File tree Expand file tree Collapse file tree 2 files changed +19
-1
lines changed
uncoder-core/app/translator/mappings/platforms Expand file tree Collapse file tree 2 files changed +19
-1
lines changed Original file line number Diff line number Diff line change @@ -46,6 +46,7 @@ field_mapping:
4646 c-uri-query : xdm.network.http.url
4747 QueryName : xdm.network.dns.dns_question.name
4848 Application : xdm.network.application_protocol
49+ sourceNetwork : xdm.source.subnet
4950 SourceHostName : xdm.source.host.hostname
5051 DestinationHostname : xdm.target.host.hostname
5152 Hashes :
@@ -127,3 +128,9 @@ field_mapping:
127128 url_category : xdm.network.http.url_category
128129 EventSeverity : xdm.alert.severity
129130 duration : xdm.event.duration
131+ ThreatName : xdm.alert.original_threat_id
132+ AnalyzerName : xdm.observer.type
133+ Classification : xdm.alert.category
134+ ResultCode : xdm.event.outcome_reason
135+ Technique : xdm.alert.mitre_techniques
136+ Action : xdm.event.outcome
Original file line number Diff line number Diff line change @@ -19,6 +19,7 @@ field_mapping:
1919 src-port :
2020 - SourcePort
2121 - localport
22+ - sourcePort
2223 src-ip :
2324 - sourceip
2425 - source_ip
@@ -34,13 +35,15 @@ field_mapping:
3435 User :
3536 - userName
3637 - EventUserName
38+ - Alert Threat Cause Actor Name
3739 CommandLine : Command
3840 Protocol :
3941 - IPProtocol
4042 - protocol
4143 Application :
4244 - Application
4345 - application
46+ sourceNetwork : sourceNetwork
4447 SourceHostName :
4548 - HostCount-source
4649 - identityHostName
@@ -78,4 +81,12 @@ field_mapping:
7881 Source :
7982 - Source
8083 - source
81- duration : duration
84+ duration : duration
85+ ThreatName :
86+ - Threat Name
87+ - Alert Blocked Threat Category
88+ AnalyzerName : Analyzer Name
89+ Classification : Classification
90+ ResultCode : Alert Reason Code
91+ Technique : Technique
92+ Action : Action
You can’t perform that action at this time.
0 commit comments