Mind Maps for Create detections and perform investigations using Microsoft Sentinel

Mind Maps for Create detections and perform investigations using Microsoft Sentinel

Raw Data Collection: Collect data from various sources.
Data Storage: Store the raw data in Sentinel tables.
Parsing Functions: Apply parsing functions to transform raw data into a standardized format.

Parsing Types:

Built-in Parsers: Use pre-configured parsers for common data sources.
Workspace-Deployed Parsers: Deploy custom parsers for specific data sources.

Source-Specific Parsers: Handle unique data formats for specific sources.
Unifying Parsers: Normalize data from various sources into a unified schema.
Normalized Data: Data is converted into the ASIM schema.
Querying: Write queries based on the ASIM schema.