ESET Online Help

Search
Select the category
Select the topic

ESET PROTECT Platform data connector parsing function

The ESET PROTECT Platform data connector includes a parsing function that is designed to meet the fundamental requirements of the Azure Sentinel Information Model (ASIM). The parsing function transforms and normalizes data from the table that stores detection logs by mapping its fields to the standard ASIM schema. You can review the parser details on GitHub.

The parsing function simplifies tasks for security analysts by providing data in a standardized format and enabling it to be easily combined with other sources. It is especially helpful when working with multiple data sources.

How to use the parsing function

1.Navigate to Azure Portal > Microsoft Sentinel > your Log Analytics workspace > General > Logs > Functions > Workspace Functions.

2.Select the ESETProtectPlatform parsing function and click Run.

After the parsing function is executed, the transformed data becomes available for viewing in the following ASIM columns:

EventMessage—A general description or a name of the event

EventCount—The number of events described by the record

EventStartTime—The time when the event occurred

EventEndTime—The time when the event was generated

EventType—The event type name

EventResult—Filled with the constant value NA

EventOriginalUid—The unique ID of the detection

EventOriginalType—The original event category

EventSeverity—The severity level of the event

EventOriginalSeverity—The original severity as provided by the reporting device

EventProduct—Filled with the constant value ESET Connect

EventVendor—Filled with the constant value ESET

Dvc—The unique ID of the device where the event occurred

DvcDescription—The name of the device where the event occurred

DvcId—The unique ID of the device where the event occurred

DvcIdType—Filled with the constant value Computer

SrcIpAddr—The local IP address

DstIpAddr—The remote IP address

SrcPortNumber—The local port

DstPortNumber—The remote port

NetworkDirectionInbound, Outbound, NA if the network communication direction is unspecified

NetworkProtocol—The protocol name

ActorUsername—The username

TargetProcessCurrentDirectory—The path to the process directory

TargetProcessGuid—The unique ID of the process

TargetProcessCommandLine—The command line of the process

TargetProcessFileSize—The size of the object in bytes

User—The username