Audit Event ASIM parser for Microsoft Sentinel native Audit Event table
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimAuditEventNative |
| Built-in Parser | _ASim_AuditEvent_Native |
| Schema | AuditEvent |
| Schema Version | 0.1 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Native |
| Parser Version | 0.1.0 (version history) |
| Last Updated | Dec 13, 2024 |
| Unifying Parser | ASimAuditEvent |
| Source File | Parsers\ASimAuditEvent\Parsers\ASimAuditEventNative.yaml |
Description
This ASIM parser supports normalizing the native Microsoft Sentinel Audit Event table (ASimAuditEventLogs) to the ASIM Audit Event normalized schema. While the native table is ASIM compliant, the parser is needed to add capabilities, such as aliases, available only at query time.
Source Tables
This parser reads from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
ASimAuditEventLogs |
✓ | ✓ | ✓ |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| SynqlyIntegrationConnector | SynqlyIntegrationConnector |
Solutions: SynqlyIntegrationConnector
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊