ASIM Authentication schema parser with its sample and test data for SentinelOne

[jayeshprajapaticrest]

Required items, please complete

Change(s):

• Added ASIM Authentication schema parser for SentinelOne based on API Data

Reason for Change(s):

• Initial version ASIM Authentication Parser

Version Updated:

• Initial version

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

• Yes

[v-rusraut]

Hi @jayeshprajapaticrest,
Thank you for raising Pull Request with us! We will review it internally and get back to you by shortly.

[vakohl]

@jayeshprajapaticrest Will try to review this within this week

[vakohl]

@jayeshprajapaticrest pls resolve validation error

[v-sudkharat]

Hi @jayeshprajapaticrest, hope you are doing well. Just wanted to check if you got a chance to look at the suggestions shared. Please feel free to reach out to us for any queries or support. Thanks!

[v-atulyadav]

Hi @jayeshprajapaticrest,
We are still waiting for your response to the above comments. Thanks

[v-sudkharat]

Hi @jayeshprajapaticrest, thank you for accommodating the suggested changes! We will review the Pull Request. Thanks!

[v-sudkharat]

Hello @jayeshprajapaticrest, please check above suggested changes. Thanks

[keyur-cds]

@v-sudkharat We will look into these comments and will update here once those are worked upon.

Thanks!

[v-sudkharat]

@keyur-cds Noted. Thanks!

[niralishah-crest]

@vakohl we have mapped the inspection fields below in the Authentication parser, which we found from SentinelOne Alerts logs.
RuleName
Rule
ThreatConfidence
ThreatOriginalConfidence