From 3f08d37a0ee34883e7ef3836386138bb8a65139a Mon Sep 17 00:00:00 2001
From: Tim Shelton <tshelton@hawkdefense.com>
Date: Wed, 20 Apr 2022 14:31:32 +0000
Subject: [PATCH] adding linux-auditd support and alignment

---
 tools/config/hawk.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tools/config/hawk.yml b/tools/config/hawk.yml
index 57de85dfc..c99676763 100644
--- a/tools/config/hawk.yml
+++ b/tools/config/hawk.yml
@@ -67,10 +67,6 @@ logsources:
    conditions:
     vendor_name: "Google"
     product_name: "Cloud"
- auditd:
-   service: auditd
-   conditions:
-    process_name: "auditd"
  sshd:
    service: sshd
    conditions:
@@ -84,6 +80,12 @@ logsources:
    product: spring
    conditions:
     vendor_name: "Spring"
+ linux-audit:
+   product: linux
+   service: auditd
+   conditions:
+    vendor_name: "Linux"
+    product_name: "Audit"
  modsecurity:
    service: modsecurity
    conditions:
@@ -540,7 +542,9 @@ fieldmappings:
   cs-host: http_host
   cs-method: http_method
   c-uri: http_uri
+  c-uri-stem: http_uri
   cs-uri: http_uri
+  cs-uri-stem: http_uri
   c-agent: http_user_agent
   cs-agent: http_user_agent
   c-useragent: http_user_agent