Skip to content

[ASIM] ASimTester.csv changes #13518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
yummyblabla wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[ASIM] ASimTester.csv changes #13518

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
55feb9c
Changes
Jan 29, 2026
62ed6e3
Add NetworkCleartext to EventSubType
Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 18 additions & 18 deletions ASIM/dev/ASimTester/ASimTester.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,12 +116,12 @@ ActorUserId,string,Optional,UserManagement,,,
ActorUserId,string,Recommended,FileEvent,,,
ActorUserId,string,Recommended,ProcessEvent,,,
ActorUserId,string,Recommended,RegistryEvent,,,
ActorUserIdType,string,Conditional,AuditEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId
ActorUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId
ActorUserIdType,string,Conditional,FileEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|Other,ActorUserId
ActorUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId
ActorUserIdType,string,Conditional,RegistryEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId
ActorUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,ActorUserId
ActorUserIdType,string,Conditional,AuditEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId
ActorUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId
ActorUserIdType,string,Conditional,FileEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|EntraID|Other,ActorUserId
ActorUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId
ActorUserIdType,string,Conditional,RegistryEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId
ActorUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,ActorUserId
ActorUsername,string,Mandatory,FileEvent,,,
ActorUsername,string,Mandatory,ProcessEvent,,,
ActorUsername,string,Mandatory,RegistryEvent,,,
Expand Down Expand Up @@ -369,8 +369,8 @@ DstProcessName,string,Optional,WebSession,,,
DstRiskLevel,int,Optional,Dns,,,
DstUserId,string,Optional,NetworkSession,,,
DstUserId,string,Optional,WebSession,,,
DstUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,DstUserId
DstUserIdType,string,Conditional,WebSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,DstUserId
DstUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,DstUserId
DstUserIdType,string,Conditional,WebSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,DstUserId
DstUsername,string,Optional,NetworkSession,,,
DstUsername,string,Optional,WebSession,,,
DstUsernameType,string,Conditional,NetworkSession,Enumerated,UPN|Windows|DN|Simple,DstUsername
Expand Down Expand Up @@ -719,7 +719,7 @@ EventOwner,string,Optional,UserManagement,,,
EventOwner,string,Optional,WebSession,,,
EventProduct,string,Mandatory,AlertEvent,Enumerated,Defender XDR|Singularity,
EventProduct,string,Mandatory,AuditEvent,Enumerated,Azure|WAF|Security Events|Exchange 365|Dataminr Pulse|ISE|XDR|Meraki|FalconHost|SentinelOne|Carbon Black Cloud|BloxOne|Core,
EventProduct,string,Mandatory,Authentication,Enumerated,Service Cloud|Auth0|CloudTrail|AAD|ASA|Microsoft Defender for IoT|ISE|M365 Defender for Endpoint|Meraki|Security Events|Okta|PostgreSQL|OpenSSH|su|sudo|Vectra XDR|SentinelOne|WAF|FalconHost|Carbon Black Cloud|Cortex Data Lake|Workspace|Core,
EventProduct,string,Mandatory,Authentication,Enumerated,Service Cloud|Auth0|CloudTrail|AAD|ASA|Microsoft Defender for IoT|ISE|M365 Defender for Endpoint|Meraki|Security Events|Okta|PostgreSQL|OpenSSH|su|sudo|Vectra XDR|SentinelOne|WAF|FalconHost|Carbon Black Cloud|Cortex Data Lake|Workspace|Core|Entra ID,
EventProduct,string,Mandatory,Common,,,
EventProduct,string,Mandatory,DhcpEvent,,BloxOne,
EventProduct,string,Mandatory,Dns,Enumerated,Umbrella|Azure Firewall|DNS Server|Sysmon|Sysmon for Linux|ZIA DNS|NIOS|Cloud DNS|Zeek|Vectra Stream|SentinelOne|FortiGate|BloxOne,
Expand Down Expand Up @@ -825,7 +825,7 @@ EventStartTime,datetime,Mandatory,RegistryEvent,,,
EventStartTime,datetime,Mandatory,UserManagement,,,
EventStartTime,datetime,Mandatory,WebSession,,,
EventSubType,string,Optional,AuditEvent,,,
EventSubType,string,Optional,Authentication,Enumerated,System|Interactive|RemoteInteractive|Service|RemoteService|Remote|AssumeRole,
EventSubType,string,Optional,Authentication,Enumerated,System|Interactive|RemoteInteractive|Service|RemoteService|Remote|AssumeRole|NetworkCleartext,
EventSubType,string,Optional,Common,Enumerated,Placeholder,
EventSubType,string,Optional,DhcpEvent,,,
EventSubType,string,Optional,Dns,Enumerated,request|response,
Expand Down Expand Up @@ -1283,10 +1283,10 @@ SrcUserId,string,Optional,DhcpEvent,,,
SrcUserId,string,Optional,Dns,,,
SrcUserId,string,Optional,NetworkSession,,,
SrcUserId,string,Optional,WebSession,,,
SrcUserIdType,string,Conditional,DhcpEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,SrcUserId
SrcUserIdType,string,Conditional,Dns,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,SrcUserId
SrcUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,SrcUserId
SrcUserIdType,string,Conditional,WebSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,SrcUserId
SrcUserIdType,string,Conditional,DhcpEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,SrcUserId
SrcUserIdType,string,Conditional,Dns,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,SrcUserId
SrcUserIdType,string,Conditional,NetworkSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,SrcUserId
SrcUserIdType,string,Conditional,WebSession,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,SrcUserId
SrcUsername,string,Optional,DhcpEvent,,,
SrcUsername,string,Optional,Dns,,,
SrcUsername,string,Optional,NetworkSession,,,
Expand Down Expand Up @@ -1458,9 +1458,9 @@ TargetUserAWSId,string,Optional,WebSession,,,
TargetUserId,string,Optional,Authentication,,,
TargetUserId,string,Optional,UserManagement,,,
TargetUserId,string,Recommended,ProcessEvent,,,
TargetUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|Other,TargetUserId
TargetUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId
TargetUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId
TargetUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|EntraID|Other,TargetUserId
TargetUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,TargetUserId
TargetUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,TargetUserId
TargetUsername,string,Mandatory,ProcessEvent,,,
TargetUsername,string,Optional,Authentication,,,
TargetUsername,string,Optional,UserManagement,,,
Expand Down Expand Up @@ -1756,7 +1756,7 @@ UserAWSId,string,Optional,RegistryEvent,,,
UserAWSId,string,Optional,UserManagement,,,
UserAWSId,string,Optional,WebSession,,,
UserId,string,Optional,AlertEvent,,,
UserIdType,string,Conditional,AlertEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,UserId
UserIdType,string,Conditional,AlertEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|EntraID|Other,UserId
Username,string,Recommended,AlertEvent,,,
UsernameType,string,Conditional,AlertEvent,Enumerated,UPN|Windows|DN|Simple,Username
UserOktaId,string,Optional,AlertEvent,,,
Expand Down
Loading