Skip to content

Commit e123cea

Browse files
author
oleksandr.volha
committed
hunters query render
1 parent 4b2c89c commit e123cea

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

51 files changed

+1064
-88
lines changed

uncoder-core/app/translator/mappings/platforms/hunters/aws_cloudtrail.yml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
platform: Hunters
2+
source: aws_cloudtrail
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
eventSource: eventSource
10+
eventName: eventName
11+
AdditionalEventData: additionalEventData.MFAUsed
12+
errorCode: errorCode
13+
errorMessage: errorMessage
14+
eventType: eventType
15+
requestParameters: requestParameters
16+
requestParameters.attribute: requestParameters.attribute
17+
requestParameters.ipPermissions.items.ipRanges.items.cidrIP: requestParameters.ipPermissions.items.ipRanges.items.cidrIP
18+
requestParameters.ipPermissions.items.ipRanges.items.fromPort: requestParameters.ipPermissions.items.ipRanges.items.fromPort
19+
requestParameters.userData: requestParameters.userData
20+
responseElements: responseElements
21+
responseElements.ConsoleLogin: responseElements.ConsoleLogin
22+
responseElements.pendingModifiedValues.masterUserPassword: responseElements.pendingModifiedValues.masterUserPassword
23+
responseElements.publiclyAccessible: responseElements.publiclyAccessible
24+
status: status
25+
terminatingRuleId: terminatingRuleId
26+
userAgent: userAgent
27+
userIdentity.arn: userIdentity.arn
28+
userIdentity.principalId: userIdentity.principalId
29+
userIdentity.sessionContext.sessionIssuer.type: userIdentity.sessionContext.sessionIssuer.type
30+
userIdentity.type: userIdentity.type
31+
userIdentity.userName: userIdentity.userName

uncoder-core/app/translator/mappings/platforms/hunters/aws_eks.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
platform: Hunters
2+
source: aws_eks
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
annotations.authorization.k8s.io\/decision: annotations.authorization.k8s.io\/decision
10+
annotations.podsecuritypolicy.policy.k8s.io\/admit-policy: annotations.podsecuritypolicy.policy.k8s.io\/admit-policy
11+
aws_node_type: aws_node_type
12+
objectRef.namespace: objectRef.namespace
13+
objectRef.resource: objectRef.resource
14+
objectRef.subresource: objectRef.subresource
15+
requestObject.rules.resources: requestObject.rules.resources
16+
requestObject.rules.verbs: requestObject.rules.verbs
17+
requestObject.spec.containers.image: requestObject.spec.containers.image
18+
requestURI: requestURI
19+
stage: stage
20+
user.groups: user.groups
21+
user.username: user.username
22+
verb: verb

uncoder-core/app/translator/mappings/platforms/hunters/azure_AzureDiagnostics.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
platform: Hunters
2+
source: azure_AzureDiagnostics
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
ResultDescription: ResultDescription
10+
Category: Category

uncoder-core/app/translator/mappings/platforms/hunters/azure_BehaviorAnalytics.yml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
platform: Hunters
2+
source: azure_BehaviorAnalytics
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
ActionType: ActionType
10+
ActivityInsights: ActivityInsights
11+
ActivityType: ActivityType
12+
EventSource: EventSource
13+
DevicesInsights: DevicesInsights
14+
RiskDetail: RiskDetail
15+
UsersInsights: UsersInsights
16+
UsersInsights.IsDormantAccount: UsersInsights.IsDormantAccount
17+
UsersInsights.IsNewAccount: UsersInsights.IsNewAccount

uncoder-core/app/translator/mappings/platforms/hunters/azure_aadnoninteractiveusersigninlogs.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
platform: Hunters
2+
source: azure_aadnoninteractiveusersigninlogs
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
UserAgent: UserAgent
10+
Type: Type

uncoder-core/app/translator/mappings/platforms/hunters/azure_azureactivity.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
platform: Hunters
2+
source: azure_azureactivity
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
ActivityStatus: ActivityStatus
10+
ActivityStatusValue: ActivityStatusValue
11+
ActivitySubstatusValue: ActivitySubstatusValue
12+
Authorization: Authorization
13+
Category: Category
14+
CategoryValue: CategoryValue
15+
OperationName: OperationName
16+
OperationNameValue: OperationNameValue
17+
ResourceId: ResourceId
18+
ResourceProviderValue: ResourceProviderValue
19+
Type: Type

uncoder-core/app/translator/mappings/platforms/hunters/azure_azuread.yml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
platform: Hunters
2+
source: azure_azuread
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
ActivityDisplayName: ActivityDisplayName
10+
Category: Category
11+
LoggedByService: LoggedByService
12+
Result: Result
13+
OperationName: OperationName
14+
TargetResources: TargetResources
15+
AADOperationType: AADOperationType
16+
InitiatedBy: InitiatedBy
17+
ResultReason: ResultReason
18+
Status: Status
19+
Status.errorCode: Status.errorCode
20+
UserAgent: UserAgent

uncoder-core/app/translator/mappings/platforms/hunters/azure_m365.yml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
platform: Hunters
2+
source: azure_m365
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
ClientInfoString: ClientInfoString
10+
LogonError: LogonError
11+
ModifiedProperties: ModifiedProperties
12+
OfficeObjectId: OfficeObjectId
13+
OfficeWorkload: OfficeWorkload
14+
Operation: Operation
15+
Parameters: Parameters
16+
RecordType: RecordType
17+
ResultStatus: ResultStatus
18+
SourceFileExtension: SourceFileExtension
19+
SourceFileName: SourceFileName
20+
UserAgent: UserAgent

uncoder-core/app/translator/mappings/platforms/hunters/azure_signinlogs.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
platform: Hunters
2+
source: azure_signinlogs
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name
7+
8+
field_mapping:
9+
AppDisplayName: AppDisplayName
10+
AppId: AppId
11+
AuthenticationRequirement: AuthenticationRequirement
12+
Category: Category
13+
ConditionalAccessStatus: ConditionalAccessStatus
14+
DeviceDetail: DeviceDetail
15+
IsInteractive: IsInteractive
16+
NetworkLocationDetails: NetworkLocationDetails
17+
ResourceDisplayName: ResourceDisplayName
18+
ResourceIdentity: ResourceIdentity
19+
ResultDescription: ResultDescription
20+
ResultType: ResultType
21+
Status.errorCode: Status.errorCode
22+
Status: Status
23+
Status.failureReason: Status.failureReason
24+
TokenIssuerType: TokenIssuerType
25+
UserAgent: UserAgent
26+
UserPrincipalName: UserPrincipalName

uncoder-core/app/translator/mappings/platforms/hunters/default.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
platform: Hunters
2+
source: default
3+
description: Text that describe current mapping
4+
5+
default_log_source:
6+
table: table_name

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy