ASIM Schema Docs Pruned -- Canonical Definitions Moved to Microsoft Learn

What Changed

Nine ASIM schema definition YAML files have been deleted from ASIM/schemas/, along with the local ASIM parsers list.md file. The schemas removed cover: AuditEvent, Authentication, DHCPEvent, DNS, FileEvent, Notification, ProcessEvent, RegistryEvent, and UserManagement.

The ASIM/README.md has been updated to:

• Add a direct link to the Microsoft Learn ASIM parsers list as the new canonical parser inventory
• Add two previously undocumented schemas to the deployment table: Agent Event and Asset Entity (both currently have no parsers)

A stub placeholder (ASIM/dev/Forked Repos PRs/README.MD) containing only TBD has also been removed.

Parser Impact

This is a documentation housekeeping change. The deleted YAML files were schema reference documents used by parser authors and validators – they were not deployed KQL functions and have no runtime impact on Microsoft Sentinel. Existing deployed parsers (e.g., vimFileEvent*, vimRegistryEvent*) are unaffected.

Detection engineers relying on the local schema YAMLs for offline reference or tooling (e.g., schema validation scripts) should update their workflows to reference Microsoft Learn or the ASIM common schema files still present under ASIM/schemas/common/ and ASIM/schemas/entities/.

No normalised field names, filter logic, or parser behaviour changed. Existing detections using ASIM parsers are safe.

Affected Files

ASIM/ASIM parsers list.md
ASIM/README.md
ASIM/dev/Forked Repos PRs/README.MD
ASIM/schemas/ASimAuditEvent.yaml
ASIM/schemas/ASimAuthentication.yaml
ASIM/schemas/ASimDHCPEvent.yaml
ASIM/schemas/ASimDns.yaml
ASIM/schemas/ASimFileEvent.yaml
ASIM/schemas/ASimNotification.yaml
ASIM/schemas/ASimProcessEvent.yaml
ASIM/schemas/ASimRegistryEvent.yaml
ASIM/schemas/ASimUserManagement.yaml