NotificationsYou must be signed in to change notification settings
Fork33
Star165

Commitd11f494

committed

Mapping fixes

1 parent3daa20b commitd11f494Copy full SHA for d11f494

File tree

8 files changed

+11

-35

lines changed

uncoder-core/app/translator/mappings/platforms
- chronicle
  - windows_sysmon.yml
- palo_alto_cortex
  - slack_slack.yml
  - webserver copy.yml
- qradar
- splunk
  - default.yml

8 files changed

+11

-35

lines changed

`‎uncoder-core/app/translator/mappings/platforms/chronicle/windows_sysmon.yml‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,3 +31,4 @@ field_mapping:`
`31`	`31`	`StartModule:target.resource.name`
`32`	`32`	`TargetImage:target.process.file.full_path`
`33`	`33`	`StartFunction:ScriptBlockText`
	`34`	`+event.Technique:security_result.detection_fields.value`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml‎`

Lines changed: 0 additions & 9 deletions

This file was deleted.

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml‎`

Lines changed: 0 additions & 14 deletions

This file was deleted.

`‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml‎`

Lines changed: 2 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,8 +14,6 @@ field_mapping:`
`14`	`14`	`-DstPort`
`15`	`15`	`-DestinationPort`
`16`	`16`	`-remoteport`
`17`		`-dst-hostname:DstHost`
`18`		`-src-hostname:SrcHost`
`19`	`17`	`src-port:`
`20`	`18`	`-SourcePort`
`21`	`19`	`-localport`
`@@ -41,7 +39,7 @@ field_mapping:`
`41`	`39`	`-Username`
`42`	`40`	`-Security ID`
`43`	`41`	`CommandLine:Command`
`44`		`-Protocol:`
	`42`	`+Protocol:`
`45`	`43`	`-IPProtocol`
`46`	`44`	`-protocol`
`47`	`45`	`Application:`
`@@ -96,7 +94,7 @@ field_mapping:`
`96`	`94`	`Action:Action`
`97`	`95`	`Workstation:Machine Identifier`
`98`	`96`	`GroupMembership:Role Name`
`99`		`-FileName:`
	`97`	`+FileName:`
`100`	`98`	`-Filename`
`101`	`99`	`-File Name`
`102`	`100`	`-Encoded Filename`

`‎uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml‎`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ field_mapping:`
`13`	`13`	`-URL`
`14`	`14`	`-XForceCategoryByURL`
`15`	`15`	`c-useragent:User Agent`
`16`		`-cs-method:`
	`16`	`+cs-method:`
`17`	`17`	`-HTTP Method`
`18`	`18`	`-Method`
`19`	`19`	`cs-bytes:Bytes Sent`
`@@ -24,19 +24,19 @@ field_mapping:`
`24`	`24`	`-URL Path`
`25`	`25`	`-URL Query String`
`26`	`26`	`#cs-cookie: cs-cookie`
`27`		`-cs-host:`
	`27`	`+cs-host:`
`28`	`28`	`-UrlHost`
`29`	`29`	`-URL Host`
`30`	`30`	`-URL Domain`
`31`	`31`	`-HTTP Host`
`32`		`-cs-referrer:`
	`32`	`+cs-referrer:`
`33`	`33`	`-URL Referrer`
`34`	`34`	`-Referrer URL`
`35`	`35`	`cs-version:HTTP Version`
`36`		`-r-dns:`
	`36`	`+r-dns:`
`37`	`37`	`-UrlHost`
`38`	`38`	`-URL Host`
`39`		`-sc-status:`
	`39`	`+sc-status:`
`40`	`40`	`-HTTP Response Code`
`41`	`41`	`-Response Code`
`42`	`42`	`#post-body: post-body`

`‎uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ field_mapping:`
`24`	`24`	`-ProcessName`
`25`	`25`	`IntegrityLevel:IntegrityLevel`
`26`	`26`	`ParentCommandLine:Parent Command`
`27`		`-ParentImage:`
	`27`	`+ParentImage:`
`28`	`28`	`-Parent Process Path`
`29`	`29`	`-ParentProcessName`
`30`	`30`	`ParentUser:ParentUser`

`‎uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -190,4 +190,4 @@ field_mapping:`
`190`	`190`	`StartType:StartType`
`191`	`191`	`UserID:UserID`
`192`	`192`	`ParentProcessName:Parent Process Name`
`193`		`-Service:Service`
	`193`	`+Service:Service`

`‎uncoder-core/app/translator/mappings/platforms/splunk/default.yml‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,4 @@ log_source:`
`6`	`6`	`source:WinEventLog:*`
`7`	`7`
`8`	`8`	`default_log_source:`
`9`		`-source:WinEventLog:*`
	`9`	`+source:WinEventLog:*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitd11f494

File tree

8 files changed

8 files changed

`‎uncoder-core/app/translator/mappings/platforms/chronicle/windows_sysmon.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml‎`

`‎uncoder-core/app/translator/mappings/platforms/splunk/default.yml‎`

0 commit comments