From a7051687df0d40e9d998ffa25c40c8e5d9a7845e Mon Sep 17 00:00:00 2001
From: phaseshiftg <115187865+phaseshiftg@users.noreply.github.com>
Date: Mon, 20 Feb 2023 15:00:11 -0700
Subject: [PATCH] update others_application mappings (#277)

Signed-off-by: Grant Haywood <grant@phaseshift.studio>
Co-authored-by: Subhobrata Dey <sbcd90@gmail.com>
---
 .../others_application/fieldmappings.yml      |  7 ++---
 .../others_application/mappings.json          | 28 +++----------------
 2 files changed, 6 insertions(+), 29 deletions(-)

diff --git a/src/main/resources/OSMapping/others_application/fieldmappings.yml b/src/main/resources/OSMapping/others_application/fieldmappings.yml
index 65ab8b638..853eb1cba 100644
--- a/src/main/resources/OSMapping/others_application/fieldmappings.yml
+++ b/src/main/resources/OSMapping/others_application/fieldmappings.yml
@@ -1,7 +1,4 @@
 # this file provides pre-defined mappings for Sigma fields defined for all Sigma rules under application log group to their corresponding ECS Fields.
 fieldmappings:
-  EventID: event_uid
-  HiveName: unmapped.HiveName
-  fieldB: mappedB
-  fieldA1: mappedA
-  creationTime: timestamp
+  Signature: abusech-malware-signature
+  Filename: file-name
\ No newline at end of file
diff --git a/src/main/resources/OSMapping/others_application/mappings.json b/src/main/resources/OSMapping/others_application/mappings.json
index a3ccdca77..33a27986b 100644
--- a/src/main/resources/OSMapping/others_application/mappings.json
+++ b/src/main/resources/OSMapping/others_application/mappings.json
@@ -1,32 +1,12 @@
 {
   "properties": {
-    "windows-event_data-CommandLine": {
+    "abusech-malware-signature": {
       "type": "alias",
-      "path": "CommandLine"
+      "path": "abusech.malware.signature"
     },
-    "event_uid": {
+    "file-name": {
       "type": "alias",
-      "path": "EventID"
-    },
-    "windows-hostname": {
-      "type": "alias",
-      "path": "HostName"
-    },
-    "windows-message": {
-      "type": "alias",
-      "path": "Message"
-    },
-    "windows-provider-name": {
-      "type": "alias",
-      "path": "Provider_Name"
-    },
-    "windows-servicename": {
-      "type": "alias",
-      "path": "ServiceName"
-    },
-    "timestamp": {
-      "path": "creationTime",
-      "type": "alias"
+      "path": "file.name"
     }
   }
 }
\ No newline at end of file