Audit Event ASIM parser for SentinelOne
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimAuditEventSentinelOne |
| Built-in Parser | _ASim_AuditEvent_SentinelOne |
| Schema | AuditEvent |
| Schema Version | 0.1 |
| Parser Type | 🔌 Source (product-specific) |
| Product | SentinelOne |
| Parser Version | 0.1.0 (version history) |
| Last Updated | Oct 05 2023 |
| Unifying Parser | ASimAuditEvent |
| Source File | Parsers\ASimAuditEvent\Parsers\ASimAuditEventSentinelOne.yaml |
Description
This ASIM parser supports normalizing SentinelOne logs to the ASIM Audit Event normalized schema. SentinelOne events are captured through SentinelOne data connector which ingests SentinelOne server objects such as Threats, Agents, Applications, Activities, Policies, Groups, and more events into Microsoft Sentinel through the REST API.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SentinelOne_CL 🔶 |
✓ | ✓ | ✓ |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| SentinelOne | SentinelOne (legacy connector) |
Solutions: SentinelOne (legacy connector)
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊