File create Activity ASIM parser for Sysmon for Linux
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimFileEventLinuxSysmonFileCreated |
| Built-in Parser | _ASim_FileEvent_LinuxSysmonFileCreated |
| Schema | FileEvent |
| Schema Version | 0.1.0 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Microsoft Sysmon for Linux |
| Parser Version | 0.2.1 (version history) |
| Last Updated | Nov 16, 2023 |
| Unifying Parser | ASimFileEvent |
| Source File | Parsers\ASimFileEvent\Parsers\ASimFileEventLinuxSysmonFileCreated.yaml |
Description
This ASIM parser supports normalizing Sysmon for Linux event 11, stored in the Syslog table, to the ASIM file activity schema file create event.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Syslog |
SyslogMessage has_all "<Provider Name=" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| SyslogAma | Syslog |
Solutions: Syslog
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊