File tree Expand file tree Collapse file tree 3 files changed +7
-4
lines changed
uncoder-core/app/translator/mappings/platforms Expand file tree Collapse file tree 3 files changed +7
-4
lines changed Original file line number Diff line number Diff line change @@ -77,6 +77,7 @@ field_mapping:
7777 OldTargetUserName : xdm.target.user.username
7878 UserPrincipalName : xdm.source.user.username
7979 DestAddress : xdm.target.ipv4
80+ SubjectAccountName : xdm.source.user.username
8081 SubjectUserName : xdm.source.user.username
8182 SubjectUserSid : xdm.source.user.identifier
8283 SourceAddr : xdm.source.ipv4
@@ -117,7 +118,6 @@ field_mapping:
117118 method : xdm.network.http.method
118119 notice.user_agent : xdm.network.http.browser
119120 hasIdentity : xdm.source.user.identity_type
120- SubjectAccountName : xdm.source.user.username
121121 ComputerName : xdm.source.host.hostname
122122 ExternalSeverity : xdm.alert.severity
123123 SourceMAC : xdm.source.host.mac_addresses
Original file line number Diff line number Diff line change @@ -7,7 +7,8 @@ default_log_source:
77field_mapping :
88 EventID : action_evtlog_event_id
99 Provider_Name : provider_name
10-
10+ SubjectAccountName : actor_effective_username
11+
1112raw_log_fields :
1213 ParentImage : regex
1314 AccessMask : regex
Original file line number Diff line number Diff line change @@ -130,6 +130,9 @@ field_mapping:
130130 NewValue : NewValue
131131 Source : Source
132132 Status : Status
133+ SubjectAccountName :
134+ - Subject Account Name
135+ - SubjectAccountName
133136 SubjectDomainName : SubjectDomainName
134137 SubjectUserName : Target Username
135138 SubjectUserSid : SubjectUserSid
@@ -171,5 +174,4 @@ field_mapping:
171174 UserID : UserID
172175 ParentProcessName : Parent Process Name
173176 Service : Service
174- hasIdentity : hasIdentity
175- SubjectAccountName : SubjectAccountName
177+ hasIdentity : hasIdentity
You can’t perform that action at this time.
0 commit comments