From f436449fbbbe0242e69f18a24e36d71f6a3c58e2 Mon Sep 17 00:00:00 2001
From: Rogier Dijkman <40334679+azurekid@users.noreply.github.com>
Date: Wed, 27 Sep 2023 16:14:14 +0200
Subject: [PATCH] Update vimAuditEventTemplate.yaml

---
 .../vimAuditEventTemplate.yaml                | 43 +++++++++++--------
 1 file changed, 24 insertions(+), 19 deletions(-)

diff --git a/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml b/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml
index d0e2e73f985..9ea31db34cd 100644
--- a/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml	
+++ b/ASIM/dev/Parser YAML templates/vimAuditEventTemplate.yaml	
@@ -43,29 +43,34 @@ ParserParams:
   - Name: newvalue_has_any
     Type: dynamic
     Default: dynamic([])
+  - Name: disabled
+    Type: bool
+    Default: false
 ParserQuery: |
   let parser = (
-    starttime:datetime=datetime(null)
-    , endtime:datetime=datetime(null)
-    , srcipaddr_has_any_prefix:dynamic=dynamic([])
-    , eventtype_in:string='*'
-    , eventresult:string='*'
-    , actorusername_has_any:dynamic=dynamic([])
-    , operation_has_any:dynamic=dynamic([])
-    , object_has_any:dynamic=dynamic([])
-    , newvalue_has_any:dynamic=dynamic([])
-   )
+    starttime:datetime                 = datetime(null)
+    , endtime:datetime                 = datetime(null)
+    , srcipaddr_has_any_prefix:dynamic = dynamic([])
+    , eventtype_in:string              = '*'
+    , eventresult:string               = '*'
+    , actorusername_has_any:dynamic    = dynamic([])
+    , operation_has_any:dynamic        = dynamic([])
+    , object_has_any:dynamic           = dynamic([])
+    , newvalue_has_any:dynamic         = dynamic([])
+    , disabled:bool                    = false
+  )
   {
     <parser query body>
   };
   parser (
-    starttime
-    , endtime
-    , srcipaddr_has_any_prefix
-    , eventtype_in
-    , eventresult
-    , actorusername_has_any
-    , operation_has_any
-    , object_has_any
-    , newvalue_has_any
+    starttime                  = starttime
+    , endtime                  = endtime
+    , srcipaddr_has_any_prefix = srcipaddr_has_any_prefix 
+    , eventtype_in             = eventtype_in
+    , eventresult              = eventresult
+    , actorusername_has_any    = actorusername_has_any
+    , operation_has_any        = operation_has_any
+    , object_has_any           = object_has_any
+    , newvalue_has_any         = newvalue_has_any
+    , disabled                 = disabled
   )