Network Session ASIM filtering parser for SentinelOne
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimNetworkSessionSentinelOne |
| Built-in Parser | _ASim_NetworkSession_SentinelOne |
| Schema | NetworkSession |
| Schema Version | 0.2.6 |
| Parser Type | 🔌 Source (product-specific) |
| Product | SentinelOne |
| Parser Version | 0.1.0 (version history) |
| Last Updated | Sep 18 2023 |
| Unifying Parser | ASimNetworkSession |
| Source File | Parsers\ASimNetworkSession\Parsers\ASimNetworkSessionSentinelOne.yaml |
Description
This ASIM parser supports normalizing SentinelOne logs to the ASIM Network Session normalized schema. SentinelOne events are captured through SentinelOne data connector which ingests SentinelOne server objects such as Threats, Agents, Applications, Activities, Policies, Groups, and more events into Microsoft Sentinel through the REST API.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SentinelOne_CL 🔶 |
✓ | ✓ | ✓ |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| SentinelOne | SentinelOne (legacy connector) |
Solutions: SentinelOne (legacy connector)
References
- ASIM Network Session Schema
- ASIM
- https://
.sentinelone.net/api-doc/overview
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊