Merge pull request #291015 from vakohl/NewASIMSchema-Alert

New ASIM Schema Alert

Author: Stacyrch140

articles/sentinel/TOC.yml

@@ -1159,6 +1159,8 @@
         href: normalization-known-issues.md
       - name: ASIM schemas
         items:
+        - name: ASIM alert event schema
+          href: normalization-schema-alert.md
         - name: ASIM audit event schema
           href: normalization-schema-audit.md
         - name: ASIM authentication schema
@@ -1252,4 +1254,4 @@
     - name: Learn modules for Microsoft Sentinel
       href: /training/browse/?expanded=azure&products=microsoft-sentinel
     - name: Learn modules for Kusto Query Language (KQL)
-      href: /training/browse/?expanded=azure&terms=kusto%20query%20language
+      href: /training/browse/?expanded=azure&terms=kusto%20query%20language

articles/sentinel/normalization-parsers-list.md

@@ -1,10 +1,10 @@
 ---
 title: List of Microsoft Sentinel Advanced Security Information Model (ASIM) parsers | Microsoft Docs
 description: This article lists Advanced Security Information Model (ASIM) parsers.
-author: oshezaf
+author: vakohl
 ms.topic: reference
 ms.date: 05/02/2022
-ms.author: ofshezaf
+ms.author: vakohl
 
 
 #Customer intent: As a security analyst, I want to deploy and use ASIM parsers so that I can normalize and analyze security event data from various sources effectively.
@@ -18,6 +18,16 @@ This document provides a list of Advanced Security Information Model (ASIM) pars
 > [!IMPORTANT]
 > ASIM is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
+
+## Alert event parsers
+
+To use ASIM alert event parsers, deploy the parsers from the [Microsoft Sentinel GitHub repository](https://aka.ms/ASimAlertEvent). Microsoft Sentinel provides the following parsers in the packages deployed from GitHub:
+
+| **Source** | **Notes** | **Parser**
+| --- | --------------------------- | ---------- |
+| **Defender XDR Alerts** | Microsoft Defender XDR alert events (in the `AlertEvidence` table). | `ASimAlertEventMicrosoftDefenderXDR` |
+| **Exchange 365 administrative events** | SentinelOne Singlularity `Threats.` events (in the `SentinelOne_CL` table). | `ASimAlertEventSentinelOneSingularity` |
+
 ## Audit event parsers
 
 To use ASIM audit event parsers, deploy the parsers from the [Microsoft Sentinel GitHub repository](https://aka.ms/ASimAuditEvent). Microsoft Sentinel provides the following parsers in the packages deployed from GitHub:
@@ -162,4 +172,4 @@ Learn more about ASIM:
 - Watch the [Deep Dive Webinar on Microsoft Sentinel Normalizing Parsers and Normalized Content](https://www.youtube.com/watch?v=zaqblyjQW6k) or review the [slides](https://1drv.ms/b/s!AnEPjr8tHcNmjGtoRPQ2XYe3wQDz?e=R3dWeM)
 - [Advanced Security Information Model (ASIM) overview](normalization.md)
 - [Advanced Security Information Model (ASIM) schemas](normalization-about-schemas.md)
-- [Advanced Security Information Model (ASIM) content](normalization-content.md)
+- [Advanced Security Information Model (ASIM) content](normalization-content.md)