Registry Event ASIM Parser

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index

Parser Information

Property	Value
Parser Name	`ASimRegistry`
Built-in Parser	`_ASim_RegistryEvent`
Schema	RegistryEvent
Schema Version	0.1.2
Parser Type	📦 Union (schema-level)
Parser Version	0.1.3 (version history)
Last Updated	Jun 3, 2024
Source File	Parsers\ASimRegistryEvent\Parsers\ASimRegistryEvent.yaml

Description

This ASIM parser supports normalizing Registry Event logs from all supported sources to the ASIM Registry Event normalized schema.

Products

This union parser includes parsers for the following products:

Product	Source Parser	Solutions
Microsoft 365 Defender for Endpoint	_ASim_RegistryEvent_Microsoft365D	Microsoft Defender XDR
Security Events	_ASim_RegistryEvent_MicrosoftSecurityEvent	Windows Security Events
Microsoft Sysmon	_ASim_RegistryEvent_MicrosoftSysmon
Microsoft Sysmon	_ASim_RegistryEvent_MicrosoftSysmonWindowsEvent	Windows Forwarded Events
Security Events	_ASim_RegistryEvent_MicrosoftWindowsEvent	Windows Forwarded Events
Native	_ASim_RegistryEvent_Native	SynqlyIntegrationConnector VMware Carbon Black Cloud
SentinelOne	_ASim_RegistryEvent_SentinelOne
Trend Micro Vision One	_ASim_RegistryEvent_TrendMicroVisionOne	Trend Micro Vision One
VMware Carbon Black Cloud	_ASim_RegistryEvent_VMwareCarbonBlackCloud

Parameters

Name	Type	Default
`pack`	bool	False

References

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to ASIM Index