You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/normalization-ingest-time.md
+8-3Lines changed: 8 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,9 +33,14 @@ Normalized data can be stored in Microsoft Sentinel's native normalized tables,
33
33
34
34
Currently, ASIM supports the following native normalized tables as a destination for ingest time normalization:
35
35
-[**ASimAuditEventLogs**](/azure/azure-monitor/reference/tables/asimauditeventlogs) for the [Audit Event](normalization-schema-audit.md) schema.
36
-
-**ASimAuthenticationEventLogs** for the [Authentication](normalization-schema-authentication.md) schema.
36
+
-[**ASimAuthenticationEventLogs**](/azure/azure-monitor/reference/tables/asimauthenticationeventlogs) for the [Authentication](normalization-schema-authentication.md) schema.
37
+
-[**ASimDhcpEventLogs**](/azure/azure-monitor/reference/tables/asimdhcpeventlogs) for the [DHCP Event](normalization-schema-dhcp.md) schema.
37
38
-[**ASimDnsActivityLogs**](/azure/azure-monitor/reference/tables/asimdnsactivitylogs) for the [DNS](normalization-schema-dns.md) schema.
38
-
-[**ASimNetworkSessionLogs**](/azure/azure-monitor/reference/tables/asimnetworksessionlogs) for the [Network Session](normalization-schema-network.md) schema
39
+
-[**ASimFileEventLogs**](/azure/azure-monitor/reference/tables/asimfileeventlogs) for the [File Event](normalization-schema-file-event.md) schema.
40
+
-[**ASimNetworkSessionLogs**](/azure/azure-monitor/reference/tables/asimnetworksessionlogs) for the [Network Session](normalization-schema-network.md) schema.
41
+
-[**ASimProcessEventLogs**](/azure/azure-monitor/reference/tables/asimprocesseventlogs) for the [Process Event](normalization-schema-process-event.md) schema.
42
+
-[**ASimRegistryEventLogs**](/azure/azure-monitor/reference/tables/asimregistryeventlogs) for the [Registry Event](normalization-schema-registry-event.md) schema.
43
+
-[**ASimUserManagementActivityLogs**](/azure/azure-monitor/reference/tables/asimusermanagementactivitylogs) for the [User Management](normalization-schema-user-management.md) schema.
39
44
-[**ASimWebSessionLogs**](/azure/azure-monitor/reference/tables/asimwebsessionlogs) for the [Web Session](normalization-schema-web.md) schema.
40
45
41
46
The advantage of native normalized tables is that they're included by default in the ASIM unifying parsers. Custom normalized tables can be included in the unifying parsers, as discussed in [Manage Parsers](normalization-manage-parsers.md).
@@ -70,4 +75,4 @@ For more information, see:
70
75
71
76
-[Normalization and the Advanced Security Information Model (ASIM)](normalization.md)
72
77
-[Advanced Security Information Model (ASIM) parsers](normalization-parsers-overview.md)
73
-
-[Transform or customize data at ingestion time in Microsoft Sentinel](configure-data-transformation.md)
78
+
-[Transform or customize data at ingestion time in Microsoft Sentinel](configure-data-transformation.md)
0 commit comments