From e136ca4d4615117952bb9df6420cfd9e9b559675 Mon Sep 17 00:00:00 2001 From: Grant Haywood Date: Tue, 10 Jan 2023 20:05:28 -0700 Subject: [PATCH] update others_application mappings Signed-off-by: Grant Haywood --- .../others_application/fieldmappings.yml | 7 +++--- .../others_application/mappings.json | 24 ++++--------------- 2 files changed, 7 insertions(+), 24 deletions(-) diff --git a/src/main/resources/OSMapping/others_application/fieldmappings.yml b/src/main/resources/OSMapping/others_application/fieldmappings.yml index e1dba4476..1258c9ee1 100644 --- a/src/main/resources/OSMapping/others_application/fieldmappings.yml +++ b/src/main/resources/OSMapping/others_application/fieldmappings.yml @@ -1,7 +1,6 @@ # this file provides pre-defined mappings for Sigma fields defined for all Sigma rules under application log group to their corresponding ECS Fields. fieldmappings: - EventID: event_uid - HiveName: unmapped.HiveName - fieldB: mappedB - fieldA1: mappedA + Signature: abusech-malware-signature + Filename: file-name + diff --git a/src/main/resources/OSMapping/others_application/mappings.json b/src/main/resources/OSMapping/others_application/mappings.json index 48cdda71d..33a27986b 100644 --- a/src/main/resources/OSMapping/others_application/mappings.json +++ b/src/main/resources/OSMapping/others_application/mappings.json @@ -1,28 +1,12 @@ { "properties": { - "windows-event_data-CommandLine": { + "abusech-malware-signature": { "type": "alias", - "path": "CommandLine" + "path": "abusech.malware.signature" }, - "event_uid": { + "file-name": { "type": "alias", - "path": "EventID" - }, - "windows-hostname": { - "type": "alias", - "path": "HostName" - }, - "windows-message": { - "type": "alias", - "path": "Message" - }, - "windows-provider-name": { - "type": "alias", - "path": "Provider_Name" - }, - "windows-servicename": { - "type": "alias", - "path": "ServiceName" + "path": "file.name" } } } \ No newline at end of file