new fields

spsocprime · spsocprime · commit 4536c50ce66b · 2024-07-18T09:29:25.000+03:00
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
@@ -46,6 +46,7 @@ field_mapping:
   c-uri-query: xdm.network.http.url
   QueryName: xdm.network.dns.dns_question.name
   Application: xdm.network.application_protocol
+  sourceNetwork: xdm.source.subnet
   SourceHostName: xdm.source.host.hostname
   DestinationHostname: xdm.target.host.hostname
   Hashes:
@@ -127,3 +128,9 @@ field_mapping:
   url_category: xdm.network.http.url_category
   EventSeverity: xdm.alert.severity
   duration: xdm.event.duration
+  ThreatName: xdm.alert.original_threat_id
+  AnalyzerName: xdm.observer.type
+  Classification: xdm.alert.category
+  ResultCode: xdm.event.outcome_reason
+  Technique: xdm.alert.mitre_techniques
+  Action: xdm.event.outcome
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
@@ -19,6 +19,7 @@ field_mapping:
   src-port:
     - SourcePort
     - localport
+    - sourcePort
   src-ip:
     - sourceip
     - source_ip
@@ -34,13 +35,15 @@ field_mapping:
   User:
     - userName
     - EventUserName
+    - Alert Threat Cause Actor Name
   CommandLine: Command
   Protocol: 
     - IPProtocol
     - protocol
   Application:
     - Application
     - application
+  sourceNetwork: sourceNetwork
   SourceHostName:
     - HostCount-source
     - identityHostName
@@ -78,4 +81,12 @@ field_mapping:
   Source:
     - Source
     - source
-  duration: duration
+  duration: duration
+  ThreatName: 
+    - Threat Name
+    - Alert Blocked Threat Category
+  AnalyzerName: Analyzer Name
+  Classification: Classification
+  ResultCode: Alert Reason Code
+  Technique: Technique
+  Action: Action
