tungnd27
38 lines
999 B
YAML
38 lines
999 B
YAML
title: StreamAlert field mapping, outputs, publishers and tags
|
|
order: 20
|
|
backends:
|
|
- streamalert
|
|
tags: ["upper"]
|
|
outputs: ["test_output"]
|
|
publishers: [test_publisher]
|
|
fieldmappings:
|
|
AccountName: USERNAME
|
|
CommandLine: COMMAND_LINE
|
|
ComputerName: HOSTNAME
|
|
CurrentDirectory: PROCESS_PATH
|
|
Description: DESCRIPTION
|
|
DestinationHostname: DST_HOSTNAME
|
|
DestinationIp: DST_IP
|
|
DestinationIsIpv6: DST_IPV6
|
|
DestinationPort: DST_PORT
|
|
Image: PROCESS_NAME
|
|
ImageLoaded: PROCESS_LOADED
|
|
ImagePath: PROCESS_PATH
|
|
ParentProcessName: PARENT_NAME
|
|
ParentImage: PARENT_NAME
|
|
Path: PROCESS_PATH
|
|
ProcessCommandLine: cmdline
|
|
ProcessName: PROCESS_NAME
|
|
SourceIp: SRC_IP
|
|
DestinationAddress: DST_IP
|
|
DestPort: DST_PORT
|
|
TargetObject: DST_NAME
|
|
TargetFilename: DST_NAME
|
|
SourceImage: PARENT_NAME
|
|
TargetImage: DST_NAME
|
|
NewProcessName: DST_NAME
|
|
Product: PRODUCT_NAME
|
|
Signature: SIGNATURE
|
|
User: USERNAME
|
|
EventID: EVENT_ID
|