Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit231070c

Browse files
authored
Merge pull request#209 from UncoderIO/microsoft_sentinel_mapping_upd
microsoft sentinel mapping update
2 parents5517ffe +7c6fce4 commit231070c

File tree

1 file changed

+46
-46
lines changed

1 file changed

+46
-46
lines changed

‎uncoder-core/app/translator/mappings/platforms/microsoft_sentinel/windows_security.yml‎

Lines changed: 46 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -14,16 +14,16 @@ field_mapping:
1414
AccessMask:AccessMask
1515
AccountName:AccountName
1616
AllowedToDelegateTo:AllowedToDelegateTo
17-
AttributeLDAPDisplayName:
17+
AttributeLDAPDisplayName:AttributeLDAPDisplayName
1818
AuditPolicyChanges:AuditPolicyChanges
1919
AuthenticationPackageName:AuthenticationPackageName
2020
CallingProcessName:CallingProcessName
2121
Channel:Channel
2222
ComputerName:Computer
2323
EventType:EventType
2424
FailureReason:FailureReason
25-
FileName:FilePath
26-
GrantedAccess:
25+
FileName:FileName
26+
GrantedAccess:GrantedAccess
2727
Hashes:FileHash
2828
HiveName:HiveName
2929
IpAddress:IpAddress
@@ -48,83 +48,83 @@ field_mapping:
4848
TaskContent:TaskContent
4949
ServiceSid:ServiceSid
5050
CertThumbprint:CertThumbprint
51-
ClassName:duplicate
52-
NotificationPackageName:ClassName
51+
ClassName:ClassName
52+
NotificationPackageName:NotificationPackageName
5353
NewSd:NewSd
5454
TestSigning:TestSigning
5555
TargetInfo:TargetInfo
56-
ClientProcessId:TargetInfo
56+
ClientProcessId:ClientProcessId
5757
ParentProcessId:ParentProcessId
5858
AccessList:AccessList
5959
GroupMembership:GroupMembership
6060
FilterName:FilterName
6161
ChangeType:ChangeType
6262
LayerName:LayerName
6363
ServiceAccount:ServiceAccount
64-
AttributeValue:ServiceAccount
64+
AttributeValue:AttributeValue
6565
SessionName:SessionName
6666
TaskName:TaskName
67-
ObjectDN:SessionName
67+
ObjectDN:ObjectDN
6868
TemplateContent:TemplateContent
6969
NewTemplateContent:NewTemplateContent
70-
SourcePort:TemplateContent
70+
SourcePort:SourcePort
7171
PasswordLastSet:PasswordLastSet
7272
PrivilegeList:PrivilegeList
73-
DeviceDescription:PasswordLastSet
74-
TargetServerName:PrivilegeList
75-
NewTargetUserName:DeviceDescription
76-
OperationType:TargetServerName
73+
DeviceDescription:DeviceDescription
74+
TargetServerName:TargetServerName
75+
NewTargetUserName:NewTargetUserName
76+
OperationType:OperationType
7777
DestPort:DestPort
78-
ServiceStartType:OperationType
78+
ServiceStartType:ServiceStartType
7979
OldTargetUserName:OldTargetUserName
80-
UserPrincipalName:ServiceStartType
80+
UserPrincipalName:UserPrincipalName
8181
Accesses:Accesses
82-
DnsHostName:UserPrincipalName
83-
DisableIntegrityChecks:AccessList
82+
DnsHostName:DnsHostName
83+
DisableIntegrityChecks:DisableIntegrityChecks
8484
AuditSourceName:AuditSourceName
8585
Workstation:Workstation
8686
DestAddress:DestAddress
87-
PreAuthType:Workstation
87+
PreAuthType:PreAuthType
8888
SecurityPackageName:SecurityPackageName
8989
SubjectLogonId:SubjectLogonId
9090
NewUacValue:NewUacValue
91-
EnabledPrivilegeList:SubjectLogonId
92-
RelativeTargetName:NewUacValue
91+
EnabledPrivilegeList:EnabledPrivilegeList
92+
RelativeTargetName:RelativeTargetName
9393
CertSerialNumber:CertSerialNumber
94-
SidHistory:RelativeTargetName
94+
SidHistory:SidHistory
9595
TargetLogonId:TargetLogonId
96-
KernelDebug:SidHistory
97-
CallerProcessName:TargetLogonId
96+
KernelDebug:KernelDebug
97+
CallerProcessName:CallerProcessName
9898
ProcessName:ProcessName
99-
Properties:CallerProcessName
100-
UserAccountControl:ProcessName
101-
RegistryValue:Properties
102-
SecurityID:UserAccountControl
99+
Properties:Properties
100+
UserAccountControl:UserAccountControl
101+
RegistryValue:RegistryValue
102+
SecurityID:SecurityID
103103
ServiceFileName:ServiceFileName
104-
SecurityDescriptor:SecurityID
105-
ServiceName:ServiceFileName
106-
ShareName:SecurityDescriptor
107-
NewValue:ServiceName
108-
Source:ShareName
109-
Status:NewValue
104+
SecurityDescriptor:SecurityDescriptor
105+
ServiceName:ServiceName
106+
ShareName:ShareName
107+
NewValue:NewValue
108+
Source:Source
109+
Status:Status
110110
SubjectDomainName:SubjectDomainName
111-
SubjectUserName:Status
112-
SubjectUserSid:SubjectDomainName
113-
SourceAddr:SubjectUserName
114-
SourceAddress:SubjectUserSid
111+
SubjectUserName:SubjectUserName
112+
SubjectUserSid:SubjectUserSid
113+
SourceAddr:SourceAddr
114+
SourceAddress:SourceAddress
115115
TargetName:TargetName
116116
ServicePrincipalNames:ServicePrincipalNames
117-
TargetDomainName:TargetName
117+
TargetDomainName:TargetDomainName
118118
TargetSid:TargetSid
119-
TargetUserName:TargetDomainName
120-
ObjectServer:TargetSid
121-
TargetUserSid:TargetUserName
122-
TicketEncryptionType:ObjectServer
123-
TicketOptions:TargetUserSid
119+
TargetUserName:TargetUserName
120+
ObjectServer:ObjectServer
121+
TargetUserSid:TargetUserSid
122+
TicketEncryptionType:TicketEncryptionType
123+
TicketOptions:TicketOptions
124124
WorkstationName:WorkstationName
125125
TransmittedServices:TransmittedServices
126-
AuthenticationAlgorithm:WorkstationName
127-
LayerRTID:TransmittedServices
126+
AuthenticationAlgorithm:AuthenticationAlgorithm
127+
LayerRTID:LayerRTID
128128
BSSID:BSSID
129129
BSSType:BSSType
130130
CipherAlgorithm:CipherAlgorithm
@@ -139,7 +139,7 @@ field_mapping:
139139
Domain:Domain
140140
ServiceType:ServiceType
141141
SourceName:SourceName
142-
StartType:ServiceType
142+
StartType:StartType
143143
UserID:UserID
144144
ParentProcessName:ParentProcessName
145145
Service:Service

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp