What Changed

Version bump from 0.1.0 to 0.1.1 for both ASimAuthentication and vimAuthentication VMware vCenter parsers with multiple field mapping corrections.

Parser Impact

Field mapping fixes resolve data fidelity gaps in the ASIM Authentication schema normalization:

  • ActorUsername → TargetUsername: Corrects field name to match ASIM Authentication schema specification — queries referencing TargetUsername against this parser previously returned null
  • Device ID extraction: New DvcId field extracted from PreEventString via split(PreEventString, " “)[3] — adds missing device identification capability
  • User alias mapping: Added User field mapped to TargetUsername for improved query compatibility
  • EventSeverity field: Previously missing field now included in output projection — severity-based filtering was incomplete

Additional improvements in the filtering parser (vim):

  • Username filtering: Added proper username_has_any filtering against TargetUsername field — filtering by username parameters was not functional

Security Impact (Visibility & Fidelity)

These are data fidelity fixes, not cosmetic changes. Deployments using the previous parser version had:

  • Null results for queries referencing TargetUsername, User, or DvcId fields
  • Incomplete severity-based filtering due to missing EventSeverity projection
  • Non-functional username filtering in parameterized queries (vim parser only)

The parser normalizes VMware vCenter UserLoginSessionEvent and UserLogoutSessionEvent logs from vcenter_CL and AVSVcSyslog tables into the ASIM Authentication schema.

Affected Files

Parsers/ASimAuthentication/ARM/ASimAuthenticationVMwareVCenter/ASimAuthenticationVMwareVCenter.json
Parsers/ASimAuthentication/ARM/vimAuthenticationVMwareVCenter/vimAuthenticationVMwareVCenter.json
Parsers/ASimAuthentication/CHANGELOG/ASimAuthenticationVMwareVCenter.md
Parsers/ASimAuthentication/CHANGELOG/vimAuthenticationVMwareVCenter.md
Parsers/ASimAuthentication/Parsers/ASimAuthenticationVMwareVCenter.yaml
Parsers/ASimAuthentication/Parsers/vimAuthenticationVMwareVCenter.yaml