Asimily¶
About¶
Asimily is an industry-leading risk management platform that secures IoT devices for healthcare, manufacturing, public sector, and other industries that depend on their numerous connected devices.
Product Details¶
Vendor URL: asimily.com
Product Type: IoT security platform
Product Tier: Tier II
Integration Method: Syslog
Integration URL: Forwarders - Cyderes Documentation
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 100%
Data Label: ASIMILY
UDM Fields (list of all UDM fields leveraged in the Parser):
Log File Field | UDM Field |
---|---|
AssetNote (static) | metadata.vendor_name |
AssetNote (static) | metadata.product_name |
value.asset | principal.asset.hostname |
value.asset | principal.hostname |
value.exposure_description | metadata.description |
value.exposure_request | additional.fields |
value.exposure_response | additional.fields |
value.exposure_severity | security_result.severity_details |
value.exposure_name | security_result.rule_name |
value.exposure_id | security_result.rule_id |
value.asset_details_url | additional.fields |
value.indicator_of_compromise | additional.fields |
value.javascript_file | additional.fields |
value.exposure_triage_url | security_result.url_back_to_product |
value.exposure_url | target.url |
value.asset_type | principal.resource.resource_subtype |
custom filter | target.application |
custom filter | network.http.response_code |
custom filter | network.http.response_code |
custom filter | network.http.referral_url |
custom filter | network.http.method |
custom filter | network.http.user_agent |
eumerated output | network.application_protocol |
record.asset | principal.asset.hostname |
record.asset | principal.hostname |
record.asset_details_url | additional.fields |
record.asset_group_url | additional.fields |
record.asset_id | principal.asset_id |
record.asset_type | principal.resource.resource_subtype |
record.ssl_subject_dn | network.dns_domain |
record.indicator_of_compromise | additional.fields |
record.javascript_file | additional.fields |
record.screenshot | security_result.url_back_to_product |
record.status_code | additional.fields |
record.a_records | principal.ip |
record.cname_records | about.hostname |
record.ports | about.port |
record.technologies | additional.fields |
Product Event Types¶
Event | UDM Event Classification |
---|---|
all others | SCAN_UNCATEGORIZED |
Log Sample¶
dateTime="2024-02-21T04:10:25.276Z" deviceType="Ultrasound" lastDiscoveredAt="" hostName="hostname1" process="Asimily CE" serialNumber="" os="windows 11" deviceTag="" nasPortId="" ipAddress="10.0.0.1" criticality="High" deviceFamily="Imaging Devices,Medical Devices" connectionType="WIRED" manufacturer="device_manufacturer" firstDiscoveredAt="2023-04-12T00:08:57.798Z" macAddress="28:b9:d8:a2:a2:a1" application="Asimily" context="PrintNightMare for Medical Devices" deviceModel="device_model" alertId="11934774A0273B000022" facility="office_1" destinationIpAddress="" nasIpAddress=""
Sample Parsing¶
additional.fields["connectionType"] = "WIRED"
additional.fields["deviceFamily"] = "Imaging Devices,Medical Devices"
metadata.description = "PrintNightMare for Medical Devices"
metadata.event_timestamp.seconds = 1708488625
metadata.event_timestamp.nanos = 276000000
metadata.event_type = "SCAN_UNCATEGORIZED"
metadata.product_name = "Asimily"
metadata.vendor_name = "Asimily"
principal.application = "Asimily"
principal.asset.category = "Imaging Devices,Medical Devices"
principal.asset.first_discover_time.seconds = 1681258137
principal.asset.first_discover_time.nanos = 798000000
principal.asset.hardware.manufacturer = "device_manufacturer"
principal.asset.hardware.model = "device_model"
principal.asset.hostname = "hostname1"
principal.asset.ip = "10.0.0.1"
principal.asset.mac = "28:b9:d8:a2:a2:a1"
principal.asset.platform_software.platform = "WINDOWS"
principal.asset.platform_software.platform_version = "windows 11"
principal.hostname = "hostname1"
principal.ip = "10.0.0.1"
principal.location.name = "office_1"
principal.mac = "28:b9:d9:e1:b1:96"
principal.process.file.names = "Asimily CE"
principal.resource.resource_subtype = "Ultrasound"
security_result.severity = "HIGH"
security_result.threat_id = "11934774A0273B000022"