From b7f754fa92067a45a79220bc196be0233298f7e3 Mon Sep 17 00:00:00 2001
From: oded-weber <98888146+oded-weber@users.noreply.github.com>
Date: Mon, 11 Sep 2023 15:13:29 +0300
Subject: [PATCH] Update ASimAuthenticationOktaOSS.yaml

Project-away non-normalized fields
---
 .../Parsers/ASimAuthenticationOktaOSS.yaml          | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml b/Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml
index 0bf2ecf25f0..5dfdc3f9526 100644
--- a/Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml
+++ b/Parsers/ASimAuthentication/Parsers/ASimAuthenticationOktaOSS.yaml
@@ -92,11 +92,22 @@ ParserQuery: |
 			, TargetUserIdType=column_ifexists('ActorUserIdType',"")
 			, TargetUsernameType=column_ifexists('ActorUsernameType',"")
             		, SrcIpAddr = column_ifexists('SrcIpAddr',"")
+	      		//** extend non-normalized fields to be projected-away 
+	 		, ActorDetailEntry, ActorDisplayName, AuthenticationContextAuthenticationProvider, AuthenticationContextAuthenticationStep
+    			, AuthenticationContextCredentialProvider, AuthenticationContextInterface, AuthenticationContextIssuerId, AuthenticationContextIssuerType
+       			, DebugData, DvcAction, OriginalActorAlternateId, OriginalClientDevice, OriginalOutcomeResult, OriginalSeverity, OriginalTarget
+	  		, OriginalUserId, OriginalUserType, Request, SecurityContextAsNumber, SecurityContextAsOrg, SecurityContextDomain, SecurityContextIsProxy
+     			, TransactionDetail, TransactionId, TransactionType
 			// ** Aliases
 			| extend 
 			  User=TargetUsername
 			  , Dvc=EventVendor
-			  , IpAddr=SrcIpAddr;
+			  , IpAddr=SrcIpAddr
+     			| project-away ActorDetailEntry, ActorDisplayName, AuthenticationContextAuthenticationProvider, AuthenticationContextAuthenticationStep
+    			, AuthenticationContextCredentialProvider, AuthenticationContextInterface, AuthenticationContextIssuerId, AuthenticationContextIssuerType
+       			, DebugData, DvcAction, OriginalActorAlternateId, OriginalClientDevice, OriginalOutcomeResult, OriginalSeverity, OriginalTarget
+	  		, OriginalUserId, OriginalUserType, Request, SecurityContextAsNumber, SecurityContextAsOrg, SecurityContextDomain, SecurityContextIsProxy
+     			, TransactionDetail, TransactionId, TransactionType;
 		union isfuzzy=true OktaV1, OktaV2;
 	};
 	parser(disabled=disabled)