Replacing ASimTester CSV

The file was updated recently, so I copied the content of the current master and pasted it into my copy of ASimTester.csv. Then, I re-applied my changes and replaced the file in Git.
jaimeesc · Feb 26, 2024 · 4bfb1bb · 4bfb1bb
1 parent 35bd3c1
commit 4bfb1bb
Showing 1 changed file with 25 additions and 30 deletions.
diff --git a/ASIM/dev/ASimTester/ASimTester.csv b/ASIM/dev/ASimTester/ASimTester.csv
@@ -10,6 +10,9 @@ ActingAppType,string,Optional,AuditEvent,Enumerated,Process|Service|Resource|URL
 ActingAppType,string,Optional,Authentication,Enumerated,Process|Service|Resource|URL|SaaS application|CSP|Other,
 ActingAppType,string,Optional,FileEvent,Enumerated,Process|Service|Resource|URL|SaaS application|CSP|Other,
 ActingAppType,string,Optional,UserManagement,Enumerated,Process|Service|Resource|URL|SaaS application|CSP|Other,
+ActingOriginalAppType,string,Optional,AuditEvent,,,
+ActingOriginalAppType,string,Optional,UserManagement,,,
+ActingOriginalAppType,string,Optional,Authentication,,,
 ActingProcessCommandLine,string,Optional,FileEvent,,,
 ActingProcessCommandLine,string,Optional,ProcessEvent,,,
 ActingProcessCreationTime,datetime,Optional,ProcessEvent,,,
@@ -447,8 +450,8 @@ EventCount,int,Mandatory,ProcessEvent,,,
 EventCount,int,Mandatory,RegistryEvent,,,
 EventCount,int,Mandatory,UserManagement,,,
 EventCount,int,Mandatory,WebSession,,,
-EventCount,int,Optional,AuditEvent,,,
-EventCount,int,Optional,FileEvent,,,
+EventCount,int,Mandatory,AuditEvent,,,
+EventCount,int,Mandatory,FileEvent,,,
 EventEndTime,datetime,Mandatory,AuditEvent,,,
 EventEndTime,datetime,Mandatory,Authentication,,,
 EventEndTime,datetime,Mandatory,Common,,,
@@ -475,6 +478,7 @@ EventOriginalResultDetails,string,Optional,AuditEvent,,,
 EventOriginalResultDetails,string,Optional,Authentication,,,
 EventOriginalResultDetails,string,Optional,Common,,,
 EventOriginalResultDetails,string,Optional,Dhcp,,,
+EventOriginalResultDetails,string,Optional,Dns,,,
 EventOriginalResultDetails,string,Optional,FileEvent,,,
 EventOriginalResultDetails,string,Optional,NetworkSession,,,
 EventOriginalResultDetails,string,Optional,ProcessEvent,,,
@@ -535,25 +539,16 @@ EventOwner,string,Optional,ProcessEvent,,,
 EventOwner,string,Optional,RegistryEvent,,,
 EventOwner,string,Optional,UserManagement,,,
 EventOwner,string,Optional,WebSession,,,
-EventProduct,string,Mandatory,AuditEvent,Enumerated,Azure|WAF|Security Events|Exchange 365|Dataminr Pulse|ISE|XDR|Meraki,
-EventProduct,string,Mandatory,Authentication,Enumerated,Service Cloud|Auth0|CloudTrail|AAD|ASA|Microsoft Defender for IoT|ISE|M365 Defender for Endpoint|Meraki|Security Events|Okta|PostgreSQL|OpenSSH|su|sudo|Vectra XDR|SentinelOne|WAF,
+EventProduct,string,Mandatory,Authentication,Enumerated,Service Cloud|Auth0|CloudTrail|AAD|ASA|Microsoft Defender for IoT|ISE|M365 Defender for Endpoint|Meraki|Security Events|Okta|PostgreSQL|OpenSSH|su|sudo|Vectra XDR|SentinelOne|WAF|FalconHost|Carbon Black Cloud|Cortex Data Lake|Workspace,
+EventProduct,string,Mandatory,AuditEvent,Enumerated,Azure|WAF|Security Events|Exchange 365|Dataminr Pulse|ISE|XDR|Meraki|FalconHost|SentinelOne|Carbon Black Cloud,
 EventProduct,string,Mandatory,Common,,,
 EventProduct,string,Mandatory,Dhcp,,,
-EventProduct,string,Mandatory,Dns,Enumerated,Umbrella|Azure Firewall|DNS Server|Sysmon|Sysmon for Linux|ZIA DNS|NIOS|Cloud DNS|Zeek|Vectra Stream|SentinelOne,
+EventProduct,string,Mandatory,Dns,Enumerated,Umbrella|Azure Firewall|DNS Server|Sysmon|Sysmon for Linux|ZIA DNS|NIOS|Cloud DNS|Zeek|Vectra Stream|SentinelOne|FortiGate,
 EventProduct,string,Mandatory,FileEvent,Enumerated,Sysmon for Linux|Sysmon|M365 Defender for Endpoint|Azure File Storage|SharePoint|OneDrive|SentinelOne|Carbon Black Cloud,
-EventProduct,string,Mandatory,NetworkSession,Enumerated,Fortigate|IOS|ISE|SDP|Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki|Zeek|Firewall|ASA|Cynerio|SentinelOne|WAF,
-EventProduct,string,Mandatory,FileEvent,Enumerated,Sysmon for Linux|Sysmon|M365 Defender for Endpoint|Azure File Storage|SharePoint|OneDrive|SentinelOne,
-EventProduct,string,Mandatory,NetworkSession,Enumerated,Fortigate|IOS|ISE|SDP|Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki|Zeek|Firewall|ASA|Cynerio|SentinelOne|WAF|Firepower|FalconHost,
-EventProduct,string,Mandatory,NetworkSession,Enumerated,Fortigate|IOS|ISE|SDP|Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki|Zeek|Firewall|ASA|Cynerio|SentinelOne|WAF|Firepower|Carbon Black Cloud,
-EventProduct,string,Mandatory,ProcessEvent,Enumerated,M365 Defender for Endpoint|Sysmon for Linux|Sysmon|Azure Defender for IoT|Security Events|SentinelOne|Carbon Black Cloud,
-EventProduct,string,Mandatory,RegistryEvent,Enumerated,M365 Defender for Endpoint|Security Events|Sysmon|Windows Event|SentinelOne|Vision One,
+EventProduct,string,Mandatory,NetworkSession,Enumerated,Fortigate|IOS|ISE|SDP|Vectra Stream|NSGFlow|Fireware|VPC|Azure Defender for IoT|Azure Firewall|M365 Defender for Endpoint|Sysmon|Sysmon for Linux|Windows Firewall|WireData|ZIA Firewall|CDL|PanOS|VMConnection|Meraki|Zeek|Firewall|ASA|Cynerio|SentinelOne|WAF|Firepower|FalconHost|Carbon Black Cloud|Cortex Data Lake,
+EventProduct,string,Mandatory,ProcessEvent,Enumerated,M365 Defender for Endpoint|Sysmon for Linux|Sysmon|Azure Defender for IoT|Security Events|SentinelOne|Carbon Black Cloud|Vision One,
 EventProduct,string,Mandatory,RegistryEvent,Enumerated,M365 Defender for Endpoint|Security Events|Sysmon|Windows Event|SentinelOne|Carbon Black Cloud|Vision One,
-EventProduct,string,Mandatory,WebSession,Enumerated,IIS|Squid Proxy|ZIA Proxy|Vectra Stream|PanOS|CDL|Fireware|Meraki|Web Security Gateway|Zeek|Dataminr Pulse|HTTP Server|Fortigate|WAF|Firewall,
-EventProduct,string,Mandatory,RegistryEvent,Enumerated,M365 Defender for Endpoint|Security Events|Sysmon|Windows Event|SentinelOne|Carbon Black Cloud,
-EventProduct,string,Mandatory,WebSession,Enumerated,IIS|Squid Proxy|ZIA Proxy|Vectra Stream|PanOS|CDL|Fireware|Meraki|Web Security Gateway|Zeek|Dataminr Pulse|HTTP Server|Fortigate|WAF|ASM|Firewall,
-EventProduct,string,Mandatory,RegistryEvent,Enumerated,M365 Defender for Endpoint|Security Events|Sysmon|Windows Event|SentinelOne,
-EventProduct,string,Mandatory,WebSession,Enumerated,IIS|Squid Proxy|ZIA Proxy|Vectra Stream|PanOS|CDL|Fireware|Meraki|Web Security Gateway|Zeek|Dataminr Pulse|HTTP Server|Fortigate|WAF|NetScaler|Firewall,
-EventProduct,string,Mandatory,WebSession,Enumerated,IIS|Squid Proxy|ZIA Proxy|Vectra Stream|PanOS|CDL|Fireware|Meraki|Web Security Gateway|Zeek|Dataminr Pulse|HTTP Server|Fortigate|WAF|Firepower|Firewall,
+EventProduct,string,Mandatory,WebSession,Enumerated,IIS|Squid Proxy|ZIA Proxy|Vectra Stream|PanOS|CDL|Fireware|Meraki|Web Security Gateway|Zeek|Dataminr Pulse|HTTP Server|Fortigate|WAF|ASM|NetScaler|Firepower|Cortex Data Lake|Firewall,
 EventProduct,string,Mandatory,UserManagement,Enumerated,Security Events|Authpriv|ISE|SentinelOne,
 EventProductVersion,string,Optional,AuditEvent,,,
 EventProductVersion,string,Optional,Authentication,,,
@@ -592,7 +587,7 @@ EventResultDetails,string,Mandatory,Dns,Enumerated,,
 EventResultDetails,string,Optional,FileEvent,,,
 EventResultDetails,string,Optional,ProcessEvent,,,
 EventResultDetails,string,Recommended,AuditEvent,Enumerated,,
-EventResultDetails,string,Recommended,Authentication,Enumerated,No such user or password|Incorrect password|Account expired|Password expired|User locked|User disabled|Logon violates policy|Session expired|No such user|Incorrect key|Other,
+EventResultDetails,string,Recommended,Authentication,Enumerated,No such user or password|Incorrect password|Account expired|Password expired|User locked|User disabled|Logon violates policy|Session expired|No such user|Incorrect key|MFA not satisfied|Other,
 EventResultDetails,string,Recommended,Common,,,
 EventResultDetails,string,Recommended,Dhcp,,,
 EventResultDetails,string,Recommended,NetworkSession,Enumerated,Failover|Invalid TCP|Invalid Tunnel|Maximum Retry|Reset|Routing issue|Simulation|Terminated|Timeout|Transient error|Unknown|NA,
@@ -674,18 +669,14 @@ EventUid,string,Recommended,ProcessEvent,,,
 EventUid,string,Recommended,RegistryEvent,,,
 EventUid,string,Recommended,UserManagement,,,
 EventUid,string,Recommended,WebSession,,,
-EventVendor,string,Mandatory,AuditEvent,Enumerated,Microsoft|AWS|Barracuda|Cisco|Dataminr|Vectra,
-EventVendor,string,Mandatory,Authentication,Enumerated,Salesforce|AWS|Barracuda|Cisco|Microsoft|Okta|PostgreSQL|OpenBSD|Linux|Vectra|SentinelOne,
+EventVendor,string,Mandatory,Authentication,Enumerated,Salesforce|AWS|Barracuda|Cisco|Microsoft|Okta|PostgreSQL|OpenBSD|Linux|Vectra|SentinelOne|CrowdStrike|VMware|Google,
+EventVendor,string,Mandatory,AuditEvent,Enumerated,Microsoft|AWS|Barracuda|Cisco|Dataminr|Vectra|CrowdStrike|SentinelOne|VMware,
 EventVendor,string,Mandatory,Common,,,
 EventVendor,string,Mandatory,Dhcp,,,
-EventVendor,string,Mandatory,Dns,Enumerated,Cisco|Corelight|GCP|Infoblox|Microsoft|Zscaler|Vectra AI|SentinelOne,
-EventVendor,string,Mandatory,FileEvent,Enumerated,Microsoft|SentinelOne,
-EventVendor,string,Mandatory,Dns,Enumerated,Cisco|Corelight|GCP|Infoblox|Microsoft|Zscaler|Vectra AI,
-EventVendor,string,Mandatory,FileEvent,Enumerated,Microsoft|SentinelOne,
-EventVendor,string,Mandatory,NetworkSession,Enumerated,Fortinet|AppGate|Barracuda|Palo Alto|Microsoft|Zscaler|AWS|Vectra AI|WatchGuard|Cisco|Corelight|Check Point|Forcepoint|Cynerio|SentinelOne|CrowdStrike|SonicWall,
+EventVendor,string,Mandatory,Dns,Enumerated,Cisco|Corelight|GCP|Infoblox|Microsoft|Zscaler|Vectra AI|SentinelOne|Fortinet,
+EventVendor,string,Mandatory,NetworkSession,Enumerated,Fortinet|AppGate|Barracuda|Palo Alto|Microsoft|Zscaler|AWS|Vectra AI|WatchGuard|Cisco|Corelight|Check Point|Forcepoint|Cynerio|SentinelOne|CrowdStrike|VMware|SonicWall,
 EventVendor,string,Mandatory,FileEvent,Enumerated,Microsoft|SentinelOne|VMware,
-EventVendor,string,Mandatory,NetworkSession,Enumerated,Fortinet|AppGate|Barracuda|Palo Alto|Microsoft|Zscaler|AWS|Vectra AI|WatchGuard|Cisco|Corelight|Check Point|Forcepoint|Cynerio|SentinelOne|VMware|SonicWall,
-EventVendor,string,Mandatory,ProcessEvent,Enumerated,Microsoft|SentinelOne|VMware,
+EventVendor,string,Mandatory,ProcessEvent,Enumerated,Microsoft|SentinelOne|VMware|TrendMicro,
 EventVendor,string,Mandatory,WebSession,Enumerated,Apache|Barracuda|Fortinet|Microsoft|Squid|Zscaler|Vectra AI|Palo Alto|WatchGuard|Cisco|Forcepoint|Corelight|Dataminr|Citrix|F5|SonicWall,
 EventVendor,string,Mandatory,UserManagement,Enumerated,Microsoft|Linux|Cisco|SentinelOne,
 EventVendor,string,Mandatory,RegistryEvent,Enumerated,SentinelOne|VMware,
@@ -784,6 +775,7 @@ NewValue,string,Recommended,AuditEvent,,,
 Object,string,Recommended,AuditEvent,,,
 ObjectId,string,Recommended,AuditEvent,,,
 ObjectType,string,Related,AuditEvent,Enumerated,Configuration Atom|Policy Rule|Event Log|Scheduled Task|Service|Directory Service Object|Other,
+OriginalObjectType,string,Optional,AuditEvent,,,
 OldValue,string,Optional,AuditEvent,,,
 Operation,string,Mandatory,AuditEvent,,,
 OuterVlanId,string,Alias,NetworkSession,,,DstVlanId
@@ -996,7 +988,7 @@ SrcInterfaceGuid,string,Optional,NetworkSession,GUID,,
 SrcInterfaceGuid,string,Optional,WebSession,GUID,,
 SrcInterfaceName,string,Optional,NetworkSession,,,
 SrcInterfaceName,string,Optional,WebSession,,,
-SrcIpAddr,IP address,Recommended,UserManagement,,,
+SrcIpAddr,string,Recommended,UserManagement,IP Address,,
 SrcIpAddr,string,Mandatory,Dhcp,IP Address,,
 SrcIpAddr,string,Recommended,AuditEvent,IP Address,,
 SrcIpAddr,string,Recommended,Authentication,IP Address,,
@@ -1078,6 +1070,9 @@ TargetAppName,string,Optional,FileEvent,,,
 TargetAppType,string,Conditional,AuditEvent,Enumerated,Process|Service|Resource|URL|SaaS application|Other,TargetAppName
 TargetAppType,string,Conditional,Authentication,Enumerated,Process|Service|Resource|URL|SaaS application|Other,TargetAppName
 TargetAppType,string,Conditional,FileEvent,Enumerated,Process|Service|Resource|URL|SaaS application|Other,TargetAppName
+TargetOriginalAppType,string,Optional,AuditEvent,,,
+TargetOriginalAppType,string,Optional,FileEvent,,,
+TargetOriginalAppType,string,Optional,Authentication,,,
 TargetDescription,string,Optional,AuditEvent,,,
 TargetDescription,string,Optional,Authentication,,,
 TargetDeviceType,string,Optional,AuditEvent,Enumerated,Computer|Mobile Device|IOT Device|Other,
@@ -1167,7 +1162,7 @@ TargetUserAadId,string,Optional,ProcessEvent,,,
 TargetUserId,string,Optional,Authentication,,,
 TargetUserId,string,Optional,UserManagement,,,
 TargetUserId,string,Recommended,ProcessEvent,,,
-TargetUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId
+TargetUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|Other,TargetUserId
 TargetUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId
 TargetUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId
 TargetUsername,string,Mandatory,ProcessEvent,,,
@@ -1347,4 +1342,4 @@ User,string,Optional,Authentication,Username,,
 UserAgent,string,Alias,WebSession,Useragent,,HttpUserAgent
 Username,string,Alias,Dhcp,,,SrcUsername
 Value,string,Alias,AuditEvent,,,NewValue
-ValueType,string,Optional,AuditEvent,Enumerated,Other,
+ValueType,string,Optional,AuditEvent,Enumerated,Other,