Skip to content

new fields #175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jul 22, 2024
Merged

new fields #175

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4536c50
new fields
spsocprime Jul 18, 2024
976388f
merge
nazargesyk Jul 22, 2024
4567900
Merge branch 'main' into gis-aql-upd-2024-07-17
nazargesyk Jul 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ field_mapping:
c-uri-query: xdm.network.http.url
QueryName: xdm.network.dns.dns_question.name
Application: xdm.network.application_protocol
sourceNetwork: xdm.source.subnet
SourceHostName: xdm.source.host.hostname
DestinationHostname: xdm.target.host.hostname
Hashes:
Expand Down Expand Up @@ -128,7 +129,13 @@ field_mapping:
url_category: xdm.network.http.url_category
EventSeverity: xdm.alert.severity
duration: xdm.event.duration
ThreatName: xdm.alert.original_threat_id
AnalyzerName: xdm.observer.type
Classification: xdm.alert.category
ResultCode: xdm.event.outcome_reason
Technique: xdm.alert.mitre_techniques
Action: xdm.event.outcome
FileExtension: xdm.target.file.extension
Workstation: xdm.source.host.hostname
RegistryKey: xdm.target.registry.key
RegistryValue: xdm.target.registry.value
RegistryValue: xdm.target.registry.value
12 changes: 11 additions & 1 deletion uncoder-core/app/translator/mappings/platforms/qradar/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ field_mapping:
User:
- userName
- EventUserName
- Alert Threat Cause Actor Name
- Username
- Security ID
CommandLine: Command
Expand All @@ -44,6 +45,7 @@ field_mapping:
Application:
- Application
- application
sourceNetwork: sourceNetwork
SourceHostName:
- HostCount-source
- identityHostName
Expand Down Expand Up @@ -82,6 +84,14 @@ field_mapping:
- Source
- source
duration: duration
ThreatName:
- Threat Name
- Alert Blocked Threat Category
AnalyzerName: Analyzer Name
Classification: Classification
ResultCode: Alert Reason Code
Technique: Technique
Action: Action
Workstation: Machine Identifier
GroupMembership: Role Name
FileName:
Expand All @@ -91,4 +101,4 @@ field_mapping:
- Registry Key
- Target Object
RegistryValue: RegistryValue
ProcessPath: Process Path
ProcessPath: Process Path
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy