From 4f51692da794e00a359ae0bf3a6e8c60e63da38c Mon Sep 17 00:00:00 2001
From: Oleksandr Volha <alexandervolha@gmail.com>
Date: Fri, 8 Dec 2023 12:48:35 +0200
Subject: [PATCH] folder renames, functions refactoring

---
 docker-compose.yml                            |   6 +-
 .../app/converter/core/functions.py           |  24 ---
 .../core/models/functions/aggregation.py      |  25 ----
 .../converter/core/models/functions/search.py |  32 ----
 .../converter/core/models/functions/sort.py   |  33 -----
 .../converter/core/models/functions/table.py  |  13 --
 .../converter/core/models/functions/types.py  |  57 --------
 .../converter/core/models/functions/union.py  |   4 -
 .../converter/core/models/functions/where.py  |   5 -
 .../app/converter/core/models/identifier.py   |  19 ---
 .../app/converter/platforms/__init__.py       | 122 ----------------
 .../logscale/siem_functions/__init__.py       |  29 ----
 .../splunk/siem_functions/__init__.py         |   7 -
 {siem-converter => translator}/.gitignore     |   0
 {siem-converter => translator}/Dockerfile     |   0
 .../app/__init__.py                           |   0
 .../dictionaries/uncoder_meta_info_roota.json |   0
 .../dictionaries/uncoder_meta_info_sigma.json |   0
 .../app/models}/__init__.py                   |   0
 .../app/models/ioc_translation.py             |   0
 .../app/models/translation.py                 |   0
 .../app/routers}/__init__.py                  |   0
 .../app/routers/assistance.py                 |   2 +-
 .../app/routers/ioc_translate.py              |   4 +-
 .../app/routers/translate.py                  |   6 +-
 .../app/translator}/__init__.py               |   0
 .../app/translator}/const.py                  |   0
 .../app/translator/core}/__init__.py          |   0
 .../translator/core/custom_types}/__init__.py |   0
 .../translator/core/custom_types/functions.py |  13 ++
 .../translator}/core/custom_types/tokens.py   |   2 +-
 .../translator/core/exceptions}/__init__.py   |   0
 .../app/translator}/core/exceptions/core.py   |   0
 .../translator/core/exceptions/functions.py   |  14 ++
 .../app/translator}/core/exceptions/iocs.py   |   0
 .../app/translator}/core/exceptions/parser.py |   0
 .../app/translator}/core/exceptions/render.py |   0
 translator/app/translator/core/functions.py   | 138 ++++++++++++++++++
 .../app/translator}/core/mapping.py           |   2 +-
 .../app/translator}/core/mitre.py             |   2 +-
 .../app/translator/core/mixins}/__init__.py   |   0
 .../app/translator}/core/mixins/logic.py      |   8 +-
 .../app/translator}/core/mixins/operator.py   |   4 +-
 .../app/translator}/core/mixins/rule.py       |   4 +-
 .../app/translator/core/models}/__init__.py   |   0
 .../app/translator}/core/models/field.py      |  16 +-
 .../core/models/functions}/__init__.py        |   0
 .../translator/core/models/functions/base.py  |  22 +++
 .../translator/core/models/functions/sort.py  |  25 ++++
 .../app/translator/core/models/identifier.py  |  18 +++
 .../app/translator}/core/models/iocs.py       |   0
 .../translator}/core/models/parser_output.py  |   4 +-
 .../core/models/platform_details.py           |   0
 .../app/translator}/core/parser.py            |  21 ++-
 .../app/translator}/core/parser_cti.py        |   4 +-
 .../app/translator}/core/render.py            |  38 +++--
 .../app/translator}/core/render_cti.py        |   2 +-
 .../app/translator}/core/tokenizer.py         |  38 ++++-
 .../app/translator/cti_translator.py          |  12 +-
 .../app/translator}/managers.py               |   8 +-
 .../app/translator/mappings}/__init__.py      |   0
 .../platforms/athena/aws_cloudtrail.yml       |   0
 .../mappings/platforms/athena/default.yml     |   0
 .../platforms/athena/linux_file_event.yml     |   0
 .../athena/linux_process_creation.yml         |   0
 .../platforms/athena/macos_file_event.yml     |   0
 .../athena/macos_process_creation.yml         |   0
 .../platforms/athena/windows_file_event.yml   |   0
 .../platforms/athena/windows_image_load.yml   |   0
 .../athena/windows_process_creation.yml       |   0
 .../athena/windows_registry_event.yml         |   0
 .../platforms/athena/windows_security.yml     |   0
 .../mappings/platforms/chronicle/default.yml  |   0
 .../windows_create_remote_thread.yml          |   0
 .../platforms/chronicle/windows_dns_query.yml |   0
 .../chronicle/windows_file_event.yml          |   0
 .../chronicle/windows_image_load.yml          |   0
 .../chronicle/windows_network_connection.yml  |   0
 .../chronicle/windows_pipe_created.yml        |   0
 .../chronicle/windows_process_access.yml      |   0
 .../chronicle/windows_process_creation.yml    |   0
 .../chronicle/windows_registry_event.yml      |   0
 .../platforms/chronicle/windows_security.yml  |   0
 .../platforms/chronicle/windows_sysmon.yml    |   0
 .../platforms/crowdstrike/default.yml         |   0
 .../platforms/crowdstrike/linux_dns_query.yml |   0
 .../crowdstrike/linux_network_connection.yml  |   0
 .../crowdstrike/linux_process_creation.yml    |   0
 .../platforms/crowdstrike/macos_dns_query.yml |   0
 .../crowdstrike/macos_network_connection.yml  |   0
 .../crowdstrike/macos_process_creation.yml    |   0
 .../crowdstrike/windows_dns_query.yml         |   0
 .../crowdstrike/windows_driver_load.yml       |   0
 .../crowdstrike/windows_image_load.yml        |   0
 .../windows_network_connection.yml            |   0
 .../crowdstrike/windows_process_creation.yml  |   0
 .../crowdstrike/windows_registry_event.yml    |   0
 .../platforms/crowdstrike/windows_sysmon.yml  |   0
 .../elasticsearch/aws_cloudtrail.yml          |   0
 .../platforms/elasticsearch/aws_eks.yml       |   0
 .../elasticsearch/azure_AzureDiagnostics.yml  |   0
 .../elasticsearch/azure_BehaviorAnalytics.yml |   0
 .../azure_aadnoninteractiveusersigninlogs.yml |   0
 .../elasticsearch/azure_azureactivity.yml     |   0
 .../platforms/elasticsearch/azure_azuread.yml |   0
 .../platforms/elasticsearch/azure_m365.yml    |   0
 .../elasticsearch/azure_signinlogs.yml        |   0
 .../platforms/elasticsearch/default.yml       |   0
 .../mappings/platforms/elasticsearch/dns.yml  |   0
 .../platforms/elasticsearch/firewall.yml      |   0
 .../platforms/elasticsearch/gcp_gcp.audit.yml |   0
 .../platforms/elasticsearch/gcp_pubsub.yml    |   0
 .../platforms/elasticsearch/linux_auditd.yml  |   0
 .../elasticsearch/linux_dns_query.yml         |   0
 .../elasticsearch/linux_process_creation.yml  |   0
 .../elasticsearch/macos_dns_query.yml         |   0
 .../macos_network_connection.yml              |   0
 .../elasticsearch/macos_process_creation.yml  |   0
 .../platforms/elasticsearch/okta_okta.yml     |   0
 .../platforms/elasticsearch/proxy.yml         |   0
 .../platforms/elasticsearch/webserver.yml     |   0
 .../elasticsearch/windows_bits_client.yml     |   0
 .../elasticsearch/windows_dns_query.yml       |   0
 .../elasticsearch/windows_driver_load.yml     |   0
 .../elasticsearch/windows_image_load.yml      |   0
 .../elasticsearch/windows_ldap_debug.yml      |   0
 .../windows_network_connection.yml            |   0
 .../platforms/elasticsearch/windows_ntlm.yml  |   0
 .../elasticsearch/windows_powershell.yml      |   0
 .../windows_process_creation.yml              |   0
 .../elasticsearch/windows_security.yml        |   0
 .../elasticsearch/windows_sysmon.yml          |   0
 .../elasticsearch/windows_wmi_event.yml       |   0
 .../platforms/logscale/aws_cloudtrail.yml     |   0
 .../mappings/platforms/logscale/aws_eks.yml   |   0
 .../logscale/azure_AzureDiagnostics.yml       |   0
 .../logscale/azure_BehaviorAnalytics.yml      |   0
 .../azure_aadnoninteractiveusersigninlogs.yml |   0
 .../logscale/azure_azureactivity.yml          |   0
 .../platforms/logscale/azure_azuread.yml      |   0
 .../platforms/logscale/azure_m365.yml         |   0
 .../platforms/logscale/azure_signinlogs.yml   |   0
 .../mappings/platforms/logscale/default.yml   |   0
 .../mappings/platforms/logscale/dns.yml       |   0
 .../mappings/platforms/logscale/firewall.yml  |   0
 .../platforms/logscale/gcp_gcp.audit.yml      |   0
 .../platforms/logscale/gcp_pubsub.yml         |   0
 .../platforms/logscale/linux_auditd.yml       |   0
 .../platforms/logscale/linux_dns_query.yml    |   0
 .../logscale/linux_process_creation.yml       |   0
 .../platforms/logscale/macos_dns_query.yml    |   0
 .../logscale/macos_network_connection.yml     |   0
 .../logscale/macos_process_creation.yml       |   0
 .../mappings/platforms/logscale/okta_okta.yml |   0
 .../mappings/platforms/logscale/proxy.yml     |   0
 .../mappings/platforms/logscale/webserver.yml |   0
 .../logscale/windows_application.yml          |   0
 .../logscale/windows_bits_client.yml          |   0
 .../logscale/windows_create_remote_thread.yml |   0
 .../logscale/windows_create_stream_hash.yml   |   0
 .../platforms/logscale/windows_dns_query.yml  |   0
 .../logscale/windows_driver_load.yml          |   0
 .../platforms/logscale/windows_file_event.yml |   0
 .../platforms/logscale/windows_image_load.yml |   0
 .../platforms/logscale/windows_ldap_debug.yml |   0
 .../logscale/windows_network_connection.yml   |   0
 .../platforms/logscale/windows_ntlm.yml       |   0
 .../logscale/windows_pipe_created.yml         |   0
 .../platforms/logscale/windows_powershell.yml |   0
 .../logscale/windows_process_access.yml       |   0
 .../logscale/windows_process_creation.yml     |   0
 .../logscale/windows_raw_access_thread.yml    |   0
 .../logscale/windows_registry_event.yml       |   0
 .../platforms/logscale/windows_security.yml   |   0
 .../platforms/logscale/windows_sysmon.yml     |   0
 .../platforms/logscale/windows_system.yml     |   0
 .../platforms/logscale/windows_wmi_event.yml  |   0
 .../platforms/microsoft_defender/default.yml  |   0
 .../microsoft_defender/linux_file_event.yml   |   0
 .../linux_network_connection.yml              |   0
 .../microsoft_defender/macos_file_event.yml   |   0
 .../macos_network_connection.yml              |   0
 .../macos_process_creation.yml                |   0
 .../microsoft_defender/windows_file_event.yml |   0
 .../microsoft_defender/windows_image_load.yml |   0
 .../windows_network_connection.yml            |   0
 .../windows_process_creation.yml              |   0
 .../windows_registry_event.yml                |   0
 .../microsoft_defender/windows_sysmon.yml     |   0
 .../microsoft_sentinel/aws_cloudtrail.yml     |   0
 .../platforms/microsoft_sentinel/aws_eks.yml  |   0
 .../azure_AzureDiagnostics.yml                |   0
 .../azure_BehaviorAnalytics.yml               |   0
 .../azure_aadnoninteractiveusersigninlogs.yml |   0
 .../azure_azureactivity.yml                   |   0
 .../microsoft_sentinel/azure_azuread.yml      |   0
 .../microsoft_sentinel/azure_m365.yml         |   0
 .../microsoft_sentinel/azure_o365.yml         |   0
 .../microsoft_sentinel/azure_office365.yml    |   0
 .../microsoft_sentinel/azure_signlogs.yml     |   0
 .../platforms/microsoft_sentinel/default.yml  |   0
 .../microsoft_sentinel/linux_auidt.yml        |   0
 .../microsoft_sentinel/linux_dns_query.yml    |   0
 .../microsoft_sentinel/linux_file_event.yml   |   0
 .../linux_network_connection.yml              |   0
 .../linux_process_creation.yml                |   0
 .../microsoft_sentinel/macos_file_event.yml   |   0
 .../macos_network_connection.yml              |   0
 .../macos_process_creation.yml                |   0
 .../microsoft_sentinel/okta_okta.yml          |   0
 .../windows_bits_client.yml                   |   0
 .../microsoft_sentinel/windows_dns_query.yml  |   0
 .../windows_driver_load.yml                   |   0
 .../microsoft_sentinel/windows_file_event.yml |   0
 .../microsoft_sentinel/windows_image_load.yml |   0
 .../microsoft_sentinel/windows_ldap_debug.yml |   0
 .../windows_network_connection.yml            |   0
 .../microsoft_sentinel/windows_ntlm.yml       |   0
 .../microsoft_sentinel/windows_powershell.yml |   0
 .../windows_process_creation.yml              |   0
 .../windows_registry_event.yml                |   0
 .../microsoft_sentinel/windows_security.yml   |   0
 .../microsoft_sentinel/windows_sysmon.yml     |   0
 .../microsoft_sentinel/windows_wmi_event.yml  |   0
 .../platforms/opensearch/aws_cloudtrail.yml   |   0
 .../mappings/platforms/opensearch/aws_eks.yml |   0
 .../opensearch/azure_AzureDiagnostics.yml     |   0
 .../opensearch/azure_BehaviorAnalytics.yml    |   0
 .../azure_aadnoninteractiveusersigninlogs.yml |   0
 .../opensearch/azure_azureactivity.yml        |   0
 .../platforms/opensearch/azure_azuread.yml    |   0
 .../platforms/opensearch/azure_m365.yml       |   0
 .../platforms/opensearch/azure_signinlogs.yml |   0
 .../mappings/platforms/opensearch/default.yml |   0
 .../mappings/platforms/opensearch/dns.yml     |   0
 .../platforms/opensearch/firewall.yml         |   0
 .../platforms/opensearch/gcp_gcp.audit.yml    |   0
 .../platforms/opensearch/gcp_pubsub.yml       |   0
 .../platforms/opensearch/linux_auditd.yml     |   0
 .../platforms/opensearch/linux_dns_query.yml  |   0
 .../opensearch/linux_process_creation.yml     |   0
 .../platforms/opensearch/macos_dns_query.yml  |   0
 .../opensearch/macos_network_connection.yml   |   0
 .../opensearch/macos_process_creation.yml     |   0
 .../platforms/opensearch/okta_okta.yml        |   0
 .../mappings/platforms/opensearch/proxy.yml   |   0
 .../platforms/opensearch/webserver.yml        |   0
 .../opensearch/windows_bits_client.yml        |   0
 .../opensearch/windows_dns_query.yml          |   0
 .../opensearch/windows_driver_load.yml        |   0
 .../opensearch/windows_image_load.yml         |   0
 .../opensearch/windows_ldap_debug.yml         |   0
 .../opensearch/windows_network_connection.yml |   0
 .../platforms/opensearch/windows_ntlm.yml     |   0
 .../opensearch/windows_powershell.yml         |   0
 .../opensearch/windows_process_creation.yml   |   0
 .../platforms/opensearch/windows_security.yml |   0
 .../platforms/opensearch/windows_sysmon.yml   |   0
 .../opensearch/windows_wmi_event.yml          |   0
 .../platforms/qradar/aws_cloudtrail.yml       |   0
 .../mappings/platforms/qradar/aws_eks.yml     |   0
 .../platforms/qradar/azure_azureactivity.yml  |   0
 .../platforms/qradar/azure_azuread.yml        |   0
 .../mappings/platforms/qradar/azure_m365.yml  |   0
 .../platforms/qradar/azure_signinlogs.yml     |   0
 .../mappings/platforms/qradar/default.yml     |   0
 .../mappings/platforms/qradar/dns.yml         |   0
 .../mappings/platforms/qradar/firewall.yml    |   0
 .../platforms/qradar/gcp_gcp.audit.yml        |   0
 .../platforms/qradar/linux_auditd.yml         |   0
 .../platforms/qradar/linux_dns_query.yml      |   0
 .../platforms/qradar/linux_file_event.yml     |   0
 .../qradar/linux_network_connection.yml       |   0
 .../qradar/linux_process_creation.yml         |   0
 .../platforms/qradar/macos_dns_query.yml      |   0
 .../platforms/qradar/macos_file_event.yml     |   0
 .../qradar/macos_network_connection.yml       |   0
 .../qradar/macos_process_creation.yml         |   0
 .../mappings/platforms/qradar/okta_okta.yml   |   0
 .../mappings/platforms/qradar/proxy.yml       |   0
 .../mappings/platforms/qradar/webserver.yml   |   0
 .../platforms/qradar/windows_application.yml  |   0
 .../qradar/windows_create_remote_thread.yml   |   0
 .../qradar/windows_create_stream_hash.yml     |   0
 .../platforms/qradar/windows_dns_query.yml    |   0
 .../platforms/qradar/windows_driver_load.yml  |   0
 .../platforms/qradar/windows_file_event.yml   |   0
 .../platforms/qradar/windows_image_load.yml   |   0
 .../platforms/qradar/windows_ldap_debug.yml   |   0
 .../qradar/windows_network_connection.yml     |   0
 .../platforms/qradar/windows_ntlm.yml         |   0
 .../platforms/qradar/windows_pipe_created.yml |   0
 .../platforms/qradar/windows_powershell.yml   |   0
 .../qradar/windows_process_access.yml         |   0
 .../qradar/windows_process_creation.yml       |   0
 .../qradar/windows_raw_access_thread.yml      |   0
 .../qradar/windows_registry_event.yml         |   0
 .../platforms/qradar/windows_security.yml     |   0
 .../platforms/qradar/windows_sysmon.yml       |   0
 .../platforms/qradar/windows_system.yml       |   0
 .../platforms/qradar/windows_wmi_event.yml    |   0
 .../platforms/sigma/aws_cloudtrail.yml        |   0
 .../mappings/platforms/sigma/aws_eks.yml      |   0
 .../sigma/azure_AzureDiagnostics.yml          |   0
 .../sigma/azure_BehaviorAnalytics.yml         |   0
 .../azure_aadnoninteractiveusersigninlogs.yml |   0
 .../platforms/sigma/azure_azureactivity.yml   |   0
 .../platforms/sigma/azure_azuread.yml         |   0
 .../mappings/platforms/sigma/azure_m365.yml   |   0
 .../platforms/sigma/azure_signinlogs.yml      |   0
 .../mappings/platforms/sigma/default.yml      |   0
 .../mappings/platforms/sigma/dns.yml          |   0
 .../mappings/platforms/sigma/firewall.yml     |   0
 .../platforms/sigma/gcp_gcp.audit.yml         |   0
 .../mappings/platforms/sigma/gcp_pubsub.yml   |   0
 .../mappings/platforms/sigma/linux_auditd.yml |   0
 .../platforms/sigma/linux_dns_query.yml       |   0
 .../sigma/linux_network_connection.yml        |   0
 .../sigma/linux_process_creation.yml          |   0
 .../platforms/sigma/macos_dns_query.yml       |   0
 .../sigma/macos_network_connection.yml        |   0
 .../sigma/macos_process_creation.yml          |   0
 .../mappings/platforms/sigma/okta_okta.yml    |   0
 .../mappings/platforms/sigma/proxy.yml        |   0
 .../mappings/platforms/sigma/webserver.yml    |   0
 .../platforms/sigma/windows_bits_client.yml   |   0
 .../platforms/sigma/windows_dns_query.yml     |   0
 .../platforms/sigma/windows_driver_load.yml   |   0
 .../platforms/sigma/windows_image_load.yml    |   0
 .../platforms/sigma/windows_ldap_debug.yml    |   0
 .../sigma/windows_network_connection.yml      |   0
 .../mappings/platforms/sigma/windows_ntlm.yml |   0
 .../platforms/sigma/windows_powershell.yml    |   0
 .../sigma/windows_process_creation.yml        |   0
 .../platforms/sigma/windows_security.yml      |   0
 .../platforms/sigma/windows_sysmon.yml        |   0
 .../platforms/sigma/windows_wmi_event.yml     |   0
 .../platforms/splunk/aws_cloudtrail.yml       |   0
 .../mappings/platforms/splunk/aws_eks.yml     |   0
 .../splunk/azure_AzureDiagnostics.yml         |   0
 .../splunk/azure_BehaviorAnalytics.yml        |   0
 .../azure_aadnoninteractiveusersigninlogs.yml |   0
 .../platforms/splunk/azure_azureactivity.yml  |   0
 .../platforms/splunk/azure_azuread.yml        |   0
 .../platforms/splunk/azure_signinlogs.yml     |   0
 .../mappings/platforms/splunk/default.yml     |   0
 .../platforms/splunk/gcp_gcp.audit.yml        |   0
 .../mappings/platforms/splunk/gcp_pubsub.yml  |   0
 .../platforms/splunk/linux_auditd.yml         |   0
 .../platforms/splunk/linux_dns_query.yml      |   0
 .../platforms/splunk/linux_file_access.yml    |   0
 .../platforms/splunk/linux_file_change.yml    |   0
 .../platforms/splunk/linux_file_create.yml    |   0
 .../platforms/splunk/linux_file_delete.yml    |   0
 .../platforms/splunk/linux_file_event.yml     |   0
 .../platforms/splunk/linux_file_rename.yml    |   0
 .../splunk/linux_network_connection.yml       |   0
 .../splunk/linux_process_creation.yml         |   0
 .../platforms/splunk/macos_dns_query.yml      |   0
 .../platforms/splunk/macos_file_access.yml    |   0
 .../platforms/splunk/macos_file_change.yml    |   0
 .../platforms/splunk/macos_file_delete.yml    |   0
 .../platforms/splunk/macos_file_event.yml     |   0
 .../platforms/splunk/macos_file_rename.yml    |   0
 .../splunk/macos_network_connection.yml       |   0
 .../splunk/macos_process_creation.yml         |   0
 .../mappings/platforms/splunk/okta_okta.yml   |   0
 .../platforms/splunk/windows_bits_client.yml  |   0
 .../platforms/splunk/windows_dns_query.yml    |   0
 .../platforms/splunk/windows_driver_load.yml  |   0
 .../platforms/splunk/windows_file_access.yml  |   0
 .../platforms/splunk/windows_file_change.yml  |   0
 .../platforms/splunk/windows_file_create.yml  |   0
 .../platforms/splunk/windows_file_delete.yml  |   0
 .../platforms/splunk/windows_file_event.yml   |   0
 .../platforms/splunk/windows_file_rename.yml  |   0
 .../platforms/splunk/windows_image_load.yml   |   0
 .../platforms/splunk/windows_ldap_debug.yml   |   0
 .../splunk/windows_network_connection.yml     |   0
 .../platforms/splunk/windows_ntlm.yml         |   0
 .../platforms/splunk/windows_powershell.yml   |   0
 .../splunk/windows_process_creation.yml       |   0
 .../splunk/windows_registry_event.yml         |   0
 .../platforms/splunk/windows_security.yml     |   0
 .../platforms/splunk/windows_sysmon.yml       |   0
 .../platforms/splunk/windows_wmi_event.yml    |   0
 .../translator/mappings/utils}/__init__.py    |   0
 .../mappings/utils/load_from_files.py         |   2 +-
 .../app/translator/platforms/__init__.py      | 122 ++++++++++++++++
 .../translator/platforms/athena}/__init__.py  |   0
 .../app/translator}/platforms/athena/const.py |   2 +-
 .../translator}/platforms/athena/mapping.py   |   2 +-
 .../platforms/athena/mappings}/__init__.py    |   0
 .../platforms/athena/mappings/athena_cti.py   |   0
 .../platforms/athena/parsers}/__init__.py     |   0
 .../platforms/athena/parsers/athena.py        |  12 +-
 .../platforms/athena/renders}/__init__.py     |   0
 .../platforms/athena/renders/athena.py        |  12 +-
 .../platforms/athena/renders/athena_cti.py    |   8 +-
 .../translator}/platforms/athena/tokenizer.py |   8 +-
 .../translator/platforms/base}/__init__.py    |   0
 .../platforms/base/lucene}/__init__.py        |   0
 .../platforms/base/lucene/mapping.py          |   2 +-
 .../base/lucene/parsers}/__init__.py          |   0
 .../platforms/base/lucene/parsers/lucene.py   |   6 +-
 .../base/lucene/renders}/__init__.py          |   0
 .../platforms/base/lucene/renders/lucene.py   |   5 +-
 .../platforms/base/lucene/tokenizer.py        |  14 +-
 .../platforms/base/spl}/__init__.py           |   0
 .../platforms/base/spl/functions/__init__.py  |  41 ++++++
 .../platforms/base/spl/functions/const.py     |  18 +++
 .../platforms/base/spl/functions/manager.py   |  13 ++
 .../platforms/base/spl/parsers}/__init__.py   |   0
 .../platforms/base/spl/parsers/spl.py         |  23 +--
 .../platforms/base/spl/renders}/__init__.py   |   0
 .../platforms/base/spl/renders/spl.py         |   4 +-
 .../platforms/base/spl/tokenizer.py           |  12 +-
 .../platforms/carbonblack}/__init__.py        |   0
 .../platforms/carbonblack/const.py            |   0
 .../carbonblack/mappings}/__init__.py         |   0
 .../carbonblack/mappings/carbonblack_cti.py   |   0
 .../carbonblack/renders}/__init__.py          |   0
 .../carbonblack/renders/carbonblack_cti.py    |   8 +-
 .../platforms/chronicle}/__init__.py          |   0
 .../translator}/platforms/chronicle/const.py  |   2 +-
 .../platforms/chronicle/mapping.py            |   2 +-
 .../platforms/chronicle/mappings}/__init__.py |   0
 .../chronicle/mappings/chronicle_cti.py       |   0
 .../platforms/chronicle/parsers}/__init__.py  |   0
 .../platforms/chronicle/parsers/chronicle.py  |  12 +-
 .../chronicle/parsers/chronicle_rule.py       |  14 +-
 .../platforms/chronicle/renders}/__init__.py  |   0
 .../platforms/chronicle/renders/chronicle.py  |  15 +-
 .../chronicle/renders/chronicle_cti.py        |   8 +-
 .../chronicle/renders/chronicle_rule.py       |  16 +-
 .../platforms/chronicle/tokenizer.py          |   8 +-
 .../platforms/crowdstrike}/__init__.py        |   0
 .../platforms/crowdstrike/const.py            |   2 +-
 .../crowdstrike/functions/__init__.py         |   8 +
 .../platforms/crowdstrike/mapping.py          |   2 +-
 .../crowdstrike/mappings}/__init__.py         |   0
 .../crowdstrike/mappings/crowdstrike_cti.py   |   0
 .../crowdstrike/parsers}/__init__.py          |   0
 .../crowdstrike/parsers/crowdstrike.py        |  10 +-
 .../crowdstrike/renders}/__init__.py          |   0
 .../crowdstrike/renders/crowdstrike.py        |  14 +-
 .../crowdstrike/renders/crowdstrike_cti.py    |   8 +-
 .../platforms/elasticsearch}/__init__.py      |   0
 .../platforms/elasticsearch/const.py          |   2 +-
 .../platforms/elasticsearch/mapping.py        |   2 +-
 .../elasticsearch/mappings}/__init__.py       |   0
 .../mappings/elasticsearch_cti_cti.py         |   0
 .../elasticsearch/parsers}/__init__.py        |   0
 .../elasticsearch/parsers/detection_rule.py   |  10 +-
 .../elasticsearch/parsers/elasticsearch.py    |   8 +-
 .../elasticsearch/renders}/__init__.py        |   0
 .../elasticsearch/renders/detection_rule.py   |  22 ++-
 .../elasticsearch/renders/elast_alert.py      |  18 +--
 .../elasticsearch/renders/elasticsearch.py    |   8 +-
 .../renders/elasticsearch_cti.py              |   8 +-
 .../platforms/elasticsearch/renders/kibana.py |  18 +--
 .../elasticsearch/renders/xpack_watcher.py    |  18 +--
 .../platforms/elasticsearch/tokenizer.py      |   2 +-
 .../platforms/fireeye_helix}/__init__.py      |   0
 .../platforms/fireeye_helix/const.py          |   0
 .../fireeye_helix/mappings}/__init__.py       |   0
 .../fireeye_helix/mappings/fireeye_helix.py   |   0
 .../fireeye_helix/renders}/__init__.py        |   0
 .../renders/fireeye_helix_cti.py              |   8 +-
 .../translator/platforms/graylog}/__init__.py |   0
 .../translator}/platforms/graylog/const.py    |   0
 .../platforms/graylog/mappings}/__init__.py   |   0
 .../platforms/graylog/mappings/graylog_cti.py |   0
 .../platforms/graylog/renders}/__init__.py    |   0
 .../platforms/graylog/renders/graylog_cti.py  |   8 +-
 .../platforms/logpoint}/__init__.py           |   0
 .../translator}/platforms/logpoint/const.py   |   0
 .../platforms/logpoint/mappings}/__init__.py  |   0
 .../logpoint/mappings/logpoint_cti.py         |   0
 .../platforms/logpoint/renders}/__init__.py   |   0
 .../logpoint/renders/logpoint_cti.py          |   8 +-
 .../platforms/logscale}/__init__.py           |   0
 .../translator}/platforms/logscale/const.py   |   2 +-
 .../platforms/logscale/functions/__init__.py  |  46 ++++++
 .../platforms/logscale/functions/const.py     |  14 ++
 .../platforms/logscale/functions/manager.py   |  13 ++
 .../translator}/platforms/logscale/mapping.py |  16 +-
 .../platforms/logscale/mappings}/__init__.py  |   0
 .../logscale/mappings/logscale_cti.py         |   0
 .../platforms/logscale/parsers}/__init__.py   |   0
 .../platforms/logscale/parsers/logscale.py    |  25 ++--
 .../logscale/parsers/logscale_alert.py        |  10 +-
 .../platforms/logscale/renders}/__init__.py   |   0
 .../platforms/logscale/renders/logscale.py    |  32 ++--
 .../logscale/renders/logscale_alert.py        |  21 +--
 .../logscale/renders/logscale_cti.py          |   8 +-
 .../platforms/logscale/tokenizer.py           |  12 +-
 .../platforms/microsoft}/__init__.py          |   0
 .../translator}/platforms/microsoft/const.py  |   2 +-
 .../platforms/microsoft/functions/__init__.py |  56 +++++++
 .../platforms/microsoft/functions/const.py    |  14 ++
 .../platforms/microsoft/functions/manager.py  |  13 ++
 .../platforms/microsoft/mapping.py            |   2 +-
 .../platforms/microsoft/mappings}/__init__.py |   0
 .../platforms/microsoft/mappings/mdatp_cti.py |   0
 .../mappings/microsoft_sentinel_cti.py        |   0
 .../platforms/microsoft/parsers}/__init__.py  |   0
 .../microsoft/parsers/microsoft_defender.py   |  10 +-
 .../microsoft/parsers/microsoft_sentinel.py   |  25 ++--
 .../parsers/microsoft_sentinel_rule.py        |  10 +-
 .../platforms/microsoft/renders}/__init__.py  |   0
 .../microsoft/renders/microsoft_defender.py   |  10 +-
 .../renders/microsoft_defender_cti.py         |   8 +-
 .../microsoft/renders/microsoft_sentinel.py   |  25 ++--
 .../renders/microsoft_sentinel_cti.py         |   8 +-
 .../renders/microsoft_sentinel_rule.py        |  16 +-
 .../microsoft/siem_functions}/__init__.py     |   0
 .../microsoft/siem_functions/base.py          |   4 +-
 .../platforms/microsoft/tokenizer.py          |   8 +-
 .../platforms/opensearch}/__init__.py         |   0
 .../translator}/platforms/opensearch/const.py |   2 +-
 .../platforms/opensearch/mapping.py           |   2 +-
 .../opensearch/mappings}/__init__.py          |   0
 .../opensearch/mappings/opensearch_cti.py     |   0
 .../platforms/opensearch/parsers}/__init__.py |   0
 .../opensearch/parsers/opensearch.py          |   8 +-
 .../platforms/opensearch/renders}/__init__.py |   0
 .../opensearch/renders/opensearch.py          |   8 +-
 .../opensearch/renders/opensearch_cti.py      |   8 +-
 .../opensearch/renders/opensearch_rule.py     |  16 +-
 .../platforms/opensearch/tokenizer.py         |   2 +-
 .../translator/platforms/qradar}/__init__.py  |   0
 .../app/translator}/platforms/qradar/const.py |   2 +-
 .../translator}/platforms/qradar/mapping.py   |   2 +-
 .../platforms/qradar/mappings}/__init__.py    |   0
 .../platforms/qradar/mappings/qradar_cti.py   |   0
 .../platforms/qradar/parsers}/__init__.py     |   0
 .../platforms/qradar/parsers/qradar.py        |  14 +-
 .../platforms/qradar/renders}/__init__.py     |   0
 .../platforms/qradar/renders/qradar.py        |  15 +-
 .../platforms/qradar/renders/qradar_cti.py    |   8 +-
 .../translator}/platforms/qradar/tokenizer.py |  12 +-
 .../translator/platforms/qualys}/__init__.py  |   0
 .../app/translator}/platforms/qualys/const.py |   0
 .../platforms/qualys/mappings}/__init__.py    |   0
 .../platforms/qualys/mappings/qualys_cti.py   |   0
 .../platforms/qualys/renders}/__init__.py     |   0
 .../platforms/qualys/renders/qualys_cti.py    |   8 +-
 .../translator/platforms/roota}/__init__.py   |   0
 .../translator}/platforms/roota/mapping.py    |   2 +-
 .../platforms/roota/parsers}/__init__.py      |   0
 .../platforms/roota/parsers/roota.py          |  10 +-
 .../platforms/rsa_netwitness}/__init__.py     |   0
 .../platforms/rsa_netwitness/const.py         |   0
 .../rsa_netwitness/mappings}/__init__.py      |   0
 .../mappings/rsa_netwitness_cti.py            |   0
 .../rsa_netwitness/renders}/__init__.py       |   0
 .../renders/rsa_netwitness_cti.py             |   8 +-
 .../platforms/securonix}/__init__.py          |   0
 .../translator}/platforms/securonix/const.py  |   0
 .../platforms/securonix/mappings}/__init__.py |   0
 .../securonix/mappings/securonix_cti.py       |   0
 .../platforms/securonix/renders}/__init__.py  |   0
 .../securonix/renders/securonix_cti.py        |   8 +-
 .../platforms/sentinel_one}/__init__.py       |   0
 .../platforms/sentinel_one/const.py           |   0
 .../sentinel_one/mappings}/__init__.py        |   0
 .../platforms/sentinel_one/mappings/s1_cti.py |   0
 .../sentinel_one/renders}/__init__.py         |   0
 .../platforms/sentinel_one/renders/s1_cti.py  |   8 +-
 .../translator/platforms/sigma}/__init__.py   |   0
 .../app/translator}/platforms/sigma/const.py  |   0
 .../translator}/platforms/sigma/mapping.py    |   2 +-
 .../platforms/sigma/models}/__init__.py       |   0
 .../platforms/sigma/models/compiler.py        |  10 +-
 .../platforms/sigma/models/group.py           |   2 +-
 .../platforms/sigma/models/modifiers.py       |   6 +-
 .../platforms/sigma/models/operator.py        |   2 +-
 .../platforms/sigma/parsers}/__init__.py      |   0
 .../platforms/sigma/parsers/sigma.py          |  16 +-
 .../platforms/sigma/renders}/__init__.py      |   0
 .../platforms/sigma/renders/sigma.py          |  29 ++--
 .../translator}/platforms/sigma/tokenizer.py  |  12 +-
 .../platforms/snowflake}/__init__.py          |   0
 .../translator}/platforms/snowflake/const.py  |   0
 .../platforms/snowflake/mappings}/__init__.py |   0
 .../snowflake/mappings/snowflake_cti.py       |   0
 .../platforms/snowflake/renders}/__init__.py  |   0
 .../snowflake/renders/snowflake_cti.py        |   8 +-
 .../translator/platforms/splunk}/__init__.py  |   0
 .../app/translator}/platforms/splunk/const.py |   2 +-
 .../platforms/splunk/functions/__init__.py    |   8 +
 .../translator}/platforms/splunk/mapping.py   |   2 +-
 .../platforms/splunk/mappings}/__init__.py    |   0
 .../platforms/splunk/mappings/splunk_cti.py   |   0
 .../platforms/splunk/parsers}/__init__.py     |   0
 .../platforms/splunk/parsers/splunk.py        |  12 +-
 .../platforms/splunk/parsers/splunk_alert.py  |   8 +-
 .../platforms/splunk/renders}/__init__.py     |   0
 .../platforms/splunk/renders/splunk.py        |  15 +-
 .../platforms/splunk/renders/splunk_alert.py  |  18 +--
 .../platforms/splunk/renders/splunk_cti.py    |   8 +-
 .../platforms/sumo_logic}/__init__.py         |   0
 .../translator}/platforms/sumo_logic/const.py |   0
 .../sumo_logic/mappings}/__init__.py          |   0
 .../sumo_logic/mappings/sumologic_cti.py      |   0
 .../platforms/sumo_logic/renders}/__init__.py |   0
 .../sumo_logic/renders/sumologic_cti.py       |   8 +-
 .../app/translator/tools}/__init__.py         |   0
 .../app/translator}/tools/const.py            |   0
 .../app/translator}/tools/custom_enum.py      |   0
 .../app/translator}/tools/decorators.py       |   8 +-
 .../app/translator}/tools/singleton_meta.py   |   0
 .../app/translator}/tools/utils.py            |   0
 .../app/translator/translator.py              |  10 +-
 {siem-converter => translator}/const.py       |   0
 .../requirements.txt                          |   0
 {siem-converter => translator}/server.py      |   0
 translator/settings.py                        |   4 +
 619 files changed, 1196 insertions(+), 905 deletions(-)
 delete mode 100644 siem-converter/app/converter/core/functions.py
 delete mode 100644 siem-converter/app/converter/core/models/functions/aggregation.py
 delete mode 100644 siem-converter/app/converter/core/models/functions/search.py
 delete mode 100644 siem-converter/app/converter/core/models/functions/sort.py
 delete mode 100644 siem-converter/app/converter/core/models/functions/table.py
 delete mode 100644 siem-converter/app/converter/core/models/functions/types.py
 delete mode 100644 siem-converter/app/converter/core/models/functions/union.py
 delete mode 100644 siem-converter/app/converter/core/models/functions/where.py
 delete mode 100644 siem-converter/app/converter/core/models/identifier.py
 delete mode 100644 siem-converter/app/converter/platforms/__init__.py
 delete mode 100644 siem-converter/app/converter/platforms/logscale/siem_functions/__init__.py
 delete mode 100644 siem-converter/app/converter/platforms/splunk/siem_functions/__init__.py
 rename {siem-converter => translator}/.gitignore (100%)
 rename {siem-converter => translator}/Dockerfile (100%)
 rename {siem-converter => translator}/app/__init__.py (100%)
 rename {siem-converter => translator}/app/dictionaries/uncoder_meta_info_roota.json (100%)
 rename {siem-converter => translator}/app/dictionaries/uncoder_meta_info_sigma.json (100%)
 rename {siem-converter/app/converter => translator/app/models}/__init__.py (100%)
 rename {siem-converter => translator}/app/models/ioc_translation.py (100%)
 rename {siem-converter => translator}/app/models/translation.py (100%)
 rename {siem-converter/app/converter/core => translator/app/routers}/__init__.py (100%)
 rename {siem-converter => translator}/app/routers/assistance.py (96%)
 rename {siem-converter => translator}/app/routers/ioc_translate.py (94%)
 rename {siem-converter => translator}/app/routers/translate.py (95%)
 rename {siem-converter/app/converter/core/custom_types => translator/app/translator}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/const.py (100%)
 rename {siem-converter/app/converter/core/exceptions => translator/app/translator/core}/__init__.py (100%)
 rename {siem-converter/app/converter/core/mixins => translator/app/translator/core/custom_types}/__init__.py (100%)
 create mode 100644 translator/app/translator/core/custom_types/functions.py
 rename {siem-converter/app/converter => translator/app/translator}/core/custom_types/tokens.py (87%)
 rename {siem-converter/app/converter/core/models => translator/app/translator/core/exceptions}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/core/exceptions/core.py (100%)
 create mode 100644 translator/app/translator/core/exceptions/functions.py
 rename {siem-converter/app/converter => translator/app/translator}/core/exceptions/iocs.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/core/exceptions/parser.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/core/exceptions/render.py (100%)
 create mode 100644 translator/app/translator/core/functions.py
 rename {siem-converter/app/converter => translator/app/translator}/core/mapping.py (98%)
 rename {siem-converter/app/converter => translator/app/translator}/core/mitre.py (98%)
 rename {siem-converter/app/converter/core/models/functions => translator/app/translator/core/mixins}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/core/mixins/logic.py (79%)
 rename {siem-converter/app/converter => translator/app/translator}/core/mixins/operator.py (95%)
 rename {siem-converter/app/converter => translator/app/translator}/core/mixins/rule.py (88%)
 rename {siem-converter/app/converter/mappings => translator/app/translator/core/models}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/core/models/field.py (82%)
 rename {siem-converter/app/converter/mappings/utils => translator/app/translator/core/models/functions}/__init__.py (100%)
 create mode 100644 translator/app/translator/core/models/functions/base.py
 create mode 100644 translator/app/translator/core/models/functions/sort.py
 create mode 100644 translator/app/translator/core/models/identifier.py
 rename {siem-converter/app/converter => translator/app/translator}/core/models/iocs.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/core/models/parser_output.py (92%)
 rename {siem-converter/app/converter => translator/app/translator}/core/models/platform_details.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/core/parser.py (67%)
 rename {siem-converter/app/converter => translator/app/translator}/core/parser_cti.py (96%)
 rename {siem-converter/app/converter => translator/app/translator}/core/render.py (82%)
 rename {siem-converter/app/converter => translator/app/translator}/core/render_cti.py (97%)
 rename {siem-converter/app/converter => translator/app/translator}/core/tokenizer.py (88%)
 rename siem-converter/app/converter/cti_converter.py => translator/app/translator/cti_translator.py (91%)
 rename {siem-converter/app/converter => translator/app/translator}/managers.py (85%)
 rename {siem-converter/app/converter/platforms/athena => translator/app/translator/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/aws_cloudtrail.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/linux_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/macos_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/windows_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/windows_registry_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/athena/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_create_remote_thread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_pipe_created.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_process_access.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_registry_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/chronicle/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/linux_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/linux_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/macos_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/windows_driver_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/windows_registry_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/crowdstrike/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/aws_cloudtrail.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/aws_eks.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/azure_AzureDiagnostics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/azure_BehaviorAnalytics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/azure_aadnoninteractiveusersigninlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/azure_azureactivity.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/azure_azuread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/azure_m365.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/azure_signinlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/dns.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/firewall.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/gcp_gcp.audit.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/gcp_pubsub.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/linux_auditd.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/linux_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/macos_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/okta_okta.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/proxy.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/webserver.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_bits_client.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_driver_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_ldap_debug.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_ntlm.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_powershell.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/elasticsearch/windows_wmi_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/aws_cloudtrail.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/aws_eks.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/azure_AzureDiagnostics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/azure_BehaviorAnalytics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/azure_aadnoninteractiveusersigninlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/azure_azureactivity.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/azure_azuread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/azure_m365.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/azure_signinlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/dns.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/firewall.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/gcp_gcp.audit.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/gcp_pubsub.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/linux_auditd.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/linux_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/macos_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/okta_okta.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/proxy.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/webserver.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_application.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_bits_client.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_create_remote_thread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_create_stream_hash.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_driver_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_ldap_debug.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_ntlm.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_pipe_created.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_powershell.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_process_access.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_raw_access_thread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_registry_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_system.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/logscale/windows_wmi_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/linux_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/linux_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/macos_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/windows_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/windows_registry_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_defender/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/aws_cloudtrail.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/aws_eks.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_AzureDiagnostics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_BehaviorAnalytics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_aadnoninteractiveusersigninlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_azureactivity.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_azuread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_m365.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_o365.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_office365.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/azure_signlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/linux_auidt.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/linux_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/linux_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/linux_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/macos_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/okta_okta.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_bits_client.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_driver_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_ldap_debug.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_ntlm.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_powershell.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_registry_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/microsoft_sentinel/windows_wmi_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/aws_cloudtrail.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/aws_eks.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/azure_AzureDiagnostics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/azure_BehaviorAnalytics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/azure_aadnoninteractiveusersigninlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/azure_azureactivity.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/azure_azuread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/azure_m365.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/azure_signinlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/dns.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/firewall.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/gcp_gcp.audit.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/gcp_pubsub.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/linux_auditd.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/linux_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/macos_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/okta_okta.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/proxy.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/webserver.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_bits_client.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_driver_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_ldap_debug.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_ntlm.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_powershell.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/opensearch/windows_wmi_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/aws_cloudtrail.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/aws_eks.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/azure_azureactivity.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/azure_azuread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/azure_m365.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/azure_signinlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/dns.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/firewall.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/gcp_gcp.audit.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/linux_auditd.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/linux_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/linux_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/linux_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/macos_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/macos_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/okta_okta.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/proxy.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/webserver.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_application.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_create_remote_thread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_create_stream_hash.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_driver_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_ldap_debug.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_ntlm.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_pipe_created.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_powershell.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_process_access.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_raw_access_thread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_registry_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_system.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/qradar/windows_wmi_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/aws_cloudtrail.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/aws_eks.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/azure_AzureDiagnostics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/azure_BehaviorAnalytics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/azure_aadnoninteractiveusersigninlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/azure_azureactivity.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/azure_azuread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/azure_m365.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/azure_signinlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/dns.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/firewall.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/gcp_gcp.audit.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/gcp_pubsub.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/linux_auditd.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/linux_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/linux_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/macos_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/okta_okta.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/proxy.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/webserver.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_bits_client.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_driver_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_ldap_debug.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_ntlm.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_powershell.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/sigma/windows_wmi_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/aws_cloudtrail.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/aws_eks.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/azure_AzureDiagnostics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/azure_BehaviorAnalytics.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/azure_aadnoninteractiveusersigninlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/azure_azureactivity.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/azure_azuread.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/azure_signinlogs.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/default.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/gcp_gcp.audit.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/gcp_pubsub.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_auditd.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_file_access.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_file_change.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_file_create.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_file_delete.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_file_rename.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/linux_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/macos_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/macos_file_access.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/macos_file_change.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/macos_file_delete.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/macos_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/macos_file_rename.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/macos_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/macos_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/okta_okta.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_bits_client.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_dns_query.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_driver_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_file_access.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_file_change.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_file_create.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_file_delete.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_file_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_file_rename.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_image_load.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_ldap_debug.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_network_connection.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_ntlm.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_powershell.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_process_creation.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_registry_event.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_security.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_sysmon.yml (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/platforms/splunk/windows_wmi_event.yml (100%)
 rename {siem-converter/app/converter/platforms/athena/mappings => translator/app/translator/mappings/utils}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/mappings/utils/load_from_files.py (94%)
 create mode 100644 translator/app/translator/platforms/__init__.py
 rename {siem-converter/app/converter/platforms/athena/parsers => translator/app/translator/platforms/athena}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/athena/const.py (79%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/athena/mapping.py (93%)
 rename {siem-converter/app/converter/platforms/athena/renders => translator/app/translator/platforms/athena/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/athena/mappings/athena_cti.py (100%)
 rename {siem-converter/app/converter/platforms/base => translator/app/translator/platforms/athena/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/athena/parsers/athena.py (83%)
 rename {siem-converter/app/converter/platforms/base/lucene => translator/app/translator/platforms/athena/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/athena/renders/athena.py (86%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/athena/renders/athena_cti.py (80%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/athena/tokenizer.py (93%)
 rename {siem-converter/app/converter/platforms/base/lucene/parsers => translator/app/translator/platforms/base}/__init__.py (100%)
 rename {siem-converter/app/converter/platforms/base/lucene/renders => translator/app/translator/platforms/base/lucene}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/base/lucene/mapping.py (93%)
 rename {siem-converter/app/converter/platforms/base/spl => translator/app/translator/platforms/base/lucene/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/base/lucene/parsers/lucene.py (92%)
 rename {siem-converter/app/converter/platforms/base/spl/parsers => translator/app/translator/platforms/base/lucene/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/base/lucene/renders/lucene.py (96%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/base/lucene/tokenizer.py (91%)
 rename {siem-converter/app/converter/platforms/base/spl/renders => translator/app/translator/platforms/base/spl}/__init__.py (100%)
 create mode 100644 translator/app/translator/platforms/base/spl/functions/__init__.py
 create mode 100644 translator/app/translator/platforms/base/spl/functions/const.py
 create mode 100644 translator/app/translator/platforms/base/spl/functions/manager.py
 rename {siem-converter/app/converter/platforms/carbonblack => translator/app/translator/platforms/base/spl/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/base/spl/parsers/spl.py (76%)
 rename {siem-converter/app/converter/platforms/carbonblack/mappings => translator/app/translator/platforms/base/spl/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/base/spl/renders/spl.py (93%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/base/spl/tokenizer.py (87%)
 rename {siem-converter/app/converter/platforms/carbonblack/renders => translator/app/translator/platforms/carbonblack}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/carbonblack/const.py (100%)
 rename {siem-converter/app/converter/platforms/chronicle => translator/app/translator/platforms/carbonblack/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/carbonblack/mappings/carbonblack_cti.py (100%)
 rename {siem-converter/app/converter/platforms/chronicle/mappings => translator/app/translator/platforms/carbonblack/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/carbonblack/renders/carbonblack_cti.py (78%)
 rename {siem-converter/app/converter/platforms/chronicle/parsers => translator/app/translator/platforms/chronicle}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/const.py (93%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/mapping.py (88%)
 rename {siem-converter/app/converter/platforms/chronicle/renders => translator/app/translator/platforms/chronicle/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/mappings/chronicle_cti.py (100%)
 rename {siem-converter/app/converter/platforms/crowdstrike => translator/app/translator/platforms/chronicle/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/parsers/chronicle.py (75%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/parsers/chronicle_rule.py (88%)
 rename {siem-converter/app/converter/platforms/crowdstrike/mappings => translator/app/translator/platforms/chronicle/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/renders/chronicle.py (81%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/renders/chronicle_cti.py (79%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/renders/chronicle_rule.py (88%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/chronicle/tokenizer.py (94%)
 rename {siem-converter/app/converter/platforms/crowdstrike/parsers => translator/app/translator/platforms/crowdstrike}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/crowdstrike/const.py (79%)
 create mode 100644 translator/app/translator/platforms/crowdstrike/functions/__init__.py
 rename {siem-converter/app/converter => translator/app/translator}/platforms/crowdstrike/mapping.py (93%)
 rename {siem-converter/app/converter/platforms/crowdstrike/renders => translator/app/translator/platforms/crowdstrike/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/crowdstrike/mappings/crowdstrike_cti.py (100%)
 rename {siem-converter/app/converter/platforms/elasticsearch => translator/app/translator/platforms/crowdstrike/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/crowdstrike/parsers/crowdstrike.py (68%)
 rename {siem-converter/app/converter/platforms/elasticsearch/mappings => translator/app/translator/platforms/crowdstrike/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/crowdstrike/renders/crowdstrike.py (64%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/crowdstrike/renders/crowdstrike_cti.py (78%)
 rename {siem-converter/app/converter/platforms/elasticsearch/parsers => translator/app/translator/platforms/elasticsearch}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/const.py (98%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/mapping.py (65%)
 rename {siem-converter/app/converter/platforms/elasticsearch/renders => translator/app/translator/platforms/elasticsearch/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/mappings/elasticsearch_cti_cti.py (100%)
 rename {siem-converter/app/converter/platforms/fireeye_helix => translator/app/translator/platforms/elasticsearch/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/parsers/detection_rule.py (83%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/parsers/elasticsearch.py (72%)
 rename {siem-converter/app/converter/platforms/fireeye_helix/mappings => translator/app/translator/platforms/elasticsearch/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/renders/detection_rule.py (82%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/renders/elast_alert.py (76%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/renders/elasticsearch.py (78%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/renders/elasticsearch_cti.py (77%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/renders/kibana.py (77%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/renders/xpack_watcher.py (80%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/elasticsearch/tokenizer.py (91%)
 rename {siem-converter/app/converter/platforms/fireeye_helix/renders => translator/app/translator/platforms/fireeye_helix}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/fireeye_helix/const.py (100%)
 rename {siem-converter/app/converter/platforms/graylog => translator/app/translator/platforms/fireeye_helix/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/fireeye_helix/mappings/fireeye_helix.py (100%)
 rename {siem-converter/app/converter/platforms/graylog/mappings => translator/app/translator/platforms/fireeye_helix/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/fireeye_helix/renders/fireeye_helix_cti.py (78%)
 rename {siem-converter/app/converter/platforms/graylog/renders => translator/app/translator/platforms/graylog}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/graylog/const.py (100%)
 rename {siem-converter/app/converter/platforms/logpoint => translator/app/translator/platforms/graylog/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/graylog/mappings/graylog_cti.py (100%)
 rename {siem-converter/app/converter/platforms/logpoint/mappings => translator/app/translator/platforms/graylog/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/graylog/renders/graylog_cti.py (80%)
 rename {siem-converter/app/converter/platforms/logpoint/renders => translator/app/translator/platforms/logpoint}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logpoint/const.py (100%)
 rename {siem-converter/app/converter/platforms/logscale => translator/app/translator/platforms/logpoint/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logpoint/mappings/logpoint_cti.py (100%)
 rename {siem-converter/app/converter/platforms/logscale/mappings => translator/app/translator/platforms/logpoint/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logpoint/renders/logpoint_cti.py (79%)
 rename {siem-converter/app/converter/platforms/logscale/parsers => translator/app/translator/platforms/logscale}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/const.py (91%)
 create mode 100644 translator/app/translator/platforms/logscale/functions/__init__.py
 create mode 100644 translator/app/translator/platforms/logscale/functions/const.py
 create mode 100644 translator/app/translator/platforms/logscale/functions/manager.py
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/mapping.py (62%)
 rename {siem-converter/app/converter/platforms/logscale/renders => translator/app/translator/platforms/logscale/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/mappings/logscale_cti.py (100%)
 rename {siem-converter/app/converter/platforms/microsoft => translator/app/translator/platforms/logscale/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/parsers/logscale.py (64%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/parsers/logscale_alert.py (84%)
 rename {siem-converter/app/converter/platforms/microsoft/mappings => translator/app/translator/platforms/logscale/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/renders/logscale.py (78%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/renders/logscale_alert.py (77%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/renders/logscale_cti.py (79%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/logscale/tokenizer.py (90%)
 rename {siem-converter/app/converter/platforms/microsoft/parsers => translator/app/translator/platforms/microsoft}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/const.py (95%)
 create mode 100644 translator/app/translator/platforms/microsoft/functions/__init__.py
 create mode 100644 translator/app/translator/platforms/microsoft/functions/const.py
 create mode 100644 translator/app/translator/platforms/microsoft/functions/manager.py
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/mapping.py (95%)
 rename {siem-converter/app/converter/platforms/microsoft/renders => translator/app/translator/platforms/microsoft/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/mappings/mdatp_cti.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/mappings/microsoft_sentinel_cti.py (100%)
 rename {siem-converter/app/converter/platforms/microsoft/siem_functions => translator/app/translator/platforms/microsoft/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/parsers/microsoft_defender.py (63%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/parsers/microsoft_sentinel.py (64%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/parsers/microsoft_sentinel_rule.py (81%)
 rename {siem-converter/app/converter/platforms/opensearch => translator/app/translator/platforms/microsoft/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/renders/microsoft_defender.py (68%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/renders/microsoft_defender_cti.py (83%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/renders/microsoft_sentinel.py (81%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/renders/microsoft_sentinel_cti.py (78%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/renders/microsoft_sentinel_rule.py (83%)
 rename {siem-converter/app/converter/platforms/opensearch/mappings => translator/app/translator/platforms/microsoft/siem_functions}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/siem_functions/base.py (87%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/microsoft/tokenizer.py (92%)
 rename {siem-converter/app/converter/platforms/opensearch/parsers => translator/app/translator/platforms/opensearch}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/opensearch/const.py (97%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/opensearch/mapping.py (63%)
 rename {siem-converter/app/converter/platforms/opensearch/renders => translator/app/translator/platforms/opensearch/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/opensearch/mappings/opensearch_cti.py (100%)
 rename {siem-converter/app/converter/platforms/qradar => translator/app/translator/platforms/opensearch/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/opensearch/parsers/opensearch.py (73%)
 rename {siem-converter/app/converter/platforms/qradar/mappings => translator/app/translator/platforms/opensearch/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/opensearch/renders/opensearch.py (87%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/opensearch/renders/opensearch_cti.py (79%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/opensearch/renders/opensearch_rule.py (78%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/opensearch/tokenizer.py (91%)
 rename {siem-converter/app/converter/platforms/qradar/parsers => translator/app/translator/platforms/qradar}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qradar/const.py (86%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qradar/mapping.py (96%)
 rename {siem-converter/app/converter/platforms/qradar/renders => translator/app/translator/platforms/qradar/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qradar/mappings/qradar_cti.py (100%)
 rename {siem-converter/app/converter/platforms/qualys => translator/app/translator/platforms/qradar/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qradar/parsers/qradar.py (91%)
 rename {siem-converter/app/converter/platforms/qualys/mappings => translator/app/translator/platforms/qradar/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qradar/renders/qradar.py (83%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qradar/renders/qradar_cti.py (81%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qradar/tokenizer.py (89%)
 rename {siem-converter/app/converter/platforms/qualys/renders => translator/app/translator/platforms/qualys}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qualys/const.py (100%)
 rename {siem-converter/app/converter/platforms/roota => translator/app/translator/platforms/qualys/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qualys/mappings/qualys_cti.py (100%)
 rename {siem-converter/app/converter/platforms/roota/parsers => translator/app/translator/platforms/qualys/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/qualys/renders/qualys_cti.py (80%)
 rename {siem-converter/app/converter/platforms/rsa_netwitness => translator/app/translator/platforms/roota}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/roota/mapping.py (94%)
 rename {siem-converter/app/converter/platforms/rsa_netwitness/mappings => translator/app/translator/platforms/roota/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/roota/parsers/roota.py (89%)
 rename {siem-converter/app/converter/platforms/rsa_netwitness/renders => translator/app/translator/platforms/rsa_netwitness}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/rsa_netwitness/const.py (100%)
 rename {siem-converter/app/converter/platforms/securonix => translator/app/translator/platforms/rsa_netwitness/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/rsa_netwitness/mappings/rsa_netwitness_cti.py (100%)
 rename {siem-converter/app/converter/platforms/securonix/mappings => translator/app/translator/platforms/rsa_netwitness/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py (78%)
 rename {siem-converter/app/converter/platforms/securonix/renders => translator/app/translator/platforms/securonix}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/securonix/const.py (100%)
 rename {siem-converter/app/converter/platforms/sentinel_one => translator/app/translator/platforms/securonix/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/securonix/mappings/securonix_cti.py (100%)
 rename {siem-converter/app/converter/platforms/sentinel_one/mappings => translator/app/translator/platforms/securonix/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/securonix/renders/securonix_cti.py (80%)
 rename {siem-converter/app/converter/platforms/sentinel_one/renders => translator/app/translator/platforms/sentinel_one}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sentinel_one/const.py (100%)
 rename {siem-converter/app/converter/platforms/sigma => translator/app/translator/platforms/sentinel_one/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sentinel_one/mappings/s1_cti.py (100%)
 rename {siem-converter/app/converter/platforms/sigma/models => translator/app/translator/platforms/sentinel_one/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sentinel_one/renders/s1_cti.py (79%)
 rename {siem-converter/app/converter/platforms/sigma/parsers => translator/app/translator/platforms/sigma}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/const.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/mapping.py (95%)
 rename {siem-converter/app/converter/platforms/sigma/renders => translator/app/translator/platforms/sigma/models}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/models/compiler.py (87%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/models/group.py (97%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/models/modifiers.py (94%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/models/operator.py (93%)
 rename {siem-converter/app/converter/platforms/snowflake => translator/app/translator/platforms/sigma/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/parsers/sigma.py (84%)
 rename {siem-converter/app/converter/platforms/snowflake/mappings => translator/app/translator/platforms/sigma/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/renders/sigma.py (91%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sigma/tokenizer.py (94%)
 rename {siem-converter/app/converter/platforms/snowflake/renders => translator/app/translator/platforms/snowflake}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/snowflake/const.py (100%)
 rename {siem-converter/app/converter/platforms/splunk => translator/app/translator/platforms/snowflake/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/snowflake/mappings/snowflake_cti.py (100%)
 rename {siem-converter/app/converter/platforms/splunk/mappings => translator/app/translator/platforms/snowflake/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/snowflake/renders/snowflake_cti.py (80%)
 rename {siem-converter/app/converter/platforms/splunk/parsers => translator/app/translator/platforms/splunk}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/splunk/const.py (94%)
 create mode 100644 translator/app/translator/platforms/splunk/functions/__init__.py
 rename {siem-converter/app/converter => translator/app/translator}/platforms/splunk/mapping.py (96%)
 rename {siem-converter/app/converter/platforms/splunk/renders => translator/app/translator/platforms/splunk/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/splunk/mappings/splunk_cti.py (100%)
 rename {siem-converter/app/converter/platforms/sumo_logic => translator/app/translator/platforms/splunk/parsers}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/splunk/parsers/splunk.py (71%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/splunk/parsers/splunk_alert.py (85%)
 rename {siem-converter/app/converter/platforms/sumo_logic/mappings => translator/app/translator/platforms/splunk/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/splunk/renders/splunk.py (64%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/splunk/renders/splunk_alert.py (83%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/splunk/renders/splunk_cti.py (80%)
 rename {siem-converter/app/converter/platforms/sumo_logic/renders => translator/app/translator/platforms/sumo_logic}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sumo_logic/const.py (100%)
 rename {siem-converter/app/converter/tools => translator/app/translator/platforms/sumo_logic/mappings}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sumo_logic/mappings/sumologic_cti.py (100%)
 rename {siem-converter/app/models => translator/app/translator/platforms/sumo_logic/renders}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/platforms/sumo_logic/renders/sumologic_cti.py (79%)
 rename {siem-converter/app/routers => translator/app/translator/tools}/__init__.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/tools/const.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/tools/custom_enum.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/tools/decorators.py (74%)
 rename {siem-converter/app/converter => translator/app/translator}/tools/singleton_meta.py (100%)
 rename {siem-converter/app/converter => translator/app/translator}/tools/utils.py (100%)
 rename siem-converter/app/converter/converter.py => translator/app/translator/translator.py (87%)
 rename {siem-converter => translator}/const.py (100%)
 rename {siem-converter => translator}/requirements.txt (100%)
 rename {siem-converter => translator}/server.py (100%)
 create mode 100644 translator/settings.py

diff --git a/docker-compose.yml b/docker-compose.yml
index 713c61cc..1c968d5d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,10 +9,10 @@ services:
       - HOST=0.0.0.0
     ports:
       - '4010:4010'
-  siem-converter:
+  translator:
     build:
-      context: './siem-converter/'
-    container_name: siem-converter
+      context: './translator/'
+    container_name: translator
     restart: always
     environment:
       - HOST=0.0.0.0
diff --git a/siem-converter/app/converter/core/functions.py b/siem-converter/app/converter/core/functions.py
deleted file mode 100644
index 1240fa76..00000000
--- a/siem-converter/app/converter/core/functions.py
+++ /dev/null
@@ -1,24 +0,0 @@
-from app.converter.core.models.functions.types import ParsedFunctions, NotSupportedFunction
-
-
-class Functions:
-    siem_type: str
-    parser_functions_map = {}
-    function_delimiter = "|"
-
-    def parse(self, query: str) -> ParsedFunctions:
-        result = []
-        not_supported = []
-        functions = query.split(self.function_delimiter)
-        for function in functions:
-            function_name = function.split(' ')[0]
-            if function_name in self.parser_functions_map:
-                pass
-            else:
-                not_supported.append(NotSupportedFunction(name=function_name, query=function))
-        return ParsedFunctions(not_supported=self.prepare_not_supported(not_supported), functions=result)
-
-    def prepare_not_supported(self, not_supported):
-        for n in range(len(not_supported)):
-            not_supported[n] = f'| {not_supported[n].query}'
-        return not_supported
diff --git a/siem-converter/app/converter/core/models/functions/aggregation.py b/siem-converter/app/converter/core/models/functions/aggregation.py
deleted file mode 100644
index 1f9acc8d..00000000
--- a/siem-converter/app/converter/core/models/functions/aggregation.py
+++ /dev/null
@@ -1,25 +0,0 @@
-from app.converter.core.models.functions.types import AggregationType
-
-
-class AggregationField:
-    def __init__(
-        self,
-        fieldname: str,
-        operation_type: AggregationType,
-        render_as: str = None
-    ):
-        self.fieldname = fieldname
-        self.operation_type = operation_type
-        self.render_as = render_as
-    
-    def __repr__(self):
-        base = f'{self.operation_type}:{self.fieldname}'
-        if self.render_as:
-            base += f' as {self.render_as}'
-        return base
-
-
-class AggregationExpression:
-    def __init__(self):
-        self.fields = []
-        self.group_by = []
diff --git a/siem-converter/app/converter/core/models/functions/search.py b/siem-converter/app/converter/core/models/functions/search.py
deleted file mode 100644
index 9ec484b9..00000000
--- a/siem-converter/app/converter/core/models/functions/search.py
+++ /dev/null
@@ -1,32 +0,0 @@
-from enum import Enum, auto
-
-from app.converter.core.models.functions.types import ComparsionType, ModifierType, OperatorType
-
-
-class SearchValueType(Enum):
-    ANY = auto()
-
-
-class SearchField:
-    def __init__(
-        self,
-        fieldname: str,
-        value: [str, SearchValueType],
-        operator: ComparsionType,
-        modifier: [None, ModifierType] = None,
-        case_sensitive: bool = False,
-        full_match: bool = False
-    ):
-        self.operator = operator
-        self.fieldname = fieldname
-        self.value = value
-        self.modifier = modifier
-        self.case_sensitive = case_sensitive
-        self.full_match = full_match
-
-
-class SearchExpression:
-    def __init__(self, operator: OperatorType, fields: list, case_sensitive: bool = False):
-        self.operator = operator
-        self.fields = fields
-        self.case_sensitive = case_sensitive
diff --git a/siem-converter/app/converter/core/models/functions/sort.py b/siem-converter/app/converter/core/models/functions/sort.py
deleted file mode 100644
index 4af2551f..00000000
--- a/siem-converter/app/converter/core/models/functions/sort.py
+++ /dev/null
@@ -1,33 +0,0 @@
-from enum import Enum, auto
-
-
-class SortTransformType(Enum):
-    INT = auto()
-    STRING = auto()
-
-
-class SortOrderType(Enum):
-    ASC = auto()
-    DESC = auto()
-
-
-class SortField:
-    def __init__(self, fieldname: str, order: SortOrderType = SortOrderType.ASC, transform_into: SortTransformType = None):
-        self.fieldname = fieldname
-        self.order = order
-        self.transform_into = transform_into
-
-
-class SortExpression:
-    def __init__(self, count: int = 10_000, order: str = SortOrderType.DESC):
-        self.count = count
-        self.order = order
-        self.fields = []
-        self.is_count_default = True
-
-    def set_count(self, value):
-        self.is_count_default = False
-        self.count = value
-
-    def is_default_count(self):
-        return self.is_count_default
diff --git a/siem-converter/app/converter/core/models/functions/table.py b/siem-converter/app/converter/core/models/functions/table.py
deleted file mode 100644
index d4647682..00000000
--- a/siem-converter/app/converter/core/models/functions/table.py
+++ /dev/null
@@ -1,13 +0,0 @@
-from app.converter.core.custom_types.tokens import OperatorType
-
-
-class TableField:
-    def __init__(self, fieldname: str, raw_fieldname: str, modifier: OperatorType = OperatorType.EQ):
-        self.fieldname = fieldname
-        self.raw_fieldname = raw_fieldname
-        self.modifier = modifier
-
-
-class TableExpression:
-    def __init__(self):
-        self.fields = []
diff --git a/siem-converter/app/converter/core/models/functions/types.py b/siem-converter/app/converter/core/models/functions/types.py
deleted file mode 100644
index d9c82214..00000000
--- a/siem-converter/app/converter/core/models/functions/types.py
+++ /dev/null
@@ -1,57 +0,0 @@
-from enum import Enum, auto
-from dataclasses import dataclass, field
-
-
-class ComparsionType(Enum):
-    EQUAL = auto()
-    ILIKE = auto()
-    NOT_EQUAL = auto()
-    GTE = auto()
-    LTE = auto()
-    GT = auto()
-    LT = auto()
-
-
-class ModifierType(Enum):
-    CONTAINS = auto()
-    STARTSWITH = auto()
-    ENDSWITH = auto()
-    REGEX = auto()
-    EQUAL = auto()
-
-
-class OperatorType(Enum):
-    AND = auto()
-    OR = auto()
-    NOT = auto()
-    XOR = auto()
-
-
-class AggregationType(Enum):
-    SUM = auto()
-    COUNT = auto()
-    AVG = auto()
-    MIN = auto()
-    MAX = auto()
-    MEDIAN = auto()
-    DISTINCT_COUNT = auto()
-    RANGE = auto()
-
-
-class NotSupportedFunction:
-    def __init__(self, name: str, query: str):
-        self.name = name
-        self.query = query
-
-
-class SubFunc:
-    def __init__(self, func_name: str, fieldname: str, values: list):
-        self.func_name = func_name
-        self.fieldname = fieldname
-        self.values = values
-
-
-@dataclass
-class ParsedFunctions:
-    functions: list = field(default_factory=list)
-    not_supported: list = field(default_factory=list)
diff --git a/siem-converter/app/converter/core/models/functions/union.py b/siem-converter/app/converter/core/models/functions/union.py
deleted file mode 100644
index 8dd029e1..00000000
--- a/siem-converter/app/converter/core/models/functions/union.py
+++ /dev/null
@@ -1,4 +0,0 @@
-class UnionExpression:
-    def __init__(self, fieldname: str, fields: list = []):
-        self.fieldname = fieldname
-        self.fields = fields
\ No newline at end of file
diff --git a/siem-converter/app/converter/core/models/functions/where.py b/siem-converter/app/converter/core/models/functions/where.py
deleted file mode 100644
index b69deaa2..00000000
--- a/siem-converter/app/converter/core/models/functions/where.py
+++ /dev/null
@@ -1,5 +0,0 @@
-from app.converter.core.models.functions.search import SearchExpression
-
-
-class WhereExpression(SearchExpression):
-    ...
diff --git a/siem-converter/app/converter/core/models/identifier.py b/siem-converter/app/converter/core/models/identifier.py
deleted file mode 100644
index aa0f6f28..00000000
--- a/siem-converter/app/converter/core/models/identifier.py
+++ /dev/null
@@ -1,19 +0,0 @@
-from dataclasses import dataclass
-
-from app.converter.core.custom_types.tokens import LogicalOperatorType, OperatorType, GroupType
-
-
-class _IdentifierTokenType(LogicalOperatorType, OperatorType, GroupType):
-    pass
-
-
-@dataclass
-class Identifier:
-    def __init__(self, *, token_type: str) -> None:
-        if token_type not in _IdentifierTokenType:
-            raise Exception(f"Unexpected token type: {token_type}")
-
-        self.token_type = token_type
-
-    def __repr__(self):
-        return f"{self.token_type}"
diff --git a/siem-converter/app/converter/platforms/__init__.py b/siem-converter/app/converter/platforms/__init__.py
deleted file mode 100644
index ea79cde2..00000000
--- a/siem-converter/app/converter/platforms/__init__.py
+++ /dev/null
@@ -1,122 +0,0 @@
-from app.converter.platforms.athena.parsers.athena import AthenaParser
-from app.converter.platforms.athena.renders.athena import AthenaQueryRender
-from app.converter.platforms.athena.renders.athena_cti import AthenaCTI
-from app.converter.platforms.carbonblack.renders.carbonblack_cti import CarbonBlackCTI
-from app.converter.platforms.chronicle.parsers.chronicle import ChronicleParser
-from app.converter.platforms.chronicle.parsers.chronicle_rule import ChronicleRuleParser
-from app.converter.platforms.chronicle.renders.chronicle import ChronicleQueryRender
-from app.converter.platforms.chronicle.renders.chronicle_cti import ChronicleQueryCTI
-from app.converter.platforms.chronicle.renders.chronicle_rule import ChronicleSecurityRuleRender
-from app.converter.platforms.crowdstrike.parsers.crowdstrike import CrowdStrikeParser
-from app.converter.platforms.crowdstrike.renders.crowdstrike import CrowdStrikeQueryRender
-from app.converter.platforms.crowdstrike.renders.crowdstrike_cti import CrowdStrikeCTI
-from app.converter.platforms.elasticsearch.parsers.detection_rule import ElasticSearchRuleParser
-from app.converter.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchParser
-from app.converter.platforms.elasticsearch.renders.detection_rule import ElasticSearchRuleRender
-from app.converter.platforms.elasticsearch.renders.elast_alert import ElastAlertRuleRender
-from app.converter.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender
-from app.converter.platforms.elasticsearch.renders.elasticsearch_cti import ElasticsearchCTI
-from app.converter.platforms.elasticsearch.renders.kibana import KibanaRuleRender
-from app.converter.platforms.elasticsearch.renders.xpack_watcher import XPackWatcherRuleRender
-from app.converter.platforms.fireeye_helix.renders.fireeye_helix_cti import FireeyeHelixCTI
-from app.converter.platforms.graylog.renders.graylog_cti import GraylogCTI
-from app.converter.platforms.logpoint.renders.logpoint_cti import LogpointCTI
-from app.converter.platforms.logscale.parsers.logscale import LogScaleParser
-from app.converter.platforms.logscale.parsers.logscale_alert import LogScaleAlertParser
-from app.converter.platforms.logscale.renders.logscale_cti import LogScaleCTI
-from app.converter.platforms.logscale.renders.logscale import LogScaleQueryRender
-from app.converter.platforms.logscale.renders.logscale_alert import LogScaleAlertRender
-from app.converter.platforms.microsoft.parsers.microsoft_defender import MicrosoftDefenderQueryParser
-from app.converter.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftParser
-from app.converter.platforms.microsoft.parsers.microsoft_sentinel_rule import MicrosoftRuleParser
-from app.converter.platforms.microsoft.renders.microsoft_defender import MicrosoftDefenderQueryRender
-from app.converter.platforms.microsoft.renders.microsoft_defender_cti import MicrosoftDefenderCTI
-from app.converter.platforms.microsoft.renders.microsoft_sentinel import MicrosoftSentinelQueryRender
-from app.converter.platforms.microsoft.renders.microsoft_sentinel_cti import MicrosoftSentinelCTI
-from app.converter.platforms.microsoft.renders.microsoft_sentinel_rule import MicrosoftSentinelRuleRender
-from app.converter.platforms.opensearch.parsers.opensearch import OpenSearchParser
-from app.converter.platforms.opensearch.renders.opensearch import OpenSearchQueryRender
-from app.converter.platforms.opensearch.renders.opensearch_cti import OpenSearchCTI
-from app.converter.platforms.opensearch.renders.opensearch_rule import OpenSearchRuleRender
-from app.converter.platforms.qradar.parsers.qradar import QradarParser
-from app.converter.platforms.qradar.renders.qradar import QradarQueryRender
-from app.converter.platforms.qradar.renders.qradar_cti import QRadarCTI
-from app.converter.platforms.qualys.renders.qualys_cti import QualysCTI
-from app.converter.platforms.rsa_netwitness.renders.rsa_netwitness_cti import RSANetwitnessCTI
-from app.converter.platforms.securonix.renders.securonix_cti import SecuronixCTI
-from app.converter.platforms.sentinel_one.renders.s1_cti import S1EventsCTI
-from app.converter.platforms.sigma.parsers.sigma import SigmaParser
-from app.converter.platforms.sigma.renders.sigma import SigmaRender
-from app.converter.platforms.snowflake.renders.snowflake_cti import SnowflakeCTI
-from app.converter.platforms.splunk.parsers.splunk import SplunkParser
-from app.converter.platforms.splunk.parsers.splunk_alert import SplunkAlertParser
-from app.converter.platforms.splunk.renders.splunk import SplunkQueryRender
-from app.converter.platforms.splunk.renders.splunk_alert import SplunkAlertRender
-from app.converter.platforms.splunk.renders.splunk_cti import SplunkCTI
-from app.converter.platforms.sumo_logic.renders.sumologic_cti import SumologicCTI
-
-__ALL_RENDERS = (
-    SigmaRender(),
-    MicrosoftSentinelQueryRender(),
-    MicrosoftSentinelRuleRender(),
-    MicrosoftDefenderQueryRender(),
-    QradarQueryRender(),
-    CrowdStrikeQueryRender(),
-    SplunkQueryRender(),
-    SplunkAlertRender(),
-    ChronicleQueryRender(),
-    ChronicleSecurityRuleRender(),
-    AthenaQueryRender(),
-    ElasticSearchQueryRender(),
-    LogScaleQueryRender(),
-    LogScaleAlertRender(),
-    ElasticSearchRuleRender(),
-    ElastAlertRuleRender(),
-    KibanaRuleRender(),
-    XPackWatcherRuleRender(),
-    OpenSearchQueryRender(),
-    OpenSearchRuleRender()
-)
-
-__ALL_PARSERS = (
-    AthenaParser(),
-    ChronicleParser(),
-    ChronicleRuleParser(),
-    SplunkParser(),
-    SplunkAlertParser(),
-    SigmaParser(),
-    QradarParser(),
-    MicrosoftParser(),
-    MicrosoftRuleParser(),
-    MicrosoftDefenderQueryParser(),
-    CrowdStrikeParser(),
-    LogScaleParser(),
-    LogScaleAlertParser(),
-    ElasticSearchParser(),
-    ElasticSearchRuleParser(),
-    OpenSearchParser()
-)
-
-
-__ALL_RENDERS_CTI = (
-        MicrosoftSentinelCTI(),
-        MicrosoftDefenderCTI(),
-        QRadarCTI(),
-        SplunkCTI(),
-        ChronicleQueryCTI(),
-        CrowdStrikeCTI(),
-        SumologicCTI(),
-        ElasticsearchCTI(),
-        LogScaleCTI(),
-        OpenSearchCTI(),
-        FireeyeHelixCTI(),
-        CarbonBlackCTI(),
-        GraylogCTI(),
-        LogpointCTI(),
-        QualysCTI(),
-        RSANetwitnessCTI(),
-        S1EventsCTI(),
-        SecuronixCTI(),
-        SnowflakeCTI(),
-        AthenaCTI()
-)
diff --git a/siem-converter/app/converter/platforms/logscale/siem_functions/__init__.py b/siem-converter/app/converter/platforms/logscale/siem_functions/__init__.py
deleted file mode 100644
index 260d5961..00000000
--- a/siem-converter/app/converter/platforms/logscale/siem_functions/__init__.py
+++ /dev/null
@@ -1,29 +0,0 @@
-from typing import List
-
-from app.converter.core.functions import Functions, ParsedFunctions, NotSupportedFunction
-import re
-
-
-class LogScaleQueryFunctions(Functions):
-    siem_type = 'humio'
-    functions_classes = []
-
-    def prepare_not_supported(self, not_supported: List[NotSupportedFunction]) -> list:
-        for n in range(len(not_supported)):
-            not_supported[n] = f'| {not_supported[n].query}'
-        return not_supported
-
-    def parse(self, query: str) -> ParsedFunctions:
-        result = []
-        not_supported = []
-        functions = query.split(self.function_delimiter)
-        query_result = []
-        for i in range(len(functions)):
-            if func_match := re.search('(\w+)\(([^)]+)\)', functions[i]):
-                func_name = func_match.group().split('(')[0]
-                for func in functions[i:]:
-                    not_supported.append(NotSupportedFunction(name=func_name, query=func))
-                return ParsedFunctions(not_supported=self.prepare_not_supported(not_supported), functions=result), query_result
-            else:
-                query_result.append(functions[i])
-        return ParsedFunctions(not_supported=self.prepare_not_supported(not_supported), functions=result), query_result
\ No newline at end of file
diff --git a/siem-converter/app/converter/platforms/splunk/siem_functions/__init__.py b/siem-converter/app/converter/platforms/splunk/siem_functions/__init__.py
deleted file mode 100644
index 9c2a73c7..00000000
--- a/siem-converter/app/converter/platforms/splunk/siem_functions/__init__.py
+++ /dev/null
@@ -1,7 +0,0 @@
-from app.converter.core.functions import Functions
-
-
-class SplunkFunctions(Functions):
-    siem_type = 'splunk'
-    functions_classes = []
-
diff --git a/siem-converter/.gitignore b/translator/.gitignore
similarity index 100%
rename from siem-converter/.gitignore
rename to translator/.gitignore
diff --git a/siem-converter/Dockerfile b/translator/Dockerfile
similarity index 100%
rename from siem-converter/Dockerfile
rename to translator/Dockerfile
diff --git a/siem-converter/app/__init__.py b/translator/app/__init__.py
similarity index 100%
rename from siem-converter/app/__init__.py
rename to translator/app/__init__.py
diff --git a/siem-converter/app/dictionaries/uncoder_meta_info_roota.json b/translator/app/dictionaries/uncoder_meta_info_roota.json
similarity index 100%
rename from siem-converter/app/dictionaries/uncoder_meta_info_roota.json
rename to translator/app/dictionaries/uncoder_meta_info_roota.json
diff --git a/siem-converter/app/dictionaries/uncoder_meta_info_sigma.json b/translator/app/dictionaries/uncoder_meta_info_sigma.json
similarity index 100%
rename from siem-converter/app/dictionaries/uncoder_meta_info_sigma.json
rename to translator/app/dictionaries/uncoder_meta_info_sigma.json
diff --git a/siem-converter/app/converter/__init__.py b/translator/app/models/__init__.py
similarity index 100%
rename from siem-converter/app/converter/__init__.py
rename to translator/app/models/__init__.py
diff --git a/siem-converter/app/models/ioc_translation.py b/translator/app/models/ioc_translation.py
similarity index 100%
rename from siem-converter/app/models/ioc_translation.py
rename to translator/app/models/ioc_translation.py
diff --git a/siem-converter/app/models/translation.py b/translator/app/models/translation.py
similarity index 100%
rename from siem-converter/app/models/translation.py
rename to translator/app/models/translation.py
diff --git a/siem-converter/app/converter/core/__init__.py b/translator/app/routers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/core/__init__.py
rename to translator/app/routers/__init__.py
diff --git a/siem-converter/app/routers/assistance.py b/translator/app/routers/assistance.py
similarity index 96%
rename from siem-converter/app/routers/assistance.py
rename to translator/app/routers/assistance.py
index 1e4bac75..cefb7816 100644
--- a/siem-converter/app/routers/assistance.py
+++ b/translator/app/routers/assistance.py
@@ -10,7 +10,7 @@
 
 from const import ROOT_PROJECT_PATH
 
-from app.converter.core.mitre import MitreConfig
+from app.translator.core.mitre import MitreConfig
 
 assistance_router = APIRouter()
 
diff --git a/siem-converter/app/routers/ioc_translate.py b/translator/app/routers/ioc_translate.py
similarity index 94%
rename from siem-converter/app/routers/ioc_translate.py
rename to translator/app/routers/ioc_translate.py
index d7f151fa..f8f80ed1 100644
--- a/siem-converter/app/routers/ioc_translate.py
+++ b/translator/app/routers/ioc_translate.py
@@ -1,8 +1,8 @@
 from typing import Optional, List
 from fastapi import APIRouter, Body
 
-from app.converter.tools.const import IOCType, HashType, IocParsingRule
-from app.converter.cti_converter import CTIConverter
+from app.translator.tools.const import IOCType, HashType, IocParsingRule
+from app.translator.cti_translator import CTIConverter
 from app.models.ioc_translation import CTIPlatform, OneTranslationCTIData
 from app.models.translation import InfoMessage
 
diff --git a/siem-converter/app/routers/translate.py b/translator/app/routers/translate.py
similarity index 95%
rename from siem-converter/app/routers/translate.py
rename to translator/app/routers/translate.py
index 0fd21f6f..3901968f 100644
--- a/siem-converter/app/routers/translate.py
+++ b/translator/app/routers/translate.py
@@ -1,7 +1,7 @@
 from fastapi import APIRouter, Body
 
-from app.converter.converter import SiemConverter
-from app.converter.cti_converter import CTIConverter
+from app.translator.translator import SiemConverter
+from app.translator.cti_translator import CTIConverter
 from app.models.translation import OneTranslationData, ConvertorPlatforms, Platform, InfoMessage
 
 st_router = APIRouter()
@@ -76,7 +76,7 @@ def generate_all_translations(
 @st_router.get(
     "/platforms",
     tags=["siem_translate"],
-    description="Get converter platforms",
+    description="Get translator platforms",
 )
 @st_router.get("/platforms/", include_in_schema=False)
 def get_convertor_platforms() -> ConvertorPlatforms:
diff --git a/siem-converter/app/converter/core/custom_types/__init__.py b/translator/app/translator/__init__.py
similarity index 100%
rename from siem-converter/app/converter/core/custom_types/__init__.py
rename to translator/app/translator/__init__.py
diff --git a/siem-converter/app/converter/const.py b/translator/app/translator/const.py
similarity index 100%
rename from siem-converter/app/converter/const.py
rename to translator/app/translator/const.py
diff --git a/siem-converter/app/converter/core/exceptions/__init__.py b/translator/app/translator/core/__init__.py
similarity index 100%
rename from siem-converter/app/converter/core/exceptions/__init__.py
rename to translator/app/translator/core/__init__.py
diff --git a/siem-converter/app/converter/core/mixins/__init__.py b/translator/app/translator/core/custom_types/__init__.py
similarity index 100%
rename from siem-converter/app/converter/core/mixins/__init__.py
rename to translator/app/translator/core/custom_types/__init__.py
diff --git a/translator/app/translator/core/custom_types/functions.py b/translator/app/translator/core/custom_types/functions.py
new file mode 100644
index 00000000..bc511a77
--- /dev/null
+++ b/translator/app/translator/core/custom_types/functions.py
@@ -0,0 +1,13 @@
+from app.translator.tools.custom_enum import CustomEnum
+
+
+class FunctionType(CustomEnum):
+    avg = "avg"
+    count = "count"
+    max = "max"
+    min = "min"
+    search = "search"
+    sort = "sort"
+    stats = "stats"
+    sum = "sum"
+    table = "table"
diff --git a/siem-converter/app/converter/core/custom_types/tokens.py b/translator/app/translator/core/custom_types/tokens.py
similarity index 87%
rename from siem-converter/app/converter/core/custom_types/tokens.py
rename to translator/app/translator/core/custom_types/tokens.py
index 74206dca..217a7c7c 100644
--- a/siem-converter/app/converter/core/custom_types/tokens.py
+++ b/translator/app/translator/core/custom_types/tokens.py
@@ -1,4 +1,4 @@
-from app.converter.tools.custom_enum import CustomEnum
+from app.translator.tools.custom_enum import CustomEnum
 
 
 class LogicalOperatorType(CustomEnum):
diff --git a/siem-converter/app/converter/core/models/__init__.py b/translator/app/translator/core/exceptions/__init__.py
similarity index 100%
rename from siem-converter/app/converter/core/models/__init__.py
rename to translator/app/translator/core/exceptions/__init__.py
diff --git a/siem-converter/app/converter/core/exceptions/core.py b/translator/app/translator/core/exceptions/core.py
similarity index 100%
rename from siem-converter/app/converter/core/exceptions/core.py
rename to translator/app/translator/core/exceptions/core.py
diff --git a/translator/app/translator/core/exceptions/functions.py b/translator/app/translator/core/exceptions/functions.py
new file mode 100644
index 00000000..17a956d3
--- /dev/null
+++ b/translator/app/translator/core/exceptions/functions.py
@@ -0,0 +1,14 @@
+class BaseFunctionException(Exception):
+    ...
+
+
+class InternalFunctionException(Exception):
+    pass
+
+
+class NotSupportedFunctionException(InternalFunctionException):
+    pass
+
+
+class InvalidFunctionSignature(InternalFunctionException):
+    pass
diff --git a/siem-converter/app/converter/core/exceptions/iocs.py b/translator/app/translator/core/exceptions/iocs.py
similarity index 100%
rename from siem-converter/app/converter/core/exceptions/iocs.py
rename to translator/app/translator/core/exceptions/iocs.py
diff --git a/siem-converter/app/converter/core/exceptions/parser.py b/translator/app/translator/core/exceptions/parser.py
similarity index 100%
rename from siem-converter/app/converter/core/exceptions/parser.py
rename to translator/app/translator/core/exceptions/parser.py
diff --git a/siem-converter/app/converter/core/exceptions/render.py b/translator/app/translator/core/exceptions/render.py
similarity index 100%
rename from siem-converter/app/converter/core/exceptions/render.py
rename to translator/app/translator/core/exceptions/render.py
diff --git a/translator/app/translator/core/functions.py b/translator/app/translator/core/functions.py
new file mode 100644
index 00000000..0ebae670
--- /dev/null
+++ b/translator/app/translator/core/functions.py
@@ -0,0 +1,138 @@
+"""
+Uncoder IO Commercial Edition License
+-----------------------------------------------------------------
+Copyright (c) 2023 SOC Prime, Inc.
+
+This file is part of the Uncoder IO Commercial Edition ("CE") and is
+licensed under the Uncoder IO Non-Commercial License (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://github.com/UncoderIO/UncoderIO/blob/main/LICENSE
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-----------------------------------------------------------------
+"""
+
+from __future__ import annotations
+
+from abc import ABC, abstractmethod
+from functools import cached_property
+from typing import Dict, List, TYPE_CHECKING, Optional
+
+from app.translator.core.exceptions.functions import NotSupportedFunctionException, InvalidFunctionSignature
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.field import Field
+from app.translator.core.models.functions.base import Function, ParsedFunctions
+from app.translator.core.tokenizer import BaseTokenizer
+from settings import INIT_FUNCTIONS
+
+if TYPE_CHECKING:
+    from app.translator.core.render import BaseQueryRender
+
+
+class FunctionParser(ABC):
+    tokenizer: BaseTokenizer = None
+
+    @abstractmethod
+    def parse(self, func_body: str) -> Function:
+        raise NotImplementedError()
+
+
+class FunctionRender(ABC):
+
+    @abstractmethod
+    def render(self, function: Function, source_mapping: SourceMapping) -> str:
+        raise NotImplementedError()
+
+    @staticmethod
+    def concat_kwargs(kwargs: Dict[str, str]) -> str:
+        result = ""
+        for key, value in kwargs.items():
+            if value:
+                result = f"{result}, {key}={value}" if result else f"{key}={value}"
+
+        return result
+
+    @staticmethod
+    def map_field(field: Field, source_mapping: SourceMapping) -> str:
+        generic_field_name = field.generic_names_map[source_mapping.source_id]
+        mapped_field = source_mapping.fields_mapping.get_platform_field_name(generic_field_name=generic_field_name)
+        if isinstance(mapped_field, list):
+            mapped_field = mapped_field[0]
+
+        return mapped_field if mapped_field else field.source_name
+
+
+class PlatformFunctionsManager(ABC):
+    _parsers_map: Dict[str, FunctionParser] = {}
+    _renders_map: Dict[str, FunctionRender] = {}
+    _names_map: Dict[str, str] = {}
+
+    @abstractmethod
+    def init_search_func_render(self, platform_render: BaseQueryRender) -> None:
+        raise NotImplementedError()
+
+    @cached_property
+    def _inverted_names_map(self) -> Dict[str, str]:
+        return {value: key for key, value in self._names_map.items()}
+
+    def get_parser(self, func_name: str) -> Optional[FunctionParser]:
+        if INIT_FUNCTIONS:
+            return self._parsers_map.get(func_name)
+
+    def get_render(self, func_name: str) -> Optional[FunctionRender]:
+        if INIT_FUNCTIONS:
+            return self._renders_map.get(func_name)
+
+    def get_generic_func_name(self, platform_func_name: str) -> Optional[str]:
+        if INIT_FUNCTIONS:
+            return self._names_map.get(platform_func_name)
+
+    def get_platform_func_name(self, generic_func_name: str) -> Optional[str]:
+        if INIT_FUNCTIONS:
+            return self._inverted_names_map.get(generic_func_name)
+
+
+class PlatformFunctions:
+    manager: PlatformFunctionsManager = None
+    function_delimiter = "|"
+
+    def parse(self, query: str) -> ParsedFunctions:
+        parsed = []
+        not_supported = []
+        invalid = []
+        functions = query.split(self.function_delimiter)
+        for func in functions:
+            split_func = func.strip().split(' ')
+            func_name, func_body = split_func[0], " ".join(split_func[1:])
+            if func_parser := self.manager.get_parser(self.manager.get_generic_func_name(func_name)):
+                try:
+                    parsed.append(func_parser.parse(func_body))
+                except NotSupportedFunctionException:
+                    not_supported.append(func)
+                except InvalidFunctionSignature:
+                    invalid.append(func)
+            else:
+                not_supported.append(func)
+        return ParsedFunctions(
+            functions=parsed,
+            not_supported=[self.wrap_function_with_delimiter(func) for func in not_supported],
+            invalid=invalid
+        )
+
+    def render(self, functions: List[Function], source_mapping: SourceMapping) -> str:
+        result = ""
+        for func in functions:
+            if not (func_render := self.manager.get_render(func.name)):
+                raise NotImplementedError()
+
+            func_str = self.wrap_function_with_delimiter(func_render.render(func, source_mapping))
+            result = f"{result} {func_str}" if result else func_str
+
+        return result
+
+    def wrap_function_with_delimiter(self, func: str) -> str:
+        return f" {self.function_delimiter} {func}"
diff --git a/siem-converter/app/converter/core/mapping.py b/translator/app/translator/core/mapping.py
similarity index 98%
rename from siem-converter/app/converter/core/mapping.py
rename to translator/app/translator/core/mapping.py
index f9d281a2..e3e9f72a 100644
--- a/siem-converter/app/converter/core/mapping.py
+++ b/translator/app/translator/core/mapping.py
@@ -3,7 +3,7 @@
 from abc import ABC, abstractmethod
 from typing import List, Dict, Optional, TypeVar
 
-from app.converter.mappings.utils.load_from_files import LoaderFileMappings
+from app.translator.mappings.utils.load_from_files import LoaderFileMappings
 
 
 DEFAULT_MAPPING_NAME = "default"
diff --git a/siem-converter/app/converter/core/mitre.py b/translator/app/translator/core/mitre.py
similarity index 98%
rename from siem-converter/app/converter/core/mitre.py
rename to translator/app/translator/core/mitre.py
index 262950b4..d17de8bc 100644
--- a/siem-converter/app/converter/core/mitre.py
+++ b/translator/app/translator/core/mitre.py
@@ -4,7 +4,7 @@
 import ssl
 from urllib.error import HTTPError
 
-from app.converter.tools.singleton_meta import SingletonMeta
+from app.translator.tools.singleton_meta import SingletonMeta
 from const import ROOT_PROJECT_PATH
 
 
diff --git a/siem-converter/app/converter/core/models/functions/__init__.py b/translator/app/translator/core/mixins/__init__.py
similarity index 100%
rename from siem-converter/app/converter/core/models/functions/__init__.py
rename to translator/app/translator/core/mixins/__init__.py
diff --git a/siem-converter/app/converter/core/mixins/logic.py b/translator/app/translator/core/mixins/logic.py
similarity index 79%
rename from siem-converter/app/converter/core/mixins/logic.py
rename to translator/app/translator/core/mixins/logic.py
index 84b26a8e..cf9f959a 100644
--- a/siem-converter/app/converter/core/mixins/logic.py
+++ b/translator/app/translator/core/mixins/logic.py
@@ -1,8 +1,8 @@
 from typing import List, Union
 
-from app.converter.core.models.field import Field, Keyword
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.custom_types.tokens import LogicalOperatorType, GroupType
+from app.translator.core.models.field import Field, Keyword
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.custom_types.tokens import LogicalOperatorType, GroupType
 
 
 class ANDLogicOperatorMixin:
@@ -18,7 +18,7 @@ def get_missed_and_token_indices(tokens: List[Union[Field, Keyword, Identifier]]
                                     next_token.token_type in LogicalOperatorType
                                     or next_token.token_type == GroupType.R_PAREN))):
                 missed_and_indices.append(index + 1)
-        return reversed(missed_and_indices)
+        return list(reversed(missed_and_indices))
 
     def add_and_token_if_missed(self, tokens: List[Union[Field, Keyword, Identifier]]) -> List[Union[Field, Keyword, Identifier]]:
         indices = self.get_missed_and_token_indices(tokens=tokens)
diff --git a/siem-converter/app/converter/core/mixins/operator.py b/translator/app/translator/core/mixins/operator.py
similarity index 95%
rename from siem-converter/app/converter/core/mixins/operator.py
rename to translator/app/translator/core/mixins/operator.py
index fca93a97..9e415ae5 100644
--- a/siem-converter/app/converter/core/mixins/operator.py
+++ b/translator/app/translator/core/mixins/operator.py
@@ -18,8 +18,8 @@
 
 from typing import Union, List, Tuple
 
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.custom_types.tokens import OperatorType
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.custom_types.tokens import OperatorType
 
 
 class WildCardMixin:
diff --git a/siem-converter/app/converter/core/mixins/rule.py b/translator/app/translator/core/mixins/rule.py
similarity index 88%
rename from siem-converter/app/converter/core/mixins/rule.py
rename to translator/app/translator/core/mixins/rule.py
index 4c6191f8..1d4a6f7e 100644
--- a/siem-converter/app/converter/core/mixins/rule.py
+++ b/translator/app/translator/core/mixins/rule.py
@@ -3,8 +3,8 @@
 
 import yaml
 
-from app.converter.core.exceptions.core import InvalidYamlStructure, InvalidJSONStructure
-from app.converter.core.mitre import MitreConfig
+from app.translator.core.exceptions.core import InvalidYamlStructure, InvalidJSONStructure
+from app.translator.core.mitre import MitreConfig
 
 
 class JsonRuleMixin:
diff --git a/siem-converter/app/converter/mappings/__init__.py b/translator/app/translator/core/models/__init__.py
similarity index 100%
rename from siem-converter/app/converter/mappings/__init__.py
rename to translator/app/translator/core/models/__init__.py
diff --git a/siem-converter/app/converter/core/models/field.py b/translator/app/translator/core/models/field.py
similarity index 82%
rename from siem-converter/app/converter/core/models/field.py
rename to translator/app/translator/core/models/field.py
index 61864ee0..57cafcb0 100644
--- a/siem-converter/app/converter/core/models/field.py
+++ b/translator/app/translator/core/models/field.py
@@ -1,12 +1,11 @@
-from typing import Union, List
+from typing import Union, Optional
 
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.custom_types.tokens import OperatorType
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.custom_types.tokens import OperatorType
 
 
 class Field:
-    def __init__(self, operator: Identifier, source_name: str, value: Union[int, str, list, tuple]):
+    def __init__(self, source_name: str, operator: Identifier = None, value: Union[int, str, list, tuple] = None):
         self.operator = operator
         self.values = []
         self.__add_value(value)
@@ -19,7 +18,7 @@ def value(self):
             return self.values[0]
         return self.values
 
-    def __add_value(self, value: Union[int, str, list, tuple]):
+    def __add_value(self, value: Optional[Union[int, str, list, tuple]]):
         if value and isinstance(value, (list, tuple)):
             self.values.extend(value)
         elif value and isinstance(value, str) and value.isnumeric():
@@ -31,7 +30,10 @@ def __add__(self, other):
         self.values.append(other)
 
     def __repr__(self):
-        return f"{self.source_name} {self.operator.token_type} {self.values}"
+        if self.operator:
+            return f"{self.source_name} {self.operator.token_type} {self.values}"
+
+        return f"{self.source_name}"
 
     def __eq__(self, other):
         if isinstance(other, Field):
diff --git a/siem-converter/app/converter/mappings/utils/__init__.py b/translator/app/translator/core/models/functions/__init__.py
similarity index 100%
rename from siem-converter/app/converter/mappings/utils/__init__.py
rename to translator/app/translator/core/models/functions/__init__.py
diff --git a/translator/app/translator/core/models/functions/base.py b/translator/app/translator/core/models/functions/base.py
new file mode 100644
index 00000000..8fa70f10
--- /dev/null
+++ b/translator/app/translator/core/models/functions/base.py
@@ -0,0 +1,22 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, field
+from typing import List, Union
+
+from app.translator.core.models.field import Field, Keyword
+from app.translator.core.models.identifier import Identifier
+
+
+@dataclass
+class Function:
+    name: str = None
+    args: List[Union[Field, Keyword, Function, Identifier]] = field(default_factory=list)
+    as_clause: str = None
+    by_clauses: List[Field] = field(default_factory=list)
+
+
+@dataclass
+class ParsedFunctions:
+    functions: List[Function] = field(default_factory=list)
+    not_supported: List[str] = field(default_factory=list)
+    invalid: List[str] = field(default_factory=list)
diff --git a/translator/app/translator/core/models/functions/sort.py b/translator/app/translator/core/models/functions/sort.py
new file mode 100644
index 00000000..b001173b
--- /dev/null
+++ b/translator/app/translator/core/models/functions/sort.py
@@ -0,0 +1,25 @@
+from dataclasses import dataclass
+from typing import List
+
+from app.translator.core.custom_types.functions import FunctionType
+from app.translator.core.models.field import Field
+from app.translator.core.models.functions.base import Function
+from app.translator.tools.custom_enum import CustomEnum
+
+
+class SortOrder(CustomEnum):
+    asc = "asc"
+    desc = "desc"
+
+
+@dataclass
+class SortArg:
+    field: Field = None
+    sort_order: str = SortOrder.asc
+
+
+@dataclass
+class SortFunction(Function):
+    name: str = FunctionType.sort
+    args: List[SortArg] = None
+    limit: str = None
diff --git a/translator/app/translator/core/models/identifier.py b/translator/app/translator/core/models/identifier.py
new file mode 100644
index 00000000..73a76d5c
--- /dev/null
+++ b/translator/app/translator/core/models/identifier.py
@@ -0,0 +1,18 @@
+from app.translator.core.custom_types.tokens import LogicalOperatorType, OperatorType, GroupType
+
+
+class _IdentifierTokenType(LogicalOperatorType, GroupType, OperatorType):
+    pass
+
+
+class Identifier:
+    valid_token_types = _IdentifierTokenType
+
+    def __init__(self, *, token_type: str) -> None:
+        if token_type not in self.valid_token_types:
+            raise Exception(f"Unexpected token type: {token_type}")
+
+        self.token_type = token_type
+
+    def __repr__(self):
+        return f"{self.token_type}"
diff --git a/siem-converter/app/converter/core/models/iocs.py b/translator/app/translator/core/models/iocs.py
similarity index 100%
rename from siem-converter/app/converter/core/models/iocs.py
rename to translator/app/translator/core/models/iocs.py
diff --git a/siem-converter/app/converter/core/models/parser_output.py b/translator/app/translator/core/models/parser_output.py
similarity index 92%
rename from siem-converter/app/converter/core/models/parser_output.py
rename to translator/app/translator/core/models/parser_output.py
index 7d9f283f..07fdf4ab 100644
--- a/siem-converter/app/converter/core/models/parser_output.py
+++ b/translator/app/translator/core/models/parser_output.py
@@ -3,8 +3,8 @@
 from datetime import datetime
 from typing import List
 
-from app.converter.core.mapping import DEFAULT_MAPPING_NAME
-from app.converter.core.models.functions.types import ParsedFunctions
+from app.translator.core.mapping import DEFAULT_MAPPING_NAME
+from app.translator.core.models.functions.base import ParsedFunctions
 
 
 class MetaInfoContainer:
diff --git a/siem-converter/app/converter/core/models/platform_details.py b/translator/app/translator/core/models/platform_details.py
similarity index 100%
rename from siem-converter/app/converter/core/models/platform_details.py
rename to translator/app/translator/core/models/platform_details.py
diff --git a/siem-converter/app/converter/core/parser.py b/translator/app/translator/core/parser.py
similarity index 67%
rename from siem-converter/app/converter/core/parser.py
rename to translator/app/translator/core/parser.py
index 08d8b143..c80002ae 100644
--- a/siem-converter/app/converter/core/parser.py
+++ b/translator/app/translator/core/parser.py
@@ -19,18 +19,21 @@
 from abc import ABC, abstractmethod
 from typing import Dict, List, Tuple
 
-from app.converter.core.mapping import BasePlatformMappings, SourceMapping
-from app.converter.core.models.field import Field
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
-from app.converter.core.tokenizer import QueryTokenizer, TOKEN_TYPE
-from app.converter.core.exceptions.parser import TokenizerGeneralException
+from app.translator.core.functions import PlatformFunctions
+from app.translator.core.mapping import BasePlatformMappings, SourceMapping
+from app.translator.core.models.field import Field
+from app.translator.core.models.functions.base import ParsedFunctions
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.core.tokenizer import QueryTokenizer, TOKEN_TYPE
+from app.translator.core.exceptions.parser import TokenizerGeneralException
 
 
 class Parser(ABC):
     mappings: BasePlatformMappings = None
     tokenizer: QueryTokenizer = None
     details: PlatformDetails = None
+    platform_functions: PlatformFunctions = None
 
     @abstractmethod
     def _get_meta_info(self, *args, **kwargs) -> MetaInfoContainer:
@@ -53,3 +56,9 @@ def get_tokens_and_source_mappings(self,
         self.tokenizer.set_field_generic_names_map(field_tokens, suitable_source_mappings, self.mappings)
 
         return tokens, suitable_source_mappings
+
+    def set_functions_fields_generic_names(self,
+                                           functions: ParsedFunctions,
+                                           source_mappings: List[SourceMapping]) -> None:
+        field_tokens = self.tokenizer.filter_function_tokens(tokens=functions.functions)
+        self.tokenizer.set_field_generic_names_map(field_tokens, source_mappings, self.mappings)
diff --git a/siem-converter/app/converter/core/parser_cti.py b/translator/app/translator/core/parser_cti.py
similarity index 96%
rename from siem-converter/app/converter/core/parser_cti.py
rename to translator/app/translator/core/parser_cti.py
index 4d33fe31..502594db 100644
--- a/siem-converter/app/converter/core/parser_cti.py
+++ b/translator/app/translator/core/parser_cti.py
@@ -4,8 +4,8 @@
 from typing import Optional, List
 from pydantic import BaseModel
 
-from app.converter.core.exceptions.iocs import IocsLimitExceededException, EmptyIOCSException
-from app.converter.tools.const import IP_IOC_REGEXP_PATTERN, DOMAIN_IOC_REGEXP_PATTERN, URL_IOC_REGEXP_PATTERN, \
+from app.translator.core.exceptions.iocs import IocsLimitExceededException, EmptyIOCSException
+from app.translator.tools.const import IP_IOC_REGEXP_PATTERN, DOMAIN_IOC_REGEXP_PATTERN, URL_IOC_REGEXP_PATTERN, \
     hash_regexes, IOCType, HashType, IocParsingRule, HASH_MAP
 
 
diff --git a/siem-converter/app/converter/core/render.py b/translator/app/translator/core/render.py
similarity index 82%
rename from siem-converter/app/converter/core/render.py
rename to translator/app/translator/core/render.py
index 966c80bd..ac910521 100644
--- a/siem-converter/app/converter/core/render.py
+++ b/translator/app/translator/core/render.py
@@ -20,14 +20,15 @@
 from abc import ABC
 from typing import Union, List, Dict
 
-from app.converter.core.exceptions.core import NotImplementedException, StrictPlatformException
-from app.converter.core.exceptions.parser import UnsupportedOperatorException
-from app.converter.core.mapping import BasePlatformMappings, SourceMapping, LogSourceSignature, DEFAULT_MAPPING_NAME
-from app.converter.core.models.field import Field, Keyword
-from app.converter.core.models.functions.types import ParsedFunctions
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.core.custom_types.tokens import LogicalOperatorType, OperatorType, GroupType
+from app.translator.core.exceptions.core import NotImplementedException, StrictPlatformException
+from app.translator.core.exceptions.parser import UnsupportedOperatorException
+from app.translator.core.functions import PlatformFunctions
+from app.translator.core.mapping import BasePlatformMappings, SourceMapping, LogSourceSignature, DEFAULT_MAPPING_NAME
+from app.translator.core.models.field import Field, Keyword
+from app.translator.core.models.functions.base import Function, ParsedFunctions
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.core.custom_types.tokens import LogicalOperatorType, OperatorType, GroupType
 
 
 class BaseQueryFieldValue(ABC):
@@ -72,6 +73,7 @@ class BaseQueryRender:
     mappings: BasePlatformMappings = None
     details: PlatformDetails = None
     is_strict_mapping = False
+    platform_functions: PlatformFunctions = None
 
     or_token = "or"
     and_token = "and"
@@ -99,8 +101,8 @@ def generate_prefix(self, log_source_signature: LogSourceSignature) -> str:
             return f"{str(log_source_signature)} {self.and_token}"
         return ""
 
-    def generate_functions(self, functions: list) -> str:
-        return ""
+    def generate_functions(self, functions: List[Function], source_mapping: SourceMapping) -> str:
+        return self.platform_functions.render(functions, source_mapping) if self.platform_functions else ""
 
     def map_field(self, field: Field, source_mapping: SourceMapping) -> List[str]:
         generic_field_name = field.generic_names_map[source_mapping.source_id]
@@ -140,14 +142,24 @@ def generate_query(self,
             result_values.append(self.apply_token(token=token, source_mapping=source_mapping))
         return "".join(result_values)
 
+    def wrap_query_with_meta_info(self, meta_info: MetaInfoContainer, query: str):
+        if meta_info and (meta_info.id or meta_info.title):
+            query_meta_info = "\n".join(
+                self.wrap_with_comment(f"{key}{value}")
+                for key, value in {"name: ": meta_info.title, "uuid: ": meta_info.id}.items() if value
+            )
+            query = f"{query}\n\n{query_meta_info}"
+        return query
+
     def finalize_query(self,
                        prefix: str,
                        query: str,
                        functions: str,
-                       meta_info: MetaInfoContainer,
+                       meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None,
                        not_supported_functions: list = None) -> str:
         query = self.query_pattern.format(prefix=prefix, query=query, functions=functions).strip()
+        query = self.wrap_query_with_meta_info(meta_info=meta_info, query=query)
         if not_supported_functions:
             rendered_not_supported = self.render_not_supported_functions(not_supported_functions)
             return query + rendered_not_supported
@@ -155,7 +167,7 @@ def finalize_query(self,
 
     def render_not_supported_functions(self, not_supported_functions: list) -> str:
         line_template = f"{self.comment_symbol} " if self.comment_symbol and self.is_multi_line_comment else ""
-        not_supported_functions_str = "\n".join(line_template + func for func in not_supported_functions)
+        not_supported_functions_str = "\n".join(line_template + func.lstrip() for func in not_supported_functions)
         return "\n\n" + self.wrap_with_comment(f"{self.unsupported_functions_text}\n{not_supported_functions_str}")
 
     def wrap_with_comment(self, value: str) -> str:
@@ -194,7 +206,7 @@ def generate(self, query: list, meta_info: MetaInfoContainer, functions: ParsedF
             finalized_query = self.finalize_query(
                 prefix=prefix,
                 query=result,
-                functions=self.generate_functions(functions.functions),
+                functions=self.generate_functions(functions.functions, source_mapping),
                 not_supported_functions=functions.not_supported,
                 meta_info=meta_info,
                 source_mapping=source_mapping
diff --git a/siem-converter/app/converter/core/render_cti.py b/translator/app/translator/core/render_cti.py
similarity index 97%
rename from siem-converter/app/converter/core/render_cti.py
rename to translator/app/translator/core/render_cti.py
index bf8d2c68..316d0d49 100644
--- a/siem-converter/app/converter/core/render_cti.py
+++ b/translator/app/translator/core/render_cti.py
@@ -19,7 +19,7 @@
 
 from typing import List
 
-from app.converter.core.models.iocs import IocsChunkValue
+from app.translator.core.models.iocs import IocsChunkValue
 
 
 class RenderCTI:
diff --git a/siem-converter/app/converter/core/tokenizer.py b/translator/app/translator/core/tokenizer.py
similarity index 88%
rename from siem-converter/app/converter/core/tokenizer.py
rename to translator/app/translator/core/tokenizer.py
index 9e41474a..5d72fe38 100644
--- a/siem-converter/app/converter/core/tokenizer.py
+++ b/translator/app/translator/core/tokenizer.py
@@ -16,24 +16,33 @@
 -----------------------------------------------------------------
 """
 
+from abc import ABC, abstractmethod
 import re
 from typing import Tuple, Union, List, Any, Optional, Type
 
-from app.converter.core.exceptions.parser import (
+from app.translator.core.exceptions.parser import (
     UnsupportedOperatorException,
     TokenizerGeneralException,
     QueryParenthesesException
 )
-from app.converter.core.mapping import SourceMapping, DEFAULT_MAPPING_NAME, BasePlatformMappings
-from app.converter.core.models.field import Field, Keyword
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.custom_types.tokens import OperatorType, GroupType
-from app.converter.tools.utils import get_match_group
+from app.translator.core.mapping import SourceMapping, DEFAULT_MAPPING_NAME, BasePlatformMappings
+from app.translator.core.models.field import Field, Keyword
+from app.translator.core.models.functions.base import Function
+from app.translator.core.models.functions.sort import SortArg
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.custom_types.tokens import OperatorType, GroupType
+from app.translator.tools.utils import get_match_group
 
 TOKEN_TYPE = Union[Field, Keyword, Identifier]
 
 
-class QueryTokenizer:
+class BaseTokenizer(ABC):
+    @abstractmethod
+    def tokenize(self, query: str) -> List[Union[Field, Keyword, Identifier]]:
+        raise NotImplementedError()
+
+
+class QueryTokenizer(BaseTokenizer):
     field_pattern = r"(?P<field_name>[a-zA-Z\._\-]+)"
     operator_pattern = r"\s?(?P<operator>and|or|not|AND|OR|NOT)\s?"
     field_value_pattern = r"""^___field___\s*___match_operator___\s*___value___"""
@@ -177,7 +186,7 @@ def search_field_value(self, query):
         field = self.create_field(field_name=field_name, operator=operator_token, value=value)
         return field, query
 
-    def __get_identifier(self, query: str) -> (list, str):
+    def __get_identifier(self, query: str) -> Tuple[Union[Field, Keyword, Identifier], str]:
         query = query.strip("\n").strip(" ").strip("\n")
         if query.startswith(GroupType.L_PAREN):
             return Identifier(token_type=GroupType.L_PAREN), query[1:]
@@ -220,6 +229,19 @@ def filter_tokens(tokens: List[TOKEN_TYPE],
                       token_type: Union[Type[Field], Type[Keyword], Type[Identifier]]) -> List[TOKEN_TYPE]:
         return [token for token in tokens if isinstance(token, token_type)]
 
+    def filter_function_tokens(self,
+                               tokens: List[Union[Field, Keyword, Identifier, Function, SortArg]]) -> List[TOKEN_TYPE]:
+        result = []
+        for token in tokens:
+            if isinstance(token, Field):
+                result.append(token)
+            elif isinstance(token, Function):
+                result.extend(self.filter_function_tokens(tokens=token.args))
+                result.extend(self.filter_function_tokens(tokens=token.by_clauses))
+            elif isinstance(token, SortArg):
+                result.append(token.field)
+        return result
+
     @staticmethod
     def set_field_generic_names_map(tokens: List[Field],
                                     source_mappings: List[SourceMapping],
diff --git a/siem-converter/app/converter/cti_converter.py b/translator/app/translator/cti_translator.py
similarity index 91%
rename from siem-converter/app/converter/cti_converter.py
rename to translator/app/translator/cti_translator.py
index a0070b1f..e359a555 100644
--- a/siem-converter/app/converter/cti_converter.py
+++ b/translator/app/translator/cti_translator.py
@@ -1,12 +1,12 @@
 import logging
 from typing import Dict, List
 
-from app.converter.const import CTI_MIN_LIMIT_QUERY
-from app.converter.core.models.iocs import IocsChunkValue
-from app.converter.core.parser_cti import CTIParser, Iocs
-from app.converter.core.render_cti import RenderCTI
-from app.converter.managers import RenderCTIManager, render_cti_manager
-from app.converter.tools.decorators import handle_translation_exceptions
+from app.translator.const import CTI_MIN_LIMIT_QUERY
+from app.translator.core.models.iocs import IocsChunkValue
+from app.translator.core.parser_cti import CTIParser, Iocs
+from app.translator.core.render_cti import RenderCTI
+from app.translator.managers import RenderCTIManager, render_cti_manager
+from app.translator.tools.decorators import handle_translation_exceptions
 from app.models.ioc_translation import CTIPlatform
 
 
diff --git a/siem-converter/app/converter/managers.py b/translator/app/translator/managers.py
similarity index 85%
rename from siem-converter/app/converter/managers.py
rename to translator/app/translator/managers.py
index 62bdd435..2142d3ca 100644
--- a/siem-converter/app/converter/managers.py
+++ b/translator/app/translator/managers.py
@@ -1,9 +1,9 @@
 from abc import ABC
 
-from app.converter.platforms import __ALL_PARSERS as PARSERS
-from app.converter.platforms import __ALL_RENDERS as RENDERS
-from app.converter.platforms import __ALL_RENDERS_CTI as RENDERS_CTI
-from app.converter.core.exceptions.core import UnsupportedRootAParser
+from app.translator.platforms import __ALL_PARSERS as PARSERS
+from app.translator.platforms import __ALL_RENDERS as RENDERS
+from app.translator.platforms import __ALL_RENDERS_CTI as RENDERS_CTI
+from app.translator.core.exceptions.core import UnsupportedRootAParser
 from app.models.translation import ConvertorPlatform
 
 
diff --git a/siem-converter/app/converter/platforms/athena/__init__.py b/translator/app/translator/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/athena/__init__.py
rename to translator/app/translator/mappings/__init__.py
diff --git a/siem-converter/app/converter/mappings/platforms/athena/aws_cloudtrail.yml b/translator/app/translator/mappings/platforms/athena/aws_cloudtrail.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/aws_cloudtrail.yml
rename to translator/app/translator/mappings/platforms/athena/aws_cloudtrail.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/default.yml b/translator/app/translator/mappings/platforms/athena/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/default.yml
rename to translator/app/translator/mappings/platforms/athena/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/linux_file_event.yml b/translator/app/translator/mappings/platforms/athena/linux_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/linux_file_event.yml
rename to translator/app/translator/mappings/platforms/athena/linux_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/linux_process_creation.yml b/translator/app/translator/mappings/platforms/athena/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/athena/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/macos_file_event.yml b/translator/app/translator/mappings/platforms/athena/macos_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/macos_file_event.yml
rename to translator/app/translator/mappings/platforms/athena/macos_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/macos_process_creation.yml b/translator/app/translator/mappings/platforms/athena/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/athena/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/windows_file_event.yml b/translator/app/translator/mappings/platforms/athena/windows_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/windows_file_event.yml
rename to translator/app/translator/mappings/platforms/athena/windows_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/windows_image_load.yml b/translator/app/translator/mappings/platforms/athena/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/athena/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/windows_process_creation.yml b/translator/app/translator/mappings/platforms/athena/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/athena/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/windows_registry_event.yml b/translator/app/translator/mappings/platforms/athena/windows_registry_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/windows_registry_event.yml
rename to translator/app/translator/mappings/platforms/athena/windows_registry_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/athena/windows_security.yml b/translator/app/translator/mappings/platforms/athena/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/athena/windows_security.yml
rename to translator/app/translator/mappings/platforms/athena/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/default.yml b/translator/app/translator/mappings/platforms/chronicle/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/default.yml
rename to translator/app/translator/mappings/platforms/chronicle/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_create_remote_thread.yml b/translator/app/translator/mappings/platforms/chronicle/windows_create_remote_thread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_create_remote_thread.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_create_remote_thread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_dns_query.yml b/translator/app/translator/mappings/platforms/chronicle/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_file_event.yml b/translator/app/translator/mappings/platforms/chronicle/windows_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_file_event.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_image_load.yml b/translator/app/translator/mappings/platforms/chronicle/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_network_connection.yml b/translator/app/translator/mappings/platforms/chronicle/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_pipe_created.yml b/translator/app/translator/mappings/platforms/chronicle/windows_pipe_created.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_pipe_created.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_pipe_created.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_process_access.yml b/translator/app/translator/mappings/platforms/chronicle/windows_process_access.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_process_access.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_process_access.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_process_creation.yml b/translator/app/translator/mappings/platforms/chronicle/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_registry_event.yml b/translator/app/translator/mappings/platforms/chronicle/windows_registry_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_registry_event.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_registry_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_security.yml b/translator/app/translator/mappings/platforms/chronicle/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_security.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/chronicle/windows_sysmon.yml b/translator/app/translator/mappings/platforms/chronicle/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/chronicle/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/chronicle/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/default.yml b/translator/app/translator/mappings/platforms/crowdstrike/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/default.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/linux_dns_query.yml b/translator/app/translator/mappings/platforms/crowdstrike/linux_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/linux_dns_query.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/linux_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/linux_network_connection.yml b/translator/app/translator/mappings/platforms/crowdstrike/linux_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/linux_network_connection.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/linux_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/linux_process_creation.yml b/translator/app/translator/mappings/platforms/crowdstrike/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/macos_dns_query.yml b/translator/app/translator/mappings/platforms/crowdstrike/macos_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/macos_dns_query.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/macos_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/macos_network_connection.yml b/translator/app/translator/mappings/platforms/crowdstrike/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/macos_process_creation.yml b/translator/app/translator/mappings/platforms/crowdstrike/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/windows_dns_query.yml b/translator/app/translator/mappings/platforms/crowdstrike/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/windows_driver_load.yml b/translator/app/translator/mappings/platforms/crowdstrike/windows_driver_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/windows_driver_load.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/windows_driver_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/windows_image_load.yml b/translator/app/translator/mappings/platforms/crowdstrike/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/windows_network_connection.yml b/translator/app/translator/mappings/platforms/crowdstrike/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/windows_process_creation.yml b/translator/app/translator/mappings/platforms/crowdstrike/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/windows_registry_event.yml b/translator/app/translator/mappings/platforms/crowdstrike/windows_registry_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/windows_registry_event.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/windows_registry_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/crowdstrike/windows_sysmon.yml b/translator/app/translator/mappings/platforms/crowdstrike/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/crowdstrike/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/crowdstrike/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/aws_cloudtrail.yml b/translator/app/translator/mappings/platforms/elasticsearch/aws_cloudtrail.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/aws_cloudtrail.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/aws_cloudtrail.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/aws_eks.yml b/translator/app/translator/mappings/platforms/elasticsearch/aws_eks.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/aws_eks.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/aws_eks.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/azure_AzureDiagnostics.yml b/translator/app/translator/mappings/platforms/elasticsearch/azure_AzureDiagnostics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/azure_AzureDiagnostics.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/azure_AzureDiagnostics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/azure_BehaviorAnalytics.yml b/translator/app/translator/mappings/platforms/elasticsearch/azure_BehaviorAnalytics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/azure_BehaviorAnalytics.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/azure_BehaviorAnalytics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/azure_aadnoninteractiveusersigninlogs.yml b/translator/app/translator/mappings/platforms/elasticsearch/azure_aadnoninteractiveusersigninlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/azure_aadnoninteractiveusersigninlogs.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/azure_aadnoninteractiveusersigninlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/azure_azureactivity.yml b/translator/app/translator/mappings/platforms/elasticsearch/azure_azureactivity.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/azure_azureactivity.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/azure_azureactivity.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/azure_azuread.yml b/translator/app/translator/mappings/platforms/elasticsearch/azure_azuread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/azure_azuread.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/azure_azuread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/azure_m365.yml b/translator/app/translator/mappings/platforms/elasticsearch/azure_m365.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/azure_m365.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/azure_m365.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/azure_signinlogs.yml b/translator/app/translator/mappings/platforms/elasticsearch/azure_signinlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/azure_signinlogs.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/azure_signinlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/default.yml b/translator/app/translator/mappings/platforms/elasticsearch/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/default.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/dns.yml b/translator/app/translator/mappings/platforms/elasticsearch/dns.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/dns.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/dns.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/firewall.yml b/translator/app/translator/mappings/platforms/elasticsearch/firewall.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/firewall.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/firewall.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/gcp_gcp.audit.yml b/translator/app/translator/mappings/platforms/elasticsearch/gcp_gcp.audit.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/gcp_gcp.audit.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/gcp_gcp.audit.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/gcp_pubsub.yml b/translator/app/translator/mappings/platforms/elasticsearch/gcp_pubsub.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/gcp_pubsub.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/gcp_pubsub.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/linux_auditd.yml b/translator/app/translator/mappings/platforms/elasticsearch/linux_auditd.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/linux_auditd.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/linux_auditd.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/linux_dns_query.yml b/translator/app/translator/mappings/platforms/elasticsearch/linux_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/linux_dns_query.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/linux_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/linux_process_creation.yml b/translator/app/translator/mappings/platforms/elasticsearch/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/macos_dns_query.yml b/translator/app/translator/mappings/platforms/elasticsearch/macos_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/macos_dns_query.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/macos_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/macos_network_connection.yml b/translator/app/translator/mappings/platforms/elasticsearch/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/macos_process_creation.yml b/translator/app/translator/mappings/platforms/elasticsearch/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/okta_okta.yml b/translator/app/translator/mappings/platforms/elasticsearch/okta_okta.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/okta_okta.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/okta_okta.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/proxy.yml b/translator/app/translator/mappings/platforms/elasticsearch/proxy.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/proxy.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/proxy.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/webserver.yml b/translator/app/translator/mappings/platforms/elasticsearch/webserver.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/webserver.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/webserver.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_bits_client.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_bits_client.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_bits_client.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_bits_client.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_dns_query.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_driver_load.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_driver_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_driver_load.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_driver_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_image_load.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_ldap_debug.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_ldap_debug.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_ldap_debug.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_ldap_debug.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_network_connection.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_ntlm.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_ntlm.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_ntlm.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_ntlm.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_powershell.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_powershell.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_powershell.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_powershell.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_process_creation.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_security.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_security.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_sysmon.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/elasticsearch/windows_wmi_event.yml b/translator/app/translator/mappings/platforms/elasticsearch/windows_wmi_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/elasticsearch/windows_wmi_event.yml
rename to translator/app/translator/mappings/platforms/elasticsearch/windows_wmi_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/aws_cloudtrail.yml b/translator/app/translator/mappings/platforms/logscale/aws_cloudtrail.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/aws_cloudtrail.yml
rename to translator/app/translator/mappings/platforms/logscale/aws_cloudtrail.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/aws_eks.yml b/translator/app/translator/mappings/platforms/logscale/aws_eks.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/aws_eks.yml
rename to translator/app/translator/mappings/platforms/logscale/aws_eks.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/azure_AzureDiagnostics.yml b/translator/app/translator/mappings/platforms/logscale/azure_AzureDiagnostics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/azure_AzureDiagnostics.yml
rename to translator/app/translator/mappings/platforms/logscale/azure_AzureDiagnostics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/azure_BehaviorAnalytics.yml b/translator/app/translator/mappings/platforms/logscale/azure_BehaviorAnalytics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/azure_BehaviorAnalytics.yml
rename to translator/app/translator/mappings/platforms/logscale/azure_BehaviorAnalytics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/azure_aadnoninteractiveusersigninlogs.yml b/translator/app/translator/mappings/platforms/logscale/azure_aadnoninteractiveusersigninlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/azure_aadnoninteractiveusersigninlogs.yml
rename to translator/app/translator/mappings/platforms/logscale/azure_aadnoninteractiveusersigninlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/azure_azureactivity.yml b/translator/app/translator/mappings/platforms/logscale/azure_azureactivity.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/azure_azureactivity.yml
rename to translator/app/translator/mappings/platforms/logscale/azure_azureactivity.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/azure_azuread.yml b/translator/app/translator/mappings/platforms/logscale/azure_azuread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/azure_azuread.yml
rename to translator/app/translator/mappings/platforms/logscale/azure_azuread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/azure_m365.yml b/translator/app/translator/mappings/platforms/logscale/azure_m365.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/azure_m365.yml
rename to translator/app/translator/mappings/platforms/logscale/azure_m365.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/azure_signinlogs.yml b/translator/app/translator/mappings/platforms/logscale/azure_signinlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/azure_signinlogs.yml
rename to translator/app/translator/mappings/platforms/logscale/azure_signinlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/default.yml b/translator/app/translator/mappings/platforms/logscale/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/default.yml
rename to translator/app/translator/mappings/platforms/logscale/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/dns.yml b/translator/app/translator/mappings/platforms/logscale/dns.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/dns.yml
rename to translator/app/translator/mappings/platforms/logscale/dns.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/firewall.yml b/translator/app/translator/mappings/platforms/logscale/firewall.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/firewall.yml
rename to translator/app/translator/mappings/platforms/logscale/firewall.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/gcp_gcp.audit.yml b/translator/app/translator/mappings/platforms/logscale/gcp_gcp.audit.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/gcp_gcp.audit.yml
rename to translator/app/translator/mappings/platforms/logscale/gcp_gcp.audit.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/gcp_pubsub.yml b/translator/app/translator/mappings/platforms/logscale/gcp_pubsub.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/gcp_pubsub.yml
rename to translator/app/translator/mappings/platforms/logscale/gcp_pubsub.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/linux_auditd.yml b/translator/app/translator/mappings/platforms/logscale/linux_auditd.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/linux_auditd.yml
rename to translator/app/translator/mappings/platforms/logscale/linux_auditd.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/linux_dns_query.yml b/translator/app/translator/mappings/platforms/logscale/linux_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/linux_dns_query.yml
rename to translator/app/translator/mappings/platforms/logscale/linux_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/linux_process_creation.yml b/translator/app/translator/mappings/platforms/logscale/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/logscale/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/macos_dns_query.yml b/translator/app/translator/mappings/platforms/logscale/macos_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/macos_dns_query.yml
rename to translator/app/translator/mappings/platforms/logscale/macos_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/macos_network_connection.yml b/translator/app/translator/mappings/platforms/logscale/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/logscale/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/macos_process_creation.yml b/translator/app/translator/mappings/platforms/logscale/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/logscale/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/okta_okta.yml b/translator/app/translator/mappings/platforms/logscale/okta_okta.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/okta_okta.yml
rename to translator/app/translator/mappings/platforms/logscale/okta_okta.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/proxy.yml b/translator/app/translator/mappings/platforms/logscale/proxy.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/proxy.yml
rename to translator/app/translator/mappings/platforms/logscale/proxy.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/webserver.yml b/translator/app/translator/mappings/platforms/logscale/webserver.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/webserver.yml
rename to translator/app/translator/mappings/platforms/logscale/webserver.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_application.yml b/translator/app/translator/mappings/platforms/logscale/windows_application.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_application.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_application.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_bits_client.yml b/translator/app/translator/mappings/platforms/logscale/windows_bits_client.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_bits_client.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_bits_client.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_create_remote_thread.yml b/translator/app/translator/mappings/platforms/logscale/windows_create_remote_thread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_create_remote_thread.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_create_remote_thread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_create_stream_hash.yml b/translator/app/translator/mappings/platforms/logscale/windows_create_stream_hash.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_create_stream_hash.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_create_stream_hash.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_dns_query.yml b/translator/app/translator/mappings/platforms/logscale/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_driver_load.yml b/translator/app/translator/mappings/platforms/logscale/windows_driver_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_driver_load.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_driver_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_file_event.yml b/translator/app/translator/mappings/platforms/logscale/windows_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_file_event.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_image_load.yml b/translator/app/translator/mappings/platforms/logscale/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_ldap_debug.yml b/translator/app/translator/mappings/platforms/logscale/windows_ldap_debug.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_ldap_debug.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_ldap_debug.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_network_connection.yml b/translator/app/translator/mappings/platforms/logscale/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_ntlm.yml b/translator/app/translator/mappings/platforms/logscale/windows_ntlm.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_ntlm.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_ntlm.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_pipe_created.yml b/translator/app/translator/mappings/platforms/logscale/windows_pipe_created.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_pipe_created.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_pipe_created.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_powershell.yml b/translator/app/translator/mappings/platforms/logscale/windows_powershell.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_powershell.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_powershell.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_process_access.yml b/translator/app/translator/mappings/platforms/logscale/windows_process_access.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_process_access.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_process_access.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_process_creation.yml b/translator/app/translator/mappings/platforms/logscale/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_raw_access_thread.yml b/translator/app/translator/mappings/platforms/logscale/windows_raw_access_thread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_raw_access_thread.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_raw_access_thread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_registry_event.yml b/translator/app/translator/mappings/platforms/logscale/windows_registry_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_registry_event.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_registry_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_security.yml b/translator/app/translator/mappings/platforms/logscale/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_security.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_sysmon.yml b/translator/app/translator/mappings/platforms/logscale/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_system.yml b/translator/app/translator/mappings/platforms/logscale/windows_system.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_system.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_system.yml
diff --git a/siem-converter/app/converter/mappings/platforms/logscale/windows_wmi_event.yml b/translator/app/translator/mappings/platforms/logscale/windows_wmi_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/logscale/windows_wmi_event.yml
rename to translator/app/translator/mappings/platforms/logscale/windows_wmi_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/default.yml b/translator/app/translator/mappings/platforms/microsoft_defender/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/default.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/linux_file_event.yml b/translator/app/translator/mappings/platforms/microsoft_defender/linux_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/linux_file_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/linux_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/linux_network_connection.yml b/translator/app/translator/mappings/platforms/microsoft_defender/linux_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/linux_network_connection.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/linux_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/macos_file_event.yml b/translator/app/translator/mappings/platforms/microsoft_defender/macos_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/macos_file_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/macos_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/macos_network_connection.yml b/translator/app/translator/mappings/platforms/microsoft_defender/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/macos_process_creation.yml b/translator/app/translator/mappings/platforms/microsoft_defender/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_file_event.yml b/translator/app/translator/mappings/platforms/microsoft_defender/windows_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_file_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/windows_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_image_load.yml b/translator/app/translator/mappings/platforms/microsoft_defender/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_network_connection.yml b/translator/app/translator/mappings/platforms/microsoft_defender/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_process_creation.yml b/translator/app/translator/mappings/platforms/microsoft_defender/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_registry_event.yml b/translator/app/translator/mappings/platforms/microsoft_defender/windows_registry_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_registry_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/windows_registry_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_sysmon.yml b/translator/app/translator/mappings/platforms/microsoft_defender/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_defender/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/microsoft_defender/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/aws_cloudtrail.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/aws_cloudtrail.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/aws_cloudtrail.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/aws_cloudtrail.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/aws_eks.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/aws_eks.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/aws_eks.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/aws_eks.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_AzureDiagnostics.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_AzureDiagnostics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_AzureDiagnostics.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_AzureDiagnostics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_BehaviorAnalytics.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_BehaviorAnalytics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_BehaviorAnalytics.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_BehaviorAnalytics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_aadnoninteractiveusersigninlogs.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_aadnoninteractiveusersigninlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_aadnoninteractiveusersigninlogs.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_aadnoninteractiveusersigninlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_azureactivity.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_azureactivity.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_azureactivity.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_azureactivity.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_azuread.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_azuread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_azuread.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_azuread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_m365.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_m365.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_m365.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_m365.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_o365.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_o365.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_o365.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_o365.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_office365.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_office365.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_office365.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_office365.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_signlogs.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/azure_signlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/azure_signlogs.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/azure_signlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/default.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/default.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_auidt.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/linux_auidt.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_auidt.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/linux_auidt.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_dns_query.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/linux_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_dns_query.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/linux_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_file_event.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/linux_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_file_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/linux_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_network_connection.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/linux_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_network_connection.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/linux_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_process_creation.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/macos_file_event.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/macos_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/macos_file_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/macos_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/macos_network_connection.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/macos_process_creation.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/okta_okta.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/okta_okta.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/okta_okta.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/okta_okta.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_bits_client.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_bits_client.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_bits_client.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_bits_client.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_dns_query.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_driver_load.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_driver_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_driver_load.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_driver_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_file_event.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_file_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_image_load.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_ldap_debug.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_ldap_debug.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_ldap_debug.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_ldap_debug.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_network_connection.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_ntlm.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_ntlm.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_ntlm.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_ntlm.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_powershell.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_powershell.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_powershell.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_powershell.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_process_creation.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_registry_event.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_registry_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_registry_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_registry_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_security.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_security.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_sysmon.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_wmi_event.yml b/translator/app/translator/mappings/platforms/microsoft_sentinel/windows_wmi_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/microsoft_sentinel/windows_wmi_event.yml
rename to translator/app/translator/mappings/platforms/microsoft_sentinel/windows_wmi_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/aws_cloudtrail.yml b/translator/app/translator/mappings/platforms/opensearch/aws_cloudtrail.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/aws_cloudtrail.yml
rename to translator/app/translator/mappings/platforms/opensearch/aws_cloudtrail.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/aws_eks.yml b/translator/app/translator/mappings/platforms/opensearch/aws_eks.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/aws_eks.yml
rename to translator/app/translator/mappings/platforms/opensearch/aws_eks.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/azure_AzureDiagnostics.yml b/translator/app/translator/mappings/platforms/opensearch/azure_AzureDiagnostics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/azure_AzureDiagnostics.yml
rename to translator/app/translator/mappings/platforms/opensearch/azure_AzureDiagnostics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/azure_BehaviorAnalytics.yml b/translator/app/translator/mappings/platforms/opensearch/azure_BehaviorAnalytics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/azure_BehaviorAnalytics.yml
rename to translator/app/translator/mappings/platforms/opensearch/azure_BehaviorAnalytics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/azure_aadnoninteractiveusersigninlogs.yml b/translator/app/translator/mappings/platforms/opensearch/azure_aadnoninteractiveusersigninlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/azure_aadnoninteractiveusersigninlogs.yml
rename to translator/app/translator/mappings/platforms/opensearch/azure_aadnoninteractiveusersigninlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/azure_azureactivity.yml b/translator/app/translator/mappings/platforms/opensearch/azure_azureactivity.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/azure_azureactivity.yml
rename to translator/app/translator/mappings/platforms/opensearch/azure_azureactivity.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/azure_azuread.yml b/translator/app/translator/mappings/platforms/opensearch/azure_azuread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/azure_azuread.yml
rename to translator/app/translator/mappings/platforms/opensearch/azure_azuread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/azure_m365.yml b/translator/app/translator/mappings/platforms/opensearch/azure_m365.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/azure_m365.yml
rename to translator/app/translator/mappings/platforms/opensearch/azure_m365.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/azure_signinlogs.yml b/translator/app/translator/mappings/platforms/opensearch/azure_signinlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/azure_signinlogs.yml
rename to translator/app/translator/mappings/platforms/opensearch/azure_signinlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/default.yml b/translator/app/translator/mappings/platforms/opensearch/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/default.yml
rename to translator/app/translator/mappings/platforms/opensearch/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/dns.yml b/translator/app/translator/mappings/platforms/opensearch/dns.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/dns.yml
rename to translator/app/translator/mappings/platforms/opensearch/dns.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/firewall.yml b/translator/app/translator/mappings/platforms/opensearch/firewall.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/firewall.yml
rename to translator/app/translator/mappings/platforms/opensearch/firewall.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/gcp_gcp.audit.yml b/translator/app/translator/mappings/platforms/opensearch/gcp_gcp.audit.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/gcp_gcp.audit.yml
rename to translator/app/translator/mappings/platforms/opensearch/gcp_gcp.audit.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/gcp_pubsub.yml b/translator/app/translator/mappings/platforms/opensearch/gcp_pubsub.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/gcp_pubsub.yml
rename to translator/app/translator/mappings/platforms/opensearch/gcp_pubsub.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/linux_auditd.yml b/translator/app/translator/mappings/platforms/opensearch/linux_auditd.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/linux_auditd.yml
rename to translator/app/translator/mappings/platforms/opensearch/linux_auditd.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/linux_dns_query.yml b/translator/app/translator/mappings/platforms/opensearch/linux_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/linux_dns_query.yml
rename to translator/app/translator/mappings/platforms/opensearch/linux_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/linux_process_creation.yml b/translator/app/translator/mappings/platforms/opensearch/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/opensearch/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/macos_dns_query.yml b/translator/app/translator/mappings/platforms/opensearch/macos_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/macos_dns_query.yml
rename to translator/app/translator/mappings/platforms/opensearch/macos_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/macos_network_connection.yml b/translator/app/translator/mappings/platforms/opensearch/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/opensearch/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/macos_process_creation.yml b/translator/app/translator/mappings/platforms/opensearch/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/opensearch/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/okta_okta.yml b/translator/app/translator/mappings/platforms/opensearch/okta_okta.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/okta_okta.yml
rename to translator/app/translator/mappings/platforms/opensearch/okta_okta.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/proxy.yml b/translator/app/translator/mappings/platforms/opensearch/proxy.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/proxy.yml
rename to translator/app/translator/mappings/platforms/opensearch/proxy.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/webserver.yml b/translator/app/translator/mappings/platforms/opensearch/webserver.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/webserver.yml
rename to translator/app/translator/mappings/platforms/opensearch/webserver.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_bits_client.yml b/translator/app/translator/mappings/platforms/opensearch/windows_bits_client.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_bits_client.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_bits_client.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_dns_query.yml b/translator/app/translator/mappings/platforms/opensearch/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_driver_load.yml b/translator/app/translator/mappings/platforms/opensearch/windows_driver_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_driver_load.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_driver_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_image_load.yml b/translator/app/translator/mappings/platforms/opensearch/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_ldap_debug.yml b/translator/app/translator/mappings/platforms/opensearch/windows_ldap_debug.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_ldap_debug.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_ldap_debug.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_network_connection.yml b/translator/app/translator/mappings/platforms/opensearch/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_ntlm.yml b/translator/app/translator/mappings/platforms/opensearch/windows_ntlm.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_ntlm.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_ntlm.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_powershell.yml b/translator/app/translator/mappings/platforms/opensearch/windows_powershell.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_powershell.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_powershell.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_process_creation.yml b/translator/app/translator/mappings/platforms/opensearch/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_security.yml b/translator/app/translator/mappings/platforms/opensearch/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_security.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_sysmon.yml b/translator/app/translator/mappings/platforms/opensearch/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/opensearch/windows_wmi_event.yml b/translator/app/translator/mappings/platforms/opensearch/windows_wmi_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/opensearch/windows_wmi_event.yml
rename to translator/app/translator/mappings/platforms/opensearch/windows_wmi_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/aws_cloudtrail.yml b/translator/app/translator/mappings/platforms/qradar/aws_cloudtrail.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/aws_cloudtrail.yml
rename to translator/app/translator/mappings/platforms/qradar/aws_cloudtrail.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/aws_eks.yml b/translator/app/translator/mappings/platforms/qradar/aws_eks.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/aws_eks.yml
rename to translator/app/translator/mappings/platforms/qradar/aws_eks.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/azure_azureactivity.yml b/translator/app/translator/mappings/platforms/qradar/azure_azureactivity.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/azure_azureactivity.yml
rename to translator/app/translator/mappings/platforms/qradar/azure_azureactivity.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/azure_azuread.yml b/translator/app/translator/mappings/platforms/qradar/azure_azuread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/azure_azuread.yml
rename to translator/app/translator/mappings/platforms/qradar/azure_azuread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/azure_m365.yml b/translator/app/translator/mappings/platforms/qradar/azure_m365.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/azure_m365.yml
rename to translator/app/translator/mappings/platforms/qradar/azure_m365.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/azure_signinlogs.yml b/translator/app/translator/mappings/platforms/qradar/azure_signinlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/azure_signinlogs.yml
rename to translator/app/translator/mappings/platforms/qradar/azure_signinlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/default.yml b/translator/app/translator/mappings/platforms/qradar/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/default.yml
rename to translator/app/translator/mappings/platforms/qradar/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/dns.yml b/translator/app/translator/mappings/platforms/qradar/dns.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/dns.yml
rename to translator/app/translator/mappings/platforms/qradar/dns.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/firewall.yml b/translator/app/translator/mappings/platforms/qradar/firewall.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/firewall.yml
rename to translator/app/translator/mappings/platforms/qradar/firewall.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/gcp_gcp.audit.yml b/translator/app/translator/mappings/platforms/qradar/gcp_gcp.audit.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/gcp_gcp.audit.yml
rename to translator/app/translator/mappings/platforms/qradar/gcp_gcp.audit.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/linux_auditd.yml b/translator/app/translator/mappings/platforms/qradar/linux_auditd.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/linux_auditd.yml
rename to translator/app/translator/mappings/platforms/qradar/linux_auditd.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/linux_dns_query.yml b/translator/app/translator/mappings/platforms/qradar/linux_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/linux_dns_query.yml
rename to translator/app/translator/mappings/platforms/qradar/linux_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/linux_file_event.yml b/translator/app/translator/mappings/platforms/qradar/linux_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/linux_file_event.yml
rename to translator/app/translator/mappings/platforms/qradar/linux_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/linux_network_connection.yml b/translator/app/translator/mappings/platforms/qradar/linux_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/linux_network_connection.yml
rename to translator/app/translator/mappings/platforms/qradar/linux_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/linux_process_creation.yml b/translator/app/translator/mappings/platforms/qradar/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/qradar/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/macos_dns_query.yml b/translator/app/translator/mappings/platforms/qradar/macos_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/macos_dns_query.yml
rename to translator/app/translator/mappings/platforms/qradar/macos_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/macos_file_event.yml b/translator/app/translator/mappings/platforms/qradar/macos_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/macos_file_event.yml
rename to translator/app/translator/mappings/platforms/qradar/macos_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/macos_network_connection.yml b/translator/app/translator/mappings/platforms/qradar/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/qradar/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/macos_process_creation.yml b/translator/app/translator/mappings/platforms/qradar/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/qradar/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/okta_okta.yml b/translator/app/translator/mappings/platforms/qradar/okta_okta.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/okta_okta.yml
rename to translator/app/translator/mappings/platforms/qradar/okta_okta.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/proxy.yml b/translator/app/translator/mappings/platforms/qradar/proxy.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/proxy.yml
rename to translator/app/translator/mappings/platforms/qradar/proxy.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/webserver.yml b/translator/app/translator/mappings/platforms/qradar/webserver.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/webserver.yml
rename to translator/app/translator/mappings/platforms/qradar/webserver.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_application.yml b/translator/app/translator/mappings/platforms/qradar/windows_application.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_application.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_application.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_create_remote_thread.yml b/translator/app/translator/mappings/platforms/qradar/windows_create_remote_thread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_create_remote_thread.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_create_remote_thread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_create_stream_hash.yml b/translator/app/translator/mappings/platforms/qradar/windows_create_stream_hash.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_create_stream_hash.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_create_stream_hash.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_dns_query.yml b/translator/app/translator/mappings/platforms/qradar/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_driver_load.yml b/translator/app/translator/mappings/platforms/qradar/windows_driver_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_driver_load.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_driver_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_file_event.yml b/translator/app/translator/mappings/platforms/qradar/windows_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_file_event.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_image_load.yml b/translator/app/translator/mappings/platforms/qradar/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_ldap_debug.yml b/translator/app/translator/mappings/platforms/qradar/windows_ldap_debug.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_ldap_debug.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_ldap_debug.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_network_connection.yml b/translator/app/translator/mappings/platforms/qradar/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_ntlm.yml b/translator/app/translator/mappings/platforms/qradar/windows_ntlm.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_ntlm.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_ntlm.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_pipe_created.yml b/translator/app/translator/mappings/platforms/qradar/windows_pipe_created.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_pipe_created.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_pipe_created.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_powershell.yml b/translator/app/translator/mappings/platforms/qradar/windows_powershell.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_powershell.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_powershell.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_process_access.yml b/translator/app/translator/mappings/platforms/qradar/windows_process_access.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_process_access.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_process_access.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_process_creation.yml b/translator/app/translator/mappings/platforms/qradar/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_raw_access_thread.yml b/translator/app/translator/mappings/platforms/qradar/windows_raw_access_thread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_raw_access_thread.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_raw_access_thread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_registry_event.yml b/translator/app/translator/mappings/platforms/qradar/windows_registry_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_registry_event.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_registry_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_security.yml b/translator/app/translator/mappings/platforms/qradar/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_security.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_sysmon.yml b/translator/app/translator/mappings/platforms/qradar/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_system.yml b/translator/app/translator/mappings/platforms/qradar/windows_system.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_system.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_system.yml
diff --git a/siem-converter/app/converter/mappings/platforms/qradar/windows_wmi_event.yml b/translator/app/translator/mappings/platforms/qradar/windows_wmi_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/qradar/windows_wmi_event.yml
rename to translator/app/translator/mappings/platforms/qradar/windows_wmi_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/aws_cloudtrail.yml b/translator/app/translator/mappings/platforms/sigma/aws_cloudtrail.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/aws_cloudtrail.yml
rename to translator/app/translator/mappings/platforms/sigma/aws_cloudtrail.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/aws_eks.yml b/translator/app/translator/mappings/platforms/sigma/aws_eks.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/aws_eks.yml
rename to translator/app/translator/mappings/platforms/sigma/aws_eks.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/azure_AzureDiagnostics.yml b/translator/app/translator/mappings/platforms/sigma/azure_AzureDiagnostics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/azure_AzureDiagnostics.yml
rename to translator/app/translator/mappings/platforms/sigma/azure_AzureDiagnostics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/azure_BehaviorAnalytics.yml b/translator/app/translator/mappings/platforms/sigma/azure_BehaviorAnalytics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/azure_BehaviorAnalytics.yml
rename to translator/app/translator/mappings/platforms/sigma/azure_BehaviorAnalytics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/azure_aadnoninteractiveusersigninlogs.yml b/translator/app/translator/mappings/platforms/sigma/azure_aadnoninteractiveusersigninlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/azure_aadnoninteractiveusersigninlogs.yml
rename to translator/app/translator/mappings/platforms/sigma/azure_aadnoninteractiveusersigninlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/azure_azureactivity.yml b/translator/app/translator/mappings/platforms/sigma/azure_azureactivity.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/azure_azureactivity.yml
rename to translator/app/translator/mappings/platforms/sigma/azure_azureactivity.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/azure_azuread.yml b/translator/app/translator/mappings/platforms/sigma/azure_azuread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/azure_azuread.yml
rename to translator/app/translator/mappings/platforms/sigma/azure_azuread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/azure_m365.yml b/translator/app/translator/mappings/platforms/sigma/azure_m365.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/azure_m365.yml
rename to translator/app/translator/mappings/platforms/sigma/azure_m365.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/azure_signinlogs.yml b/translator/app/translator/mappings/platforms/sigma/azure_signinlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/azure_signinlogs.yml
rename to translator/app/translator/mappings/platforms/sigma/azure_signinlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/default.yml b/translator/app/translator/mappings/platforms/sigma/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/default.yml
rename to translator/app/translator/mappings/platforms/sigma/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/dns.yml b/translator/app/translator/mappings/platforms/sigma/dns.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/dns.yml
rename to translator/app/translator/mappings/platforms/sigma/dns.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/firewall.yml b/translator/app/translator/mappings/platforms/sigma/firewall.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/firewall.yml
rename to translator/app/translator/mappings/platforms/sigma/firewall.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/gcp_gcp.audit.yml b/translator/app/translator/mappings/platforms/sigma/gcp_gcp.audit.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/gcp_gcp.audit.yml
rename to translator/app/translator/mappings/platforms/sigma/gcp_gcp.audit.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/gcp_pubsub.yml b/translator/app/translator/mappings/platforms/sigma/gcp_pubsub.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/gcp_pubsub.yml
rename to translator/app/translator/mappings/platforms/sigma/gcp_pubsub.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/linux_auditd.yml b/translator/app/translator/mappings/platforms/sigma/linux_auditd.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/linux_auditd.yml
rename to translator/app/translator/mappings/platforms/sigma/linux_auditd.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/linux_dns_query.yml b/translator/app/translator/mappings/platforms/sigma/linux_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/linux_dns_query.yml
rename to translator/app/translator/mappings/platforms/sigma/linux_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/linux_network_connection.yml b/translator/app/translator/mappings/platforms/sigma/linux_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/linux_network_connection.yml
rename to translator/app/translator/mappings/platforms/sigma/linux_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/linux_process_creation.yml b/translator/app/translator/mappings/platforms/sigma/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/sigma/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/macos_dns_query.yml b/translator/app/translator/mappings/platforms/sigma/macos_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/macos_dns_query.yml
rename to translator/app/translator/mappings/platforms/sigma/macos_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/macos_network_connection.yml b/translator/app/translator/mappings/platforms/sigma/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/sigma/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/macos_process_creation.yml b/translator/app/translator/mappings/platforms/sigma/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/sigma/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/okta_okta.yml b/translator/app/translator/mappings/platforms/sigma/okta_okta.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/okta_okta.yml
rename to translator/app/translator/mappings/platforms/sigma/okta_okta.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/proxy.yml b/translator/app/translator/mappings/platforms/sigma/proxy.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/proxy.yml
rename to translator/app/translator/mappings/platforms/sigma/proxy.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/webserver.yml b/translator/app/translator/mappings/platforms/sigma/webserver.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/webserver.yml
rename to translator/app/translator/mappings/platforms/sigma/webserver.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_bits_client.yml b/translator/app/translator/mappings/platforms/sigma/windows_bits_client.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_bits_client.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_bits_client.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_dns_query.yml b/translator/app/translator/mappings/platforms/sigma/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_driver_load.yml b/translator/app/translator/mappings/platforms/sigma/windows_driver_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_driver_load.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_driver_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_image_load.yml b/translator/app/translator/mappings/platforms/sigma/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_ldap_debug.yml b/translator/app/translator/mappings/platforms/sigma/windows_ldap_debug.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_ldap_debug.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_ldap_debug.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_network_connection.yml b/translator/app/translator/mappings/platforms/sigma/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_ntlm.yml b/translator/app/translator/mappings/platforms/sigma/windows_ntlm.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_ntlm.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_ntlm.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_powershell.yml b/translator/app/translator/mappings/platforms/sigma/windows_powershell.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_powershell.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_powershell.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_process_creation.yml b/translator/app/translator/mappings/platforms/sigma/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_security.yml b/translator/app/translator/mappings/platforms/sigma/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_security.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_sysmon.yml b/translator/app/translator/mappings/platforms/sigma/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/sigma/windows_wmi_event.yml b/translator/app/translator/mappings/platforms/sigma/windows_wmi_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/sigma/windows_wmi_event.yml
rename to translator/app/translator/mappings/platforms/sigma/windows_wmi_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/aws_cloudtrail.yml b/translator/app/translator/mappings/platforms/splunk/aws_cloudtrail.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/aws_cloudtrail.yml
rename to translator/app/translator/mappings/platforms/splunk/aws_cloudtrail.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/aws_eks.yml b/translator/app/translator/mappings/platforms/splunk/aws_eks.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/aws_eks.yml
rename to translator/app/translator/mappings/platforms/splunk/aws_eks.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/azure_AzureDiagnostics.yml b/translator/app/translator/mappings/platforms/splunk/azure_AzureDiagnostics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/azure_AzureDiagnostics.yml
rename to translator/app/translator/mappings/platforms/splunk/azure_AzureDiagnostics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/azure_BehaviorAnalytics.yml b/translator/app/translator/mappings/platforms/splunk/azure_BehaviorAnalytics.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/azure_BehaviorAnalytics.yml
rename to translator/app/translator/mappings/platforms/splunk/azure_BehaviorAnalytics.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/azure_aadnoninteractiveusersigninlogs.yml b/translator/app/translator/mappings/platforms/splunk/azure_aadnoninteractiveusersigninlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/azure_aadnoninteractiveusersigninlogs.yml
rename to translator/app/translator/mappings/platforms/splunk/azure_aadnoninteractiveusersigninlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/azure_azureactivity.yml b/translator/app/translator/mappings/platforms/splunk/azure_azureactivity.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/azure_azureactivity.yml
rename to translator/app/translator/mappings/platforms/splunk/azure_azureactivity.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/azure_azuread.yml b/translator/app/translator/mappings/platforms/splunk/azure_azuread.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/azure_azuread.yml
rename to translator/app/translator/mappings/platforms/splunk/azure_azuread.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/azure_signinlogs.yml b/translator/app/translator/mappings/platforms/splunk/azure_signinlogs.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/azure_signinlogs.yml
rename to translator/app/translator/mappings/platforms/splunk/azure_signinlogs.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/default.yml b/translator/app/translator/mappings/platforms/splunk/default.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/default.yml
rename to translator/app/translator/mappings/platforms/splunk/default.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/gcp_gcp.audit.yml b/translator/app/translator/mappings/platforms/splunk/gcp_gcp.audit.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/gcp_gcp.audit.yml
rename to translator/app/translator/mappings/platforms/splunk/gcp_gcp.audit.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/gcp_pubsub.yml b/translator/app/translator/mappings/platforms/splunk/gcp_pubsub.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/gcp_pubsub.yml
rename to translator/app/translator/mappings/platforms/splunk/gcp_pubsub.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_auditd.yml b/translator/app/translator/mappings/platforms/splunk/linux_auditd.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_auditd.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_auditd.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_dns_query.yml b/translator/app/translator/mappings/platforms/splunk/linux_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_dns_query.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_file_access.yml b/translator/app/translator/mappings/platforms/splunk/linux_file_access.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_file_access.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_file_access.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_file_change.yml b/translator/app/translator/mappings/platforms/splunk/linux_file_change.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_file_change.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_file_change.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_file_create.yml b/translator/app/translator/mappings/platforms/splunk/linux_file_create.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_file_create.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_file_create.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_file_delete.yml b/translator/app/translator/mappings/platforms/splunk/linux_file_delete.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_file_delete.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_file_delete.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_file_event.yml b/translator/app/translator/mappings/platforms/splunk/linux_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_file_event.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_file_rename.yml b/translator/app/translator/mappings/platforms/splunk/linux_file_rename.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_file_rename.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_file_rename.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_network_connection.yml b/translator/app/translator/mappings/platforms/splunk/linux_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_network_connection.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/linux_process_creation.yml b/translator/app/translator/mappings/platforms/splunk/linux_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/linux_process_creation.yml
rename to translator/app/translator/mappings/platforms/splunk/linux_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/macos_dns_query.yml b/translator/app/translator/mappings/platforms/splunk/macos_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/macos_dns_query.yml
rename to translator/app/translator/mappings/platforms/splunk/macos_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/macos_file_access.yml b/translator/app/translator/mappings/platforms/splunk/macos_file_access.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/macos_file_access.yml
rename to translator/app/translator/mappings/platforms/splunk/macos_file_access.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/macos_file_change.yml b/translator/app/translator/mappings/platforms/splunk/macos_file_change.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/macos_file_change.yml
rename to translator/app/translator/mappings/platforms/splunk/macos_file_change.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/macos_file_delete.yml b/translator/app/translator/mappings/platforms/splunk/macos_file_delete.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/macos_file_delete.yml
rename to translator/app/translator/mappings/platforms/splunk/macos_file_delete.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/macos_file_event.yml b/translator/app/translator/mappings/platforms/splunk/macos_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/macos_file_event.yml
rename to translator/app/translator/mappings/platforms/splunk/macos_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/macos_file_rename.yml b/translator/app/translator/mappings/platforms/splunk/macos_file_rename.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/macos_file_rename.yml
rename to translator/app/translator/mappings/platforms/splunk/macos_file_rename.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/macos_network_connection.yml b/translator/app/translator/mappings/platforms/splunk/macos_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/macos_network_connection.yml
rename to translator/app/translator/mappings/platforms/splunk/macos_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/macos_process_creation.yml b/translator/app/translator/mappings/platforms/splunk/macos_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/macos_process_creation.yml
rename to translator/app/translator/mappings/platforms/splunk/macos_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/okta_okta.yml b/translator/app/translator/mappings/platforms/splunk/okta_okta.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/okta_okta.yml
rename to translator/app/translator/mappings/platforms/splunk/okta_okta.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_bits_client.yml b/translator/app/translator/mappings/platforms/splunk/windows_bits_client.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_bits_client.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_bits_client.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_dns_query.yml b/translator/app/translator/mappings/platforms/splunk/windows_dns_query.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_dns_query.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_dns_query.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_driver_load.yml b/translator/app/translator/mappings/platforms/splunk/windows_driver_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_driver_load.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_driver_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_file_access.yml b/translator/app/translator/mappings/platforms/splunk/windows_file_access.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_file_access.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_file_access.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_file_change.yml b/translator/app/translator/mappings/platforms/splunk/windows_file_change.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_file_change.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_file_change.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_file_create.yml b/translator/app/translator/mappings/platforms/splunk/windows_file_create.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_file_create.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_file_create.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_file_delete.yml b/translator/app/translator/mappings/platforms/splunk/windows_file_delete.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_file_delete.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_file_delete.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_file_event.yml b/translator/app/translator/mappings/platforms/splunk/windows_file_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_file_event.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_file_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_file_rename.yml b/translator/app/translator/mappings/platforms/splunk/windows_file_rename.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_file_rename.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_file_rename.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_image_load.yml b/translator/app/translator/mappings/platforms/splunk/windows_image_load.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_image_load.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_image_load.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_ldap_debug.yml b/translator/app/translator/mappings/platforms/splunk/windows_ldap_debug.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_ldap_debug.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_ldap_debug.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_network_connection.yml b/translator/app/translator/mappings/platforms/splunk/windows_network_connection.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_network_connection.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_network_connection.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_ntlm.yml b/translator/app/translator/mappings/platforms/splunk/windows_ntlm.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_ntlm.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_ntlm.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_powershell.yml b/translator/app/translator/mappings/platforms/splunk/windows_powershell.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_powershell.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_powershell.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_process_creation.yml b/translator/app/translator/mappings/platforms/splunk/windows_process_creation.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_process_creation.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_process_creation.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_registry_event.yml b/translator/app/translator/mappings/platforms/splunk/windows_registry_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_registry_event.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_registry_event.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_security.yml b/translator/app/translator/mappings/platforms/splunk/windows_security.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_security.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_security.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_sysmon.yml b/translator/app/translator/mappings/platforms/splunk/windows_sysmon.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_sysmon.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_sysmon.yml
diff --git a/siem-converter/app/converter/mappings/platforms/splunk/windows_wmi_event.yml b/translator/app/translator/mappings/platforms/splunk/windows_wmi_event.yml
similarity index 100%
rename from siem-converter/app/converter/mappings/platforms/splunk/windows_wmi_event.yml
rename to translator/app/translator/mappings/platforms/splunk/windows_wmi_event.yml
diff --git a/siem-converter/app/converter/platforms/athena/mappings/__init__.py b/translator/app/translator/mappings/utils/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/athena/mappings/__init__.py
rename to translator/app/translator/mappings/utils/__init__.py
diff --git a/siem-converter/app/converter/mappings/utils/load_from_files.py b/translator/app/translator/mappings/utils/load_from_files.py
similarity index 94%
rename from siem-converter/app/converter/mappings/utils/load_from_files.py
rename to translator/app/translator/mappings/utils/load_from_files.py
index 3a1729f8..682545ba 100644
--- a/siem-converter/app/converter/mappings/utils/load_from_files.py
+++ b/translator/app/translator/mappings/utils/load_from_files.py
@@ -2,7 +2,7 @@
 
 import yaml
 
-from app.converter.const import APP_PATH
+from app.translator.const import APP_PATH
 
 
 class LoaderFileMappings:
diff --git a/translator/app/translator/platforms/__init__.py b/translator/app/translator/platforms/__init__.py
new file mode 100644
index 00000000..faf59e40
--- /dev/null
+++ b/translator/app/translator/platforms/__init__.py
@@ -0,0 +1,122 @@
+from app.translator.platforms.athena.parsers.athena import AthenaParser
+from app.translator.platforms.athena.renders.athena import AthenaQueryRender
+from app.translator.platforms.athena.renders.athena_cti import AthenaCTI
+from app.translator.platforms.carbonblack.renders.carbonblack_cti import CarbonBlackCTI
+from app.translator.platforms.chronicle.parsers.chronicle import ChronicleParser
+from app.translator.platforms.chronicle.parsers.chronicle_rule import ChronicleRuleParser
+from app.translator.platforms.chronicle.renders.chronicle import ChronicleQueryRender
+from app.translator.platforms.chronicle.renders.chronicle_cti import ChronicleQueryCTI
+from app.translator.platforms.chronicle.renders.chronicle_rule import ChronicleSecurityRuleRender
+from app.translator.platforms.crowdstrike.parsers.crowdstrike import CrowdStrikeParser
+from app.translator.platforms.crowdstrike.renders.crowdstrike import CrowdStrikeQueryRender
+from app.translator.platforms.crowdstrike.renders.crowdstrike_cti import CrowdStrikeCTI
+from app.translator.platforms.elasticsearch.parsers.detection_rule import ElasticSearchRuleParser
+from app.translator.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchParser
+from app.translator.platforms.elasticsearch.renders.detection_rule import ElasticSearchRuleRender
+from app.translator.platforms.elasticsearch.renders.elast_alert import ElastAlertRuleRender
+from app.translator.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender
+from app.translator.platforms.elasticsearch.renders.elasticsearch_cti import ElasticsearchCTI
+from app.translator.platforms.elasticsearch.renders.kibana import KibanaRuleRender
+from app.translator.platforms.elasticsearch.renders.xpack_watcher import XPackWatcherRuleRender
+from app.translator.platforms.fireeye_helix.renders.fireeye_helix_cti import FireeyeHelixCTI
+from app.translator.platforms.graylog.renders.graylog_cti import GraylogCTI
+from app.translator.platforms.logpoint.renders.logpoint_cti import LogpointCTI
+from app.translator.platforms.logscale.parsers.logscale import LogScaleParser
+from app.translator.platforms.logscale.parsers.logscale_alert import LogScaleAlertParser
+from app.translator.platforms.logscale.renders.logscale_cti import LogScaleCTI
+from app.translator.platforms.logscale.renders.logscale import LogScaleQueryRender
+from app.translator.platforms.logscale.renders.logscale_alert import LogScaleAlertRender
+from app.translator.platforms.microsoft.parsers.microsoft_defender import MicrosoftDefenderQueryParser
+from app.translator.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftParser
+from app.translator.platforms.microsoft.parsers.microsoft_sentinel_rule import MicrosoftRuleParser
+from app.translator.platforms.microsoft.renders.microsoft_defender import MicrosoftDefenderQueryRender
+from app.translator.platforms.microsoft.renders.microsoft_defender_cti import MicrosoftDefenderCTI
+from app.translator.platforms.microsoft.renders.microsoft_sentinel import MicrosoftSentinelQueryRender
+from app.translator.platforms.microsoft.renders.microsoft_sentinel_cti import MicrosoftSentinelCTI
+from app.translator.platforms.microsoft.renders.microsoft_sentinel_rule import MicrosoftSentinelRuleRender
+from app.translator.platforms.opensearch.parsers.opensearch import OpenSearchParser
+from app.translator.platforms.opensearch.renders.opensearch import OpenSearchQueryRender
+from app.translator.platforms.opensearch.renders.opensearch_cti import OpenSearchCTI
+from app.translator.platforms.opensearch.renders.opensearch_rule import OpenSearchRuleRender
+from app.translator.platforms.qradar.parsers.qradar import QradarParser
+from app.translator.platforms.qradar.renders.qradar import QradarQueryRender
+from app.translator.platforms.qradar.renders.qradar_cti import QRadarCTI
+from app.translator.platforms.qualys.renders.qualys_cti import QualysCTI
+from app.translator.platforms.rsa_netwitness.renders.rsa_netwitness_cti import RSANetwitnessCTI
+from app.translator.platforms.securonix.renders.securonix_cti import SecuronixCTI
+from app.translator.platforms.sentinel_one.renders.s1_cti import S1EventsCTI
+from app.translator.platforms.sigma.parsers.sigma import SigmaParser
+from app.translator.platforms.sigma.renders.sigma import SigmaRender
+from app.translator.platforms.snowflake.renders.snowflake_cti import SnowflakeCTI
+from app.translator.platforms.splunk.parsers.splunk import SplunkParser
+from app.translator.platforms.splunk.parsers.splunk_alert import SplunkAlertParser
+from app.translator.platforms.splunk.renders.splunk import SplunkQueryRender
+from app.translator.platforms.splunk.renders.splunk_alert import SplunkAlertRender
+from app.translator.platforms.splunk.renders.splunk_cti import SplunkCTI
+from app.translator.platforms.sumo_logic.renders.sumologic_cti import SumologicCTI
+
+__ALL_RENDERS = (
+    SigmaRender(),
+    MicrosoftSentinelQueryRender(),
+    MicrosoftSentinelRuleRender(),
+    MicrosoftDefenderQueryRender(),
+    QradarQueryRender(),
+    CrowdStrikeQueryRender(),
+    SplunkQueryRender(),
+    SplunkAlertRender(),
+    ChronicleQueryRender(),
+    ChronicleSecurityRuleRender(),
+    AthenaQueryRender(),
+    ElasticSearchQueryRender(),
+    LogScaleQueryRender(),
+    LogScaleAlertRender(),
+    ElasticSearchRuleRender(),
+    ElastAlertRuleRender(),
+    KibanaRuleRender(),
+    XPackWatcherRuleRender(),
+    OpenSearchQueryRender(),
+    OpenSearchRuleRender()
+)
+
+__ALL_PARSERS = (
+    AthenaParser(),
+    ChronicleParser(),
+    ChronicleRuleParser(),
+    SplunkParser(),
+    SplunkAlertParser(),
+    SigmaParser(),
+    QradarParser(),
+    MicrosoftParser(),
+    MicrosoftRuleParser(),
+    MicrosoftDefenderQueryParser(),
+    CrowdStrikeParser(),
+    LogScaleParser(),
+    LogScaleAlertParser(),
+    ElasticSearchParser(),
+    ElasticSearchRuleParser(),
+    OpenSearchParser()
+)
+
+
+__ALL_RENDERS_CTI = (
+        MicrosoftSentinelCTI(),
+        MicrosoftDefenderCTI(),
+        QRadarCTI(),
+        SplunkCTI(),
+        ChronicleQueryCTI(),
+        CrowdStrikeCTI(),
+        SumologicCTI(),
+        ElasticsearchCTI(),
+        LogScaleCTI(),
+        OpenSearchCTI(),
+        FireeyeHelixCTI(),
+        CarbonBlackCTI(),
+        GraylogCTI(),
+        LogpointCTI(),
+        QualysCTI(),
+        RSANetwitnessCTI(),
+        S1EventsCTI(),
+        SecuronixCTI(),
+        SnowflakeCTI(),
+        AthenaCTI()
+)
diff --git a/siem-converter/app/converter/platforms/athena/parsers/__init__.py b/translator/app/translator/platforms/athena/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/athena/parsers/__init__.py
rename to translator/app/translator/platforms/athena/__init__.py
diff --git a/siem-converter/app/converter/platforms/athena/const.py b/translator/app/translator/platforms/athena/const.py
similarity index 79%
rename from siem-converter/app/converter/platforms/athena/const.py
rename to translator/app/translator/platforms/athena/const.py
index 408768d4..57e31338 100644
--- a/siem-converter/app/converter/platforms/athena/const.py
+++ b/translator/app/translator/platforms/athena/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 ATHENA_QUERY_DETAILS = {
     "siem_type": "athena-sql-query",
diff --git a/siem-converter/app/converter/platforms/athena/mapping.py b/translator/app/translator/platforms/athena/mapping.py
similarity index 93%
rename from siem-converter/app/converter/platforms/athena/mapping.py
rename to translator/app/translator/platforms/athena/mapping.py
index 1a604111..1fab53a9 100644
--- a/siem-converter/app/converter/platforms/athena/mapping.py
+++ b/translator/app/translator/platforms/athena/mapping.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class AthenaLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/athena/renders/__init__.py b/translator/app/translator/platforms/athena/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/athena/renders/__init__.py
rename to translator/app/translator/platforms/athena/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/athena/mappings/athena_cti.py b/translator/app/translator/platforms/athena/mappings/athena_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/athena/mappings/athena_cti.py
rename to translator/app/translator/platforms/athena/mappings/athena_cti.py
diff --git a/siem-converter/app/converter/platforms/base/__init__.py b/translator/app/translator/platforms/athena/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/base/__init__.py
rename to translator/app/translator/platforms/athena/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/athena/parsers/athena.py b/translator/app/translator/platforms/athena/parsers/athena.py
similarity index 83%
rename from siem-converter/app/converter/platforms/athena/parsers/athena.py
rename to translator/app/translator/platforms/athena/parsers/athena.py
index e6309d96..addf1280 100644
--- a/siem-converter/app/converter/platforms/athena/parsers/athena.py
+++ b/translator/app/translator/platforms/athena/parsers/athena.py
@@ -19,12 +19,12 @@
 import re
 from typing import List, Tuple, Dict, Optional
 
-from app.converter.platforms.athena.const import athena_details
-from app.converter.platforms.athena.mapping import athena_mappings, AthenaMappings
-from app.converter.platforms.athena.tokenizer import AthenaTokenizer
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.parser import Parser
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.athena.const import athena_details
+from app.translator.platforms.athena.mapping import athena_mappings, AthenaMappings
+from app.translator.platforms.athena.tokenizer import AthenaTokenizer
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.parser import Parser
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class AthenaParser(Parser):
diff --git a/siem-converter/app/converter/platforms/base/lucene/__init__.py b/translator/app/translator/platforms/athena/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/base/lucene/__init__.py
rename to translator/app/translator/platforms/athena/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/athena/renders/athena.py b/translator/app/translator/platforms/athena/renders/athena.py
similarity index 86%
rename from siem-converter/app/converter/platforms/athena/renders/athena.py
rename to translator/app/translator/platforms/athena/renders/athena.py
index cf9b3dc3..add893cb 100644
--- a/siem-converter/app/converter/platforms/athena/renders/athena.py
+++ b/translator/app/translator/platforms/athena/renders/athena.py
@@ -17,12 +17,12 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.athena.const import athena_details
-from app.converter.platforms.athena.mapping import AthenaMappings, athena_mappings
-from app.converter.core.exceptions.render import UnsupportedRenderMethod
-from app.converter.core.mapping import LogSourceSignature
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render import BaseQueryRender, BaseQueryFieldValue
+from app.translator.platforms.athena.const import athena_details
+from app.translator.platforms.athena.mapping import AthenaMappings, athena_mappings
+from app.translator.core.exceptions.render import UnsupportedRenderMethod
+from app.translator.core.mapping import LogSourceSignature
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render import BaseQueryRender, BaseQueryFieldValue
 
 
 class AthenaFieldValue(BaseQueryFieldValue):
diff --git a/siem-converter/app/converter/platforms/athena/renders/athena_cti.py b/translator/app/translator/platforms/athena/renders/athena_cti.py
similarity index 80%
rename from siem-converter/app/converter/platforms/athena/renders/athena_cti.py
rename to translator/app/translator/platforms/athena/renders/athena_cti.py
index f1da0734..a9dc198a 100644
--- a/siem-converter/app/converter/platforms/athena/renders/athena_cti.py
+++ b/translator/app/translator/platforms/athena/renders/athena_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.athena.const import athena_details
-from app.converter.platforms.athena.mappings.athena_cti import DEFAULT_ATHENA_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.athena.const import athena_details
+from app.translator.platforms.athena.mappings.athena_cti import DEFAULT_ATHENA_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class AthenaCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/athena/tokenizer.py b/translator/app/translator/platforms/athena/tokenizer.py
similarity index 93%
rename from siem-converter/app/converter/platforms/athena/tokenizer.py
rename to translator/app/translator/platforms/athena/tokenizer.py
index 8debdd11..52c28a2d 100644
--- a/siem-converter/app/converter/platforms/athena/tokenizer.py
+++ b/translator/app/translator/platforms/athena/tokenizer.py
@@ -19,10 +19,10 @@
 import re
 from typing import Tuple, Any
 
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.tokenizer import QueryTokenizer
-from app.converter.core.custom_types.tokens import OperatorType
-from app.converter.tools.utils import get_match_group
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.tokenizer import QueryTokenizer
+from app.translator.core.custom_types.tokens import OperatorType
+from app.translator.tools.utils import get_match_group
 
 
 class AthenaTokenizer(QueryTokenizer):
diff --git a/siem-converter/app/converter/platforms/base/lucene/parsers/__init__.py b/translator/app/translator/platforms/base/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/base/lucene/parsers/__init__.py
rename to translator/app/translator/platforms/base/__init__.py
diff --git a/siem-converter/app/converter/platforms/base/lucene/renders/__init__.py b/translator/app/translator/platforms/base/lucene/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/base/lucene/renders/__init__.py
rename to translator/app/translator/platforms/base/lucene/__init__.py
diff --git a/siem-converter/app/converter/platforms/base/lucene/mapping.py b/translator/app/translator/platforms/base/lucene/mapping.py
similarity index 93%
rename from siem-converter/app/converter/platforms/base/lucene/mapping.py
rename to translator/app/translator/platforms/base/lucene/mapping.py
index d44700fa..47a099f9 100644
--- a/siem-converter/app/converter/platforms/base/lucene/mapping.py
+++ b/translator/app/translator/platforms/base/lucene/mapping.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class LuceneLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/base/spl/__init__.py b/translator/app/translator/platforms/base/lucene/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/base/spl/__init__.py
rename to translator/app/translator/platforms/base/lucene/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/base/lucene/parsers/lucene.py b/translator/app/translator/platforms/base/lucene/parsers/lucene.py
similarity index 92%
rename from siem-converter/app/converter/platforms/base/lucene/parsers/lucene.py
rename to translator/app/translator/platforms/base/lucene/parsers/lucene.py
index d0c51284..d4beb65a 100644
--- a/siem-converter/app/converter/platforms/base/lucene/parsers/lucene.py
+++ b/translator/app/translator/platforms/base/lucene/parsers/lucene.py
@@ -19,9 +19,9 @@
 import re
 from typing import List, Tuple, Dict
 
-from app.converter.platforms.base.lucene.tokenizer import LuceneTokenizer
-from app.converter.core.parser import Parser
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.base.lucene.tokenizer import LuceneTokenizer
+from app.translator.core.parser import Parser
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class LuceneParser(Parser):
diff --git a/siem-converter/app/converter/platforms/base/spl/parsers/__init__.py b/translator/app/translator/platforms/base/lucene/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/base/spl/parsers/__init__.py
rename to translator/app/translator/platforms/base/lucene/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/base/lucene/renders/lucene.py b/translator/app/translator/platforms/base/lucene/renders/lucene.py
similarity index 96%
rename from siem-converter/app/converter/platforms/base/lucene/renders/lucene.py
rename to translator/app/translator/platforms/base/lucene/renders/lucene.py
index 3f73d180..558c57dc 100644
--- a/siem-converter/app/converter/platforms/base/lucene/renders/lucene.py
+++ b/translator/app/translator/platforms/base/lucene/renders/lucene.py
@@ -18,8 +18,8 @@
 """
 from typing import Union
 
-from app.converter.core.render import BaseQueryRender
-from app.converter.core.render import BaseQueryFieldValue
+from app.translator.core.render import BaseQueryRender
+from app.translator.core.render import BaseQueryFieldValue
 
 
 class LuceneFieldValue(BaseQueryFieldValue):
@@ -78,4 +78,3 @@ class LuceneQueryRender(BaseQueryRender):
 
     def generate_prefix(self, logsource: dict) -> str:
         return ""
-
diff --git a/siem-converter/app/converter/platforms/base/lucene/tokenizer.py b/translator/app/translator/platforms/base/lucene/tokenizer.py
similarity index 91%
rename from siem-converter/app/converter/platforms/base/lucene/tokenizer.py
rename to translator/app/translator/platforms/base/lucene/tokenizer.py
index d48acfb5..5497ab8b 100644
--- a/siem-converter/app/converter/platforms/base/lucene/tokenizer.py
+++ b/translator/app/translator/platforms/base/lucene/tokenizer.py
@@ -19,13 +19,13 @@
 
 from typing import Tuple, Union, List, Any
 
-from app.converter.core.exceptions.parser import TokenizerGeneralException
-from app.converter.core.mixins.logic import ANDLogicOperatorMixin
-from app.converter.core.models.field import Keyword, Field
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.tokenizer import QueryTokenizer
-from app.converter.core.custom_types.tokens import OperatorType
-from app.converter.tools.utils import get_match_group
+from app.translator.core.exceptions.parser import TokenizerGeneralException
+from app.translator.core.mixins.logic import ANDLogicOperatorMixin
+from app.translator.core.models.field import Keyword, Field
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.tokenizer import QueryTokenizer
+from app.translator.core.custom_types.tokens import OperatorType
+from app.translator.tools.utils import get_match_group
 
 
 class LuceneTokenizer(QueryTokenizer, ANDLogicOperatorMixin):
diff --git a/siem-converter/app/converter/platforms/base/spl/renders/__init__.py b/translator/app/translator/platforms/base/spl/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/base/spl/renders/__init__.py
rename to translator/app/translator/platforms/base/spl/__init__.py
diff --git a/translator/app/translator/platforms/base/spl/functions/__init__.py b/translator/app/translator/platforms/base/spl/functions/__init__.py
new file mode 100644
index 00000000..2f361b5f
--- /dev/null
+++ b/translator/app/translator/platforms/base/spl/functions/__init__.py
@@ -0,0 +1,41 @@
+import re
+
+from app.translator.core.exceptions.functions import NotSupportedFunctionException, InvalidFunctionSignature
+from app.translator.core.functions import PlatformFunctions
+from app.translator.core.models.functions.base import ParsedFunctions
+from app.translator.platforms.base.spl.functions.const import SplFunctionType
+from app.translator.platforms.base.spl.functions.manager import SplFunctionsManager
+
+
+class SplFunctions(PlatformFunctions):
+    manager = SplFunctionsManager()
+
+    @staticmethod
+    def prepare_query(query: str):
+        if query.startswith(SplFunctionType.search):
+            query = re.sub(SplFunctionType.search, "", query, 1)
+        return query
+
+    def parse(self, query: str) -> tuple[str, ParsedFunctions]:
+        parsed = []
+        not_supported = []
+        invalid = []
+        functions = query.split(self.function_delimiter)
+        result_query = self.prepare_query(functions[0])
+        for func in functions[1:]:
+            split_func = func.strip().split(' ')
+            func_name, func_body = split_func[0], " ".join(split_func[1:])
+            if func_parser := self.manager.get_parser(self.manager.get_generic_func_name(func_name)):
+                try:
+                    parsed.append(func_parser.parse(func_body))
+                except NotSupportedFunctionException:
+                    not_supported.append(func)
+                except InvalidFunctionSignature:
+                    invalid.append(func)
+            else:
+                not_supported.append(func)
+        return result_query, ParsedFunctions(
+            functions=parsed,
+            not_supported=[self.wrap_function_with_delimiter(func) for func in not_supported],
+            invalid=invalid
+        )
diff --git a/translator/app/translator/platforms/base/spl/functions/const.py b/translator/app/translator/platforms/base/spl/functions/const.py
new file mode 100644
index 00000000..2a0f6726
--- /dev/null
+++ b/translator/app/translator/platforms/base/spl/functions/const.py
@@ -0,0 +1,18 @@
+from app.translator.tools.custom_enum import CustomEnum
+
+
+class SplFunctionType(CustomEnum):
+    avg = "avg"
+    count = "count"
+    max = "max"
+    min = "min"
+    search = "search"
+    sort = "sort"
+    stats = "stats"
+    sum = "sum"
+    table = "table"
+
+
+class SplSortOrderType(CustomEnum):
+    asc = "+"
+    desc = "-"
diff --git a/translator/app/translator/platforms/base/spl/functions/manager.py b/translator/app/translator/platforms/base/spl/functions/manager.py
new file mode 100644
index 00000000..fa6ba755
--- /dev/null
+++ b/translator/app/translator/platforms/base/spl/functions/manager.py
@@ -0,0 +1,13 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from app.translator.core.functions import PlatformFunctionsManager
+
+if TYPE_CHECKING:
+    from app.translator.platforms.base.spl.renders.spl import SplQueryRender
+
+
+class SplFunctionsManager(PlatformFunctionsManager):
+    def init_search_func_render(self, platform_render: SplQueryRender) -> None:
+        pass
diff --git a/siem-converter/app/converter/platforms/carbonblack/__init__.py b/translator/app/translator/platforms/base/spl/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/carbonblack/__init__.py
rename to translator/app/translator/platforms/base/spl/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/base/spl/parsers/spl.py b/translator/app/translator/platforms/base/spl/parsers/spl.py
similarity index 76%
rename from siem-converter/app/converter/platforms/base/spl/parsers/spl.py
rename to translator/app/translator/platforms/base/spl/parsers/spl.py
index 834d612f..a02be306 100644
--- a/siem-converter/app/converter/platforms/base/spl/parsers/spl.py
+++ b/translator/app/translator/platforms/base/spl/parsers/spl.py
@@ -19,15 +19,13 @@
 import re
 from typing import Tuple, List, Dict, Optional
 
-from app.converter.platforms.base.spl.tokenizer import SplTokenizer
-from app.converter.core.models.functions.types import ParsedFunctions
-from app.converter.core.parser import Parser
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.core.models.functions.base import ParsedFunctions
+from app.translator.platforms.base.spl.tokenizer import SplTokenizer
+from app.translator.core.parser import Parser
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class SplParser(Parser):
-    siem_functions = None
-
     log_source_pattern = r"___source_type___\s*=\s*(?:\"(?P<d_q_value>[%a-zA-Z_*:0-9\-/]+)\"|(?P<value>[%a-zA-Z_*:0-9\-/]+))(?:\s+(?:and|or)\s+|\s+)?"
     log_source_key_types = ("index", "source", "sourcetype", "sourcecategory")
 
@@ -48,20 +46,10 @@ def _parse_log_sources(self, query: str) -> Tuple[Dict[str, List[str]], str]:
 
         return log_sources, query
 
-    def _parse_functions(self, query: str) -> Tuple[ParsedFunctions, str]:
-        if search_result := re.search(r"\|(.+?)$", query):
-            parsed_functions = self.siem_functions.parse(search_result.group().strip(" |"))
-            pos_start = search_result.start()
-            pos_end = search_result.end()
-            query = query[:pos_start] + query[pos_end:]
-            return parsed_functions, query.strip(" ")
-
-        return ParsedFunctions(), query
-
     def _parse_query(self, query: str) -> Tuple[Dict[str, List[str]], ParsedFunctions, str]:
         query = query.strip()
         log_sources, query = self._parse_log_sources(query)
-        functions, query = self._parse_functions(query)
+        query, functions = self.platform_functions.parse(query)
         return log_sources, functions, query
 
     @staticmethod
@@ -73,6 +61,7 @@ def _get_meta_info(source_mapping_ids: List[str], meta_info: Optional[dict]) ->
     def parse(self, text: str) -> SiemContainer:
         log_sources, functions, query = self._parse_query(text)
         tokens, source_mappings = self.get_tokens_and_source_mappings(query, log_sources)
+        self.set_functions_fields_generic_names(functions=functions, source_mappings=source_mappings)
 
         return SiemContainer(
             query=tokens,
diff --git a/siem-converter/app/converter/platforms/carbonblack/mappings/__init__.py b/translator/app/translator/platforms/base/spl/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/carbonblack/mappings/__init__.py
rename to translator/app/translator/platforms/base/spl/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/base/spl/renders/spl.py b/translator/app/translator/platforms/base/spl/renders/spl.py
similarity index 93%
rename from siem-converter/app/converter/platforms/base/spl/renders/spl.py
rename to translator/app/translator/platforms/base/spl/renders/spl.py
index b9dafb54..cfcb7732 100644
--- a/siem-converter/app/converter/platforms/base/spl/renders/spl.py
+++ b/translator/app/translator/platforms/base/spl/renders/spl.py
@@ -17,8 +17,8 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.core.exceptions.render import UnsupportedRenderMethod
-from app.converter.core.render import BaseQueryRender, BaseQueryFieldValue
+from app.translator.core.exceptions.render import UnsupportedRenderMethod
+from app.translator.core.render import BaseQueryRender, BaseQueryFieldValue
 
 
 class SplFieldValue(BaseQueryFieldValue):
diff --git a/siem-converter/app/converter/platforms/base/spl/tokenizer.py b/translator/app/translator/platforms/base/spl/tokenizer.py
similarity index 87%
rename from siem-converter/app/converter/platforms/base/spl/tokenizer.py
rename to translator/app/translator/platforms/base/spl/tokenizer.py
index f4f2f127..348b34cf 100644
--- a/siem-converter/app/converter/platforms/base/spl/tokenizer.py
+++ b/translator/app/translator/platforms/base/spl/tokenizer.py
@@ -19,12 +19,12 @@
 import re
 from typing import Tuple, Any, List, Union
 
-from app.converter.core.mixins.logic import ANDLogicOperatorMixin
-from app.converter.core.models.field import Field, Keyword
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.tokenizer import QueryTokenizer
-from app.converter.core.custom_types.tokens import OperatorType
-from app.converter.tools.utils import get_match_group
+from app.translator.core.mixins.logic import ANDLogicOperatorMixin
+from app.translator.core.models.field import Field, Keyword
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.tokenizer import QueryTokenizer
+from app.translator.core.custom_types.tokens import OperatorType
+from app.translator.tools.utils import get_match_group
 
 
 class SplTokenizer(QueryTokenizer, ANDLogicOperatorMixin):
diff --git a/siem-converter/app/converter/platforms/carbonblack/renders/__init__.py b/translator/app/translator/platforms/carbonblack/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/carbonblack/renders/__init__.py
rename to translator/app/translator/platforms/carbonblack/__init__.py
diff --git a/siem-converter/app/converter/platforms/carbonblack/const.py b/translator/app/translator/platforms/carbonblack/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/carbonblack/const.py
rename to translator/app/translator/platforms/carbonblack/const.py
diff --git a/siem-converter/app/converter/platforms/chronicle/__init__.py b/translator/app/translator/platforms/carbonblack/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/chronicle/__init__.py
rename to translator/app/translator/platforms/carbonblack/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/carbonblack/mappings/carbonblack_cti.py b/translator/app/translator/platforms/carbonblack/mappings/carbonblack_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/carbonblack/mappings/carbonblack_cti.py
rename to translator/app/translator/platforms/carbonblack/mappings/carbonblack_cti.py
diff --git a/siem-converter/app/converter/platforms/chronicle/mappings/__init__.py b/translator/app/translator/platforms/carbonblack/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/chronicle/mappings/__init__.py
rename to translator/app/translator/platforms/carbonblack/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/carbonblack/renders/carbonblack_cti.py b/translator/app/translator/platforms/carbonblack/renders/carbonblack_cti.py
similarity index 78%
rename from siem-converter/app/converter/platforms/carbonblack/renders/carbonblack_cti.py
rename to translator/app/translator/platforms/carbonblack/renders/carbonblack_cti.py
index 97db6d54..9c0a34c7 100644
--- a/siem-converter/app/converter/platforms/carbonblack/renders/carbonblack_cti.py
+++ b/translator/app/translator/platforms/carbonblack/renders/carbonblack_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.carbonblack.const import CARBON_BLACK_QUERY_DETAILS
-from app.converter.platforms.carbonblack.mappings.carbonblack_cti import DEFAULT_CARBONBLACK_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.carbonblack.const import CARBON_BLACK_QUERY_DETAILS
+from app.translator.platforms.carbonblack.mappings.carbonblack_cti import DEFAULT_CARBONBLACK_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class CarbonBlackCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/chronicle/parsers/__init__.py b/translator/app/translator/platforms/chronicle/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/chronicle/parsers/__init__.py
rename to translator/app/translator/platforms/chronicle/__init__.py
diff --git a/siem-converter/app/converter/platforms/chronicle/const.py b/translator/app/translator/platforms/chronicle/const.py
similarity index 93%
rename from siem-converter/app/converter/platforms/chronicle/const.py
rename to translator/app/translator/platforms/chronicle/const.py
index 5842e515..8abab83e 100644
--- a/siem-converter/app/converter/platforms/chronicle/const.py
+++ b/translator/app/translator/platforms/chronicle/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 DEFAULT_CHRONICLE_SECURITY_RULE = """rule <title_place_holder> {
  meta:
diff --git a/siem-converter/app/converter/platforms/chronicle/mapping.py b/translator/app/translator/platforms/chronicle/mapping.py
similarity index 88%
rename from siem-converter/app/converter/platforms/chronicle/mapping.py
rename to translator/app/translator/platforms/chronicle/mapping.py
index 381528a8..1b2c8bc6 100644
--- a/siem-converter/app/converter/platforms/chronicle/mapping.py
+++ b/translator/app/translator/platforms/chronicle/mapping.py
@@ -1,6 +1,6 @@
 from typing import List
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class ChronicleLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/chronicle/renders/__init__.py b/translator/app/translator/platforms/chronicle/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/chronicle/renders/__init__.py
rename to translator/app/translator/platforms/chronicle/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/chronicle/mappings/chronicle_cti.py b/translator/app/translator/platforms/chronicle/mappings/chronicle_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/chronicle/mappings/chronicle_cti.py
rename to translator/app/translator/platforms/chronicle/mappings/chronicle_cti.py
diff --git a/siem-converter/app/converter/platforms/crowdstrike/__init__.py b/translator/app/translator/platforms/chronicle/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/crowdstrike/__init__.py
rename to translator/app/translator/platforms/chronicle/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/chronicle/parsers/chronicle.py b/translator/app/translator/platforms/chronicle/parsers/chronicle.py
similarity index 75%
rename from siem-converter/app/converter/platforms/chronicle/parsers/chronicle.py
rename to translator/app/translator/platforms/chronicle/parsers/chronicle.py
index 9ab4b12d..48e49b0f 100644
--- a/siem-converter/app/converter/platforms/chronicle/parsers/chronicle.py
+++ b/translator/app/translator/platforms/chronicle/parsers/chronicle.py
@@ -18,12 +18,12 @@
 
 from typing import List
 
-from app.converter.platforms.chronicle.const import chronicle_query_details
-from app.converter.platforms.chronicle.mapping import chronicle_mappings, ChronicleMappings
-from app.converter.platforms.chronicle.tokenizer import ChronicleQueryTokenizer
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.parser import Parser
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.chronicle.const import chronicle_query_details
+from app.translator.platforms.chronicle.mapping import chronicle_mappings, ChronicleMappings
+from app.translator.platforms.chronicle.tokenizer import ChronicleQueryTokenizer
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.parser import Parser
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class ChronicleParser(Parser):
diff --git a/siem-converter/app/converter/platforms/chronicle/parsers/chronicle_rule.py b/translator/app/translator/platforms/chronicle/parsers/chronicle_rule.py
similarity index 88%
rename from siem-converter/app/converter/platforms/chronicle/parsers/chronicle_rule.py
rename to translator/app/translator/platforms/chronicle/parsers/chronicle_rule.py
index fc08dfe7..02b703c9 100644
--- a/siem-converter/app/converter/platforms/chronicle/parsers/chronicle_rule.py
+++ b/translator/app/translator/platforms/chronicle/parsers/chronicle_rule.py
@@ -19,13 +19,13 @@
 import re
 from typing import List, Dict
 
-from app.converter.platforms.chronicle.const import chronicle_rule_details
-from app.converter.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings
-from app.converter.platforms.chronicle.tokenizer import ChronicleRuleTokenizer
-from app.converter.core.exceptions.parser import TokenizerGeneralException
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.parser import Parser
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.chronicle.const import chronicle_rule_details
+from app.translator.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings
+from app.translator.platforms.chronicle.tokenizer import ChronicleRuleTokenizer
+from app.translator.core.exceptions.parser import TokenizerGeneralException
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.parser import Parser
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class ChronicleRuleParser(Parser):
diff --git a/siem-converter/app/converter/platforms/crowdstrike/mappings/__init__.py b/translator/app/translator/platforms/chronicle/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/crowdstrike/mappings/__init__.py
rename to translator/app/translator/platforms/chronicle/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/chronicle/renders/chronicle.py b/translator/app/translator/platforms/chronicle/renders/chronicle.py
similarity index 81%
rename from siem-converter/app/converter/platforms/chronicle/renders/chronicle.py
rename to translator/app/translator/platforms/chronicle/renders/chronicle.py
index d3c3b9dc..609bb076 100644
--- a/siem-converter/app/converter/platforms/chronicle/renders/chronicle.py
+++ b/translator/app/translator/platforms/chronicle/renders/chronicle.py
@@ -16,12 +16,15 @@
 limitations under the License.
 -----------------------------------------------------------------
 """
+from typing import List
 
-from app.converter.platforms.chronicle.const import chronicle_query_details
-from app.converter.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings
-from app.converter.core.exceptions.render import UnsupportedRenderMethod
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render import BaseQueryRender, BaseQueryFieldValue
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.functions.base import Function
+from app.translator.platforms.chronicle.const import chronicle_query_details
+from app.translator.platforms.chronicle.mapping import ChronicleMappings, chronicle_mappings
+from app.translator.core.exceptions.render import UnsupportedRenderMethod
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render import BaseQueryRender, BaseQueryFieldValue
 
 
 class ChronicleFieldValue(BaseQueryFieldValue):
@@ -77,5 +80,5 @@ class ChronicleQueryRender(BaseQueryRender):
     def generate_prefix(self, logsource: dict):
         return ""
 
-    def generate_functions(self, functions: list):
+    def generate_functions(self, functions: List[Function], source_mapping: SourceMapping) -> str:
         return ""
diff --git a/siem-converter/app/converter/platforms/chronicle/renders/chronicle_cti.py b/translator/app/translator/platforms/chronicle/renders/chronicle_cti.py
similarity index 79%
rename from siem-converter/app/converter/platforms/chronicle/renders/chronicle_cti.py
rename to translator/app/translator/platforms/chronicle/renders/chronicle_cti.py
index 0a4ada79..1c70a85c 100644
--- a/siem-converter/app/converter/platforms/chronicle/renders/chronicle_cti.py
+++ b/translator/app/translator/platforms/chronicle/renders/chronicle_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.chronicle.const import chronicle_query_details
-from app.converter.platforms.chronicle.mappings.chronicle_cti import DEFAULT_CHRONICLE_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.chronicle.const import chronicle_query_details
+from app.translator.platforms.chronicle.mappings.chronicle_cti import DEFAULT_CHRONICLE_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class ChronicleQueryCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/chronicle/renders/chronicle_rule.py b/translator/app/translator/platforms/chronicle/renders/chronicle_rule.py
similarity index 88%
rename from siem-converter/app/converter/platforms/chronicle/renders/chronicle_rule.py
rename to translator/app/translator/platforms/chronicle/renders/chronicle_rule.py
index 2a7bd928..8bd3256b 100644
--- a/siem-converter/app/converter/platforms/chronicle/renders/chronicle_rule.py
+++ b/translator/app/translator/platforms/chronicle/renders/chronicle_rule.py
@@ -19,12 +19,12 @@
 
 import re
 
-from app.converter.platforms.chronicle.renders.chronicle import ChronicleFieldValue, ChronicleQueryRender
-from app.converter.platforms.chronicle.const import DEFAULT_CHRONICLE_SECURITY_RULE, chronicle_rule_details
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.tools.utils import concatenate_str, get_author_str
+from app.translator.platforms.chronicle.renders.chronicle import ChronicleFieldValue, ChronicleQueryRender
+from app.translator.platforms.chronicle.const import DEFAULT_CHRONICLE_SECURITY_RULE, chronicle_rule_details
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.tools.utils import concatenate_str, get_author_str
 
 _AUTOGENERATED_TITLE = "Autogenerated Chronicle Security rule"
 _AUTOGENERATED_DESCRIPTION = "Autogenerated Chronicle Security rule."
@@ -83,9 +83,9 @@ def prepare_title(title: str) -> str:
         new_title = new_title.strip("_")
         return new_title
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None) -> str:
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         rule = DEFAULT_CHRONICLE_SECURITY_RULE.replace("<query_placeholder>", query)
         rule = rule.replace("<title_place_holder>", self.prepare_title(meta_info.title) or _AUTOGENERATED_TITLE)
         description = meta_info.description or _AUTOGENERATED_DESCRIPTION
diff --git a/siem-converter/app/converter/platforms/chronicle/tokenizer.py b/translator/app/translator/platforms/chronicle/tokenizer.py
similarity index 94%
rename from siem-converter/app/converter/platforms/chronicle/tokenizer.py
rename to translator/app/translator/platforms/chronicle/tokenizer.py
index 618d0704..e545e793 100644
--- a/siem-converter/app/converter/platforms/chronicle/tokenizer.py
+++ b/translator/app/translator/platforms/chronicle/tokenizer.py
@@ -19,10 +19,10 @@
 import re
 from typing import Tuple, Any
 
-from app.converter.core.exceptions.parser import TokenizerGeneralException
-from app.converter.core.tokenizer import QueryTokenizer
-from app.converter.core.custom_types.tokens import OperatorType
-from app.converter.tools.utils import get_match_group
+from app.translator.core.exceptions.parser import TokenizerGeneralException
+from app.translator.core.tokenizer import QueryTokenizer
+from app.translator.core.custom_types.tokens import OperatorType
+from app.translator.tools.utils import get_match_group
 
 
 class ChronicleQueryTokenizer(QueryTokenizer):
diff --git a/siem-converter/app/converter/platforms/crowdstrike/parsers/__init__.py b/translator/app/translator/platforms/crowdstrike/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/crowdstrike/parsers/__init__.py
rename to translator/app/translator/platforms/crowdstrike/__init__.py
diff --git a/siem-converter/app/converter/platforms/crowdstrike/const.py b/translator/app/translator/platforms/crowdstrike/const.py
similarity index 79%
rename from siem-converter/app/converter/platforms/crowdstrike/const.py
rename to translator/app/translator/platforms/crowdstrike/const.py
index 2bf38d1f..51dd0c94 100644
--- a/siem-converter/app/converter/platforms/crowdstrike/const.py
+++ b/translator/app/translator/platforms/crowdstrike/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 CROWDSTRIKE_QUERY_DETAILS = {
     "siem_type": "crowdstrike-spl-query",
diff --git a/translator/app/translator/platforms/crowdstrike/functions/__init__.py b/translator/app/translator/platforms/crowdstrike/functions/__init__.py
new file mode 100644
index 00000000..f94e10bc
--- /dev/null
+++ b/translator/app/translator/platforms/crowdstrike/functions/__init__.py
@@ -0,0 +1,8 @@
+from app.translator.platforms.base.spl.functions import SplFunctions
+
+
+class CrowdStrikeFunctions(SplFunctions):
+    pass
+
+
+crowd_strike_functions = CrowdStrikeFunctions()
diff --git a/siem-converter/app/converter/platforms/crowdstrike/mapping.py b/translator/app/translator/platforms/crowdstrike/mapping.py
similarity index 93%
rename from siem-converter/app/converter/platforms/crowdstrike/mapping.py
rename to translator/app/translator/platforms/crowdstrike/mapping.py
index 9f9c4f53..d120e178 100644
--- a/siem-converter/app/converter/platforms/crowdstrike/mapping.py
+++ b/translator/app/translator/platforms/crowdstrike/mapping.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class CrowdStrikeLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/crowdstrike/renders/__init__.py b/translator/app/translator/platforms/crowdstrike/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/crowdstrike/renders/__init__.py
rename to translator/app/translator/platforms/crowdstrike/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/crowdstrike/mappings/crowdstrike_cti.py b/translator/app/translator/platforms/crowdstrike/mappings/crowdstrike_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/crowdstrike/mappings/crowdstrike_cti.py
rename to translator/app/translator/platforms/crowdstrike/mappings/crowdstrike_cti.py
diff --git a/siem-converter/app/converter/platforms/elasticsearch/__init__.py b/translator/app/translator/platforms/crowdstrike/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/elasticsearch/__init__.py
rename to translator/app/translator/platforms/crowdstrike/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/crowdstrike/parsers/crowdstrike.py b/translator/app/translator/platforms/crowdstrike/parsers/crowdstrike.py
similarity index 68%
rename from siem-converter/app/converter/platforms/crowdstrike/parsers/crowdstrike.py
rename to translator/app/translator/platforms/crowdstrike/parsers/crowdstrike.py
index 0c13b434..8555f495 100644
--- a/siem-converter/app/converter/platforms/crowdstrike/parsers/crowdstrike.py
+++ b/translator/app/translator/platforms/crowdstrike/parsers/crowdstrike.py
@@ -15,10 +15,11 @@
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 -----------------------------------------------------------------
 """
-from app.converter.platforms.base.spl.parsers.spl import SplParser
-from app.converter.platforms.crowdstrike.const import crowdstrike_query_details
-from app.converter.platforms.crowdstrike.mapping import CrowdstrikeMappings, crowdstrike_mappings
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.base.spl.parsers.spl import SplParser
+from app.translator.platforms.crowdstrike.const import crowdstrike_query_details
+from app.translator.platforms.crowdstrike.functions import CrowdStrikeFunctions, crowd_strike_functions
+from app.translator.platforms.crowdstrike.mapping import CrowdstrikeMappings, crowdstrike_mappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class CrowdStrikeParser(SplParser):
@@ -28,3 +29,4 @@ class CrowdStrikeParser(SplParser):
     log_source_key_types = ("event_simpleName",)
 
     mappings: CrowdstrikeMappings = crowdstrike_mappings
+    platform_functions: CrowdStrikeFunctions = crowd_strike_functions
diff --git a/siem-converter/app/converter/platforms/elasticsearch/mappings/__init__.py b/translator/app/translator/platforms/crowdstrike/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/elasticsearch/mappings/__init__.py
rename to translator/app/translator/platforms/crowdstrike/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/crowdstrike/renders/crowdstrike.py b/translator/app/translator/platforms/crowdstrike/renders/crowdstrike.py
similarity index 64%
rename from siem-converter/app/converter/platforms/crowdstrike/renders/crowdstrike.py
rename to translator/app/translator/platforms/crowdstrike/renders/crowdstrike.py
index 67a342fe..3dcfe60c 100644
--- a/siem-converter/app/converter/platforms/crowdstrike/renders/crowdstrike.py
+++ b/translator/app/translator/platforms/crowdstrike/renders/crowdstrike.py
@@ -16,10 +16,11 @@
 limitations under the License.
 -----------------------------------------------------------------
 """
-from app.converter.platforms.base.spl.renders.spl import SplFieldValue, SplQueryRender
-from app.converter.platforms.crowdstrike.const import crowdstrike_query_details
-from app.converter.platforms.crowdstrike.mapping import CrowdstrikeMappings, crowdstrike_mappings
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.base.spl.renders.spl import SplFieldValue, SplQueryRender
+from app.translator.platforms.crowdstrike.const import crowdstrike_query_details
+from app.translator.platforms.crowdstrike.functions import CrowdStrikeFunctions, crowd_strike_functions
+from app.translator.platforms.crowdstrike.mapping import CrowdstrikeMappings, crowdstrike_mappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class CrowdStrikeFieldValue(SplFieldValue):
@@ -30,7 +31,12 @@ class CrowdStrikeQueryRender(SplQueryRender):
     details: PlatformDetails = crowdstrike_query_details
     query_pattern = "{prefix} {query} {functions}"
     mappings: CrowdstrikeMappings = crowdstrike_mappings
+    platform_functions: CrowdStrikeFunctions = crowd_strike_functions
 
     or_token = "OR"
     field_value_map = CrowdStrikeFieldValue(or_token=or_token)
     comment_symbol = '`'
+
+    def __init__(self):
+        super().__init__()
+        self.platform_functions.manager.init_search_func_render(self)
diff --git a/siem-converter/app/converter/platforms/crowdstrike/renders/crowdstrike_cti.py b/translator/app/translator/platforms/crowdstrike/renders/crowdstrike_cti.py
similarity index 78%
rename from siem-converter/app/converter/platforms/crowdstrike/renders/crowdstrike_cti.py
rename to translator/app/translator/platforms/crowdstrike/renders/crowdstrike_cti.py
index dc7f5f8d..5d5a330f 100644
--- a/siem-converter/app/converter/platforms/crowdstrike/renders/crowdstrike_cti.py
+++ b/translator/app/translator/platforms/crowdstrike/renders/crowdstrike_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.crowdstrike.const import crowdstrike_query_details
-from app.converter.platforms.crowdstrike.mappings.crowdstrike_cti import DEFAULT_CROWDSTRIKE_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.crowdstrike.const import crowdstrike_query_details
+from app.translator.platforms.crowdstrike.mappings.crowdstrike_cti import DEFAULT_CROWDSTRIKE_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class CrowdStrikeCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/elasticsearch/parsers/__init__.py b/translator/app/translator/platforms/elasticsearch/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/elasticsearch/parsers/__init__.py
rename to translator/app/translator/platforms/elasticsearch/__init__.py
diff --git a/siem-converter/app/converter/platforms/elasticsearch/const.py b/translator/app/translator/platforms/elasticsearch/const.py
similarity index 98%
rename from siem-converter/app/converter/platforms/elasticsearch/const.py
rename to translator/app/translator/platforms/elasticsearch/const.py
index a733e8af..74fed68b 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/const.py
+++ b/translator/app/translator/platforms/elasticsearch/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 PLATFORM_DETAILS = {
     "group_id": "elk stack",
diff --git a/siem-converter/app/converter/platforms/elasticsearch/mapping.py b/translator/app/translator/platforms/elasticsearch/mapping.py
similarity index 65%
rename from siem-converter/app/converter/platforms/elasticsearch/mapping.py
rename to translator/app/translator/platforms/elasticsearch/mapping.py
index 4ac3efd6..6c71ab29 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/mapping.py
+++ b/translator/app/translator/platforms/elasticsearch/mapping.py
@@ -1,4 +1,4 @@
-from app.converter.platforms.base.lucene.mapping import LuceneMappings
+from app.translator.platforms.base.lucene.mapping import LuceneMappings
 
 
 class ElasticSearchMappings(LuceneMappings):
diff --git a/siem-converter/app/converter/platforms/elasticsearch/renders/__init__.py b/translator/app/translator/platforms/elasticsearch/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/elasticsearch/renders/__init__.py
rename to translator/app/translator/platforms/elasticsearch/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/elasticsearch/mappings/elasticsearch_cti_cti.py b/translator/app/translator/platforms/elasticsearch/mappings/elasticsearch_cti_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/elasticsearch/mappings/elasticsearch_cti_cti.py
rename to translator/app/translator/platforms/elasticsearch/mappings/elasticsearch_cti_cti.py
diff --git a/siem-converter/app/converter/platforms/fireeye_helix/__init__.py b/translator/app/translator/platforms/elasticsearch/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/fireeye_helix/__init__.py
rename to translator/app/translator/platforms/elasticsearch/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/elasticsearch/parsers/detection_rule.py b/translator/app/translator/platforms/elasticsearch/parsers/detection_rule.py
similarity index 83%
rename from siem-converter/app/converter/platforms/elasticsearch/parsers/detection_rule.py
rename to translator/app/translator/platforms/elasticsearch/parsers/detection_rule.py
index b8e7d6b1..cdd544af 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/parsers/detection_rule.py
+++ b/translator/app/translator/platforms/elasticsearch/parsers/detection_rule.py
@@ -18,11 +18,11 @@
 
 from typing import List, Dict
 
-from app.converter.platforms.elasticsearch.const import elasticsearch_rule_details
-from app.converter.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchParser
-from app.converter.core.mixins.rule import JsonRuleMixin
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.elasticsearch.const import elasticsearch_rule_details
+from app.translator.platforms.elasticsearch.parsers.elasticsearch import ElasticSearchParser
+from app.translator.core.mixins.rule import JsonRuleMixin
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class ElasticSearchRuleParser(ElasticSearchParser, JsonRuleMixin):
diff --git a/siem-converter/app/converter/platforms/elasticsearch/parsers/elasticsearch.py b/translator/app/translator/platforms/elasticsearch/parsers/elasticsearch.py
similarity index 72%
rename from siem-converter/app/converter/platforms/elasticsearch/parsers/elasticsearch.py
rename to translator/app/translator/platforms/elasticsearch/parsers/elasticsearch.py
index 9dfa84f6..a0da165b 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/parsers/elasticsearch.py
+++ b/translator/app/translator/platforms/elasticsearch/parsers/elasticsearch.py
@@ -16,10 +16,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.base.lucene.parsers.lucene import LuceneParser
-from app.converter.platforms.elasticsearch.const import elasticsearch_lucene_query_details
-from app.converter.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.base.lucene.parsers.lucene import LuceneParser
+from app.translator.platforms.elasticsearch.const import elasticsearch_lucene_query_details
+from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class ElasticSearchParser(LuceneParser):
diff --git a/siem-converter/app/converter/platforms/fireeye_helix/mappings/__init__.py b/translator/app/translator/platforms/elasticsearch/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/fireeye_helix/mappings/__init__.py
rename to translator/app/translator/platforms/elasticsearch/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/elasticsearch/renders/detection_rule.py b/translator/app/translator/platforms/elasticsearch/renders/detection_rule.py
similarity index 82%
rename from siem-converter/app/converter/platforms/elasticsearch/renders/detection_rule.py
rename to translator/app/translator/platforms/elasticsearch/renders/detection_rule.py
index 20495889..9232dbbe 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/renders/detection_rule.py
+++ b/translator/app/translator/platforms/elasticsearch/renders/detection_rule.py
@@ -21,14 +21,14 @@
 import json
 from typing import Union
 
-from app.converter.platforms.elasticsearch.const import ELASTICSEARCH_DETECTION_RULE, elasticsearch_rule_details
-from app.converter.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
-from app.converter.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender, ElasticSearchFieldValue
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.tools.utils import concatenate_str, get_mitre_attack_str
-from app.converter.core.mitre import MitreConfig
+from app.translator.platforms.elasticsearch.const import ELASTICSEARCH_DETECTION_RULE, elasticsearch_rule_details
+from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
+from app.translator.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender, ElasticSearchFieldValue
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.tools.utils import concatenate_str, get_mitre_attack_str
+from app.translator.core.mitre import MitreConfig
 
 
 class ElasticSearchRuleFieldValue(ElasticSearchFieldValue):
@@ -87,13 +87,11 @@ def __create_mitre_threat(self, mitre_attack: dict) -> Union[list, list[dict]]:
 
         return threat
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None):
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         rule = copy.deepcopy(ELASTICSEARCH_DETECTION_RULE)
         description = meta_info.description or rule["description"]
-        mitre_attack_str = get_mitre_attack_str(meta_info.mitre_attack)
-        description = concatenate_str(description, mitre_attack_str)
 
         rule.update({
             "query": query,
diff --git a/siem-converter/app/converter/platforms/elasticsearch/renders/elast_alert.py b/translator/app/translator/platforms/elasticsearch/renders/elast_alert.py
similarity index 76%
rename from siem-converter/app/converter/platforms/elasticsearch/renders/elast_alert.py
rename to translator/app/translator/platforms/elasticsearch/renders/elast_alert.py
index ecc2021d..1a17b86e 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/renders/elast_alert.py
+++ b/translator/app/translator/platforms/elasticsearch/renders/elast_alert.py
@@ -17,13 +17,13 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.elasticsearch.const import ELASTICSEARCH_ALERT, elastalert_details
-from app.converter.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
-from app.converter.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender, ElasticSearchFieldValue
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.tools.utils import get_rule_description_str
+from app.translator.platforms.elasticsearch.const import ELASTICSEARCH_ALERT, elastalert_details
+from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
+from app.translator.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender, ElasticSearchFieldValue
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.tools.utils import get_rule_description_str
 
 
 SEVERITIES_MAP = {"informational": "5", "low": "4", "medium": "3", "high": "2", "critical": "1"}
@@ -44,9 +44,9 @@ class ElastAlertRuleRender(ElasticSearchQueryRender):
     field_value_map = ElasticAlertRuleFieldValue(or_token=or_token)
     query_pattern = "{prefix} {query} {functions}"
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None):
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         rule = ELASTICSEARCH_ALERT.replace("<query_placeholder>", query)
         rule = rule.replace(
             "<description_place_holder>",
diff --git a/siem-converter/app/converter/platforms/elasticsearch/renders/elasticsearch.py b/translator/app/translator/platforms/elasticsearch/renders/elasticsearch.py
similarity index 78%
rename from siem-converter/app/converter/platforms/elasticsearch/renders/elasticsearch.py
rename to translator/app/translator/platforms/elasticsearch/renders/elasticsearch.py
index 0d21cc8c..ef4447d8 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/renders/elasticsearch.py
+++ b/translator/app/translator/platforms/elasticsearch/renders/elasticsearch.py
@@ -18,10 +18,10 @@
 """
 from typing import Union
 
-from app.converter.platforms.base.lucene.renders.lucene import LuceneQueryRender, LuceneFieldValue
-from app.converter.platforms.elasticsearch.const import elasticsearch_lucene_query_details
-from app.converter.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.base.lucene.renders.lucene import LuceneQueryRender, LuceneFieldValue
+from app.translator.platforms.elasticsearch.const import elasticsearch_lucene_query_details
+from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class ElasticSearchFieldValue(LuceneFieldValue):
diff --git a/siem-converter/app/converter/platforms/elasticsearch/renders/elasticsearch_cti.py b/translator/app/translator/platforms/elasticsearch/renders/elasticsearch_cti.py
similarity index 77%
rename from siem-converter/app/converter/platforms/elasticsearch/renders/elasticsearch_cti.py
rename to translator/app/translator/platforms/elasticsearch/renders/elasticsearch_cti.py
index ddee131e..7f5bd011 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/renders/elasticsearch_cti.py
+++ b/translator/app/translator/platforms/elasticsearch/renders/elasticsearch_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.elasticsearch.const import elasticsearch_lucene_query_details
-from app.converter.platforms.elasticsearch.mappings.elasticsearch_cti_cti import DEFAULT_ELASTICSEARCH_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.elasticsearch.const import elasticsearch_lucene_query_details
+from app.translator.platforms.elasticsearch.mappings.elasticsearch_cti_cti import DEFAULT_ELASTICSEARCH_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class ElasticsearchCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/elasticsearch/renders/kibana.py b/translator/app/translator/platforms/elasticsearch/renders/kibana.py
similarity index 77%
rename from siem-converter/app/converter/platforms/elasticsearch/renders/kibana.py
rename to translator/app/translator/platforms/elasticsearch/renders/kibana.py
index 2cec1bfa..18ddcc52 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/renders/kibana.py
+++ b/translator/app/translator/platforms/elasticsearch/renders/kibana.py
@@ -20,13 +20,13 @@
 import copy
 import json
 
-from app.converter.platforms.elasticsearch.const import KIBANA_SEARCH_SOURCE_JSON, KIBANA_RULE, kibana_rule_details
-from app.converter.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
-from app.converter.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender, ElasticSearchFieldValue
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.tools.utils import get_rule_description_str
+from app.translator.platforms.elasticsearch.const import KIBANA_SEARCH_SOURCE_JSON, KIBANA_RULE, kibana_rule_details
+from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
+from app.translator.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender, ElasticSearchFieldValue
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.tools.utils import get_rule_description_str
 
 
 class KibanaFieldValue(ElasticSearchFieldValue):
@@ -39,9 +39,9 @@ class KibanaRuleRender(ElasticSearchQueryRender):
     or_token = "OR"
     field_value_map = KibanaFieldValue(or_token=or_token)
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None):
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         search_source = copy.deepcopy(KIBANA_SEARCH_SOURCE_JSON)
         search_source["query"]["query_string"]["query"] = query
         dumped_rule = json.dumps(search_source, sort_keys=False)
diff --git a/siem-converter/app/converter/platforms/elasticsearch/renders/xpack_watcher.py b/translator/app/translator/platforms/elasticsearch/renders/xpack_watcher.py
similarity index 80%
rename from siem-converter/app/converter/platforms/elasticsearch/renders/xpack_watcher.py
rename to translator/app/translator/platforms/elasticsearch/renders/xpack_watcher.py
index fa91f58c..eed269d6 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/renders/xpack_watcher.py
+++ b/translator/app/translator/platforms/elasticsearch/renders/xpack_watcher.py
@@ -20,13 +20,13 @@
 import copy
 import json
 
-from app.converter.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
-from app.converter.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender, ElasticSearchFieldValue
-from app.converter.platforms.elasticsearch.const import XPACK_WATCHER_RULE, xpack_watcher_details
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.tools.utils import get_rule_description_str
+from app.translator.platforms.elasticsearch.mapping import ElasticSearchMappings, elasticsearch_mappings
+from app.translator.platforms.elasticsearch.renders.elasticsearch import ElasticSearchQueryRender, ElasticSearchFieldValue
+from app.translator.platforms.elasticsearch.const import XPACK_WATCHER_RULE, xpack_watcher_details
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.tools.utils import get_rule_description_str
 
 
 class XpackWatcherRuleFieldValue(ElasticSearchFieldValue):
@@ -39,9 +39,9 @@ class XPackWatcherRuleRender(ElasticSearchQueryRender):
     or_token = "OR"
     field_value_map = XpackWatcherRuleFieldValue(or_token=or_token)
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None):
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         rule = copy.deepcopy(XPACK_WATCHER_RULE)
         rule["metadata"].update({
             "query": query,
diff --git a/siem-converter/app/converter/platforms/elasticsearch/tokenizer.py b/translator/app/translator/platforms/elasticsearch/tokenizer.py
similarity index 91%
rename from siem-converter/app/converter/platforms/elasticsearch/tokenizer.py
rename to translator/app/translator/platforms/elasticsearch/tokenizer.py
index ca070eb4..fec8fdd1 100644
--- a/siem-converter/app/converter/platforms/elasticsearch/tokenizer.py
+++ b/translator/app/translator/platforms/elasticsearch/tokenizer.py
@@ -15,7 +15,7 @@
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 -----------------------------------------------------------------
 """
-from app.converter.platforms.base.lucene.tokenizer import LuceneTokenizer
+from app.translator.platforms.base.lucene.tokenizer import LuceneTokenizer
 
 
 class ElasticSearchTokenizer(LuceneTokenizer):
diff --git a/siem-converter/app/converter/platforms/fireeye_helix/renders/__init__.py b/translator/app/translator/platforms/fireeye_helix/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/fireeye_helix/renders/__init__.py
rename to translator/app/translator/platforms/fireeye_helix/__init__.py
diff --git a/siem-converter/app/converter/platforms/fireeye_helix/const.py b/translator/app/translator/platforms/fireeye_helix/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/fireeye_helix/const.py
rename to translator/app/translator/platforms/fireeye_helix/const.py
diff --git a/siem-converter/app/converter/platforms/graylog/__init__.py b/translator/app/translator/platforms/fireeye_helix/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/graylog/__init__.py
rename to translator/app/translator/platforms/fireeye_helix/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/fireeye_helix/mappings/fireeye_helix.py b/translator/app/translator/platforms/fireeye_helix/mappings/fireeye_helix.py
similarity index 100%
rename from siem-converter/app/converter/platforms/fireeye_helix/mappings/fireeye_helix.py
rename to translator/app/translator/platforms/fireeye_helix/mappings/fireeye_helix.py
diff --git a/siem-converter/app/converter/platforms/graylog/mappings/__init__.py b/translator/app/translator/platforms/fireeye_helix/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/graylog/mappings/__init__.py
rename to translator/app/translator/platforms/fireeye_helix/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/fireeye_helix/renders/fireeye_helix_cti.py b/translator/app/translator/platforms/fireeye_helix/renders/fireeye_helix_cti.py
similarity index 78%
rename from siem-converter/app/converter/platforms/fireeye_helix/renders/fireeye_helix_cti.py
rename to translator/app/translator/platforms/fireeye_helix/renders/fireeye_helix_cti.py
index 79c1cfb1..536ca16b 100644
--- a/siem-converter/app/converter/platforms/fireeye_helix/renders/fireeye_helix_cti.py
+++ b/translator/app/translator/platforms/fireeye_helix/renders/fireeye_helix_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.fireeye_helix.const import FIREEYE_HELIX_QUERY_DETAILS
-from app.converter.platforms.fireeye_helix.mappings.fireeye_helix import DEFAULT_FIREEYE_HELIX_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.fireeye_helix.const import FIREEYE_HELIX_QUERY_DETAILS
+from app.translator.platforms.fireeye_helix.mappings.fireeye_helix import DEFAULT_FIREEYE_HELIX_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class FireeyeHelixCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/graylog/renders/__init__.py b/translator/app/translator/platforms/graylog/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/graylog/renders/__init__.py
rename to translator/app/translator/platforms/graylog/__init__.py
diff --git a/siem-converter/app/converter/platforms/graylog/const.py b/translator/app/translator/platforms/graylog/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/graylog/const.py
rename to translator/app/translator/platforms/graylog/const.py
diff --git a/siem-converter/app/converter/platforms/logpoint/__init__.py b/translator/app/translator/platforms/graylog/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logpoint/__init__.py
rename to translator/app/translator/platforms/graylog/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/graylog/mappings/graylog_cti.py b/translator/app/translator/platforms/graylog/mappings/graylog_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/graylog/mappings/graylog_cti.py
rename to translator/app/translator/platforms/graylog/mappings/graylog_cti.py
diff --git a/siem-converter/app/converter/platforms/logpoint/mappings/__init__.py b/translator/app/translator/platforms/graylog/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logpoint/mappings/__init__.py
rename to translator/app/translator/platforms/graylog/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/graylog/renders/graylog_cti.py b/translator/app/translator/platforms/graylog/renders/graylog_cti.py
similarity index 80%
rename from siem-converter/app/converter/platforms/graylog/renders/graylog_cti.py
rename to translator/app/translator/platforms/graylog/renders/graylog_cti.py
index 97100e9f..c44dfdd9 100644
--- a/siem-converter/app/converter/platforms/graylog/renders/graylog_cti.py
+++ b/translator/app/translator/platforms/graylog/renders/graylog_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.graylog.const import GRAYLOG_QUERY_DETAILS
-from app.converter.platforms.graylog.mappings.graylog_cti import DEFAULT_GRAYLOG_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.graylog.const import GRAYLOG_QUERY_DETAILS
+from app.translator.platforms.graylog.mappings.graylog_cti import DEFAULT_GRAYLOG_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class GraylogCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/logpoint/renders/__init__.py b/translator/app/translator/platforms/logpoint/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logpoint/renders/__init__.py
rename to translator/app/translator/platforms/logpoint/__init__.py
diff --git a/siem-converter/app/converter/platforms/logpoint/const.py b/translator/app/translator/platforms/logpoint/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logpoint/const.py
rename to translator/app/translator/platforms/logpoint/const.py
diff --git a/siem-converter/app/converter/platforms/logscale/__init__.py b/translator/app/translator/platforms/logpoint/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logscale/__init__.py
rename to translator/app/translator/platforms/logpoint/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/logpoint/mappings/logpoint_cti.py b/translator/app/translator/platforms/logpoint/mappings/logpoint_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logpoint/mappings/logpoint_cti.py
rename to translator/app/translator/platforms/logpoint/mappings/logpoint_cti.py
diff --git a/siem-converter/app/converter/platforms/logscale/mappings/__init__.py b/translator/app/translator/platforms/logpoint/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logscale/mappings/__init__.py
rename to translator/app/translator/platforms/logpoint/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/logpoint/renders/logpoint_cti.py b/translator/app/translator/platforms/logpoint/renders/logpoint_cti.py
similarity index 79%
rename from siem-converter/app/converter/platforms/logpoint/renders/logpoint_cti.py
rename to translator/app/translator/platforms/logpoint/renders/logpoint_cti.py
index 389844fe..452b58c2 100644
--- a/siem-converter/app/converter/platforms/logpoint/renders/logpoint_cti.py
+++ b/translator/app/translator/platforms/logpoint/renders/logpoint_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.logpoint.const import LOGPOINT_QUERY_DETAILS
-from app.converter.platforms.logpoint.mappings.logpoint_cti import DEFAULT_LOGPOINT_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.logpoint.const import LOGPOINT_QUERY_DETAILS
+from app.translator.platforms.logpoint.mappings.logpoint_cti import DEFAULT_LOGPOINT_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class LogpointCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/logscale/parsers/__init__.py b/translator/app/translator/platforms/logscale/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logscale/parsers/__init__.py
rename to translator/app/translator/platforms/logscale/__init__.py
diff --git a/siem-converter/app/converter/platforms/logscale/const.py b/translator/app/translator/platforms/logscale/const.py
similarity index 91%
rename from siem-converter/app/converter/platforms/logscale/const.py
rename to translator/app/translator/platforms/logscale/const.py
index aa064a2f..6c801e25 100644
--- a/siem-converter/app/converter/platforms/logscale/const.py
+++ b/translator/app/translator/platforms/logscale/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 DEFAULT_LOGSCALE_ALERT = {
     "name": "",
diff --git a/translator/app/translator/platforms/logscale/functions/__init__.py b/translator/app/translator/platforms/logscale/functions/__init__.py
new file mode 100644
index 00000000..2024a4f7
--- /dev/null
+++ b/translator/app/translator/platforms/logscale/functions/__init__.py
@@ -0,0 +1,46 @@
+import re
+
+from app.translator.core.exceptions.functions import NotSupportedFunctionException, InvalidFunctionSignature
+from app.translator.core.functions import PlatformFunctions
+from app.translator.core.models.functions.base import ParsedFunctions
+from app.translator.platforms.logscale.functions.const import LogScaleFunctionType
+from app.translator.platforms.logscale.functions.manager import LogScaleFunctionsManager
+
+
+class LogScaleFunctions(PlatformFunctions):
+    manager = LogScaleFunctionsManager()
+
+    def parse(self, query: str) -> tuple[ParsedFunctions, str]:
+        parsed = []
+        not_supported = []
+        invalid = []
+        functions = query.split(self.function_delimiter)
+        query_part = ""
+        for i, func in enumerate(functions):
+            if not (func_name_match := re.search(r"(?P<func_name>[a-zA-Z:]+)\(", func)):
+                if i == 0:
+                    query_part = func
+                    continue
+
+                func = f"{LogScaleFunctionType.search}({func})"
+                func_name_match = re.search(r"(?P<func_name>[a-zA-Z:]+)\(", func)
+            func_name = func_name_match.group("func_name")
+            func = func.strip()
+            func_body = func[len(func_name)+1:len(func)-1]
+            if func_parser := self.manager.get_parser(self.manager.get_generic_func_name(func_name)):
+                try:
+                    parsed.append(func_parser.parse(func_body))
+                except NotSupportedFunctionException:
+                    not_supported.append(func)
+                except InvalidFunctionSignature:
+                    invalid.append(func)
+            else:
+                not_supported.append(func)
+        return ParsedFunctions(
+            not_supported=[self.wrap_function_with_delimiter(func) for func in not_supported],
+            functions=parsed,
+            invalid=invalid
+        ), query_part
+
+
+log_scale_functions = LogScaleFunctions()
diff --git a/translator/app/translator/platforms/logscale/functions/const.py b/translator/app/translator/platforms/logscale/functions/const.py
new file mode 100644
index 00000000..904b3143
--- /dev/null
+++ b/translator/app/translator/platforms/logscale/functions/const.py
@@ -0,0 +1,14 @@
+
+from app.translator.tools.custom_enum import CustomEnum
+
+
+class LogScaleFunctionType(CustomEnum):
+    avg = "avg"
+    count = "count"
+    group_by = "groupBy"
+    max = "max"
+    min = "min"
+    search = "search"
+    sort = "sort"
+    sum = "sum"
+    table = "table"
diff --git a/translator/app/translator/platforms/logscale/functions/manager.py b/translator/app/translator/platforms/logscale/functions/manager.py
new file mode 100644
index 00000000..2bb2279f
--- /dev/null
+++ b/translator/app/translator/platforms/logscale/functions/manager.py
@@ -0,0 +1,13 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from app.translator.core.functions import PlatformFunctionsManager
+
+if TYPE_CHECKING:
+    from app.translator.platforms.logscale.renders.logscale import LogScaleQueryRender
+
+
+class LogScaleFunctionsManager(PlatformFunctionsManager):
+    def init_search_func_render(self, platform_render: LogScaleQueryRender) -> None:
+        pass
diff --git a/siem-converter/app/converter/platforms/logscale/mapping.py b/translator/app/translator/platforms/logscale/mapping.py
similarity index 62%
rename from siem-converter/app/converter/platforms/logscale/mapping.py
rename to translator/app/translator/platforms/logscale/mapping.py
index 2561614c..e3fe80d4 100644
--- a/siem-converter/app/converter/platforms/logscale/mapping.py
+++ b/translator/app/translator/platforms/logscale/mapping.py
@@ -1,16 +1,24 @@
-from typing import List, Optional
+from typing import List
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class LogScaleLogSourceSignature(LogSourceSignature):
+
+    def __init__(self, default_source: dict = None):
+        self._default_source = default_source or {}
+
     def __str__(self) -> str:
-        return ""
+        return " ".join((f"{key}={value}" for key, value in self._default_source.items() if value))
+
+    def is_suitable(self):
+        ...
 
 
 class LogScaleMappings(BasePlatformMappings):
     def prepare_log_source_signature(self, mapping: dict) -> LogScaleLogSourceSignature:
-        return
+        default_log_source = mapping.get("default_log_source")
+        return LogScaleLogSourceSignature(default_source=default_log_source)
 
     def get_suitable_source_mappings(self, field_names: List[str]) -> List[SourceMapping]:
         suitable_source_mappings = []
diff --git a/siem-converter/app/converter/platforms/logscale/renders/__init__.py b/translator/app/translator/platforms/logscale/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logscale/renders/__init__.py
rename to translator/app/translator/platforms/logscale/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/logscale/mappings/logscale_cti.py b/translator/app/translator/platforms/logscale/mappings/logscale_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/logscale/mappings/logscale_cti.py
rename to translator/app/translator/platforms/logscale/mappings/logscale_cti.py
diff --git a/siem-converter/app/converter/platforms/microsoft/__init__.py b/translator/app/translator/platforms/logscale/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/microsoft/__init__.py
rename to translator/app/translator/platforms/logscale/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/logscale/parsers/logscale.py b/translator/app/translator/platforms/logscale/parsers/logscale.py
similarity index 64%
rename from siem-converter/app/converter/platforms/logscale/parsers/logscale.py
rename to translator/app/translator/platforms/logscale/parsers/logscale.py
index d7beb82a..64900dfb 100644
--- a/siem-converter/app/converter/platforms/logscale/parsers/logscale.py
+++ b/translator/app/translator/platforms/logscale/parsers/logscale.py
@@ -18,19 +18,19 @@
 
 from typing import Tuple, List
 
-from app.converter.platforms.logscale.const import logscale_query_details
-from app.converter.platforms.logscale.mapping import logscale_mappings, LogScaleMappings
-from app.converter.platforms.logscale.siem_functions import LogScaleQueryFunctions
-from app.converter.core.models.functions.types import ParsedFunctions
-from app.converter.platforms.logscale.tokenizer import LogScaleTokenizer
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.parser import Parser
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.core.models.functions.base import ParsedFunctions
+from app.translator.platforms.logscale.const import logscale_query_details
+from app.translator.platforms.logscale.mapping import logscale_mappings, LogScaleMappings
+from app.translator.platforms.logscale.functions import LogScaleFunctions, log_scale_functions
+from app.translator.platforms.logscale.tokenizer import LogScaleTokenizer
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.parser import Parser
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class LogScaleParser(Parser):
     details: PlatformDetails = logscale_query_details
-    siem_functions = LogScaleQueryFunctions()
+    platform_functions: LogScaleFunctions = log_scale_functions
     tokenizer = LogScaleTokenizer()
     mappings: LogScaleMappings = logscale_mappings
 
@@ -39,12 +39,13 @@ def _get_meta_info(source_mapping_ids: List[str], metainfo: dict) -> MetaInfoCon
         return MetaInfoContainer(source_mapping_ids=source_mapping_ids)
 
     def _parse_query(self, query: str) -> Tuple[str, ParsedFunctions]:
-        functions, splited_query = self.siem_functions.parse(query)
-        return " and ".join(splited_query), functions
+        functions, query_str = self.platform_functions.parse(query)
+        return query_str, functions
 
     def parse(self, text: str) -> SiemContainer:
         query, functions = self._parse_query(query=text)
-        tokens, source_mappings = self.get_tokens_and_source_mappings(text, {})
+        tokens, source_mappings = self.get_tokens_and_source_mappings(query, {})
+        self.set_functions_fields_generic_names(functions=functions, source_mappings=source_mappings)
         return SiemContainer(
             query=tokens,
             meta_info=self._get_meta_info([source_mapping.source_id for source_mapping in source_mappings], {}),
diff --git a/siem-converter/app/converter/platforms/logscale/parsers/logscale_alert.py b/translator/app/translator/platforms/logscale/parsers/logscale_alert.py
similarity index 84%
rename from siem-converter/app/converter/platforms/logscale/parsers/logscale_alert.py
rename to translator/app/translator/platforms/logscale/parsers/logscale_alert.py
index c2584d84..dcae7754 100644
--- a/siem-converter/app/converter/platforms/logscale/parsers/logscale_alert.py
+++ b/translator/app/translator/platforms/logscale/parsers/logscale_alert.py
@@ -18,11 +18,11 @@
 
 from typing import List
 
-from app.converter.platforms.logscale.const import logscale_alert_details
-from app.converter.platforms.logscale.parsers.logscale import LogScaleParser
-from app.converter.core.mixins.rule import JsonRuleMixin
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.logscale.const import logscale_alert_details
+from app.translator.platforms.logscale.parsers.logscale import LogScaleParser
+from app.translator.core.mixins.rule import JsonRuleMixin
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class LogScaleAlertParser(LogScaleParser, JsonRuleMixin):
diff --git a/siem-converter/app/converter/platforms/microsoft/mappings/__init__.py b/translator/app/translator/platforms/logscale/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/microsoft/mappings/__init__.py
rename to translator/app/translator/platforms/logscale/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/logscale/renders/logscale.py b/translator/app/translator/platforms/logscale/renders/logscale.py
similarity index 78%
rename from siem-converter/app/converter/platforms/logscale/renders/logscale.py
rename to translator/app/translator/platforms/logscale/renders/logscale.py
index b01ca8ce..207c4c64 100644
--- a/siem-converter/app/converter/platforms/logscale/renders/logscale.py
+++ b/translator/app/translator/platforms/logscale/renders/logscale.py
@@ -18,12 +18,13 @@
 """
 from typing import Union
 
-from app.converter.platforms.logscale.const import logscale_query_details
-from app.converter.platforms.logscale.mapping import LogScaleMappings, logscale_mappings
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.core.render import BaseQueryRender, BaseQueryFieldValue
+from app.translator.platforms.logscale.const import logscale_query_details
+from app.translator.platforms.logscale.functions import LogScaleFunctions, log_scale_functions
+from app.translator.platforms.logscale.mapping import LogScaleMappings, logscale_mappings
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.core.render import BaseQueryRender, BaseQueryFieldValue
 
 
 class LogScaleFieldValue(BaseQueryFieldValue):
@@ -68,30 +69,29 @@ def keywords(self, field, value):
 class LogScaleQueryRender(BaseQueryRender):
     details: PlatformDetails = logscale_query_details
     mappings: LogScaleMappings = logscale_mappings
+    platform_functions: LogScaleFunctions = log_scale_functions
 
     or_token = "or"
     and_token = ""
     not_token = "not"
 
     field_value_map = LogScaleFieldValue(or_token=or_token)
-    query_pattern = "{prefix} and {query} {functions}"
+    query_pattern = "{prefix} {query} {functions}"
+
+    def __init__(self):
+        super().__init__()
+        self.platform_functions.manager.init_search_func_render(self)
 
     def wrap_with_comment(self, value: str) -> str:
         return f"/* {value} */"
 
-    def generate_prefix(self, logsource: dict):
-        return ""
-
-    def generate_functions(self, functions: list):
-        if not functions:
-            return ""
-
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None) -> str:
         if prefix:
             query = self.query_pattern.format(prefix=prefix, query=query, functions=functions)
         else:
-            query = f'{query} {functions}'
+            query = f'{query} {functions.lstrip()}'
+        query = self.wrap_query_with_meta_info(meta_info=meta_info, query=query)
         if not_supported_functions:
             rendered_not_supported = self.render_not_supported_functions(not_supported_functions)
             return query + rendered_not_supported
diff --git a/siem-converter/app/converter/platforms/logscale/renders/logscale_alert.py b/translator/app/translator/platforms/logscale/renders/logscale_alert.py
similarity index 77%
rename from siem-converter/app/converter/platforms/logscale/renders/logscale_alert.py
rename to translator/app/translator/platforms/logscale/renders/logscale_alert.py
index 8621328c..2fe9d8ec 100644
--- a/siem-converter/app/converter/platforms/logscale/renders/logscale_alert.py
+++ b/translator/app/translator/platforms/logscale/renders/logscale_alert.py
@@ -20,16 +20,17 @@
 import copy
 import json
 
-from app.converter.platforms.logscale.renders.logscale import LogScaleQueryRender, LogScaleFieldValue
-from app.converter.platforms.logscale.const import DEFAULT_LOGSCALE_ALERT, logscale_alert_details
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.tools.utils import get_rule_description_str, get_mitre_attack_str
+from app.translator.platforms.logscale.renders.logscale import LogScaleQueryRender, LogScaleFieldValue
+from app.translator.platforms.logscale.const import DEFAULT_LOGSCALE_ALERT, logscale_alert_details
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.tools.utils import get_rule_description_str, get_mitre_attack_str
 
 
 _AUTOGENERATED_TITLE = "Autogenerated Falcon LogScale Alert"
 
+
 class LogScaleAlertFieldValue(LogScaleFieldValue):
     details: PlatformDetails = logscale_alert_details
 
@@ -39,9 +40,9 @@ class LogScaleAlertRender(LogScaleQueryRender):
     or_token = "or"
     field_value_map = LogScaleAlertFieldValue(or_token=or_token)
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None):
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         rule = copy.deepcopy(DEFAULT_LOGSCALE_ALERT)
         rule['query']['queryString'] = query
         rule['name'] = meta_info.title or _AUTOGENERATED_TITLE
@@ -52,8 +53,8 @@ def finalize_query(self, prefix: str, query: str, functions: str, meta_info: Met
         rule['description'] = get_rule_description_str(
             description=meta_info.description,
             license=meta_info.license,
-            mitre_attack=mitre_attack,
-            author=meta_info.author
+            author=meta_info.author,
+            mitre_attack=mitre_attack
         )
 
         json_query = json.dumps(rule, indent=4, sort_keys=False)
diff --git a/siem-converter/app/converter/platforms/logscale/renders/logscale_cti.py b/translator/app/translator/platforms/logscale/renders/logscale_cti.py
similarity index 79%
rename from siem-converter/app/converter/platforms/logscale/renders/logscale_cti.py
rename to translator/app/translator/platforms/logscale/renders/logscale_cti.py
index 50c300aa..9705366e 100644
--- a/siem-converter/app/converter/platforms/logscale/renders/logscale_cti.py
+++ b/translator/app/translator/platforms/logscale/renders/logscale_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.logscale.const import logscale_query_details
-from app.converter.platforms.logscale.mappings.logscale_cti import DEFAULT_LOGSCALE_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.logscale.const import logscale_query_details
+from app.translator.platforms.logscale.mappings.logscale_cti import DEFAULT_LOGSCALE_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class LogScaleCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/logscale/tokenizer.py b/translator/app/translator/platforms/logscale/tokenizer.py
similarity index 90%
rename from siem-converter/app/converter/platforms/logscale/tokenizer.py
rename to translator/app/translator/platforms/logscale/tokenizer.py
index cba94b07..255bc0c5 100644
--- a/siem-converter/app/converter/platforms/logscale/tokenizer.py
+++ b/translator/app/translator/platforms/logscale/tokenizer.py
@@ -19,12 +19,12 @@
 import re
 from typing import Tuple, Any, List, Union
 
-from app.converter.core.mixins.logic import ANDLogicOperatorMixin
-from app.converter.core.models.field import Keyword, Field
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.custom_types.tokens import GroupType, LogicalOperatorType, OperatorType
-from app.converter.core.tokenizer import QueryTokenizer
-from app.converter.tools.utils import get_match_group
+from app.translator.core.mixins.logic import ANDLogicOperatorMixin
+from app.translator.core.models.field import Keyword, Field
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.custom_types.tokens import GroupType, LogicalOperatorType, OperatorType
+from app.translator.core.tokenizer import QueryTokenizer
+from app.translator.tools.utils import get_match_group
 
 
 class LogScaleTokenizer(QueryTokenizer, ANDLogicOperatorMixin):
diff --git a/siem-converter/app/converter/platforms/microsoft/parsers/__init__.py b/translator/app/translator/platforms/microsoft/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/microsoft/parsers/__init__.py
rename to translator/app/translator/platforms/microsoft/__init__.py
diff --git a/siem-converter/app/converter/platforms/microsoft/const.py b/translator/app/translator/platforms/microsoft/const.py
similarity index 95%
rename from siem-converter/app/converter/platforms/microsoft/const.py
rename to translator/app/translator/platforms/microsoft/const.py
index 9e4f226b..1a489483 100644
--- a/siem-converter/app/converter/platforms/microsoft/const.py
+++ b/translator/app/translator/platforms/microsoft/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 DEFAULT_MICROSOFT_SENTINEL_RULE = {
     "displayName": "Autogenerated Microsoft Sentinel Rule",
diff --git a/translator/app/translator/platforms/microsoft/functions/__init__.py b/translator/app/translator/platforms/microsoft/functions/__init__.py
new file mode 100644
index 00000000..d2dc748a
--- /dev/null
+++ b/translator/app/translator/platforms/microsoft/functions/__init__.py
@@ -0,0 +1,56 @@
+from typing import List
+
+from app.translator.core.exceptions.functions import NotSupportedFunctionException, InvalidFunctionSignature
+from app.translator.core.functions import PlatformFunctions
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.functions.base import ParsedFunctions, Function
+from app.translator.platforms.microsoft.functions.const import KQLFunctionType
+from app.translator.platforms.microsoft.functions.manager import MicrosoftFunctionsManager
+
+
+class MicrosoftFunctions(PlatformFunctions):
+
+    def __init__(self):
+        self.manager = MicrosoftFunctionsManager()
+
+    def parse(self, query: str):
+        parsed = []
+        not_supported = []
+        invalid = []
+        split_query = query.split(self.function_delimiter)
+        table = split_query[0].strip()
+        query_parts = []
+        for func in split_query[1:]:
+            split_func = func.strip(' ').split(' ')
+            func_name, func_body = split_func[0], " ".join(split_func[1:])
+            if func_name == KQLFunctionType.where:
+                query_parts.append(func_body)
+            elif func_parser := self.manager.get_parser(self.manager.get_generic_func_name(func_name)):
+                try:
+                    parsed.append(func_parser.parse(func_body))
+                except NotSupportedFunctionException:
+                    not_supported.append(func)
+                except InvalidFunctionSignature:
+                    invalid.append(func)
+            else:
+                not_supported.append(func)
+        result_query = " and ".join(f"({query_part})" for query_part in query_parts)
+        return table, result_query, ParsedFunctions(
+            functions=parsed,
+            not_supported=[self.wrap_function_with_delimiter(func) for func in not_supported],
+            invalid=invalid
+        )
+
+    def render(self, functions: List[Function], source_mapping: SourceMapping) -> str:
+        result = ""
+        for func in functions:
+            if not (func_render := self.manager.get_render(func.name)):
+                raise NotImplementedError()
+
+            result += self.wrap_function_with_delimiter(func_render.render(func, source_mapping))
+
+        return result
+
+
+microsoft_sentinel_functions = MicrosoftFunctions()
+microsoft_defender_functions = MicrosoftFunctions()
diff --git a/translator/app/translator/platforms/microsoft/functions/const.py b/translator/app/translator/platforms/microsoft/functions/const.py
new file mode 100644
index 00000000..510d1ffc
--- /dev/null
+++ b/translator/app/translator/platforms/microsoft/functions/const.py
@@ -0,0 +1,14 @@
+from app.translator.tools.custom_enum import CustomEnum
+
+
+class KQLFunctionType(CustomEnum):
+    avg = "avg"
+    count = "count"
+    max = "max"
+    min = "min"
+    sum = "sum"
+    where = "where"
+    search = "search"
+    summarize = "summarize"
+    project = "project"
+    sort = "sort"
diff --git a/translator/app/translator/platforms/microsoft/functions/manager.py b/translator/app/translator/platforms/microsoft/functions/manager.py
new file mode 100644
index 00000000..27359d7a
--- /dev/null
+++ b/translator/app/translator/platforms/microsoft/functions/manager.py
@@ -0,0 +1,13 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from app.translator.core.functions import PlatformFunctionsManager
+
+if TYPE_CHECKING:
+    from app.translator.platforms.microsoft.renders.microsoft_sentinel import MicrosoftSentinelQueryRender
+
+
+class MicrosoftFunctionsManager(PlatformFunctionsManager):
+    def init_search_func_render(self, platform_render: MicrosoftSentinelQueryRender) -> None:
+        pass
diff --git a/siem-converter/app/converter/platforms/microsoft/mapping.py b/translator/app/translator/platforms/microsoft/mapping.py
similarity index 95%
rename from siem-converter/app/converter/platforms/microsoft/mapping.py
rename to translator/app/translator/platforms/microsoft/mapping.py
index d3b355ea..a1ffd93c 100644
--- a/siem-converter/app/converter/platforms/microsoft/mapping.py
+++ b/translator/app/translator/platforms/microsoft/mapping.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class MicrosoftSentinelLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/microsoft/renders/__init__.py b/translator/app/translator/platforms/microsoft/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/microsoft/renders/__init__.py
rename to translator/app/translator/platforms/microsoft/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/microsoft/mappings/mdatp_cti.py b/translator/app/translator/platforms/microsoft/mappings/mdatp_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/microsoft/mappings/mdatp_cti.py
rename to translator/app/translator/platforms/microsoft/mappings/mdatp_cti.py
diff --git a/siem-converter/app/converter/platforms/microsoft/mappings/microsoft_sentinel_cti.py b/translator/app/translator/platforms/microsoft/mappings/microsoft_sentinel_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/microsoft/mappings/microsoft_sentinel_cti.py
rename to translator/app/translator/platforms/microsoft/mappings/microsoft_sentinel_cti.py
diff --git a/siem-converter/app/converter/platforms/microsoft/siem_functions/__init__.py b/translator/app/translator/platforms/microsoft/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/microsoft/siem_functions/__init__.py
rename to translator/app/translator/platforms/microsoft/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/microsoft/parsers/microsoft_defender.py b/translator/app/translator/platforms/microsoft/parsers/microsoft_defender.py
similarity index 63%
rename from siem-converter/app/converter/platforms/microsoft/parsers/microsoft_defender.py
rename to translator/app/translator/platforms/microsoft/parsers/microsoft_defender.py
index bdce666d..41638907 100644
--- a/siem-converter/app/converter/platforms/microsoft/parsers/microsoft_defender.py
+++ b/translator/app/translator/platforms/microsoft/parsers/microsoft_defender.py
@@ -16,12 +16,14 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.microsoft.const import microsoft_defender_details
-from app.converter.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftParser
-from app.converter.platforms.microsoft.mapping import microsoft_defender_mappings, MicrosoftDefenderMappings
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.microsoft.const import microsoft_defender_details
+from app.translator.platforms.microsoft.functions import MicrosoftFunctions, microsoft_defender_functions
+from app.translator.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftParser
+from app.translator.platforms.microsoft.mapping import microsoft_defender_mappings, MicrosoftDefenderMappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class MicrosoftDefenderQueryParser(MicrosoftParser):
     mappings: MicrosoftDefenderMappings = microsoft_defender_mappings
     details: PlatformDetails = microsoft_defender_details
+    platform_functions: MicrosoftFunctions = microsoft_defender_functions
diff --git a/siem-converter/app/converter/platforms/microsoft/parsers/microsoft_sentinel.py b/translator/app/translator/platforms/microsoft/parsers/microsoft_sentinel.py
similarity index 64%
rename from siem-converter/app/converter/platforms/microsoft/parsers/microsoft_sentinel.py
rename to translator/app/translator/platforms/microsoft/parsers/microsoft_sentinel.py
index dac5851e..e411d815 100644
--- a/siem-converter/app/converter/platforms/microsoft/parsers/microsoft_sentinel.py
+++ b/translator/app/translator/platforms/microsoft/parsers/microsoft_sentinel.py
@@ -18,18 +18,18 @@
 
 from typing import Tuple, List, Dict
 
-from app.converter.platforms.microsoft.const import microsoft_sentinel_query_details
-from app.converter.platforms.microsoft.siem_functions.base import MicroSoftQueryFunctions
-from app.converter.platforms.microsoft.mapping import MicrosoftSentinelMappings, microsoft_sentinel_mappings
-from app.converter.platforms.microsoft.tokenizer import MicrosoftSentinelTokenizer
-from app.converter.core.models.functions.types import ParsedFunctions
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.parser import Parser
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.core.models.functions.base import ParsedFunctions
+from app.translator.platforms.microsoft.const import microsoft_sentinel_query_details
+from app.translator.platforms.microsoft.functions import MicrosoftFunctions, microsoft_sentinel_functions
+from app.translator.platforms.microsoft.mapping import MicrosoftSentinelMappings, microsoft_sentinel_mappings
+from app.translator.platforms.microsoft.tokenizer import MicrosoftSentinelTokenizer
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.parser import Parser
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class MicrosoftParser(Parser):
-    siem_functions = MicroSoftQueryFunctions()
+    platform_functions: MicrosoftFunctions = microsoft_sentinel_functions
     mappings: MicrosoftSentinelMappings = microsoft_sentinel_mappings
     tokenizer = MicrosoftSentinelTokenizer()
     details: PlatformDetails = microsoft_sentinel_query_details
@@ -39,15 +39,14 @@ def _get_meta_info(source_mapping_ids: List[str], meta_info: dict) -> MetaInfoCo
         return MetaInfoContainer(source_mapping_ids=source_mapping_ids)
 
     def _parse_query(self, query: str) -> Tuple[str, Dict[str, List[str]], ParsedFunctions]:
-        functions, split_query = self.siem_functions.parse(query)
-        table, query = split_query[0], " and ".join(split_query[1:])
-        log_sources = dict(table=[split_query[0]])
+        table, query, functions = self.platform_functions.parse(query)
+        log_sources = dict(table=[table])
         return query, log_sources, functions
 
     def parse(self, text: str) -> SiemContainer:
         query, log_sources, functions = self._parse_query(query=text)
         tokens, source_mappings = self.get_tokens_and_source_mappings(query, log_sources)
-
+        self.set_functions_fields_generic_names(functions=functions, source_mappings=source_mappings)
         return SiemContainer(
             query=tokens,
             meta_info=self._get_meta_info([source_mapping.source_id for source_mapping in source_mappings], {}),
diff --git a/siem-converter/app/converter/platforms/microsoft/parsers/microsoft_sentinel_rule.py b/translator/app/translator/platforms/microsoft/parsers/microsoft_sentinel_rule.py
similarity index 81%
rename from siem-converter/app/converter/platforms/microsoft/parsers/microsoft_sentinel_rule.py
rename to translator/app/translator/platforms/microsoft/parsers/microsoft_sentinel_rule.py
index 5b884140..af6d1984 100644
--- a/siem-converter/app/converter/platforms/microsoft/parsers/microsoft_sentinel_rule.py
+++ b/translator/app/translator/platforms/microsoft/parsers/microsoft_sentinel_rule.py
@@ -18,11 +18,11 @@
 
 from typing import List
 
-from app.converter.platforms.microsoft.const import microsoft_sentinel_rule_details
-from app.converter.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftParser
-from app.converter.core.mixins.rule import JsonRuleMixin
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.microsoft.const import microsoft_sentinel_rule_details
+from app.translator.platforms.microsoft.parsers.microsoft_sentinel import MicrosoftParser
+from app.translator.core.mixins.rule import JsonRuleMixin
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class MicrosoftRuleParser(MicrosoftParser, JsonRuleMixin):
diff --git a/siem-converter/app/converter/platforms/opensearch/__init__.py b/translator/app/translator/platforms/microsoft/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/opensearch/__init__.py
rename to translator/app/translator/platforms/microsoft/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_defender.py b/translator/app/translator/platforms/microsoft/renders/microsoft_defender.py
similarity index 68%
rename from siem-converter/app/converter/platforms/microsoft/renders/microsoft_defender.py
rename to translator/app/translator/platforms/microsoft/renders/microsoft_defender.py
index 45030b4b..912e33ba 100644
--- a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_defender.py
+++ b/translator/app/translator/platforms/microsoft/renders/microsoft_defender.py
@@ -17,11 +17,12 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.microsoft.const import microsoft_defender_details
-from app.converter.platforms.microsoft.mapping import MicrosoftDefenderMappings, microsoft_defender_mappings
-from app.converter.platforms.microsoft.renders.microsoft_sentinel import MicrosoftSentinelQueryRender, \
+from app.translator.platforms.microsoft.const import microsoft_defender_details
+from app.translator.platforms.microsoft.functions import MicrosoftFunctions, microsoft_defender_functions
+from app.translator.platforms.microsoft.mapping import MicrosoftDefenderMappings, microsoft_defender_mappings
+from app.translator.platforms.microsoft.renders.microsoft_sentinel import MicrosoftSentinelQueryRender, \
     MicrosoftSentinelFieldValue
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class MicrosoftDefenderFieldValue(MicrosoftSentinelFieldValue):
@@ -31,6 +32,7 @@ class MicrosoftDefenderFieldValue(MicrosoftSentinelFieldValue):
 class MicrosoftDefenderQueryRender(MicrosoftSentinelQueryRender):
     mappings: MicrosoftDefenderMappings = microsoft_defender_mappings
     details: PlatformDetails = microsoft_defender_details
+    platform_functions: MicrosoftFunctions = microsoft_defender_functions
     or_token = "or"
     field_value_map = MicrosoftDefenderFieldValue(or_token=or_token)
 
diff --git a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_defender_cti.py b/translator/app/translator/platforms/microsoft/renders/microsoft_defender_cti.py
similarity index 83%
rename from siem-converter/app/converter/platforms/microsoft/renders/microsoft_defender_cti.py
rename to translator/app/translator/platforms/microsoft/renders/microsoft_defender_cti.py
index 5463b716..6ce15b1b 100644
--- a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_defender_cti.py
+++ b/translator/app/translator/platforms/microsoft/renders/microsoft_defender_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.microsoft.const import microsoft_defender_details
-from app.converter.platforms.microsoft.mappings.mdatp_cti import DEFAULT_MICROSOFT_DEFENDER_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.microsoft.const import microsoft_defender_details
+from app.translator.platforms.microsoft.mappings.mdatp_cti import DEFAULT_MICROSOFT_DEFENDER_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class MicrosoftDefenderCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel.py b/translator/app/translator/platforms/microsoft/renders/microsoft_sentinel.py
similarity index 81%
rename from siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel.py
rename to translator/app/translator/platforms/microsoft/renders/microsoft_sentinel.py
index 47b4a27e..3b430aa4 100644
--- a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel.py
+++ b/translator/app/translator/platforms/microsoft/renders/microsoft_sentinel.py
@@ -18,12 +18,12 @@
 """
 from typing import Union
 
-from app.converter.platforms.microsoft.const import microsoft_sentinel_query_details
-from app.converter.platforms.microsoft.mapping import MicrosoftSentinelMappings, microsoft_sentinel_mappings
-from app.converter.core.mapping import LogSourceSignature
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render import BaseQueryRender, BaseQueryFieldValue
-from app.converter.platforms.microsoft.siem_functions.base import MicroSoftQueryFunctions
+from app.translator.platforms.microsoft.const import microsoft_sentinel_query_details
+from app.translator.platforms.microsoft.functions import MicrosoftFunctions, microsoft_sentinel_functions
+from app.translator.platforms.microsoft.mapping import MicrosoftSentinelMappings, microsoft_sentinel_mappings
+from app.translator.core.mapping import LogSourceSignature
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render import BaseQueryRender, BaseQueryFieldValue
 
 
 class MicrosoftSentinelFieldValue(BaseQueryFieldValue):
@@ -73,23 +73,22 @@ def keywords(self, field, value):
 
 class MicrosoftSentinelQueryRender(BaseQueryRender):
     details: PlatformDetails = microsoft_sentinel_query_details
+    platform_functions: MicrosoftFunctions = microsoft_sentinel_functions
 
     or_token = "or"
     and_token = "and"
     not_token = "not"
 
     field_value_map = MicrosoftSentinelFieldValue(or_token=or_token)
-    query_pattern = "{prefix} | where {query} {functions}"
+    query_pattern = "{prefix} | where {query}{functions}"
 
     mappings: MicrosoftSentinelMappings = microsoft_sentinel_mappings
     comment_symbol = "//"
     is_multi_line_comment = True
 
+    def __init__(self):
+        super().__init__()
+        self.platform_functions.manager.init_search_func_render(self)
+
     def generate_prefix(self, log_source_signature: LogSourceSignature) -> str:
         return str(log_source_signature)
-
-    def generate_functions(self, functions: list) -> str:
-        if not functions:
-            return ""
-        result = MicroSoftQueryFunctions().render(functions)
-        return result
diff --git a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel_cti.py b/translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_cti.py
similarity index 78%
rename from siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel_cti.py
rename to translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_cti.py
index d944a7a0..57efad59 100644
--- a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel_cti.py
+++ b/translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.microsoft.const import microsoft_sentinel_query_details
-from app.converter.platforms.microsoft.mappings.microsoft_sentinel_cti import DEFAULT_MICROSOFT_SENTINEL_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.microsoft.const import microsoft_sentinel_query_details
+from app.translator.platforms.microsoft.mappings.microsoft_sentinel_cti import DEFAULT_MICROSOFT_SENTINEL_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class MicrosoftSentinelCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel_rule.py b/translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py
similarity index 83%
rename from siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel_rule.py
rename to translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py
index c17ac290..d59e275d 100644
--- a/siem-converter/app/converter/platforms/microsoft/renders/microsoft_sentinel_rule.py
+++ b/translator/app/translator/platforms/microsoft/renders/microsoft_sentinel_rule.py
@@ -20,15 +20,15 @@
 import copy
 import json
 
-from app.converter.platforms.microsoft.renders.microsoft_sentinel import (
+from app.translator.platforms.microsoft.renders.microsoft_sentinel import (
     MicrosoftSentinelQueryRender,
     MicrosoftSentinelFieldValue
 )
-from app.converter.platforms.microsoft.const import DEFAULT_MICROSOFT_SENTINEL_RULE, microsoft_sentinel_rule_details
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.tools.utils import get_rule_description_str
+from app.translator.platforms.microsoft.const import DEFAULT_MICROSOFT_SENTINEL_RULE, microsoft_sentinel_rule_details
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.tools.utils import get_rule_description_str
 
 
 class MicrosoftSentinelRuleFieldValue(MicrosoftSentinelFieldValue):
@@ -52,9 +52,9 @@ def __create_mitre_threat(self, meta_info: MetaInfoContainer) -> tuple[list, lis
 
         return tactics, techniques
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None):
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         rule = copy.deepcopy(DEFAULT_MICROSOFT_SENTINEL_RULE)
         rule["query"] = query
         rule["displayName"] = meta_info.title
diff --git a/siem-converter/app/converter/platforms/opensearch/mappings/__init__.py b/translator/app/translator/platforms/microsoft/siem_functions/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/opensearch/mappings/__init__.py
rename to translator/app/translator/platforms/microsoft/siem_functions/__init__.py
diff --git a/siem-converter/app/converter/platforms/microsoft/siem_functions/base.py b/translator/app/translator/platforms/microsoft/siem_functions/base.py
similarity index 87%
rename from siem-converter/app/converter/platforms/microsoft/siem_functions/base.py
rename to translator/app/translator/platforms/microsoft/siem_functions/base.py
index 487effbc..34ae2156 100644
--- a/siem-converter/app/converter/platforms/microsoft/siem_functions/base.py
+++ b/translator/app/translator/platforms/microsoft/siem_functions/base.py
@@ -1,5 +1,5 @@
-from app.converter.core.functions import Functions
-from app.converter.core.models.functions.types import ParsedFunctions, NotSupportedFunction
+from app.translator.core.functions import Functions
+from app.translator.core.models.functions.base import ParsedFunctions, NotSupportedFunction
 
 
 class MicroSoftQueryFunctions(Functions):
diff --git a/siem-converter/app/converter/platforms/microsoft/tokenizer.py b/translator/app/translator/platforms/microsoft/tokenizer.py
similarity index 92%
rename from siem-converter/app/converter/platforms/microsoft/tokenizer.py
rename to translator/app/translator/platforms/microsoft/tokenizer.py
index e0f57842..d41a1484 100644
--- a/siem-converter/app/converter/platforms/microsoft/tokenizer.py
+++ b/translator/app/translator/platforms/microsoft/tokenizer.py
@@ -19,10 +19,10 @@
 import re
 from typing import Tuple, Any, Union
 
-from app.converter.core.mixins.operator import OperatorBasedMixin
-from app.converter.core.tokenizer import QueryTokenizer
-from app.converter.core.custom_types.tokens import OperatorType
-from app.converter.tools.utils import get_match_group
+from app.translator.core.mixins.operator import OperatorBasedMixin
+from app.translator.core.tokenizer import QueryTokenizer
+from app.translator.core.custom_types.tokens import OperatorType
+from app.translator.tools.utils import get_match_group
 
 
 class MicrosoftSentinelTokenizer(QueryTokenizer, OperatorBasedMixin):
diff --git a/siem-converter/app/converter/platforms/opensearch/parsers/__init__.py b/translator/app/translator/platforms/opensearch/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/opensearch/parsers/__init__.py
rename to translator/app/translator/platforms/opensearch/__init__.py
diff --git a/siem-converter/app/converter/platforms/opensearch/const.py b/translator/app/translator/platforms/opensearch/const.py
similarity index 97%
rename from siem-converter/app/converter/platforms/opensearch/const.py
rename to translator/app/translator/platforms/opensearch/const.py
index 9418ea32..fd35746b 100644
--- a/siem-converter/app/converter/platforms/opensearch/const.py
+++ b/translator/app/translator/platforms/opensearch/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 PLATFORM_DETAILS = {
     "group_id": "opensearch",
diff --git a/siem-converter/app/converter/platforms/opensearch/mapping.py b/translator/app/translator/platforms/opensearch/mapping.py
similarity index 63%
rename from siem-converter/app/converter/platforms/opensearch/mapping.py
rename to translator/app/translator/platforms/opensearch/mapping.py
index 0c6b9e96..57b4190d 100644
--- a/siem-converter/app/converter/platforms/opensearch/mapping.py
+++ b/translator/app/translator/platforms/opensearch/mapping.py
@@ -1,4 +1,4 @@
-from app.converter.platforms.base.lucene.mapping import LuceneMappings
+from app.translator.platforms.base.lucene.mapping import LuceneMappings
 
 
 class OpenSearchMappings(LuceneMappings):
diff --git a/siem-converter/app/converter/platforms/opensearch/renders/__init__.py b/translator/app/translator/platforms/opensearch/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/opensearch/renders/__init__.py
rename to translator/app/translator/platforms/opensearch/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/opensearch/mappings/opensearch_cti.py b/translator/app/translator/platforms/opensearch/mappings/opensearch_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/opensearch/mappings/opensearch_cti.py
rename to translator/app/translator/platforms/opensearch/mappings/opensearch_cti.py
diff --git a/siem-converter/app/converter/platforms/qradar/__init__.py b/translator/app/translator/platforms/opensearch/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qradar/__init__.py
rename to translator/app/translator/platforms/opensearch/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/opensearch/parsers/opensearch.py b/translator/app/translator/platforms/opensearch/parsers/opensearch.py
similarity index 73%
rename from siem-converter/app/converter/platforms/opensearch/parsers/opensearch.py
rename to translator/app/translator/platforms/opensearch/parsers/opensearch.py
index 5114327f..976733fa 100644
--- a/siem-converter/app/converter/platforms/opensearch/parsers/opensearch.py
+++ b/translator/app/translator/platforms/opensearch/parsers/opensearch.py
@@ -16,10 +16,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.base.lucene.parsers.lucene import LuceneParser
-from app.converter.platforms.opensearch.const import opensearch_query_details
-from app.converter.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.base.lucene.parsers.lucene import LuceneParser
+from app.translator.platforms.opensearch.const import opensearch_query_details
+from app.translator.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class OpenSearchParser(LuceneParser):
diff --git a/siem-converter/app/converter/platforms/qradar/mappings/__init__.py b/translator/app/translator/platforms/opensearch/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qradar/mappings/__init__.py
rename to translator/app/translator/platforms/opensearch/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/opensearch/renders/opensearch.py b/translator/app/translator/platforms/opensearch/renders/opensearch.py
similarity index 87%
rename from siem-converter/app/converter/platforms/opensearch/renders/opensearch.py
rename to translator/app/translator/platforms/opensearch/renders/opensearch.py
index 58d9951b..3f265044 100644
--- a/siem-converter/app/converter/platforms/opensearch/renders/opensearch.py
+++ b/translator/app/translator/platforms/opensearch/renders/opensearch.py
@@ -16,10 +16,10 @@
 limitations under the License.
 -----------------------------------------------------------------
 """
-from app.converter.platforms.base.lucene.renders.lucene import LuceneQueryRender, LuceneFieldValue
-from app.converter.platforms.opensearch.const import opensearch_query_details
-from app.converter.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.base.lucene.renders.lucene import LuceneQueryRender, LuceneFieldValue
+from app.translator.platforms.opensearch.const import opensearch_query_details
+from app.translator.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class OpenSearchFieldValue(LuceneFieldValue):
diff --git a/siem-converter/app/converter/platforms/opensearch/renders/opensearch_cti.py b/translator/app/translator/platforms/opensearch/renders/opensearch_cti.py
similarity index 79%
rename from siem-converter/app/converter/platforms/opensearch/renders/opensearch_cti.py
rename to translator/app/translator/platforms/opensearch/renders/opensearch_cti.py
index 9780f223..82657cff 100644
--- a/siem-converter/app/converter/platforms/opensearch/renders/opensearch_cti.py
+++ b/translator/app/translator/platforms/opensearch/renders/opensearch_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.opensearch.const import opensearch_query_details
-from app.converter.platforms.opensearch.mappings.opensearch_cti import DEFAULT_OPENSEARCH_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.opensearch.const import opensearch_query_details
+from app.translator.platforms.opensearch.mappings.opensearch_cti import DEFAULT_OPENSEARCH_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class OpenSearchCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/opensearch/renders/opensearch_rule.py b/translator/app/translator/platforms/opensearch/renders/opensearch_rule.py
similarity index 78%
rename from siem-converter/app/converter/platforms/opensearch/renders/opensearch_rule.py
rename to translator/app/translator/platforms/opensearch/renders/opensearch_rule.py
index 38fc8f11..4f345dcc 100644
--- a/siem-converter/app/converter/platforms/opensearch/renders/opensearch_rule.py
+++ b/translator/app/translator/platforms/opensearch/renders/opensearch_rule.py
@@ -20,12 +20,12 @@
 import copy
 import json
 
-from app.converter.platforms.opensearch.const import OPENSEARCH_RULE, opensearch_rule_details
-from app.converter.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings
-from app.converter.platforms.opensearch.renders.opensearch import OpenSearchQueryRender, OpenSearchFieldValue
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
+from app.translator.platforms.opensearch.const import OPENSEARCH_RULE, opensearch_rule_details
+from app.translator.platforms.opensearch.mapping import OpenSearchMappings, opensearch_mappings
+from app.translator.platforms.opensearch.renders.opensearch import OpenSearchQueryRender, OpenSearchFieldValue
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
 
 
 SEVERITIES_MAP = {"informational": "5", "low": "4", "medium": "3", "high": "2", "critical": "1"}
@@ -46,9 +46,9 @@ class OpenSearchRuleRender(OpenSearchQueryRender):
     field_value_map = OpenSearchRuleFieldValue(or_token=or_token)
     query_pattern = "{prefix} {query} {functions}"
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None):
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         rule = copy.deepcopy(OPENSEARCH_RULE)
         rule["name"] = meta_info.title
         rule["inputs"][0]["search"]["query"]["query"]["bool"]["must"][0]["query_string"]["query"] = query
diff --git a/siem-converter/app/converter/platforms/opensearch/tokenizer.py b/translator/app/translator/platforms/opensearch/tokenizer.py
similarity index 91%
rename from siem-converter/app/converter/platforms/opensearch/tokenizer.py
rename to translator/app/translator/platforms/opensearch/tokenizer.py
index ee8d4189..1cc67c6f 100644
--- a/siem-converter/app/converter/platforms/opensearch/tokenizer.py
+++ b/translator/app/translator/platforms/opensearch/tokenizer.py
@@ -15,7 +15,7 @@
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 -----------------------------------------------------------------
 """
-from app.converter.platforms.base.lucene.tokenizer import LuceneTokenizer
+from app.translator.platforms.base.lucene.tokenizer import LuceneTokenizer
 
 
 class OpenSearchTokenizer(LuceneTokenizer):
diff --git a/siem-converter/app/converter/platforms/qradar/parsers/__init__.py b/translator/app/translator/platforms/qradar/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qradar/parsers/__init__.py
rename to translator/app/translator/platforms/qradar/__init__.py
diff --git a/siem-converter/app/converter/platforms/qradar/const.py b/translator/app/translator/platforms/qradar/const.py
similarity index 86%
rename from siem-converter/app/converter/platforms/qradar/const.py
rename to translator/app/translator/platforms/qradar/const.py
index 079a84fa..d6479641 100644
--- a/siem-converter/app/converter/platforms/qradar/const.py
+++ b/translator/app/translator/platforms/qradar/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 UTF8_PAYLOAD_PATTERN = r"UTF8\(payload\)"
 
diff --git a/siem-converter/app/converter/platforms/qradar/mapping.py b/translator/app/translator/platforms/qradar/mapping.py
similarity index 96%
rename from siem-converter/app/converter/platforms/qradar/mapping.py
rename to translator/app/translator/platforms/qradar/mapping.py
index 34c04dd7..44d19c86 100644
--- a/siem-converter/app/converter/platforms/qradar/mapping.py
+++ b/translator/app/translator/platforms/qradar/mapping.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class QradarLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/qradar/renders/__init__.py b/translator/app/translator/platforms/qradar/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qradar/renders/__init__.py
rename to translator/app/translator/platforms/qradar/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/qradar/mappings/qradar_cti.py b/translator/app/translator/platforms/qradar/mappings/qradar_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qradar/mappings/qradar_cti.py
rename to translator/app/translator/platforms/qradar/mappings/qradar_cti.py
diff --git a/siem-converter/app/converter/platforms/qualys/__init__.py b/translator/app/translator/platforms/qradar/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qualys/__init__.py
rename to translator/app/translator/platforms/qradar/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/qradar/parsers/qradar.py b/translator/app/translator/platforms/qradar/parsers/qradar.py
similarity index 91%
rename from siem-converter/app/converter/platforms/qradar/parsers/qradar.py
rename to translator/app/translator/platforms/qradar/parsers/qradar.py
index 3382ecb3..b3bb800b 100644
--- a/siem-converter/app/converter/platforms/qradar/parsers/qradar.py
+++ b/translator/app/translator/platforms/qradar/parsers/qradar.py
@@ -19,14 +19,14 @@
 import re
 from typing import Tuple, List, Union, Dict
 
-from app.converter.platforms.qradar.const import SINGLE_QUOTES_VALUE_PATTERN, NUM_VALUE_PATTERN, \
+from app.translator.platforms.qradar.const import SINGLE_QUOTES_VALUE_PATTERN, NUM_VALUE_PATTERN, \
     qradar_query_details
-from app.converter.platforms.qradar.mapping import QradarMappings, qradar_mappings
-from app.converter.platforms.qradar.tokenizer import QradarTokenizer
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.parser import Parser
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
-from app.converter.tools.utils import get_match_group
+from app.translator.platforms.qradar.mapping import QradarMappings, qradar_mappings
+from app.translator.platforms.qradar.tokenizer import QradarTokenizer
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.parser import Parser
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.tools.utils import get_match_group
 
 
 class QradarParser(Parser):
diff --git a/siem-converter/app/converter/platforms/qualys/mappings/__init__.py b/translator/app/translator/platforms/qradar/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qualys/mappings/__init__.py
rename to translator/app/translator/platforms/qradar/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/qradar/renders/qradar.py b/translator/app/translator/platforms/qradar/renders/qradar.py
similarity index 83%
rename from siem-converter/app/converter/platforms/qradar/renders/qradar.py
rename to translator/app/translator/platforms/qradar/renders/qradar.py
index 4cacf1aa..13548e32 100644
--- a/siem-converter/app/converter/platforms/qradar/renders/qradar.py
+++ b/translator/app/translator/platforms/qradar/renders/qradar.py
@@ -19,10 +19,12 @@
 
 from typing import Union, List
 
-from app.converter.platforms.qradar.const import qradar_query_details
-from app.converter.platforms.qradar.mapping import QradarLogSourceSignature, QradarMappings, qradar_mappings
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render import BaseQueryRender, BaseQueryFieldValue
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.functions.base import Function
+from app.translator.platforms.qradar.const import qradar_query_details
+from app.translator.platforms.qradar.mapping import QradarLogSourceSignature, QradarMappings, qradar_mappings
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render import BaseQueryRender, BaseQueryFieldValue
 
 
 class QradarFieldValue(BaseQueryFieldValue):
@@ -80,5 +82,8 @@ def generate_prefix(self, log_source_signature: QradarLogSourceSignature) -> str
         extra_condition = log_source_signature.extra_condition
         return f"SELECT UTF8(payload) FROM {table} WHERE {extra_condition}"
 
-    def generate_functions(self, functions: list):
+    def wrap_with_comment(self, value: str) -> str:
+        return f"/* {value} */"
+
+    def generate_functions(self, functions: List[Function], source_mapping: SourceMapping) -> str:
         return ""
diff --git a/siem-converter/app/converter/platforms/qradar/renders/qradar_cti.py b/translator/app/translator/platforms/qradar/renders/qradar_cti.py
similarity index 81%
rename from siem-converter/app/converter/platforms/qradar/renders/qradar_cti.py
rename to translator/app/translator/platforms/qradar/renders/qradar_cti.py
index 39ac6e67..2acc6f10 100644
--- a/siem-converter/app/converter/platforms/qradar/renders/qradar_cti.py
+++ b/translator/app/translator/platforms/qradar/renders/qradar_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.qradar.const import qradar_query_details
-from app.converter.platforms.qradar.mappings.qradar_cti import DEFAULT_QRADAR_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.qradar.const import qradar_query_details
+from app.translator.platforms.qradar.mappings.qradar_cti import DEFAULT_QRADAR_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class QRadarCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/qradar/tokenizer.py b/translator/app/translator/platforms/qradar/tokenizer.py
similarity index 89%
rename from siem-converter/app/converter/platforms/qradar/tokenizer.py
rename to translator/app/translator/platforms/qradar/tokenizer.py
index fe36f8ad..284dd87c 100644
--- a/siem-converter/app/converter/platforms/qradar/tokenizer.py
+++ b/translator/app/translator/platforms/qradar/tokenizer.py
@@ -19,12 +19,12 @@
 import re
 from typing import Tuple, Any
 
-from app.converter.platforms.qradar.const import UTF8_PAYLOAD_PATTERN, SINGLE_QUOTES_VALUE_PATTERN, NUM_VALUE_PATTERN
-from app.converter.core.models.field import Keyword
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.tokenizer import QueryTokenizer
-from app.converter.core.custom_types.tokens import OperatorType
-from app.converter.tools.utils import get_match_group
+from app.translator.platforms.qradar.const import UTF8_PAYLOAD_PATTERN, SINGLE_QUOTES_VALUE_PATTERN, NUM_VALUE_PATTERN
+from app.translator.core.models.field import Keyword
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.tokenizer import QueryTokenizer
+from app.translator.core.custom_types.tokens import OperatorType
+from app.translator.tools.utils import get_match_group
 
 
 class QradarTokenizer(QueryTokenizer):
diff --git a/siem-converter/app/converter/platforms/qualys/renders/__init__.py b/translator/app/translator/platforms/qualys/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qualys/renders/__init__.py
rename to translator/app/translator/platforms/qualys/__init__.py
diff --git a/siem-converter/app/converter/platforms/qualys/const.py b/translator/app/translator/platforms/qualys/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qualys/const.py
rename to translator/app/translator/platforms/qualys/const.py
diff --git a/siem-converter/app/converter/platforms/roota/__init__.py b/translator/app/translator/platforms/qualys/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/roota/__init__.py
rename to translator/app/translator/platforms/qualys/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/qualys/mappings/qualys_cti.py b/translator/app/translator/platforms/qualys/mappings/qualys_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/qualys/mappings/qualys_cti.py
rename to translator/app/translator/platforms/qualys/mappings/qualys_cti.py
diff --git a/siem-converter/app/converter/platforms/roota/parsers/__init__.py b/translator/app/translator/platforms/qualys/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/roota/parsers/__init__.py
rename to translator/app/translator/platforms/qualys/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/qualys/renders/qualys_cti.py b/translator/app/translator/platforms/qualys/renders/qualys_cti.py
similarity index 80%
rename from siem-converter/app/converter/platforms/qualys/renders/qualys_cti.py
rename to translator/app/translator/platforms/qualys/renders/qualys_cti.py
index aec31146..1fbd7a54 100644
--- a/siem-converter/app/converter/platforms/qualys/renders/qualys_cti.py
+++ b/translator/app/translator/platforms/qualys/renders/qualys_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.qualys.const import QUALYS_QUERY_DETAILS
-from app.converter.platforms.qualys.mappings.qualys_cti import DEFAULT_QUALYS_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.qualys.const import QUALYS_QUERY_DETAILS
+from app.translator.platforms.qualys.mappings.qualys_cti import DEFAULT_QUALYS_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class QualysCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/rsa_netwitness/__init__.py b/translator/app/translator/platforms/roota/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/rsa_netwitness/__init__.py
rename to translator/app/translator/platforms/roota/__init__.py
diff --git a/siem-converter/app/converter/platforms/roota/mapping.py b/translator/app/translator/platforms/roota/mapping.py
similarity index 94%
rename from siem-converter/app/converter/platforms/roota/mapping.py
rename to translator/app/translator/platforms/roota/mapping.py
index 5ead94e6..0795a0ce 100644
--- a/siem-converter/app/converter/platforms/roota/mapping.py
+++ b/translator/app/translator/platforms/roota/mapping.py
@@ -1,6 +1,6 @@
 from typing import List
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class RootaLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/rsa_netwitness/mappings/__init__.py b/translator/app/translator/platforms/roota/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/rsa_netwitness/mappings/__init__.py
rename to translator/app/translator/platforms/roota/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/roota/parsers/roota.py b/translator/app/translator/platforms/roota/parsers/roota.py
similarity index 89%
rename from siem-converter/app/converter/platforms/roota/parsers/roota.py
rename to translator/app/translator/platforms/roota/parsers/roota.py
index 6d66621e..ba5af48a 100644
--- a/siem-converter/app/converter/platforms/roota/parsers/roota.py
+++ b/translator/app/translator/platforms/roota/parsers/roota.py
@@ -17,11 +17,11 @@
 """
 import re
 
-from app.converter.core.exceptions.core import UnsupportedRootAParser, RootARuleValidationException
-from app.converter.core.mixins.rule import YamlRuleMixin
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
-from app.converter.core.parser import Parser
-from app.converter.managers import parser_manager
+from app.translator.core.exceptions.core import UnsupportedRootAParser, RootARuleValidationException
+from app.translator.core.mixins.rule import YamlRuleMixin
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.core.parser import Parser
+from app.translator.managers import parser_manager
 
 
 class RootAParser(YamlRuleMixin):
diff --git a/siem-converter/app/converter/platforms/rsa_netwitness/renders/__init__.py b/translator/app/translator/platforms/rsa_netwitness/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/rsa_netwitness/renders/__init__.py
rename to translator/app/translator/platforms/rsa_netwitness/__init__.py
diff --git a/siem-converter/app/converter/platforms/rsa_netwitness/const.py b/translator/app/translator/platforms/rsa_netwitness/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/rsa_netwitness/const.py
rename to translator/app/translator/platforms/rsa_netwitness/const.py
diff --git a/siem-converter/app/converter/platforms/securonix/__init__.py b/translator/app/translator/platforms/rsa_netwitness/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/securonix/__init__.py
rename to translator/app/translator/platforms/rsa_netwitness/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/rsa_netwitness/mappings/rsa_netwitness_cti.py b/translator/app/translator/platforms/rsa_netwitness/mappings/rsa_netwitness_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/rsa_netwitness/mappings/rsa_netwitness_cti.py
rename to translator/app/translator/platforms/rsa_netwitness/mappings/rsa_netwitness_cti.py
diff --git a/siem-converter/app/converter/platforms/securonix/mappings/__init__.py b/translator/app/translator/platforms/rsa_netwitness/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/securonix/mappings/__init__.py
rename to translator/app/translator/platforms/rsa_netwitness/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py b/translator/app/translator/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py
similarity index 78%
rename from siem-converter/app/converter/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py
rename to translator/app/translator/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py
index da389b09..7d7e9704 100644
--- a/siem-converter/app/converter/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py
+++ b/translator/app/translator/platforms/rsa_netwitness/renders/rsa_netwitness_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.rsa_netwitness.const import RSA_NETWITNESS_QUERY_DETAILS
-from app.converter.platforms.rsa_netwitness.mappings.rsa_netwitness_cti import DEFAULT_RSA_NETWITNESS_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.rsa_netwitness.const import RSA_NETWITNESS_QUERY_DETAILS
+from app.translator.platforms.rsa_netwitness.mappings.rsa_netwitness_cti import DEFAULT_RSA_NETWITNESS_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class RSANetwitnessCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/securonix/renders/__init__.py b/translator/app/translator/platforms/securonix/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/securonix/renders/__init__.py
rename to translator/app/translator/platforms/securonix/__init__.py
diff --git a/siem-converter/app/converter/platforms/securonix/const.py b/translator/app/translator/platforms/securonix/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/securonix/const.py
rename to translator/app/translator/platforms/securonix/const.py
diff --git a/siem-converter/app/converter/platforms/sentinel_one/__init__.py b/translator/app/translator/platforms/securonix/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sentinel_one/__init__.py
rename to translator/app/translator/platforms/securonix/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/securonix/mappings/securonix_cti.py b/translator/app/translator/platforms/securonix/mappings/securonix_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/securonix/mappings/securonix_cti.py
rename to translator/app/translator/platforms/securonix/mappings/securonix_cti.py
diff --git a/siem-converter/app/converter/platforms/sentinel_one/mappings/__init__.py b/translator/app/translator/platforms/securonix/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sentinel_one/mappings/__init__.py
rename to translator/app/translator/platforms/securonix/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/securonix/renders/securonix_cti.py b/translator/app/translator/platforms/securonix/renders/securonix_cti.py
similarity index 80%
rename from siem-converter/app/converter/platforms/securonix/renders/securonix_cti.py
rename to translator/app/translator/platforms/securonix/renders/securonix_cti.py
index ea631912..cf00b9ab 100644
--- a/siem-converter/app/converter/platforms/securonix/renders/securonix_cti.py
+++ b/translator/app/translator/platforms/securonix/renders/securonix_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.securonix.const import SECURONIX_QUERY_DETAILS
-from app.converter.platforms.securonix.mappings.securonix_cti import DEFAULT_SECURONIX_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.securonix.const import SECURONIX_QUERY_DETAILS
+from app.translator.platforms.securonix.mappings.securonix_cti import DEFAULT_SECURONIX_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class SecuronixCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/sentinel_one/renders/__init__.py b/translator/app/translator/platforms/sentinel_one/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sentinel_one/renders/__init__.py
rename to translator/app/translator/platforms/sentinel_one/__init__.py
diff --git a/siem-converter/app/converter/platforms/sentinel_one/const.py b/translator/app/translator/platforms/sentinel_one/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sentinel_one/const.py
rename to translator/app/translator/platforms/sentinel_one/const.py
diff --git a/siem-converter/app/converter/platforms/sigma/__init__.py b/translator/app/translator/platforms/sentinel_one/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sigma/__init__.py
rename to translator/app/translator/platforms/sentinel_one/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/sentinel_one/mappings/s1_cti.py b/translator/app/translator/platforms/sentinel_one/mappings/s1_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sentinel_one/mappings/s1_cti.py
rename to translator/app/translator/platforms/sentinel_one/mappings/s1_cti.py
diff --git a/siem-converter/app/converter/platforms/sigma/models/__init__.py b/translator/app/translator/platforms/sentinel_one/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sigma/models/__init__.py
rename to translator/app/translator/platforms/sentinel_one/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/sentinel_one/renders/s1_cti.py b/translator/app/translator/platforms/sentinel_one/renders/s1_cti.py
similarity index 79%
rename from siem-converter/app/converter/platforms/sentinel_one/renders/s1_cti.py
rename to translator/app/translator/platforms/sentinel_one/renders/s1_cti.py
index 63390496..9e081c12 100644
--- a/siem-converter/app/converter/platforms/sentinel_one/renders/s1_cti.py
+++ b/translator/app/translator/platforms/sentinel_one/renders/s1_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.sentinel_one.const import SENTINEL_ONE_EVENTS_QUERY_DETAILS
-from app.converter.platforms.sentinel_one.mappings.s1_cti import DEFAULT_S1EVENTS_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.sentinel_one.const import SENTINEL_ONE_EVENTS_QUERY_DETAILS
+from app.translator.platforms.sentinel_one.mappings.s1_cti import DEFAULT_S1EVENTS_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class S1EventsCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/sigma/parsers/__init__.py b/translator/app/translator/platforms/sigma/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sigma/parsers/__init__.py
rename to translator/app/translator/platforms/sigma/__init__.py
diff --git a/siem-converter/app/converter/platforms/sigma/const.py b/translator/app/translator/platforms/sigma/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sigma/const.py
rename to translator/app/translator/platforms/sigma/const.py
diff --git a/siem-converter/app/converter/platforms/sigma/mapping.py b/translator/app/translator/platforms/sigma/mapping.py
similarity index 95%
rename from siem-converter/app/converter/platforms/sigma/mapping.py
rename to translator/app/translator/platforms/sigma/mapping.py
index 995c8f71..96b7d353 100644
--- a/siem-converter/app/converter/platforms/sigma/mapping.py
+++ b/translator/app/translator/platforms/sigma/mapping.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class SigmaLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/sigma/renders/__init__.py b/translator/app/translator/platforms/sigma/models/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sigma/renders/__init__.py
rename to translator/app/translator/platforms/sigma/models/__init__.py
diff --git a/siem-converter/app/converter/platforms/sigma/models/compiler.py b/translator/app/translator/platforms/sigma/models/compiler.py
similarity index 87%
rename from siem-converter/app/converter/platforms/sigma/models/compiler.py
rename to translator/app/translator/platforms/sigma/models/compiler.py
index a69c948c..3d39235e 100644
--- a/siem-converter/app/converter/platforms/sigma/models/compiler.py
+++ b/translator/app/translator/platforms/sigma/models/compiler.py
@@ -16,11 +16,11 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.core.models.field import Field, Keyword
-from app.converter.platforms.sigma.models.group import Group
-from app.converter.core.models.identifier import Identifier
-from app.converter.platforms.sigma.models.operator import Operator, NOT
-from app.converter.core.custom_types.tokens import LogicalOperatorType, GroupType
+from app.translator.core.models.field import Field, Keyword
+from app.translator.platforms.sigma.models.group import Group
+from app.translator.core.models.identifier import Identifier
+from app.translator.platforms.sigma.models.operator import Operator, NOT
+from app.translator.core.custom_types.tokens import LogicalOperatorType, GroupType
 
 
 class DataStructureCompiler:
diff --git a/siem-converter/app/converter/platforms/sigma/models/group.py b/translator/app/translator/platforms/sigma/models/group.py
similarity index 97%
rename from siem-converter/app/converter/platforms/sigma/models/group.py
rename to translator/app/translator/platforms/sigma/models/group.py
index b61c50d4..be26dced 100644
--- a/siem-converter/app/converter/platforms/sigma/models/group.py
+++ b/translator/app/translator/platforms/sigma/models/group.py
@@ -1,4 +1,4 @@
-from app.converter.platforms.sigma.models.operator import OR, AND, NOT
+from app.translator.platforms.sigma.models.operator import OR, AND, NOT
 
 
 class Group:
diff --git a/siem-converter/app/converter/platforms/sigma/models/modifiers.py b/translator/app/translator/platforms/sigma/models/modifiers.py
similarity index 94%
rename from siem-converter/app/converter/platforms/sigma/models/modifiers.py
rename to translator/app/translator/platforms/sigma/models/modifiers.py
index 6d1f1d83..30868b43 100644
--- a/siem-converter/app/converter/platforms/sigma/models/modifiers.py
+++ b/translator/app/translator/platforms/sigma/models/modifiers.py
@@ -1,8 +1,8 @@
 from typing import Union, List
 
-from app.converter.core.models.field import Field
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.custom_types.tokens import LogicalOperatorType, OperatorType, GroupType
+from app.translator.core.models.field import Field
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.custom_types.tokens import LogicalOperatorType, OperatorType, GroupType
 
 
 class ModifierManager:
diff --git a/siem-converter/app/converter/platforms/sigma/models/operator.py b/translator/app/translator/platforms/sigma/models/operator.py
similarity index 93%
rename from siem-converter/app/converter/platforms/sigma/models/operator.py
rename to translator/app/translator/platforms/sigma/models/operator.py
index 7c60f4d9..b1610bed 100644
--- a/siem-converter/app/converter/platforms/sigma/models/operator.py
+++ b/translator/app/translator/platforms/sigma/models/operator.py
@@ -1,6 +1,6 @@
 from abc import ABC
 
-from app.converter.core.custom_types.tokens import LogicalOperatorType
+from app.translator.core.custom_types.tokens import LogicalOperatorType
 
 
 class BaseOperator(ABC):
diff --git a/siem-converter/app/converter/platforms/snowflake/__init__.py b/translator/app/translator/platforms/sigma/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/snowflake/__init__.py
rename to translator/app/translator/platforms/sigma/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/sigma/parsers/sigma.py b/translator/app/translator/platforms/sigma/parsers/sigma.py
similarity index 84%
rename from siem-converter/app/converter/platforms/sigma/parsers/sigma.py
rename to translator/app/translator/platforms/sigma/parsers/sigma.py
index dcd1c806..ed8bc4f5 100644
--- a/siem-converter/app/converter/platforms/sigma/parsers/sigma.py
+++ b/translator/app/translator/platforms/sigma/parsers/sigma.py
@@ -21,14 +21,14 @@
 import re
 from typing import List, Union
 
-from app.converter.platforms.sigma.const import SIGMA_RULE_DETAILS
-from app.converter.platforms.sigma.mapping import SigmaMappings, sigma_mappings
-from app.converter.platforms.sigma.tokenizer import SigmaTokenizer, SigmaConditionTokenizer
-from app.converter.core.exceptions.core import SigmaRuleValidationException
-from app.converter.core.mixins.rule import YamlRuleMixin
-from app.converter.core.models.field import Field
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.sigma.const import SIGMA_RULE_DETAILS
+from app.translator.platforms.sigma.mapping import SigmaMappings, sigma_mappings
+from app.translator.platforms.sigma.tokenizer import SigmaTokenizer, SigmaConditionTokenizer
+from app.translator.core.exceptions.core import SigmaRuleValidationException
+from app.translator.core.mixins.rule import YamlRuleMixin
+from app.translator.core.models.field import Field
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class SigmaParser(YamlRuleMixin):
diff --git a/siem-converter/app/converter/platforms/snowflake/mappings/__init__.py b/translator/app/translator/platforms/sigma/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/snowflake/mappings/__init__.py
rename to translator/app/translator/platforms/sigma/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/sigma/renders/sigma.py b/translator/app/translator/platforms/sigma/renders/sigma.py
similarity index 91%
rename from siem-converter/app/converter/platforms/sigma/renders/sigma.py
rename to translator/app/translator/platforms/sigma/renders/sigma.py
index 3d793f1a..176946e6 100644
--- a/siem-converter/app/converter/platforms/sigma/renders/sigma.py
+++ b/translator/app/translator/platforms/sigma/renders/sigma.py
@@ -21,18 +21,17 @@
 
 import yaml
 
-from app.converter.platforms.sigma.const import SIGMA_RULE_DETAILS
-from app.converter.platforms.sigma.mapping import SigmaMappings, sigma_mappings, SigmaLogSourceSignature
-from app.converter.platforms.sigma.models.compiler import DataStructureCompiler
-from app.converter.core.exceptions.core import StrictPlatformFieldException
-from app.converter.core.mapping import SourceMapping, DEFAULT_MAPPING_NAME
-from app.converter.core.models.field import Field, Keyword
-from app.converter.core.models.functions.types import ParsedFunctions
-from app.converter.platforms.sigma.models.group import Group
-from app.converter.platforms.sigma.models.operator import OR, AND, NOT
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.core.custom_types.tokens import OperatorType
+from app.translator.core.models.functions.base import ParsedFunctions
+from app.translator.platforms.sigma.const import SIGMA_RULE_DETAILS
+from app.translator.platforms.sigma.mapping import SigmaMappings, sigma_mappings, SigmaLogSourceSignature
+from app.translator.platforms.sigma.models.compiler import DataStructureCompiler
+from app.translator.core.mapping import SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.models.field import Field, Keyword
+from app.translator.platforms.sigma.models.group import Group
+from app.translator.platforms.sigma.models.operator import OR, AND, NOT
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.core.custom_types.tokens import OperatorType
 
 
 class SigmaRender:
@@ -180,9 +179,7 @@ def map_field(source_mapping: SourceMapping, generic_field_name: str) -> str:
 
     def generate_field(self, data: Field, source_mapping: SourceMapping):
         source_id = source_mapping.source_id
-        generic_field_name = data.generic_names_map[source_id]
-        if not generic_field_name:
-            raise StrictPlatformFieldException(field_name=data.source_name, platform_name="Sigma")
+        generic_field_name = data.generic_names_map.get(source_id) or data.source_name
         field_name = self.map_field(source_mapping, generic_field_name)
         if data.operator.token_type != OperatorType.EQ:
             field_name = f"{field_name}|{data.operator.token_type}"
@@ -240,7 +237,7 @@ def __get_source_mapping(self, source_mapping_ids: List[str]) -> SourceMapping:
                 return source_mapping
 
         return self.mappings.get_source_mapping(DEFAULT_MAPPING_NAME)
-    
+
     def generate(self, query, meta_info: MetaInfoContainer, functions: ParsedFunctions):
         self.reset_counters()
 
diff --git a/siem-converter/app/converter/platforms/sigma/tokenizer.py b/translator/app/translator/platforms/sigma/tokenizer.py
similarity index 94%
rename from siem-converter/app/converter/platforms/sigma/tokenizer.py
rename to translator/app/translator/platforms/sigma/tokenizer.py
index b73e8515..83d69f35 100644
--- a/siem-converter/app/converter/platforms/sigma/tokenizer.py
+++ b/translator/app/translator/platforms/sigma/tokenizer.py
@@ -19,12 +19,12 @@
 import re
 from typing import Union, List
 
-from app.converter.platforms.sigma.models.modifiers import ModifierManager
-from app.converter.core.exceptions.parser import TokenizerGeneralException
-from app.converter.core.models.field import Field, Keyword
-from app.converter.core.models.identifier import Identifier
-from app.converter.core.custom_types.tokens import GroupType, LogicalOperatorType
-from app.converter.core.tokenizer import QueryTokenizer
+from app.translator.platforms.sigma.models.modifiers import ModifierManager
+from app.translator.core.exceptions.parser import TokenizerGeneralException
+from app.translator.core.models.field import Field, Keyword
+from app.translator.core.models.identifier import Identifier
+from app.translator.core.custom_types.tokens import GroupType, LogicalOperatorType
+from app.translator.core.tokenizer import QueryTokenizer
 
 
 class Selection:
diff --git a/siem-converter/app/converter/platforms/snowflake/renders/__init__.py b/translator/app/translator/platforms/snowflake/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/snowflake/renders/__init__.py
rename to translator/app/translator/platforms/snowflake/__init__.py
diff --git a/siem-converter/app/converter/platforms/snowflake/const.py b/translator/app/translator/platforms/snowflake/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/snowflake/const.py
rename to translator/app/translator/platforms/snowflake/const.py
diff --git a/siem-converter/app/converter/platforms/splunk/__init__.py b/translator/app/translator/platforms/snowflake/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/splunk/__init__.py
rename to translator/app/translator/platforms/snowflake/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/snowflake/mappings/snowflake_cti.py b/translator/app/translator/platforms/snowflake/mappings/snowflake_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/snowflake/mappings/snowflake_cti.py
rename to translator/app/translator/platforms/snowflake/mappings/snowflake_cti.py
diff --git a/siem-converter/app/converter/platforms/splunk/mappings/__init__.py b/translator/app/translator/platforms/snowflake/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/splunk/mappings/__init__.py
rename to translator/app/translator/platforms/snowflake/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/snowflake/renders/snowflake_cti.py b/translator/app/translator/platforms/snowflake/renders/snowflake_cti.py
similarity index 80%
rename from siem-converter/app/converter/platforms/snowflake/renders/snowflake_cti.py
rename to translator/app/translator/platforms/snowflake/renders/snowflake_cti.py
index 666a034c..77e00ec8 100644
--- a/siem-converter/app/converter/platforms/snowflake/renders/snowflake_cti.py
+++ b/translator/app/translator/platforms/snowflake/renders/snowflake_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.snowflake.const import SNOWFLAKE_QUERY_DETAILS
-from app.converter.platforms.snowflake.mappings.snowflake_cti import DEFAULT_SNOWFLAKE_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.snowflake.const import SNOWFLAKE_QUERY_DETAILS
+from app.translator.platforms.snowflake.mappings.snowflake_cti import DEFAULT_SNOWFLAKE_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class SnowflakeCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/splunk/parsers/__init__.py b/translator/app/translator/platforms/splunk/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/splunk/parsers/__init__.py
rename to translator/app/translator/platforms/splunk/__init__.py
diff --git a/siem-converter/app/converter/platforms/splunk/const.py b/translator/app/translator/platforms/splunk/const.py
similarity index 94%
rename from siem-converter/app/converter/platforms/splunk/const.py
rename to translator/app/translator/platforms/splunk/const.py
index 89303431..5b5a8a26 100644
--- a/siem-converter/app/converter/platforms/splunk/const.py
+++ b/translator/app/translator/platforms/splunk/const.py
@@ -1,4 +1,4 @@
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.core.models.platform_details import PlatformDetails
 
 DEFAULT_SPLUNK_ALERT = """
 [<title_place_holder>]
diff --git a/translator/app/translator/platforms/splunk/functions/__init__.py b/translator/app/translator/platforms/splunk/functions/__init__.py
new file mode 100644
index 00000000..ba3702fe
--- /dev/null
+++ b/translator/app/translator/platforms/splunk/functions/__init__.py
@@ -0,0 +1,8 @@
+from app.translator.platforms.base.spl.functions import SplFunctions
+
+
+class SplunkFunctions(SplFunctions):
+    pass
+
+
+splunk_functions = SplunkFunctions()
diff --git a/siem-converter/app/converter/platforms/splunk/mapping.py b/translator/app/translator/platforms/splunk/mapping.py
similarity index 96%
rename from siem-converter/app/converter/platforms/splunk/mapping.py
rename to translator/app/translator/platforms/splunk/mapping.py
index 2adf419b..5d31a983 100644
--- a/siem-converter/app/converter/platforms/splunk/mapping.py
+++ b/translator/app/translator/platforms/splunk/mapping.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from app.converter.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
+from app.translator.core.mapping import BasePlatformMappings, LogSourceSignature, SourceMapping, DEFAULT_MAPPING_NAME
 
 
 class SplunkLogSourceSignature(LogSourceSignature):
diff --git a/siem-converter/app/converter/platforms/splunk/renders/__init__.py b/translator/app/translator/platforms/splunk/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/splunk/renders/__init__.py
rename to translator/app/translator/platforms/splunk/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/splunk/mappings/splunk_cti.py b/translator/app/translator/platforms/splunk/mappings/splunk_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/splunk/mappings/splunk_cti.py
rename to translator/app/translator/platforms/splunk/mappings/splunk_cti.py
diff --git a/siem-converter/app/converter/platforms/sumo_logic/__init__.py b/translator/app/translator/platforms/splunk/parsers/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sumo_logic/__init__.py
rename to translator/app/translator/platforms/splunk/parsers/__init__.py
diff --git a/siem-converter/app/converter/platforms/splunk/parsers/splunk.py b/translator/app/translator/platforms/splunk/parsers/splunk.py
similarity index 71%
rename from siem-converter/app/converter/platforms/splunk/parsers/splunk.py
rename to translator/app/translator/platforms/splunk/parsers/splunk.py
index 79a24f58..27d837fb 100644
--- a/siem-converter/app/converter/platforms/splunk/parsers/splunk.py
+++ b/translator/app/translator/platforms/splunk/parsers/splunk.py
@@ -16,18 +16,18 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.base.spl.parsers.spl import SplParser
-from app.converter.platforms.splunk.const import splunk_query_details
-from app.converter.platforms.splunk.mapping import SplunkMappings, splunk_mappings
-from app.converter.platforms.splunk.siem_functions import SplunkFunctions
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.base.spl.parsers.spl import SplParser
+from app.translator.platforms.splunk.const import splunk_query_details
+from app.translator.platforms.splunk.functions import SplunkFunctions, splunk_functions
+from app.translator.platforms.splunk.mapping import SplunkMappings, splunk_mappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class SplunkParser(SplParser):
     details: PlatformDetails = splunk_query_details
-    siem_functions = SplunkFunctions()
 
     log_source_pattern = r"___source_type___\s*=\s*(?:\"(?P<d_q_value>[%a-zA-Z_*:0-9\-/]+)\"|(?P<value>[%a-zA-Z_*:0-9\-/]+))(?:\s+(?:and|or)\s+|\s+)?"
     log_source_key_types = ("index", "source", "sourcetype", "sourcecategory")
 
     mappings: SplunkMappings = splunk_mappings
+    platform_functions: SplunkFunctions = splunk_functions
diff --git a/siem-converter/app/converter/platforms/splunk/parsers/splunk_alert.py b/translator/app/translator/platforms/splunk/parsers/splunk_alert.py
similarity index 85%
rename from siem-converter/app/converter/platforms/splunk/parsers/splunk_alert.py
rename to translator/app/translator/platforms/splunk/parsers/splunk_alert.py
index 74fab0b0..40d68223 100644
--- a/siem-converter/app/converter/platforms/splunk/parsers/splunk_alert.py
+++ b/translator/app/translator/platforms/splunk/parsers/splunk_alert.py
@@ -19,10 +19,10 @@
 import re
 from typing import List, Optional
 
-from app.converter.platforms.splunk.const import splunk_alert_details
-from app.converter.platforms.splunk.parsers.splunk import SplunkParser
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import SiemContainer, MetaInfoContainer
+from app.translator.platforms.splunk.const import splunk_alert_details
+from app.translator.platforms.splunk.parsers.splunk import SplunkParser
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import SiemContainer, MetaInfoContainer
 
 
 class SplunkAlertParser(SplunkParser):
diff --git a/siem-converter/app/converter/platforms/sumo_logic/mappings/__init__.py b/translator/app/translator/platforms/splunk/renders/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sumo_logic/mappings/__init__.py
rename to translator/app/translator/platforms/splunk/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/splunk/renders/splunk.py b/translator/app/translator/platforms/splunk/renders/splunk.py
similarity index 64%
rename from siem-converter/app/converter/platforms/splunk/renders/splunk.py
rename to translator/app/translator/platforms/splunk/renders/splunk.py
index ebca22c0..70036c4b 100644
--- a/siem-converter/app/converter/platforms/splunk/renders/splunk.py
+++ b/translator/app/translator/platforms/splunk/renders/splunk.py
@@ -16,10 +16,11 @@
 limitations under the License.
 -----------------------------------------------------------------
 """
-from app.converter.platforms.base.spl.renders.spl import SplFieldValue, SplQueryRender
-from app.converter.platforms.splunk.const import splunk_query_details
-from app.converter.platforms.splunk.mapping import SplunkMappings, splunk_mappings
-from app.converter.core.models.platform_details import PlatformDetails
+from app.translator.platforms.base.spl.renders.spl import SplFieldValue, SplQueryRender
+from app.translator.platforms.splunk.const import splunk_query_details
+from app.translator.platforms.splunk.functions import SplunkFunctions, splunk_functions
+from app.translator.platforms.splunk.mapping import SplunkMappings, splunk_mappings
+from app.translator.core.models.platform_details import PlatformDetails
 
 
 class SplunkFieldValue(SplFieldValue):
@@ -33,3 +34,9 @@ class SplunkQueryRender(SplQueryRender):
 
     field_value_map = SplunkFieldValue(or_token=or_token)
     mappings: SplunkMappings = splunk_mappings
+    platform_functions: SplunkFunctions = splunk_functions
+
+    def __init__(self):
+        super().__init__()
+        self.platform_functions.manager.init_search_func_render(self)
+
diff --git a/siem-converter/app/converter/platforms/splunk/renders/splunk_alert.py b/translator/app/translator/platforms/splunk/renders/splunk_alert.py
similarity index 83%
rename from siem-converter/app/converter/platforms/splunk/renders/splunk_alert.py
rename to translator/app/translator/platforms/splunk/renders/splunk_alert.py
index 3ffeca70..c8ae0a00 100644
--- a/siem-converter/app/converter/platforms/splunk/renders/splunk_alert.py
+++ b/translator/app/translator/platforms/splunk/renders/splunk_alert.py
@@ -16,14 +16,13 @@
 limitations under the License.
 -----------------------------------------------------------------
 """
-import json
 
-from app.converter.platforms.splunk.renders.splunk import SplunkQueryRender, SplunkFieldValue
-from app.converter.platforms.splunk.const import DEFAULT_SPLUNK_ALERT, splunk_alert_details
-from app.converter.core.mapping import SourceMapping
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.models.parser_output import MetaInfoContainer
-from app.converter.tools.utils import get_rule_description_str
+from app.translator.platforms.splunk.renders.splunk import SplunkQueryRender, SplunkFieldValue
+from app.translator.platforms.splunk.const import DEFAULT_SPLUNK_ALERT, splunk_alert_details
+from app.translator.core.mapping import SourceMapping
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.models.parser_output import MetaInfoContainer
+from app.translator.tools.utils import get_rule_description_str
 
 
 _AUTOGENERATED_TITLE = "Autogenerated Splunk Alert"
@@ -46,9 +45,9 @@ def __create_mitre_threat(self, meta_info: MetaInfoContainer) -> dict:
 
         return techniques
 
-    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer,
+    def finalize_query(self, prefix: str, query: str, functions: str, meta_info: MetaInfoContainer = None,
                        source_mapping: SourceMapping = None, not_supported_functions: list = None):
-        query = super().finalize_query(prefix=prefix, query=query, functions=functions, meta_info=meta_info)
+        query = super().finalize_query(prefix=prefix, query=query, functions=functions)
         severity_map = {"critical": "4", "high": "3", "medium": "2", "low": "1"}
         rule = DEFAULT_SPLUNK_ALERT.replace("<query_place_holder>", query)
         rule = rule.replace("<title_place_holder>", meta_info.title or _AUTOGENERATED_TITLE)
@@ -62,7 +61,6 @@ def finalize_query(self, prefix: str, query: str, functions: str, meta_info: Met
         if mitre_techniques:
             mitre_str = f"action.correlationsearch.annotations = {mitre_techniques})"
             rule = rule.replace("<annotations_place_holder>", mitre_str)
-
         if not_supported_functions:
             rendered_not_supported = self.render_not_supported_functions(not_supported_functions)
             return rule + rendered_not_supported
diff --git a/siem-converter/app/converter/platforms/splunk/renders/splunk_cti.py b/translator/app/translator/platforms/splunk/renders/splunk_cti.py
similarity index 80%
rename from siem-converter/app/converter/platforms/splunk/renders/splunk_cti.py
rename to translator/app/translator/platforms/splunk/renders/splunk_cti.py
index 1211e706..a225f064 100644
--- a/siem-converter/app/converter/platforms/splunk/renders/splunk_cti.py
+++ b/translator/app/translator/platforms/splunk/renders/splunk_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.splunk.const import splunk_query_details
-from app.converter.platforms.splunk.mappings.splunk_cti import DEFAULT_SPLUNK_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.splunk.const import splunk_query_details
+from app.translator.platforms.splunk.mappings.splunk_cti import DEFAULT_SPLUNK_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class SplunkCTI(RenderCTI):
diff --git a/siem-converter/app/converter/platforms/sumo_logic/renders/__init__.py b/translator/app/translator/platforms/sumo_logic/__init__.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sumo_logic/renders/__init__.py
rename to translator/app/translator/platforms/sumo_logic/__init__.py
diff --git a/siem-converter/app/converter/platforms/sumo_logic/const.py b/translator/app/translator/platforms/sumo_logic/const.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sumo_logic/const.py
rename to translator/app/translator/platforms/sumo_logic/const.py
diff --git a/siem-converter/app/converter/tools/__init__.py b/translator/app/translator/platforms/sumo_logic/mappings/__init__.py
similarity index 100%
rename from siem-converter/app/converter/tools/__init__.py
rename to translator/app/translator/platforms/sumo_logic/mappings/__init__.py
diff --git a/siem-converter/app/converter/platforms/sumo_logic/mappings/sumologic_cti.py b/translator/app/translator/platforms/sumo_logic/mappings/sumologic_cti.py
similarity index 100%
rename from siem-converter/app/converter/platforms/sumo_logic/mappings/sumologic_cti.py
rename to translator/app/translator/platforms/sumo_logic/mappings/sumologic_cti.py
diff --git a/siem-converter/app/models/__init__.py b/translator/app/translator/platforms/sumo_logic/renders/__init__.py
similarity index 100%
rename from siem-converter/app/models/__init__.py
rename to translator/app/translator/platforms/sumo_logic/renders/__init__.py
diff --git a/siem-converter/app/converter/platforms/sumo_logic/renders/sumologic_cti.py b/translator/app/translator/platforms/sumo_logic/renders/sumologic_cti.py
similarity index 79%
rename from siem-converter/app/converter/platforms/sumo_logic/renders/sumologic_cti.py
rename to translator/app/translator/platforms/sumo_logic/renders/sumologic_cti.py
index 33773088..680179f0 100644
--- a/siem-converter/app/converter/platforms/sumo_logic/renders/sumologic_cti.py
+++ b/translator/app/translator/platforms/sumo_logic/renders/sumologic_cti.py
@@ -17,10 +17,10 @@
 -----------------------------------------------------------------
 """
 
-from app.converter.platforms.sumo_logic.const import SUMO_LOGIC_QUERY_DETAILS
-from app.converter.platforms.sumo_logic.mappings.sumologic_cti import DEFAULT_SUMOLOGIC_MAPPING
-from app.converter.core.models.platform_details import PlatformDetails
-from app.converter.core.render_cti import RenderCTI
+from app.translator.platforms.sumo_logic.const import SUMO_LOGIC_QUERY_DETAILS
+from app.translator.platforms.sumo_logic.mappings.sumologic_cti import DEFAULT_SUMOLOGIC_MAPPING
+from app.translator.core.models.platform_details import PlatformDetails
+from app.translator.core.render_cti import RenderCTI
 
 
 class SumologicCTI(RenderCTI):
diff --git a/siem-converter/app/routers/__init__.py b/translator/app/translator/tools/__init__.py
similarity index 100%
rename from siem-converter/app/routers/__init__.py
rename to translator/app/translator/tools/__init__.py
diff --git a/siem-converter/app/converter/tools/const.py b/translator/app/translator/tools/const.py
similarity index 100%
rename from siem-converter/app/converter/tools/const.py
rename to translator/app/translator/tools/const.py
diff --git a/siem-converter/app/converter/tools/custom_enum.py b/translator/app/translator/tools/custom_enum.py
similarity index 100%
rename from siem-converter/app/converter/tools/custom_enum.py
rename to translator/app/translator/tools/custom_enum.py
diff --git a/siem-converter/app/converter/tools/decorators.py b/translator/app/translator/tools/decorators.py
similarity index 74%
rename from siem-converter/app/converter/tools/decorators.py
rename to translator/app/translator/tools/decorators.py
index d917563d..d3b5109a 100644
--- a/siem-converter/app/converter/tools/decorators.py
+++ b/translator/app/translator/tools/decorators.py
@@ -1,7 +1,7 @@
-from app.converter.core.exceptions.core import BasePlatformException
-from app.converter.core.exceptions.iocs import BaseIOCsException
-from app.converter.core.exceptions.parser import BaseParserException
-from app.converter.core.exceptions.render import BaseRenderException
+from app.translator.core.exceptions.core import BasePlatformException
+from app.translator.core.exceptions.iocs import BaseIOCsException
+from app.translator.core.exceptions.parser import BaseParserException
+from app.translator.core.exceptions.render import BaseRenderException
 
 
 def handle_translation_exceptions(func):
diff --git a/siem-converter/app/converter/tools/singleton_meta.py b/translator/app/translator/tools/singleton_meta.py
similarity index 100%
rename from siem-converter/app/converter/tools/singleton_meta.py
rename to translator/app/translator/tools/singleton_meta.py
diff --git a/siem-converter/app/converter/tools/utils.py b/translator/app/translator/tools/utils.py
similarity index 100%
rename from siem-converter/app/converter/tools/utils.py
rename to translator/app/translator/tools/utils.py
diff --git a/siem-converter/app/converter/converter.py b/translator/app/translator/translator.py
similarity index 87%
rename from siem-converter/app/converter/converter.py
rename to translator/app/translator/translator.py
index 5d1baefb..a7672b09 100644
--- a/siem-converter/app/converter/converter.py
+++ b/translator/app/translator/translator.py
@@ -1,10 +1,10 @@
 import logging
 
-from app.converter.platforms.roota.parsers.roota import RootAParser
-from app.converter.core.exceptions.core import UnsupportedPlatform
-from app.converter.core.models.parser_output import SiemContainer
-from app.converter.managers import RenderManager, ParserManager, render_manager, parser_manager
-from app.converter.tools.decorators import handle_translation_exceptions
+from app.translator.platforms.roota.parsers.roota import RootAParser
+from app.translator.core.exceptions.core import UnsupportedPlatform
+from app.translator.core.models.parser_output import SiemContainer
+from app.translator.managers import RenderManager, ParserManager, render_manager, parser_manager
+from app.translator.tools.decorators import handle_translation_exceptions
 
 
 class SiemConverter:
diff --git a/siem-converter/const.py b/translator/const.py
similarity index 100%
rename from siem-converter/const.py
rename to translator/const.py
diff --git a/siem-converter/requirements.txt b/translator/requirements.txt
similarity index 100%
rename from siem-converter/requirements.txt
rename to translator/requirements.txt
diff --git a/siem-converter/server.py b/translator/server.py
similarity index 100%
rename from siem-converter/server.py
rename to translator/server.py
diff --git a/translator/settings.py b/translator/settings.py
new file mode 100644
index 00000000..f548fd17
--- /dev/null
+++ b/translator/settings.py
@@ -0,0 +1,4 @@
+import os
+
+
+INIT_FUNCTIONS = os.getenv("INIT_FUNCTIONS", '0').lower() in ('true', '1', 't')

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/26.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/26.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/26.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/UncoderIO/Uncoder_IO/pull/26.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>