Skip to content

Commit 24ed61e

Browse files
committed
changes
1 parent 2acf759 commit 24ed61e

File tree

4 files changed

+246
-3
lines changed

4 files changed

+246
-3
lines changed

articles/sentinel/TOC.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1077,6 +1077,8 @@
10771077
href: normalization-known-issues.md
10781078
- name: ASIM schemas
10791079
items:
1080+
- name: ASIM alert event schema
1081+
href: normalization-schema-alert.md
10801082
- name: ASIM audit event schema
10811083
href: normalization-schema-audit.md
10821084
- name: ASIM authentication schema
@@ -1170,4 +1172,4 @@
11701172
- name: Learn modules for Microsoft Sentinel
11711173
href: /training/browse/?expanded=azure&products=microsoft-sentinel
11721174
- name: Learn modules for Kusto Query Language (KQL)
1173-
href: /training/browse/?expanded=azure&terms=kusto%20query%20language
1175+
href: /training/browse/?expanded=azure&terms=kusto%20query%20language

articles/sentinel/normalization-parsers-list.md

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,16 @@ This document provides a list of Advanced Security Information Model (ASIM) pars
1818
> [!IMPORTANT]
1919
> ASIM is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
2020
>
21+
22+
## Alert event parsers
23+
24+
To use ASIM alert event parsers, deploy the parsers from the [Microsoft Sentinel GitHub repository](https://aka.ms/ASimAlertEvent). Microsoft Sentinel provides the following parsers in the packages deployed from GitHub:
25+
26+
| **Source** | **Notes** | **Parser**
27+
| --- | --------------------------- | ---------- |
28+
| **Defender XDR Alerts** | Microsoft Defender XDR alert events (in the `AlertEvidence` table). | `ASimAlertEventMicrosoftDefenderXDR` |
29+
| **Exchange 365 administrative events** | SentinelOne Singlularity `Threats.` events (in the `SentinelOne_CL` table). | `ASimAlertEventSentinelOneSingularity` |
30+
2131
## Audit event parsers
2232

2333
To use ASIM audit event parsers, deploy the parsers from the [Microsoft Sentinel GitHub repository](https://aka.ms/ASimAuditEvent). Microsoft Sentinel provides the following parsers in the packages deployed from GitHub:
@@ -162,4 +172,4 @@ Learn more about ASIM:
162172
- Watch the [Deep Dive Webinar on Microsoft Sentinel Normalizing Parsers and Normalized Content](https://www.youtube.com/watch?v=zaqblyjQW6k) or review the [slides](https://1drv.ms/b/s!AnEPjr8tHcNmjGtoRPQ2XYe3wQDz?e=R3dWeM)
163173
- [Advanced Security Information Model (ASIM) overview](normalization.md)
164174
- [Advanced Security Information Model (ASIM) schemas](normalization-about-schemas.md)
165-
- [Advanced Security Information Model (ASIM) content](normalization-content.md)
175+
- [Advanced Security Information Model (ASIM) content](normalization-content.md)

0 commit comments

Comments
 (0)