From 627843d73ff96fd63cdc253fdecabd5c0decdf0e Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sat, 26 Mar 2022 19:36:46 +0100
Subject: [PATCH] New registry category mapping

---
 tools/sigma/backends/uberagent.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/tools/sigma/backends/uberagent.py b/tools/sigma/backends/uberagent.py
index 75f613772..939a4858f 100644
--- a/tools/sigma/backends/uberagent.py
+++ b/tools/sigma/backends/uberagent.py
@@ -367,7 +367,23 @@ class uberAgentBackend(SingleTextQueryBackend):
         "registry_event": {
             "targetobject": "Reg.Key.Target",
             "newname": "Reg.Key.Path.New"
-        }
+        },
+        "registry_add": {
+            "targetobject": "Reg.Key.Target",
+            "newname": "Reg.Key.Path.New"
+        },
+        "registry_delete": {
+            "targetobject": "Reg.Key.Target",
+            "newname": "Reg.Key.Path.New"
+        },
+        "registry_set": {
+            "targetobject": "Reg.Key.Target",
+            "newname": "Reg.Key.Path.New"
+        },
+        "registry_rename": {
+            "targetobject": "Reg.Key.Target",
+            "newname": "Reg.Key.Path.New"
+        } 
     }
 
     # We ignore some fields that we don't support yet but we don't want them to