Commiteb24b13

authored

Merge pull request#175 from UncoderIO/gis-aql-upd-2024-07-17

new fields

2 parentse22f189 +4567900 commiteb24b13Copy full SHA for eb24b13

File tree

+19

-2

lines changed

uncoder-core/app/translator/mappings/platforms
- palo_alto_cortex
  - default.yml
- qradar
  - default.yml

+19

-2

lines changed

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ field_mapping:`
`47`	`47`	`c-uri-query:xdm.network.http.url`
`48`	`48`	`QueryName:xdm.network.dns.dns_question.name`
`49`	`49`	`Application:xdm.network.application_protocol`
	`50`	`+sourceNetwork:xdm.source.subnet`
`50`	`51`	`SourceHostName:xdm.source.host.hostname`
`51`	`52`	`DestinationHostname:xdm.target.host.hostname`
`52`	`53`	`Hashes:`
`@@ -128,7 +129,13 @@ field_mapping:`
`128`	`129`	`url_category:xdm.network.http.url_category`
`129`	`130`	`EventSeverity:xdm.alert.severity`
`130`	`131`	`duration:xdm.event.duration`
	`132`	`+ThreatName:xdm.alert.original_threat_id`
	`133`	`+AnalyzerName:xdm.observer.type`
	`134`	`+Classification:xdm.alert.category`
	`135`	`+ResultCode:xdm.event.outcome_reason`
	`136`	`+Technique:xdm.alert.mitre_techniques`
	`137`	`+Action:xdm.event.outcome`
`131`	`138`	`FileExtension:xdm.target.file.extension`
`132`	`139`	`Workstation:xdm.source.host.hostname`
`133`	`140`	`RegistryKey:xdm.target.registry.key`
`134`		`-RegistryValue:xdm.target.registry.value`
	`141`	`+RegistryValue:xdm.target.registry.value`

Lines changed: 11 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@ field_mapping:`
`35`	`35`	`User:`
`36`	`36`	`-userName`
`37`	`37`	`-EventUserName`
	`38`	`+ -Alert Threat Cause Actor Name`
`38`	`39`	`-Username`
`39`	`40`	`-Security ID`
`40`	`41`	`CommandLine:Command`
`@@ -44,6 +45,7 @@ field_mapping:`
`44`	`45`	`Application:`
`45`	`46`	`-Application`
`46`	`47`	`-application`
	`48`	`+sourceNetwork:sourceNetwork`
`47`	`49`	`SourceHostName:`
`48`	`50`	`-HostCount-source`
`49`	`51`	`-identityHostName`
`@@ -82,6 +84,14 @@ field_mapping:`
`82`	`84`	`-Source`
`83`	`85`	`-source`
`84`	`86`	`duration:duration`
	`87`	`+ThreatName:`
	`88`	`+ -Threat Name`
	`89`	`+ -Alert Blocked Threat Category`
	`90`	`+AnalyzerName:Analyzer Name`
	`91`	`+Classification:Classification`
	`92`	`+ResultCode:Alert Reason Code`
	`93`	`+Technique:Technique`
	`94`	`+Action:Action`
`85`	`95`	`Workstation:Machine Identifier`
`86`	`96`	`GroupMembership:Role Name`
`87`	`97`	`FileName:`
`@@ -91,4 +101,4 @@ field_mapping:`
`91`	`101`	`-Registry Key`
`92`	`102`	`-Target Object`
`93`	`103`	`RegistryValue:RegistryValue`
`94`		`-ProcessPath:Process Path`
	`104`	`+ProcessPath:Process Path`

Comments

(0)