Introduction
Data normalization in Microsoft Sentinel allows for the standardization of data across multiple data sources.
You're a Security Operations Analyst working at a company that implemented Microsoft Sentinel. You have multiple connectors that write unstructured firewall data to the CommonSecurityLog table. You need to empower security analysts to easily write analytical rule queries against the firewall data. You need to create an ASIM parser to provide one table for the analysts to query.
By the end of this module, you'll be able to use ASIM parsers to identify threats inside your organization.
After completing this module, you'll be able to:
- Use ASIM Parsers
- Create ASIM Parser
- Create parameterized KQL functions