tools/config/qualys.yml

title: Qualys
order: 20
backends:
  - qualys
fieldmappings:
  dst:
    - network.remote.address.ip
  dst_ip:
    - network.remote.address.ip
  src:
    - network.local.address.ip
  src_ip:
    - network.local.address.ip
  file_hash:
    - file.hash.md5
    - file.hash.sha256
  NewProcessName: process.name
  ServiceName: process.name
  ServiceFileName: process.name
  TargetObject: registry.path
Added title to all configurations 2019-05-16 23:33:51 +02:00			`title: Qualys`
Configuration order checking 2019-04-23 00:54:10 +02:00			`order: 20`
Check for valid configuration/backend combinations 2019-05-20 01:00:33 +02:00			`backends:`
			`- qualys`
Added ArcSight & Qualys backends 2018-06-07 16:18:23 +03:00			`fieldmappings:`
Further proxy field name fixes (config + rules) 2019-12-07 00:23:30 +01:00			`dst:`
			`- network.remote.address.ip`
			`dst_ip:`
			`- network.remote.address.ip`
			`src:`
			`- network.local.address.ip`
			`src_ip:`
			`- network.local.address.ip`
			`file_hash:`
			`- file.hash.md5`
			`- file.hash.sha256`
			`NewProcessName: process.name`
			`ServiceName: process.name`
			`ServiceFileName: process.name`
			`TargetObject: registry.path`