Map security telemetry to ASIM standard
microsoft-sentinel-asim-skillskillsetup L2★1
tenzir/news ↗What it does
Normalize security logs to ASIM standard
Best for
When centralizing security logs from multiple sources and need vendor-agnostic querying.
Inputs
- · Raw security logs (Syslog, CEF, JSON)
Outputs
- · Normalized ASIM JSON events
Requires
- · Microsoft Sentinel
- · KQL
Preconditions
Microsoft Sentinel instance; log source connected; ASIM schema loaded
Failure modes
- · Field mapping losses information
- · Timestamp parsing fails for non-UTC sources
Trust signals
- · ASIM specification compliance
- · CIM-to-ASIM mapping documented