Merge pull request #109 from UncoderIO/hunters-query-render

hunters query render

Author: alexvolha

uncoder-core/app/translator/mappings/platforms/hunters/aws_cloudtrail.yml

@@ -0,0 +1,31 @@
+platform: Hunters
+source: aws_cloudtrail
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  eventSource: eventSource
+  eventName: eventName
+  AdditionalEventData: additionalEventData.MFAUsed
+  errorCode: errorCode
+  errorMessage: errorMessage
+  eventType: eventType
+  requestParameters: requestParameters
+  requestParameters.attribute: requestParameters.attribute
+  requestParameters.ipPermissions.items.ipRanges.items.cidrIP: requestParameters.ipPermissions.items.ipRanges.items.cidrIP
+  requestParameters.ipPermissions.items.ipRanges.items.fromPort: requestParameters.ipPermissions.items.ipRanges.items.fromPort
+  requestParameters.userData: requestParameters.userData
+  responseElements: responseElements
+  responseElements.ConsoleLogin: responseElements.ConsoleLogin
+  responseElements.pendingModifiedValues.masterUserPassword: responseElements.pendingModifiedValues.masterUserPassword
+  responseElements.publiclyAccessible: responseElements.publiclyAccessible
+  status: status
+  terminatingRuleId: terminatingRuleId
+  userAgent: userAgent
+  userIdentity.arn: userIdentity.arn
+  userIdentity.principalId: userIdentity.principalId
+  userIdentity.sessionContext.sessionIssuer.type: userIdentity.sessionContext.sessionIssuer.type
+  userIdentity.type: userIdentity.type
+  userIdentity.userName: userIdentity.userName

uncoder-core/app/translator/mappings/platforms/hunters/aws_eks.yml

@@ -0,0 +1,22 @@
+platform: Hunters
+source: aws_eks
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  annotations.authorization.k8s.io\/decision: annotations.authorization.k8s.io\/decision
+  annotations.podsecuritypolicy.policy.k8s.io\/admit-policy: annotations.podsecuritypolicy.policy.k8s.io\/admit-policy
+  aws_node_type: aws_node_type
+  objectRef.namespace: objectRef.namespace
+  objectRef.resource: objectRef.resource
+  objectRef.subresource: objectRef.subresource
+  requestObject.rules.resources: requestObject.rules.resources
+  requestObject.rules.verbs: requestObject.rules.verbs
+  requestObject.spec.containers.image: requestObject.spec.containers.image
+  requestURI: requestURI
+  stage: stage
+  user.groups: user.groups
+  user.username: user.username
+  verb: verb

uncoder-core/app/translator/mappings/platforms/hunters/azure_AzureDiagnostics.yml

@@ -0,0 +1,10 @@
+platform: Hunters
+source: azure_AzureDiagnostics
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  ResultDescription: ResultDescription
+  Category: Category

uncoder-core/app/translator/mappings/platforms/hunters/azure_BehaviorAnalytics.yml

@@ -0,0 +1,17 @@
+platform: Hunters
+source: azure_BehaviorAnalytics
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  ActionType: ActionType
+  ActivityInsights: ActivityInsights
+  ActivityType: ActivityType
+  EventSource: EventSource
+  DevicesInsights: DevicesInsights
+  RiskDetail: RiskDetail
+  UsersInsights: UsersInsights
+  UsersInsights.IsDormantAccount: UsersInsights.IsDormantAccount
+  UsersInsights.IsNewAccount: UsersInsights.IsNewAccount

uncoder-core/app/translator/mappings/platforms/hunters/azure_aadnoninteractiveusersigninlogs.yml

@@ -0,0 +1,10 @@
+platform: Hunters
+source: azure_aadnoninteractiveusersigninlogs
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  UserAgent: UserAgent
+  Type: Type

uncoder-core/app/translator/mappings/platforms/hunters/azure_azureactivity.yml

@@ -0,0 +1,19 @@
+platform: Hunters
+source: azure_azureactivity
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  ActivityStatus: ActivityStatus
+  ActivityStatusValue: ActivityStatusValue
+  ActivitySubstatusValue: ActivitySubstatusValue
+  Authorization: Authorization
+  Category: Category
+  CategoryValue: CategoryValue
+  OperationName: OperationName
+  OperationNameValue: OperationNameValue
+  ResourceId: ResourceId
+  ResourceProviderValue: ResourceProviderValue
+  Type: Type

uncoder-core/app/translator/mappings/platforms/hunters/azure_azuread.yml

@@ -0,0 +1,20 @@
+platform: Hunters
+source: azure_azuread
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  ActivityDisplayName: ActivityDisplayName
+  Category: Category
+  LoggedByService: LoggedByService
+  Result: Result
+  OperationName: OperationName
+  TargetResources: TargetResources
+  AADOperationType: AADOperationType
+  InitiatedBy: InitiatedBy
+  ResultReason: ResultReason
+  Status: Status
+  Status.errorCode: Status.errorCode
+  UserAgent: UserAgent

uncoder-core/app/translator/mappings/platforms/hunters/azure_m365.yml

@@ -0,0 +1,20 @@
+platform: Hunters
+source: azure_m365
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  ClientInfoString: ClientInfoString
+  LogonError: LogonError
+  ModifiedProperties: ModifiedProperties
+  OfficeObjectId: OfficeObjectId
+  OfficeWorkload: OfficeWorkload
+  Operation: Operation
+  Parameters: Parameters
+  RecordType: RecordType
+  ResultStatus: ResultStatus
+  SourceFileExtension: SourceFileExtension
+  SourceFileName: SourceFileName
+  UserAgent: UserAgent

uncoder-core/app/translator/mappings/platforms/hunters/azure_signinlogs.yml

@@ -0,0 +1,26 @@
+platform: Hunters
+source: azure_signinlogs
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name
+
+field_mapping:
+  AppDisplayName: AppDisplayName
+  AppId: AppId
+  AuthenticationRequirement: AuthenticationRequirement
+  Category: Category
+  ConditionalAccessStatus: ConditionalAccessStatus
+  DeviceDetail: DeviceDetail
+  IsInteractive: IsInteractive
+  NetworkLocationDetails: NetworkLocationDetails
+  ResourceDisplayName: ResourceDisplayName
+  ResourceIdentity: ResourceIdentity
+  ResultDescription: ResultDescription
+  ResultType: ResultType
+  Status.errorCode: Status.errorCode
+  Status: Status
+  Status.failureReason: Status.failureReason
+  TokenIssuerType: TokenIssuerType
+  UserAgent: UserAgent
+  UserPrincipalName: UserPrincipalName

uncoder-core/app/translator/mappings/platforms/hunters/default.yml

@@ -0,0 +1,6 @@
+platform: Hunters
+source: default
+description: Text that describe current mapping
+
+default_log_source:
+  table: table_name