mappings improvement from 7989

spsocprime · spsocprime · commit fa0e8b79834c · 2024-06-13T13:27:17.000+03:00
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
@@ -118,3 +118,7 @@ field_mapping:
   SubjectAccountName: xdm.source.user.username
   ComputerName: xdm.source.host.hostname
   ExternalSeverity: xdm.alert.severity
+  SourceMAC: xdm.source.host.mac_addresses
+  DestinationMAC: xdm.target.host.mac_addresses
+  SourceOS: xdm.source.host.os
+  DestinationOS: xdm.target.host.os
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
@@ -9,6 +9,7 @@ default_log_source:
 
 field_mapping:
   icmp.type: IcmpType
+  icmp.code: IcmpCode
   dst-port:
     - DstPort
     - DestinationPort
@@ -26,7 +27,9 @@ field_mapping:
     - destination_ip
     - destinationIP
     - destinationaddress
-  User: userName
+  User: 
+    - userName
+    - EventUserName
   CommandLine: Command
   Protocol: IPProtocol
   Application:
@@ -47,4 +50,12 @@ field_mapping:
     - dst-packets
   src-bytes: src-bytes
   dst-bytes: dst-bytes
-  ExternalSeverity: External Severity
+  ExternalSeverity: External Severity
+  SourceMAC: 
+    - SourceMAC
+    - MAC
+  DestinationMAC: DestinationMAC
+  SourceOS: 
+    - SourceOS
+    - OS
+  DestinationOS: DestinationOS
