Skip to content

Commit 58da0ff

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #210174 from oshezaf/asim/add-parsers-sep-2022
Update normalization-parsers-list.md
2 parents 68903b1 + 7905b7f commit 58da0ff

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

articles/sentinel/normalization-parsers-list.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,13 +76,17 @@ Microsoft Sentinel provides the following out-of-the-box, product-specific Netwo
7676
| **Azure Firewall logs** | |`_Im_NetworkSession_AzureFirewallVxx`|
7777
| **Azure Monitor VMConnection** | Collected as part of the Azure Monitor [VM Insights solution](../azure-monitor/vm/vminsights-overview.md). | `_Im_NetworkSession_VMConnectionVxx` |
7878
| **Azure Network Security Groups (NSG) logs** | Collected as part of the Azure Monitor [VM Insights solution](../azure-monitor/vm/vminsights-overview.md). | `_Im_NetworkSession_AzureNSGVxx` |
79+
| **Checkpoint Firewall-1** | Collected using CEF. | `__Im_NetworkSession_CheckPointFirewallVxx` |
80+
| **Cisco Meraki** | Collected using the Cisco Meraki API connector. | `_Im_NetworkSession_CiscoMerakiVxx` |
81+
| **Corelight Zeek** | Collected using the Corelight Zeek connector. | `_im_NetworkSession_CorelightZeekVxx` |
7982
| **Fortigate FortiOS** | IP connection logs collected using Syslog. | `_Im_NetworkSession_FortinetFortiGateVxx` |
8083
| **Microsoft 365 Defender for Endpoint** | | `_Im_NetworkSession_Microsoft365DefenderVxx`|
8184
| **Microsoft Defender for IoT - Endpoint** | | `_Im_NetworkSession_MD4IoTVxx` |
8285
| **Palo Alto PanOS traffic logs** | Collected using CEF. | `_Im_NetworkSession_PaloAltoCEFVxx` |
8386
| **Sysmon for Linux** (event 3) | Collected using the Log Analytics Agent<br> or the Azure Monitor Agent. |`_Im_NetworkSession_LinuxSysmonVxx` |
8487
| **Vectra AI** | | `_Im_NetworkSession_VectraIAVxx` |
8588
| **Windows Firewall logs** | Collected as Windows events using the Log Analytics Agent (Event table) or Azure Monitor Agent (WindowsEvent table). Supports Windows events 5150 to 5159. | `_Im_NetworkSession_MicrosoftWindowsEventFirewallVxx`|
89+
| **Watchguard FirewareOW** | Collected using Syslog. | `_Im_NetworkSession_WatchGuardFirewareOSVxx` |
8690
| **Zscaler ZIA firewall logs** | Collected using CEF. | `_Im_NetworkSessionZscalerZIAVxx` |
8791

8892
Deploy the workspace deployed parsers from the [Microsoft Sentinel GitHub repository](https://aka.ms/AsimNetworkSession).

0 commit comments

Comments
 (0)