title: Custom mappings for stix-shifter project backends: - stix order: 30 fieldmappings: # x-oca-event SCO action: - x-oca-event:action operation: - x-oca-event:action event.category: - x-oca-event:category eventName: - x-oca-event:action eventType: - x-oca-event:category Description: - x-oca-event:action - x-ibm-finding:description Event-ID: - x-oca-event:code EventID: - x-oca-event:code Event_ID: - x-oca-event:code event-id: - x-oca-event:code eventId: - x-oca-event:code EventType: - x-oca-event:action Message: - x-oca-event:original Details: - windows-registry-key:values[*].data - x-oca-event:original event_id: - x-oca-event:code eventid: - x-oca-event:code type: - x-oca-event:action pam_message: - x-oca-event:action # x-oca-asset SCO cs-host: - x-oca-asset:hostname - domain-name:value eventSource: - x-oca-asset:hostname ComputerName: - x-oca-asset:hostname pam_rhost: - x-oca-asset:hostname # DNS network extension r-dns: - domain-name:value - url:value - network-traffic:extensions.'dns-ext'.question.domain_ref query: - domain-name:value - url:value - network-traffic:extensions.'dns-ext'.question.domain_ref # x-ibm-finding object credescription: - x-ibm-finding:description crename: - x-ibm-finding:name rulenames: - x-ibm-finding:rule_names[*] # x-qradar custom object categoryid: - x-qradar:category_id categoryname: - x-qradar:category_name credibility: - x-qradar:credibility Device: - x-qradar:device_type - file:name devicetype: - x-qradar:device_type direction: - x-qradar:direction domainid: - x-qradar:domain_id geographic: - x-qradar:geographic high_level_category_id: - x-qradar:high_level_category_id high_level_category_name: - x-qradar:high_level_category_name identityhostname: - x-qradar:identity_host_name logsourceid: - x-qradar:log_source_id logsourcename: - x-qradar:log_source_name logsourcetypename: - x-qradar:log_source_type_name magnitude: - x-qradar:magnitude qid: - x-qradar:qid qidname: - x-qradar:event_name relevance: - x-qradar:relevance severity: - x-qradar:severity