![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 88%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi, you can use the parsers that Oracle supply as a guide, however you'll have to adapt them to support your ingestion product and the schema it ingests. You may want to look at the ASIM guides as well, especially the column naming conventions. https://learn.microsoft.com/EN-US/AZURE/sentinel/normalization-parsers-overview
Sample Oracle parser: https://github.com/Azure/Azure-Sentinel/blob/606b995237604929b290b502bf7c21313cd0441c/Solutions/OracleWebLogicServer/Parsers/OracleWebLogicServerEvent.yaml