Skip to content

Commit 06cb5c5

Browse files
PRMerger15PRMerger15
authored
Merge pull request #198270 from oshezaf/asim/add-vectra-network-parsers
asim/add-vectra-network-parsers
2 parents 8cfdac7 + 26421e4 commit 06cb5c5

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

articles/sentinel/normalization-parsers-list.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
title: List of Microsoft Sentinel Advanced Security Information Model (ASIM) parsers | Microsoft Docs
3-
description: This article list Advanced Security Information Model (ASIM) parsers .
3+
description: This article lists Advanced Security Information Model (ASIM) parsers.
44
author: oshezaf
55
ms.topic: reference
66
ms.date: 05/02/2022
@@ -77,6 +77,7 @@ Microsoft Sentinel provides the following out-of-the-box, product-specific Netwo
7777
| **Microsoft Defender for IoT - Endpoint** |`_ASim_NetworkSession_MD4IoT` (regular)<br><br>`_Im_NetworkSession_MD4IoT` (filtering) | `ASimNetworkSessionMD4IoT` (regular)<br><br> `vimNetworkSessionMD4IoT` (filtering) |
7878
| **Palo Alto PanOS traffic logs** collected using CEF |`_ASim_NetworkSession_PaloAltoCEF` (regular)<br> `_Im_NetworkSession_PaloAltoCEF` (filtering) | `ASimNetworkSessionPaloAltoCEF` (regular)<br> `vimNetworkSessionPaloAltoCEF` (filtering) |
7979
| **Sysmon for Linux** (event 3)<br> Collected using the Log Analytics Agent<br> or the Azure Monitor Agent |`_ASim_NetworkSession_LinuxSysmon` (regular)<br><br>`_Im_NetworkSession_LinuxSysmon` (filtering) | `ASimNetworkSessionLinuxSysmon` (regular)<br><br> `vimNetworkSessionLinuxSysmon` (filtering) |
80+
| **Vectra AI** |`_ASim_NetworkSession_VectraIA` (regular)<br> `_Im_NetworkSession_VectraIA` (filtering) | `AsimNetworkSessionVectraAI` (regular)<br> `vimNetworkSessionVectraAI` (filtering) |
8081
| **Windows Firewall logs**<br>Collected as Windows events using the Log Analytics Agent (Event table) or Azure Monitor Agent (WindowsEvent table). Supports Windows events 5150 to 5159. |`_ASim_NetworkSession_`<br>`MicrosoftWindowsEventFirewall` (regular)<br><br>`_Im_NetworkSession_`<br>`MicrosoftWindowsEventFirewall` (filtering) | `ASimNetworkSession`<br>`MicrosoftWindowsEventFirewall` (regular)<br><br> `vimNetworkSession`<br>`MicrosoftWindowsEventFirewall` (filtering) |
8182
| **Zscaler ZIA firewall logs** |`_ASim_NetworkSessionZscalerZIA` (regular)<br> `_Im_NetworkSessionZscalerZIA` (filtering) | `AsimNetworkSessionZscalerZIA` (regular)<br> `vimNetowrkSessionSzcalerZIA` (filtering) |
8283

@@ -124,7 +125,7 @@ Learn more about ASIM parsers:
124125
- [Develop custom ASIM parsers](normalization-develop-parsers.md)
125126
- [Manage ASIM parsers](normalization-manage-parsers.md)
126127

127-
For more about ASIM, in general, see:
128+
Learn more about ASIM:
128129

129130
- Watch the [Deep Dive Webinar on Microsoft Sentinel Normalizing Parsers and Normalized Content](https://www.youtube.com/watch?v=zaqblyjQW6k) or review the [slides](https://1drv.ms/b/s!AnEPjr8tHcNmjGtoRPQ2XYe3wQDz?e=R3dWeM)
130131
- [Advanced Security Information Model (ASIM) overview](normalization.md)

0 commit comments

Comments
 (0)