Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcf48a62

Browse files
authored
Merge pull request#153 from UncoderIO/gis-aql-19-06-2024
fix field SubjectAccountName
2 parents780bc15 +ca23816 commitcf48a62

File tree

3 files changed

+7
-4
lines changed

3 files changed

+7
-4
lines changed

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,7 @@ field_mapping:
7777
OldTargetUserName:xdm.target.user.username
7878
UserPrincipalName:xdm.source.user.username
7979
DestAddress:xdm.target.ipv4
80+
SubjectAccountName:xdm.source.user.username
8081
SubjectUserName:xdm.source.user.username
8182
SubjectUserSid:xdm.source.user.identifier
8283
SourceAddr:xdm.source.ipv4
@@ -117,7 +118,6 @@ field_mapping:
117118
method:xdm.network.http.method
118119
notice.user_agent:xdm.network.http.browser
119120
hasIdentity:xdm.source.user.identity_type
120-
SubjectAccountName:xdm.source.user.username
121121
ComputerName:xdm.source.host.hostname
122122
ExternalSeverity:xdm.alert.severity
123123
SourceMAC:xdm.source.host.mac_addresses

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,8 @@ default_log_source:
77
field_mapping:
88
EventID:action_evtlog_event_id
99
Provider_Name:provider_name
10-
10+
SubjectAccountName:actor_effective_username
11+
1112
raw_log_fields:
1213
ParentImage:regex
1314
AccessMask:regex

‎uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml‎

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,9 @@ field_mapping:
130130
NewValue:NewValue
131131
Source:Source
132132
Status:Status
133+
SubjectAccountName:
134+
-Subject Account Name
135+
-SubjectAccountName
133136
SubjectDomainName:SubjectDomainName
134137
SubjectUserName:Target Username
135138
SubjectUserSid:SubjectUserSid
@@ -171,5 +174,4 @@ field_mapping:
171174
UserID:UserID
172175
ParentProcessName:Parent Process Name
173176
Service:Service
174-
hasIdentity:hasIdentity
175-
SubjectAccountName:SubjectAccountName
177+
hasIdentity:hasIdentity

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp