From 726406f64dc8f38a79fc515d82510b10c0766ed0 Mon Sep 17 00:00:00 2001
From: Tim Shelton <tshelton@hawkdefense.com>
Date: Tue, 16 Aug 2022 19:58:16 +0000
Subject: [PATCH] Backend: hawk. last udpate to config until pySigma migration
 (hopefully)

---
 tools/config/hawk.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/config/hawk.yml b/tools/config/hawk.yml
index 2930e0f25..f93f31ff0 100644
--- a/tools/config/hawk.yml
+++ b/tools/config/hawk.yml
@@ -787,7 +787,7 @@ fieldmappings:
   AccountName: target_username
   TargetDomainName: target_domain
   DnsServerIpAddress: dns_address
-  QueryName: hostname_dst
+  QueryName: dns_query
   AuthenticationPackageName: package_name
   HostProcess: image
   Application: image
@@ -846,10 +846,10 @@ fieldmappings:
   DeviceClassName: object_name
   CallTrace: calltrace
   IpAddress: ip_src
-  WorkstationName: hostname_src
-  Workstation: hostname_src
+  WorkstationName: ip_src_host
+  Workstation: ip_src_host
   DestinationIp: ip_dst
-  DestinationHostname: hostname_dst
+  DestinationHostname: ip_dst_host
   DestinationPort: ip_dport
   GrantedAccess: access_mask
   StartModule: target_process_name