Skip to content

aql fields upd #177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 22, 2024
Merged

aql fields upd #177

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ field_mapping:
ProcessName:
- xdm.target.process.name
- xdm.source.process.name
ProcessPath: xdm.target.process.executable.path
ImageLoaded:
- xdm.target.process.executable.filename
- xdm.source.process.executable.filename
Expand Down Expand Up @@ -64,7 +65,7 @@ field_mapping:
dns-query: xdm.network.dns.dns_question.name
dns-answer: xdm.network.dns.dns_resource_record.value
dns-record: xdm.network.dns.dns_question.name
FileName: xdm.target.file.path
FileName: xdm.target.file.filename
IpAddress: xdm.source.ipv4
IpPort: xdm.source.port
LogonProcessName: xdm.target.process.executable.path
Expand Down Expand Up @@ -127,3 +128,7 @@ field_mapping:
url_category: xdm.network.http.url_category
EventSeverity: xdm.alert.severity
duration: xdm.event.duration
FileExtension: xdm.target.file.extension
Workstation: xdm.source.host.hostname
RegistryKey: xdm.target.registry.key
RegistryValue: xdm.target.registry.value
1 change: 1 addition & 0 deletions uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_image_load.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ default_log_source:

field_mapping:
ImageLoaded: action_module_path
FileExtension: action_file_extension
md5: action_module_md5
sha256: action_module_sha256
User: actor_effective_username
Expand Down
15 changes: 14 additions & 1 deletion uncoder-core/app/translator/mappings/platforms/qradar/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ field_mapping:
src-port:
- SourcePort
- localport
- sourcePort
src-ip:
- sourceip
- source_ip
Expand All @@ -34,6 +35,8 @@ field_mapping:
User:
- userName
- EventUserName
- Username
- Security ID
CommandLine: Command
Protocol:
- IPProtocol
Expand Down Expand Up @@ -78,4 +81,14 @@ field_mapping:
Source:
- Source
- source
duration: duration
duration: duration
Workstation: Machine Identifier
GroupMembership: Role Name
FileName:
- Filename
- File Name
RegistryKey:
- Registry Key
- Target Object
RegistryValue: RegistryValue
ProcessPath: Process Path
1 change: 1 addition & 0 deletions uncoder-core/app/translator/mappings/platforms/qradar/linux_process_creation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ field_mapping:
CommandLine:
- Command
- ASACommand
- Command Arguments
Image: Process Path
ParentCommandLine: Parent Command
ParentImage: Parent Process Path
Expand Down
3 changes: 2 additions & 1 deletion uncoder-core/app/translator/mappings/platforms/qradar/windows_image_load.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,5 @@ field_mapping:
- Signature Status
- SignatureStatus
OriginalFileName: OriginalFileName
Signed: Signed
Signed: Signed
FileExtension: File Extension
6 changes: 5 additions & 1 deletion uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,19 @@ field_mapping:
CommandLine:
- Command
- Encoded Argument
- Command Arguments
CurrentDirectory: CurrentDirectory
Hashes: File Hash
Image:
- Process Path
- Process Name
- DGApplication
- ProcessName
IntegrityLevel: IntegrityLevel
ParentCommandLine: Parent Command
ParentImage: Parent Process Path
ParentImage:
- Parent Process Path
- ParentProcessName
ParentUser: ParentUser
Product: Product
User:
Expand Down
1 change: 1 addition & 0 deletions uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ field_mapping:
EventID:
- Event ID
- EventID
- qidEventId
ParentImage: Parent Process Path
AccessMask: AccessMask
AccountName: Account Name
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy