update others_apt (opensearch-project#278)

Signed-off-by: Grant Haywood <[email protected]> Co-authored-by: Subhobrata Dey <[email protected]>
petardz · Feb 21, 2023 · 0a09f26 · 0a09f26
1 parent 39c4f96
commit 0a09f26
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 29 deletions.
diff --git a/src/main/resources/OSMapping/others_apt/fieldmappings.yml b/src/main/resources/OSMapping/others_apt/fieldmappings.yml
@@ -1,7 +1,4 @@
 # this file provides pre-defined mappings for Sigma fields defined for all Sigma rules under apt log group to their corresponding ECS Fields.
 fieldmappings:
-  EventID: event_uid
-  HiveName: unmapped.HiveName
-  fieldB: mappedB
-  fieldA1: mappedA
-  creationTime: timestamp
+  Image: process-exe
+  CommandLine: process-command_line
diff --git a/src/main/resources/OSMapping/others_apt/mappings.json b/src/main/resources/OSMapping/others_apt/mappings.json
@@ -1,32 +1,12 @@
 {
   "properties": {
-    "windows-event_data-CommandLine": {
+    "process-exe": {
       "type": "alias",
-      "path": "CommandLine"
+      "path": "process.exe"
     },
-    "event_uid": {
+    "process-command_line": {
       "type": "alias",
-      "path": "EventID"
-    },
-    "windows-hostname": {
-      "type": "alias",
-      "path": "HostName"
-    },
-    "windows-message": {
-      "type": "alias",
-      "path": "Message"
-    },
-    "windows-provider-name": {
-      "type": "alias",
-      "path": "Provider_Name"
-    },
-    "windows-servicename": {
-      "type": "alias",
-      "path": "ServiceName"
-    },
-    "timestamp": {
-      "path": "creationTime",
-      "type": "alias"
+      "path": "process.command_line"
     }
   }
 }