diff --git a/uncoder-core/app/translator/mappings/platforms/chronicle/windows_sysmon.yml b/uncoder-core/app/translator/mappings/platforms/chronicle/windows_sysmon.yml
index 091ce17a..bb2bbcdc 100644
--- a/uncoder-core/app/translator/mappings/platforms/chronicle/windows_sysmon.yml
+++ b/uncoder-core/app/translator/mappings/platforms/chronicle/windows_sysmon.yml
@@ -31,3 +31,4 @@ field_mapping:
StartModule: target.resource.name
TargetImage: target.process.file.full_path
StartFunction: ScriptBlockText
+ event.Technique: security_result.detection_fields.value
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml
deleted file mode 100644
index c795b1c3..00000000
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-platform: Palo Alto XSIAM
-source: slack_slack_raw
-
-
-default_log_source:
- dataset: slack_slack_raw
-
-field_mapping:
- c-action: xdm.event.operation
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml
deleted file mode 100644
index c845789b..00000000
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-platform: Palo Alto XSIAM
-source: webserver
-
-default_log_source:
- dataset: [apache_tomcat_raw, nginx_nginx_raw, apache_tomcat_raw]
-
-field_mapping:
- c-uri: xdm.network.http.url
- c-useragent: xdm.source.user_agent
- cs-method: xdm.network.http.method
- cs-bytes: xdm.target.sent_bytes
- c-uri-query: xdm.network.http.url
- cs-referrer: xdm.network.http.referrer
- sc-status: xdm.network.http.response_code
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
index cdc4b4b6..69adb819 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
@@ -14,8 +14,6 @@ field_mapping:
- DstPort
- DestinationPort
- remoteport
- dst-hostname: DstHost
- src-hostname: SrcHost
src-port:
- SourcePort
- localport
@@ -41,7 +39,7 @@ field_mapping:
- Username
- Security ID
CommandLine: Command
- Protocol:
+ Protocol:
- IPProtocol
- protocol
Application:
@@ -96,7 +94,7 @@ field_mapping:
Action: Action
Workstation: Machine Identifier
GroupMembership: Role Name
- FileName:
+ FileName:
- Filename
- File Name
- Encoded Filename
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml b/uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml
index 16c34a5e..b43fbc8d 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/webserver.yml
@@ -13,7 +13,7 @@ field_mapping:
- URL
- XForceCategoryByURL
c-useragent: User Agent
- cs-method:
+ cs-method:
- HTTP Method
- Method
cs-bytes: Bytes Sent
@@ -24,19 +24,19 @@ field_mapping:
- URL Path
- URL Query String
#cs-cookie: cs-cookie
- cs-host:
+ cs-host:
- UrlHost
- URL Host
- URL Domain
- HTTP Host
- cs-referrer:
+ cs-referrer:
- URL Referrer
- Referrer URL
cs-version: HTTP Version
- r-dns:
+ r-dns:
- UrlHost
- URL Host
- sc-status:
+ sc-status:
- HTTP Response Code
- Response Code
#post-body: post-body
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml b/uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml
index 11a80f32..fcad6da1 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/windows_process_creation.yml
@@ -24,7 +24,7 @@ field_mapping:
- ProcessName
IntegrityLevel: IntegrityLevel
ParentCommandLine: Parent Command
- ParentImage:
+ ParentImage:
- Parent Process Path
- ParentProcessName
ParentUser: ParentUser
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
index 53f9e8a5..bb7ccef6 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
@@ -190,4 +190,4 @@ field_mapping:
StartType: StartType
UserID: UserID
ParentProcessName: Parent Process Name
- Service: Service
+ Service: Service
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/splunk/default.yml b/uncoder-core/app/translator/mappings/platforms/splunk/default.yml
index bacbf0ac..d0cbfc38 100644
--- a/uncoder-core/app/translator/mappings/platforms/splunk/default.yml
+++ b/uncoder-core/app/translator/mappings/platforms/splunk/default.yml
@@ -6,4 +6,4 @@ log_source:
source: WinEventLog:*
default_log_source:
- source: WinEventLog:*
\ No newline at end of file
+ source: WinEventLog:*
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy