Jul 02 2021
09:46 AM
- last edited on
Nov 03 2021
03:56 AM
by
TechCommunityAP
Jul 02 2021
09:46 AM
- last edited on
Nov 03 2021
03:56 AM
by
TechCommunityAP
Working with various data types and tables together presents a challenge. You must become familiar with many different data types and schemas, write and use a unique set of analytics rules, workbooks, and hunting queries for each, even for those that share commonalities (for example, DNS servers). Correlation between the different data types necessary for investigation and hunting is also tricky.
The Azure Sentinel Information Model (ASIM) provides a seamless experience for handling various sources in uniform, normalized views. ASIM aligns with the Open-Source Security Events Metadata (OSSEM) common information model, promoting vendor agnostic, industry-wide normalization. ASIM: