Commit79b03b4

committed

gis-9284 add strict mapping to Anomali

1 parent7ec3852 commit79b03b4Copy full SHA for 79b03b4

File tree

+54

-3

lines changed

+54

-3

lines changed

Lines changed: 11 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,19 @@`
`1`	`1`	`platform:Anomali`
`2`		`-description:Common field mapping`
	`2`	`+source:proxy`
`3`	`3`
`4`	`4`	`field_mapping:`
`5`	`5`	`c-uri-query:url`
`6`	`6`	`c-useragent:user_agent`
	`7`	`+c-uri:url`
	`8`	`+cs-method:http_method`
	`9`	`+cs-bytes:bytes_out`
	`10`	`+cs-referrer:http_referrer`
	`11`	`+sc-status:return_code`
	`12`	`+`
	`13`	`+dns-query:query`
	`14`	`+dns-answer:answer`
	`15`	`+dns-record:record_type`
	`16`	`+`
`7`	`17`	`CommandLine:command_line`
`8`	`18`	`DestinationHostname:dest`
`9`	`19`	`DestinationIp:dest_ip`

Lines changed: 41 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,41 @@`
	`1`	`+platform:Anomali`
	`2`	`+source:webserver`
	`3`	`+`
	`4`	`+field_mapping:`
	`5`	`+c-uri-query:url`
	`6`	`+c-useragent:user_agent`
	`7`	`+c-uri:url`
	`8`	`+cs-method:http_method`
	`9`	`+cs-bytes:bytes_out`
	`10`	`+cs-referrer:http_referrer`
	`11`	`+sc-status:return_code`
	`12`	`+`
	`13`	`+dns-query:query`
	`14`	`+dns-answer:answer`
	`15`	`+dns-record:record_type`
	`16`	`+`
	`17`	`+CommandLine:command_line`
	`18`	`+DestinationHostname:dest`
	`19`	`+DestinationIp:dest_ip`
	`20`	`+DestinationPort:dest_port`
	`21`	`+Details:reg_value_data`
	`22`	`+dst_ip:dest_ip`
	`23`	`+dst_port:dest_port`
	`24`	`+EventID:event_id`
	`25`	`+EventName:event_name`
	`26`	`+FileName:file_name`
	`27`	`+FilePath:file_path`
	`28`	`+Image:image`
	`29`	`+NewProcessName:image`
	`30`	`+OriginalFileName:original_file_name`
	`31`	`+ParentCommandLine:parent_command_line`
	`32`	`+ParentImage:parent_image`
	`33`	`+ParentProcessID:parent_process_id`
	`34`	`+Platform:platform`
	`35`	`+ProcessCommandLine:command_line`
	`36`	`+ProcessID:process_id`
	`37`	`+SourceImage:parent_image`
	`38`	`+SourcePort:src_port`
	`39`	`+TargetFilename:file_name`
	`40`	`+TargetObject:reg_key`
	`41`	`+UserAgent:user_agent`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-fromapp.translator.core.mappingimportBaseCommonPlatformMappings,LogSourceSignature`
	`1`	`+fromapp.translator.core.mappingimportBaseStrictLogSourcesPlatformMappings,LogSourceSignature`
`2`	`2`	`fromapp.translator.platforms.anomali.constimportanomali_query_details`
`3`	`3`
`4`	`4`
`@@ -10,7 +10,7 @@ def __str__(self) -> str:`
`10`	`10`	`return""`
`11`	`11`
`12`	`12`
`13`		`-classAnomaliMappings(BaseCommonPlatformMappings):`
	`13`	`+classAnomaliMappings(BaseStrictLogSourcesPlatformMappings):`
`14`	`14`	`defprepare_log_source_signature(self,mapping:dict)->AnomaliLogSourceSignature:# noqa: ARG002`
`15`	`15`	`returnAnomaliLogSourceSignature()`
`16`	`16`

Comments

(0)