Merge pull request #184310 from oshezaf/norm/deployed-parsers-3

Norm/deployed parsers 3

Author: v-ccolin

articles/sentinel/TOC.yml

@@ -63,18 +63,16 @@
     items:
     - name: Data collection methods
       href: connect-data-sources.md
-    - name: Normalization and the Advanced SIEM Information Model (ASIM)
-      items:
-      - name: ASIM overview
-        href: normalization.md
-      - name: ASIM schemas
-        href: normalization-about-schemas.md
-      - name: ASIM parsers
-        href: normalization-about-parsers.md
-      - name: ASIM content
-        href: normalization-content.md
     - name: Classifying data with entities
       href: entities.md
+  - name: Normalization with ASIM
+    items:
+    - name: ASIM overview
+      href: normalization.md
+    - name: ASIM schemas
+      href: normalization-about-schemas.md
+    - name: ASIM parsers
+      href: normalization-parsers-overview.md
   - name: Kusto Query Language in Microsoft Sentinel
     items:
     - name: Overview
@@ -188,6 +186,16 @@
       href: monitor-data-connector-health.md
     - name: Integrate Azure Data Explorer
       href: store-logs-in-azure-data-explorer.md
+  - name: Use ASIM to normalize data
+    items:
+    - name: Develop ASIM parsers
+      href: normalization-develop-parsers.md
+    - name: Manage ASIM parsers
+      href: normalization-manage-parsers.md
+    - name: Use ASIM parsers
+      href: normalization-about-parsers.md
+    - name: Modify content to use ASIM
+      href: normalization-modify-content.md
   - name: Use threat intelligence
     items:
     - name: Connect threat intelligence platforms
@@ -324,32 +332,36 @@
         href: ../role-based-access-control/built-in-roles.md#all
       - name: Microsoft Sentinel roles
         href: ../role-based-access-control/built-in-roles.md#security
+  - name: Advanced SIEM Information Model (ASIM)
+    items:
+      - name: ASIM content
+        href: normalization-content.md
+      - name: ASIM schemas
+        items:
+        - name: ASIM authentication schema
+          href: authentication-normalization-schema.md
+        - name: ASIM DNS schema
+          href: dns-normalization-schema.md
+        - name: ASIM DHCP schema
+          href: dhcp-normalization-schema.md
+        - name: ASIM file event schema
+          href: file-event-normalization-schema.md
+        - name: ASIM network session schema
+          href: network-normalization-schema.md
+        - name: ASIM process event schema
+          href: process-events-normalization-schema.md
+        - name: ASIM registry event schema
+          href: registry-event-normalization-schema.md
+        - name: ASIM web session schema
+          href: web-normalization-schema.md
+        - name: Legacy network normalization schema
+          href: normalization-schema-v1.md
   - name: Data collection references
     items:
     - name: Data source schema reference
       href: data-source-schema-reference.md
     - name: CEF log field mapping
       href: cef-name-mapping.md
-    - name: Normalization
-      items:
-      - name: Authentication normalization schema
-        href: authentication-normalization-schema.md
-      - name: DNS normalization schema
-        href: dns-normalization-schema.md
-      - name: DHCP normalization schema
-        href: dhcp-normalization-schema.md
-      - name: File event normalization schema
-        href: file-event-normalization-schema.md
-      - name: Network normalization schema
-        href: network-normalization-schema.md
-      - name: Process event normalization schema
-        href: process-events-normalization-schema.md
-      - name: Registry event normalization schema
-        href: registry-event-normalization-schema.md
-      - name: Web normalization schema
-        href: web-normalization-schema.md
-      - name: Legacy network normalization schema
-        href: normalization-schema-v1.md
     - name: Windows security event sets
       href: windows-security-event-id-reference.md
   - name: Detection and analysis references

articles/sentinel/authentication-normalization-schema.md

@@ -36,9 +36,9 @@ Microsoft Sentinel provides the following built-in, product-specific authenticat
 - **AWS sign-ins**, collected using the AWS CloudTrail connector.
 - **Okta authentication**, collected using the Okta connector.
 
-To use the source-agnostic parser, which unifies all of listed parsers, ensuring that you analyze data across all the configured sources, use **imAuthentication** as the table name in your query.
+To use the unifying parser, which unifies all of listed parsers, ensuring that you analyze data across all the configured sources, use **imAuthentication** as the table name in your query.
 
-Deploy the [source-agnostic and source-specific parsers](normalization-about-parsers.md) from the [Microsoft Sentinel GitHub repository](https://aka.ms/AzSentinelAuth).
+Deploy the [unifying and source-specific parsers](normalization-about-parsers.md) from the [Microsoft Sentinel GitHub repository](https://aka.ms/AzSentinelAuth).
 
 
 
@@ -178,8 +178,8 @@ An **Actor**, running an *Acting Application* (**ActingApp**) on a *Source Devic
 
 For more information, see:
 
-- [Normalization in Microsoft Sentinel](normalization.md)
-- [Microsoft Sentinel DNS normalization schema reference](dns-normalization-schema.md)
-- [Microsoft Sentinel file event normalization schema reference (Public preview)](file-event-normalization-schema.md)
-- [Microsoft Sentinel network normalization schema reference](./network-normalization-schema.md)
-- [Microsoft Sentinel process event normalization schema reference (Public preview)](process-events-normalization-schema.md)
+- Watch the [ASIM Webinar](https://www.youtube.com/watch?v=WoGD-JeC7ng) or review the [slides](https://1drv.ms/b/s!AnEPjr8tHcNmjDY1cro08Fk3KUj-?e=murYHG)
+- [Advanced SIEM Information Model (ASIM) overview](normalization.md)
+- [Advanced SIEM Information Model (ASIM) schemas](normalization-about-schemas.md)
+- [Advanced SIEM Information Model (ASIM) parsers](normalization-parsers-overview.md)
+- [Advanced SIEM Information Model (ASIM) content](normalization-content.md)

articles/sentinel/dhcp-normalization-schema.md

@@ -132,6 +132,7 @@ The fields below are specific to DHCP events, but many are similar to fields in
 For more information, see:
 
 - Watch the [ASIM Webinar](https://www.youtube.com/watch?v=WoGD-JeC7ng) or review the [slides](https://1drv.ms/b/s!AnEPjr8tHcNmjDY1cro08Fk3KUj-?e=murYHG)
-- [Advanced SIEM Information Model schemas](normalization-about-schemas.md)
-- [Advanced SIEM Information Model parsers](normalization-about-parsers.md)
-- [Advanced SIEM Information Model content](normalization-content.md)
+- [Advanced SIEM Information Model (ASIM) overview](normalization.md)
+- [Advanced SIEM Information Model (ASIM) schemas](normalization-about-schemas.md)
+- [Advanced SIEM Information Model (ASIM) parsers](normalization-parsers-overview.md)
+- [Advanced SIEM Information Model (ASIM) content](normalization-content.md)