Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf4992b3

Browse files
authored
Merge pull request#123 from UncoderIO/gis-improve-qradar-mappings
Qradar AQL mapping improvements
2 parents5e68d2f +1c01203 commitf4992b3

File tree

3 files changed

+29
-8
lines changed

3 files changed

+29
-8
lines changed

‎uncoder-core/app/translator/mappings/platforms/qradar/default.yml‎

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,26 @@ platform: Qradar
22
source:default
33
description:Text that describe current mapping
44

5-
log_source:
6-
devicetype:
7-
-12
85

96
default_log_source:
10-
devicetype:12
7+
devicetype:12
8+
9+
10+
field_mapping:
11+
icmp.type:IcmpType
12+
dst-port:
13+
-DstPort
14+
-DestinationPort
15+
dst-hostname:DstHost
16+
src-port:SourcePort
17+
src-ip:
18+
-sourceip
19+
-source_ip
20+
-SourceIP
21+
dst-ip:
22+
-DestinationIP
23+
-destinationip
24+
-destination_ip
25+
User:userName
26+
CommandLine:Command
27+
Protocol:IPProtocol

‎uncoder-core/app/translator/mappings/platforms/qradar/linux_auditd.yml‎

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
platform:Qradar
22
source:linux_auditd
3-
description:Auditd field mappings to QRadar default CEPs.
3+
description:Text that describe current mapping
44

55
log_source:
66
devicetype:[11]
@@ -14,8 +14,10 @@ field_mapping:
1414
a2:Command
1515
a3:Command
1616
exe:Process Path
17-
CommandLine:Command
17+
CommandLine:
18+
-Process CommandLine
19+
-Command
1820
Image:Process Path
1921
User:username
2022
LogonId:Logon ID
21-
ParentImage:Parent Process Path
23+
ParentImage:Parent Process Path

‎uncoder-core/app/translator/mappings/platforms/qradar/linux_process_creation.yml‎

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,4 +14,6 @@ field_mapping:
1414
CommandLine:Command
1515
Image:Process Path
1616
ParentCommandLine:Parent Command
17-
ParentImage:Parent Process Path
17+
ParentImage:Parent Process Path
18+
User:username
19+
LogonId:Logon ID

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp