New Blog Post | Azure Sentinel Information Model DNS Schema and normalized content now public

What's new: Azure Sentinel Information Model DNS Schema and normalized content now public - Microsoft Tech Community

Following our networking schema, we now extend our https://aka.ms/AzSentinelNormalization and release our https://aka.ms/AzSentinelDnsDoc. We expect to follow suit with additional schemas in the coming weeks.

 

This release includes additional artifacts to ensure easier use of ASIM:

 

• New extensive https://aka.ms/AzSentinelNormalization, including schema guidelines and a parser writing guide.

 

• All the normalizing parsers can be deployed in a click using an https://aka.ms/AzSentinelDns. The initial release contains normalizing parsers for Infoblox, Cisco Umbrella, and Microsoft DNS server.

 

• We have migrated analytic rules that worked on a single DNS source to use the normalized template. Those are available in GitHub and will be available in the in product gallery in the coming days. You can find the list at the end of this post.

 

• And of course, the https://aka.ms/AzSentinelDnsDoc is available on docs.microsoft.com.

 

With a single click deployment and support for normalized content in analytic rules, we believe we will see an accelerated adaption of the Azure Sentinel Information Model.