Merge pull request #113 from rm-socprime/webservers_slack

saltar-ua · web-flow · commit 5e68d2faeb92 · 2024-05-28T17:01:05.000+03:00
add webserver and slack
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/apache_httpd.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/apache_httpd.yml
@@ -0,0 +1,15 @@
+platform: Palo Alto XSIAM
+source: apache_httpd
+
+
+default_log_source:
+  dataset: apache_httpd_raw
+
+field_mapping:
+  c-uri: xdm.network.http.url
+  c-useragent: xdm.source.user_agent
+  cs-method: xdm.network.http.method
+  cs-bytes: xdm.target.sent_bytes
+  c-uri-query: xdm.network.http.url
+  cs-referrer: xdm.network.http.referrer
+  sc-status: xdm.network.http.response_code
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/apache_tomcat.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/apache_tomcat.yml
@@ -0,0 +1,13 @@
+platform: Palo Alto XSIAM
+source: apache_tomcat
+
+
+default_log_source:
+  dataset: apache_tomcat_raw
+
+field_mapping:
+  c-uri: xdm.network.http.url
+  c-useragent: User_agent
+  cs-method: xdm.network.http.method
+  cs-bytes: xdm.target.sent_bytes
+  sc-status: xdm.network.http.response_code
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/nginx_nginx.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/nginx_nginx.yml
@@ -0,0 +1,15 @@
+platform: Palo Alto XSIAM
+source: nginx_nginx
+
+
+default_log_source:
+  dataset: nginx_nginx_raw
+
+field_mapping:
+  c-uri: xdm.network.http.url
+  c-useragent: User_agent
+  cs-method: xdm.network.http.method
+  cs-bytes: xdm.target.sent_bytes
+  c-uri-query: xdm.network.http.url
+  cs-referrer: xdm.event.description
+  sc-status: xdm.network.http.response_code
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/slack_slack.yml
@@ -0,0 +1,9 @@
+platform: Palo Alto XSIAM
+source: slack_slack_raw
+
+
+default_log_source:
+  dataset: slack_slack_raw
+
+field_mapping:
+  c-action: xdm.event.operation
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/webserver copy.yml
@@ -0,0 +1,14 @@
+platform: Palo Alto XSIAM
+source: webserver
+
+default_log_source:
+  dataset: [apache_tomcat_raw, nginx_nginx_raw, apache_tomcat_raw]
+
+field_mapping:
+  c-uri: xdm.network.http.url
+  c-useragent: xdm.source.user_agent
+  cs-method: xdm.network.http.method
+  cs-bytes: xdm.target.sent_bytes
+  c-uri-query: xdm.network.http.url
+  cs-referrer: xdm.network.http.referrer
+  sc-status: xdm.network.http.response_code
