Skip to content

Commit eb24b13

Browse files
nazargesyknazargesyk
authored
Merge pull request #175 from UncoderIO/gis-aql-upd-2024-07-17
new fields
2 parents e22f189 + 4567900 commit eb24b13

File tree

2 files changed

+19
-2
lines changed

2 files changed

+19
-2
lines changed

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ field_mapping:
4747
c-uri-query: xdm.network.http.url
4848
QueryName: xdm.network.dns.dns_question.name
4949
Application: xdm.network.application_protocol
50+
sourceNetwork: xdm.source.subnet
5051
SourceHostName: xdm.source.host.hostname
5152
DestinationHostname: xdm.target.host.hostname
5253
Hashes:
@@ -128,7 +129,13 @@ field_mapping:
128129
url_category: xdm.network.http.url_category
129130
EventSeverity: xdm.alert.severity
130131
duration: xdm.event.duration
132+
ThreatName: xdm.alert.original_threat_id
133+
AnalyzerName: xdm.observer.type
134+
Classification: xdm.alert.category
135+
ResultCode: xdm.event.outcome_reason
136+
Technique: xdm.alert.mitre_techniques
137+
Action: xdm.event.outcome
131138
FileExtension: xdm.target.file.extension
132139
Workstation: xdm.source.host.hostname
133140
RegistryKey: xdm.target.registry.key
134-
RegistryValue: xdm.target.registry.value
141+
RegistryValue: xdm.target.registry.value

uncoder-core/app/translator/mappings/platforms/qradar/default.yml

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ field_mapping:
3535
User:
3636
- userName
3737
- EventUserName
38+
- Alert Threat Cause Actor Name
3839
- Username
3940
- Security ID
4041
CommandLine: Command
@@ -44,6 +45,7 @@ field_mapping:
4445
Application:
4546
- Application
4647
- application
48+
sourceNetwork: sourceNetwork
4749
SourceHostName:
4850
- HostCount-source
4951
- identityHostName
@@ -82,6 +84,14 @@ field_mapping:
8284
- Source
8385
- source
8486
duration: duration
87+
ThreatName:
88+
- Threat Name
89+
- Alert Blocked Threat Category
90+
AnalyzerName: Analyzer Name
91+
Classification: Classification
92+
ResultCode: Alert Reason Code
93+
Technique: Technique
94+
Action: Action
8595
Workstation: Machine Identifier
8696
GroupMembership: Role Name
8797
FileName:
@@ -91,4 +101,4 @@ field_mapping:
91101
- Registry Key
92102
- Target Object
93103
RegistryValue: RegistryValue
94-
ProcessPath: Process Path
104+
ProcessPath: Process Path

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy