Merge pull request #226 from UncoderIO/mapping_fixes

nazargesyk · web-flow · commit 30d852c9c6f2 · 2024-12-19T15:19:57.000+02:00
Mapping fixes
diff --git a/uncoder-core/app/translator/mappings/platforms/chronicle/windows_sysmon.yml b/uncoder-core/app/translator/mappings/platforms/chronicle/windows_sysmon.yml
@@ -31,3 +31,4 @@ field_mapping:
   StartModule: target.resource.name
   TargetImage: target.process.file.full_path
   StartFunction: ScriptBlockText
+  event.Technique: security_result.detection_fields.value
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
@@ -14,8 +14,6 @@ field_mapping:
     - DstPort
     - DestinationPort
     - remoteport
-  dst-hostname: DstHost
-  src-hostname: SrcHost
   src-port:
     - SourcePort
     - localport
@@ -41,7 +39,7 @@ field_mapping:
     - Username
     - Security ID
   CommandLine: Command
-  Protocol: 
+  Protocol:
     - IPProtocol
     - protocol
   Application:
@@ -96,7 +94,7 @@ field_mapping:
   Action: Action
   Workstation: Machine Identifier
   GroupMembership: Role Name
-  FileName:
+  FileName: 
     - Filename
     - File Name
     - Encoded Filename
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml b/uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml
@@ -13,7 +13,7 @@ field_mapping:
     - URL
     - XForceCategoryByURL
   c-useragent: User Agent
-  cs-method: 
+  cs-method:
     - HTTP Method
     - Method
   cs-bytes: Bytes Sent
@@ -24,19 +24,19 @@ field_mapping:
     - URL Path
     - URL Query String
   #cs-cookie: cs-cookie
-  cs-host:
+  cs-host: 
     - UrlHost
     - URL Host
     - URL Domain
     - HTTP Host
-  cs-referrer: 
+  cs-referrer:
     - URL Referrer
     - Referrer URL
   cs-version: HTTP Version
-  r-dns: 
+  r-dns:
     - UrlHost
     - URL Host
-  sc-status: 
+  sc-status:
     - HTTP Response Code
     - Response Code
   #post-body: post-body
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml b/uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml
@@ -24,7 +24,7 @@ field_mapping:
     - ProcessName
   IntegrityLevel: IntegrityLevel
   ParentCommandLine: Parent Command
-  ParentImage:
+  ParentImage: 
     - Parent Process Path
     - ParentProcessName
   ParentUser: ParentUser
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
@@ -190,4 +190,4 @@ field_mapping:
   StartType: StartType
   UserID: UserID
   ParentProcessName: Parent Process Name
-  Service: Service
+  Service: Service
diff --git a/uncoder-core/app/translator/mappings/platforms/splunk/default.yml b/uncoder-core/app/translator/mappings/platforms/splunk/default.yml
@@ -6,4 +6,4 @@ log_source:
   source: WinEventLog:*
 
 default_log_source:
-  source: WinEventLog:*
+  source: WinEventLog:*
