diff --git a/src/main/resources/OSMapping/linux/fieldmappings.yml b/src/main/resources/OSMapping/linux/fieldmappings.yml
index ef1c2c0c6..1e4229875 100644
--- a/src/main/resources/OSMapping/linux/fieldmappings.yml
+++ b/src/main/resources/OSMapping/linux/fieldmappings.yml
@@ -1,7 +1,37 @@
-# this file provides pre-defined mappings for Sigma fields defined for all Sigma rules under linux log group to their corresponding ECS Fields.
 fieldmappings:
-  EventID: event_uid
-  HiveName: unmapped.HiveName
-  fieldB: mappedB
-  fieldA1: mappedA
-
+  CommandLine: process-command_line
+  CurrentDirectory: process-working_directory
+  DestinationHostname: DestinationHostname
+  DestinationIp: DestinationIp
+  Image: process-executable
+  LogonId: process-user-id
+  ParentCommandLine: process-parent-command_line
+  ParentImage: process-parent-executable
+  TargetFilename: TargetFilename
+  USER: USER
+  User: process-user-name
+  a0: auditd-log-a0
+  a1: auditd-log-a1
+  a2: auditd-log-a2
+  a3: auditd-log-a3
+  a4: auditd-log-a4
+  a5: auditd-log-a5
+  a6: auditd-log-a6
+  a7: auditd-log-a7
+  comm: auditd-log-comm
+  cwd: cwd
+  dd: dd
+  exe: auditd-log-exe
+  execve: execve
+  filter: filter
+  key: key
+  name: name
+  pam_message: pam_message
+  pam_rhost: pam_rhost
+  pam_user: pam_user
+  proctitle: proctitle
+  syscall: syscall
+  truncate: truncate
+  type: type
+  uid: uid
+  unit: unit
\ No newline at end of file
diff --git a/src/main/resources/OSMapping/linux/mappings.json b/src/main/resources/OSMapping/linux/mappings.json
new file mode 100644
index 000000000..ff4f86515
--- /dev/null
+++ b/src/main/resources/OSMapping/linux/mappings.json
@@ -0,0 +1,148 @@
+{
+  "properties": {
+    "type": {
+      "type": "alias",
+      "path": "type"
+    },
+    "name": {
+      "type": "alias",
+      "path": "name"
+    },
+    "auditd-log-a0": {
+      "type": "alias",
+      "path": "auditd-log-a0"
+    },
+    "auditd-log-a1": {
+      "type": "alias",
+      "path": "auditd-log-a1"
+    },
+    "auditd-log-a2": {
+      "type": "alias",
+      "path": "auditd-log-a2"
+    },
+    "auditd-log-a3": {
+      "type": "alias",
+      "path": "auditd-log-a3"
+    },
+    "auditd-log-a4": {
+      "type": "alias",
+      "path": "auditd-log-a4"
+    },
+    "auditd-log-a5": {
+      "type": "alias",
+      "path": "auditd-log-a5"
+    },
+    "auditd-log-a6": {
+      "type": "alias",
+      "path": "auditd-log-a6"
+    },
+    "auditd-log-a7": {
+      "type": "alias",
+      "path": "auditd-log-a7"
+    },
+    "execve": {
+      "type": "alias",
+      "path": "execve"
+    },
+    "truncate": {
+      "type": "alias",
+      "path": "truncate"
+    },
+    "dd": {
+      "type": "alias",
+      "path": "dd"
+    },
+    "filter": {
+      "type": "alias",
+      "path": "filter"
+    },
+    "auditd-log-exe": {
+      "type": "alias",
+      "path": "auditd-log-exe"
+    },
+    "auditd-log-comm": {
+      "type": "alias",
+      "path": "auditd-log-comm"
+    },
+    "proctitle": {
+      "type": "alias",
+      "path": "proctitle"
+    },
+    "unit": {
+      "type": "alias",
+      "path": "unit"
+    },
+    "key": {
+      "type": "alias",
+      "path": "key"
+    },
+    "syscall": {
+      "type": "alias",
+      "path": "syscall"
+    },
+    "uid": {
+      "type": "alias",
+      "path": "uid"
+    },
+    "cwd": {
+      "type": "alias",
+      "path": "cwd"
+    },
+    "USER": {
+      "type": "alias",
+      "path": "USER"
+    },
+    "TargetFilename": {
+      "type": "alias",
+      "path": "TargetFilename"
+    },
+    "Image": {
+      "type": "alias",
+      "path": "process-executable"
+    },
+    "DestinationIp": {
+      "type": "alias",
+      "path": "DestinationIp"
+    },
+    "DestinationHostname": {
+      "type": "alias",
+      "path": "DestinationHostname"
+    },
+    "pam_message": {
+      "type": "alias",
+      "path": "pam_message"
+    },
+    "pam_rhost": {
+      "type": "alias",
+      "path": "pam_rhost"
+    },
+    "pam_user": {
+      "type": "alias",
+      "path": "pam_user"
+    },
+    "CommandLine": {
+      "type": "alias",
+      "path": "process-command_line"
+    },
+    "process-parent-executable": {
+      "type": "alias",
+      "path": "process-parent-executable"
+    },
+    "process-user-id": {
+      "type": "alias",
+      "path": "process-user-id"
+    },
+    "process-user-name": {
+      "type": "alias",
+      "path": "process-user-name"
+    },
+    "process-working_directory": {
+      "type": "alias",
+      "path": "process-working_directory"
+    },
+    "process-parent-command_line": {
+      "type": "alias",
+      "path": "process-parent-command_line"
+    }
+  }
+}
\ No newline at end of file
diff --git a/src/main/resources/OSMapping/network/fieldmappings.yml b/src/main/resources/OSMapping/network/fieldmappings.yml
index 768d22ba5..468754337 100644
--- a/src/main/resources/OSMapping/network/fieldmappings.yml
+++ b/src/main/resources/OSMapping/network/fieldmappings.yml
@@ -1,7 +1,26 @@
-# this file provides pre-defined mappings for Sigma fields defined for all Sigma rules under network log group to their corresponding ECS Fields.
-
 fieldmappings:
-    EventID: event_uid
-    HiveName: unmapped.HiveName
-    fieldB: mappedB
-    fieldA1: mappedA
+    Z: Z
+    action: action
+    answers: zeek-dns-answers
+    c-uri: c-uri
+    c-useragent: c-useragent
+    certificate-serial: zeek-x509-certificate-serial
+    cipher: zeek-kerberos-cipher
+    client_header_names: zeek-http-client_header_names
+    dst_ip: netflow-destination_ipv4_address
+    dst_port: netflow-destination_transport_port
+    endpoint: zeek-dce_rpc-endpoint
+    id-orig_h: id-orig_h
+    id-resp_p: id-resp_p
+    method: method
+    name: name
+    operation: zeek-dce_rpc-operation
+    path: path
+    qtype: zeek-dns-qtype_name
+    query: zeek-dns-query
+    request_body_len: request_body_len
+    request_type: zeek-kerberos-request_type
+    resp_mime_types: zeek-http-resp_mime_types
+    src_port: netflow-source_transport_port
+    status_code: status_code
+    user_agent: user_agent
diff --git a/src/main/resources/OSMapping/network/mappings.json b/src/main/resources/OSMapping/network/mappings.json
index eb39c49f4..dedf804fa 100644
--- a/src/main/resources/OSMapping/network/mappings.json
+++ b/src/main/resources/OSMapping/network/mappings.json
@@ -1,8 +1,104 @@
 {
   "properties": {
-    "source_ip": {
+    "dst_port": {
       "type": "alias",
-      "path": "src_ip"
+      "path": "dst_port"
+    },
+    "src_port": {
+      "type": "alias",
+      "path": "src_port"
+    },
+    "action": {
+      "type": "alias",
+      "path": "action"
+    },
+    "dst_ip": {
+      "type": "alias",
+      "path": "dst_ip"
+    },
+    "operation": {
+        "type": "alias",
+        "path": "operation"
+    },
+    "endpoint": {
+        "type": "alias",
+        "path": "endpoint"
+    },
+    "path": {
+        "type": "alias",
+        "path": "path"
+    },
+    "certificate-serial": {
+        "type": "alias",
+        "path": "certificate-serial"
+    },
+    "query": {
+        "type": "alias",
+        "path": "query"
+    },
+    "Z": {
+        "type": "alias",
+        "path": "Z"
+    },
+    "qtype": {
+        "type": "alias",
+        "path": "qtype"
+    },
+    "answers": {
+        "type": "alias",
+        "path": "answers"
+    },
+    "id-resp_p": {
+        "type": "alias",
+        "path": "id-resp_p"
+    },
+    "resp_mime_types": {
+        "type": "alias",
+        "path": "resp_mime_types"
+    },
+    "c-uri": {
+        "type": "alias",
+        "path": "c-uri"
+    },
+    "c-useragent": {
+        "type": "alias",
+        "path": "c-useragent"
+    },
+    "status_code": {
+        "type": "alias",
+        "path": "status_code"
+    },
+    "client_header_names": {
+        "type": "alias",
+        "path": "client_header_names"
+    },
+    "request_body_len": {
+        "type": "alias",
+        "path": "request_body_len"
+    },
+    "user_agent": {
+        "type": "alias",
+        "path": "user_agent"
+    },
+    "method": {
+        "type": "alias",
+        "path": "method"
+    },
+    "id-orig_h": {
+        "type": "alias",
+        "path": "id-orig_h"
+    },
+    "name": {
+        "type": "alias",
+        "path": "name"
+    },
+    "zeek-kerberos-cipher": {
+        "type": "alias",
+        "path": "zeek-kerberos-cipher"
+    },
+    "zeek-kerberos-request_type": {
+        "type": "alias",
+        "path": "zeek-kerberos-request_type"
     }
   }
 }
\ No newline at end of file
diff --git a/src/main/resources/OSMapping/windows/mappings.json b/src/main/resources/OSMapping/windows/mappings.json
index 48cdda71d..5a60ac7be 100644
--- a/src/main/resources/OSMapping/windows/mappings.json
+++ b/src/main/resources/OSMapping/windows/mappings.json
@@ -2,27 +2,27 @@
   "properties": {
     "windows-event_data-CommandLine": {
       "type": "alias",
-      "path": "CommandLine"
+      "path": "windows-event_data-CommandLine"
     },
     "event_uid": {
       "type": "alias",
-      "path": "EventID"
+      "path": "event_uid"
     },
     "windows-hostname": {
       "type": "alias",
-      "path": "HostName"
+      "path": "windows-hostname"
     },
     "windows-message": {
       "type": "alias",
-      "path": "Message"
+      "path": "windows-message"
     },
     "windows-provider-name": {
       "type": "alias",
-      "path": "Provider_Name"
+      "path": "windows-provider-name"
     },
     "windows-servicename": {
       "type": "alias",
-      "path": "ServiceName"
+      "path": "windows-servicename"
     }
   }
 }
\ No newline at end of file