Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitdf5adcd

Browse files
committed
Improve mappings
1 parentbed3a1e commitdf5adcd

File tree

6 files changed

+38
-12
lines changed

6 files changed

+38
-12
lines changed

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml‎

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,5 +41,6 @@ field_mapping:
4141
dst-hostname:xdm.target.host.hostname
4242
icmp.type:xdm.network.icmp.type
4343
icmp.code:xdm.network.icmp.code
44-
URL:xdm.target.url
45-
QueryName:xdm.target.url
44+
c-uri:xdm.network.http.url
45+
c-uri-query:xdm.network.http.url
46+
QueryName:xdm.network.dns.dns_question.name

‎uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/firewall.yml‎

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,4 +51,6 @@ field_mapping:
5151
ParentIntegrityLevel:causality_actor_process_integrity_level
5252
ParentLogonId:causality_actor_process_logon_id
5353
ParentProduct:causality_actor_process_signature_product
54-
ParentCompany:causality_actor_process_signature_vendor
54+
ParentCompany:causality_actor_process_signature_vendor
55+
Application:xdm.network.application_protocol
56+
application:xdm.network.application_protocol

‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml‎

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ field_mapping:
1313
-DstPort
1414
-DestinationPort
1515
dst-hostname:DstHost
16+
src-hostname:SrcHost
1617
src-port:SourcePort
1718
src-ip:
1819
-sourceip
@@ -24,4 +25,7 @@ field_mapping:
2425
-destination_ip
2526
User:userName
2627
CommandLine:Command
27-
Protocol:IPProtocol
28+
Protocol:IPProtocol
29+
Application:
30+
-Application
31+
-application

‎uncoder-core/app/translator/mappings/platforms/qradar/dns.yml‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ default_log_source:
99
devicetype:185
1010

1111
field_mapping:
12-
dns-query:dns-query
12+
dns-query:URL
1313
parent-domain:parent-domain
1414
dns-answer:dns-answer
15-
dns-record:dns-record
15+
dns-record:URL

‎uncoder-core/app/translator/mappings/platforms/qradar/firewall.yml‎

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,24 @@ default_log_source:
99
devicetype:4
1010

1111
field_mapping:
12-
src-ip:sourceip
13-
src-port:sourceport
14-
dst-ip:destinationip
15-
dst-port:sestinationport
12+
src-ip:
13+
-sourceip
14+
-SrcHost
15+
-LocalHost
16+
-Source
17+
-NetworkView
18+
src-port:
19+
-sourceport
20+
-SrcPort
21+
-LocalPort
22+
dst-ip:
23+
-destinationip
24+
-DstHost
25+
-RemoteHost
26+
-Destination
27+
dst-port:
28+
-destinationport
29+
-DstPort
30+
-RemotePort
31+
Protocol:IPProtocol
32+
Application:Application

‎uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml‎

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,10 @@ default_log_source:
99
devicetype:46
1010

1111
field_mapping:
12-
c-uri:URL
13-
c-useragent:c-useragent
12+
c-uri:
13+
-URL
14+
-XForceCategoryByURL
15+
c-useragent:User Agent
1416
cs-method:cs-method
1517
cs-bytes:Bytes Sent
1618
cs-cookie-vars:cs-cookie-vars

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp