diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_image_load.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_image_load.yml
new file mode 100644
index 00000000..d3aa7544
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_image_load.yml
@@ -0,0 +1,18 @@
+platform: Anomali
+source: windows_image_load
+
+
+log_source:
+  product: [windows]
+  category: [image_load]
+
+default_log_source:
+  product: windows
+  category: image_load
+
+field_mapping:
+  Image: image
+  #ImageLoaded: ImageLoaded
+  #SignatureStatus: SignatureStatus
+  OriginalFileName: original_file_name
+  #Signed: Signed
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_network_connection.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_network_connection.yml
new file mode 100644
index 00000000..c18cc5c3
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_network_connection.yml
@@ -0,0 +1,20 @@
+platform: Anomali
+source: windows_network_connection
+
+
+log_source:
+  product: [windows]
+  category: [network_connection]
+
+default_log_source:
+  product: windows
+  category: network_connection
+
+field_mapping:
+  Image: image
+  DestinationHostname: dest
+  DestinationIp: dest_ip
+  DestinationPort: dest_port
+  SourceIp: src_ip
+  SourcePort: src_port
+  #Initiated: Initiated
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_pipe_created.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_pipe_created.yml
new file mode 100644
index 00000000..9144d683
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_pipe_created.yml
@@ -0,0 +1,16 @@
+platform: Anomali
+source: windows_pipe_created
+
+
+log_source:
+  product: [windows]
+  category: [pipe_created]
+
+default_log_source:
+  product: windows
+  category: pipe_created
+
+field_mapping:
+  EventID: event_id
+  #PipeName: PipeName
+  Image: image
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_process_access.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_process_access.yml
new file mode 100644
index 00000000..5f105eb0
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_process_access.yml
@@ -0,0 +1,24 @@
+
+platform: Anomali
+source: windows_process_access
+
+
+log_source:
+  product: [windows]
+  category: [process_access]
+
+default_log_source:
+  product: windows
+  category: process_access
+
+field_mapping:
+  #SourceProcessGUID: SourceProcessGUID
+  #SourceProcessId: SourceProcessId
+  #SourceThreadId: SourceThreadId
+  #ourceImage: SourceImage
+  #TargetProcessGUID: TargetProcessGUID
+  #TargerProcessId: TargerProcessId
+  #TargetImage: TargetImage
+  #GrantedAccess: GrantedAccess
+  #CallTrace: CallTrace
+  User: user
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_process_creation.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_process_creation.yml
new file mode 100644
index 00000000..8af5bdbe
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_process_creation.yml
@@ -0,0 +1,23 @@
+platform: Anomali
+source: windows_process_creation
+
+
+log_source:
+  product: [windows]
+  category: [process_creation]
+
+default_log_source:
+  product: windows
+  category: process_creation
+
+field_mapping:
+  CommandLine: command_line
+  #CurrentDirectory: CurrentDirectory
+  Hashes: file_hash
+  Image: image
+  #IntegrityLevel: IntegrityLevel
+  ParentCommandLine: parent_command_line
+  ParentImage: parent_image
+  #ParentUser: ParentUser
+  #Product: Product
+  User: user
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_registry_event.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_registry_event.yml
new file mode 100644
index 00000000..aa91e179
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_registry_event.yml
@@ -0,0 +1,31 @@
+platform: Anomali
+source: windows_registry_event
+
+log_source:
+  product: [windows]
+  category: [registry_event, registry_set, registry_delete, registry_add]
+
+default_log_source:
+  product: windows
+  category: registry_event
+
+field_mapping:
+  TargetObject: reg_key
+  Image: image
+  Details: reg_value_data
+  EventType: event_name
+  CommandLine: command_line
+  #LogonId: LogonId
+  #Product: Product
+  #Company: Company
+  #IntegrityLevel: IntegrityLevel
+  #CurrentDirectory: CurrentDirectory
+  ProcessId: process_id
+  ParentProcessId: parent_process_id
+  ParentCommandLine: parent_command_line
+  ParentImage: parent_image
+  #ParentUser: ParentUser
+  #ParentIntegrityLevel: ParentIntegrityLevel
+  #ParentLogonId: ParentLogonId
+  #ParentProduct: ParentProduct
+  #ParentCompany: ParentCompany
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_security.yml
new file mode 100644
index 00000000..6809de3c
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_security.yml
@@ -0,0 +1,147 @@
+platform: Anomali
+source: windows_security
+
+
+log_source:
+  product: [windows]
+  service: [security]
+
+default_log_source:
+  product: windows
+  service: security
+
+field_mapping:
+  EventID: event_id
+  ParentImage: parent_image
+  #AccessMask: AccessMask
+  AccountName: user
+  #AllowedToDelegateTo: AllowedToDelegateTo
+  #AttributeLDAPDisplayName: AttributeLDAPDisplayName
+  #AuditPolicyChanges: AuditPolicyChanges
+  #AuthenticationPackageName: AuthenticationPackageName
+  #CallingProcessName: CallingProcessName
+  #Channel: Channel
+  #ComputerName: ComputerName
+  #EventType: EventType
+  #FailureReason: FailureReason
+  #FileName: FileName
+  #GrantedAccess: GrantedAccess
+  #Hashes: Hashes
+  #HiveName: HiveName
+  #IpAddress: IpAddress
+  #IpPort: IpPort
+  #KeyLength: KeyLength
+  #LogonProcessName: LogonProcessName
+  #LogonType: LogonType
+  #LinkName: LinkName
+  #MemberName: MemberName
+  #MemberSid: MemberSid
+  #NewProcessName: NewProcessName
+  #ObjectClass: ObjectClass
+  #ObjectType: ObjectType
+  #ObjectValueName: ObjectValueName
+  #Path: Path
+  #CommandLine: CommandLine
+  #OldUacValue: OldUacValue
+  #CertIssuerName: CertIssuerName
+  #SubStatus: SubStatus
+  #DisplayName: DisplayName
+  #TaskContent: TaskContent
+  #ServiceSid: ServiceSid
+  #CertThumbprint: CertThumbprint
+  #ObjectName: ObjectName
+  #ClassName: ClassName
+  #NotificationPackageName: NotificationPackageName
+  #NewSd: NewSd
+  #TestSigning: TestSigning
+  #TargetInfo: TargetInfo
+  #ParentProcessId: ParentProcessId
+  #AccessList: AccessList
+  #GroupMembership: GroupMembership
+  #FilterName: FilterName
+  #ChangeType: ChangeType
+  #LayerName: LayerName
+  #ServiceAccount: ServiceAccount
+  #ClientProcessId: ClientProcessId
+  #AttributeValue: AttributeValue
+  #SessionName: SessionName
+  #TaskName: TaskName
+  #ObjectDN: ObjectDN
+  #TemplateContent: TemplateContent
+  #NewTemplateContent: NewTemplateContent
+  #SourcePort: SourcePort
+  #PasswordLastSet: PasswordLastSet
+  #PrivilegeList: PrivilegeList
+  #DeviceDescription: DeviceDescription
+  #TargetServerName: TargetServerName
+  #NewTargetUserName: NewTargetUserName
+  #OperationType: OperationType
+  #DestPort: DestPort
+  #ServiceStartType: ServiceStartType
+  #OldTargetUserName: OldTargetUserName
+  #UserPrincipalName: UserPrincipalName
+  #Accesses: Accesses
+  #DnsHostName: DnsHostName
+  #DisableIntegrityChecks: DisableIntegrityChecks
+  #AuditSourceName: AuditSourceName
+  #Workstation: Workstation
+  #DestAddress: DestAddress
+  #PreAuthType: PreAuthType
+  #SecurityPackageName: SecurityPackageName
+  #SubjectLogonId: SubjectLogonId
+  #NewUacValue: NewUacValue
+  #EnabledPrivilegeList: EnabledPrivilegeList
+  #RelativeTargetName: RelativeTargetName
+  #CertSerialNumber: CertSerialNumber
+  #SidHistory: SidHistory
+  #TargetLogonId: TargetLogonId
+  #KernelDebug: KernelDebug
+  #CallerProcessName: CallerProcessName
+  #Properties: Properties
+  #UserAccountControl: UserAccountControl
+  #RegistryValue: RegistryValue
+  #SecurityID: SecurityID
+  #ServiceFileName: ServiceFileName
+  #SecurityDescriptor: SecurityDescriptor
+  #ServiceName: ServiceName
+  #ShareName: ShareName
+  #NewValue: NewValue
+  #Source: Source
+  #Status: Status
+  #SubjectDomainName: SubjectDomainName
+  #SubjectUserName: SubjectUserName
+  #SubjectUserSid: SubjectUserSid
+  #SourceAddr: SourceAddr
+  #SourceAddress: SourceAddress
+  #TargetName: TargetName
+  #ServicePrincipalNames: ServicePrincipalNames
+  #TargetDomainName: TargetDomainName
+  #TargetSid: TargetSid
+  #TargetUserName: TargetUserName
+  #ObjectServer: ObjectServer
+  #TargetUserSid: TargetUserSid
+  #TicketEncryptionType: TicketEncryptionType
+  #TicketOptions: TicketOptions
+  #WorkstationName: WorkstationName
+  #TransmittedServices: TransmittedServices
+  #AuthenticationAlgorithm: AuthenticationAlgorithm
+  #LayerRTID: LayerRTID
+  #BSSID: BSSID
+  #BSSType: BSSType
+  #CipherAlgorithm: CipherAlgorithm
+  #ConnectionId: ConnectionId
+  #ConnectionMode: ConnectionMode
+  #InterfaceDescription: InterfaceDescription
+  #InterfaceGuid: InterfaceGuid
+  #OnexEnabled: OnexEnabled
+  #PHYType: PHYType
+  #ProfileName: ProfileName
+  #SSID: SSID
+  #Domain: Domain
+  #ServiceType: ServiceType
+  #SourceName: SourceName
+  #StartType: StartType
+  #UserID: UserID
+  #ParentProcessName: ParentProcessName
+  #Service: Service
+  #ProcessName: ProcessName
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_sysmon.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_sysmon.yml
new file mode 100644
index 00000000..284c2685
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_sysmon.yml
@@ -0,0 +1,63 @@
+platform: Anomali
+source: windows_sysmon
+
+
+log_source:
+  product: [windows]
+  service: [sysmon]
+
+default_log_source:
+  product: windows
+  service: sysmon
+
+field_mapping:
+  CommandLine: command_line
+  Image: image
+  ParentImage: parent_image
+  EventID: event_id
+  #CallTrace: CallTrace
+  #Company: Company
+  #CurrentDirectory: CurrentDirectory
+  #Description: Description
+  DestinationHostname: dest
+  DestinationIp: dest_ip
+  #DestinationIsIpv6: DestinationIsIpv6
+  DestinationPort: dest_port
+  #DestinationPortName: DestinationPortName
+  Hashes: file_hash
+  #Initiated: Initiated
+  #IntegrityLevel: IntegrityLevel
+  ParentCommandLine: parent_command_line
+  #Product: Product
+  #Protocol: Protocol
+  #RuleName: RuleName
+  SourceHostname: src
+  SourceIp: src_ip
+  #SourceIsIpv6: SourceIsIpv6
+  SourcePort: src_port
+  #SourcePortName: SourcePortName
+  TargetFilename: file_name
+  User: user
+  OriginalFileName: original_file_name
+  #Signed: Signed
+  #Signature: Signature
+  #SignatureStatus: SignatureStatus
+  TargetObject: reg_key
+  Details: reg_value_data
+  QueryName: query
+  QueryResults: record_type
+  #QueryStatus: QueryStatus
+  #IsExecutable: IsExecutable
+  #PipeName: PipeName
+  #ImageLoaded: ImageLoaded
+  #ImagePath: ImagePath
+  #Imphash: Imphash
+  #SourceImage: SourceImage
+  #StartModule: StartModule
+  #TargetImage: TargetImage
+  Device: dvc_name
+  ProcessID: process_id
+  #FileVersion: FileVersion
+  #StartAddress: StartAddress
+  #StartFunction: StartFunction
+  EventType: event_name
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_system.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_system.yml
new file mode 100644
index 00000000..d64ced48
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_system.yml
@@ -0,0 +1,27 @@
+platform: Anomali
+source: windows_system
+
+
+log_source:
+  product: [windows]
+  service: [system]
+
+default_log_source:
+  product: windows
+  service: system
+
+field_mapping:
+  EventID: event_id
+  #AccountName: AccountName
+  #ImagePath: ImagePath
+  #ServiceName: ServiceName
+  #ServiceType: ServiceType
+  #StartType: StartType
+  #Provider_Name: Provider_Name
+  #Origin: Origin
+  #HiveName: HiveName
+  #Caption: Caption
+  #param1: param1
+  #param2: param2
+  #Channel: Channel
+  #DeviceName: DeviceName
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/anomali/windows_wmi_event.yml b/uncoder-core/app/translator/mappings/platforms/anomali/windows_wmi_event.yml
new file mode 100644
index 00000000..58cbcb9e
--- /dev/null
+++ b/uncoder-core/app/translator/mappings/platforms/anomali/windows_wmi_event.yml
@@ -0,0 +1,15 @@
+platform: Anomali
+source: windows_wmi_event
+
+
+log_source:
+  product: [windows]
+  category: [wmi_event]
+
+default_log_source:
+  product: windows
+  category: wmi_event
+
+field_mapping:
+#  Destination: Destination
+  EventID: event_id
diff --git a/uncoder-core/app/translator/mappings/platforms/sigma/windows_pipe_created.yml b/uncoder-core/app/translator/mappings/platforms/sigma/windows_pipe_created.yml
index eb6cc32c..7934d1e2 100644
--- a/uncoder-core/app/translator/mappings/platforms/sigma/windows_pipe_created.yml
+++ b/uncoder-core/app/translator/mappings/platforms/sigma/windows_pipe_created.yml
@@ -11,6 +11,6 @@ default_log_source:
   category: pipe_created
 
 field_mapping:
-  EventID: action_evtlog_event_id
+  EventID: EventID
   PipeName: PipeName
   Image: Image
\ No newline at end of file
diff --git a/uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py b/uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py
index e6b3e713..154ee0b5 100644
--- a/uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py
+++ b/uncoder-core/app/translator/platforms/carbonblack/renders/carbonblack_cti.py
@@ -23,7 +23,6 @@
 from app.translator.platforms.carbonblack.const import DEFAULT_CARBONBLACK_CTI_MAPPING, carbonblack_query_details
 
 
-
 @render_cti_manager.register
 class CarbonBlackCTI(RenderCTI):
     details: PlatformDetails = carbonblack_query_details
diff --git a/uncoder-core/app/translator/platforms/microsoft/const.py b/uncoder-core/app/translator/platforms/microsoft/const.py
index 30d2be92..ca05bd7b 100644
--- a/uncoder-core/app/translator/platforms/microsoft/const.py
+++ b/uncoder-core/app/translator/platforms/microsoft/const.py
@@ -79,6 +79,9 @@
     "URL": "URL",
 }
 
+
+MICROSOFT_SENTINEL_QUERY_TYPES = {_SENTINEL_KQL_QUERY, _SENTINEL_KQL_RULE}
+
 microsoft_defender_query_details = PlatformDetails(**MICROSOFT_DEFENDER_DETAILS)
 microsoft_sentinel_query_details = PlatformDetails(**MICROSOFT_SENTINEL_QUERY_DETAILS)
 microsoft_sentinel_rule_details = PlatformDetails(**MICROSOFT_SENTINEL_RULE_DETAILS)

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/225.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/225.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/225.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/225.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>