Network Session ASIM parser for Microsoft Sentinel native Network Session table
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimNetworkSessionNative |
| Built-in Parser | _ASim_NetworkSession_Native |
| Schema | NetworkSession |
| Schema Version | 0.2.4 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Native |
| Parser Version | 0.3 (version history) |
| Last Updated | Jan 25 2023 |
| Unifying Parser | ASimNetworkSession |
| Source File | Parsers\ASimNetworkSession\Parsers\ASimNetworkSessionNative.yaml |
Description
This ASIM parser supports normalizing the native Microsoft Sentinel Network Session table (ASimNetworkSessionLogs) to the ASIM NetworkSession normalized schema. While the native table is ASIM compliant, the parser is needed to add capabilities, such as aliases, available only at query time.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
ASimNetworkSessionLogs |
EventType in "EndpointNetworkSession,L2NetworkSession" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| CiscoMerakiMultiRule | Cisco Meraki Events via REST API |
| SynqlyIntegrationConnector | SynqlyIntegrationConnector |
| carbonBlackAWSS3 | VMware Carbon Black Cloud |
Solutions: Cisco Meraki Events via REST API, SynqlyIntegrationConnector, VMware Carbon Black Cloud
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊