Aug 04 2021 08:09 AM
What's new: ASIM File Activity schema - Microsoft Tech Community
In addition to ASIM advantages: cross source analytics, source agnostic rules, and ease of use, the File Activity Schema lets you write rules that span endpoint, server, and cloud activity. We have included parsers for Sysmon, Microsoft 365 Defender for Endpoint, SharePoint, OneDrive, and Azure Storage. For example:
Original Post: New Blog Post | What's new: ASIM File Activity schema - Microsoft Tech Community