title: STIX for Linux Logs
backends:
  - stix
order: 40
logsources:
  linux:
    product: linux
fieldmappings:
  type:
    - x-event:action
  keywords:
    - artifact:payload_bin
  a0:
    - process:command_line
  a1:
    - process:command_line
  name:
    - file:name
  a3:
    - process:command_line
  key:
    - x-sigma:keywords
  exe:
    - file:name
  a2:
    - process:command_line
  SYSCALL:
    - x-event:action
  pam_message:
    - x-event:action
  pam_user:
    - user-account:user_id
  pam_rhost:
    - x-host:name
  USER:
    - user-account:user_id