# Sumulogic mapping depends on customer configuration. Adapt to your context!
# typically rule on _sourceCategory, _index or Field Extraction Rules (FER)
# supposing existing FER for service, EventChannel, EventID
logsources:
  linux:
    product: linux
    index: LINUX
  linux-sshd:
    product: linux
    service: sshd
    index: LINUX
  linux-auth:
    product: linux
    service: auth
    index: LINUX
  linux-clamav:
    product: linux
    service: clamav
    index: LINUX
  windows:
    product: windows
    index: WINDOWS
  windows-sysmon:
    product: windows
    service: sysmon
    conditions:
      EventChannel: Microsoft-Windows-Sysmon
    index: WINDOWS
  windows-security:
    product: windows
    service: security
    conditions:
      EventChannel: Security
    index: WINDOWS
  windows-powershell:
    product: windows
    service: powershell
    conditions:
      EventChannel: Microsoft-Windows-Powershell
    index: WINDOWS
  windows-system:
    product: windows
    service: system
    conditions:
      EventChannel: System
    index: WINDOWS
  windows-dhcp:
    product: windows
    service: dhcp
    conditions: 
      EventChannel: Microsoft-Windows-DHCP-Server
    index: WINDOWS
  apache:
    product: apache
    service: apache
    index: WEBSERVER
  firewall:
    product: firewall
    index: FIREWALL
# if no index, search in all indexes