Following our introduction of the Azure Sentinel Information Model (ASIM) webinar, we will focus on the practical aspects required to get value from ASIM. In the webinar, we will learn how to create normalized parsers that will ensure built-in content works with your data and how to convert your content to use normalization.
2:16 - Introduction
4:18 - ASIM Architecture
8:32 - Demo
10:45 - KQL Functions
12:06 - Source Specific Parser Flow
12:41 - Parses: Filtering (W/ Demo)
21:24 - Parsers: Parsing (W/ Demo)
28:39 - Parsers: Mapping (W/ Demo)
35:10 - Normalization: How to Map Your Source to the Schema
46:00 - Deploying Parsers
52:10 - Q&A/Outro
Learn more: aka.ms/SecurityCommunity​
#MicrosoftSecurity #Microsoft #Security