valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: duplicate field values in YAML configs

Browse Source
This commit is contained in:
Florian Roth 2021-03-20 08:49:43 +01:00
parent dd4a1ac393
commit 1fc408bfaa
3 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tools/config/carbon-black.yml
View File

@ -26,7 +26,6 @@ fieldmappings:
#Signature: digsig_result #Signature: digsig_result
SourceIp: ipaddr SourceIp: ipaddr
DestinationAddress: ipaddr DestinationAddress: ipaddr
DestinationPort: ipport
DestPort: ipport DestPort: ipport
TargetObject: regmod TargetObject: regmod
TargetFilename: filemod TargetFilename: filemod
@ -38,15 +37,11 @@ fieldmappings:
Product: product_name Product: product_name
Signature: digsig_publisher Signature: digsig_publisher
CallTrace: modload CallTrace: modload
DestinationHostname: domain
User: username User: username
StartModule: modload StartModule: modload
Company: company_name Company: company_name
Description: file_desc
FileVersion: file_version FileVersion: file_version
# DestinationHostname: hostname # DestinationHostname: hostname
# DestinationIp: ipaddr # DestinationIp: ipaddr
# DestinationPort: ipport # DestinationPort: ipport

1
tools/config/ecs-dns.yml
View File

@ -56,7 +56,6 @@ fieldmappings:
qclass: dns.qclass qclass: dns.qclass
qtype_name: dns.question.type qtype_name: dns.question.type
qtype: dns.qtype qtype: dns.qtype
query: dns.question.name
#question_length: labels.dns.query_length #question_length: labels.dns.query_length
RA: dns.RA RA: dns.RA
rcode_name: dns.response_code rcode_name: dns.response_code

1
tools/config/ecs-proxy.yml
View File

@ -37,7 +37,6 @@ fieldmappings:
c-uri-stem: url.original c-uri-stem: url.original
c-uri: url.original c-uri: url.original
c-useragent: user_agent.original c-useragent: user_agent.original
cs-bytes: http.request.body.bytes
cs-cookie: http.cookie cs-cookie: http.cookie
cs-host: cs-host:
- url.domain - url.domain