Asimily¶
About¶
Asimily is an industry-leading risk management platform that secures IoT devices for healthcare, manufacturing, public sector, and other industries that depend on their numerous connected devices.
Product Details¶
Vendor URL: asimily.com
Product Type: IoT security platform
Product Tier: Tier II
Integration Method: Syslog
Integration URL: Forwarders - Cyderes Documentation
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 100%
Data Label: ASIMILY
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| AssetNote (static) | metadata.vendor_name |
| AssetNote (static) | metadata.product_name |
| value.asset | principal.asset.hostname |
| value.asset | principal.hostname |
| value.exposure_description | metadata.description |
| value.exposure_request | additional.fields |
| value.exposure_response | additional.fields |
| value.exposure_severity | security_result.severity_details |
| value.exposure_name | security_result.rule_name |
| value.exposure_id | security_result.rule_id |
| value.asset_details_url | additional.fields |
| value.indicator_of_compromise | additional.fields |
| value.javascript_file | additional.fields |
| value.exposure_triage_url | security_result.url_back_to_product |
| value.exposure_url | target.url |
| value.asset_type | principal.resource.resource_subtype |
| custom filter | target.application |
| custom filter | network.http.response_code |
| custom filter | network.http.response_code |
| custom filter | network.http.referral_url |
| custom filter | network.http.method |
| custom filter | network.http.user_agent |
| eumerated output | network.application_protocol |
| record.asset | principal.asset.hostname |
| record.asset | principal.hostname |
| record.asset_details_url | additional.fields |
| record.asset_group_url | additional.fields |
| record.asset_id | principal.asset_id |
| record.asset_type | principal.resource.resource_subtype |
| record.ssl_subject_dn | network.dns_domain |
| record.indicator_of_compromise | additional.fields |
| record.javascript_file | additional.fields |
| record.screenshot | security_result.url_back_to_product |
| record.status_code | additional.fields |
| record.a_records | principal.ip |
| record.cname_records | about.hostname |
| record.ports | about.port |
| record.technologies | additional.fields |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all others | SCAN_UNCATEGORIZED |
Log Sample¶
dateTime="2024-02-21T04:10:25.276Z" deviceType="Ultrasound" lastDiscoveredAt="" hostName="hostname1" process="Asimily CE" serialNumber="" os="windows 11" deviceTag="" nasPortId="" ipAddress="10.0.0.1" criticality="High" deviceFamily="Imaging Devices,Medical Devices" connectionType="WIRED" manufacturer="device_manufacturer" firstDiscoveredAt="2023-04-12T00:08:57.798Z" macAddress="28:b9:d8:a2:a2:a1" application="Asimily" context="PrintNightMare for Medical Devices" deviceModel="device_model" alertId="11934774A0273B000022" facility="office_1" destinationIpAddress="" nasIpAddress=""
Sample Parsing¶
additional.fields["connectionType"] = "WIRED"
additional.fields["deviceFamily"] = "Imaging Devices,Medical Devices"
metadata.description = "PrintNightMare for Medical Devices"
metadata.event_timestamp.seconds = 1708488625
metadata.event_timestamp.nanos = 276000000
metadata.event_type = "SCAN_UNCATEGORIZED"
metadata.product_name = "Asimily"
metadata.vendor_name = "Asimily"
principal.application = "Asimily"
principal.asset.category = "Imaging Devices,Medical Devices"
principal.asset.first_discover_time.seconds = 1681258137
principal.asset.first_discover_time.nanos = 798000000
principal.asset.hardware.manufacturer = "device_manufacturer"
principal.asset.hardware.model = "device_model"
principal.asset.hostname = "hostname1"
principal.asset.ip = "10.0.0.1"
principal.asset.mac = "28:b9:d8:a2:a2:a1"
principal.asset.platform_software.platform = "WINDOWS"
principal.asset.platform_software.platform_version = "windows 11"
principal.hostname = "hostname1"
principal.ip = "10.0.0.1"
principal.location.name = "office_1"
principal.mac = "28:b9:d9:e1:b1:96"
principal.process.file.names = "Asimily CE"
principal.resource.resource_subtype = "Ultrasound"
security_result.severity = "HIGH"
security_result.threat_id = "11934774A0273B000022"
Rules¶
Coming Soon