field mapping update

spsocprime · spsocprime · commit 79c080709e90 · 2024-07-19T17:14:30.000+03:00
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml b/uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml
@@ -13,13 +13,16 @@ field_mapping:
     - URL
     - XForceCategoryByURL
   c-useragent: User Agent
-  cs-method: HTTP Method
+  cs-method: 
+    - HTTP Method
+    - Method
   cs-bytes: Bytes Sent
   #cs-cookie-vars: cs-cookie-vars
   c-uri-extension: URL
   c-uri-query:
     - URL
     - URL Path
+    - URL Query String
   #cs-cookie: cs-cookie
   cs-host:
     - UrlHost
@@ -32,6 +35,10 @@ field_mapping:
   r-dns:
     - UrlHost
     - URL Host
-  sc-status: HTTP Response Code
+  sc-status: 
+    - HTTP Response Code
+    - Response Code
   #post-body: post-body
-  url_category: XForceCategoryByURL
+  url_category: 
+    - XForceCategoryByURL
+    - Web Category
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml b/uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml
@@ -9,17 +9,33 @@ default_log_source:
   devicetype: 10
 
 field_mapping:
-  c-uri: URL
-  c-useragent: c-useragent
-  cs-method: cs-method
+  c-uri:
+    - URL
+    - XForceCategoryByURL
+  c-useragent: User Agent
+  cs-method: 
+    - HTTP Method
+    - Method
   cs-bytes: Bytes Sent
-  cs-cookie-vars: cs-cookie-vars
-  c-uri-extension: c-uri-extension
-  c-uri-query: URL
-  cs-cookie: cs-cookie
-  cs-host: cs-host
-  cs-referrer: URL Referrer
-  cs-version: cs-version
-  r-dns: r-dns
-  sc-status: sc-status
-  post-body: post-body
+  #cs-cookie-vars: cs-cookie-vars
+  c-uri-extension: URL
+  c-uri-query:
+    - URL
+    - URL Path
+    - URL Query String
+  #cs-cookie: cs-cookie
+  cs-host: 
+    - UrlHost
+    - URL Host
+    - URL Domain
+  cs-referrer: 
+    - URL Referrer
+    - Referrer URL
+  cs-version: HTTP Version
+  r-dns: 
+    - UrlHost
+    - URL Host
+  sc-status: 
+    - HTTP Response Code
+    - Response Code
+  #post-body: post-body
