Advanced Security Information Model (ASIM) security content (Public preview)

Normalized security content in Microsoft Sentinel includes analytics rules, hunting queries, and workbooks that work with unifying normalization parsers.

You can find normalized, built-in content in Microsoft Sentinel galleries and solutions, create your own normalized content, or modify existing content to use normalized data.

This article lists built-in Microsoft Sentinel content that has been configured to support the Advanced Security Information Model (ASIM). While links to the Microsoft Sentinel GitHub repository are provided below as a reference, you can also find these rules in the Microsoft Sentinel Analytics rule gallery. Use the linked GitHub pages to copy any relevant hunting queries.

To understand how normalized content fits within the ASIM architecture, refer to the ASIM architecture diagram.

Important

ASIM is currently in PREVIEW. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Authentication security content

The following built-in authentication content is supported for ASIM normalization.

Analytics rules

DNS query security content

The following built-in DNS query content is supported for ASIM normalization.

Solutions

  • DNS Essentials
  • Log4j Vulnerability Detection
  • Legacy IOC Based Threat Detection

Analytics rules

File Activity security content

The following built-in file activity content is supported for ASIM normalization.

  • Legacy IOC Based Threat Detection

Analytics Rules

Network session security content

The following built-in network session related content is supported for ASIM normalization.

Solutions

  • Network Session Essentials
  • Log4j Vulnerability Detection
  • Legacy IOC Based Threat Detection

Analytics rules

Hunting queries

Process activity security content

The following built-in process activity content is supported for ASIM normalization.

Solutions

  • Endpoint Threat Protection Essentials
  • Legacy IOC Based Threat Detection

Analytics rules

Hunting queries

Registry activity security content

The following built-in registry activity content is supported for ASIM normalization.

Analytics rules

Hunting queries

Web session security content

The following built-in web session related content is supported for ASIM normalization.

Solutions

  • Log4j Vulnerability Detection
  • Threat Intelligence

Analytics rules

Next steps

This article discusses the Advanced Security Information Model (ASIM) content.

For more information, see: