Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

adding templates

This commit is contained in:
vakohl 2024-04-04 15:56:27 +05:30
Родитель 68db5f6e2e
Коммит 706e4930a6
12 изменённых файлов: 1350 добавлений и 9 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

14
ASIM/dev/ASimTester/ASimTester.csv
Просмотреть файл

@ -7,6 +7,7 @@ ActingAppName,string,Optional,AuditEvent,,,
ActingAppName,string,Optional,Authentication,,,
ActingAppName,string,Optional,FileEvent,,,
ActingAppName,string,Optional,UserManagement,,,
ActingAppName,string,Optional,UserManagement,,,
ActingAppType,string,Optional,AuditEvent,Enumerated,Process|Service|Resource|URL|SaaS application|CSP|Other,
ActingAppType,string,Optional,Authentication,Enumerated,Process|Service|Resource|URL|SaaS application|CSP|Other,
ActingAppType,string,Optional,FileEvent,Enumerated,Process|Service|Resource|URL|SaaS application|CSP|Other,
@ -43,7 +44,6 @@ ActingProcessSHA1,string,Optional,ProcessEvent,SHA1,,
ActingProcessSHA256,string,Optional,ProcessEvent,SHA256,,
ActingProcessSHA512,string,Optional,ProcessEvent,SHA521,,
ActingProcessTokenElevation,string,Optional,ProcessEvent,,,
ActingAppName,string,Optional,UserManagement,,,
ActorOriginalUserType,string,Optional,UserManagement,,,
ActorOriginalUserType,string,Optional,AuditEvent,,,
ActorOriginalUserType,string,Optional,Authentication,,,
@ -783,9 +783,9 @@ NewValue,string,Recommended,AuditEvent,,,
Object,string,Recommended,AuditEvent,,,
ObjectId,string,Recommended,AuditEvent,,,
ObjectType,string,Related,AuditEvent,Enumerated,Configuration Atom|Policy Rule|Event Log|Scheduled Task|Service|Directory Service Object|Other,
OriginalObjectType,string,Optional,AuditEvent,,,
OldValue,string,Optional,AuditEvent,,,
Operation,string,Mandatory,AuditEvent,,,
OriginalObjectType,string,Optional,AuditEvent,,,
OuterVlanId,string,Alias,NetworkSession,,,DstVlanId
OuterVlanId,string,Alias,WebSession,,,DstVlanId
ParentProcessCreationTime,datetime,Optional,ProcessEvent,,,
@ -1025,8 +1025,8 @@ SrcOriginalRiskLevel,string,Optional,AuditEvent,,,
SrcOriginalRiskLevel,string,Optional,Authentication,,,
SrcOriginalRiskLevel,string,Optional,Dns,,,
SrcOriginalRiskLevel,string,Optional,DhcpEvent,,,
SrcOriginalUserType,string,Optional,DhcpEvent,,,
SrcOriginalRiskLevel,string,Optional,UserManagement,,,
SrcOriginalUserType,string,Optional,DhcpEvent,,,
SrcOriginalUserType,string,Optional,Dns,,,
SrcOriginalUserType,string,Optional,NetworkSession,,,
SrcOriginalUserType,string,Optional,WebSession,,,
@ -1097,9 +1097,6 @@ TargetAppName,string,Optional,FileEvent,,,
TargetAppType,string,Conditional,AuditEvent,Enumerated,Process|Service|Resource|URL|SaaS application|Other,TargetAppName
TargetAppType,string,Conditional,Authentication,Enumerated,Process|Service|Resource|URL|SaaS application|Other,TargetAppName
TargetAppType,string,Conditional,FileEvent,Enumerated,Process|Service|Resource|URL|SaaS application|Other,TargetAppName
TargetOriginalAppType,string,Optional,AuditEvent,,,
TargetOriginalAppType,string,Optional,FileEvent,,,
TargetOriginalAppType,string,Optional,Authentication,,,
TargetDescription,string,Optional,AuditEvent,,,
TargetDescription,string,Optional,Authentication,,,
TargetDeviceType,string,Optional,AuditEvent,Enumerated,Computer|Mobile Device|IOT Device|Other,
@ -1146,6 +1143,9 @@ TargetHostname,string,Recommended,AuditEvent,,,
TargetHostname,string,Recommended,Authentication,Hostname,,
TargetIpAddr,string,Optional,Authentication,IP Address,,
TargetIpAddr,string,Recommended,AuditEvent,IP Address,,
TargetOriginalAppType,string,Optional,AuditEvent,,,
TargetOriginalAppType,string,Optional,FileEvent,,,
TargetOriginalAppType,string,Optional,Authentication,,,
TargetOriginalRiskLevel,string,Optional,AuditEvent,,,
TargetOriginalRiskLevel,string,Optional,Authentication,,,
TargetOriginalUserType,string,Optional,Authentication,,,
@ -1189,7 +1189,6 @@ TargetUserAadId,string,Optional,ProcessEvent,,,
TargetUserId,string,Optional,Authentication,,,
TargetUserId,string,Optional,UserManagement,,,
TargetUserId,string,Recommended,ProcessEvent,,,
TargetUserUid,string,Optional,UserManagement,,,
TargetUserIdType,string,Conditional,Authentication,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|Other,TargetUserId
TargetUserIdType,string,Conditional,ProcessEvent,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId
TargetUserIdType,string,Conditional,UserManagement,Enumerated,SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other,TargetUserId
@ -1210,6 +1209,7 @@ TargetUserSid,string,Optional,ProcessEvent,,,
TargetUserType,string,Optional,Authentication,,Regular|Guest|Machine|Admin|System|Application|Service|Other,
TargetUserType,string,Optional,ProcessEvent,Enumerated,Regular|Guest|Machine|Admin|System|Application|Service|Other,
TargetUserType,string,Optional,UserManagement,Enumerated,Regular|Machine|Admin|System|Application|Service Principal|Other,
TargetUserUid,string,Optional,UserManagement,,,
TargetUserUpn,string,Optional,ProcessEvent,,,
TcpFlagsAck,bool,Optional,NetworkSession,,,
TcpFlagsFin,bool,Optional,NetworkSession,,,

1 ColumnName ColumnType Class Schema LogicalType ListOfValues Aliased
7 ActingAppName string Optional Authentication
8 ActingAppName string Optional FileEvent
9 ActingAppName string Optional UserManagement
10 ActingAppName string Optional UserManagement
11 ActingAppType string Optional AuditEvent Enumerated Process|Service|Resource|URL|SaaS application|CSP|Other
12 ActingAppType string Optional Authentication Enumerated Process|Service|Resource|URL|SaaS application|CSP|Other
13 ActingAppType string Optional FileEvent Enumerated Process|Service|Resource|URL|SaaS application|CSP|Other
44 ActingProcessSHA256 string Optional ProcessEvent SHA256
45 ActingProcessSHA512 string Optional ProcessEvent SHA521
46 ActingProcessTokenElevation string Optional ProcessEvent
ActingAppName string Optional UserManagement
47 ActorOriginalUserType string Optional UserManagement
48 ActorOriginalUserType string Optional AuditEvent
49 ActorOriginalUserType string Optional Authentication
783 Object string Recommended AuditEvent
784 ObjectId string Recommended AuditEvent
785 ObjectType string Related AuditEvent Enumerated Configuration Atom|Policy Rule|Event Log|Scheduled Task|Service|Directory Service Object|Other
OriginalObjectType string Optional AuditEvent
786 OldValue string Optional AuditEvent
787 Operation string Mandatory AuditEvent
788 OriginalObjectType string Optional AuditEvent
789 OuterVlanId string Alias NetworkSession DstVlanId
790 OuterVlanId string Alias WebSession DstVlanId
791 ParentProcessCreationTime datetime Optional ProcessEvent
1025 SrcOriginalRiskLevel string Optional Authentication
1026 SrcOriginalRiskLevel string Optional Dns
1027 SrcOriginalRiskLevel string Optional DhcpEvent
SrcOriginalUserType string Optional DhcpEvent
1028 SrcOriginalRiskLevel string Optional UserManagement
1029 SrcOriginalUserType string Optional DhcpEvent
1030 SrcOriginalUserType string Optional Dns
1031 SrcOriginalUserType string Optional NetworkSession
1032 SrcOriginalUserType string Optional WebSession
1097 TargetAppType string Conditional AuditEvent Enumerated Process|Service|Resource|URL|SaaS application|Other TargetAppName
1098 TargetAppType string Conditional Authentication Enumerated Process|Service|Resource|URL|SaaS application|Other TargetAppName
1099 TargetAppType string Conditional FileEvent Enumerated Process|Service|Resource|URL|SaaS application|Other TargetAppName
TargetOriginalAppType string Optional AuditEvent
TargetOriginalAppType string Optional FileEvent
TargetOriginalAppType string Optional Authentication
1100 TargetDescription string Optional AuditEvent
1101 TargetDescription string Optional Authentication
1102 TargetDeviceType string Optional AuditEvent Enumerated Computer|Mobile Device|IOT Device|Other
1143 TargetHostname string Recommended Authentication Hostname
1144 TargetIpAddr string Optional Authentication IP Address
1145 TargetIpAddr string Recommended AuditEvent IP Address
1146 TargetOriginalAppType string Optional AuditEvent
1147 TargetOriginalAppType string Optional FileEvent
1148 TargetOriginalAppType string Optional Authentication
1149 TargetOriginalRiskLevel string Optional AuditEvent
1150 TargetOriginalRiskLevel string Optional Authentication
1151 TargetOriginalUserType string Optional Authentication
1189 TargetUserId string Optional Authentication
1190 TargetUserId string Optional UserManagement
1191 TargetUserId string Recommended ProcessEvent
TargetUserUid string Optional UserManagement
1192 TargetUserIdType string Conditional Authentication Enumerated SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|GWorkspaceProfileID|Other TargetUserId
1193 TargetUserIdType string Conditional ProcessEvent Enumerated SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other TargetUserId
1194 TargetUserIdType string Conditional UserManagement Enumerated SID|UID|AADID|OktaId|AWSId|PUID|SalesforceId|VectraUserId|MD4IoTid|Other TargetUserId
1209 TargetUserType string Optional Authentication Regular|Guest|Machine|Admin|System|Application|Service|Other
1210 TargetUserType string Optional ProcessEvent Enumerated Regular|Guest|Machine|Admin|System|Application|Service|Other
1211 TargetUserType string Optional UserManagement Enumerated Regular|Machine|Admin|System|Application|Service Principal|Other
1212 TargetUserUid string Optional UserManagement
1213 TargetUserUpn string Optional ProcessEvent
1214 TcpFlagsAck bool Optional NetworkSession
1215 TcpFlagsFin bool Optional NetworkSession

134
Parsers/ASimAuditEvent/Field Mappings/AuditEvent_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,134 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
ActingAppId,string,,,,,direct mapping
ActingAppName,string,,,,,direct mapping
ActingAppType,string,,,,,direct mapping
ActingOriginalAppType,string,,,,,direct mapping
ActorOriginalUserType,string,,,,,direct mapping
ActorScope,string,,,,,direct mapping
ActorScopeId,string,,,,,direct mapping
ActorSessionId,string,,,,,direct mapping
ActorUserAadId,string,,,,,direct mapping
ActorUserId,string,,,,,direct mapping
ActorUserIdType,string,,,,,direct mapping
ActorUsername,string,,,,,direct mapping
ActorUsernameType,string,,,,,direct mapping
ActorUserSid,string,,,,,direct mapping
ActorUserType,string,,,,,direct mapping
AdditionalFields,dynamic,,,,,direct mapping
Application,string,,,,,direct mapping
Dst,string,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
HttpUserAgent,string,,,,,direct mapping
IpAddr,string,,,,,direct mapping
NewValue,string,,,,,direct mapping
Object,string,,,,,direct mapping
ObjectId,string,,,,,direct mapping
ObjectType,string,,,,,direct mapping
OldValue,string,,,,,direct mapping
Operation,string,,,,,direct mapping
OriginalObjectType,string,,,,,direct mapping
Process,string,,,,,direct mapping
Rule,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
Src,string,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
SrcDeviceType,string,,,,,direct mapping
SrcDomain,string,,,,,direct mapping
SrcDomainType,string,,,,,direct mapping
SrcDvcId,string,,,,,direct mapping
SrcDvcIdType,string,,,,,direct mapping
SrcDvcScope,string,,,,,direct mapping
SrcDvcScopeId,string,,,,,direct mapping
SrcFQDN,string,,,,,direct mapping
SrcGeoCity,string,,,,,direct mapping
SrcGeoCountry,string,,,,,direct mapping
SrcGeoLatitude,real,,,,,direct mapping
SrcGeoLongitude,real,,,,,direct mapping
SrcGeoRegion,string,,,,,direct mapping
SrcHostname,string,,,,,direct mapping
SrcIpAddr,string,,,,,direct mapping
SrcOriginalRiskLevel,string,,,,,direct mapping
SrcPortNumber,int,,,,,direct mapping
SrcRiskLevel,int,,,,,direct mapping
TargetAppId,string,,,,,direct mapping
TargetAppName,string,,,,,direct mapping
TargetAppType,string,,,,,direct mapping
TargetDescription,string,,,,,direct mapping
TargetDeviceType,string,,,,,direct mapping
TargetDomain,string,,,,,direct mapping
TargetDomainType,string,,,,,direct mapping
TargetDvcId,string,,,,,direct mapping
TargetDvcIdType,string,,,,,direct mapping
TargetDvcOs,string,,,,,direct mapping
TargetDvcScope,string,,,,,direct mapping
TargetDvcScopeId,string,,,,,direct mapping
TargetFQDN,string,,,,,direct mapping
TargetGeoCity,string,,,,,direct mapping
TargetGeoCountry,string,,,,,direct mapping
TargetGeoLatitude,real,,,,,direct mapping
TargetGeoLongitude,real,,,,,direct mapping
TargetGeoRegion,string,,,,,direct mapping
TargetHostname,string,,,,,direct mapping
TargetIpAddr,string,,,,,direct mapping
TargetOriginalAppType,string,,,,,direct mapping
TargetOriginalRiskLevel,string,,,,,direct mapping
TargetPortNumber,int,,,,,direct mapping
TargetRiskLevel,int,,,,,direct mapping
TargetUrl,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIpAddr,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
Type,string,,,,,direct mapping
User,string,,,,,direct mapping
Value,string,,,,,direct mapping
ValueType,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 ActingAppId string direct mapping
3 ActingAppName string direct mapping
4 ActingAppType string direct mapping
5 ActingOriginalAppType string direct mapping
6 ActorOriginalUserType string direct mapping
7 ActorScope string direct mapping
8 ActorScopeId string direct mapping
9 ActorSessionId string direct mapping
10 ActorUserAadId string direct mapping
11 ActorUserId string direct mapping
12 ActorUserIdType string direct mapping
13 ActorUsername string direct mapping
14 ActorUsernameType string direct mapping
15 ActorUserSid string direct mapping
16 ActorUserType string direct mapping
17 AdditionalFields dynamic direct mapping
18 Application string direct mapping
19 Dst string direct mapping
20 Dvc string direct mapping
21 DvcAction string direct mapping
22 DvcDescription string direct mapping
23 DvcDomain string direct mapping
24 DvcDomainType string direct mapping
25 DvcFQDN string direct mapping
26 DvcHostname string direct mapping
27 DvcId string direct mapping
28 DvcIdType string direct mapping
29 DvcInterface string direct mapping
30 DvcIpAddr string direct mapping
31 DvcMacAddr string direct mapping
32 DvcOriginalAction string direct mapping
33 DvcOs string direct mapping
34 DvcOsVersion string direct mapping
35 DvcScope string direct mapping
36 DvcScopeId string direct mapping
37 DvcZone string direct mapping
38 EventCount int direct mapping
39 EventEndTime datetime direct mapping
40 EventMessage string direct mapping
41 EventOriginalResultDetails string direct mapping
42 EventOriginalSeverity string direct mapping
43 EventOriginalSubType string direct mapping
44 EventOriginalType string direct mapping
45 EventOriginalUid string direct mapping
46 EventOwner string direct mapping
47 EventProduct string direct mapping
48 EventProductVersion string direct mapping
49 EventReportUrl string direct mapping
50 EventResult string direct mapping
51 EventResultDetails string direct mapping
52 EventSchema string direct mapping
53 EventSchemaVersion string direct mapping
54 EventSeverity string direct mapping
55 EventStartTime datetime direct mapping
56 EventSubType string direct mapping
57 EventType string direct mapping
58 EventUid string direct mapping
59 EventVendor string direct mapping
60 HttpUserAgent string direct mapping
61 IpAddr string direct mapping
62 NewValue string direct mapping
63 Object string direct mapping
64 ObjectId string direct mapping
65 ObjectType string direct mapping
66 OldValue string direct mapping
67 Operation string direct mapping
68 OriginalObjectType string direct mapping
69 Process string direct mapping
70 Rule string direct mapping
71 RuleName string direct mapping
72 RuleNumber int direct mapping
73 Src string direct mapping
74 SrcDescription string direct mapping
75 SrcDeviceType string direct mapping
76 SrcDomain string direct mapping
77 SrcDomainType string direct mapping
78 SrcDvcId string direct mapping
79 SrcDvcIdType string direct mapping
80 SrcDvcScope string direct mapping
81 SrcDvcScopeId string direct mapping
82 SrcFQDN string direct mapping
83 SrcGeoCity string direct mapping
84 SrcGeoCountry string direct mapping
85 SrcGeoLatitude real direct mapping
86 SrcGeoLongitude real direct mapping
87 SrcGeoRegion string direct mapping
88 SrcHostname string direct mapping
89 SrcIpAddr string direct mapping
90 SrcOriginalRiskLevel string direct mapping
91 SrcPortNumber int direct mapping
92 SrcRiskLevel int direct mapping
93 TargetAppId string direct mapping
94 TargetAppName string direct mapping
95 TargetAppType string direct mapping
96 TargetDescription string direct mapping
97 TargetDeviceType string direct mapping
98 TargetDomain string direct mapping
99 TargetDomainType string direct mapping
100 TargetDvcId string direct mapping
101 TargetDvcIdType string direct mapping
102 TargetDvcOs string direct mapping
103 TargetDvcScope string direct mapping
104 TargetDvcScopeId string direct mapping
105 TargetFQDN string direct mapping
106 TargetGeoCity string direct mapping
107 TargetGeoCountry string direct mapping
108 TargetGeoLatitude real direct mapping
109 TargetGeoLongitude real direct mapping
110 TargetGeoRegion string direct mapping
111 TargetHostname string direct mapping
112 TargetIpAddr string direct mapping
113 TargetOriginalAppType string direct mapping
114 TargetOriginalRiskLevel string direct mapping
115 TargetPortNumber int direct mapping
116 TargetRiskLevel int direct mapping
117 TargetUrl string direct mapping
118 ThreatCategory string direct mapping
119 ThreatConfidence int direct mapping
120 ThreatField string direct mapping
121 ThreatFirstReportedTime datetime direct mapping
122 ThreatId string direct mapping
123 ThreatIpAddr string direct mapping
124 ThreatIsActive bool direct mapping
125 ThreatLastReportedTime datetime direct mapping
126 ThreatName string direct mapping
127 ThreatOriginalConfidence string direct mapping
128 ThreatOriginalRiskLevel string direct mapping
129 ThreatRiskLevel int direct mapping
130 TimeGenerated datetime direct mapping
131 Type string direct mapping
132 User string direct mapping
133 Value string direct mapping
134 ValueType string direct mapping

136
Parsers/ASimAuthentication/Field Mappings/Authentication_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,136 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
ActingAppId,string,,,,,direct mapping
ActingAppName,string,,,,,direct mapping
ActingAppType,string,,,,,direct mapping
ActingOriginalAppType,string,,,,,direct mapping
ActorOriginalUserType,string,,,,,direct mapping
ActorScope,string,,,,,direct mapping
ActorScopeId,string,,,,,direct mapping
ActorSessionId,string,,,,,direct mapping
ActorUserId,string,,,,,direct mapping
ActorUserIdType,string,,,,,direct mapping
ActorUsername,string,,,,,direct mapping
ActorUsernameType,string,,,,,direct mapping
ActorUserType,string,,,,,direct mapping
AdditionalFields,dynamic,,,,,direct mapping
Application,string,,,,,direct mapping
Dst,string,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
HttpUserAgent,string,,,,,direct mapping
IpAddr,string,,,,,direct mapping
LogonMethod,string,,,,,direct mapping
LogonProtocol,string,,,,,direct mapping
LogonTarget,string,,,,,direct mapping
Rule,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
Src,string,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
SrcDeviceType,string,,,,,direct mapping
SrcDomain,string,,,,,direct mapping
SrcDomainType,string,,,,,direct mapping
SrcDvcId,string,,,,,direct mapping
SrcDvcIdType,string,,,,,direct mapping
SrcDvcOs,string,,,,,direct mapping
SrcDvcScope,string,,,,,direct mapping
SrcDvcScopeId,string,,,,,direct mapping
SrcFQDN,string,,,,,direct mapping
SrcGeoCity,string,,,,,direct mapping
SrcGeoCountry,string,,,,,direct mapping
SrcGeoLatitude,real,,,,,direct mapping
SrcGeoLongitude,real,,,,,direct mapping
SrcGeoRegion,string,,,,,direct mapping
SrcHostname,string,,,,,direct mapping
SrcIpAddr,string,,,,,direct mapping
SrcIsp,string,,,,,direct mapping
SrcOriginalRiskLevel,string,,,,,direct mapping
SrcPortNumber,int,,,,,direct mapping
SrcRiskLevel,int,,,,,direct mapping
TargetAppId,string,,,,,direct mapping
TargetAppName,string,,,,,direct mapping
TargetAppType,string,,,,,direct mapping
TargetDescription,string,,,,,direct mapping
TargetDeviceType,string,,,,,direct mapping
TargetDomain,string,,,,,direct mapping
TargetDomainType,string,,,,,direct mapping
TargetDvcId,string,,,,,direct mapping
TargetDvcIdType,string,,,,,direct mapping
TargetDvcOs,string,,,,,direct mapping
TargetDvcScope,string,,,,,direct mapping
TargetDvcScopeId,string,,,,,direct mapping
TargetFQDN,string,,,,,direct mapping
TargetGeoCity,string,,,,,direct mapping
TargetGeoCountry,string,,,,,direct mapping
TargetGeoLatitude,real,,,,,direct mapping
TargetGeoLongitude,real,,,,,direct mapping
TargetGeoRegion,string,,,,,direct mapping
TargetHostname,string,,,,,direct mapping
TargetIpAddr,string,,,,,direct mapping
TargetOriginalAppType,string,,,,,direct mapping
TargetOriginalRiskLevel,string,,,,,direct mapping
TargetOriginalUserType,string,,,,,direct mapping
TargetPortNumber,int,,,,,direct mapping
TargetRiskLevel,int,,,,,direct mapping
TargetSessionId,string,,,,,direct mapping
TargetUrl,string,,,,,direct mapping
TargetUserId,string,,,,,direct mapping
TargetUserIdType,string,,,,,direct mapping
TargetUsername,string,,,,,direct mapping
TargetUsernameType,string,,,,,direct mapping
TargetUserScope,string,,,,,direct mapping
TargetUserScopeId,string,,,,,direct mapping
TargetUserType,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIpAddr,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
Type,string,,,,,direct mapping
User,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 ActingAppId string direct mapping
3 ActingAppName string direct mapping
4 ActingAppType string direct mapping
5 ActingOriginalAppType string direct mapping
6 ActorOriginalUserType string direct mapping
7 ActorScope string direct mapping
8 ActorScopeId string direct mapping
9 ActorSessionId string direct mapping
10 ActorUserId string direct mapping
11 ActorUserIdType string direct mapping
12 ActorUsername string direct mapping
13 ActorUsernameType string direct mapping
14 ActorUserType string direct mapping
15 AdditionalFields dynamic direct mapping
16 Application string direct mapping
17 Dst string direct mapping
18 Dvc string direct mapping
19 DvcAction string direct mapping
20 DvcDescription string direct mapping
21 DvcDomain string direct mapping
22 DvcDomainType string direct mapping
23 DvcFQDN string direct mapping
24 DvcHostname string direct mapping
25 DvcId string direct mapping
26 DvcIdType string direct mapping
27 DvcInterface string direct mapping
28 DvcIpAddr string direct mapping
29 DvcMacAddr string direct mapping
30 DvcOriginalAction string direct mapping
31 DvcOs string direct mapping
32 DvcOsVersion string direct mapping
33 DvcScope string direct mapping
34 DvcScopeId string direct mapping
35 DvcZone string direct mapping
36 EventCount int direct mapping
37 EventEndTime datetime direct mapping
38 EventMessage string direct mapping
39 EventOriginalResultDetails string direct mapping
40 EventOriginalSeverity string direct mapping
41 EventOriginalSubType string direct mapping
42 EventOriginalType string direct mapping
43 EventOriginalUid string direct mapping
44 EventOwner string direct mapping
45 EventProduct string direct mapping
46 EventProductVersion string direct mapping
47 EventReportUrl string direct mapping
48 EventResult string direct mapping
49 EventResultDetails string direct mapping
50 EventSchema string direct mapping
51 EventSchemaVersion string direct mapping
52 EventSeverity string direct mapping
53 EventStartTime datetime direct mapping
54 EventSubType string direct mapping
55 EventType string direct mapping
56 EventUid string direct mapping
57 EventVendor string direct mapping
58 HttpUserAgent string direct mapping
59 IpAddr string direct mapping
60 LogonMethod string direct mapping
61 LogonProtocol string direct mapping
62 LogonTarget string direct mapping
63 Rule string direct mapping
64 RuleName string direct mapping
65 RuleNumber int direct mapping
66 Src string direct mapping
67 SrcDescription string direct mapping
68 SrcDeviceType string direct mapping
69 SrcDomain string direct mapping
70 SrcDomainType string direct mapping
71 SrcDvcId string direct mapping
72 SrcDvcIdType string direct mapping
73 SrcDvcOs string direct mapping
74 SrcDvcScope string direct mapping
75 SrcDvcScopeId string direct mapping
76 SrcFQDN string direct mapping
77 SrcGeoCity string direct mapping
78 SrcGeoCountry string direct mapping
79 SrcGeoLatitude real direct mapping
80 SrcGeoLongitude real direct mapping
81 SrcGeoRegion string direct mapping
82 SrcHostname string direct mapping
83 SrcIpAddr string direct mapping
84 SrcIsp string direct mapping
85 SrcOriginalRiskLevel string direct mapping
86 SrcPortNumber int direct mapping
87 SrcRiskLevel int direct mapping
88 TargetAppId string direct mapping
89 TargetAppName string direct mapping
90 TargetAppType string direct mapping
91 TargetDescription string direct mapping
92 TargetDeviceType string direct mapping
93 TargetDomain string direct mapping
94 TargetDomainType string direct mapping
95 TargetDvcId string direct mapping
96 TargetDvcIdType string direct mapping
97 TargetDvcOs string direct mapping
98 TargetDvcScope string direct mapping
99 TargetDvcScopeId string direct mapping
100 TargetFQDN string direct mapping
101 TargetGeoCity string direct mapping
102 TargetGeoCountry string direct mapping
103 TargetGeoLatitude real direct mapping
104 TargetGeoLongitude real direct mapping
105 TargetGeoRegion string direct mapping
106 TargetHostname string direct mapping
107 TargetIpAddr string direct mapping
108 TargetOriginalAppType string direct mapping
109 TargetOriginalRiskLevel string direct mapping
110 TargetOriginalUserType string direct mapping
111 TargetPortNumber int direct mapping
112 TargetRiskLevel int direct mapping
113 TargetSessionId string direct mapping
114 TargetUrl string direct mapping
115 TargetUserId string direct mapping
116 TargetUserIdType string direct mapping
117 TargetUsername string direct mapping
118 TargetUsernameType string direct mapping
119 TargetUserScope string direct mapping
120 TargetUserScopeId string direct mapping
121 TargetUserType string direct mapping
122 ThreatCategory string direct mapping
123 ThreatConfidence int direct mapping
124 ThreatField string direct mapping
125 ThreatFirstReportedTime datetime direct mapping
126 ThreatId string direct mapping
127 ThreatIpAddr string direct mapping
128 ThreatIsActive bool direct mapping
129 ThreatLastReportedTime datetime direct mapping
130 ThreatName string direct mapping
131 ThreatOriginalConfidence string direct mapping
132 ThreatOriginalRiskLevel string direct mapping
133 ThreatRiskLevel int direct mapping
134 TimeGenerated datetime direct mapping
135 Type string direct mapping
136 User string direct mapping

2
Parsers/ASimAuthentication/Field Mappings/Authentication_SampleProductName_MappingSheet.csv
Просмотреть файл

@ -1,2 +0,0 @@
ProductFieldName, ProductFieldDescription, ProductFieldType, ProductSampleValue, ASIMFieldName, ASIMFieldType, Comment
user_email, user email address, string, rahul.sharma@contoso.com, TargetUsername, string,
1 ProductFieldName ProductFieldDescription ProductFieldType ProductSampleValue ASIMFieldName ASIMFieldType Comment
2 user_email user email address string rahul.sharma@contoso.com TargetUsername string

105
Parsers/ASimDhcpEvent/Field Mappings/DhcpEvent_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,105 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
AdditionalFields,dynamic,,,,,direct mapping
DhcpCircuitId,string,,,,,direct mapping
DhcpLeaseDuration,int,,,,,direct mapping
DhcpSessionDuration,int,,,,,direct mapping
DhcpSessionId,string,,,,,direct mapping
DhcpSrcDHCId,string,,,,,direct mapping
DhcpSubscriberId,string,,,,,direct mapping
DhcpUserClass,string,,,,,direct mapping
DhcpUserClassId,string,,,,,direct mapping
DhcpVendorClass,string,,,,,direct mapping
DhcpVendorClassId,string,,,,,direct mapping
Dst,string,,,,,direct mapping
Duration,int,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
Hostname,string,,,,,direct mapping
IpAddr,string,,,,,direct mapping
RequestedIpAddr,string,,,,,direct mapping
Rule,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
SessionId,string,,,,,direct mapping
Src,string,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
SrcDeviceType,string,,,,,direct mapping
SrcDomain,string,,,,,direct mapping
SrcDomainType,string,,,,,direct mapping
SrcDvcId,string,,,,,direct mapping
SrcDvcIdType,string,,,,,direct mapping
SrcDvcScope,string,,,,,direct mapping
SrcDvcScopeId,string,,,,,direct mapping
SrcFQDN,string,,,,,direct mapping
SrcGeoCity,string,,,,,direct mapping
SrcGeoCountry,string,,,,,direct mapping
SrcGeoLatitude,real,,,,,direct mapping
SrcGeoLongitude,real,,,,,direct mapping
SrcGeoRegion,string,,,,,direct mapping
SrcHostname,string,,,,,direct mapping
SrcIpAddr,string,,,,,direct mapping
SrcMacAddr,string,,,,,direct mapping
SrcOriginalRiskLevel,string,,,,,direct mapping
SrcOriginalUserType,string,,,,,direct mapping
SrcPortNumber,int,,,,,direct mapping
SrcRiskLevel,int,,,,,direct mapping
SrcUserId,string,,,,,direct mapping
SrcUserIdType,string,,,,,direct mapping
SrcUsername,string,,,,,direct mapping
SrcUsernameType,string,,,,,direct mapping
SrcUserScope,string,,,,,direct mapping
SrcUserScopeId,string,,,,,direct mapping
SrcUserSessionId,string,,,,,direct mapping
SrcUserType,string,,,,,direct mapping
SrcUserUid,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
Type,string,,,,,direct mapping
Username,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 AdditionalFields dynamic direct mapping
3 DhcpCircuitId string direct mapping
4 DhcpLeaseDuration int direct mapping
5 DhcpSessionDuration int direct mapping
6 DhcpSessionId string direct mapping
7 DhcpSrcDHCId string direct mapping
8 DhcpSubscriberId string direct mapping
9 DhcpUserClass string direct mapping
10 DhcpUserClassId string direct mapping
11 DhcpVendorClass string direct mapping
12 DhcpVendorClassId string direct mapping
13 Dst string direct mapping
14 Duration int direct mapping
15 DvcAction string direct mapping
16 DvcDescription string direct mapping
17 DvcDomain string direct mapping
18 DvcDomainType string direct mapping
19 DvcFQDN string direct mapping
20 DvcHostname string direct mapping
21 DvcId string direct mapping
22 DvcIdType string direct mapping
23 DvcInterface string direct mapping
24 DvcIpAddr string direct mapping
25 DvcMacAddr string direct mapping
26 DvcOriginalAction string direct mapping
27 DvcOs string direct mapping
28 DvcOsVersion string direct mapping
29 DvcScope string direct mapping
30 DvcScopeId string direct mapping
31 DvcZone string direct mapping
32 EventCount int direct mapping
33 EventEndTime datetime direct mapping
34 EventMessage string direct mapping
35 EventOriginalResultDetails string direct mapping
36 EventOriginalSeverity string direct mapping
37 EventOriginalSubType string direct mapping
38 EventOriginalType string direct mapping
39 EventOriginalUid string direct mapping
40 EventOwner string direct mapping
41 EventProduct string direct mapping
42 EventProductVersion string direct mapping
43 EventReportUrl string direct mapping
44 EventResult string direct mapping
45 EventResultDetails string direct mapping
46 EventSchema string direct mapping
47 EventSchemaVersion string direct mapping
48 EventSeverity string direct mapping
49 EventStartTime datetime direct mapping
50 EventSubType string direct mapping
51 EventType string direct mapping
52 EventUid string direct mapping
53 EventVendor string direct mapping
54 Hostname string direct mapping
55 IpAddr string direct mapping
56 RequestedIpAddr string direct mapping
57 Rule string direct mapping
58 RuleName string direct mapping
59 RuleNumber int direct mapping
60 SessionId string direct mapping
61 Src string direct mapping
62 SrcDescription string direct mapping
63 SrcDeviceType string direct mapping
64 SrcDomain string direct mapping
65 SrcDomainType string direct mapping
66 SrcDvcId string direct mapping
67 SrcDvcIdType string direct mapping
68 SrcDvcScope string direct mapping
69 SrcDvcScopeId string direct mapping
70 SrcFQDN string direct mapping
71 SrcGeoCity string direct mapping
72 SrcGeoCountry string direct mapping
73 SrcGeoLatitude real direct mapping
74 SrcGeoLongitude real direct mapping
75 SrcGeoRegion string direct mapping
76 SrcHostname string direct mapping
77 SrcIpAddr string direct mapping
78 SrcMacAddr string direct mapping
79 SrcOriginalRiskLevel string direct mapping
80 SrcOriginalUserType string direct mapping
81 SrcPortNumber int direct mapping
82 SrcRiskLevel int direct mapping
83 SrcUserId string direct mapping
84 SrcUserIdType string direct mapping
85 SrcUsername string direct mapping
86 SrcUsernameType string direct mapping
87 SrcUserScope string direct mapping
88 SrcUserScopeId string direct mapping
89 SrcUserSessionId string direct mapping
90 SrcUserType string direct mapping
91 SrcUserUid string direct mapping
92 ThreatCategory string direct mapping
93 ThreatConfidence int direct mapping
94 ThreatField string direct mapping
95 ThreatFirstReportedTime datetime direct mapping
96 ThreatId string direct mapping
97 ThreatIsActive bool direct mapping
98 ThreatLastReportedTime datetime direct mapping
99 ThreatName string direct mapping
100 ThreatOriginalConfidence string direct mapping
101 ThreatOriginalRiskLevel string direct mapping
102 ThreatRiskLevel int direct mapping
103 TimeGenerated datetime direct mapping
104 Type string direct mapping
105 Username string direct mapping

152
Parsers/ASimDns/Field Mappings/Dns_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,152 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
AdditionalFields,dynamic,,,,,direct mapping
DnsFlags,string,,,,,direct mapping
DnsFlagsAuthenticated,bool,,,,,direct mapping
DnsFlagsAuthoritative,bool,,,,,direct mapping
DnsFlagsCheckingDisabled,bool,,,,,direct mapping
DnsFlagsRecursionAvailable,bool,,,,,direct mapping
DnsFlagsRecursionDesired,bool,,,,,direct mapping
DnsFlagsTruncated,bool,,,,,direct mapping
DnsFlagsZ,bool,,,,,direct mapping
DnsNetworkDuration,int,,,,,direct mapping
DnsQuery,string,,,,,direct mapping
DnsQueryClass,int,,,,,direct mapping
DnsQueryClassName,string,,,,,direct mapping
DnsQueryType,int,,,,,direct mapping
DnsQueryTypeName,string,,,,,direct mapping
DnsResponseCode,int,,,,,direct mapping
DnsResponseCodeName,string,,,,,direct mapping
DnsResponseIpCity,string,,,,,direct mapping
DnsResponseIpCountry,string,,,,,direct mapping
DnsResponseIpLatitude,real,,,,,direct mapping
DnsResponseIpLongitude,real,,,,,direct mapping
DnsResponseIpRegion,string,,,,,direct mapping
DnsResponseName,string,,,,,direct mapping
DnsSessionId,string,,,,,direct mapping
Domain,string,,,,,direct mapping
DomainCategory,string,,,,,direct mapping
Dst,string,,,,,direct mapping
DstDescription,string,,,,,direct mapping
DstDeviceType,string,,,,,direct mapping
DstDomain,string,,,,,direct mapping
DstDomainType,string,,,,,direct mapping
DstDvcId,string,,,,,direct mapping
DstDvcIdType,string,,,,,direct mapping
DstDvcScope,string,,,,,direct mapping
DstDvcScopeId,string,,,,,direct mapping
DstFQDN,string,,,,,direct mapping
DstGeoCity,string,,,,,direct mapping
DstGeoCountry,string,,,,,direct mapping
DstGeoLatitude,real,,,,,direct mapping
DstGeoLongitude,real,,,,,direct mapping
DstGeoRegion,string,,,,,direct mapping
DstHostname,string,,,,,direct mapping
DstIpAddr,string,,,,,direct mapping
DstOriginalRiskLevel,string,,,,,direct mapping
DstPortNumber,int,,,,,direct mapping
DstRiskLevel,int,,,,,direct mapping
Duration,int,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
Hostname,string,,,,,direct mapping
IpAddr,string,,,,,direct mapping
NetworkProtocol,string,,,,,direct mapping
NetworkProtocolVersion,string,,,,,direct mapping
Process,string,,,,,direct mapping
Rule,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
SessionId,string,,,,,direct mapping
Src,string,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
SrcDeviceType,string,,,,,direct mapping
SrcDomain,string,,,,,direct mapping
SrcDomainType,string,,,,,direct mapping
SrcDvcId,string,,,,,direct mapping
SrcDvcIdType,string,,,,,direct mapping
SrcDvcScope,string,,,,,direct mapping
SrcDvcScopeId,string,,,,,direct mapping
SrcFQDN,string,,,,,direct mapping
SrcGeoCity,string,,,,,direct mapping
SrcGeoCountry,string,,,,,direct mapping
SrcGeoLatitude,real,,,,,direct mapping
SrcGeoLongitude,real,,,,,direct mapping
SrcGeoRegion,string,,,,,direct mapping
SrcHostname,string,,,,,direct mapping
SrcIpAddr,string,,,,,direct mapping
SrcOriginalRiskLevel,string,,,,,direct mapping
SrcOriginalUserType,string,,,,,direct mapping
SrcPortNumber,int,,,,,direct mapping
SrcProcessGuid,string,,,,,direct mapping
SrcProcessId,string,,,,,direct mapping
SrcProcessName,string,,,,,direct mapping
SrcRiskLevel,int,,,,,direct mapping
SrcUserAadId,string,,,,,direct mapping
SrcUserAWSId,string,,,,,direct mapping
SrcUserId,string,,,,,direct mapping
SrcUserIdType,string,,,,,direct mapping
SrcUsername,string,,,,,direct mapping
SrcUsernameType,string,,,,,direct mapping
SrcUserOktaId,string,,,,,direct mapping
SrcUserScope,string,,,,,direct mapping
SrcUserScopeId,string,,,,,direct mapping
SrcUserSessionId,string,,,,,direct mapping
SrcUserSid,string,,,,,direct mapping
SrcUserType,string,,,,,direct mapping
SrcUserUid,string,,,,,direct mapping
TenantId,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIpAddr,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
TransactionIdHex,string,,,,,direct mapping
Type,string,,,,,direct mapping
UrlCategory,string,,,,,direct mapping
User,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 AdditionalFields dynamic direct mapping
3 DnsFlags string direct mapping
4 DnsFlagsAuthenticated bool direct mapping
5 DnsFlagsAuthoritative bool direct mapping
6 DnsFlagsCheckingDisabled bool direct mapping
7 DnsFlagsRecursionAvailable bool direct mapping
8 DnsFlagsRecursionDesired bool direct mapping
9 DnsFlagsTruncated bool direct mapping
10 DnsFlagsZ bool direct mapping
11 DnsNetworkDuration int direct mapping
12 DnsQuery string direct mapping
13 DnsQueryClass int direct mapping
14 DnsQueryClassName string direct mapping
15 DnsQueryType int direct mapping
16 DnsQueryTypeName string direct mapping
17 DnsResponseCode int direct mapping
18 DnsResponseCodeName string direct mapping
19 DnsResponseIpCity string direct mapping
20 DnsResponseIpCountry string direct mapping
21 DnsResponseIpLatitude real direct mapping
22 DnsResponseIpLongitude real direct mapping
23 DnsResponseIpRegion string direct mapping
24 DnsResponseName string direct mapping
25 DnsSessionId string direct mapping
26 Domain string direct mapping
27 DomainCategory string direct mapping
28 Dst string direct mapping
29 DstDescription string direct mapping
30 DstDeviceType string direct mapping
31 DstDomain string direct mapping
32 DstDomainType string direct mapping
33 DstDvcId string direct mapping
34 DstDvcIdType string direct mapping
35 DstDvcScope string direct mapping
36 DstDvcScopeId string direct mapping
37 DstFQDN string direct mapping
38 DstGeoCity string direct mapping
39 DstGeoCountry string direct mapping
40 DstGeoLatitude real direct mapping
41 DstGeoLongitude real direct mapping
42 DstGeoRegion string direct mapping
43 DstHostname string direct mapping
44 DstIpAddr string direct mapping
45 DstOriginalRiskLevel string direct mapping
46 DstPortNumber int direct mapping
47 DstRiskLevel int direct mapping
48 Duration int direct mapping
49 Dvc string direct mapping
50 DvcAction string direct mapping
51 DvcDescription string direct mapping
52 DvcDomain string direct mapping
53 DvcDomainType string direct mapping
54 DvcFQDN string direct mapping
55 DvcHostname string direct mapping
56 DvcId string direct mapping
57 DvcIdType string direct mapping
58 DvcInterface string direct mapping
59 DvcIpAddr string direct mapping
60 DvcMacAddr string direct mapping
61 DvcOriginalAction string direct mapping
62 DvcOs string direct mapping
63 DvcOsVersion string direct mapping
64 DvcScope string direct mapping
65 DvcScopeId string direct mapping
66 DvcZone string direct mapping
67 EventCount int direct mapping
68 EventEndTime datetime direct mapping
69 EventMessage string direct mapping
70 EventOriginalResultDetails string direct mapping
71 EventOriginalSeverity string direct mapping
72 EventOriginalSubType string direct mapping
73 EventOriginalType string direct mapping
74 EventOriginalUid string direct mapping
75 EventOwner string direct mapping
76 EventProduct string direct mapping
77 EventProductVersion string direct mapping
78 EventReportUrl string direct mapping
79 EventResult string direct mapping
80 EventResultDetails string direct mapping
81 EventSchema string direct mapping
82 EventSchemaVersion string direct mapping
83 EventSeverity string direct mapping
84 EventStartTime datetime direct mapping
85 EventSubType string direct mapping
86 EventType string direct mapping
87 EventUid string direct mapping
88 EventVendor string direct mapping
89 Hostname string direct mapping
90 IpAddr string direct mapping
91 NetworkProtocol string direct mapping
92 NetworkProtocolVersion string direct mapping
93 Process string direct mapping
94 Rule string direct mapping
95 RuleName string direct mapping
96 RuleNumber int direct mapping
97 SessionId string direct mapping
98 Src string direct mapping
99 SrcDescription string direct mapping
100 SrcDeviceType string direct mapping
101 SrcDomain string direct mapping
102 SrcDomainType string direct mapping
103 SrcDvcId string direct mapping
104 SrcDvcIdType string direct mapping
105 SrcDvcScope string direct mapping
106 SrcDvcScopeId string direct mapping
107 SrcFQDN string direct mapping
108 SrcGeoCity string direct mapping
109 SrcGeoCountry string direct mapping
110 SrcGeoLatitude real direct mapping
111 SrcGeoLongitude real direct mapping
112 SrcGeoRegion string direct mapping
113 SrcHostname string direct mapping
114 SrcIpAddr string direct mapping
115 SrcOriginalRiskLevel string direct mapping
116 SrcOriginalUserType string direct mapping
117 SrcPortNumber int direct mapping
118 SrcProcessGuid string direct mapping
119 SrcProcessId string direct mapping
120 SrcProcessName string direct mapping
121 SrcRiskLevel int direct mapping
122 SrcUserAadId string direct mapping
123 SrcUserAWSId string direct mapping
124 SrcUserId string direct mapping
125 SrcUserIdType string direct mapping
126 SrcUsername string direct mapping
127 SrcUsernameType string direct mapping
128 SrcUserOktaId string direct mapping
129 SrcUserScope string direct mapping
130 SrcUserScopeId string direct mapping
131 SrcUserSessionId string direct mapping
132 SrcUserSid string direct mapping
133 SrcUserType string direct mapping
134 SrcUserUid string direct mapping
135 TenantId string direct mapping
136 ThreatCategory string direct mapping
137 ThreatConfidence int direct mapping
138 ThreatField string direct mapping
139 ThreatFirstReportedTime datetime direct mapping
140 ThreatId string direct mapping
141 ThreatIpAddr string direct mapping
142 ThreatIsActive bool direct mapping
143 ThreatLastReportedTime datetime direct mapping
144 ThreatName string direct mapping
145 ThreatOriginalConfidence string direct mapping
146 ThreatOriginalRiskLevel string direct mapping
147 ThreatRiskLevel int direct mapping
148 TimeGenerated datetime direct mapping
149 TransactionIdHex string direct mapping
150 Type string direct mapping
151 UrlCategory string direct mapping
152 User string direct mapping

138
Parsers/ASimFileEvent/Field Mappings/FileEvent_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,138 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
ActingAppId,string,,,,,direct mapping
ActingAppName,string,,,,,direct mapping
ActingAppType,string,,,,,direct mapping
ActingProcessCommandLine,string,,,,,direct mapping
ActingProcessGuid,string,,,,,direct mapping
ActingProcessId,string,,,,,direct mapping
ActingProcessName,string,,,,,direct mapping
ActorOriginalUserType,string,,,,,direct mapping
ActorScope,string,,,,,direct mapping
ActorScopeId,string,,,,,direct mapping
ActorSessionId,string,,,,,direct mapping
ActorUpn,string,,,,,direct mapping
ActorUserAadId,string,,,,,direct mapping
ActorUserId,string,,,,,direct mapping
ActorUserIdType,string,,,,,direct mapping
ActorUsername,string,,,,,direct mapping
ActorUsernameType,string,,,,,direct mapping
ActorUserPuid,string,,,,,direct mapping
ActorUserSid,string,,,,,direct mapping
ActorUserType,string,,,,,direct mapping
AdditionalFields,dynamic,,,,,direct mapping
Application,string,,,,,direct mapping
DstDescription,string,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
FileName,string,,,,,direct mapping
FilePath,string,,,,,direct mapping
Hash,string,,,,,direct mapping
HashType,string,,,,,direct mapping
HttpUserAgent,string,,,,,direct mapping
IpAddr,string,,,,,direct mapping
NetworkApplicationProtocol,string,,,,,direct mapping
Process,string,,,,,direct mapping
Rule,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
Src,string,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
SrcDeviceType,string,,,,,direct mapping
SrcDomain,string,,,,,direct mapping
SrcDomainType,string,,,,,direct mapping
SrcDvcId,string,,,,,direct mapping
SrcDvcIdType,string,,,,,direct mapping
SrcDvcScope,string,,,,,direct mapping
SrcDvcScopeId,string,,,,,direct mapping
SrcFileCreationTime,datetime,,,,,direct mapping
SrcFileDirectory,string,,,,,direct mapping
SrcFileExtension,string,,,,,direct mapping
SrcFileMD5,string,,,,,direct mapping
SrcFileMimeType,string,,,,,direct mapping
SrcFileName,string,,,,,direct mapping
SrcFilePath,string,,,,,direct mapping
SrcFilePathType,string,,,,,direct mapping
SrcFileSHA1,string,,,,,direct mapping
SrcFileSHA256,string,,,,,direct mapping
SrcFileSHA512,string,,,,,direct mapping
SrcFileSize,long,,,,,direct mapping
SrcFQDN,string,,,,,direct mapping
SrcGeoCity,string,,,,,direct mapping
SrcGeoCountry,string,,,,,direct mapping
SrcGeoLatitude,real,,,,,direct mapping
SrcGeoLongitude,real,,,,,direct mapping
SrcGeoRegion,string,,,,,direct mapping
SrcHostname,string,,,,,direct mapping
SrcIpAddr,string,,,,,direct mapping
SrcPortNumber,int,,,,,direct mapping
TargetAppId,string,,,,,direct mapping
TargetAppName,string,,,,,direct mapping
TargetAppType,string,,,,,direct mapping
TargetFileCreationTime,datetime,,,,,direct mapping
TargetFileDirectory,string,,,,,direct mapping
TargetFileExtension,string,,,,,direct mapping
TargetFileMD5,string,,,,,direct mapping
TargetFileMimeType,string,,,,,direct mapping
TargetFileName,string,,,,,direct mapping
TargetFilePath,string,,,,,direct mapping
TargetFilePathType,string,,,,,direct mapping
TargetFileSHA1,string,,,,,direct mapping
TargetFileSHA256,string,,,,,direct mapping
TargetFileSHA512,string,,,,,direct mapping
TargetFileSize,long,,,,,direct mapping
TargetOriginalAppType,string,,,,,direct mapping
TargetUrl,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFilePath,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
Type,string,,,,,direct mapping
Url,string,,,,,direct mapping
User,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 ActingAppId string direct mapping
3 ActingAppName string direct mapping
4 ActingAppType string direct mapping
5 ActingProcessCommandLine string direct mapping
6 ActingProcessGuid string direct mapping
7 ActingProcessId string direct mapping
8 ActingProcessName string direct mapping
9 ActorOriginalUserType string direct mapping
10 ActorScope string direct mapping
11 ActorScopeId string direct mapping
12 ActorSessionId string direct mapping
13 ActorUpn string direct mapping
14 ActorUserAadId string direct mapping
15 ActorUserId string direct mapping
16 ActorUserIdType string direct mapping
17 ActorUsername string direct mapping
18 ActorUsernameType string direct mapping
19 ActorUserPuid string direct mapping
20 ActorUserSid string direct mapping
21 ActorUserType string direct mapping
22 AdditionalFields dynamic direct mapping
23 Application string direct mapping
24 DstDescription string direct mapping
25 Dvc string direct mapping
26 DvcAction string direct mapping
27 DvcDescription string direct mapping
28 DvcDomain string direct mapping
29 DvcDomainType string direct mapping
30 DvcFQDN string direct mapping
31 DvcHostname string direct mapping
32 DvcId string direct mapping
33 DvcIdType string direct mapping
34 DvcInterface string direct mapping
35 DvcIpAddr string direct mapping
36 DvcMacAddr string direct mapping
37 DvcOriginalAction string direct mapping
38 DvcOs string direct mapping
39 DvcOsVersion string direct mapping
40 DvcScope string direct mapping
41 DvcScopeId string direct mapping
42 DvcZone string direct mapping
43 EventCount int direct mapping
44 EventEndTime datetime direct mapping
45 EventMessage string direct mapping
46 EventOriginalResultDetails string direct mapping
47 EventOriginalSeverity string direct mapping
48 EventOriginalSubType string direct mapping
49 EventOriginalType string direct mapping
50 EventOriginalUid string direct mapping
51 EventOwner string direct mapping
52 EventProduct string direct mapping
53 EventProductVersion string direct mapping
54 EventReportUrl string direct mapping
55 EventResult string direct mapping
56 EventResultDetails string direct mapping
57 EventSchema string direct mapping
58 EventSchemaVersion string direct mapping
59 EventSeverity string direct mapping
60 EventStartTime datetime direct mapping
61 EventSubType string direct mapping
62 EventType string direct mapping
63 EventUid string direct mapping
64 EventVendor string direct mapping
65 FileName string direct mapping
66 FilePath string direct mapping
67 Hash string direct mapping
68 HashType string direct mapping
69 HttpUserAgent string direct mapping
70 IpAddr string direct mapping
71 NetworkApplicationProtocol string direct mapping
72 Process string direct mapping
73 Rule string direct mapping
74 RuleName string direct mapping
75 RuleNumber int direct mapping
76 Src string direct mapping
77 SrcDescription string direct mapping
78 SrcDeviceType string direct mapping
79 SrcDomain string direct mapping
80 SrcDomainType string direct mapping
81 SrcDvcId string direct mapping
82 SrcDvcIdType string direct mapping
83 SrcDvcScope string direct mapping
84 SrcDvcScopeId string direct mapping
85 SrcFileCreationTime datetime direct mapping
86 SrcFileDirectory string direct mapping
87 SrcFileExtension string direct mapping
88 SrcFileMD5 string direct mapping
89 SrcFileMimeType string direct mapping
90 SrcFileName string direct mapping
91 SrcFilePath string direct mapping
92 SrcFilePathType string direct mapping
93 SrcFileSHA1 string direct mapping
94 SrcFileSHA256 string direct mapping
95 SrcFileSHA512 string direct mapping
96 SrcFileSize long direct mapping
97 SrcFQDN string direct mapping
98 SrcGeoCity string direct mapping
99 SrcGeoCountry string direct mapping
100 SrcGeoLatitude real direct mapping
101 SrcGeoLongitude real direct mapping
102 SrcGeoRegion string direct mapping
103 SrcHostname string direct mapping
104 SrcIpAddr string direct mapping
105 SrcPortNumber int direct mapping
106 TargetAppId string direct mapping
107 TargetAppName string direct mapping
108 TargetAppType string direct mapping
109 TargetFileCreationTime datetime direct mapping
110 TargetFileDirectory string direct mapping
111 TargetFileExtension string direct mapping
112 TargetFileMD5 string direct mapping
113 TargetFileMimeType string direct mapping
114 TargetFileName string direct mapping
115 TargetFilePath string direct mapping
116 TargetFilePathType string direct mapping
117 TargetFileSHA1 string direct mapping
118 TargetFileSHA256 string direct mapping
119 TargetFileSHA512 string direct mapping
120 TargetFileSize long direct mapping
121 TargetOriginalAppType string direct mapping
122 TargetUrl string direct mapping
123 ThreatCategory string direct mapping
124 ThreatConfidence int direct mapping
125 ThreatField string direct mapping
126 ThreatFilePath string direct mapping
127 ThreatFirstReportedTime datetime direct mapping
128 ThreatId string direct mapping
129 ThreatIsActive bool direct mapping
130 ThreatLastReportedTime datetime direct mapping
131 ThreatName string direct mapping
132 ThreatOriginalConfidence string direct mapping
133 ThreatOriginalRiskLevel string direct mapping
134 ThreatRiskLevel int direct mapping
135 TimeGenerated datetime direct mapping
136 Type string direct mapping
137 Url string direct mapping
138 User string direct mapping

163
Parsers/ASimNetworkSession/Field Mappings/NetworkSession_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,163 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
AdditionalFields,dynamic,,,,,direct mapping
ASimMatchingHostname,string,,,,,direct mapping
ASimMatchingIpAddr,string,,,,,direct mapping
Dst,string,,,,,direct mapping
DstAppId,string,,,,,direct mapping
DstAppName,string,,,,,direct mapping
DstAppType,string,,,,,direct mapping
DstBytes,long,,,,,direct mapping
DstDescription,string,,,,,direct mapping
DstDeviceType,string,,,,,direct mapping
DstDomain,string,,,,,direct mapping
DstDomainType,string,,,,,direct mapping
DstDvcId,string,,,,,direct mapping
DstDvcIdType,string,,,,,direct mapping
DstFQDN,string,,,,,direct mapping
DstGeoCity,string,,,,,direct mapping
DstGeoCountry,string,,,,,direct mapping
DstGeoLatitude,real,,,,,direct mapping
DstGeoLongitude,real,,,,,direct mapping
DstGeoRegion,string,,,,,direct mapping
DstHostname,string,,,,,direct mapping
DstInterfaceGuid,string,,,,,direct mapping
DstInterfaceName,string,,,,,direct mapping
DstIpAddr,string,,,,,direct mapping
DstMacAddr,string,,,,,direct mapping
DstNatIpAddr,string,,,,,direct mapping
DstNatPortNumber,int,,,,,direct mapping
DstOriginalUserType,string,,,,,direct mapping
DstPackets,long,,,,,direct mapping
DstPortNumber,int,,,,,direct mapping
DstProcessGuid,string,,,,,direct mapping
DstProcessId,string,,,,,direct mapping
DstProcessName,string,,,,,direct mapping
DstScopeId,string,,,,,direct mapping
DstUserId,string,,,,,direct mapping
DstUserIdType,string,,,,,direct mapping
DstUsername,string,,,,,direct mapping
DstUsernameType,string,,,,,direct mapping
DstUserType,string,,,,,direct mapping
DstVlanId,string,,,,,direct mapping
DstZone,string,,,,,direct mapping
Duration,int,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInboundInterface,string,,,,,direct mapping
DvcInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcOutboundInterface,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
Hostname,string,,,,,direct mapping
InnerVlanId,string,,,,,direct mapping
IpAddr,string,,,,,direct mapping
NetworkApplicationProtocol,string,,,,,direct mapping
NetworkBytes,long,,,,,direct mapping
NetworkConnectionHistory,string,,,,,direct mapping
NetworkDirection,string,,,,,direct mapping
NetworkDuration,int,,,,,direct mapping
NetworkIcmpCode,int,,,,,direct mapping
NetworkIcmpType,string,,,,,direct mapping
NetworkPackets,long,,,,,direct mapping
NetworkProtocol,string,,,,,direct mapping
NetworkProtocolVersion,string,,,,,direct mapping
NetworkRuleName,string,,,,,direct mapping
NetworkRuleNumber,int,,,,,direct mapping
NetworkSessionId,string,,,,,direct mapping
OuterVlanId,string,,,,,direct mapping
Rule,string,,,,,direct mapping
SessionId,string,,,,,direct mapping
Src,string,,,,,direct mapping
SrcAppId,string,,,,,direct mapping
SrcAppName,string,,,,,direct mapping
SrcAppType,string,,,,,direct mapping
SrcBytes,long,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
SrcDeviceType,string,,,,,direct mapping
SrcDomain,string,,,,,direct mapping
SrcDomainType,string,,,,,direct mapping
SrcDvcId,string,,,,,direct mapping
SrcDvcIdType,string,,,,,direct mapping
SrcFQDN,string,,,,,direct mapping
SrcGeoCity,string,,,,,direct mapping
SrcGeoCountry,string,,,,,direct mapping
SrcGeoLatitude,real,,,,,direct mapping
SrcGeoLongitude,real,,,,,direct mapping
SrcGeoRegion,string,,,,,direct mapping
SrcHostname,string,,,,,direct mapping
SrcInterfaceGuid,string,,,,,direct mapping
SrcInterfaceName,string,,,,,direct mapping
SrcIpAddr,string,,,,,direct mapping
SrcMacAddr,string,,,,,direct mapping
SrcNatIpAddr,string,,,,,direct mapping
SrcNatPortNumber,int,,,,,direct mapping
SrcOriginalUserType,string,,,,,direct mapping
SrcPackets,long,,,,,direct mapping
SrcPortNumber,int,,,,,direct mapping
SrcProcessGuid,string,,,,,direct mapping
SrcProcessId,string,,,,,direct mapping
SrcProcessName,string,,,,,direct mapping
SrcScopeId,string,,,,,direct mapping
SrcUserId,string,,,,,direct mapping
SrcUserIdType,string,,,,,direct mapping
SrcUsername,string,,,,,direct mapping
SrcUsernameType,string,,,,,direct mapping
SrcUserType,string,,,,,direct mapping
SrcVlanId,string,,,,,direct mapping
SrcZone,string,,,,,direct mapping
TcpFlagsAck,bool,,,,,direct mapping
TcpFlagsFin,bool,,,,,direct mapping
TcpFlagsPsh,bool,,,,,direct mapping
TcpFlagsRst,bool,,,,,direct mapping
TcpFlagsSyn,bool,,,,,direct mapping
TcpFlagsUrg,bool,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIpAddr,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
Type,string,,,,,direct mapping
User,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 AdditionalFields dynamic direct mapping
3 ASimMatchingHostname string direct mapping
4 ASimMatchingIpAddr string direct mapping
5 Dst string direct mapping
6 DstAppId string direct mapping
7 DstAppName string direct mapping
8 DstAppType string direct mapping
9 DstBytes long direct mapping
10 DstDescription string direct mapping
11 DstDeviceType string direct mapping
12 DstDomain string direct mapping
13 DstDomainType string direct mapping
14 DstDvcId string direct mapping
15 DstDvcIdType string direct mapping
16 DstFQDN string direct mapping
17 DstGeoCity string direct mapping
18 DstGeoCountry string direct mapping
19 DstGeoLatitude real direct mapping
20 DstGeoLongitude real direct mapping
21 DstGeoRegion string direct mapping
22 DstHostname string direct mapping
23 DstInterfaceGuid string direct mapping
24 DstInterfaceName string direct mapping
25 DstIpAddr string direct mapping
26 DstMacAddr string direct mapping
27 DstNatIpAddr string direct mapping
28 DstNatPortNumber int direct mapping
29 DstOriginalUserType string direct mapping
30 DstPackets long direct mapping
31 DstPortNumber int direct mapping
32 DstProcessGuid string direct mapping
33 DstProcessId string direct mapping
34 DstProcessName string direct mapping
35 DstScopeId string direct mapping
36 DstUserId string direct mapping
37 DstUserIdType string direct mapping
38 DstUsername string direct mapping
39 DstUsernameType string direct mapping
40 DstUserType string direct mapping
41 DstVlanId string direct mapping
42 DstZone string direct mapping
43 Duration int direct mapping
44 Dvc string direct mapping
45 DvcAction string direct mapping
46 DvcDescription string direct mapping
47 DvcDomain string direct mapping
48 DvcDomainType string direct mapping
49 DvcFQDN string direct mapping
50 DvcHostname string direct mapping
51 DvcId string direct mapping
52 DvcIdType string direct mapping
53 DvcInboundInterface string direct mapping
54 DvcInterface string direct mapping
55 DvcIpAddr string direct mapping
56 DvcMacAddr string direct mapping
57 DvcOriginalAction string direct mapping
58 DvcOs string direct mapping
59 DvcOsVersion string direct mapping
60 DvcOutboundInterface string direct mapping
61 DvcScope string direct mapping
62 DvcScopeId string direct mapping
63 DvcZone string direct mapping
64 EventCount int direct mapping
65 EventEndTime datetime direct mapping
66 EventMessage string direct mapping
67 EventOriginalResultDetails string direct mapping
68 EventOriginalSeverity string direct mapping
69 EventOriginalSubType string direct mapping
70 EventOriginalType string direct mapping
71 EventOriginalUid string direct mapping
72 EventOwner string direct mapping
73 EventProduct string direct mapping
74 EventProductVersion string direct mapping
75 EventReportUrl string direct mapping
76 EventResult string direct mapping
77 EventResultDetails string direct mapping
78 EventSchema string direct mapping
79 EventSchemaVersion string direct mapping
80 EventSeverity string direct mapping
81 EventStartTime datetime direct mapping
82 EventSubType string direct mapping
83 EventType string direct mapping
84 EventUid string direct mapping
85 EventVendor string direct mapping
86 Hostname string direct mapping
87 InnerVlanId string direct mapping
88 IpAddr string direct mapping
89 NetworkApplicationProtocol string direct mapping
90 NetworkBytes long direct mapping
91 NetworkConnectionHistory string direct mapping
92 NetworkDirection string direct mapping
93 NetworkDuration int direct mapping
94 NetworkIcmpCode int direct mapping
95 NetworkIcmpType string direct mapping
96 NetworkPackets long direct mapping
97 NetworkProtocol string direct mapping
98 NetworkProtocolVersion string direct mapping
99 NetworkRuleName string direct mapping
100 NetworkRuleNumber int direct mapping
101 NetworkSessionId string direct mapping
102 OuterVlanId string direct mapping
103 Rule string direct mapping
104 SessionId string direct mapping
105 Src string direct mapping
106 SrcAppId string direct mapping
107 SrcAppName string direct mapping
108 SrcAppType string direct mapping
109 SrcBytes long direct mapping
110 SrcDescription string direct mapping
111 SrcDeviceType string direct mapping
112 SrcDomain string direct mapping
113 SrcDomainType string direct mapping
114 SrcDvcId string direct mapping
115 SrcDvcIdType string direct mapping
116 SrcFQDN string direct mapping
117 SrcGeoCity string direct mapping
118 SrcGeoCountry string direct mapping
119 SrcGeoLatitude real direct mapping
120 SrcGeoLongitude real direct mapping
121 SrcGeoRegion string direct mapping
122 SrcHostname string direct mapping
123 SrcInterfaceGuid string direct mapping
124 SrcInterfaceName string direct mapping
125 SrcIpAddr string direct mapping
126 SrcMacAddr string direct mapping
127 SrcNatIpAddr string direct mapping
128 SrcNatPortNumber int direct mapping
129 SrcOriginalUserType string direct mapping
130 SrcPackets long direct mapping
131 SrcPortNumber int direct mapping
132 SrcProcessGuid string direct mapping
133 SrcProcessId string direct mapping
134 SrcProcessName string direct mapping
135 SrcScopeId string direct mapping
136 SrcUserId string direct mapping
137 SrcUserIdType string direct mapping
138 SrcUsername string direct mapping
139 SrcUsernameType string direct mapping
140 SrcUserType string direct mapping
141 SrcVlanId string direct mapping
142 SrcZone string direct mapping
143 TcpFlagsAck bool direct mapping
144 TcpFlagsFin bool direct mapping
145 TcpFlagsPsh bool direct mapping
146 TcpFlagsRst bool direct mapping
147 TcpFlagsSyn bool direct mapping
148 TcpFlagsUrg bool direct mapping
149 ThreatCategory string direct mapping
150 ThreatConfidence int direct mapping
151 ThreatField string direct mapping
152 ThreatFirstReportedTime datetime direct mapping
153 ThreatId string direct mapping
154 ThreatIpAddr string direct mapping
155 ThreatIsActive bool direct mapping
156 ThreatLastReportedTime datetime direct mapping
157 ThreatName string direct mapping
158 ThreatOriginalConfidence string direct mapping
159 ThreatOriginalRiskLevel string direct mapping
160 ThreatRiskLevel int direct mapping
161 TimeGenerated datetime direct mapping
162 Type string direct mapping
163 User string direct mapping

150
Parsers/ASimProcessEvent/Field Mappings/ProcessEvent_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,150 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
ActingProcessCommandLine,string,,,,,direct mapping
ActingProcessCreationTime,datetime,,,,,direct mapping
ActingProcessFileCompany,string,,,,,direct mapping
ActingProcessFileDescription,string,,,,,direct mapping
ActingProcessFileInternalName,string,,,,,direct mapping
ActingProcessFilename,string,,,,,direct mapping
ActingProcessFileOriginalName,string,,,,,direct mapping
ActingProcessFileProduct,string,,,,,direct mapping
ActingProcessFileSize,long,,,,,direct mapping
ActingProcessFileVersion,string,,,,,direct mapping
ActingProcessGuid,string,,,,,direct mapping
ActingProcessId,string,,,,,direct mapping
ActingProcessIMPHASH,string,,,,,direct mapping
ActingProcessInjectedAddress,string,,,,,direct mapping
ActingProcessIntegrityLevel,string,,,,,direct mapping
ActingProcessIsHidden,bool,,,,,direct mapping
ActingProcessMD5,string,,,,,direct mapping
ActingProcessName,string,,,,,direct mapping
ActingProcessSHA1,string,,,,,direct mapping
ActingProcessSHA256,string,,,,,direct mapping
ActingProcessSHA512,string,,,,,direct mapping
ActingProcessTokenElevation,string,,,,,direct mapping
ActorOriginalUserType,string,,,,,direct mapping
ActorScope,string,,,,,direct mapping
ActorScopeId,string,,,,,direct mapping
ActorSessionId,string,,,,,direct mapping
ActorUserAadId,string,,,,,direct mapping
ActorUserId,string,,,,,direct mapping
ActorUserIdType,string,,,,,direct mapping
ActorUsername,string,,,,,direct mapping
ActorUsernameType,string,,,,,direct mapping
ActorUserSid,string,,,,,direct mapping
ActorUserType,string,,,,,direct mapping
ActorUserUpn,string,,,,,direct mapping
AdditionalFields,dynamic,,,,,direct mapping
CommandLine,string,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
Hash,string,,,,,direct mapping
HashType,string,,,,,direct mapping
ParentProcessCreationTime,datetime,,,,,direct mapping
ParentProcessFileCompany,string,,,,,direct mapping
ParentProcessFileDescription,string,,,,,direct mapping
ParentProcessFileProduct,string,,,,,direct mapping
ParentProcessFileVersion,string,,,,,direct mapping
ParentProcessGuid,string,,,,,direct mapping
ParentProcessId,string,,,,,direct mapping
ParentProcessIMPHASH,string,,,,,direct mapping
ParentProcessInjectedAddress,string,,,,,direct mapping
ParentProcessIntegrityLevel,string,,,,,direct mapping
ParentProcessIsHidden,bool,,,,,direct mapping
ParentProcessMD5,string,,,,,direct mapping
ParentProcessName,string,,,,,direct mapping
ParentProcessSHA1,string,,,,,direct mapping
ParentProcessSHA256,string,,,,,direct mapping
ParentProcessSHA512,string,,,,,direct mapping
ParentProcessTokenElevation,string,,,,,direct mapping
Process,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
TargetOriginalUserType,string,,,,,direct mapping
TargetProcessCommandLine,string,,,,,direct mapping
TargetProcessCreationTime,datetime,,,,,direct mapping
TargetProcessCurrentDirectory,string,,,,,direct mapping
TargetProcessFileCompany,string,,,,,direct mapping
TargetProcessFileDescription,string,,,,,direct mapping
TargetProcessFileInternalName,string,,,,,direct mapping
TargetProcessFilename,string,,,,,direct mapping
TargetProcessFileOriginalName,string,,,,,direct mapping
TargetProcessFileProduct,string,,,,,direct mapping
TargetProcessFileSize,long,,,,,direct mapping
TargetProcessFileVersion,string,,,,,direct mapping
TargetProcessGuid,string,,,,,direct mapping
TargetProcessId,string,,,,,direct mapping
TargetProcessIMPHASH,string,,,,,direct mapping
TargetProcessInjectedAddress,string,,,,,direct mapping
TargetProcessIntegrityLevel,string,,,,,direct mapping
TargetProcessIsHidden,bool,,,,,direct mapping
TargetProcessMD5,string,,,,,direct mapping
TargetProcessName,string,,,,,direct mapping
TargetProcessSHA1,string,,,,,direct mapping
TargetProcessSHA256,string,,,,,direct mapping
TargetProcessSHA512,string,,,,,direct mapping
TargetProcessStatusCode,string,,,,,direct mapping
TargetProcessTokenElevation,string,,,,,direct mapping
TargetScope,string,,,,,direct mapping
TargetScopeId,string,,,,,direct mapping
TargetUserAadId,string,,,,,direct mapping
TargetUserId,string,,,,,direct mapping
TargetUserIdType,string,,,,,direct mapping
TargetUsername,string,,,,,direct mapping
TargetUsernameType,string,,,,,direct mapping
TargetUserSessionGuid,string,,,,,direct mapping
TargetUserSessionId,string,,,,,direct mapping
TargetUserSid,string,,,,,direct mapping
TargetUserType,string,,,,,direct mapping
TargetUserUpn,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
Type,string,,,,,direct mapping
User,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 ActingProcessCommandLine string direct mapping
3 ActingProcessCreationTime datetime direct mapping
4 ActingProcessFileCompany string direct mapping
5 ActingProcessFileDescription string direct mapping
6 ActingProcessFileInternalName string direct mapping
7 ActingProcessFilename string direct mapping
8 ActingProcessFileOriginalName string direct mapping
9 ActingProcessFileProduct string direct mapping
10 ActingProcessFileSize long direct mapping
11 ActingProcessFileVersion string direct mapping
12 ActingProcessGuid string direct mapping
13 ActingProcessId string direct mapping
14 ActingProcessIMPHASH string direct mapping
15 ActingProcessInjectedAddress string direct mapping
16 ActingProcessIntegrityLevel string direct mapping
17 ActingProcessIsHidden bool direct mapping
18 ActingProcessMD5 string direct mapping
19 ActingProcessName string direct mapping
20 ActingProcessSHA1 string direct mapping
21 ActingProcessSHA256 string direct mapping
22 ActingProcessSHA512 string direct mapping
23 ActingProcessTokenElevation string direct mapping
24 ActorOriginalUserType string direct mapping
25 ActorScope string direct mapping
26 ActorScopeId string direct mapping
27 ActorSessionId string direct mapping
28 ActorUserAadId string direct mapping
29 ActorUserId string direct mapping
30 ActorUserIdType string direct mapping
31 ActorUsername string direct mapping
32 ActorUsernameType string direct mapping
33 ActorUserSid string direct mapping
34 ActorUserType string direct mapping
35 ActorUserUpn string direct mapping
36 AdditionalFields dynamic direct mapping
37 CommandLine string direct mapping
38 Dvc string direct mapping
39 DvcAction string direct mapping
40 DvcDescription string direct mapping
41 DvcDomain string direct mapping
42 DvcDomainType string direct mapping
43 DvcFQDN string direct mapping
44 DvcHostname string direct mapping
45 DvcId string direct mapping
46 DvcIdType string direct mapping
47 DvcInterface string direct mapping
48 DvcIpAddr string direct mapping
49 DvcMacAddr string direct mapping
50 DvcOriginalAction string direct mapping
51 DvcOs string direct mapping
52 DvcOsVersion string direct mapping
53 DvcScope string direct mapping
54 DvcScopeId string direct mapping
55 DvcZone string direct mapping
56 EventCount int direct mapping
57 EventEndTime datetime direct mapping
58 EventMessage string direct mapping
59 EventOriginalResultDetails string direct mapping
60 EventOriginalSeverity string direct mapping
61 EventOriginalSubType string direct mapping
62 EventOriginalType string direct mapping
63 EventOriginalUid string direct mapping
64 EventOwner string direct mapping
65 EventProduct string direct mapping
66 EventProductVersion string direct mapping
67 EventReportUrl string direct mapping
68 EventResult string direct mapping
69 EventResultDetails string direct mapping
70 EventSchema string direct mapping
71 EventSchemaVersion string direct mapping
72 EventSeverity string direct mapping
73 EventStartTime datetime direct mapping
74 EventSubType string direct mapping
75 EventType string direct mapping
76 EventUid string direct mapping
77 EventVendor string direct mapping
78 Hash string direct mapping
79 HashType string direct mapping
80 ParentProcessCreationTime datetime direct mapping
81 ParentProcessFileCompany string direct mapping
82 ParentProcessFileDescription string direct mapping
83 ParentProcessFileProduct string direct mapping
84 ParentProcessFileVersion string direct mapping
85 ParentProcessGuid string direct mapping
86 ParentProcessId string direct mapping
87 ParentProcessIMPHASH string direct mapping
88 ParentProcessInjectedAddress string direct mapping
89 ParentProcessIntegrityLevel string direct mapping
90 ParentProcessIsHidden bool direct mapping
91 ParentProcessMD5 string direct mapping
92 ParentProcessName string direct mapping
93 ParentProcessSHA1 string direct mapping
94 ParentProcessSHA256 string direct mapping
95 ParentProcessSHA512 string direct mapping
96 ParentProcessTokenElevation string direct mapping
97 Process string direct mapping
98 RuleName string direct mapping
99 RuleNumber int direct mapping
100 TargetOriginalUserType string direct mapping
101 TargetProcessCommandLine string direct mapping
102 TargetProcessCreationTime datetime direct mapping
103 TargetProcessCurrentDirectory string direct mapping
104 TargetProcessFileCompany string direct mapping
105 TargetProcessFileDescription string direct mapping
106 TargetProcessFileInternalName string direct mapping
107 TargetProcessFilename string direct mapping
108 TargetProcessFileOriginalName string direct mapping
109 TargetProcessFileProduct string direct mapping
110 TargetProcessFileSize long direct mapping
111 TargetProcessFileVersion string direct mapping
112 TargetProcessGuid string direct mapping
113 TargetProcessId string direct mapping
114 TargetProcessIMPHASH string direct mapping
115 TargetProcessInjectedAddress string direct mapping
116 TargetProcessIntegrityLevel string direct mapping
117 TargetProcessIsHidden bool direct mapping
118 TargetProcessMD5 string direct mapping
119 TargetProcessName string direct mapping
120 TargetProcessSHA1 string direct mapping
121 TargetProcessSHA256 string direct mapping
122 TargetProcessSHA512 string direct mapping
123 TargetProcessStatusCode string direct mapping
124 TargetProcessTokenElevation string direct mapping
125 TargetScope string direct mapping
126 TargetScopeId string direct mapping
127 TargetUserAadId string direct mapping
128 TargetUserId string direct mapping
129 TargetUserIdType string direct mapping
130 TargetUsername string direct mapping
131 TargetUsernameType string direct mapping
132 TargetUserSessionGuid string direct mapping
133 TargetUserSessionId string direct mapping
134 TargetUserSid string direct mapping
135 TargetUserType string direct mapping
136 TargetUserUpn string direct mapping
137 ThreatCategory string direct mapping
138 ThreatConfidence int direct mapping
139 ThreatField string direct mapping
140 ThreatFirstReportedTime datetime direct mapping
141 ThreatId string direct mapping
142 ThreatIsActive bool direct mapping
143 ThreatLastReportedTime datetime direct mapping
144 ThreatName string direct mapping
145 ThreatOriginalConfidence string direct mapping
146 ThreatOriginalRiskLevel string direct mapping
147 ThreatRiskLevel int direct mapping
148 TimeGenerated datetime direct mapping
149 Type string direct mapping
150 User string direct mapping

70
Parsers/ASimRegistryEvent/Field Mappings/RegistryEvent_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,70 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
ActingProcessGuid,string,,,,,direct mapping
ActingProcessId,string,,,,,direct mapping
ActingProcessName,string,,,,,direct mapping
ActorSessionId,string,,,,,direct mapping
ActorUserId,string,,,,,direct mapping
ActorUserIdType,string,,,,,direct mapping
ActorUsername,string,,,,,direct mapping
ActorUsernameType,string,,,,,direct mapping
AdditionalFields,dynamic,,,,,direct mapping
DstDescription,string,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
ParentProcessGuid,string,,,,,direct mapping
ParentProcessId,string,,,,,direct mapping
ParentProcessName,string,,,,,direct mapping
Process,string,,,,,direct mapping
RegistryKey,string,,,,,direct mapping
RegistryPreviousKey,string,,,,,direct mapping
RegistryPreviousValue,string,,,,,direct mapping
RegistryPreviousValueData,string,,,,,direct mapping
RegistryPreviousValueType,string,,,,,direct mapping
RegistryValue,string,,,,,direct mapping
RegistryValueData,string,,,,,direct mapping
RegistryValueType,string,,,,,direct mapping
Rule,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
Type,string,,,,,direct mapping
User,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 ActingProcessGuid string direct mapping
3 ActingProcessId string direct mapping
4 ActingProcessName string direct mapping
5 ActorSessionId string direct mapping
6 ActorUserId string direct mapping
7 ActorUserIdType string direct mapping
8 ActorUsername string direct mapping
9 ActorUsernameType string direct mapping
10 AdditionalFields dynamic direct mapping
11 DstDescription string direct mapping
12 Dvc string direct mapping
13 DvcDescription string direct mapping
14 DvcHostname string direct mapping
15 DvcId string direct mapping
16 DvcIpAddr string direct mapping
17 DvcMacAddr string direct mapping
18 DvcOs string direct mapping
19 DvcOsVersion string direct mapping
20 DvcScope string direct mapping
21 DvcScopeId string direct mapping
22 EventCount int direct mapping
23 EventEndTime datetime direct mapping
24 EventMessage string direct mapping
25 EventOriginalSeverity string direct mapping
26 EventOriginalSubType string direct mapping
27 EventOriginalType string direct mapping
28 EventOriginalUid string direct mapping
29 EventOwner string direct mapping
30 EventProduct string direct mapping
31 EventProductVersion string direct mapping
32 EventReportUrl string direct mapping
33 EventResult string direct mapping
34 EventSchema string direct mapping
35 EventSchemaVersion string direct mapping
36 EventSeverity string direct mapping
37 EventStartTime datetime direct mapping
38 EventType string direct mapping
39 EventUid string direct mapping
40 EventVendor string direct mapping
41 ParentProcessGuid string direct mapping
42 ParentProcessId string direct mapping
43 ParentProcessName string direct mapping
44 Process string direct mapping
45 RegistryKey string direct mapping
46 RegistryPreviousKey string direct mapping
47 RegistryPreviousValue string direct mapping
48 RegistryPreviousValueData string direct mapping
49 RegistryPreviousValueType string direct mapping
50 RegistryValue string direct mapping
51 RegistryValueData string direct mapping
52 RegistryValueType string direct mapping
53 Rule string direct mapping
54 RuleName string direct mapping
55 RuleNumber int direct mapping
56 SrcDescription string direct mapping
57 ThreatCategory string direct mapping
58 ThreatConfidence int direct mapping
59 ThreatField string direct mapping
60 ThreatFirstReportedTime datetime direct mapping
61 ThreatId string direct mapping
62 ThreatIsActive bool direct mapping
63 ThreatLastReportedTime datetime direct mapping
64 ThreatName string direct mapping
65 ThreatOriginalConfidence string direct mapping
66 ThreatOriginalRiskLevel string direct mapping
67 ThreatRiskLevel int direct mapping
68 TimeGenerated datetime direct mapping
69 Type string direct mapping
70 User string direct mapping

117
Parsers/ASimUserManagement/Field Mappings/UserManagement_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,117 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
ActingAppId,string,,,,,direct mapping
ActingAppName,string,,,,,direct mapping
ActingAppName,string,,,,,direct mapping
ActingAppType,string,,,,,direct mapping
ActingOriginalAppType,string,,,,,direct mapping
ActorOriginalUserType,string,,,,,direct mapping
ActorScope,string,,,,,direct mapping
ActorScopeId,string,,,,,direct mapping
ActorSessionId,string,,,,,direct mapping
ActorUserAadId,string,,,,,direct mapping
ActorUserId,string,,,,,direct mapping
ActorUserIdType,string,,,,,direct mapping
ActorUsername,string,,,,,direct mapping
ActorUsernameType,string,,,,,direct mapping
ActorUserSid,string,,,,,direct mapping
ActorUserType,string,,,,,direct mapping
AdditionalFields,dynamic,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOs,string,,,,,direct mapping
DvcOsVersion,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
GroupId,string,,,,,direct mapping
GroupIdType,string,,,,,direct mapping
GroupName,string,,,,,direct mapping
GroupNameType,string,,,,,direct mapping
GroupOriginalType,string,,,,,direct mapping
GroupType,string,,,,,direct mapping
Hostname,string,,,,,direct mapping
HttpUserAgent,string,,,,,direct mapping
IpAddr,string,,,,,direct mapping
NewPropertyValue,string,,,,,direct mapping
PreviousPropertyValue,string,,,,,direct mapping
Rule,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
Src,string,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
SrcDeviceType,string,,,,,direct mapping
SrcDomain,string,,,,,direct mapping
SrcDomainType,string,,,,,direct mapping
SrcDvcId,string,,,,,direct mapping
SrcDvcIdType,string,,,,,direct mapping
SrcDvcScope,string,,,,,direct mapping
SrcDvcScopeId,string,,,,,direct mapping
SrcFQDN,string,,,,,direct mapping
SrcGeoCity,string,,,,,direct mapping
SrcGeoCountry,string,,,,,direct mapping
SrcGeoLatitude,real,,,,,direct mapping
SrcGeoLongitude,real,,,,,direct mapping
SrcGeoRegion,string,,,,,direct mapping
SrcHostname,string,,,,,direct mapping
SrcIpAddr,string,,,,,direct mapping
SrcMacAddr,string,,,,,direct mapping
SrcOriginalRiskLevel,string,,,,,direct mapping
SrcPortNumber,int,,,,,direct mapping
SrcRiskLevel,int,,,,,direct mapping
TargetOriginalUserType,string,,,,,direct mapping
TargetUserId,string,,,,,direct mapping
TargetUserIdType,string,,,,,direct mapping
TargetUsername,string,,,,,direct mapping
TargetUsernameType,string,,,,,direct mapping
TargetUserScope,string,,,,,direct mapping
TargetUserScopeId,string,,,,,direct mapping
TargetUserSessionId,string,,,,,direct mapping
TargetUserType,string,,,,,direct mapping
TargetUserUid,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
UpdatedPropertyName,string,,,,,direct mapping
User,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 ActingAppId string direct mapping
3 ActingAppName string direct mapping
4 ActingAppName string direct mapping
5 ActingAppType string direct mapping
6 ActingOriginalAppType string direct mapping
7 ActorOriginalUserType string direct mapping
8 ActorScope string direct mapping
9 ActorScopeId string direct mapping
10 ActorSessionId string direct mapping
11 ActorUserAadId string direct mapping
12 ActorUserId string direct mapping
13 ActorUserIdType string direct mapping
14 ActorUsername string direct mapping
15 ActorUsernameType string direct mapping
16 ActorUserSid string direct mapping
17 ActorUserType string direct mapping
18 AdditionalFields dynamic direct mapping
19 Dvc string direct mapping
20 DvcAction string direct mapping
21 DvcDescription string direct mapping
22 DvcDomain string direct mapping
23 DvcDomainType string direct mapping
24 DvcFQDN string direct mapping
25 DvcHostname string direct mapping
26 DvcId string direct mapping
27 DvcIdType string direct mapping
28 DvcInterface string direct mapping
29 DvcIpAddr string direct mapping
30 DvcMacAddr string direct mapping
31 DvcOriginalAction string direct mapping
32 DvcOs string direct mapping
33 DvcOsVersion string direct mapping
34 DvcScope string direct mapping
35 DvcScopeId string direct mapping
36 DvcZone string direct mapping
37 EventCount int direct mapping
38 EventEndTime datetime direct mapping
39 EventMessage string direct mapping
40 EventOriginalResultDetails string direct mapping
41 EventOriginalSeverity string direct mapping
42 EventOriginalSubType string direct mapping
43 EventOriginalType string direct mapping
44 EventOriginalUid string direct mapping
45 EventOwner string direct mapping
46 EventProduct string direct mapping
47 EventProductVersion string direct mapping
48 EventReportUrl string direct mapping
49 EventResult string direct mapping
50 EventResultDetails string direct mapping
51 EventSchema string direct mapping
52 EventSchemaVersion string direct mapping
53 EventSeverity string direct mapping
54 EventStartTime datetime direct mapping
55 EventSubType string direct mapping
56 EventType string direct mapping
57 EventUid string direct mapping
58 EventVendor string direct mapping
59 GroupId string direct mapping
60 GroupIdType string direct mapping
61 GroupName string direct mapping
62 GroupNameType string direct mapping
63 GroupOriginalType string direct mapping
64 GroupType string direct mapping
65 Hostname string direct mapping
66 HttpUserAgent string direct mapping
67 IpAddr string direct mapping
68 NewPropertyValue string direct mapping
69 PreviousPropertyValue string direct mapping
70 Rule string direct mapping
71 RuleName string direct mapping
72 RuleNumber int direct mapping
73 Src string direct mapping
74 SrcDescription string direct mapping
75 SrcDeviceType string direct mapping
76 SrcDomain string direct mapping
77 SrcDomainType string direct mapping
78 SrcDvcId string direct mapping
79 SrcDvcIdType string direct mapping
80 SrcDvcScope string direct mapping
81 SrcDvcScopeId string direct mapping
82 SrcFQDN string direct mapping
83 SrcGeoCity string direct mapping
84 SrcGeoCountry string direct mapping
85 SrcGeoLatitude real direct mapping
86 SrcGeoLongitude real direct mapping
87 SrcGeoRegion string direct mapping
88 SrcHostname string direct mapping
89 SrcIpAddr string direct mapping
90 SrcMacAddr string direct mapping
91 SrcOriginalRiskLevel string direct mapping
92 SrcPortNumber int direct mapping
93 SrcRiskLevel int direct mapping
94 TargetOriginalUserType string direct mapping
95 TargetUserId string direct mapping
96 TargetUserIdType string direct mapping
97 TargetUsername string direct mapping
98 TargetUsernameType string direct mapping
99 TargetUserScope string direct mapping
100 TargetUserScopeId string direct mapping
101 TargetUserSessionId string direct mapping
102 TargetUserType string direct mapping
103 TargetUserUid string direct mapping
104 ThreatCategory string direct mapping
105 ThreatConfidence int direct mapping
106 ThreatField string direct mapping
107 ThreatFirstReportedTime datetime direct mapping
108 ThreatId string direct mapping
109 ThreatIsActive bool direct mapping
110 ThreatLastReportedTime datetime direct mapping
111 ThreatName string direct mapping
112 ThreatOriginalConfidence string direct mapping
113 ThreatOriginalRiskLevel string direct mapping
114 ThreatRiskLevel int direct mapping
115 TimeGenerated datetime direct mapping
116 UpdatedPropertyName string direct mapping
117 User string direct mapping

178
Parsers/ASimWebSession/Field Mappings/WebSession_ProductName_MappingSheet.csv Normal file
Просмотреть файл

@ -0,0 +1,178 @@
ASIMFieldName, ASIMFieldType, ProductFieldName, ProductFieldType, ProductFieldDescription, ProductSampleValue, Logic
AdditionalFields,dynamic,,,,,direct mapping
ASimMatchingIpAddr,string,,,,,direct mapping
Dst,string,,,,,direct mapping
DstAppId,string,,,,,direct mapping
DstAppName,string,,,,,direct mapping
DstAppType,string,,,,,direct mapping
DstBytes,long,,,,,direct mapping
DstDescription,string,,,,,direct mapping
DstDeviceType,string,,,,,direct mapping
DstDomain,string,,,,,direct mapping
DstDomainType,string,,,,,direct mapping
DstDvcId,string,,,,,direct mapping
DstDvcIdType,string,,,,,direct mapping
DstFQDN,string,,,,,direct mapping
DstGeoCity,string,,,,,direct mapping
DstGeoCountry,string,,,,,direct mapping
DstGeoLatitude,real,,,,,direct mapping
DstGeoLongitude,real,,,,,direct mapping
DstGeoRegion,string,,,,,direct mapping
DstHostname,string,,,,,direct mapping
DstInterfaceGuid,string,,,,,direct mapping
DstInterfaceName,string,,,,,direct mapping
DstIpAddr,string,,,,,direct mapping
DstMacAddr,string,,,,,direct mapping
DstNatIpAddr,string,,,,,direct mapping
DstNatPortNumber,int,,,,,direct mapping
DstOriginalUserType,string,,,,,direct mapping
DstPackets,long,,,,,direct mapping
DstPortNumber,int,,,,,direct mapping
DstUserId,string,,,,,direct mapping
DstUserIdType,string,,,,,direct mapping
DstUsername,string,,,,,direct mapping
DstUsernameType,string,,,,,direct mapping
DstUserType,string,,,,,direct mapping
DstVlanId,sting,,,,,direct mapping
DstZone,string,,,,,direct mapping
Duration,int,,,,,direct mapping
Dvc,string,,,,,direct mapping
DvcAction,string,,,,,direct mapping
DvcDescription,string,,,,,direct mapping
DvcDomain,string,,,,,direct mapping
DvcDomainType,string,,,,,direct mapping
DvcFQDN,string,,,,,direct mapping
DvcHostname,string,,,,,direct mapping
DvcId,string,,,,,direct mapping
DvcIdType,string,,,,,direct mapping
DvcInboundInterface,string,,,,,direct mapping
DvcIpAddr,string,,,,,direct mapping
DvcMacAddr,string,,,,,direct mapping
DvcOriginalAction,string,,,,,direct mapping
DvcOutboundInterface,string,,,,,direct mapping
DvcScope,string,,,,,direct mapping
DvcScopeId,string,,,,,direct mapping
DvcZone,string,,,,,direct mapping
EventCount,int,,,,,direct mapping
EventEndTime,datetime,,,,,direct mapping
EventMessage,string,,,,,direct mapping
EventOriginalResultDetails,string,,,,,direct mapping
EventOriginalSeverity,string,,,,,direct mapping
EventOriginalSubType,string,,,,,direct mapping
EventOriginalType,string,,,,,direct mapping
EventOriginalUid,string,,,,,direct mapping
EventOwner,string,,,,,direct mapping
EventProduct,string,,,,,direct mapping
EventProductVersion,string,,,,,direct mapping
EventReportUrl,string,,,,,direct mapping
EventResult,string,,,,,direct mapping
EventResultDetails,string,,,,,direct mapping
EventSchema,string,,,,,direct mapping
EventSchemaVersion,string,,,,,direct mapping
EventSeverity,string,,,,,direct mapping
EventStartTime,datetime,,,,,direct mapping
EventSubType,string,,,,,direct mapping
EventType,string,,,,,direct mapping
EventUid,string,,,,,direct mapping
EventVendor,string,,,,,direct mapping
FileContentType,string,,,,,direct mapping
FileMD5,string,,,,,direct mapping
FileName,string,,,,,direct mapping
FileSHA1,string,,,,,direct mapping
FileSHA256,string,,,,,direct mapping
FileSHA512,string,,,,,direct mapping
FileSize,long,,,,,direct mapping
Hash,string,,,,,direct mapping
HashType,string,,,,,direct mapping
Hostname,string,,,,,direct mapping
HttpContentFormat,string,,,,,direct mapping
HttpContentType,string,,,,,direct mapping
HttpCookie,string,,,,,direct mapping
HttpHost,string,,,,,direct mapping
HttpIsProxied,bool,,,,,direct mapping
HttpReferrer,string,,,,,direct mapping
HttpRequestBodyBytes,long,,,,,direct mapping
HttpRequestCacheControl,string,,,,,direct mapping
HttpRequestHeaderCount,int,,,,,direct mapping
HttpRequestMethod,string,,,,,direct mapping
HttpRequestTime,int,,,,,direct mapping
HttpRequestXff,string,,,,,direct mapping
HttpResponseBodyBytes,long,,,,,direct mapping
HttpResponseCacheControl,string,,,,,direct mapping
HttpResponseExpires,string,,,,,direct mapping
HttpResponseHeaderCount,int,,,,,direct mapping
HttpResponseTime,int,,,,,direct mapping
HttpStatusCode,string,,,,,direct mapping
HttpUserAgent,string,,,,,direct mapping
HttpVersion,string,,,,,direct mapping
InnerVlanId,string,,,,,direct mapping
IpAddr,string,,,,,direct mapping
NetworkApplicationProtocol,string,,,,,direct mapping
NetworkBytes,long,,,,,direct mapping
NetworkConnectionHistory,string,,,,,direct mapping
NetworkDirection,string,,,,,direct mapping
NetworkDuration,int,,,,,direct mapping
NetworkIcmpCode,int,,,,,direct mapping
NetworkIcmpType,string,,,,,direct mapping
NetworkPackets,long,,,,,direct mapping
NetworkProtocol,string,,,,,direct mapping
NetworkProtocolVersion,string,,,,,direct mapping
NetworkSessionId,string,,,,,direct mapping
OuterVlanId,string,,,,,direct mapping
Rule,string,,,,,direct mapping
RuleName,string,,,,,direct mapping
RuleNumber,int,,,,,direct mapping
SessionId,string,,,,,direct mapping
Src,string,,,,,direct mapping
SrcAppId,string,,,,,direct mapping
SrcAppName,string,,,,,direct mapping
SrcAppType,string,,,,,direct mapping
SrcBytes,long,,,,,direct mapping
SrcDescription,string,,,,,direct mapping
SrcDeviceType,string,,,,,direct mapping
SrcDomain,string,,,,,direct mapping
SrcDomainType,string,,,,,direct mapping
SrcDvcId,string,,,,,direct mapping
SrcDvcIdType,string,,,,,direct mapping
SrcFQDN,string,,,,,direct mapping
SrcGeoCity,string,,,,,direct mapping
SrcGeoCountry,string,,,,,direct mapping
SrcGeoLatitude,real,,,,,direct mapping
SrcGeoLongitude,real,,,,,direct mapping
SrcGeoRegion,string,,,,,direct mapping
SrcHostname,string,,,,,direct mapping
SrcInterfaceGuid,string,,,,,direct mapping
SrcInterfaceName,string,,,,,direct mapping
SrcIpAddr,string,,,,,direct mapping
SrcMacAddr,string,,,,,direct mapping
SrcNatIpAddr,string,,,,,direct mapping
SrcNatPortNumber,int,,,,,direct mapping
SrcOriginalUserType,string,,,,,direct mapping
SrcPackets,long,,,,,direct mapping
SrcPortNumber,int,,,,,direct mapping
SrcUserId,string,,,,,direct mapping
SrcUserIdType,string,,,,,direct mapping
SrcUsername,string,,,,,direct mapping
SrcUsernameType,string,,,,,direct mapping
SrcUserType,string,,,,,direct mapping
SrcVlanId,sting,,,,,direct mapping
SrcZone,string,,,,,direct mapping
ThreatCategory,string,,,,,direct mapping
ThreatConfidence,int,,,,,direct mapping
ThreatField,string,,,,,direct mapping
ThreatFirstReportedTime,datetime,,,,,direct mapping
ThreatId,string,,,,,direct mapping
ThreatIpAddr,string,,,,,direct mapping
ThreatIsActive,bool,,,,,direct mapping
ThreatLastReportedTime,datetime,,,,,direct mapping
ThreatName,string,,,,,direct mapping
ThreatOriginalConfidence,string,,,,,direct mapping
ThreatOriginalRiskLevel,string,,,,,direct mapping
ThreatRiskLevel,int,,,,,direct mapping
TimeGenerated,datetime,,,,,direct mapping
Type,string,,,,,direct mapping
Url,string,,,,,direct mapping
UrlCategory,string,,,,,direct mapping
UrlOriginal,string,,,,,direct mapping
User,string,,,,,direct mapping
UserAgent,string,,,,,direct mapping
1 ASIMFieldName ASIMFieldType ProductFieldName ProductFieldType ProductFieldDescription ProductSampleValue Logic
2 AdditionalFields dynamic direct mapping
3 ASimMatchingIpAddr string direct mapping
4 Dst string direct mapping
5 DstAppId string direct mapping
6 DstAppName string direct mapping
7 DstAppType string direct mapping
8 DstBytes long direct mapping
9 DstDescription string direct mapping
10 DstDeviceType string direct mapping
11 DstDomain string direct mapping
12 DstDomainType string direct mapping
13 DstDvcId string direct mapping
14 DstDvcIdType string direct mapping
15 DstFQDN string direct mapping
16 DstGeoCity string direct mapping
17 DstGeoCountry string direct mapping
18 DstGeoLatitude real direct mapping
19 DstGeoLongitude real direct mapping
20 DstGeoRegion string direct mapping
21 DstHostname string direct mapping
22 DstInterfaceGuid string direct mapping
23 DstInterfaceName string direct mapping
24 DstIpAddr string direct mapping
25 DstMacAddr string direct mapping
26 DstNatIpAddr string direct mapping
27 DstNatPortNumber int direct mapping
28 DstOriginalUserType string direct mapping
29 DstPackets long direct mapping
30 DstPortNumber int direct mapping
31 DstUserId string direct mapping
32 DstUserIdType string direct mapping
33 DstUsername string direct mapping
34 DstUsernameType string direct mapping
35 DstUserType string direct mapping
36 DstVlanId sting direct mapping
37 DstZone string direct mapping
38 Duration int direct mapping
39 Dvc string direct mapping
40 DvcAction string direct mapping
41 DvcDescription string direct mapping
42 DvcDomain string direct mapping
43 DvcDomainType string direct mapping
44 DvcFQDN string direct mapping
45 DvcHostname string direct mapping
46 DvcId string direct mapping
47 DvcIdType string direct mapping
48 DvcInboundInterface string direct mapping
49 DvcIpAddr string direct mapping
50 DvcMacAddr string direct mapping
51 DvcOriginalAction string direct mapping
52 DvcOutboundInterface string direct mapping
53 DvcScope string direct mapping
54 DvcScopeId string direct mapping
55 DvcZone string direct mapping
56 EventCount int direct mapping
57 EventEndTime datetime direct mapping
58 EventMessage string direct mapping
59 EventOriginalResultDetails string direct mapping
60 EventOriginalSeverity string direct mapping
61 EventOriginalSubType string direct mapping
62 EventOriginalType string direct mapping
63 EventOriginalUid string direct mapping
64 EventOwner string direct mapping
65 EventProduct string direct mapping
66 EventProductVersion string direct mapping
67 EventReportUrl string direct mapping
68 EventResult string direct mapping
69 EventResultDetails string direct mapping
70 EventSchema string direct mapping
71 EventSchemaVersion string direct mapping
72 EventSeverity string direct mapping
73 EventStartTime datetime direct mapping
74 EventSubType string direct mapping
75 EventType string direct mapping
76 EventUid string direct mapping
77 EventVendor string direct mapping
78 FileContentType string direct mapping
79 FileMD5 string direct mapping
80 FileName string direct mapping
81 FileSHA1 string direct mapping
82 FileSHA256 string direct mapping
83 FileSHA512 string direct mapping
84 FileSize long direct mapping
85 Hash string direct mapping
86 HashType string direct mapping
87 Hostname string direct mapping
88 HttpContentFormat string direct mapping
89 HttpContentType string direct mapping
90 HttpCookie string direct mapping
91 HttpHost string direct mapping
92 HttpIsProxied bool direct mapping
93 HttpReferrer string direct mapping
94 HttpRequestBodyBytes long direct mapping
95 HttpRequestCacheControl string direct mapping
96 HttpRequestHeaderCount int direct mapping
97 HttpRequestMethod string direct mapping
98 HttpRequestTime int direct mapping
99 HttpRequestXff string direct mapping
100 HttpResponseBodyBytes long direct mapping
101 HttpResponseCacheControl string direct mapping
102 HttpResponseExpires string direct mapping
103 HttpResponseHeaderCount int direct mapping
104 HttpResponseTime int direct mapping
105 HttpStatusCode string direct mapping
106 HttpUserAgent string direct mapping
107 HttpVersion string direct mapping
108 InnerVlanId string direct mapping
109 IpAddr string direct mapping
110 NetworkApplicationProtocol string direct mapping
111 NetworkBytes long direct mapping
112 NetworkConnectionHistory string direct mapping
113 NetworkDirection string direct mapping
114 NetworkDuration int direct mapping
115 NetworkIcmpCode int direct mapping
116 NetworkIcmpType string direct mapping
117 NetworkPackets long direct mapping
118 NetworkProtocol string direct mapping
119 NetworkProtocolVersion string direct mapping
120 NetworkSessionId string direct mapping
121 OuterVlanId string direct mapping
122 Rule string direct mapping
123 RuleName string direct mapping
124 RuleNumber int direct mapping
125 SessionId string direct mapping
126 Src string direct mapping
127 SrcAppId string direct mapping
128 SrcAppName string direct mapping
129 SrcAppType string direct mapping
130 SrcBytes long direct mapping
131 SrcDescription string direct mapping
132 SrcDeviceType string direct mapping
133 SrcDomain string direct mapping
134 SrcDomainType string direct mapping
135 SrcDvcId string direct mapping
136 SrcDvcIdType string direct mapping
137 SrcFQDN string direct mapping
138 SrcGeoCity string direct mapping
139 SrcGeoCountry string direct mapping
140 SrcGeoLatitude real direct mapping
141 SrcGeoLongitude real direct mapping
142 SrcGeoRegion string direct mapping
143 SrcHostname string direct mapping
144 SrcInterfaceGuid string direct mapping
145 SrcInterfaceName string direct mapping
146 SrcIpAddr string direct mapping
147 SrcMacAddr string direct mapping
148 SrcNatIpAddr string direct mapping
149 SrcNatPortNumber int direct mapping
150 SrcOriginalUserType string direct mapping
151 SrcPackets long direct mapping
152 SrcPortNumber int direct mapping
153 SrcUserId string direct mapping
154 SrcUserIdType string direct mapping
155 SrcUsername string direct mapping
156 SrcUsernameType string direct mapping
157 SrcUserType string direct mapping
158 SrcVlanId sting direct mapping
159 SrcZone string direct mapping
160 ThreatCategory string direct mapping
161 ThreatConfidence int direct mapping
162 ThreatField string direct mapping
163 ThreatFirstReportedTime datetime direct mapping
164 ThreatId string direct mapping
165 ThreatIpAddr string direct mapping
166 ThreatIsActive bool direct mapping
167 ThreatLastReportedTime datetime direct mapping
168 ThreatName string direct mapping
169 ThreatOriginalConfidence string direct mapping
170 ThreatOriginalRiskLevel string direct mapping
171 ThreatRiskLevel int direct mapping
172 TimeGenerated datetime direct mapping
173 Type string direct mapping
174 Url string direct mapping
175 UrlCategory string direct mapping
176 UrlOriginal string direct mapping
177 User string direct mapping
178 UserAgent string direct mapping