From 3e8c70a8dcd1e14b1e96a0de2fc8da87161ebbcd Mon Sep 17 00:00:00 2001 From: Grant Haywood Date: Tue, 10 Jan 2023 20:09:35 -0700 Subject: [PATCH] update others_apt Signed-off-by: Grant Haywood --- .../OSMapping/others_apt/fieldmappings.yml | 7 +++--- .../OSMapping/others_apt/mappings.json | 24 ++++--------------- 2 files changed, 7 insertions(+), 24 deletions(-) diff --git a/src/main/resources/OSMapping/others_apt/fieldmappings.yml b/src/main/resources/OSMapping/others_apt/fieldmappings.yml index a25dd9693..c9bd2ec90 100644 --- a/src/main/resources/OSMapping/others_apt/fieldmappings.yml +++ b/src/main/resources/OSMapping/others_apt/fieldmappings.yml @@ -1,7 +1,6 @@ # this file provides pre-defined mappings for Sigma fields defined for all Sigma rules under apt log group to their corresponding ECS Fields. fieldmappings: - EventID: event_uid - HiveName: unmapped.HiveName - fieldB: mappedB - fieldA1: mappedA + Image: process-exe + CommandLine: process-command_line + diff --git a/src/main/resources/OSMapping/others_apt/mappings.json b/src/main/resources/OSMapping/others_apt/mappings.json index 48cdda71d..2f12a6177 100644 --- a/src/main/resources/OSMapping/others_apt/mappings.json +++ b/src/main/resources/OSMapping/others_apt/mappings.json @@ -1,28 +1,12 @@ { "properties": { - "windows-event_data-CommandLine": { + "process-exe": { "type": "alias", - "path": "CommandLine" + "path": "process.exe" }, - "event_uid": { + "process-command_line": { "type": "alias", - "path": "EventID" - }, - "windows-hostname": { - "type": "alias", - "path": "HostName" - }, - "windows-message": { - "type": "alias", - "path": "Message" - }, - "windows-provider-name": { - "type": "alias", - "path": "Provider_Name" - }, - "windows-servicename": { - "type": "alias", - "path": "ServiceName" + "path": "process.command_line" } } } \ No newline at end of file