Securiment Blogs

The approved contractor of Cyber Security Solutions, providing quality services to many organizations & private companies
Developing and Using Advanced Security Information Model (ASim) Parsers in Analytics Rule

Microsoft Sentinel ingests data from many sources. Working with various data types and tables together requires you to understand each of them, and write and use unique sets of data for analytics rules, workbooks, and hunting queries for each type or schema.Sometimes, you'll need separate rules, workbooks, and queries, even when data types share common elements, such as firewall devices. Correlating different kinds of data during an investigation and hunting can also be challenging.The Advanced Security Information Model (ASIM) is a layer between these diverse sources and the user. ASIM follows the robustness principle: "Be strict in what you send, be flexible in what you accept". Using the robustness principle as a design pattern, ASIM transforms Microsoft Sentinel's inconsistent and hard-to-use source telemetry into user-friendly data.