From 9580756b9dd6885153ea82bbcd77904a90c29d1d Mon Sep 17 00:00:00 2001
From: Grant Haywood <grant@phaseshift.studio>
Date: Thu, 29 Dec 2022 16:00:55 -0700
Subject: [PATCH] updated network mappings

Signed-off-by: Grant Haywood <grant@phaseshift.studio>
---
 .../OSMapping/network/fieldmappings.yml       |  35 ++---
 .../resources/OSMapping/network/mappings.json | 128 ++++++------------
 2 files changed, 57 insertions(+), 106 deletions(-)

diff --git a/src/main/resources/OSMapping/network/fieldmappings.yml b/src/main/resources/OSMapping/network/fieldmappings.yml
index 468754337..2a2753832 100644
--- a/src/main/resources/OSMapping/network/fieldmappings.yml
+++ b/src/main/resources/OSMapping/network/fieldmappings.yml
@@ -1,26 +1,17 @@
 fieldmappings:
-    Z: Z
-    action: action
-    answers: zeek-dns-answers
-    c-uri: c-uri
-    c-useragent: c-useragent
-    certificate-serial: zeek-x509-certificate-serial
-    cipher: zeek-kerberos-cipher
-    client_header_names: zeek-http-client_header_names
-    dst_ip: netflow-destination_ipv4_address
-    dst_port: netflow-destination_transport_port
-    endpoint: zeek-dce_rpc-endpoint
-    id-orig_h: id-orig_h
-    id-resp_p: id-resp_p
-    method: method
-    name: name
+    action: netflow-firewall_event
+    certificate.serial: zeek-x509-certificate-serial
+    name: zeek-smb_files-name
+    path: zeek-smb_files-path
+    dst_port: netflow-tcp_destination_port
+    netflow-destination_transport_port: netflow-destination_transport_port
+    qtype_name: zeek-dns-qtype_name
     operation: zeek-dce_rpc-operation
-    path: path
-    qtype: zeek-dns-qtype_name
+    endpoint: zeek-dce_rpc-endpoint
+    zeek-dce_rpc-endpoint: zeek-dce_rpc-endpoint
+    answers: zeek-dns-answers
     query: zeek-dns-query
-    request_body_len: request_body_len
-    request_type: zeek-kerberos-request_type
+    client_header_names: zeek-http-client_header_names
     resp_mime_types: zeek-http-resp_mime_types
-    src_port: netflow-source_transport_port
-    status_code: status_code
-    user_agent: user_agent
+    cipher: zeek-kerberos-cipher
+    request_type: zeek-kerberos-request_type
\ No newline at end of file
diff --git a/src/main/resources/OSMapping/network/mappings.json b/src/main/resources/OSMapping/network/mappings.json
index dedf804fa..0a521ae75 100644
--- a/src/main/resources/OSMapping/network/mappings.json
+++ b/src/main/resources/OSMapping/network/mappings.json
@@ -1,104 +1,64 @@
 {
   "properties": {
-    "dst_port": {
-      "type": "alias",
-      "path": "dst_port"
+    "zeek-smb_files-name": {
+      "path": "zeek.smb_files.name",
+      "type": "alias"
     },
-    "src_port": {
-      "type": "alias",
-      "path": "src_port"
+    "zeek-x509-certificate-serial": {
+      "path": "zeek.x509-certificate.serial",
+      "type": "alias"
     },
-    "action": {
-      "type": "alias",
-      "path": "action"
+    "netflow-tcp_destination_port": {
+      "path": "netflow.tcp_destination_port",
+      "type": "alias"
     },
-    "dst_ip": {
-      "type": "alias",
-      "path": "dst_ip"
+    "netflow-destination_transport_port": {
+      "path": "netflow-destination_transport_port",
+      "type": "alias"
     },
-    "operation": {
-        "type": "alias",
-        "path": "operation"
+    "netflow-firewall_event": {
+      "path": "netflow.firewall_event",
+      "type": "alias"
     },
-    "endpoint": {
-        "type": "alias",
-        "path": "endpoint"
+    "zeek-smb_files-path": {
+      "path": "zeek.smb_files.path",
+      "type": "alias"
     },
-    "path": {
-        "type": "alias",
-        "path": "path"
+    "zeek-dns-qtype_name": {
+      "path": "zeek.dns.qtype_name",
+      "type": "alias"
     },
-    "certificate-serial": {
-        "type": "alias",
-        "path": "certificate-serial"
+    "zeek-dce_rpc-endpoint": {
+      "path": "zeek.dce_rpc.endpoint",
+      "type": "alias"
     },
-    "query": {
-        "type": "alias",
-        "path": "query"
+    "zeek-dce_rpc-operation": {
+      "path": "zeek.dce_rpc.operation",
+      "type": "alias"
     },
-    "Z": {
-        "type": "alias",
-        "path": "Z"
+    "zeek-dns-answers": {
+      "path": "zeek.dns.answers",
+      "type": "alias"
     },
-    "qtype": {
-        "type": "alias",
-        "path": "qtype"
+    "zeek-dns-query": {
+      "path": "zeek.dns.query",
+      "type": "alias"
     },
-    "answers": {
-        "type": "alias",
-        "path": "answers"
+    "zeek-http-client_header_names": {
+      "path": "zeek.http.client_header_names",
+      "type": "alias"
     },
-    "id-resp_p": {
-        "type": "alias",
-        "path": "id-resp_p"
-    },
-    "resp_mime_types": {
-        "type": "alias",
-        "path": "resp_mime_types"
-    },
-    "c-uri": {
-        "type": "alias",
-        "path": "c-uri"
-    },
-    "c-useragent": {
-        "type": "alias",
-        "path": "c-useragent"
-    },
-    "status_code": {
-        "type": "alias",
-        "path": "status_code"
-    },
-    "client_header_names": {
-        "type": "alias",
-        "path": "client_header_names"
-    },
-    "request_body_len": {
-        "type": "alias",
-        "path": "request_body_len"
-    },
-    "user_agent": {
-        "type": "alias",
-        "path": "user_agent"
-    },
-    "method": {
-        "type": "alias",
-        "path": "method"
-    },
-    "id-orig_h": {
-        "type": "alias",
-        "path": "id-orig_h"
-    },
-    "name": {
-        "type": "alias",
-        "path": "name"
+    "zeek-http-resp_mime_types": {
+      "path": "zeek.http.resp_mime_types",
+      "type": "alias"
     },
     "zeek-kerberos-cipher": {
-        "type": "alias",
-        "path": "zeek-kerberos-cipher"
+      "path": "zeek.kerberos.cipher",
+      "type": "alias"
     },
     "zeek-kerberos-request_type": {
-        "type": "alias",
-        "path": "zeek-kerberos-request_type"
+      "path": "zeek.kerberos.request_type",
+      "type": "alias"
     }
   }
-}
\ No newline at end of file
+}