From 0543ec1ae3e1d00fde2bf1bb8a5e3339afef2d01 Mon Sep 17 00:00:00 2001 From: bar Date: Tue, 21 Jul 2020 19:49:26 +0300 Subject: [PATCH] mapping update, removed unused fields --- tools/config/stix-windows.yml | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/tools/config/stix-windows.yml b/tools/config/stix-windows.yml index 30281befd..1083cbcef 100644 --- a/tools/config/stix-windows.yml +++ b/tools/config/stix-windows.yml @@ -21,8 +21,6 @@ fieldmappings: - user-account:x_security_id CallTrace: - x-windows:calltrace - ChangedAttributes: - - x-windows:changedattributes ClientIP: - ipv4-addr:value - ipv6-addr:value @@ -116,8 +114,6 @@ fieldmappings: - x-windows:objectname ObjectType: - x-windows:objecttype - PSEncodedCommand: - - x-windows:psencodedcommand ParentCommandLine: - process:parent_ref.command_line ParentImage: @@ -152,26 +148,19 @@ fieldmappings: - x-windows:queryresults QueryStatus: - x-windows:querystatus - Realm: - - x-windows:realm - RecordNumber: - - x-windows:recordnumber RegistryKey: - windows-registry-key:key RegistryValueData: - windows-registry-key:values[*].data RegistryValueName: - windows-registry-key:values[*].name - RunLevel: - - x-windows:runlevel SAMAccountName: - - x-windows:samaccountname + - user-account:account_login + - user-account:display_name SHA1Hash: - file:hashes.SHA-1 SHA256Hash: - file:hashes.SHA-256 - Scope: - - x-windows:scope ServiceFileName: - process:extensions.windows-service-ext.service_dll_refs[*].name ServiceName: @@ -233,12 +222,6 @@ fieldmappings: - user-account:user_id UserDomain: - user-account:x_domain - UserPrincipalName: - - x-windows:userprincipalname - UserRight: - - x-windows:userright - UserWorkstations: - - x-windows:userworkstations event-id: - x-event:id eventId: