tools/config/stix-linux.yml

title: STIX for Linux Logs
backends:
  - stix
order: 40
logsources:
  linux:
    product: linux
fieldmappings:
  type:
    - x-event:action
  keywords:
    - artifact:payload_bin
  a0:
    - process:command_line
  a1:
    - process:command_line
  name:
    - file:name
  a3:
    - process:command_line
  key:
    - x-sigma:keywords
  exe:
    - file:name
  a2:
    - process:command_line
  SYSCALL:
    - x-event:action
  pam_message:
    - x-event:action
  pam_user:
    - user-account:user_id
  pam_rhost:
    - x-host:name
  USER:
    - user-account:user_id
added mapping for stix web, cloud, linux 2020-07-22 21:41:46 +03:00			`title: STIX for Linux Logs`
			`backends:`
			`- stix`
			`order: 40`
			`logsources:`
			`linux:`
			`product: linux`
			`fieldmappings:`
			`type:`
			`- x-event:action`
			`keywords:`
STIX Support keywords (value without field) 2020-07-28 18:52:02 +03:00			`- artifact:payload_bin`
added mapping for stix web, cloud, linux 2020-07-22 21:41:46 +03:00			`a0:`
			`- process:command_line`
			`a1:`
			`- process:command_line`
			`name:`
			`- file:name`
			`a3:`
			`- process:command_line`
			`key:`
			`- x-sigma:keywords`
			`exe:`
			`- file:name`
			`a2:`
			`- process:command_line`
			`SYSCALL:`
			`- x-event:action`
			`pam_message:`
			`- x-event:action`
			`pam_user:`
			`- user-account:user_id`
			`pam_rhost:`
			`- x-host:name`
			`USER:`
			`- user-account:user_id`