[ASIM] Netskope AlertEvent Parser

[Steve1145]

Change(s):

Added AlertEvent ASIM parser for Netskope Security Cloud logs (via Codeless Connector Framework by Tim Groothuis)

Reason for Change(s):

Support the table NetskopeAlerts_CL

Version Updated:

Yes

Top level Alert Event ASIM parsers updated to 0.1.4

Testing Completed:

Yes

Checked that the validations are passing and have addressed any issues that are present:

Yes

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds ASIM AlertEvent support for Netskope Security Cloud (NetskopeAlerts_CL), including both ASim* and vim* parsers and corresponding ARM deployments, and updates top-level AlertEvent parsers to version 0.1.4.

Changes:

• Introduces new Netskope AlertEvent parsers (ASimAlertEventNetskopeSecurityCloud + vimAlertEventNetskopeSecurityCloud).
• Wires the new parsers into the top-level ASimAlertEvent / imAlertEvent union parsers and updates versions to 0.1.4.
• Adds ARM templates + full deployment linkage, plus updates validation test fixtures (custom table schema) and ASIM tester enum values.

Reviewed changes

Copilot reviewed 17 out of 18 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
Parsers/ASimAlertEvent/Parsers/vimAlertEventNetskopeSecurityCloud.yaml	New source-specific (vim) Netskope AlertEvent normalization parser with filtering params.
Parsers/ASimAlertEvent/Parsers/ASimAlertEventNetskopeSecurityCloud.yaml	New schema-level (ASim) Netskope AlertEvent normalization parser.
Parsers/ASimAlertEvent/Parsers/imAlertEvent.yaml	Bumps version and adds Netskope vim parser to the union.
Parsers/ASimAlertEvent/Parsers/ASimAlertEvent.yaml	Bumps version and adds Netskope ASim parser to the union.
Parsers/ASimAlertEvent/CHANGELOG/vimAlertEventNetskopeSecurityCloud.md	New changelog entry for the new vim parser.
Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEventNetskopeSecurityCloud.md	New changelog entry for the new ASim parser.
Parsers/ASimAlertEvent/CHANGELOG/imAlertEvent.md	Adds a 0.1.4 changelog entry referencing Netskope addition.
Parsers/ASimAlertEvent/CHANGELOG/ASimAlertEvent.md	Adds a 0.1.4 changelog entry referencing Netskope addition.
Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/vimAlertEventNetskopeSecurityCloud.json	New ARM template for deploying the vim Netskope parser function.
Parsers/ASimAlertEvent/ARM/vimAlertEventNetskopeSecurityCloud/README.md	Deployment README for the vim Netskope parser ARM template.
Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/ASimAlertEventNetskopeSecurityCloud.json	New ARM template for deploying the ASim Netskope parser function.
Parsers/ASimAlertEvent/ARM/ASimAlertEventNetskopeSecurityCloud/README.md	Deployment README for the ASim Netskope parser ARM template.
Parsers/ASimAlertEvent/ARM/imAlertEvent/imAlertEvent.json	Updates ARM-deployed imAlertEvent union query to include Netskope vim parser.
Parsers/ASimAlertEvent/ARM/ASimAlertEvent/ASimAlertEvent.json	Updates ARM-deployed ASimAlertEvent union query to include Netskope ASim parser.
Parsers/ASimAlertEvent/ARM/FullDeploymentAlertEvent.json	Adds linked deployments for the new Netskope parser ARM templates.
ASIM/dev/ASimTester/ASimTester.csv	Extends DetectionMethod enum list to include new values used by parser logic.
.script/tests/KqlvalidationsTests/CustomTables/NetskopeAlerts_CL.json	Updates custom table schema used by KQL validation tests.