File tree Expand file tree Collapse file tree 7 files changed +30
-4
lines changed
uncoder-core/app/translator/mappings/platforms Expand file tree Collapse file tree 7 files changed +30
-4
lines changed Original file line number Diff line number Diff line change @@ -14,6 +14,7 @@ field_mapping:
1414 ProcessName :
1515 - xdm.target.process.name
1616 - xdm.source.process.name
17+ ProcessPath : xdm.target.process.executable.path
1718 ImageLoaded :
1819 - xdm.target.process.executable.filename
1920 - xdm.source.process.executable.filename
@@ -64,7 +65,7 @@ field_mapping:
6465 dns-query : xdm.network.dns.dns_question.name
6566 dns-answer : xdm.network.dns.dns_resource_record.value
6667 dns-record : xdm.network.dns.dns_question.name
67- FileName : xdm.target.file.path
68+ FileName : xdm.target.file.filename
6869 IpAddress : xdm.source.ipv4
6970 IpPort : xdm.source.port
7071 LogonProcessName : xdm.target.process.executable.path
@@ -127,3 +128,7 @@ field_mapping:
127128 url_category : xdm.network.http.url_category
128129 EventSeverity : xdm.alert.severity
129130 duration : xdm.event.duration
131+ FileExtension : xdm.target.file.extension
132+ Workstation : xdm.source.host.hostname
133+ RegistryKey : xdm.target.registry.key
134+ RegistryValue : xdm.target.registry.value
Original file line number Diff line number Diff line change @@ -9,6 +9,7 @@ default_log_source:
99
1010field_mapping :
1111 ImageLoaded : action_module_path
12+ FileExtension : action_file_extension
1213 md5 : action_module_md5
1314 sha256 : action_module_sha256
1415 User : actor_effective_username
Original file line number Diff line number Diff line change @@ -19,6 +19,7 @@ field_mapping:
1919 src-port :
2020 - SourcePort
2121 - localport
22+ - sourcePort
2223 src-ip :
2324 - sourceip
2425 - source_ip
@@ -34,6 +35,8 @@ field_mapping:
3435 User :
3536 - userName
3637 - EventUserName
38+ - Username
39+ - Security ID
3740 CommandLine : Command
3841 Protocol :
3942 - IPProtocol
@@ -78,4 +81,14 @@ field_mapping:
7881 Source :
7982 - Source
8083 - source
81- duration : duration
84+ duration : duration
85+ Workstation : Machine Identifier
86+ GroupMembership : Role Name
87+ FileName :
88+ - Filename
89+ - File Name
90+ RegistryKey :
91+ - Registry Key
92+ - Target Object
93+ RegistryValue : RegistryValue
94+ ProcessPath : Process Path
Original file line number Diff line number Diff line change @@ -14,6 +14,7 @@ field_mapping:
1414 CommandLine :
1515 - Command
1616 - ASACommand
17+ - Command Arguments
1718 Image : Process Path
1819 ParentCommandLine : Parent Command
1920 ParentImage : Parent Process Path
Original file line number Diff line number Diff line change @@ -21,4 +21,5 @@ field_mapping:
2121 - Signature Status
2222 - SignatureStatus
2323 OriginalFileName : OriginalFileName
24- Signed : Signed
24+ Signed : Signed
25+ FileExtension : File Extension
Original file line number Diff line number Diff line change @@ -14,15 +14,19 @@ field_mapping:
1414 CommandLine :
1515 - Command
1616 - Encoded Argument
17+ - Command Arguments
1718 CurrentDirectory : CurrentDirectory
1819 Hashes : File Hash
1920 Image :
2021 - Process Path
2122 - Process Name
2223 - DGApplication
24+ - ProcessName
2325 IntegrityLevel : IntegrityLevel
2426 ParentCommandLine : Parent Command
25- ParentImage : Parent Process Path
27+ ParentImage :
28+ - Parent Process Path
29+ - ParentProcessName
2630 ParentUser : ParentUser
2731 Product : Product
2832 User :
Original file line number Diff line number Diff line change @@ -12,6 +12,7 @@ field_mapping:
1212 EventID :
1313 - Event ID
1414 - EventID
15+ - qidEventId
1516 ParentImage : Parent Process Path
1617 AccessMask : AccessMask
1718 AccountName : Account Name
You can’t perform that action at this time.
0 commit comments