The first schema to use parametrized parsers is the DNS schema. DNS is a high-volume source, and using optimized parsers enables the new normalized Threat Intelligence Analytics Rules (Domains,IPs) to match your TI to even the highest volume of DNS data. And with out-of-the-box optimized parsers for a wide variety of DNS servers and clients, including Windows DNS Server, InfoBlox, Cisco Umbrella, Corelight Zeek, Google Cloud DNS, and Sysmon, you get this detection across much more of your data.
Join us to learn more about parametrized parsers in ourupcoming webinar “Turbocharging ASIM: Making Sure Normalization Helps Performance Rather Than Impacting It”on Oct 6th. Register, as usual on https://aka.ms/securitywebinars.