Can we test ASIM parser Locally, with all published vendor data?

Jayesh Prajapati 1 Reputation point
2022-09-16T12:50:25+00:00

We are making ASIM parsers for diff. kind of schemas
At the end we want to test that is it reflecting in Global ASIM Parser for particular schema or not.
Is there any way to test That ASIM parser after adding it in union?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
958 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Bill Clarkson-Antill 5 Reputation points MVP
    2023-03-15T22:13:06.5833333+00:00

    If data is being ingested into Sentinel, you should be able to see the results when data is passed through the parsers

    Is there something more specific you are after?

    0 comments No comments

  2. Sedat SALMAN 12,985 Reputation points
    2023-03-25T21:32:09.26+00:00
    1. Verify that the ASIM parser has been added to the union correctly. You can check this by verifying that the parser is listed in the appropriate configuration file.
    2. Validate the syntax and structure of the ASIM parser using a validation tool such as XMLSpy or Oxygen XML Editor.
    3. Test the ASIM parser with sample data to ensure that it is parsing the data correctly.
    4. Verify that the parsed data matches the schema for the particular schema.
    5. Verify that the parsed data is being correctly integrated into the Global ASIM Parser.
    6. If any issues are found during the testing process, review the ASIM parser code to identify and fix any errors or issues.
    0 comments No comments