Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb5b79dc

Browse files
authored
Merge pull request#132 from UncoderIO/gis-7980
Add XQL mappings
2 parentsabfc3d6 +a821bdb commitb5b79dc

File tree

5 files changed

+57
-2
lines changed

5 files changed

+57
-2
lines changed

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ platform: Palo Alto XSIAM
22
source:webserver
33

44
default_log_source:
5-
dataset:[apache_tomcat_raw, nginx_nginx_raw, apache_tomcat_raw]
5+
datamodel:datamodel
66

77
field_mapping:
88
c-uri:xdm.network.http.url
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
platform:Palo Alto XSIAM
2+
source:windows_pipe_created
3+
4+
default_log_source:
5+
preset:xdr_event_log
6+
7+
field_mapping:
8+
EventID:action_evtlog_event_id
9+
10+
raw_log_fields:
11+
-PipeName
12+
-Image
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
platform:Palo Alto XSIAM
2+
source:windows_process_access
3+
4+
default_log_source:
5+
preset:xdr_event_log
6+
7+
field_mapping:
8+
User:action_process_username
9+
10+
raw_log_fields:
11+
-SourceProcessGUID
12+
-SourceProcessId
13+
-SourceThreadId
14+
-SourceImage
15+
-TargetProcessGUID
16+
-TargerProcessId
17+
-TargetImage
18+
-GrantedAccess
19+
-CallTrace

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ default_log_source:
88
field_mapping:
99
EventID:action_evtlog_event_id
1010
OriginalFileName:actor_process_file_original_name
11+
Description:action_evtlog_description
1112

1213
raw_log_fields:
1314
-CommandLine
@@ -16,7 +17,6 @@ raw_log_fields:
1617
-CallTrace
1718
-Company
1819
-CurrentDirectory
19-
-Description
2020
-DestinationHostname
2121
-DestinationIp
2222
-DestinationIsIpv6
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
2+
platform:Sigma
3+
source:windows_process_access
4+
5+
6+
log_source:
7+
product:[windows]
8+
category:[process_access]
9+
10+
default_log_source:
11+
product:windows
12+
category:process_access
13+
14+
field_mapping:
15+
SourceProcessGUID:SourceProcessGUID
16+
SourceProcessId:SourceProcessId
17+
SourceThreadId:SourceThreadId
18+
SourceImage:SourceImage
19+
TargetProcessGUID:TargetProcessGUID
20+
TargerProcessId:TargerProcessId
21+
TargetImage:TargetImage
22+
GrantedAccess:GrantedAccess
23+
CallTrace:CallTrace
24+
User:User

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp