Authentication ASIM parser for Syslog sudo
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimAuthenticationSudo |
| Built-in Parser | _ASim_Authentication_Sudo |
| Schema | Authentication |
| Schema Version | 0.1.4 |
| Parser Type | 🔌 Source (product-specific) |
| Product | sudo |
| Parser Version | 0.2.0 (version history) |
| Last Updated | Jan 29, 2026 |
| Unifying Parser | ASimAuthentication |
| Source File | Parsers\ASimAuthentication\Parsers\ASimAuthenticationSudo.yaml |
Description
This ASIM parser supports normalizing Syslog sudo sign in logs to the ASIM Authentication schema.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Syslog |
ProcessName == "sudo"SyslogMessage has "COMMAND="SyslogMessage has "TTY="SyslogMessage has "USER="SyslogMessage has "incorrect password attempts"SyslogMessage has "session closed for user"SyslogMessage has "user NOT in sudoers" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| SyslogAma | Syslog |
Solutions: Syslog
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊