From e022419e482a6f2b7e5023c4d48ec22854f07baa Mon Sep 17 00:00:00 2001 From: rm Date: Thu, 30 May 2024 14:20:06 +0200 Subject: [PATCH] preset xdr_event_log --- .../mappings/platforms/palo_alto_cortex/windows_application.yml | 2 +- .../mappings/platforms/palo_alto_cortex/windows_powershell.yml | 2 +- .../mappings/platforms/palo_alto_cortex/windows_security.yml | 2 +- .../mappings/platforms/palo_alto_cortex/windows_sysmon.yml | 2 +- .../mappings/platforms/palo_alto_cortex/windows_system.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_application.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_application.yml index 472e12a4..71143f9c 100644 --- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_application.yml +++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_application.yml @@ -2,7 +2,7 @@ platform: Palo Alto XSIAM source: windows_application default_log_source: - dataset: microsoft_windows_raw + preset: xdr_event_log field_mapping: EventID: action_evtlog_event_id diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_powershell.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_powershell.yml index c328ba15..6af38835 100644 --- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_powershell.yml +++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_powershell.yml @@ -3,7 +3,7 @@ source: windows_powershell default_log_source: - dataset: microsoft_windows_raw + preset: xdr_event_log field_mapping: EventID: action_evtlog_event_id diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml index 6d53e6ea..a2abf004 100644 --- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml +++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_security.yml @@ -2,7 +2,7 @@ platform: Palo Alto XSIAM source: windows_security default_log_source: - dataset: microsoft_windows_raw + preset: xdr_event_log field_mapping: EventID: action_evtlog_event_id diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml index f6a5f7b9..d066d871 100644 --- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml +++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_sysmon.yml @@ -3,7 +3,7 @@ source: windows_sysmon default_log_source: - dataset: microsoft_windows_raw + preset: xdr_event_log field_mapping: EventID: action_evtlog_event_id diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_system.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_system.yml index 0d24082e..d4bcb22a 100644 --- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_system.yml +++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/windows_system.yml @@ -2,7 +2,7 @@ platform: Palo Alto XSIAM source: windows_system default_log_source: - dataset: microsoft_windows_raw + preset: xdr_event_log field_mapping: EventID: action_evtlog_event_id