1.0 |
Azure NSG flows
Schemas: NetworkSession
Tables: AzureNetworkAnalytics_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionAzureNSG vim: vimNetworkSessionAzureNSG |
NetworkSession | AzureNetworkAnalytics_CL | 0.1.1 |
Azure NTANetAnalytics
Schemas: NetworkSession
Tables: NTANetAnalytics
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionNTANetAnalytics vim: vimNetworkSessionNTANetAnalytics |
NetworkSession | NTANetAnalytics | 0.1.1 |
Barracuda WAF
Schemas: AuditEvent, Authentication, NetworkSession, WebSession
Tables: CommonSecurityLog, barracuda_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventBarracudaCEF vim: vimAuditEventBarracudaCEF |
AuditEvent | CommonSecurityLog | 0.2.1 |
| ASim: ASimAuditEventBarracudaWAF vim: vimAuditEventBarracudaWAF |
AuditEvent | barracuda_CL | 0.2.1 |
| ASim: ASimAuthenticationBarracudaWAF vim: vimAuthenticationBarracudaWAF |
Authentication | CommonSecurityLog, barracuda_CL | 0.1.0 |
| ASim: ASimNetworkSessionBarracudaCEF vim: vimNetworkSessionBarracudaCEF |
NetworkSession | CommonSecurityLog | 0.2.1 |
| ASim: ASimNetworkSessionBarracudaWAF vim: vimNetworkSessionBarracudaWAF |
NetworkSession | barracuda_CL | 0.2.1 |
| ASim: ASimWebSessionBarracudaCEF vim: vimWebSessionBarracudaCEF |
WebSession | CommonSecurityLog | 0.2.1 |
| ASim: ASimWebSessionBarracudaWAF vim: vimWebSessionBarracudaWAF |
WebSession | barracuda_CL | 0.2.2 |
CheckPointFirewall
Schemas: NetworkSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionCheckPointFirewall vim: vimNetworkSessionCheckPointFirewall |
NetworkSession | CommonSecurityLog | 1.2.0 |
CheckPointSmartDefense
Schemas: NetworkSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionCheckPointSmartDefense vim: vimNetworkSessionCheckPointSmartDefense |
NetworkSession | CommonSecurityLog | 0.1.0 |
Cisco Adaptive Security Appliance (ASA)
Schemas: Authentication
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationCiscoASA vim: vimAuthenticationCiscoASA |
Authentication | CommonSecurityLog | 0.1.1 |
Cisco Firepower
Schemas: NetworkSession, WebSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionCiscoFirepower vim: vimNetworkSessionCiscoFirepower |
NetworkSession | CommonSecurityLog | 0.1.0 |
| ASim: ASimWebSessionCiscoFirepower vim: vimWebSessionCiscoFirepower |
WebSession | CommonSecurityLog | 0.1.0 |
Cisco IOS
Schemas: Authentication
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationCiscoIOS vim: vimAuthenticationCiscoIOS |
Authentication | Syslog | 0.1.1 |
Cisco ISE
Schemas: AuditEvent, Authentication, NetworkSession, UserManagement
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventCiscoISE vim: vimAuditEventCiscoISE |
AuditEvent | Syslog | 0.1.0 |
| ASim: ASimAuthenticationCiscoISE vim: vimAuthenticationCiscoISE |
Authentication | Syslog | 0.1.0 |
| ASim: ASimNetworkSessionCiscoISE vim: vimNetworkSessionCiscoISE |
NetworkSession | Syslog | 1.1.0 |
| ASim: ASimUserManagementCiscoISE vim: vimUserManagementCiscoISE |
UserManagement | Syslog | 0.1.2 |
Cisco ISE Administrator
Schemas: Authentication
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationCiscoISEAdministrator vim: vimAuthenticationCiscoISEAdministrator |
Authentication | Syslog | 0.1.1 |
Cisco Meraki
Schemas: AuditEvent, Authentication, NetworkSession, WebSession
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventCiscoMeraki vim: vimAuditEventCiscoMeraki |
AuditEvent | meraki_CL | 0.2.1 |
| ASim: ASimAuditEventCiscoMerakiSyslog vim: vimAuditEventCiscoMerakiSyslog |
AuditEvent | Syslog | 0.2.1 |
| ASim: ASimAuthenticationCiscoMeraki vim: vimAuthenticationCiscoMeraki |
Authentication | meraki_CL | 0.2.1 |
| ASim: ASimAuthenticationCiscoMerakiSyslog vim: vimAuthenticationCiscoMerakiSyslog |
Authentication | Syslog | 0.2.1 |
| ASim: ASimNetworkSessionCiscoMeraki vim: vimNetworkSessionCiscoMeraki |
NetworkSession | meraki_CL | 1.2.2 |
| ASim: ASimNetworkSessionCiscoMerakiSyslog vim: vimNetworkSessionCiscoMerakiSyslog |
NetworkSession | Syslog | 1.2.2 |
| ASim: ASimWebSessionCiscoMeraki vim: vimWebSessionCiscoMeraki |
WebSession | Syslog, meraki_CL | 0.1.1 |
Cisco Umbrella
Schemas: Dns, WebSession
Tables: Cisco_Umbrella_dns_CL, Cisco_Umbrella_proxy_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsCiscoUmbrella vim: vimDnsCiscoUmbrella |
Dns | Cisco_Umbrella_dns_CL | 0.3 |
| ASim: ASimWebSessionCiscoUmbrella vim: vimWebSessionCiscoUmbrella |
WebSession | Cisco_Umbrella_proxy_CL | 0.1.0 |
CiscoASA
Schemas: NetworkSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionCiscoASA vim: vimNetworkSessionCiscoASA |
NetworkSession | CommonSecurityLog | 1.1.0 |
Citrix NetScaler
Schemas: WebSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimWebSessionCitrixNetScaler vim: vimWebSessionCitrixNetScaler |
WebSession | CommonSecurityLog | 0.1.1 |
Corelight Zeek
Schemas: Dns, NetworkSession
Tables: Corelight_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsCorelightZeek vim: vimDnsCorelightZeek |
Dns | Corelight_CL | 0.5.0 |
| ASim: ASimNetworkSessionCorelightZeek vim: vimNetworkSessionCorelightZeek |
NetworkSession | Corelight_CL | 0.2 |
CrowdStrike Falcon Endpoint Protection
Schemas: AuditEvent, Authentication, NetworkSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventCrowdStrikeFalconHost vim: vimAuditEventCrowdStrikeFalconHost |
AuditEvent | CommonSecurityLog | 0.1.0 |
| ASim: ASimAuthenticationCrowdStrikeFalconHost vim: vimAuthenticationCrowdStrikeFalconHost |
Authentication | CommonSecurityLog | 0.2.0 |
| ASim: ASimNetworkSessionCrowdStrikeFalconHost vim: vimNetworkSessionCrowdStrikeFalconHost |
NetworkSession | CommonSecurityLog | 0.1.0 |
F5 BIG-IP Application Security Manager (ASM)
Schemas: WebSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimWebSessionF5ASM vim: vimWebSessionF5ASM |
WebSession | CommonSecurityLog | 0.1.0 |
ForcePointFirewall
Schemas: NetworkSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionForcePointFirewall vim: vimNetworkSessionForcePointFirewall |
NetworkSession | CommonSecurityLog | 0.1 |
Fortigate
Schemas: Authentication
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationFortinetFortigate vim: vimAuthenticationFortinetFortigate |
Authentication | CommonSecurityLog | 0.1.0 |
Fortinet FortiGate
Schemas: Dns, NetworkSession, WebSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsFortinetFortiGate vim: vimDnsFortinetFortiGate |
Dns | CommonSecurityLog | 0.1.2 |
| ASim: ASimNetworkSessionFortinetFortiGate vim: vimNetworkSessionFortinetFortiGate |
NetworkSession | CommonSecurityLog | 0.6.0 |
| ASim: ASimWebSessionFortinetFortiGate vim: vimWebSessionFortinetFortiGate |
WebSession | CommonSecurityLog | 0.3.0 |
GCP Cloud DNS
Schemas: Dns
Tables: GCP_DNS_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsGcp vim: vimDnsGcp |
Dns | GCP_DNS_CL | 0.4 |
Google Workspace
Schemas: Authentication, FileEvent
Tables: GWorkspace_ReportsAPI_drive_CL, GWorkspace_ReportsAPI_login_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationGoogleWorkspace vim: vimAuthenticationGoogleWorkspace |
Authentication | GWorkspace_ReportsAPI_login_CL | 0.1.0 |
| ASim: ASimFileEventGoogleWorkspace vim: vimFileEventGoogleWorkspace |
FileEvent | GWorkspace_ReportsAPI_drive_CL | 0.1.0 |
Illumio
Schemas: Authentication
Tables: Illumio_Auditable_Events_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationIllumioSaaSCore vim: vimAuthenticationIllumioSaaSCore |
Authentication | Illumio_Auditable_Events_CL | 0.3.0 |
Illumio Core
Schemas: AuditEvent
Tables: Illumio_Auditable_Events_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventIllumioSaaSCore vim: vimAuditEventIllumioSaaSCore |
AuditEvent | Illumio_Auditable_Events_CL | 0.2.1 |
Illumio SaaS Core
Schemas: NetworkSession
Tables: Illumio_Flow_Events_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionIllumioSaaSCore vim: vimNetworkSessionIllumioSaaSCore |
NetworkSession | Illumio_Flow_Events_CL | 0.1.0 |
Infoblox BloxOne
Schemas: AuditEvent, DhcpEvent, Dns
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventInfobloxBloxOne vim: vimAuditEventInfobloxBloxOne |
AuditEvent | CommonSecurityLog | 0.1.0 |
| ASim: ASimDhcpEventInfobloxBloxOne vim: vimDhcpEventInfobloxBloxOne |
DhcpEvent | CommonSecurityLog | 0.1.0 |
| ASim: ASimDnsInfobloxBloxOne vim: vimDnsInfobloxBloxOne |
Dns | CommonSecurityLog | 0.1.0 |
Infoblox NIOS
Schemas: Dns
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsInfobloxNIOS vim: vimDnsInfobloxNIOS |
Dns | Syslog | 0.6.1 |
Internet Information Services (IIS)
Schemas: WebSession
Tables: W3CIISLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimWebSessionIIS vim: vimWebSessionIIS |
WebSession | W3CIISLog | 0.2 |
M365 Defender for EndPoint
Schemas: Authentication
Tables: DeviceLogonEvents
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationM365Defender vim: vimAuthenticationM365Defender |
Authentication | DeviceLogonEvents | 0.2.0 |
M365 Defender for Endpoint
Schemas: NetworkSession
Tables: DeviceNetworkEvents
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionMicrosoft365Defender vim: vimNetworkSessionMicrosoft365Defender |
NetworkSession | DeviceNetworkEvents | 0.4 |
Microsoft
Schemas: UserManagement
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimUserManagementLinuxAuthpriv vim: vimUserManagementLinuxAuthpriv |
UserManagement | Syslog | 0.1.1 |
Microsoft 365 Defender for EndPoint
Schemas: FileEvent
Tables: DeviceFileEvents
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventMicrosoft365D vim: vimFileEventMicrosoft365D |
FileEvent | DeviceFileEvents | 0.2.1 |
Microsoft 365 Defender for endpoint
Schemas: ProcessEvent
Tables: DeviceProcessEvents
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimProcessEventMicrosoft365D vim: vimProcessEventMicrosoft365D |
ProcessEvent | DeviceProcessEvents | 0.3.0 |
Microsoft 365 Defender for Endpoint
Schemas: RegistryEvent
Tables: DeviceRegistryEvents
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimRegistryEventMicrosoft365D vim: vimRegistryEventMicrosoft365D |
RegistryEvent | DeviceRegistryEvents | 0.1.3 |
Microsoft Azure
Schemas: AuditEvent
Tables: AzureActivity
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventAzureActivity vim: vimAuditEventAzureActivity |
AuditEvent | AzureActivity | 0.3.0 |
Microsoft Azure Blob Storage
Schemas: FileEvent
Tables: StorageBlobLogs
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventAzureBlobStorage vim: vimFileEventAzureBlobStorage |
FileEvent | StorageBlobLogs | 0.1.1 |
Microsoft Azure File Storage
Schemas: FileEvent
Tables: StorageFileLogs
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventAzureFileStorage vim: vimFileEventAzureFileStorage |
FileEvent | StorageFileLogs | 0.1.1 |
Microsoft Azure Queue Storage
Schemas: FileEvent
Tables: StorageQueueLogs
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventAzureQueueStorage vim: vimFileEventAzureQueueStorage |
FileEvent | StorageQueueLogs | 0.1.1 |
Microsoft Azure Table Storage
Schemas: FileEvent
Tables: StorageTableLogs
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventAzureTableStorage vim: vimFileEventAzureTableStorage |
FileEvent | StorageTableLogs | 0.1.1 |
Microsoft Defender for IoT
Schemas: Authentication, NetworkSession, ProcessEvent
Tables: SecurityIoTRawEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationMD4IoT vim: vimAuthenticationMD4IoT |
Authentication | SecurityIoTRawEvent | 0.1.2 |
| ASim: ASimNetworkSessionMD4IoTAgent vim: vimNetworkSessionMD4IoTAgent |
NetworkSession | SecurityIoTRawEvent | 0.2.1 |
| ASim: ASimNetworkSessionMD4IoTSensor vim: vimNetworkSessionMD4IoTSensor |
NetworkSession | 0.1 | |
| ASim: ASimProcessEventMD4IoT vim: vimProcessEventMD4IoT |
ProcessEvent | SecurityIoTRawEvent | 0.1.1 |
Microsoft Defender XDR
Schemas: AlertEvent
Tables: AlertEvidence
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAlertEventMicrosoftDefenderXDR vim: vimAlertEventMicrosoftDefenderXDR |
AlertEvent | AlertEvidence | 0.2.0 |
Microsoft Entra ID
Schemas: Authentication
Tables: AADManagedIdentitySignInLogs, AADNonInteractiveUserSignInLogs, AADServicePrincipalSignInLogs, SigninLogs
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationAADManagedIdentitySignInLogs vim: vimAuthenticationAADManagedIdentitySignInLogs |
Authentication | AADManagedIdentitySignInLogs | 0.2.3 |
| ASim: ASimAuthenticationAADNonInteractiveUserSignInLogs vim: vimAuthenticationAADNonInteractiveUserSignInLogs |
Authentication | AADNonInteractiveUserSignInLogs | 0.2.3 |
| ASim: ASimAuthenticationAADServicePrincipalSignInLogs vim: vimAuthenticationAADServicePrincipalSignInLogs |
Authentication | AADServicePrincipalSignInLogs | 0.2.3 |
| ASim: ASimAuthenticationSigninLogs vim: vimAuthenticationSigninLogs |
Authentication | SigninLogs | 0.4.1 |
Microsoft Security Event
Schemas: UserManagement
Tables: SecurityEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimUserManagementMicrosoftSecurityEvent vim: vimUserManagementMicrosoftSecurityEvent |
UserManagement | SecurityEvent | 0.2.0 |
Microsoft SharePoint
Schemas: AuditEvent, FileEvent
Tables: OfficeActivity, Operation
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventMicrosoftExchangeAdmin365 vim: vimAuditEventMicrosoftExchangeAdmin365 |
AuditEvent | OfficeActivity | 0.2 |
| ASim: ASimFileEventMicrosoftSharePoint vim: vimFileEventMicrosoftSharePoint |
FileEvent | OfficeActivity, Operation | 0.3.1 |
Microsoft Sysmon
Schemas: RegistryEvent
Tables: Event, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimRegistryEventMicrosoftSysmon vim: vimRegistryEventMicrosoftSysmon |
RegistryEvent | Event | 0.3.1 |
| ASim: ASimRegistryEventMicrosoftSysmonWindowsEvent vim: vimRegistryEventMicrosoftSysmonWindowsEvent |
RegistryEvent | WindowsEvent | 0.3.1 |
Microsoft Sysmon for Linux
Schemas: FileEvent
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventLinuxSysmonFileCreated vim: vimFileEventLinuxSysmonFileCreated |
FileEvent | Syslog | 0.2.1 |
| ASim: ASimFileEventLinuxSysmonFileDeleted vim: vimFileEventLinuxSysmonFileDeleted |
FileEvent | Syslog | 0.2.1 |
Microsoft Windows
Schemas: AuditEvent
Tables: Event, SecurityEvent, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventMicrosoftEvent vim: vimAuditEventMicrosoftEvent |
AuditEvent | Event | 0.2.1 |
| ASim: ASimAuditEventMicrosoftSecurityEvents vim: vimAuditEventMicrosoftSecurityEvents |
AuditEvent | SecurityEvent | 0.2.1 |
| ASim: ASimAuditEventMicrosoftWindowsEvents vim: vimAuditEventMicrosoftWindowsEvents |
AuditEvent | WindowsEvent | 0.2.1 |
Microsoft Windows Event
Schemas: UserManagement
Tables: WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimUserManagementMicrosoftWindowsEvent vim: vimUserManagementMicrosoftWindowsEvent |
UserManagement | WindowsEvent | 0.2.1 |
Microsoft Windows Events
Schemas: FileEvent
Tables: SecurityEvent, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventMicrosoftSecurityEvents vim: vimFileEventMicrosoftSecurityEvents |
FileEvent | SecurityEvent | 0.2.0 |
| ASim: ASimFileEventMicrosoftWindowsEvents vim: vimFileEventMicrosoftWindowsEvents |
FileEvent | WindowsEvent | 0.2.0 |
Microsoft Windows Events Sysmon
Schemas: Dns, ProcessEvent
Tables: Event, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsMicrosoftSysmon vim: vimDnsMicrosoftSysmon |
Dns | Event | 0.5.1 |
| ASim: ASimDnsMicrosoftSysmonWindowsEvent vim: vimDnsMicrosoftSysmonWindowsEvent |
Dns | WindowsEvent | 0.5.1 |
| ASim: ASimProcessEventTerminateMicrosoftSysmon vim: vimProcessEventTerminateMicrosoftSysmon |
ProcessEvent | Event | 0.3.1 |
| ASim: ASimProcessEventTerminateMicrosoftSysmonWindowsEvent vim: vimProcessEventTerminateMicrosoftSysmonWindowsEvent |
ProcessEvent | WindowsEvent | 0.4.1 |
MS DNS Events
Schemas: Dns
Tables: DnsEvents, NXLog_DNS_Server_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsMicrosoftNXlog vim: vimDnsMicrosoftNXlog |
Dns | NXLog_DNS_Server_CL | 0.5.0 |
| ASim: ASimDnsMicrosoftOMS vim: vimDnsMicrosoftOMS |
Dns | DnsEvents | 0.4 |
Native
Schemas: AuditEvent, Authentication, DhcpEvent, Dns, FileEvent, NetworkSession, ProcessEvent, RegistryEvent, UserManagement, WebSession
Tables: ASimAuditEventLogs, ASimAuthenticationEventLogs, ASimDhcpEventLogs, ASimDnsActivityLogs, ASimFileEventLogs, ASimNetworkSessionLogs, ASimProcessEventLogs, ASimRegistryEventLogs, ASimUserManagementActivityLogs, ASimWebSessionLogs
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventNative vim: vimAuditEventNative |
AuditEvent | ASimAuditEventLogs | 0.1.0 |
| ASim: ASimAuthenticationNative vim: vimAuthenticationNative |
Authentication | ASimAuthenticationEventLogs | 0.1.0 |
| ASim: ASimDhcpEventNative vim: vimDhcpEventNative |
DhcpEvent | ASimDhcpEventLogs | 0.1.0 |
| ASim: ASimDnsNative vim: vimDnsNative |
Dns | ASimDnsActivityLogs | 0.8.0 |
| ASim: ASimFileEventNative vim: vimFileEventNative |
FileEvent | ASimFileEventLogs | 0.1.1 |
| ASim: ASimNetworkSessionNative vim: vimNetworkSessionNative |
NetworkSession | ASimNetworkSessionLogs | 0.3 |
| ASim: ASimProcessEventNative vim: vimProcessEventNative |
ProcessEvent | ASimProcessEventLogs | 0.1.0 |
| ASim: ASimRegistryEventNative vim: vimRegistryEventNative |
RegistryEvent | ASimRegistryEventLogs | 0.1.0 |
| ASim: ASimUserManagementNative vim: vimUserManagementNative |
UserManagement | ASimUserManagementActivityLogs | 0.1.0 |
| ASim: ASimWebSessionNative vim: vimWebSessionNative |
WebSession | ASimWebSessionLogs | 0.1 |
Okta
Schemas: Authentication
Tables: OktaSystemLogs, OktaV2_CL, Okta_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationOktaSSO vim: vimAuthenticationOktaSSO |
Authentication | Okta_CL | 0.4.0 |
| ASim: ASimAuthenticationOktaSystemLogs vim: vimAuthenticationOktaSystemLogs |
Authentication | OktaSystemLogs | 0.1.0 |
| ASim: ASimAuthenticationOktaV2 vim: vimAuthenticationOktaV2 |
Authentication | OktaV2_CL | 0.4.0 |
OpenSSH
Schemas: Authentication
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationSshd vim: vimAuthenticationSshd |
Authentication | Syslog | 0.3.1 |
Palo Alto Cortex Data Lake
Schemas: Authentication, NetworkSession, WebSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationPaloAltoCortexDataLake vim: vimAuthenticationPaloAltoCortexDataLake |
Authentication | CommonSecurityLog | 0.2.0 |
| ASim: ASimNetworkSessionPaloAltoCortexDataLake vim: vimNetworkSessionPaloAltoCortexDataLake |
NetworkSession | CommonSecurityLog | 0.1.1 |
| ASim: ASimWebSessionPaloAltoCortexDataLake vim: vimWebSessionPaloAltoCortexDataLake |
WebSession | CommonSecurityLog | 0.1.1 |
Palo Alto Networks
Schemas: WebSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimWebSessionPaloAltoCEF vim: vimWebSessionPaloAltoCEF |
WebSession | CommonSecurityLog | 0.2 |
Palo Alto PAN-OS
Schemas: Authentication
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationPaloAltoPanOS vim: vimAuthenticationPaloAltoPanOS |
Authentication | CommonSecurityLog | 0.1.0 |
Palo Alto PAN-OS GlobalProtect
Schemas: Authentication
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationPaloAltoGlobalProtect vim: vimAuthenticationPaloAltoGlobalProtect |
Authentication | CommonSecurityLog | 0.1.0 |
Palo Alto PanOS
Schemas: NetworkSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionPaloAltoCEF vim: vimNetworkSessionPaloAltoCEF |
NetworkSession | CommonSecurityLog | 0.7.1 |
PostgreSQL
Schemas: Authentication
Tables: PostgreSQL_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationPostgreSQL vim: vimAuthenticationPostgreSQL |
Authentication | PostgreSQL_CL | 0.1.4 |
Salesforce Service Cloud
Schemas: Authentication
Tables: SalesforceServiceCloud_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationSalesforceSC vim: vimAuthenticationSalesforceSC |
Authentication | SalesforceServiceCloud_CL | 0.1.0 |
Security Events
Schemas: ProcessEvent, RegistryEvent
Tables: SecurityEvent, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimProcessCreateMicrosoftSecurityEvents vim: vimProcessCreateMicrosoftSecurityEvents |
ProcessEvent | SecurityEvent | 0.1.1 |
| ASim: ASimProcessCreateMicrosoftWindowsEvents vim: vimProcessCreateMicrosoftWindowsEvents |
ProcessEvent | WindowsEvent | 0.3.0 |
| ASim: ASimProcessTerminateMicrosoftSecurityEvents vim: vimProcessTerminateMicrosoftSecurityEvents |
ProcessEvent | SecurityEvent | 0.2 |
| ASim: ASimProcessTerminateMicrosoftWindowsEvents vim: vimProcessTerminateMicrosoftWindowsEvents |
ProcessEvent | WindowsEvent | 0.2 |
| ASim: ASimRegistryEventMicrosoftSecurityEvent vim: vimRegistryEventMicrosoftSecurityEvent |
RegistryEvent | SecurityEvent | 0.3.1 |
| ASim: ASimRegistryEventMicrosoftWindowsEvent vim: vimRegistryEventMicrosoftWindowsEvent |
RegistryEvent | WindowsEvent | 0.2.1 |
SentinelOne
Schemas: AlertEvent, AuditEvent, Authentication, Dns, FileEvent, NetworkSession, ProcessEvent, RegistryEvent, UserManagement
Tables: SentinelOne_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAlertEventSentinelOneSingularity vim: vimAlertEventSentinelOneSingularity |
AlertEvent | SentinelOne_CL | 0.1.0 |
| ASim: ASimAuditEventSentinelOne vim: vimAuditEventSentinelOne |
AuditEvent | SentinelOne_CL | 0.1.0 |
| ASim: ASimAuthenticationSentinelOne vim: vimAuthenticationSentinelOne |
Authentication | SentinelOne_CL | 0.1.1 |
| ASim: ASimDnsSentinelOne vim: vimDnsSentinelOne |
Dns | SentinelOne_CL | 0.1.0 |
| ASim: ASimFileEventSentinelOne vim: vimFileEventSentinelOne |
FileEvent | SentinelOne_CL | 0.1.0 |
| ASim: ASimNetworkSessionSentinelOne vim: vimNetworkSessionSentinelOne |
NetworkSession | SentinelOne_CL | 0.1.0 |
| ASim: ASimProcessCreateSentinelOne vim: vimProcessCreateSentinelOne |
ProcessEvent | SentinelOne_CL | 0.1.0 |
| ASim: ASimRegistryEventSentinelOne vim: vimRegistryEventSentinelOne |
RegistryEvent | SentinelOne_CL | 0.1.0 |
| ASim: ASimUserManagementSentinelOne vim: vimUserManagementSentinelOne |
UserManagement | SentinelOne_CL | 0.1.1 |
SonicWall
Schemas: NetworkSession, WebSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionSonicWallFirewall vim: vimNetworkSessionSonicWallFirewall |
NetworkSession | CommonSecurityLog | 0.1.0 |
| ASim: ASimWebSessionSonicWallFirewall vim: vimWebSessionSonicWallFirewall |
WebSession | CommonSecurityLog | 0.1.1 |
SQLSecurityAudit Logs
Schemas: AuditEvent
Tables: AzureDiagnostics, SQLSecurityAuditEvents
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventSQLSecurityAudit vim: vimAuditEventSQLSecurityAudit |
AuditEvent | AzureDiagnostics, SQLSecurityAuditEvents | 0.1.0 |
Squid Proxy
Schemas: WebSession
Tables: SquidProxy_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimWebSessionSquidProxy vim: vimWebSessionSquidProxy |
WebSession | SquidProxy_CL | 0.4.0 |
su
Schemas: Authentication
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationSu vim: vimAuthenticationSu |
Authentication | Syslog | 0.3.0 |
sudo
Schemas: Authentication
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationSudo vim: vimAuthenticationSudo |
Authentication | Syslog | 0.2.0 |
Sysmon
Schemas: ProcessEvent
Tables: Event, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimProcessEventCreateMicrosoftSysmon vim: vimProcessEventCreateMicrosoftSysmon |
ProcessEvent | Event | 0.4.1 |
| ASim: ASimProcessEventCreateMicrosoftSysmonWindowsEvent vim: vimProcessEventCreateMicrosoftSysmonWindowsEvent |
ProcessEvent | WindowsEvent | 0.4.1 |
Sysmon for Linux
Schemas: NetworkSession, ProcessEvent
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionLinuxSysmon vim: vimNetworkSessionLinuxSysmon |
NetworkSession | Syslog | 0.3.1 |
| ASim: ASimProcessCreateLinuxSysmon vim: vimProcessCreateLinuxSysmon |
ProcessEvent | Syslog | 0.2.1 |
| ASim: ASimProcessTerminateLinuxSysmon vim: vimProcessTerminateLinuxSysmon |
ProcessEvent | Syslog | 0.1.1 |
Trend Micro Vision One
Schemas: ProcessEvent, RegistryEvent
Tables: TrendMicro_XDR_OAT_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimProcessCreateTrendMicroVisionOne vim: vimProcessCreateTrendMicroVisionOne |
ProcessEvent | TrendMicro_XDR_OAT_CL | 0.1.0 |
| ASim: ASimRegistryEventTrendMicroVisionOne vim: vimRegistryEventTrendMicroVisionOne |
RegistryEvent | TrendMicro_XDR_OAT_CL | 0.1.0 |
Vectra
Schemas: AuditEvent, Authentication
Tables: Audits_Data_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventVectraXDRAudit vim: vimAuditEventVectraXDRAudit |
AuditEvent | Audits_Data_CL | 0.1.1 |
| ASim: ASimAuthenticationVectraXDRAudit vim: vimAuthenticationVectraXDRAudit |
Authentication | Audits_Data_CL | 0.1 |
Vectra AI Streams
Schemas: Dns, NetworkSession, WebSession
Tables: VectraStream_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsVectraAI vim: vimDnsVectraAI |
Dns | VectraStream_CL | 0.1.1 |
| ASim: ASimNetworkSessionVectraAI vim: vimNetworkSessionVectraAI |
NetworkSession | VectraStream_CL | 0.2 |
| ASim: ASimWebSessionVectraAI vim: vimWebSessionVectraAI |
WebSession | VectraStream_CL | 0.2 |
VMConnection
Schemas: NetworkSession
Tables: VMConnection
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionVMConnection vim: vimNetworkSessionVMConnection |
NetworkSession | VMConnection | 0.2.1 |
VMware Carbon Black Cloud
Schemas: AuditEvent, Authentication, FileEvent, NetworkSession, ProcessEvent, RegistryEvent
Tables: CarbonBlackAuditLogs_CL, CarbonBlackEvents_CL, CarbonBlackNotifications_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuditEventVMwareCarbonBlackCloud vim: vimAuditEventVMwareCarbonBlackCloud |
AuditEvent | CarbonBlackAuditLogs_CL | 0.2.0 |
| ASim: ASimAuthenticationVMwareCarbonBlackCloud vim: vimAuthenticationVMwareCarbonBlackCloud |
Authentication | CarbonBlackAuditLogs_CL | 0.1.0 |
| ASim: ASimFileEventVMwareCarbonBlackCloud vim: vimFileEventVMwareCarbonBlackCloud |
FileEvent | CarbonBlackEvents_CL | 0.1.1 |
| ASim: ASimNetworkSessionVMwareCarbonBlackCloud vim: vimNetworkSessionVMwareCarbonBlackCloud |
NetworkSession | CarbonBlackEvents_CL, CarbonBlackNotifications_CL | 0.1.1 |
| ASim: ASimProcessCreateVMwareCarbonBlackCloud vim: vimProcessCreateVMwareCarbonBlackCloud |
ProcessEvent | CarbonBlackEvents_CL, CarbonBlackNotifications_CL | 0.1.1 |
| ASim: ASimProcessTerminateVMwareCarbonBlackCloud vim: vimProcessTerminateVMwareCarbonBlackCloud |
ProcessEvent | CarbonBlackEvents_CL | 0.1.0 |
| ASim: ASimRegistryEventVMwareCarbonBlackCloud vim: vimRegistryEventVMwareCarbonBlackCloud |
RegistryEvent | CarbonBlackEvents_CL | 0.1.1 |
VMware vCenter
Schemas: Authentication
Tables: AVSVcSyslog, vcenter_CL
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationVMwareVCenter vim: vimAuthenticationVMwareVCenter |
Authentication | AVSVcSyslog, vcenter_CL | 0.1.1 |
WatchGuard Fireware OS
Schemas: NetworkSession
Tables: Syslog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionWatchGuardFirewareOS vim: vimNetworkSessionWatchGuardFirewareOS |
NetworkSession | Syslog | 0.1.4 |
Windows Firewall
Schemas: NetworkSession
Tables: Event, SecurityEvent, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionMicrosoftSecurityEventFirewall vim: vimNetworkSessionMicrosoftSecurityEventFirewall |
NetworkSession | Event, SecurityEvent | 0.5.0 |
| ASim: ASimNetworkSessionMicrosoftWindowsEventFirewall vim: vimNetworkSessionMicrosoftWindowsEventFirewall |
NetworkSession | WindowsEvent | 0.5.0 |
Windows Security Events
Schemas: Authentication
Tables: SecurityEvent, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimAuthenticationMicrosoftWindowsEvent vim: vimAuthenticationMicrosoftWindowsEvent |
Authentication | SecurityEvent, WindowsEvent | 0.2.1 |
Windows Sysmon
Schemas: FileEvent, NetworkSession
Tables: Event, WindowsEvent
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimFileEventMicrosoftSysmon vim: vimFileEventMicrosoftSysmon |
FileEvent | Event | 0.5.1 |
| ASim: ASimFileEventMicrosoftSysmonWindowsEvent vim: vimFileEventMicrosoftSysmonWindowsEvent |
FileEvent | WindowsEvent | 0.4.1 |
| ASim: ASimNetworkSessionMicrosoftSysmon vim: vimNetworkSessionMicrosoftSysmon |
NetworkSession | Event | 0.2.0 |
| ASim: ASimNetworkSessionMicrosoftSysmonWindowsEvent vim: vimNetworkSessionMicrosoftSysmonWindowsEvent |
NetworkSession | WindowsEvent | 0.2.1 |
Zscaler ZIA
Schemas: WebSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimWebSessionZscalerZIA vim: vimWebSessionZscalerZIA |
WebSession | CommonSecurityLog | 0.4.1 |
Zscaler ZIA DNS
Schemas: Dns
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimDnsZscalerZIA vim: vimDnsZscalerZIA |
Dns | CommonSecurityLog | 0.6 |
Zscaler ZIA Firewall
Schemas: NetworkSession
Tables: CommonSecurityLog
Parsers
| Parser | Schema | Tables | Version |
|---|---|---|---|
| ASim: ASimNetworkSessionZscalerZIA vim: vimNetworkSessionZscalerZIA |
NetworkSession | CommonSecurityLog | 0.4 |
Browse: 馃彔 路 Solutions 路 Connectors 路 Methods 路 Tables 路 Content 路 Parsers 路 ASIM Parsers 路 ASIM Products 路 馃搳