Merge pull request #175 from UncoderIO/gis-aql-upd-2024-07-17

new fields

Author: nazargesyk

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml

@@ -47,6 +47,7 @@ field_mapping:
   c-uri-query: xdm.network.http.url
   QueryName: xdm.network.dns.dns_question.name
   Application: xdm.network.application_protocol
+  sourceNetwork: xdm.source.subnet
   SourceHostName: xdm.source.host.hostname
   DestinationHostname: xdm.target.host.hostname
   Hashes:
@@ -128,7 +129,13 @@ field_mapping:
   url_category: xdm.network.http.url_category
   EventSeverity: xdm.alert.severity
   duration: xdm.event.duration
+  ThreatName: xdm.alert.original_threat_id
+  AnalyzerName: xdm.observer.type
+  Classification: xdm.alert.category
+  ResultCode: xdm.event.outcome_reason
+  Technique: xdm.alert.mitre_techniques
+  Action: xdm.event.outcome
   FileExtension: xdm.target.file.extension
   Workstation: xdm.source.host.hostname
   RegistryKey: xdm.target.registry.key
-  RegistryValue: xdm.target.registry.value
+  RegistryValue: xdm.target.registry.value

uncoder-core/app/translator/mappings/platforms/qradar/default.yml

@@ -35,6 +35,7 @@ field_mapping:
   User:
     - userName
     - EventUserName
+    - Alert Threat Cause Actor Name
     - Username
     - Security ID
   CommandLine: Command
@@ -44,6 +45,7 @@ field_mapping:
   Application:
     - Application
     - application
+  sourceNetwork: sourceNetwork
   SourceHostName:
     - HostCount-source
     - identityHostName
@@ -82,6 +84,14 @@ field_mapping:
     - Source
     - source
   duration: duration
+  ThreatName:
+    - Threat Name
+    - Alert Blocked Threat Category
+  AnalyzerName: Analyzer Name
+  Classification: Classification
+  ResultCode: Alert Reason Code
+  Technique: Technique
+  Action: Action
   Workstation: Machine Identifier
   GroupMembership: Role Name
   FileName: 
@@ -91,4 +101,4 @@ field_mapping:
     - Registry Key
     - Target Object
   RegistryValue: RegistryValue
-  ProcessPath: Process Path
+  ProcessPath: Process Path