UPDATED

Parsers/ASimAuthentication/Parsers/vimAuthenticationMicrosoftWindowsEvent.yaml

@@ -1,7 +1,7 @@
 Parser:
   Title: Authentication ASIM filtering parser for Windows Security Events
   Version: '0.3.1'
-  LastUpdated: Dece 11, 2024
+  LastUpdated: Oct 15, 2024
 Product:
   Name: Windows Security Events
 Normalization:

Parsers/ASimAuthentication/Parsers/vimAuthenticationNative.yaml

@@ -23,24 +23,27 @@ ParserParams:
   - Name: endtime
     Type: datetime
     Default: datetime(null)
-  - Name: srcipaddr
-    Type: string
-    Default: '*'
-  - Name: domain_has_any
+  - Name: username_has_any
     Type: dynamic
     Default: dynamic([])
-  - Name: responsecodename
-    Type: string
-    Default: '*'
-  - Name: response_has_ipv4
-    Type: string
-    Default: '*'
-  - Name: response_has_any_prefix
+  - Name: targetappname_has_any
+    Type: dynamic
+    Default: dynamic([])
+  - Name: srcipaddr_has_any_prefix
     Type: dynamic
     Default: dynamic([])
-  - Name: eventtype
+  - Name: srchostname_has_any
+    Type: dynamic
+    Default: dynamic([])
+  - Name: eventtype_in
+    Type: dynamic
+    Default: dynamic([])
+  - Name: eventresultdetails_in
+    Type: dynamic
+    Default: dynamic([])
+  - Name: eventresult
     Type: string
-    Default: 'Query'
+    Default: '*'
   - Name: disabled
     Type: bool
     Default: false

Parsers/ASimDns/Parsers/ASimDnsNative.yaml

@@ -1,7 +1,7 @@
 Parser:
   Title: DNS activity ASIM parser for Microsoft Sentinel native DNS table
   Version: '0.6.1'
-  LastUpdated: Dece 01 2023
+  LastUpdated: March 01 2023
 Product:
   Name: Native
 Normalization: