Skip to content

[ASIM] Authentication M365Defender - Parser Fixes #13441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yummyblabla merged 3 commits into from
Jan 22, 2026
Merged

[ASIM] Authentication M365Defender - Parser Fixes #13441

yummyblabla merged 3 commits into from
Jan 22, 2026

Conversation

@yummyblabla
Copy link
Collaborator

@yummyblabla yummyblabla commented Jan 15, 2026
edited
Loading

Changes:

  • Remove unnormalized columns
  • Previously unnormalized columns were added to AdditionalFields

@yummyblabla yummyblabla requested review from a team as code owners January 15, 2026 00:16
@v-shukore v-shukore added the ASIM label Jan 15, 2026
@oshezaf oshezaf assigned oshezaf and unassigned v-atulyadav Jan 19, 2026
oshezaf
oshezaf requested changes Jan 19, 2026
View reviewed changes
Copy link
Contributor

@oshezaf oshezaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couldn't really review... too many changes. So working of your change list. Let's discuss Timestamp in a meeting. I think we need to keep to TimeGenerated.

Parsers/ASimAuthentication/Parsers/ASimAuthenticationM365Defender.yaml Outdated
Dst = Dvc,
LogonTarget = Dvc
| project-away ReportId, LogonId, InitiatingProcessId, InitiatingProcessParentId, ActionType, InitiatingProcessFileSize, InitiatingProcessVersionInfoCompanyName, InitiatingProcessVersionInfoFileDescription, InitiatingProcessVersionInfoInternalFileName, InitiatingProcessVersionInfoOriginalFileName, InitiatingProcessVersionInfoProductName, InitiatingProcessVersionInfoProductVersion, AppGuardContainerId, RemoteIPType, IsLocalAdmin, RemoteIP
| extend ItemId = columnifexists('_ItemId', "")
Copy link
Contributor

@oshezaf oshezaf Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could have done it directly to EventUid....

Copy link
Collaborator Author

@yummyblabla yummyblabla Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed

@yummyblabla yummyblabla merged commit e920c5e into master Jan 22, 2026
29 of 35 checks passed
@yummyblabla yummyblabla deleted the derricklee/asim-authentication-m365defender branch January 22, 2026 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oshezaf oshezaf oshezaf approved these changes

Assignees

@oshezaf oshezaf

Labels

ASIM

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@yummyblabla @oshezaf @v-atulyadav @v-shukore