SigmaHQ/tools/config/qualys.yml

fieldmappings:
    dst:
        - network.remote.address.ip
    dst_ip:
        - network.remote.address.ip
    src:
        - network.local.address.ip
    src_ip:
        - network.local.address.ip
    file_hash:
        - file.hash.md5
        - file.hash.sha256
    NewProcessName: process.name
    ServiceName: process.name
    ServiceFileName: process.name
    TargetObject: registry.path
Added ArcSight & Qualys backends 2018-06-07 13:18:23 +00:00			`fieldmappings:`
			`dst:`
			`- network.remote.address.ip`
			`dst_ip:`
			`- network.remote.address.ip`
			`src:`
			`- network.local.address.ip`
			`src_ip:`
			`- network.local.address.ip`
			`file_hash:`
			`- file.hash.md5`
			`- file.hash.sha256`
			`NewProcessName: process.name`
			`ServiceName: process.name`
			`ServiceFileName: process.name`
			`TargetObject: registry.path`