Merge pull request #134 from UncoderIO/gis-06-11-24

mappings update4

Author: saltar-ua

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/proxy.yml

@@ -11,4 +11,6 @@ field_mapping:
   cs-bytes: xdm.target.sent_bytes
   c-uri-query: xdm.network.http.url
   cs-referrer: xdm.network.http.referrer
-  sc-status: xdm.network.http.response_code
+  sc-status: xdm.network.http.response_code
+  cs-host: xdm.network.http.url
+  cs-uri-query: xdm.network.http.url

uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_network_connection.yml

@@ -51,4 +51,8 @@ field_mapping:
   ParentIntegrityLevel: causality_actor_process_integrity_level
   ParentLogonId: causality_actor_process_logon_id
   ParentProduct: causality_actor_process_signature_product
-  ParentCompany: causality_actor_process_signature_vendor
+  ParentCompany: causality_actor_process_signature_vendor
+
+
+raw_log_fields:
+  - Initiated

uncoder-core/app/translator/mappings/platforms/sigma/windows_pipe_created.yml

@@ -0,0 +1,16 @@
+platform: Sigma
+source: windows_pipe_created
+
+
+log_source:
+  product: [windows]
+  category: [pipe_created]
+
+default_log_source:
+  product: windows
+  category: pipe_created
+
+field_mapping:
+  EventID: action_evtlog_event_id
+  PipeName: PipeName
+  Image: Image

uncoder-core/app/translator/mappings/platforms/sigma/windows_registry_event.yml

@@ -3,7 +3,7 @@ source: windows_registry_event
 
 log_source:
   product: [windows]
-  category: [registry_event, registry_set]
+  category: [registry_event, registry_set, registry_delete, registry_add]
 
 default_log_source:
   product: windows