ASIM Parser Validation: Critical Schemas Added to CI Pipeline

What Changed

The CI pipeline’s parser validation database was updated to include four previously missing ASIM schemas: AlertEvent, AssetEntity, DhcpEvent, and UserManagement. These schemas now have their KQL validated when PRs are submitted.

Security Impact (Validation Coverage)

Prior to this fix, parsers implementing these four ASIM schemas bypassed automated KQL validation during the PR process. This created a blind spot where syntax errors, logic flaws, or security-relevant parsing issues could reach production without automated detection.

The missing schemas were:

ASimAlertEvent (_Im_AlertEvent sample function)
ASimAssetEntity (_Im_AssetEntity sample function)
ASimDhcpEvent (_Im_DhcpEvent sample function)
ASimUserManagement (_Im_UserManagement sample function)

Parsers implementing these schemas will now undergo the same rigorous KQL validation as other ASIM schemas, reducing the risk of deployment failures and data ingestion issues.

Affected Files

.script/tests/KqlvalidationsTests/FunctionSchemasLoaders/ParsersDatabase.cs

What Changed#

Security Impact (Validation Coverage)#

Affected Files#

What Changed

Security Impact (Validation Coverage)

Affected Files