Skip to content

Commit

Permalink
Renamed maps attributes from %x to ..
Browse files Browse the repository at this point in the history
  • Loading branch information
yarox24 committed Mar 15, 2023
1 parent e18dda2 commit d19f4d5
Show file tree
Hide file tree
Showing 10 changed files with 98 additions and 98 deletions.
14 changes: 7 additions & 7 deletions maps/BootupRestartShutdown_System.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ events:

20:
attrib_extraction: []
short_description: "The last shutdown's success status was X. The last boot's success status was Y"
short_description: "The last shutdown's success status was. The last boot's success status was"
provider_guid: "{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}"

41:
Expand All @@ -46,14 +46,14 @@ events:
- "rename_field:input_field=param1,output_field=Bugcheck"
- "rename_field:input_field=param2,output_field=DumpPath"
- "rename_field:input_field=param3,output_field=ReportID"
short_description: "The computer has rebooted from a bugcheck. The bugcheck was: X. A dump was saved in: Y. Report Id: Z"
short_description: "The computer has rebooted from a bugcheck. The bugcheck was . A dump was saved in . Report Id"
provider_guid: "{ABCE23E7-DE45-4366-8631-84FA6C525952}"

1073:
attrib_extraction:
- "rename_field:input_field=param1,output_field=SourceComputer"
- "rename_field:input_field=param2,output_field=SubjectUserName"
short_description: "The attempt by user X to restart/shutdown computer Y failed"
short_description: "The attempt by user to restart/shutdown computer failed"
provider_guid: "{b0aa8734-56f7-41cc-b2f4-de228e98b946}"

1074:
Expand All @@ -65,7 +65,7 @@ events:
- "rename_field:input_field=param5,output_field=Type"
- "rename_field:input_field=param6,output_field=Comment"
- "rename_field:input_field=param7,output_field=SubjectUserName"
short_description: "The process X has initiated the Y of computer Z on behalf of user G for the following reason: H "
short_description: "The process has initiated the of computer on behalf of user for the following reason"
provider_guid: "{b0aa8734-56f7-41cc-b2f4-de228e98b946}"

1076:
Expand All @@ -76,7 +76,7 @@ events:
- "rename_field:input_field=param4,output_field=Bugcheck"
# Lost param 5
- "rename_field:input_field=param5,output_field=Comment"
short_description: "The reason supplied by user X for the last unexpected shutdown of this computer is: Y"
short_description: "The reason supplied by user for the last unexpected shutdown of this computer is"
provider_guid: "{b0aa8734-56f7-41cc-b2f4-de228e98b946}"

1100:
Expand All @@ -99,7 +99,7 @@ events:
- "content_data_autonumbering"
- "append_to_field:input_field=autonumbered1,output_field=StopTime,add_space_at_end=true"
- "append_to_field:input_field=autonumbered0,output_field=StopTime"
short_description: "The previous system shutdown at X on Y was unexpected"
short_description: "The previous system shutdown at on was unexpected"
provider_name: "EventLog"

6009:
Expand All @@ -112,6 +112,6 @@ events:
attrib_extraction:
- "content_data_autonumbering"
- "rename_field:input_field=autonumbered4,output_field=Uptime"
short_description: "The system uptime is X seconds"
short_description: "The system uptime is .. seconds"
provider_name: "EventLog"

2 changes: 1 addition & 1 deletion maps/Firewall_Microsoft-Windows-WindowsFirewallWithAdvancedSecurity.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ events:
2003:
attrib_extraction:
- "rename_field:input_field=SettingValueString,output_field=SettingValueText"
short_description: "A Windows Firewall setting in the %1 profile has changed"
short_description: "A Windows Firewall setting in the profile has changed"
provider_guid: "{D1BC9AFF-2ABF-4D71-9146-ECB2A986EB85}"

2004:
Expand Down
22 changes: 11 additions & 11 deletions maps/RDP_RemoteDesktopServices_RdpCoreTS_Operational.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,17 @@ events:

65:
attrib_extraction: []
short_description: "Connection %1 created"
short_description: "Connection created"
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

66:
attrib_extraction: []
short_description: "The connection %1 was assigned to session %2"
short_description: "The connection was assigned to session"
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

97:
attrib_extraction: []
short_description: "The RDP protocol component %1 detected an error (%2) in the protocol stream and the client was disconnected."
short_description: "The RDP protocol component detected an error () in the protocol stream and the client was disconnected."
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

98:
Expand All @@ -30,7 +30,7 @@ events:
99:
attrib_extraction:
- "rename_field:input_field=ResultCode,output_field=ErrorCode"
short_description: "The TCP connection has failed with the error code %1."
short_description: "The TCP connection has failed with the error code"
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

102:
Expand All @@ -40,39 +40,39 @@ events:

103:
attrib_extraction: []
short_description: "The disconnect reason is %1"
short_description: "The disconnect reason is"
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

104:
attrib_extraction: []
short_description: "Client timezone is %1 hour from UTC"
short_description: "Client timezone is .. hour from UTC"
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

131:
attrib_extraction:
- "rename_field:input_field=ClientIP,output_field=SourceIP"
short_description: "The server accepted a new %1 connection from client %2."
short_description: "The server accepted a new connection from client"
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

139:
attrib_extraction:
- "rename_field:input_field=IPString,output_field=SourceIP"
- "rename_field:input_field=ResultCode,output_field=ErrorCode"
short_description: "The server security layer detected an error (%1) in the protocol stream and the client (Client IP:%2) has been disconnected."
short_description: "The server security layer detected an error () in the protocol stream and the client (Client IP:..) has been disconnected."
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

140:
attrib_extraction:
- "rename_field:input_field=IPString,output_field=SourceIP"
short_description: "A connection from the client computer with an IP address of %1 failed because the user name or password is not correct."
short_description: "A connection from the client computer with an IP address of failed because the user name or password is not correct."
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

168:
attrib_extraction: []
short_description: "The resolution requested by the client: Monitor %1: (%2, %3), origin: (%4, %5). Server: %6"
short_description: "The resolution requested by the client: Monitor ..: (.., ..), origin: (.., ..). Server: .."
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"

169:
attrib_extraction: []
short_description: "The client operating system type is (%1, %2). Server: %3"
short_description: "The client operating system type is (.., ..). Server:"
provider_guid: "{1139c61b-b549-4251-8ed3-27250a1edec8}"
22 changes: 11 additions & 11 deletions maps/RDP_TerminalServices_LocalSessionManager_Operational.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,71 +22,71 @@ events:
20:
attrib_extraction:
- userdata_flatten_first_value
short_description: "Attempt to send %1 message to Windows video subsystem failed. The relevant status code was %2."
short_description: "Attempt to send message to Windows video subsystem failed. The relevant status code was"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

21:
attrib_extraction:
- userdata_flatten_first_value
- "rename_field:input_field=Address,output_field=SourceIP"
short_description: "Remote Desktop Services: Session logon succeeded: User: %1 Session ID: %2 Source Network Address: %3"
short_description: "Remote Desktop Services: Session logon succeeded: User: Session ID: Source Network Address:"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

22:
attrib_extraction:
- userdata_flatten_first_value
- "rename_field:input_field=Address,output_field=SourceIP"
short_description: "Remote Desktop Services: Shell start notification received: User: %1 Session ID: %2 Source Network Address: %3"
short_description: "Remote Desktop Services: Shell start notification received: User: Session ID: Source Network Address:"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

23:
attrib_extraction:
- userdata_flatten_first_value
short_description: "Remote Desktop Services: Session logoff succeeded: User: %1 Session ID: %2"
short_description: "Remote Desktop Services: Session logoff succeeded: User: Session ID:"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

24:
attrib_extraction:
- userdata_flatten_first_value
- "rename_field:input_field=Address,output_field=SourceIP"
short_description: "Remote Desktop Services: Session has been disconnected: User: %1 Session ID: %2 Source Network Address: %3"
short_description: "Remote Desktop Services: Session has been disconnected: User: Session ID: Source Network Address:"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

25:
attrib_extraction:
- userdata_flatten_first_value
- "rename_field:input_field=Address,output_field=SourceIP"
short_description: "Remote Desktop Services: Session reconnection succeeded: User: %1 Session ID: %2 Source Network Address: %3"
short_description: "Remote Desktop Services: Session reconnection succeeded: User: Session ID: Source Network Address:"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

36:
attrib_extraction: []
short_description: "An error occurred when transitioning from %3 in response to %5. (ErrorCode %6)"
short_description: "An error occurred when transitioning from .. in response to .. . (ErrorCode ..)"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

39:
attrib_extraction:
- userdata_flatten_first_value
- "rename_field:input_field=TargetSession,output_field=SessionID"
- "rename_field:input_field=Source,output_field=SourceSessionID"
short_description: "Session %1 has been disconnected by session %2"
short_description: "Session .. has been disconnected by session .."
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

40:
attrib_extraction:
- userdata_flatten_first_value
- "rename_field:input_field=Session,output_field=SessionID"
short_description: "Session %1 has been disconnected, reason code %2"
short_description: "Session .. has been disconnected, reason code"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

41:
attrib_extraction:
- userdata_flatten_first_value
short_description: "Begin session arbitration: User: %1 Session ID: %2"
short_description: "Begin session arbitration: User: Session ID:"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"

42:
attrib_extraction:
- userdata_flatten_first_value
short_description: "End session arbitration: User: %1 Session ID: %2"
short_description: "End session arbitration: User: Session ID:"
provider_guid: "{5d896912-022d-40aa-a3a8-4fa5515c76d7}"
16 changes: 8 additions & 8 deletions maps/RDP_TerminalServices_RDPClient_Operational.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ events:

226:
attrib_extraction: []
short_description: "%1: An error was encountered when transitioning from %3 to %5 in response to %6 (error code %8)."
short_description: "..: An error was encountered when transitioning from .. to .. in response to . (error code ..)."
provider_guid: "{28aa95bb-d444-4719-a36f-40462168127e}"

1024:
attrib_extraction:
- "rename_field:input_field=Value,output_field=TargetIP"
short_description: "RDP ClientActiveX is trying to connect to the server (%2)"
short_description: "RDP ClientActiveX is trying to connect to the server (..)"
provider_guid: "{28aa95bb-d444-4719-a36f-40462168127e}"

1025:
Expand All @@ -26,28 +26,28 @@ events:
1026:
attrib_extraction:
- "rename_field:input_field=Value,output_field=ReasonCode"
short_description: "RDP ClientActiveX has been disconnected (Reason= %2)"
short_description: "RDP ClientActiveX has been disconnected (Reason= ..)"
provider_guid: "{28aa95bb-d444-4719-a36f-40462168127e}"

1027:
attrib_extraction: []
short_description: "Connected to domain (%1) with session %2."
short_description: "Connected to domain (..) with session .."
provider_guid: "{28aa95bb-d444-4719-a36f-40462168127e}"

1028:
attrib_extraction: []
short_description: "Server supports SSL = %1"
short_description: "Server supports SSL = .."
provider_guid: "{28aa95bb-d444-4719-a36f-40462168127e}"

1029:
attrib_extraction: []
short_description: "Base64(SHA1/SHA256(UserName)) is = %1"
short_description: "Base64(SHA1/SHA256(UserName)) is = .."
provider_guid: "{28aa95bb-d444-4719-a36f-40462168127e}"

1102:
attrib_extraction:
- "rename_field:input_field=Value,output_field=TargetIP"
short_description: "The client has initiated a multi-transport connection to the server %2."
short_description: "The client has initiated a multi-transport connection to the server .."
provider_guid: "{28aa95bb-d444-4719-a36f-40462168127e}"

1103:
Expand All @@ -67,5 +67,5 @@ events:

1401:
attrib_extraction: []
short_description: "The server is using version %1 of the RDP graphics protocol (client mode: %2, AVC available: %3)."
short_description: "The server is using version .. of the RDP graphics protocol (client mode: .., AVC available: ..)."
provider_guid: "{28aa95bb-d444-4719-a36f-40462168127e}"
Loading

0 comments on commit d19f4d5

Please sign in to comment.