ASIM Authentication Parser: Enhanced SSH Authentication Method Detection

What Changed

Enhanced ASIM Authentication parser for OpenSSH sshd with improved logon method detection and field mapping standardization.

Parser Impact

Logon Method Enhancement: Added structured LogonMethod lookup table mapping SSH authentication types:

password → “Username & password”
publickey → “PKI”
keyboard-interactive/pam → “PAM”
RSA key detection → “PKI”
Fallback → “Other”

Field Improvements:

Added explicit Type = Syslog for consistent table mapping
Enhanced Dvc field coalescing for better device identification
Added Src alias for source IP address normalization

Schema Update: Updated EventSchemaVersion to 0.1.3 reflecting standardized LogonMethod classification.

No change to core parsing logic or filter criteria — safe for existing detections using this parser. Previously unclassified authentication methods now have proper LogonMethod values instead of being left empty.

Affected Files

ASIM/dev/ASimTester/ASimTester.csv
Parsers/ASimAuthentication/ARM/ASimAuthenticationSshd/ASimAuthenticationSshd.json
Parsers/ASimAuthentication/ARM/vimAuthenticationSshd/vimAuthenticationSshd.json
Parsers/ASimAuthentication/Parsers/ASimAuthenticationSshd.yaml
Parsers/ASimAuthentication/Parsers/vimAuthenticationSshd.yaml

What Changed#

Parser Impact#

Affected Files#

What Changed

Parser Impact

Affected Files