diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
index 81d9dcc8..f6b25023 100644
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
+++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
@@ -77,6 +77,7 @@ field_mapping:
OldTargetUserName: xdm.target.user.username
UserPrincipalName: xdm.source.user.username
DestAddress: xdm.target.ipv4
+ SubjectAccountName: xdm.source.user.username
SubjectUserName: xdm.source.user.username
SubjectUserSid: xdm.source.user.identifier
SourceAddr: xdm.source.ipv4
@@ -117,7 +118,6 @@ field_mapping:
method: xdm.network.http.method
notice.user_agent: xdm.network.http.browser
hasIdentity: xdm.source.user.identity_type
- SubjectAccountName: xdm.source.user.username
ComputerName: xdm.source.host.hostname
ExternalSeverity: xdm.alert.severity
SourceMAC: xdm.source.host.mac_addresses
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml
index 42fe9a54..59a56f71 100644
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml
+++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml
@@ -7,7 +7,8 @@ default_log_source:
field_mapping:
EventID: action_evtlog_event_id
Provider_Name: provider_name
-
+ SubjectAccountName: actor_effective_username
+
raw_log_fields:
ParentImage: regex
AccessMask: regex
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
index 20883e94..7d01b97e 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
@@ -130,6 +130,9 @@ field_mapping:
NewValue: NewValue
Source: Source
Status: Status
+ SubjectAccountName:
+ - Subject Account Name
+ - SubjectAccountName
SubjectDomainName: SubjectDomainName
SubjectUserName: Target Username
SubjectUserSid: SubjectUserSid
@@ -171,5 +174,4 @@ field_mapping:
UserID: UserID
ParentProcessName: Parent Process Name
Service: Service
- hasIdentity: hasIdentity
- SubjectAccountName: SubjectAccountName
\ No newline at end of file
+ hasIdentity: hasIdentity
\ No newline at end of file
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy