Process Create Event ASIM parser for Windows Security Events
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimProcessCreateMicrosoftSecurityEvents |
| Built-in Parser | _ASim_ProcessEvent_CreateMicrosoftSecurityEvents |
| Schema | ProcessEvent |
| Schema Version | 0.1.0 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Security Events |
| Parser Version | 0.1.1 (version history) |
| Last Updated | Feb 23, 2022 |
| Unifying Parser | ASimProcessEvent, ASimProcessEventCreate |
| Source File | Parsers\ASimProcessEvent\Parsers\ASimProcessCreateMicrosoftSecurityEvents.yaml |
Description
This ASIM parser supports normalizing Windows process create events (event 4688) collected using the Security Events connectors, utilizing either the Log Analytics agent or the Azure Monitor Agent (AMA) and stored in the SecurityEvent table to the ASIM Process Event normalized schema.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityEvent |
EventID == "4688" |
✓ | ✓ | ? |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
| Connector | Solution |
|---|---|
| WindowsSecurityEvents | Windows Security Events |
Solutions: Windows Security Events
References
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊