-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
classifier-Abnormal_Security_Mapper.json
172 lines (172 loc) · 6.71 KB
/
classifier-Abnormal_Security_Mapper.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
{
"description": "",
"feed": false,
"id": "Abnormal Security - Incoming Mapper",
"mapping": {
"AbnormalSecurity": {
"dontMapEventToLabels": true,
"internalMapping": {
"Abnormal Security Abuse Campaign Attack Type": {
"simple": "attackType"
},
"Abnormal Security Abuse Campaign First Reported": {
"simple": "firstReported"
},
"Abnormal Security Abuse Campaign From Address": {
"simple": "fromAddress"
},
"Abnormal Security Abuse Campaign From Name": {
"simple": "fromName"
},
"Abnormal Security Abuse Campaign ID": {
"simple": "campaignId"
},
"Abnormal Security Abuse Campaign Judgement Status": {
"simple": "judgementStatus"
},
"Abnormal Security Abuse Campaign Last Reported": {
"simple": "lastReported"
},
"Abnormal Security Abuse Campaign Message ID": {
"simple": "messageId"
},
"Abnormal Security Abuse Campaign Overall Status": {
"simple": "overallStatus"
},
"Abnormal Security Abuse Campaign Recipient Address": {
"simple": "recipientAddress"
},
"Abnormal Security Abuse Campaign Recipient Name": {
"simple": "recipientName"
},
"Abnormal Security Abuse Campaign Subject": {
"simple": "subject"
},
"Abnormal Security Affected Employee": {
"simple": "affectedEmployee"
},
"Abnormal Security Analysis": {
"simple": "analysis"
},
"Abnormal Security Attachment Count": {
"simple": "messages.attachmentCount"
},
"Abnormal Security Attachment Names": {
"simple": "messages.attachmentNames"
},
"Abnormal Security Attack Strategy": {
"simple": "messages.attackStrategy"
},
"Abnormal Security Attack Type": {
"simple": "messages.attackType"
},
"Abnormal Security Attack Vector": {
"simple": "messages.attackVector"
},
"Abnormal Security Attacked Party": {
"simple": "messages.attackedParty"
},
"Abnormal Security Auto Remediated": {
"simple": "messages.autoRemediated"
},
"Abnormal Security CC Emails": {
"simple": "messages.ccEmails"
},
"Abnormal Security Case ID": {
"simple": "caseId"
},
"Abnormal Security Case Status": {
"simple": "case_status"
},
"Abnormal Security Customer Visible Time": {
"simple": "customerVisibleTime"
},
"Abnormal Security First Observed Time": {
"simple": "firstObserved"
},
"Abnormal Security From Address": {
"simple": "messages.fromAddress"
},
"Abnormal Security From Name": {
"simple": "messages.fromName"
},
"Abnormal Security Impersonated Party": {
"simple": "messages.impersonatedParty"
},
"Abnormal Security Internet Message ID": {
"simple": "messages.internetMessageId"
},
"Abnormal Security Is Read": {
"simple": "messages.isRead"
},
"Abnormal Security Message ID": {
"simple": "messages.abxMessageId"
},
"Abnormal Security Portal URL": {
"simple": "messages.abxPortalUrl"
},
"Abnormal Security Post Remediated": {
"simple": "messages.postRemediated"
},
"Abnormal Security Received Time": {
"simple": "messages.receivedTime"
},
"Abnormal Security Recipient Address": {
"simple": "messages.recipientAddress"
},
"Abnormal Security Remediation Status": {
"simple": "messages.remediationStatus"
},
"Abnormal Security Remediation Timestamp": {
"simple": "messages.remediationTimestamp"
},
"Abnormal Security Reply To Emails": {
"simple": "messages.replyToEmails"
},
"Abnormal Security Return Path": {
"simple": "messages.returnPath"
},
"Abnormal Security Sender Domain": {
"simple": "messages.senderDomain"
},
"Abnormal Security Sender IP Address": {
"simple": "messages.senderIpAddress"
},
"Abnormal Security Sent Time": {
"simple": "messages.sentTime"
},
"Abnormal Security Severity": {
"simple": "severity"
},
"Abnormal Security Severity Level": {
"simple": "severity_level"
},
"Abnormal Security Subject": {
"simple": "messages.subject"
},
"Abnormal Security Summary Insights": {
"simple": "messages.summaryInsights"
},
"Abnormal Security Threat ID": {
"simple": "messages.threatId"
},
"Abnormal Security Threat IDs": {
"simple": "threatIds"
},
"Abnormal Security To Addresses": {
"simple": "messages.toAddresses"
},
"Abnormal Security Url Count": {
"simple": "messages.urlCount"
},
"URLs": {
"simple": "messages.urls"
}
}
}
},
"name": "Abnormal Security - Incoming Mapper",
"type": "mapping-incoming",
"version": -1,
"fromVersion": "6.0.0"
}