Authentication ASIM parser for Windows Security Events
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimAuthenticationMicrosoftWindowsEvent |
| Built-in Parser | _ASim_Authentication_MicrosoftWindowsEvent |
| Schema | Authentication |
| Schema Version | 0.1.3 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Windows Security Events |
| Parser Version | 0.2.1 (version history) |
| Last Updated | Oct 15, 2024 |
| Unifying Parser | ASimAuthentication |
| Source File | Parsers\ASimAuthentication\Parsers\ASimAuthenticationMicrosoftWindowsEvent.yaml |
Description
This ASIM parser supports normalizing Windows Authentication events (4624, 4625, 4634, and 4647), collected either by the Log Analytics Agent or the Azure Monitor Agent, into either the WindowsEvent (WEF) or SecurityEvent tables, to the ASIM Authentication schema.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityEvent |
✓ | ✓ | ? | |
WindowsEvent |
EventID in "4624,4625,4634"Provider == "Microsoft-Windows-Security-Auditing" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
Solutions: Microsoft Exchange Security - Exchange On-Premises, Windows Forwarded Events, Windows Security Events
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊