ASIM Authentication parser for SentinelOne
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimAuthenticationSentinelOne |
| Built-in Parser | _ASim_Authentication_SentinelOne |
| Schema | Authentication |
| Schema Version | 0.1.3 |
| Parser Type | 🔌 Source (product-specific) |
| Product | SentinelOne |
| Parser Version | 0.1.1 (version history) |
| Last Updated | Apr 09 2024 |
| Unifying Parser | ASimAuthentication |
| Source File | Parsers\ASimAuthentication\Parsers\ASimAuthenticationSentinelOne.yaml |
Description
This ASIM parser supports normalizing SentinelOne logs to the ASIM Authentication normalized schema. SentinelOne events are captured through SentinelOne data connector which ingests SentinelOne server objects such as Threats, Agents, Applications, Activities, Policies, Groups, and more events into Microsoft Sentinel through the REST API.
Source Tables
This parser reads from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SentinelOne_CL 🔶 |
? | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊