Audit Event ASIM parser for SentinelOne
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimAuditEventSentinelOne |
| Built-in Parser | _ASim_AuditEvent_SentinelOne |
| Schema | AuditEvent |
| Schema Version | 0.1 |
| Parser Type | 🔌 Source (product-specific) |
| Product | SentinelOne |
| Parser Version | 0.1.0 (version history) |
| Last Updated | Oct 05 2023 |
| Unifying Parser | ASimAuditEvent |
| Source File | Parsers\ASimAuditEvent\Parsers\ASimAuditEventSentinelOne.yaml |
Description
This ASIM parser supports normalizing SentinelOne logs to the ASIM Audit Event normalized schema. SentinelOne events are captured through SentinelOne data connector which ingests SentinelOne server objects such as Threats, Agents, Applications, Activities, Policies, Groups, and more events into Microsoft Sentinel through the REST API.
Source Tables
This parser reads from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SentinelOne_CL 🔶 |
? | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊