File event ASIM parser for Windows Sysmon
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimFileEventMicrosoftSysmon |
| Built-in Parser | _ASim_FileEvent_MicrosoftSysmon |
| Schema | FileEvent |
| Schema Version | 0.2.1 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Windows Sysmon |
| Parser Version | 0.5.1 (version history) |
| Last Updated | Jul 19, 2024 |
| Unifying Parser | ASimFileEvent |
| Source File | Parsers\ASimFileEvent\Parsers\ASimFileEventMicrosoftSysmon.yaml |
Description
This ASIM parser supports normalizing Sysmon logs ingested in 'Event' table to the ASIM file event schema.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
Event |
EventID in "11,23,26"Source == "Microsoft-Windows-Sysmon" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊