From 3444c39eb57fb3d75022c1bbc41686c1240c843b Mon Sep 17 00:00:00 2001
From: "opensearch-trigger-bot[bot]"
 <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Date: Tue, 21 Feb 2023 10:09:18 -0800
Subject: [PATCH] update others_web mappings (#304) (#348)

Signed-off-by: Grant Haywood <grant@phaseshift.studio>
---
 .../OSMapping/others_web/fieldmappings.yml    | 11 +++---
 .../OSMapping/others_web/mappings.json        | 38 +++++++++----------
 2 files changed, 25 insertions(+), 24 deletions(-)

diff --git a/src/main/resources/OSMapping/others_web/fieldmappings.yml b/src/main/resources/OSMapping/others_web/fieldmappings.yml
index 8d7fd290e..17eb29dda 100644
--- a/src/main/resources/OSMapping/others_web/fieldmappings.yml
+++ b/src/main/resources/OSMapping/others_web/fieldmappings.yml
@@ -1,8 +1,9 @@
 # this file provides pre-defined mappings for Sigma fields defined for all Sigma rules under web log group to their corresponding ECS Fields.
 fieldmappings:
-  EventID: event_uid
-  HiveName: unmapped.HiveName
-  fieldB: mappedB
-  fieldA1: mappedA
+  c-uri: rsa-web-p_url
+  sc-status: rsa-misc-status
+  c-useragent: rsa-web-p_user_agent
+  cs-method: rsa-web-p_web_method
+  cs-uri-query: rsa-web-web_ref_query
+  cs-username: rsa-misc-username_fld
   creationTime: timestamp
-
diff --git a/src/main/resources/OSMapping/others_web/mappings.json b/src/main/resources/OSMapping/others_web/mappings.json
index a3ccdca77..ea2dd3910 100644
--- a/src/main/resources/OSMapping/others_web/mappings.json
+++ b/src/main/resources/OSMapping/others_web/mappings.json
@@ -1,32 +1,32 @@
 {
   "properties": {
-    "windows-event_data-CommandLine": {
-      "type": "alias",
-      "path": "CommandLine"
+    "rsa-web-p_url": {
+      "path": "rsa.web.p_url",
+      "type": "alias"
     },
-    "event_uid": {
-      "type": "alias",
-      "path": "EventID"
+    "rsa-misc-status": {
+      "path": "rsa.misc.status",
+      "type": "alias"
     },
-    "windows-hostname": {
-      "type": "alias",
-      "path": "HostName"
+    "rsa-web-p_user_agent": {
+      "path": "rsa.web.p_user_agent",
+      "type": "alias"
     },
-    "windows-message": {
-      "type": "alias",
-      "path": "Message"
+    "rsa-web-p_web_method": {
+      "path": "rsa.web.p_web_method",
+      "type": "alias"
     },
-    "windows-provider-name": {
-      "type": "alias",
-      "path": "Provider_Name"
+    "rsa-web-web_ref_query": {
+      "path": "rsa.web.web_ref_query",
+      "type": "alias"
     },
-    "windows-servicename": {
-      "type": "alias",
-      "path": "ServiceName"
+    "rsa-misc-username_fld": {
+      "path": "rsa.misc.username_fld",
+      "type": "alias"
     },
     "timestamp": {
       "path": "creationTime",
       "type": "alias"
     }
   }
-}
\ No newline at end of file
+}