Skip to content

Commit a32d3da

Browse files
saltar-uasaltar-ua
committed
Improve mappings
1 parent 5e68d2f commit a32d3da

File tree

3 files changed

+28
-3
lines changed

3 files changed

+28
-3
lines changed

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,35 @@ field_mapping:
1111
Image:
1212
- xdm.target.process.name
1313
- xdm.source.process.name
14+
ProcessName:
15+
- xdm.target.process.name
16+
- xdm.source.process.name
17+
ImageLoaded:
18+
- xdm.target.process.executable.filename
19+
- xdm.source.process.executable.filename
1420
ParentCommandLine: xdm.source.process.command_line
1521
ParentImage: xdm.source.process.name
1622
User: xdm.source.user.username
1723
TargetFilename: xdm.target.file.filename
1824
TargetImage: xdm.target.process.name
1925
SourceImage: xdm.source.process.name
20-
EventID: action_evtlog_event_id
26+
EventID: xdm.event.id
27+
Protocol: xdm.network.ip_protocol
28+
src-ip: xdm.source.ipv4
29+
SourceIp: xdm.source.ipv4
30+
src-packets: xdm.source.sent_packets
31+
dst-packets: xdm.target.sent_packets
32+
src-port: xdm.source.port
33+
SourcePort: xdm.source.port
34+
dst-ip: xdm.target.ipv4
35+
DestinationIp: xdm.target.ipv4
36+
dst-port: xdm.target.port
37+
DestinationPort: xdm.target.port
38+
src-bytes: xdm.source.sent_bytes
39+
dst-bytes: xdm.target.sent_bytes
40+
src-hostname: xdm.source.host.hostname
41+
dst-hostname: xdm.target.host.hostname
42+
icmp.type: xdm.network.icmp.type
43+
icmp.code: xdm.network.icmp.code
44+
URL: xdm.target.url
45+
QueryName: xdm.target.url

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_application.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ default_log_source:
66

77
field_mapping:
88
EventID: action_evtlog_event_id
9+
Provider_Name: provider_name
910

1011
raw_log_fields:
1112
- src_ip
@@ -18,7 +19,6 @@ raw_log_fields:
1819
- object_name
1920
- class_type
2021
- action_id
21-
- Provider_Name
2222
- Data
2323
- Message
2424
- Level

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ default_log_source:
77

88
field_mapping:
99
EventID: action_evtlog_event_id
10+
OriginalFileName: actor_process_file_original_name
1011

1112
raw_log_fields:
1213
- CommandLine
@@ -35,7 +36,6 @@ raw_log_fields:
3536
- SourcePortName
3637
- TargetFilename
3738
- User
38-
- OriginalFileName
3939
- Signed
4040
- Signature
4141
- SignatureStatus

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy