Skip to content

Commit 8b77550

Browse files
nazargesyknazargesyk
authored
Merge pull request #160 from UncoderIO/gis-aql-upd-26-06-2024
upd qradar field mapping
2 parents 3169751 + 8d4f8d4 commit 8b77550

File tree

5 files changed

+17
-5
lines changed

5 files changed

+17
-5
lines changed

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/dns.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,5 @@ field_mapping:
1010
#dns-record: dns-record
1111
dns_query_name: xdm.network.dns.dns_question.name
1212
QueryName: xdm.network.dns.dns_question.name
13-
query: xdm.network.dns.dns_question.name
13+
query: xdm.network.dns.dns_question.name
14+
dns-record-type: xdm.network.dns.dns_question.type

uncoder-core/app/translator/mappings/platforms/qradar/default.yml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,9 @@ field_mapping:
3535
- userName
3636
- EventUserName
3737
CommandLine: Command
38-
Protocol: IPProtocol
38+
Protocol:
39+
- IPProtocol
40+
- protocol
3941
Application:
4042
- Application
4143
- application
@@ -61,6 +63,7 @@ field_mapping:
6163
SourceMAC:
6264
- SourceMAC
6365
- MAC
66+
- sourceMAC
6467
DestinationMAC: DestinationMAC
6568
SourceOS:
6669
- SourceOS
@@ -69,4 +72,7 @@ field_mapping:
6972
TargetUserName: DestinationUserName
7073
SourceUserName: SourceUserName
7174
url_category: XForceCategoryByURL
72-
EventSeverity: EventSeverity
75+
EventSeverity: EventSeverity
76+
Source:
77+
- Source
78+
- source

uncoder-core/app/translator/mappings/platforms/qradar/dns.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,5 @@ field_mapping:
1212
dns-query: URL
1313
parent-domain: parent-domain
1414
dns-answer: dns-answer
15-
dns-record: URL
15+
dns-record: URL
16+
dns-record-type: DNSRecordType

uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ field_mapping:
2424
cs-host:
2525
- UrlHost
2626
- URL Host
27+
- URL Domain
2728
cs-referrer:
2829
- URL Referrer
2930
- Referrer URL

uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,9 @@ field_mapping:
4141
LinkName: LinkName
4242
MemberName: MemberName
4343
MemberSid: MemberSid
44-
NewProcessName: Process Name
44+
NewProcessName:
45+
- Process Name
46+
- New Process Name
4547
ObjectClass: ObjectClass
4648
ObjectName:
4749
- Object Name
@@ -122,6 +124,7 @@ field_mapping:
122124
ServiceFileName:
123125
- Service Filename
124126
- ServiceFileName
127+
- Service File Name
125128
SecurityDescriptor: SecurityDescriptor
126129
ServiceName: Service Name
127130
ShareName:

0 commit comments

Comments
 (0)