Skip to content

Gis 8070 #161

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 27, 2024
Merged

Gis 8070 #161

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
56c7530
update splunk maping render
tarnopolskyi Jun 20, 2024
1b5cfdf
update splunk maping render
tarnopolskyi Jun 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/aws_cloudtrail.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: aws_cloudtrail


log_source:
source_type: [aws:cloudtrail]
sourcetype: [aws:cloudtrail]

default_log_source:
source_type: aws:cloudtrail
sourcetype: aws:cloudtrail

field_mapping:
eventSource: eventSource
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/aws_eks.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: aws_eks


log_source:
source_type: [aws:*]
sourcetype: [aws:*]

default_log_source:
source_type: aws:*
sourcetype: aws:*

field_mapping:
annotations.authorization.k8s.io\/decision: annotations.authorization.k8s.io\/decision
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/azure_AzureDiagnostics.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: azure_AzureDiagnostics


log_source:
source_type: [azure:*]
sourcetype: [azure:*]

default_log_source:
source_type: azure:*
sourcetype: azure:*

field_mapping:
ResultDescription: ResultDescription
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/azure_BehaviorAnalytics.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: azure_BehaviorAnalytics


log_source:
source_type: [azure:*]
sourcetype: [azure:*]

default_log_source:
source_type: azure:*
sourcetype: azure:*

field_mapping:
ActionType: ActionType
Expand Down
4 changes: 2 additions & 2 deletions ...r-core/app/translator/mappings/platforms/splunk/azure_aadnoninteractiveusersigninlogs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: azure_aadnoninteractiveusersigninlogs


log_source:
source_type: [azure:*]
sourcetype: [azure:*]

default_log_source:
source_type: azure:*
sourcetype: azure:*

field_mapping:
UserAgent: UserAgent
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/azure_azureactivity.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: azure_azureactivity


log_source:
source_type: [mscs:azure:*, azure:*]
sourcetype: [mscs:azure:*, azure:*]

default_log_source:
source_type: mscs:azure:*
sourcetype: mscs:azure:*

field_mapping:
ActivityStatus: ActivityStatus
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/azure_azuread.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: azure_azuread


log_source:
source_type: [azure:aad:*]
sourcetype: [azure:aad:*]

default_log_source:
source_type: azure:aad:*
sourcetype: azure:aad:*

field_mapping:
ActivityDisplayName: ActivityDisplayName
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/azure_signinlogs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: azure_signinlogs


log_source:
source_type: [azure:aad:*]
sourcetype: [azure:aad:*]

default_log_source:
source_type: azure:aad:*
sourcetype: azure:aad:*

field_mapping:
AppDisplayName: AppDisplayName
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/firewall.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ source: firewall


log_source:
source_type: [fortigate_traffic]
sourcetype: [fortigate_traffic]
index: [fortigate]

default_log_source:
source_type: fortigate_traffic
sourcetype: fortigate_traffic
index: fortigate

field_mapping:
Expand Down
2 changes: 1 addition & 1 deletion uncoder-core/app/translator/mappings/platforms/splunk/gcp_gcp.audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ source: gcp_gcp.audit


log_source:
source_type: [google:gcp:*]
sourcetype: [google:gcp:*]

default_log_source:
index: google:gcp:*
Expand Down
2 changes: 1 addition & 1 deletion uncoder-core/app/translator/mappings/platforms/splunk/gcp_pubsub.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ source: gcp_pubsub


log_source:
source_type: [google:gcp:*]
sourcetype: [google:gcp:*]

default_log_source:
index: google:gcp:*
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/linux_auditd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: linux_auditd


log_source:
source_type: [linux:audit]
sourcetype: [linux:audit]

default_log_source:
source_type: linux:audit
sourcetype: linux:audit

field_mapping:
a0: a0
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/okta_okta.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: okta_okta


log_source:
source_type: [OktaIM2:*]
sourcetype: [OktaIM2:*]

default_log_source:
source_type: OktaIM2:*
sourcetype: OktaIM2:*

field_mapping:
client.user.id: client.user.id
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_bits_client.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ platform: Splunk
source: windows_bits_client

log_source:
source_type: [XmlWinEventLog:Microsoft-Windows-Bits-Client/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Bits-Client/Operational]

default_log_source:
source_type: XmlWinEventLog:Microsoft-Windows-Bits-Client/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Bits-Client/Operational

field_mapping:
LocalName: LocalName
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_dns_query.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_dns_query

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
Image: Image
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_driver_load.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_driver_load

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
ImageLoaded: ImageLoaded
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_file_access.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_file_access

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
CreationUtcTime: CreationUtcTime
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_file_change.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_file_change

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
CreationUtcTime: CreationUtcTime
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_file_create.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_file_create

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
CreationUtcTime: CreationUtcTime
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_file_delete.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_file_delete

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
CreationUtcTime: CreationUtcTime
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_file_event.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_file_event

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
CreationUtcTime: CreationUtcTime
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_file_rename.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_file_rename

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
CreationUtcTime: CreationUtcTime
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_image_load.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_image_load

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
Image: Image
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_ldap_debug.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: windows_ldap_debug


log_source:
source_type: [XmlWinEventLog:Microsoft-Windows-LDAP-Client/Debug]
sourcetype: [XmlWinEventLog:Microsoft-Windows-LDAP-Client/Debug]

default_log_source:
source_type: XmlWinEventLog:Microsoft-Windows-LDAP-Client/Debug
sourcetype: XmlWinEventLog:Microsoft-Windows-LDAP-Client/Debug

field_mapping:
EventID: EventID
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_network_connection.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_network_connection

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
Image: Image
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_ntlm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: windows_ntlm


log_source:
source_type: [XmlWinEventLog:Microsoft-Windows-NTLM/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-NTLM/Operational]

default_log_source:
source_type: XmlWinEventLog:Microsoft-Windows-NTLM/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-NTLM/Operational

field_mapping:
WorkstationName: WorkstationName
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_registry_event.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ source: windows_registry_event

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
TargetObject: TargetObject
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_sysmon.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ source: windows_sysmon

log_source:
source: [WinEventLog:Microsoft-Windows-Sysmon/Operational]
source_type: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]

default_log_source:
source: WinEventLog:Microsoft-Windows-Sysmon/Operational
source_type: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

field_mapping:
CommandLine: CommandLine
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/mappings/platforms/splunk/windows_wmi_event.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ source: windows_wmi_event


log_source:
source_type: [XmlWinEventLog:Microsoft-Windows-WMI-Activity/Operational]
sourcetype: [XmlWinEventLog:Microsoft-Windows-WMI-Activity/Operational]

default_log_source:
source_type: XmlWinEventLog:Microsoft-Windows-WMI-Activity/Operational
sourcetype: XmlWinEventLog:Microsoft-Windows-WMI-Activity/Operational

field_mapping:
Destination: Destination
Expand Down
4 changes: 2 additions & 2 deletions uncoder-core/app/translator/platforms/splunk/mapping.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ def prepare_log_source_signature(self, mapping: dict) -> SplunkLogSourceSignatur
default_log_source = mapping["default_log_source"]
return SplunkLogSourceSignature(
sources=log_source.get("source"),
source_types=log_source.get("source_type"),
source_categories=log_source.get("source_category"),
source_types=log_source.get("sourcetype"),
source_categories=log_source.get("sourcecategory"),
indices=log_source.get("index"),
default_source=default_log_source,
)
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy