upd fields

spsocprime · spsocprime · commit 8d4f8d4911ac · 2024-06-26T12:21:17.000+03:00
diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/dns.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/dns.yml
@@ -10,4 +10,5 @@ field_mapping:
   #dns-record: dns-record
   dns_query_name: xdm.network.dns.dns_question.name
   QueryName: xdm.network.dns.dns_question.name
-  query: xdm.network.dns.dns_question.name
+  query: xdm.network.dns.dns_question.name
+  dns-record-type: xdm.network.dns.dns_question.type
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
@@ -35,7 +35,9 @@ field_mapping:
     - userName
     - EventUserName
   CommandLine: Command
-  Protocol: IPProtocol
+  Protocol: 
+    - IPProtocol
+    - protocol
   Application:
     - Application
     - application
@@ -61,6 +63,7 @@ field_mapping:
   SourceMAC:
     - SourceMAC
     - MAC
+    - sourceMAC
   DestinationMAC: DestinationMAC
   SourceOS:
     - SourceOS
@@ -69,4 +72,7 @@ field_mapping:
   TargetUserName: DestinationUserName
   SourceUserName: SourceUserName
   url_category: XForceCategoryByURL
-  EventSeverity: EventSeverity
+  EventSeverity: EventSeverity
+  Source: 
+    - Source
+    - source
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/dns.yml b/uncoder-core/app/translator/mappings/platforms/qradar/dns.yml
@@ -12,4 +12,5 @@ field_mapping:
   dns-query: URL
   parent-domain: parent-domain
   dns-answer: dns-answer
-  dns-record: URL
+  dns-record: URL
+  dns-record-type: DNSRecordType
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml b/uncoder-core/app/translator/mappings/platforms/qradar/proxy.yml
@@ -24,6 +24,7 @@ field_mapping:
   cs-host:
     - UrlHost
     - URL Host
+    - URL Domain
   cs-referrer:
     - URL Referrer
     - Referrer URL
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/qradar/windows_security.yml
@@ -41,7 +41,9 @@ field_mapping:
   LinkName: LinkName
   MemberName: MemberName
   MemberSid: MemberSid
-  NewProcessName: Process Name
+  NewProcessName: 
+    - Process Name
+    - New Process Name
   ObjectClass: ObjectClass
   ObjectName: 
     - Object Name
@@ -122,6 +124,7 @@ field_mapping:
   ServiceFileName: 
     - Service Filename
     - ServiceFileName
+    - Service File Name
   SecurityDescriptor: SecurityDescriptor
   ServiceName: Service Name
   ShareName: 
