File Event ASIM parser for Microsoft 365 Defender for Endpoint
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimFileEventMicrosoft365D |
| Built-in Parser | _ASim_FileEvent_Microsoft365D |
| Schema | FileEvent |
| Schema Version | 0.2.1 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Microsoft 365 Defender for EndPoint |
| Parser Version | 0.2.1 (version history) |
| Last Updated | Oct 26 2023 |
| Unifying Parser | ASimFileEvent |
| Source File | Parsers\ASimFileEvent\Parsers\ASimFileEventMicrosoft365D.yaml |
Description
This ASIM parser supports normalizing M365 Defender, stored in the DeviceFileEvents table, for Endpoint events to the ASIM file activity schema.
Source Tables
This parser reads from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceFileEvents |
✓ | ✗ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊