Skip to content

Commit b5b79dc

Browse files
saltar-uasaltar-ua
authored
Merge pull request #132 from UncoderIO/gis-7980
Add XQL mappings
2 parents abfc3d6 + a821bdb commit b5b79dc

File tree

5 files changed

+57
-2
lines changed

5 files changed

+57
-2
lines changed

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ platform: Palo Alto XSIAM
22
source: webserver
33

44
default_log_source:
5-
dataset: [apache_tomcat_raw, nginx_nginx_raw, apache_tomcat_raw]
5+
datamodel: datamodel
66

77
field_mapping:
88
c-uri: xdm.network.http.url

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_pipe_created.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
platform: Palo Alto XSIAM
2+
source: windows_pipe_created
3+
4+
default_log_source:
5+
preset: xdr_event_log
6+
7+
field_mapping:
8+
EventID: action_evtlog_event_id
9+
10+
raw_log_fields:
11+
- PipeName
12+
- Image

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_process_access.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
platform: Palo Alto XSIAM
2+
source: windows_process_access
3+
4+
default_log_source:
5+
preset: xdr_event_log
6+
7+
field_mapping:
8+
User: action_process_username
9+
10+
raw_log_fields:
11+
- SourceProcessGUID
12+
- SourceProcessId
13+
- SourceThreadId
14+
- SourceImage
15+
- TargetProcessGUID
16+
- TargerProcessId
17+
- TargetImage
18+
- GrantedAccess
19+
- CallTrace

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ default_log_source:
88
field_mapping:
99
EventID: action_evtlog_event_id
1010
OriginalFileName: actor_process_file_original_name
11+
Description: action_evtlog_description
1112

1213
raw_log_fields:
1314
- CommandLine
@@ -16,7 +17,6 @@ raw_log_fields:
1617
- CallTrace
1718
- Company
1819
- CurrentDirectory
19-
- Description
2020
- DestinationHostname
2121
- DestinationIp
2222
- DestinationIsIpv6

uncoder-core/app/translator/mappings/platforms/sigma/windows_process_access.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
2+
platform: Sigma
3+
source: windows_process_access
4+
5+
6+
log_source:
7+
product: [windows]
8+
category: [process_access]
9+
10+
default_log_source:
11+
product: windows
12+
category: process_access
13+
14+
field_mapping:
15+
SourceProcessGUID: SourceProcessGUID
16+
SourceProcessId: SourceProcessId
17+
SourceThreadId: SourceThreadId
18+
SourceImage: SourceImage
19+
TargetProcessGUID: TargetProcessGUID
20+
TargerProcessId: TargerProcessId
21+
TargetImage: TargetImage
22+
GrantedAccess: GrantedAccess
23+
CallTrace: CallTrace
24+
User: User

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy