mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 09:48:58 +00:00
116 lines
2.3 KiB
YAML
116 lines
2.3 KiB
YAML
title: Custom mappings for stix-shifter project
|
|
backends:
|
|
- stix
|
|
order: 30
|
|
fieldmappings:
|
|
# x-oca-event SCO
|
|
action:
|
|
- x-oca-event:action
|
|
operation:
|
|
- x-oca-event:action
|
|
event.category:
|
|
- x-oca-event:category
|
|
eventName:
|
|
- x-oca-event:action
|
|
eventType:
|
|
- x-oca-event:category
|
|
Description:
|
|
- x-oca-event:action
|
|
- x-ibm-finding:description
|
|
Event-ID:
|
|
- x-oca-event:code
|
|
EventID:
|
|
- x-oca-event:code
|
|
Event_ID:
|
|
- x-oca-event:code
|
|
event-id:
|
|
- x-oca-event:code
|
|
eventId:
|
|
- x-oca-event:code
|
|
EventType:
|
|
- x-oca-event:action
|
|
Message:
|
|
- x-oca-event:original
|
|
Details:
|
|
- windows-registry-key:values[*].data
|
|
- x-oca-event:original
|
|
event_id:
|
|
- x-oca-event:code
|
|
eventid:
|
|
- x-oca-event:code
|
|
type:
|
|
- x-oca-event:action
|
|
pam_message:
|
|
- x-oca-event:action
|
|
|
|
# x-oca-asset SCO
|
|
cs-host:
|
|
- x-oca-asset:hostname
|
|
- domain-name:value
|
|
eventSource:
|
|
- x-oca-asset:hostname
|
|
ComputerName:
|
|
- x-oca-asset:hostname
|
|
pam_rhost:
|
|
- x-oca-asset:hostname
|
|
|
|
# DNS network extension
|
|
r-dns:
|
|
- domain-name:value
|
|
- url:value
|
|
- network-traffic:extensions.'dns-ext'.question.domain_ref
|
|
query:
|
|
- domain-name:value
|
|
- url:value
|
|
- network-traffic:extensions.'dns-ext'.question.domain_ref
|
|
|
|
# x-ibm-finding object
|
|
credescription:
|
|
- x-ibm-finding:description
|
|
crename:
|
|
- x-ibm-finding:name
|
|
rulenames:
|
|
- x-ibm-finding:rule_names[*]
|
|
|
|
# x-qradar custom object
|
|
categoryid:
|
|
- x-qradar:category_id
|
|
categoryname:
|
|
- x-qradar:category_name
|
|
credibility:
|
|
- x-qradar:credibility
|
|
Device:
|
|
- x-qradar:device_type
|
|
- file:name
|
|
devicetype:
|
|
- x-qradar:device_type
|
|
direction:
|
|
- x-qradar:direction
|
|
domainid:
|
|
- x-qradar:domain_id
|
|
geographic:
|
|
- x-qradar:geographic
|
|
high_level_category_id:
|
|
- x-qradar:high_level_category_id
|
|
high_level_category_name:
|
|
- x-qradar:high_level_category_name
|
|
identityhostname:
|
|
- x-qradar:identity_host_name
|
|
logsourceid:
|
|
- x-qradar:log_source_id
|
|
logsourcename:
|
|
- x-qradar:log_source_name
|
|
logsourcetypename:
|
|
- x-qradar:log_source_type_name
|
|
magnitude:
|
|
- x-qradar:magnitude
|
|
qid:
|
|
- x-qradar:qid
|
|
qidname:
|
|
- x-qradar:event_name
|
|
relevance:
|
|
- x-qradar:relevance
|
|
severity:
|
|
- x-qradar:severity
|
|
|