diff --git a/ASIM/dev/ASimTester/ASimTester.csv b/ASIM/dev/ASimTester/ASimTester.csv index be750d761ab..ade2e4d1362 100644 --- a/ASIM/dev/ASimTester/ASimTester.csv +++ b/ASIM/dev/ASimTester/ASimTester.csv @@ -116,12 +116,12 @@ ActorUserId,string,Optional,UserManagement,,, ActorUserId,string,Recommended,FileEvent,,, ActorUserId,string,Recommended,ProcessEvent,,, ActorUserId,string,Recommended,RegistryEvent,,, -ActorUserIdType,string,Conditional,AuditEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId -ActorUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId -ActorUserIdType,string,Conditional,FileEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|Other,ActorUserId -ActorUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId -ActorUserIdType,string,Conditional,RegistryEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId -ActorUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId +ActorUserIdType,string,Conditional,AuditEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId +ActorUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId +ActorUserIdType,string,Conditional,FileEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|EntraID|Other,ActorUserId +ActorUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId +ActorUserIdType,string,Conditional,RegistryEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId +ActorUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId ActorUsername,string,Mandatory,FileEvent,,, ActorUsername,string,Mandatory,ProcessEvent,,, ActorUsername,string,Mandatory,RegistryEvent,,, @@ -369,8 +369,8 @@ DstProcessName,string,Optional,WebSession,,, DstRiskLevel,int,Optional,Dns,,, DstUserId,string,Optional,NetworkSession,,, DstUserId,string,Optional,WebSession,,, -DstUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,DstUserId -DstUserIdType,string,Conditional,WebSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,DstUserId +DstUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,DstUserId +DstUserIdType,string,Conditional,WebSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,DstUserId DstUsername,string,Optional,NetworkSession,,, DstUsername,string,Optional,WebSession,,, DstUsernameType,string,Conditional,NetworkSession,Enumerated,UPN|Windows|DN|Simple,DstUsername @@ -719,7 +719,7 @@ EventOwner,string,Optional,UserManagement,,, EventOwner,string,Optional,WebSession,,, EventProduct,string,Mandatory,AlertEvent,Enumerated,Defender XDR|Singularity, EventProduct,string,Mandatory,AuditEvent,Enumerated,Azure|WAF|Security Events|Exchange 365|Dataminr Pulse|ISE|XDR|Meraki|FalconHost|SentinelOne|Carbon Black Cloud|BloxOne|Core, -EventProduct,string,Mandatory,Authentication,Enumerated,Service Cloud|Auth0|CloudTrail|AAD|ASA|Microsoft Defender for IoT|ISE|M365 Defender for Endpoint|Meraki|Security Events|Okta|PostgreSQL|OpenSSH|su|sudo|Vectra XDR|SentinelOne|WAF|FalconHost|Carbon Black Cloud|Cortex Data Lake|Workspace|Core, +EventProduct,string,Mandatory,Authentication,Enumerated,Service Cloud|Auth0|CloudTrail|AAD|ASA|Microsoft Defender for IoT|ISE|M365 Defender for Endpoint|Meraki|Security Events|Okta|PostgreSQL|OpenSSH|su|sudo|Vectra XDR|SentinelOne|WAF|FalconHost|Carbon Black Cloud|Cortex Data Lake|Workspace|Core|Entra ID, EventProduct,string,Mandatory,Common,,, EventProduct,string,Mandatory,DhcpEvent,,BloxOne, EventProduct,string,Mandatory,Dns,Enumerated,Umbrella|Azure Firewall|DNS Server|Sysmon|Sysmon for Linux|ZIA DNS|NIOS|Cloud DNS|Zeek|Vectra Stream|SentinelOne|FortiGate|BloxOne, @@ -825,7 +825,7 @@ EventStartTime,datetime,Mandatory,RegistryEvent,,, EventStartTime,datetime,Mandatory,UserManagement,,, EventStartTime,datetime,Mandatory,WebSession,,, EventSubType,string,Optional,AuditEvent,,, -EventSubType,string,Optional,Authentication,Enumerated,System|Interactive|RemoteInteractive|Service|RemoteService|Remote|AssumeRole, +EventSubType,string,Optional,Authentication,Enumerated,System|Interactive|RemoteInteractive|Service|RemoteService|Remote|AssumeRole|NetworkCleartext, EventSubType,string,Optional,Common,Enumerated,Placeholder, EventSubType,string,Optional,DhcpEvent,,, EventSubType,string,Optional,Dns,Enumerated,request|response, @@ -1283,10 +1283,10 @@ SrcUserId,string,Optional,DhcpEvent,,, SrcUserId,string,Optional,Dns,,, SrcUserId,string,Optional,NetworkSession,,, SrcUserId,string,Optional,WebSession,,, -SrcUserIdType,string,Conditional,DhcpEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,SrcUserId -SrcUserIdType,string,Conditional,Dns,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,SrcUserId -SrcUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,SrcUserId -SrcUserIdType,string,Conditional,WebSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,SrcUserId +SrcUserIdType,string,Conditional,DhcpEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,SrcUserId +SrcUserIdType,string,Conditional,Dns,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,SrcUserId +SrcUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,SrcUserId +SrcUserIdType,string,Conditional,WebSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,SrcUserId SrcUsername,string,Optional,DhcpEvent,,, SrcUsername,string,Optional,Dns,,, SrcUsername,string,Optional,NetworkSession,,, @@ -1458,9 +1458,9 @@ TargetUserAWSId,string,Optional,WebSession,,, TargetUserId,string,Optional,Authentication,,, TargetUserId,string,Optional,UserManagement,,, TargetUserId,string,Recommended,ProcessEvent,,, -TargetUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|Other,TargetUserId -TargetUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId -TargetUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId +TargetUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|EntraID|Other,TargetUserId +TargetUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,TargetUserId +TargetUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,TargetUserId TargetUsername,string,Mandatory,ProcessEvent,,, TargetUsername,string,Optional,Authentication,,, TargetUsername,string,Optional,UserManagement,,, @@ -1756,7 +1756,7 @@ UserAWSId,string,Optional,RegistryEvent,,, UserAWSId,string,Optional,UserManagement,,, UserAWSId,string,Optional,WebSession,,, UserId,string,Optional,AlertEvent,,, -UserIdType,string,Conditional,AlertEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,UserId +UserIdType,string,Conditional,AlertEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,UserId Username,string,Recommended,AlertEvent,,, UsernameType,string,Conditional,AlertEvent,Enumerated,UPN|Windows|DN|Simple,Username UserOktaId,string,Optional,AlertEvent,,,