Skip to content

Commit df5adcd

Browse files
saltar-uasaltar-ua
committed
Improve mappings
1 parent bed3a1e commit df5adcd

File tree

6 files changed

+38
-12
lines changed

6 files changed

+38
-12
lines changed

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,5 +41,6 @@ field_mapping:
4141
dst-hostname: xdm.target.host.hostname
4242
icmp.type: xdm.network.icmp.type
4343
icmp.code: xdm.network.icmp.code
44-
URL: xdm.target.url
45-
QueryName: xdm.target.url
44+
c-uri: xdm.network.http.url
45+
c-uri-query: xdm.network.http.url
46+
QueryName: xdm.network.dns.dns_question.name

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/firewall.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,4 +51,6 @@ field_mapping:
5151
ParentIntegrityLevel: causality_actor_process_integrity_level
5252
ParentLogonId: causality_actor_process_logon_id
5353
ParentProduct: causality_actor_process_signature_product
54-
ParentCompany: causality_actor_process_signature_vendor
54+
ParentCompany: causality_actor_process_signature_vendor
55+
Application: xdm.network.application_protocol
56+
application: xdm.network.application_protocol

uncoder-core/app/translator/mappings/platforms/qradar/default.yml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ field_mapping:
1313
- DstPort
1414
- DestinationPort
1515
dst-hostname: DstHost
16+
src-hostname: SrcHost
1617
src-port: SourcePort
1718
src-ip:
1819
- sourceip
@@ -24,4 +25,7 @@ field_mapping:
2425
- destination_ip
2526
User: userName
2627
CommandLine: Command
27-
Protocol: IPProtocol
28+
Protocol: IPProtocol
29+
Application:
30+
- Application
31+
- application

uncoder-core/app/translator/mappings/platforms/qradar/dns.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ default_log_source:
99
devicetype: 185
1010

1111
field_mapping:
12-
dns-query: dns-query
12+
dns-query: URL
1313
parent-domain: parent-domain
1414
dns-answer: dns-answer
15-
dns-record: dns-record
15+
dns-record: URL

uncoder-core/app/translator/mappings/platforms/qradar/firewall.yml

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,24 @@ default_log_source:
99
devicetype: 4
1010

1111
field_mapping:
12-
src-ip: sourceip
13-
src-port: sourceport
14-
dst-ip: destinationip
15-
dst-port: sestinationport
12+
src-ip:
13+
- sourceip
14+
- SrcHost
15+
- LocalHost
16+
- Source
17+
- NetworkView
18+
src-port:
19+
- sourceport
20+
- SrcPort
21+
- LocalPort
22+
dst-ip:
23+
- destinationip
24+
- DstHost
25+
- RemoteHost
26+
- Destination
27+
dst-port:
28+
- destinationport
29+
- DstPort
30+
- RemotePort
31+
Protocol: IPProtocol
32+
Application: Application

uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,10 @@ default_log_source:
99
devicetype: 46
1010

1111
field_mapping:
12-
c-uri: URL
13-
c-useragent: c-useragent
12+
c-uri:
13+
- URL
14+
- XForceCategoryByURL
15+
c-useragent: User Agent
1416
cs-method: cs-method
1517
cs-bytes: Bytes Sent
1618
cs-cookie-vars: cs-cookie-vars

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy