Merge pull request #129 from rm-socprime/preset_xdr_event_log

saltar-ua · web-flow · commit d970669ef9ea · 2024-05-31T10:23:13.000+03:00
preset xdr_event_log
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_application.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_application.yml
@@ -2,7 +2,7 @@ platform: Palo Alto XSIAM
 source: windows_application
 
 default_log_source:
-  dataset: microsoft_windows_raw
+  preset: xdr_event_log
 
 field_mapping:
   EventID: action_evtlog_event_id
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_powershell.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_powershell.yml
@@ -3,7 +3,7 @@ source: windows_powershell
 
 
 default_log_source:
-  dataset: microsoft_windows_raw
+  preset: xdr_event_log
 
 field_mapping:
   EventID: action_evtlog_event_id
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml
@@ -2,7 +2,7 @@ platform: Palo Alto XSIAM
 source: windows_security
 
 default_log_source:
-  dataset: microsoft_windows_raw
+  preset: xdr_event_log
 
 field_mapping:
   EventID: action_evtlog_event_id
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml
@@ -3,7 +3,7 @@ source: windows_sysmon
 
 
 default_log_source:
-  dataset: microsoft_windows_raw
+  preset: xdr_event_log
 
 field_mapping:
   EventID: action_evtlog_event_id
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_system.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_system.yml
@@ -2,7 +2,7 @@ platform: Palo Alto XSIAM
 source: windows_system
 
 default_log_source:
-  dataset: microsoft_windows_raw
+  preset: xdr_event_log
 
 field_mapping:
   EventID: action_evtlog_event_id
