Skip to content
This repository has been archived by the owner on Nov 3, 2021. It is now read-only.

Commit

Permalink
Update the GuardDuty schema to reflect upstream changes (#1641)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mpurzynski
mpurzynski committed Jun 3, 2020
1 parent e96abc8 commit 0b10f83
Showing 1 changed file with 37 additions and 36 deletions.
73 changes: 37 additions & 36 deletions mq/plugins/guardduty_mapping.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,8 +93,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
query: details.finding.action.dnsrequestaction.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -133,7 +133,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -172,7 +172,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -211,7 +211,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -250,7 +250,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -289,7 +289,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -328,8 +328,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.finding.additionalInfo.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -368,7 +368,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -407,7 +407,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -446,8 +446,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.finding.additionalInfo.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -486,7 +486,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -525,7 +525,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -564,7 +564,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -603,7 +603,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -641,7 +641,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -679,7 +679,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -717,8 +718,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.finding.additionalInfo.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -756,8 +757,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.finding.additionalInfo.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -795,8 +796,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.finding.additionalInfo.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -834,8 +835,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.service.action.dnsRequestAction.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -873,8 +874,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.service.action.dnsRequestAction.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -912,8 +913,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.finding.additionalInfo.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -951,8 +952,8 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.query: details.finding.additionalInfo.domain
details.platform: details.resource.instanceDetails.platform
query: details.finding.action.dnsRequestAction.domain
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -990,7 +991,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -1028,7 +1029,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down Expand Up @@ -1333,7 +1334,7 @@
proto: details.finding.action.networkConnectionAction.protocol
evidence: details.finding.evidence
miscinfo: details.finding.additionalInfo
details.platform: details.resource.instanceDetails.platform
platform: details.resource.instanceDetails.platform
gdeventcreatedts: details.createdAt
gdeventupdatedts: details.updatedAt
gdeventfirstseents: details.finding.eventFirstSeen
Expand Down

0 comments on commit 0b10f83

Please sign in to comment.