Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit134d78a

Browse files
authored
Merge pull request#177 from UncoderIO/gis-aql-upd-2024-07-20
aql fields upd
2 parents9eed876 +edd2c85 commit134d78a

File tree

7 files changed

+30
-4
lines changed

7 files changed

+30
-4
lines changed

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml‎

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ field_mapping:
1414
ProcessName:
1515
-xdm.target.process.name
1616
-xdm.source.process.name
17+
ProcessPath:xdm.target.process.executable.path
1718
ImageLoaded:
1819
-xdm.target.process.executable.filename
1920
-xdm.source.process.executable.filename
@@ -64,7 +65,7 @@ field_mapping:
6465
dns-query:xdm.network.dns.dns_question.name
6566
dns-answer:xdm.network.dns.dns_resource_record.value
6667
dns-record:xdm.network.dns.dns_question.name
67-
FileName:xdm.target.file.path
68+
FileName:xdm.target.file.filename
6869
IpAddress:xdm.source.ipv4
6970
IpPort:xdm.source.port
7071
LogonProcessName:xdm.target.process.executable.path
@@ -127,3 +128,7 @@ field_mapping:
127128
url_category:xdm.network.http.url_category
128129
EventSeverity:xdm.alert.severity
129130
duration:xdm.event.duration
131+
FileExtension:xdm.target.file.extension
132+
Workstation:xdm.source.host.hostname
133+
RegistryKey:xdm.target.registry.key
134+
RegistryValue:xdm.target.registry.value

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_image_load.yml‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ default_log_source:
99

1010
field_mapping:
1111
ImageLoaded:action_module_path
12+
FileExtension:action_file_extension
1213
md5:action_module_md5
1314
sha256:action_module_sha256
1415
User:actor_effective_username

‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml‎

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ field_mapping:
1919
src-port:
2020
-SourcePort
2121
-localport
22+
-sourcePort
2223
src-ip:
2324
-sourceip
2425
-source_ip
@@ -34,6 +35,8 @@ field_mapping:
3435
User:
3536
-userName
3637
-EventUserName
38+
-Username
39+
-Security ID
3740
CommandLine:Command
3841
Protocol:
3942
-IPProtocol
@@ -78,4 +81,14 @@ field_mapping:
7881
Source:
7982
-Source
8083
-source
81-
duration:duration
84+
duration:duration
85+
Workstation:Machine Identifier
86+
GroupMembership:Role Name
87+
FileName:
88+
-Filename
89+
-File Name
90+
RegistryKey:
91+
-Registry Key
92+
-Target Object
93+
RegistryValue:RegistryValue
94+
ProcessPath:Process Path

‎uncoder-core/app/translator/mappings/platforms/qradar/linux_process_creation.yml‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ field_mapping:
1414
CommandLine:
1515
-Command
1616
-ASACommand
17+
-Command Arguments
1718
Image:Process Path
1819
ParentCommandLine:Parent Command
1920
ParentImage:Parent Process Path

‎uncoder-core/app/translator/mappings/platforms/qradar/windows_image_load.yml‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,4 +21,5 @@ field_mapping:
2121
-Signature Status
2222
-SignatureStatus
2323
OriginalFileName:OriginalFileName
24-
Signed:Signed
24+
Signed:Signed
25+
FileExtension:File Extension

‎uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml‎

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,15 +14,19 @@ field_mapping:
1414
CommandLine:
1515
-Command
1616
-Encoded Argument
17+
-Command Arguments
1718
CurrentDirectory:CurrentDirectory
1819
Hashes:File Hash
1920
Image:
2021
-Process Path
2122
-Process Name
2223
-DGApplication
24+
-ProcessName
2325
IntegrityLevel:IntegrityLevel
2426
ParentCommandLine:Parent Command
25-
ParentImage:Parent Process Path
27+
ParentImage:
28+
-Parent Process Path
29+
-ParentProcessName
2630
ParentUser:ParentUser
2731
Product:Product
2832
User:

‎uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ field_mapping:
1212
EventID:
1313
-Event ID
1414
-EventID
15+
-qidEventId
1516
ParentImage:Parent Process Path
1617
AccessMask:AccessMask
1718
AccountName:Account Name

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp