ASIM Registry Event: Added Mandatory Fields for Microsoft 365 Defender Parser Compliance

What Changed

Added missing mandatory fields EventSchema and EventResult to both ASimRegistryEventMicrosoft365D and vimRegistryEventMicrosoft365D parsers for full ASIM RegistryEvent schema compliance.

Parser Impact

Enhanced ASIM schema compliance for Microsoft 365 Defender registry event normalization:

• EventSchema: Set to “RegistryEvent” to explicitly identify the normalized schema type
• EventResult: Set to “Success” as Microsoft 365 Defender registry events represent successful registry operations
• Version Update: Bumped parser version from 0.1.2 to 0.1.3

ASIM Compatibility

Fields added are mandatory per ASIM RegistryEvent schema specification. This ensures proper schema validation and compatibility with ASIM-aware detections and workbooks that reference these standardized fields.

Data Source

Normalizes DeviceRegistryEvents table from Microsoft 365 Defender for Endpoint, providing standardized registry monitoring for Windows systems including registry key/value creation, modification, and deletion events.

No changes to logic or filter behavior — this is a data fidelity fix ensuring complete ASIM field coverage for downstream analytics consuming normalized registry events.

Affected Files

Parsers/ASimRegistryEvent/ARM/ASimRegistryEventMicrosoft365D/ASimRegistryEventMicrosoft365D.json
Parsers/ASimRegistryEvent/ARM/vimRegistryEventMicrosoft365D/vimRegistryEventMicrosoft365D.json
Parsers/ASimRegistryEvent/CHANGELOG/ASimRegistryEventMicrosoft365D.md
Parsers/ASimRegistryEvent/CHANGELOG/vimRegistryEventMicrosoft365D.md
Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoft365D.yaml
Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoft365D.yaml