Update vimAuditEventTemplate.yaml

ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml

@@ -43,29 +43,34 @@ ParserParams:
   - Name: newvalue_has_any
     Type: dynamic
     Default: dynamic([])
+  - Name: disabled
+    Type: bool
+    Default: false
 ParserQuery: |
   let parser = (
-    starttime:datetime=datetime(null)
-    , endtime:datetime=datetime(null)
-    , srcipaddr_has_any_prefix:dynamic=dynamic([])
-    , eventtype_in:string='*'
-    , eventresult:string='*'
-    , actorusername_has_any:dynamic=dynamic([])
-    , operation_has_any:dynamic=dynamic([])
-    , object_has_any:dynamic=dynamic([])
-    , newvalue_has_any:dynamic=dynamic([])
-   )
+    starttime:datetime                 = datetime(null)
+    , endtime:datetime                 = datetime(null)
+    , srcipaddr_has_any_prefix:dynamic = dynamic([])
+    , eventtype_in:string              = '*'
+    , eventresult:string               = '*'
+    , actorusername_has_any:dynamic    = dynamic([])
+    , operation_has_any:dynamic        = dynamic([])
+    , object_has_any:dynamic           = dynamic([])
+    , newvalue_has_any:dynamic         = dynamic([])
+    , disabled:bool                    = false
+  )
   {
     <parser query body>
   };
   parser (
-    starttime
-    , endtime
-    , srcipaddr_has_any_prefix
-    , eventtype_in
-    , eventresult
-    , actorusername_has_any
-    , operation_has_any
-    , object_has_any
-    , newvalue_has_any
+    starttime                  = starttime
+    , endtime                  = endtime
+    , srcipaddr_has_any_prefix = srcipaddr_has_any_prefix 
+    , eventtype_in             = eventtype_in
+    , eventresult              = eventresult
+    , actorusername_has_any    = actorusername_has_any
+    , operation_has_any        = operation_has_any
+    , object_has_any           = object_has_any
+    , newvalue_has_any         = newvalue_has_any
+    , disabled                 = disabled
   )