Skip to content

Commit 6a53064

Browse files
nazargesyknazargesyk
committed
Merge branch 'prod' into 'gis-7683'
# Conflicts: # app/translator/platforms/__init__.py
1 parent b63c0ab commit 6a53064

20 files changed

+642
-0
lines changed

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
platform: Palo Alto XSIAM
2+
source: default
3+
4+
5+
default_log_source:
6+
datamodel: datamodel

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/firewall.yml

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
platform: Palo Alto XSIAM
2+
source: firewall
3+
4+
log_source:
5+
preset: network_story
6+
7+
default_log_source:
8+
preset: network_story
9+
10+
field_mapping:
11+
DestinationPort:
12+
- action_local_port
13+
- action_remote_port
14+
DestinationIp:
15+
- action_local_ip
16+
- action_remote_ip
17+
SourcePort:
18+
- action_local_port
19+
- action_remote_port
20+
SourceIp:
21+
- action_local_ip
22+
- action_remote_ip
23+
dst_ip:
24+
- action_local_ip
25+
- action_remote_ip
26+
dst_port:
27+
- action_local_port
28+
- action_remote_port
29+
src_ip:
30+
- action_local_ip
31+
- action_remote_ip
32+
src_port:
33+
- action_local_port
34+
- action_remote_port
35+
Protocol: action_network_protocol
36+
DestinationHostname: action_external_hostname
37+
SourceHostname: agent_hostname
38+
User: actor_effective_username
39+
CommandLine: actor_process_image_command_line
40+
Image: actor_process_image_path
41+
LogonId: actor_process_logon_id
42+
Product: actor_process_signature_product
43+
Company: actor_process_signature_vendor
44+
IntegrityLevel: actor_process_integrity_level
45+
CurrentDirectory: actor_process_cwd
46+
ProcessId: actor_process_os_id
47+
ParentProcessId: causality_actor_process_os_id
48+
ParentCommandLine: causality_actor_process_command_line
49+
ParentImage: causality_actor_process_image_path
50+
ParentUser: causality_actor_effective_username
51+
ParentIntegrityLevel: causality_actor_process_integrity_level
52+
ParentLogonId: causality_actor_process_logon_id
53+
ParentProduct: causality_actor_process_signature_product
54+
ParentCompany: causality_actor_process_signature_vendor

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/linux_file_event.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
platform: Palo Alto XSIAM
2+
source: linux_file_event
3+
4+
log_source:
5+
preset: xdr_file
6+
7+
default_log_source:
8+
preset: xdr_file
9+
10+
field_mapping:
11+
TargetFilename: action_file_name
12+
SourceFilename: action_file_previous_file_name
13+
User: actor_effective_username
14+
CommandLine: actor_process_image_command_line
15+
Image: actor_process_image_path
16+
LogonId: actor_process_logon_id
17+
Product: actor_process_signature_product
18+
Company: actor_process_signature_vendor
19+
IntegrityLevel: actor_process_integrity_level
20+
CurrentDirectory: actor_process_cwd
21+
ProcessId: actor_process_os_id
22+
ParentProcessId: causality_actor_process_os_id
23+
ParentCommandLine: causality_actor_process_command_line
24+
ParentImage: causality_actor_process_image_path
25+
ParentUser: causality_actor_effective_username
26+
ParentIntegrityLevel: causality_actor_process_integrity_level
27+
ParentLogonId: causality_actor_process_logon_id
28+
ParentProduct: causality_actor_process_signature_product
29+
ParentCompany: causality_actor_process_signature_vendor

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/linux_network_connection.yml

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
platform: Palo Alto XSIAM
2+
source: linux_network_connection
3+
4+
log_source:
5+
preset: network_story
6+
7+
default_log_source:
8+
preset: network_story
9+
10+
field_mapping:
11+
DestinationPort:
12+
- action_local_port
13+
- action_remote_port
14+
DestinationIp:
15+
- action_local_ip
16+
- action_remote_ip
17+
SourcePort:
18+
- action_local_port
19+
- action_remote_port
20+
SourceIp:
21+
- action_local_ip
22+
- action_remote_ip
23+
dst_ip:
24+
- action_local_ip
25+
- action_remote_ip
26+
dst_port:
27+
- action_local_port
28+
- action_remote_port
29+
src_ip:
30+
- action_local_ip
31+
- action_remote_ip
32+
src_port:
33+
- action_local_port
34+
- action_remote_port
35+
Protocol: action_network_protocol
36+
DestinationHostname: action_external_hostname
37+
SourceHostname: agent_hostname
38+
User: actor_effective_username
39+
CommandLine: actor_process_image_command_line
40+
Image: actor_process_image_path
41+
LogonId: actor_process_logon_id
42+
Product: actor_process_signature_product
43+
Company: actor_process_signature_vendor
44+
IntegrityLevel: actor_process_integrity_level
45+
CurrentDirectory: actor_process_cwd
46+
ProcessId: actor_process_os_id
47+
ParentProcessId: causality_actor_process_os_id
48+
ParentCommandLine: causality_actor_process_command_line
49+
ParentImage: causality_actor_process_image_path
50+
ParentUser: causality_actor_effective_username
51+
ParentIntegrityLevel: causality_actor_process_integrity_level
52+
ParentLogonId: causality_actor_process_logon_id
53+
ParentProduct: causality_actor_process_signature_product
54+
ParentCompany: causality_actor_process_signature_vendor

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/linux_process_creation.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
platform: Palo Alto XSIAM
2+
source: linux_process_creation
3+
4+
log_source:
5+
preset: xdr_process
6+
7+
default_log_source:
8+
preset: xdr_process
9+
10+
field_mapping:
11+
User: action_process_username
12+
CommandLine: action_process_image_command_line
13+
Image: action_process_image_path
14+
LogonId: action_process_logon_id
15+
Product: action_process_signature_product
16+
Company: action_process_signature_vendor
17+
IntegrityLevel: action_process_integrity_level
18+
CurrentDirectory: action_process_cwd
19+
ProcessId: action_process_os_pid
20+
ParentProcessId: actor_process_os_pid
21+
ParentCommandLine: actor_process_image_command_line
22+
ParentImage: actor_process_image_path
23+
ParentUser: actor_effective_username
24+
ParentIntegrityLevel: actor_process_integrity_level
25+
ParentLogonId: actor_process_logon_id
26+
ParentProduct: actor_process_signature_product
27+
ParentCompany: actor_process_signature_vendor
28+
md5: action_process_image_md5
29+
sha256: action_process_image_sha256

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/macos_file_event.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
platform: Palo Alto XSIAM
2+
source: macos_file_event
3+
4+
log_source:
5+
preset: xdr_file
6+
7+
default_log_source:
8+
preset: xdr_file
9+
10+
field_mapping:
11+
TargetFilename: action_file_name
12+
SourceFilename: action_file_previous_file_name
13+
User: actor_effective_username
14+
CommandLine: actor_process_image_command_line
15+
Image: actor_process_image_path
16+
LogonId: actor_process_logon_id
17+
Product: actor_process_signature_product
18+
Company: actor_process_signature_vendor
19+
IntegrityLevel: actor_process_integrity_level
20+
CurrentDirectory: actor_process_cwd
21+
ProcessId: actor_process_os_id
22+
ParentProcessId: causality_actor_process_os_id
23+
ParentCommandLine: causality_actor_process_command_line
24+
ParentImage: causality_actor_process_image_path
25+
ParentUser: causality_actor_effective_username
26+
ParentIntegrityLevel: causality_actor_process_integrity_level
27+
ParentLogonId: causality_actor_process_logon_id
28+
ParentProduct: causality_actor_process_signature_product
29+
ParentCompany: causality_actor_process_signature_vendor

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/macos_network_connection.yml

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
platform: Palo Alto XSIAM
2+
source: macos_network_connection
3+
4+
log_source:
5+
preset: network_story
6+
7+
default_log_source:
8+
preset: network_story
9+
10+
field_mapping:
11+
DestinationPort:
12+
- action_local_port
13+
- action_remote_port
14+
DestinationIp:
15+
- action_local_ip
16+
- action_remote_ip
17+
SourcePort:
18+
- action_local_port
19+
- action_remote_port
20+
SourceIp:
21+
- action_local_ip
22+
- action_remote_ip
23+
dst_ip:
24+
- action_local_ip
25+
- action_remote_ip
26+
dst_port:
27+
- action_local_port
28+
- action_remote_port
29+
src_ip:
30+
- action_local_ip
31+
- action_remote_ip
32+
src_port:
33+
- action_local_port
34+
- action_remote_port
35+
Protocol: action_network_protocol
36+
DestinationHostname: action_external_hostname
37+
SourceHostname: agent_hostname
38+
User: actor_effective_username
39+
CommandLine: actor_process_image_command_line
40+
Image: actor_process_image_path
41+
LogonId: actor_process_logon_id
42+
Product: actor_process_signature_product
43+
Company: actor_process_signature_vendor
44+
IntegrityLevel: actor_process_integrity_level
45+
CurrentDirectory: actor_process_cwd
46+
ProcessId: actor_process_os_id
47+
ParentProcessId: causality_actor_process_os_id
48+
ParentCommandLine: causality_actor_process_command_line
49+
ParentImage: causality_actor_process_image_path
50+
ParentUser: causality_actor_effective_username
51+
ParentIntegrityLevel: causality_actor_process_integrity_level
52+
ParentLogonId: causality_actor_process_logon_id
53+
ParentProduct: causality_actor_process_signature_product
54+
ParentCompany: causality_actor_process_signature_vendor

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/macos_process_creation.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
platform: Palo Alto XSIAM
2+
source: macos_process_creation
3+
4+
log_source:
5+
preset: xdr_process
6+
7+
default_log_source:
8+
preset: xdr_process
9+
10+
field_mapping:
11+
User: action_process_username
12+
CommandLine: action_process_image_command_line
13+
Image: action_process_image_path
14+
LogonId: action_process_logon_id
15+
Product: action_process_signature_product
16+
Company: action_process_signature_vendor
17+
IntegrityLevel: action_process_integrity_level
18+
CurrentDirectory: action_process_cwd
19+
ProcessId: action_process_os_pid
20+
ParentProcessId: actor_process_os_pid
21+
ParentCommandLine: actor_process_image_command_line
22+
ParentImage: actor_process_image_path
23+
ParentUser: actor_effective_username
24+
ParentIntegrityLevel: actor_process_integrity_level
25+
ParentLogonId: actor_process_logon_id
26+
ParentProduct: actor_process_signature_product
27+
ParentCompany: actor_process_signature_vendor
28+
md5: action_process_image_md5
29+
sha256: action_process_image_sha256

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_file_event.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
platform: Palo Alto XSIAM
2+
source: windows_file_event
3+
4+
log_source:
5+
preset: xdr_file
6+
7+
default_log_source:
8+
preset: xdr_file
9+
10+
field_mapping:
11+
TargetFilename: action_file_name
12+
SourceFilename: action_file_previous_file_name
13+
User: actor_effective_username
14+
CommandLine: actor_process_image_command_line
15+
Image: actor_process_image_path
16+
LogonId: actor_process_logon_id
17+
Product: actor_process_signature_product
18+
Company: actor_process_signature_vendor
19+
IntegrityLevel: actor_process_integrity_level
20+
CurrentDirectory: actor_process_cwd
21+
ProcessId: actor_process_os_id
22+
ParentProcessId: causality_actor_process_os_id
23+
ParentCommandLine: causality_actor_process_command_line
24+
ParentImage: causality_actor_process_image_path
25+
ParentUser: causality_actor_effective_username
26+
ParentIntegrityLevel: causality_actor_process_integrity_level
27+
ParentLogonId: causality_actor_process_logon_id
28+
ParentProduct: causality_actor_process_signature_product
29+
ParentCompany: causality_actor_process_signature_vendor

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_image_load.yml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
platform: Palo Alto XSIAM
2+
source: windows_image_load
3+
4+
log_source:
5+
preset: xdr_image_load
6+
7+
default_log_source:
8+
preset: xdr_image_load
9+
10+
field_mapping:
11+
ImageLoaded: action_module_path
12+
md5: action_module_md5
13+
sha256: action_module_sha256
14+
User: actor_effective_username
15+
CommandLine: actor_process_image_command_line
16+
Image: actor_process_image_path
17+
LogonId: actor_process_logon_id
18+
Product: actor_process_signature_product
19+
Company: actor_process_signature_vendor
20+
IntegrityLevel: actor_process_integrity_level
21+
CurrentDirectory: actor_process_cwd
22+
ProcessId: actor_process_os_id
23+
ParentProcessId: causality_actor_process_os_id
24+
ParentCommandLine: causality_actor_process_command_line
25+
ParentImage: causality_actor_process_image_path
26+
ParentUser: causality_actor_effective_username
27+
ParentIntegrityLevel: causality_actor_process_integrity_level
28+
ParentLogonId: causality_actor_process_logon_id
29+
ParentProduct: causality_actor_process_signature_product
30+
ParentCompany: causality_actor_process_signature_vendor

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy