We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
2 parents 4154275 + 1a5d778 commit 82d3823Copy full SHA for 82d3823
uncoder-core/app/translator/mappings/platforms/qradar/linux_auditd.yml
@@ -1,6 +1,6 @@
1
platform: Qradar
2
source: linux_auditd
3
-description: Text that describe current mapping
+description: Auditd field mappings to QRadar default CEPs.
4
5
log_source:
6
devicetype: [11]
@@ -9,8 +9,13 @@ default_log_source:
9
devicetype: 11
10
11
field_mapping:
12
- a0: a0
13
- a1: a1
14
- a2: a2
15
- a3: a3
16
- exe: exe
+ a0: Command
+ a1: Command
+ a2: Command
+ a3: Command
+ exe: Process Path
17
+ CommandLine: Command
18
+ Image: Process Path
19
+ User: username
20
+ LogonId: Logon ID
21
+ ParentImage: Parent Process Path
0 commit comments