Merge pull request #144 from UncoderIO/update_qradar_palo_alto_mapping

saltar-ua · web-flow · commit 378d217e7d1d · 2024-06-13T16:47:00.000+03:00
Updated qradar and palo_alto mappings
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
@@ -35,6 +35,7 @@ field_mapping:
   DestinationIp: xdm.target.ipv4
   dst-port: xdm.target.port
   DestinationPort: xdm.target.port
+  destinationPort: xdm.target.port
   src-bytes: xdm.source.sent_bytes
   dst-bytes: xdm.target.sent_bytes
   src-hostname: xdm.source.host.hostname
@@ -82,6 +83,7 @@ field_mapping:
   SourceAddress: xdm.source.ipv4
   TargetSid: xdm.target.user.identifier
   TargetUserName: xdm.target.user.username
+  SourceUserName: xdm.source.user.username
   ParentProcessName: xdm.source.process.executable.path
   client.user.full_name: xdm.target.user.username
   source.user.full_name: xdm.source.user.username
@@ -122,3 +124,4 @@ field_mapping:
   DestinationMAC: xdm.target.host.mac_addresses
   SourceOS: xdm.source.host.os
   DestinationOS: xdm.target.host.os
+  url_category: xdm.network.http.url_category
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/proxy.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/proxy.yml
@@ -19,4 +19,5 @@ field_mapping:
   cs-cookie: xdm.network.http.http_header.value
   #cs-version: cs-version
   r-dns:  xdm.network.http.domain
-  post-body: xdm.network.http.http_header.value
+  post-body: xdm.network.http.http_header.value
+  url_category: xdm.network.http.url_category
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
@@ -27,21 +27,22 @@ field_mapping:
     - destination_ip
     - destinationIP
     - destinationaddress
-  User: 
+  User:
     - userName
     - EventUserName
   CommandLine: Command
   Protocol: IPProtocol
   Application:
     - Application
     - application
-  SourceHostName: 
+  SourceHostName:
     - HostCount-source
     - identityHostName
     - sourceAssetName
-  DestinationHostname: 
+  DestinationHostname:
     - HostCount-destination
     - Recipient Host
+    - DestinationHostName
   src-packets:
     - PacketRatio-src
     - src-packets
@@ -51,11 +52,14 @@ field_mapping:
   src-bytes: src-bytes
   dst-bytes: dst-bytes
   ExternalSeverity: External Severity
-  SourceMAC: 
+  SourceMAC:
     - SourceMAC
     - MAC
   DestinationMAC: DestinationMAC
-  SourceOS: 
+  SourceOS:
     - SourceOS
     - OS
-  DestinationOS: DestinationOS
+  DestinationOS: DestinationOS
+  TargetUserName: DestinationUserName
+  SourceUserName: SourceUserName
+  url_category: XForceCategoryByURL
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml b/uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml
@@ -17,19 +17,20 @@ field_mapping:
   cs-bytes: Bytes Sent
   #cs-cookie-vars: cs-cookie-vars
   c-uri-extension: URL
-  c-uri-query: 
+  c-uri-query:
     - URL
     - URL Path
   #cs-cookie: cs-cookie
-  cs-host: 
+  cs-host:
     - UrlHost
     - URL Host
-  cs-referrer: 
+  cs-referrer:
     - URL Referrer
     - Referrer URL
   cs-version: HTTP Version
   r-dns:
     - UrlHost
     - URL Host
   sc-status: HTTP Response Code
-  #post-body: post-body
+  #post-body: post-body
+  url_category: XForceCategoryByURL
