From 1fc408bfaa458268d89a24d32c5a2ece1c19dc8f Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@nextron-systems.com>
Date: Sat, 20 Mar 2021 08:49:43 +0100
Subject: [PATCH] fix: duplicate field values in YAML configs

---
 tools/config/carbon-black.yml | 5 -----
 tools/config/ecs-dns.yml      | 1 -
 tools/config/ecs-proxy.yml    | 1 -
 3 files changed, 7 deletions(-)

diff --git a/tools/config/carbon-black.yml b/tools/config/carbon-black.yml
index 4b7d6dd41..aaf7ae18a 100644
--- a/tools/config/carbon-black.yml
+++ b/tools/config/carbon-black.yml
@@ -26,7 +26,6 @@ fieldmappings:
   #Signature: digsig_result
   SourceIp: ipaddr
   DestinationAddress: ipaddr
-  DestinationPort: ipport
   DestPort: ipport
   TargetObject: regmod
   TargetFilename: filemod
@@ -38,15 +37,11 @@ fieldmappings:
   Product: product_name
   Signature: digsig_publisher
   CallTrace: modload
-  DestinationHostname: domain
   User: username
   StartModule: modload
   Company: company_name
-  Description: file_desc
   FileVersion: file_version
 
-
-
 #  DestinationHostname: hostname
 #  DestinationIp: ipaddr
 #  DestinationPort: ipport
diff --git a/tools/config/ecs-dns.yml b/tools/config/ecs-dns.yml
index fddfc32eb..aaa8e636a 100644
--- a/tools/config/ecs-dns.yml
+++ b/tools/config/ecs-dns.yml
@@ -56,7 +56,6 @@ fieldmappings:
   qclass: dns.qclass
   qtype_name: dns.question.type
   qtype: dns.qtype
-  query: dns.question.name
   #question_length: labels.dns.query_length
   RA: dns.RA
   rcode_name: dns.response_code
diff --git a/tools/config/ecs-proxy.yml b/tools/config/ecs-proxy.yml
index 2aa441a17..eabb3c52e 100644
--- a/tools/config/ecs-proxy.yml
+++ b/tools/config/ecs-proxy.yml
@@ -37,7 +37,6 @@ fieldmappings:
   c-uri-stem: url.original
   c-uri: url.original
   c-useragent: user_agent.original
-  cs-bytes: http.request.body.bytes
   cs-cookie: http.cookie
   cs-host:
     - url.domain