Microsoft Sentinel ingests data from many sources. Working with various data types and tables together requires you to understand each of them, and write and use unique sets of data for analytics rules, workbooks, and hunting queries for each type or schema.Sometimes, you'll need separate rules, workbooks, and queries, even when data types share common elements, such as firewall devices. Correlating different kinds of data during an investigation and hunting can also be challenging.The Advanced Security Information Model (ASIM) is a layer between these diverse sources and the user. ASIM follows the robustness principle: "Be strict in what you send, be flexible in what you accept". Using the robustness principle as a design pattern, ASIM transforms Microsoft Sentinel's inconsistent and hard-to-use source telemetry into user-friendly data.
+Parsers+in+Analytics+Rule_Ubaid Hayee_Security, Malware, Cyber Security_20230213_1/2_Developing+and+Using+Advanced+Security+Information+Model+(ASim)+Parsers+in+Analytics+Rule_Ubaid Hayee_Security, Malware, Cyber Security_20230213_11.png)