Commit4536c50

committed

new fields

1 parent9eed876 commit4536c50Copy full SHA for 4536c50

File tree

+19

-1

lines changed

uncoder-core/app/translator/mappings/platforms
- palo_alto_cortex
  - default.yml
- qradar
  - default.yml

+19

-1

lines changed

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ field_mapping:`
`46`	`46`	`c-uri-query:xdm.network.http.url`
`47`	`47`	`QueryName:xdm.network.dns.dns_question.name`
`48`	`48`	`Application:xdm.network.application_protocol`
	`49`	`+sourceNetwork:xdm.source.subnet`
`49`	`50`	`SourceHostName:xdm.source.host.hostname`
`50`	`51`	`DestinationHostname:xdm.target.host.hostname`
`51`	`52`	`Hashes:`
`@@ -127,3 +128,9 @@ field_mapping:`
`127`	`128`	`url_category:xdm.network.http.url_category`
`128`	`129`	`EventSeverity:xdm.alert.severity`
`129`	`130`	`duration:xdm.event.duration`
	`131`	`+ThreatName:xdm.alert.original_threat_id`
	`132`	`+AnalyzerName:xdm.observer.type`
	`133`	`+Classification:xdm.alert.category`
	`134`	`+ResultCode:xdm.event.outcome_reason`
	`135`	`+Technique:xdm.alert.mitre_techniques`
	`136`	`+Action:xdm.event.outcome`

Lines changed: 12 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ field_mapping:`
`19`	`19`	`src-port:`
`20`	`20`	`-SourcePort`
`21`	`21`	`-localport`
	`22`	`+ -sourcePort`
`22`	`23`	`src-ip:`
`23`	`24`	`-sourceip`
`24`	`25`	`-source_ip`
`@@ -34,13 +35,15 @@ field_mapping:`
`34`	`35`	`User:`
`35`	`36`	`-userName`
`36`	`37`	`-EventUserName`
	`38`	`+ -Alert Threat Cause Actor Name`
`37`	`39`	`CommandLine:Command`
`38`	`40`	`Protocol:`
`39`	`41`	`-IPProtocol`
`40`	`42`	`-protocol`
`41`	`43`	`Application:`
`42`	`44`	`-Application`
`43`	`45`	`-application`
	`46`	`+sourceNetwork:sourceNetwork`
`44`	`47`	`SourceHostName:`
`45`	`48`	`-HostCount-source`
`46`	`49`	`-identityHostName`
`@@ -78,4 +81,12 @@ field_mapping:`
`78`	`81`	`Source:`
`79`	`82`	`-Source`
`80`	`83`	`-source`
`81`		`-duration:duration`
	`84`	`+duration:duration`
	`85`	`+ThreatName:`
	`86`	`+ -Threat Name`
	`87`	`+ -Alert Blocked Threat Category`
	`88`	`+AnalyzerName:Analyzer Name`
	`89`	`+Classification:Classification`
	`90`	`+ResultCode:Alert Reason Code`
	`91`	`+Technique:Technique`
	`92`	`+Action:Action`

Comments

(0)