mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 09:48:58 +00:00
22 lines
467 B
YAML
22 lines
467 B
YAML
title: Devo sourcetype mappings for network sources
|
|
order: 20
|
|
backends:
|
|
- devo
|
|
logsources:
|
|
firewall-product:
|
|
product: firewall
|
|
index: firewall.all.traffic
|
|
firewall-category:
|
|
category: firewall
|
|
index: firewall.all.traffic
|
|
dns:
|
|
category: dns
|
|
index: network.dns
|
|
fieldmappings:
|
|
src_ip: srcIp
|
|
dst_ip: dstIp
|
|
dst_port: dstPort
|
|
parent_domain: select rootdomain(name) as parent_domain
|
|
record_type: type
|
|
answer: answers
|
|
query: name |