Skip to content

Commit 82d3823

Browse files
saltar-uasaltar-ua
authored
Merge pull request #115 from spsocprime/qradar_linux_auditd_upd
upd qradar linux auditd config
2 parents 4154275 + 1a5d778 commit 82d3823

File tree

1 file changed

+11
-6
lines changed

1 file changed

+11
-6
lines changed

uncoder-core/app/translator/mappings/platforms/qradar/linux_auditd.yml

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
platform: Qradar
22
source: linux_auditd
3-
description: Text that describe current mapping
3+
description: Auditd field mappings to QRadar default CEPs.
44

55
log_source:
66
devicetype: [11]
@@ -9,8 +9,13 @@ default_log_source:
99
devicetype: 11
1010

1111
field_mapping:
12-
a0: a0
13-
a1: a1
14-
a2: a2
15-
a3: a3
16-
exe: exe
12+
a0: Command
13+
a1: Command
14+
a2: Command
15+
a3: Command
16+
exe: Process Path
17+
CommandLine: Command
18+
Image: Process Path
19+
User: username
20+
LogonId: Logon ID
21+
ParentImage: Parent Process Path

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy