Skip to content

ASIM

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

ASIM

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
deploy
deploy
 
 
dev
dev
 
 
lib
lib
 
 
schemas
schemas
 
 
tools
tools
 
 
ASIM parsers list.md
ASIM parsers list.md
 
 
ASimFullDeployment.json
ASimFullDeployment.json
 
 
README.md
README.md
 
 

README.md

Advanced Security Information Model (ASIM)

The Advanced Security Information Model (ASIM) enables you to use and create source-agnostic content, simplifying your analysis of the data in your Microsoft Sentinel workspace.

For more information, see Normalization and the Advanced Security Information Model (ASIM)

Copilot Agent Skills for ASIM Parser Creation

GitHub Copilot agent skills are available to help you create, validate, deploy, and package ASIM parsers locally. The skills guide you through the full workflow — from gathering requirements and generating KQL parsers to deploying to Log Analytics and opening a PR.

See ASIM Parser Creation - Agentic to get started.

Deploy ASIM

This template deploys all ASIM parsers.

Deploy to Azure

Deploy to Azure Gov

To deploy a single schema use the buttons below:

ASim Schema Deploy Deploy to Azure Gov
Alert Event Deploy to Azure Deploy to Azure Gov
Audit Event Deploy to Azure Deploy to Azure Gov
Authentication Deploy to Azure Deploy to Azure Gov
Dhcp Event Deploy to Azure Deploy to Azure Gov
Dns Deploy to Azure Deploy to Azure Gov
File Event Deploy to Azure Deploy to Azure Gov
Network Session Deploy to Azure Deploy to Azure Gov
Process Event Deploy to Azure Deploy to Azure Gov
Registry Event Deploy to Azure Deploy to Azure Gov
UserManagement Deploy to Azure Deploy to Azure Gov
Web Session Deploy to Azure Deploy to Azure Gov