Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update others_cloud mappings #301

Merged
merged 1 commit into from
Feb 21, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 22 additions & 5 deletions src/main/resources/OSMapping/others_cloud/fieldmappings.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,24 @@
# this file provides pre-defined mappings for Sigma fields defined for all Sigma rules under cloud log group to their corresponding ECS Fields.
fieldmappings:
EventID: event_uid
HiveName: unmapped.HiveName
fieldB: mappedB
fieldA1: mappedA
creationTime: timestamp
eventSource: winlog-provider_name
status: azure-platformlogs-status
eventService: winlog-event_data-ServiceName
ResultType: azure-platformlogs-result_type
ResultDescription: azure-signinlogs-result_description
Operation: azure-activitylogs-operation_name
Resultdescription: azure-signinlogs-result_description
AuthenticationRequirement: azure-signinlogs-properties-authentication_requirement
Status: azure-platformlogs-status
OperationName: azure-auditlogs-operation_name
ResourceId: azure-resource-id
OperationNameValue: azure-auditlogs-operation_name
TargetResources: azure-auditlogs-properties-target_resources
NetworkLocationDetails: azure-signinlogs-properties-network_location_details
DeviceDetail.deviceId: azure-signinlogs-properties-device_detail-device_id
ResourceDisplayName: azure-signinlogs-properties-resource_display_name
conditionalAccessStatus: azure-signinlogs-properties-conditional_access_status
LoggedByService: azure-auditlogs-properties-logged_by_service
DeviceDetail.isCompliant: azure-signinlogs-properties-device_detail-is_compliant
ActivityDisplayName: azure-auditlogs-properties-activity_display_name
gcp.audit.method_name: gcp-audit-method_name

86 changes: 65 additions & 21 deletions src/main/resources/OSMapping/others_cloud/mappings.json
Original file line number Diff line number Diff line change
@@ -1,32 +1,76 @@
{
"properties": {
"windows-event_data-CommandLine": {
"type": "alias",
"path": "CommandLine"
"winlog-provider_name": {
"path": "winlog.provider_name",
"type": "alias"
},
"azure-platformlogs-status": {
"path": "azure.platformlogs.status",
"type": "alias"
},
"winlog-event_data-ServiceName": {
"path": "winlog.event_data.ServiceName",
"type": "alias"
},
"azure-platformlogs-result_type": {
"path": "azure.platformlogs.result_type",
"type": "alias"
},
"azure-signinlogs-result_description": {
"path": "azure.signinlogs.result_description",
"type": "alias"
},
"azure-activitylogs-operation_name": {
"path": "azure.activitylogs.operation_name",
"type": "alias"
},
"azure-signinlogs-properties-authentication_requirement": {
"path": "azure.signinlogs.properties.authentication_requirement",
"type": "alias"
},
"azure-auditlogs-operation_name": {
"path": "azure.auditlogs.operation_name",
"type": "alias"
},
"azure-resource-id": {
"path": "azure.resource.id",
"type": "alias"
},
"azure-auditlogs-properties-target_resources": {
"path": "azure.auditlogs.properties.target_resources",
"type": "alias"
},
"azure-signinlogs-properties-network_location_details": {
"path": "azure.signinlogs.properties.network_location_details",
"type": "alias"
},
"event_uid": {
"type": "alias",
"path": "EventID"
"azure-signinlogs-properties-device_detail-device_id": {
"path": "azure.signinlogs.properties.device_detail.device_id",
"type": "alias"
},
"windows-hostname": {
"type": "alias",
"path": "HostName"
"azure-signinlogs-properties-resource_display_name": {
"path": "azure.signinlogs.properties.resource_display_name",
"type": "alias"
},
"windows-message": {
"type": "alias",
"path": "Message"
"azure-signinlogs-properties-conditional_access_status": {
"path": "azure.signinlogs.properties.conditional_access_status",
"type": "alias"
},
"windows-provider-name": {
"type": "alias",
"path": "Provider_Name"
"azure-auditlogs-properties-logged_by_service": {
"path": "azure.auditlogs.properties.logged_by_service",
"type": "alias"
},
"windows-servicename": {
"type": "alias",
"path": "ServiceName"
"azure-signinlogs-properties-device_detail-is_compliant": {
"path": "azure.signinlogs.properties.device_detail.is_compliant",
"type": "alias"
},
"azure-auditlogs-properties-activity_display_name": {
"path": "azure.auditlogs.properties.activity_display_name",
"type": "alias"
},
"creationTime": {
"path": "creationTime",
"gcp-audit-method_name": {
"path": "gcp.audit.method_name",
"type": "alias"
}
}
}
}