Cisco Secure Endpoint - AlertEvent ASIM Parser by Steve1145 · Pull Request #13741 · Azure/Azure-Sentinel

Steve1145 · 2026-03-04T10:15:07Z

Change(s):

Added AlertEvent ASIM parser for Cisco Secure Endpoint (Codeless Connector Framework)

Reason for Change(s):

Support Cisco Secure Endpoint table CiscoSecureEndpointEventsV2_CL

Version Updated:

Yes
Top level Alert Event ASIM parsers updated to 0.1.1

Testing Completed:

Yes

Checked that the validations are passing and have addressed any issues that are present:

Yes

Co-authored-by: Remco Hofman <5119620+SpeedyFireCyclone@users.noreply.github.com>

v-maheshbh · 2026-03-06T06:18:40Z

Hi @Steve1145

Kindly accept the CLA to proceed with the review.

Thanks!

Steve1145 · 2026-03-06T12:12:34Z

@microsoft-github-policy-service agree

Steve1145 · 2026-03-06T14:47:00Z

@microsoft-github-policy-service agree company="BlueVoyant"

v-maheshbh · 2026-03-26T11:19:02Z

Hi @Steve1145
Kindly review and address the failing validation error.

Thanks!

SpeedyFireCyclone · 2026-03-26T15:22:43Z

Hi @v-maheshbh,

Could you please tag this PR with "SafeToRun"? I believe the current error is because the validations have not been allowed to run.
We will be providing anonymized sample data soon for the tests.

yummyblabla

Please add a changelog for the two parsers in Parsers/ASimAlertEvent/CHANGELOG

Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml

Parsers/ASimAlertEvent/Parsers/ASimAlertEventCiscoSecureEndpoint.yaml

Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml

Parsers/ASimAlertEvent/Parsers/vimAlertEventCiscoSecureEndpoint.yaml

Parsers/ASimAlertEvent/Parsers/ASimAlertEventCiscoSecureEndpoint.yaml

github-actions · 2026-04-02T12:05:40Z

🔒 Security Re-approval Required

⚠️ New commits detected: This fork PR has been updated with new commits while the SafeToRun label was present.

For security, a maintainer must:

📝 Review the latest commits carefully for any security concerns
✅ Verify file types - Ensure new commits only contain .yml, .yaml, or .json files. Reject if any executable scripts (.ps1, .py, .sh, .exe, etc.) are included.
🏷️ Remove the SafeToRun label
🏷️ Re-add the SafeToRun label if the new commits are safe

This simple process ensures that all commits have been properly reviewed before testing with repository secrets.

🤖 Automated security check • Updated: 2026-04-02T12:05:40.231Z
Learn more: GitHub Security Lab - Preventing PWN Requests

v-atulyadav · 2026-04-07T13:56:29Z

Hi @Steve1145,

Please include sample data. Thanks

github-actions · 2026-04-08T10:53:43Z

🔒 Security Re-approval Required

⚠️ New commits detected: This fork PR has been updated with new commits while the SafeToRun label was present.

For security, a maintainer must:

📝 Review the latest commits carefully for any security concerns
✅ Verify file types - Ensure new commits only contain .yml, .yaml, or .json files. Reject if any executable scripts (.ps1, .py, .sh, .exe, etc.) are included.
🏷️ Remove the SafeToRun label
🏷️ Re-add the SafeToRun label if the new commits are safe

This simple process ensures that all commits have been properly reviewed before testing with repository secrets.

🤖 Automated security check • Updated: 2026-04-08T10:53:43.387Z
Learn more: GitHub Security Lab - Preventing PWN Requests

github-actions · 2026-04-08T11:00:31Z

🔒 Security Re-approval Required

⚠️ New commits detected: This fork PR has been updated with new commits while the SafeToRun label was present.

For security, a maintainer must:

📝 Review the latest commits carefully for any security concerns
✅ Verify file types - Ensure new commits only contain .yml, .yaml, or .json files. Reject if any executable scripts (.ps1, .py, .sh, .exe, etc.) are included.
🏷️ Remove the SafeToRun label
🏷️ Re-add the SafeToRun label if the new commits are safe

This simple process ensures that all commits have been properly reviewed before testing with repository secrets.

🤖 Automated security check • Updated: 2026-04-08T11:00:31.417Z
Learn more: GitHub Security Lab - Preventing PWN Requests

Parsers/ASimAlertEvent/Parsers/ASimAlertEventCiscoSecureEndpoint.yaml

Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml

Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml

Parsers/ASimAlertEvent/Parsers/vimAlertEventCiscoSecureEndpoint.yaml

Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventCiscoSecureEndpoint.md

github-actions · 2026-04-09T11:02:32Z

🔒 Security Re-approval Required

⚠️ New commits detected: This fork PR has been updated with new commits while the SafeToRun label was present.

For security, a maintainer must:

📝 Review the latest commits carefully for any security concerns
✅ Verify file types - Ensure new commits only contain .yml, .yaml, or .json files. Reject if any executable scripts (.ps1, .py, .sh, .exe, etc.) are included.
🏷️ Remove the SafeToRun label
🏷️ Re-add the SafeToRun label if the new commits are safe

This simple process ensures that all commits have been properly reviewed before testing with repository secrets.

🤖 Automated security check • Updated: 2026-04-09T11:02:32.279Z
Learn more: GitHub Security Lab - Preventing PWN Requests

yummyblabla · 2026-04-10T21:29:01Z

Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml

 Parsers:
  - _Im_AlertEvent_Empty
  - _ASim_AlertEvent_MicrosoftDefenderXDR
  - _ASim_AlertEvent_SentinelOneSingularity


Please add _ASim_AlertEvent_CiscoSecureEndpoint to this Parsers list.

yummyblabla · 2026-04-10T21:29:32Z

Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml

 Parsers:
  - _Im_AlertEvent_Empty
  - _Im_AlertEvent_MicrosoftDefenderXDR
  - _Im_AlertEvent_SentinelOneSingularity


Please add _Im_AlertEvent_CiscoSecureEndpoint to the parser list.

Steve1145 requested review from a team as code owners March 4, 2026 10:15

Steve1145 force-pushed the bluevoyant/asim/alert branch from 57b4393 to f77fa71 Compare March 4, 2026 10:20

Cisco Secure Endpoint - AlertEvent ASIM Parser

2c16122

Co-authored-by: Remco Hofman <5119620+SpeedyFireCyclone@users.noreply.github.com>

Steve1145 force-pushed the bluevoyant/asim/alert branch from f77fa71 to 2c16122 Compare March 4, 2026 10:24

Correct parser exclusions

1aabad2

v-shukore assigned v-maheshbh Mar 5, 2026

v-shukore added the Solution Solution specialty review needed label Mar 5, 2026

Merge branch 'master' into pr/13741

74e5aad

v-maheshbh added SafeToRun This is used only for ASim parsers Fork PR Pipeline run. and removed SafeToRun This is used only for ASim parsers Fork PR Pipeline run. labels Mar 31, 2026

yummyblabla requested changes Apr 1, 2026

View reviewed changes

Microsoft comments - updates

4262fc8

v-maheshbh removed their assignment Apr 6, 2026

v-maheshbh added the ASIM label Apr 6, 2026

v-maheshbh assigned v-atulyadav Apr 6, 2026

v-atulyadav added SafeToRun This is used only for ASim parsers Fork PR Pipeline run. and removed SafeToRun This is used only for ASim parsers Fork PR Pipeline run. labels Apr 7, 2026

adding sample data

f21ae51

corrected sample data formats

a4dbbc7

yummyblabla reviewed Apr 8, 2026

View reviewed changes

address requested changes

508fbad

yummyblabla reviewed Apr 10, 2026

View reviewed changes

Conversation

Steve1145 commented Mar 4, 2026

Uh oh!

v-maheshbh commented Mar 6, 2026

Uh oh!

Steve1145 commented Mar 6, 2026

Uh oh!

Steve1145 commented Mar 6, 2026

Uh oh!

v-maheshbh commented Mar 26, 2026

Uh oh!

SpeedyFireCyclone commented Mar 26, 2026

Uh oh!

yummyblabla left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Apr 2, 2026

Uh oh!

v-atulyadav commented Apr 7, 2026

Uh oh!

github-actions bot commented Apr 8, 2026

Uh oh!

github-actions bot commented Apr 8, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Apr 9, 2026

Uh oh!

yummyblabla Apr 10, 2026

Choose a reason for hiding this comment

Uh oh!

yummyblabla Apr 10, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants