diff --git a/src/main/resources/OSMapping/linux/fieldmappings.yml b/src/main/resources/OSMapping/linux/fieldmappings.yml
index 1e4229875..aedb0394f 100644
--- a/src/main/resources/OSMapping/linux/fieldmappings.yml
+++ b/src/main/resources/OSMapping/linux/fieldmappings.yml
@@ -1,37 +1,15 @@
 fieldmappings:
-  CommandLine: process-command_line
-  CurrentDirectory: process-working_directory
-  DestinationHostname: DestinationHostname
-  DestinationIp: DestinationIp
-  Image: process-executable
-  LogonId: process-user-id
-  ParentCommandLine: process-parent-command_line
-  ParentImage: process-parent-executable
-  TargetFilename: TargetFilename
-  USER: USER
-  User: process-user-name
+  name: user-filesystem-name
   a0: auditd-log-a0
-  a1: auditd-log-a1
-  a2: auditd-log-a2
-  a3: auditd-log-a3
-  a4: auditd-log-a4
-  a5: auditd-log-a5
-  a6: auditd-log-a6
-  a7: auditd-log-a7
   comm: auditd-log-comm
-  cwd: cwd
-  dd: dd
   exe: auditd-log-exe
-  execve: execve
-  filter: filter
-  key: key
-  name: name
-  pam_message: pam_message
-  pam_rhost: pam_rhost
-  pam_user: pam_user
-  proctitle: proctitle
-  syscall: syscall
-  truncate: truncate
-  type: type
-  uid: uid
-  unit: unit
\ No newline at end of file
+  uid: auditd-log-uid
+  USER: system-auth-user
+  User: system-auth-user
+  Image: process-exe
+  DestinationHostname: rsa-web-remote_domain
+  CommandLine: process-command_line
+  ParentImage: process-parent-executable
+  CurrentDirectory: process-working_directory
+  LogonId: process-real_user-id
+
diff --git a/src/main/resources/OSMapping/linux/mappings.json b/src/main/resources/OSMapping/linux/mappings.json
index ff4f86515..bff2b5649 100644
--- a/src/main/resources/OSMapping/linux/mappings.json
+++ b/src/main/resources/OSMapping/linux/mappings.json
@@ -1,148 +1,52 @@
 {
   "properties": {
-    "type": {
-      "type": "alias",
-      "path": "type"
-    },
-    "name": {
-      "type": "alias",
-      "path": "name"
+    "user-filesystem-name": {
+      "path": "user.filesystem.name",
+      "type": "alias"
     },
     "auditd-log-a0": {
-      "type": "alias",
-      "path": "auditd-log-a0"
-    },
-    "auditd-log-a1": {
-      "type": "alias",
-      "path": "auditd-log-a1"
-    },
-    "auditd-log-a2": {
-      "type": "alias",
-      "path": "auditd-log-a2"
-    },
-    "auditd-log-a3": {
-      "type": "alias",
-      "path": "auditd-log-a3"
-    },
-    "auditd-log-a4": {
-      "type": "alias",
-      "path": "auditd-log-a4"
-    },
-    "auditd-log-a5": {
-      "type": "alias",
-      "path": "auditd-log-a5"
-    },
-    "auditd-log-a6": {
-      "type": "alias",
-      "path": "auditd-log-a6"
-    },
-    "auditd-log-a7": {
-      "type": "alias",
-      "path": "auditd-log-a7"
-    },
-    "execve": {
-      "type": "alias",
-      "path": "execve"
-    },
-    "truncate": {
-      "type": "alias",
-      "path": "truncate"
-    },
-    "dd": {
-      "type": "alias",
-      "path": "dd"
-    },
-    "filter": {
-      "type": "alias",
-      "path": "filter"
-    },
-    "auditd-log-exe": {
-      "type": "alias",
-      "path": "auditd-log-exe"
+      "path": "auditd.log.a0",
+      "type": "alias"
     },
     "auditd-log-comm": {
-      "type": "alias",
-      "path": "auditd-log-comm"
+      "path": "auditd.log.comm",
+      "type": "alias"
     },
-    "proctitle": {
-      "type": "alias",
-      "path": "proctitle"
-    },
-    "unit": {
-      "type": "alias",
-      "path": "unit"
-    },
-    "key": {
-      "type": "alias",
-      "path": "key"
-    },
-    "syscall": {
-      "type": "alias",
-      "path": "syscall"
-    },
-    "uid": {
-      "type": "alias",
-      "path": "uid"
-    },
-    "cwd": {
-      "type": "alias",
-      "path": "cwd"
-    },
-    "USER": {
-      "type": "alias",
-      "path": "USER"
-    },
-    "TargetFilename": {
-      "type": "alias",
-      "path": "TargetFilename"
-    },
-    "Image": {
-      "type": "alias",
-      "path": "process-executable"
-    },
-    "DestinationIp": {
-      "type": "alias",
-      "path": "DestinationIp"
+    "auditd-log-exe": {
+      "path": "auditd.log.exe",
+      "type": "alias"
     },
-    "DestinationHostname": {
-      "type": "alias",
-      "path": "DestinationHostname"
+    "auditd-log-uid": {
+      "path": "auditd.log.uid",
+      "type": "alias"
     },
-    "pam_message": {
-      "type": "alias",
-      "path": "pam_message"
+    "system-auth-user": {
+      "path": "auditd.log.exe",
+      "type": "alias"
     },
-    "pam_rhost": {
-      "type": "alias",
-      "path": "pam_rhost"
+    "process-exe": {
+      "path": "process.exe",
+      "type": "alias"
     },
-    "pam_user": {
-      "type": "alias",
-      "path": "pam_user"
+    "rsa-web-remote_domain": {
+      "path": "rsa.web.remote_domain",
+      "type": "alias"
     },
-    "CommandLine": {
-      "type": "alias",
-      "path": "process-command_line"
+    "process-command_line": {
+      "path": "process.command_line",
+      "type": "alias"
     },
     "process-parent-executable": {
-      "type": "alias",
-      "path": "process-parent-executable"
-    },
-    "process-user-id": {
-      "type": "alias",
-      "path": "process-user-id"
-    },
-    "process-user-name": {
-      "type": "alias",
-      "path": "process-user-name"
+      "path": "process.parent.executable",
+      "type": "alias"
     },
     "process-working_directory": {
-      "type": "alias",
-      "path": "process-working_directory"
+      "path": "process.working_directory",
+      "type": "alias"
+    },
+    "process-real_user-id": {
+      "path": "process.real_user.id",
+      "type": "alias"
     },
-    "process-parent-command_line": {
-      "type": "alias",
-      "path": "process-parent-command_line"
-    }
   }
 }
\ No newline at end of file