Dennis Potashnik
129 lines
2.9 KiB
YAML
129 lines
2.9 KiB
YAML
title: Additional STIX mapping for future use
|
|
backends:
|
|
- stix
|
|
order: 10
|
|
fieldmappings:
|
|
record_type:
|
|
- x-dns:record_type
|
|
requestParameters.attribute:
|
|
- x-cloud:request_parameters
|
|
responseElements.publiclyAccessible:
|
|
- x-cloud:publicly_accessible
|
|
errorMessage:
|
|
- x-error:message
|
|
errorCode:
|
|
- x-error:code
|
|
responseElements:
|
|
- x-cloud:response_elements
|
|
requestParameters.userData:
|
|
- x-cloud:request_parameters
|
|
AccessMask:
|
|
- x-windows:accessmask
|
|
Accesses:
|
|
- x-windows:accesses
|
|
CallTrace:
|
|
- x-windows:calltrace
|
|
DestinationIsIpv6:
|
|
- x-windows:destisipv6
|
|
ErrorCode:
|
|
- x-error:code
|
|
ExtendedErrorCode:
|
|
- x-error:code
|
|
- x-error:id
|
|
GrantedAccess:
|
|
- x-windows:grantedaccess
|
|
GroupDomain:
|
|
- x-group:domain
|
|
GroupID:
|
|
- x-group:id
|
|
GroupName:
|
|
- x-group:name
|
|
GroupSecurityID:
|
|
- x-group:security_id
|
|
IMPHash:
|
|
- x-windows:imphash
|
|
Imphash:
|
|
- x-windows:imphash
|
|
ImageTempPath:
|
|
- process:binary_ref.x_temp_path
|
|
InitiatedConnection:
|
|
- x-windows:initiatedconnection
|
|
Initiated:
|
|
- x-windows:initiatedconnection
|
|
IntegrityLevel:
|
|
- x-windows:integritylevel
|
|
LogonType:
|
|
- x-windows:logontype
|
|
ObjectName:
|
|
- x-windows:objectname
|
|
ObjectType:
|
|
- x-windows:objecttype
|
|
PipeName:
|
|
- x-windows:pipename
|
|
QueryName:
|
|
- x-windows:queryname
|
|
QueryResults:
|
|
- x-windows:queryresults
|
|
QueryStatus:
|
|
- x-windows:querystatus
|
|
ShareName:
|
|
- x-windows:sharename
|
|
SharePath:
|
|
- x-windows:sharepath
|
|
Signature:
|
|
- x-windows:signature
|
|
SignatureStatus:
|
|
- x-windows:signaturestatus
|
|
Signed:
|
|
- x-windows:signed
|
|
SourceImageTempPath:
|
|
- x-windows:sourceimagetemppath
|
|
SourceWorkstation:
|
|
- x-windows:sourceworkstation
|
|
StartAddress:
|
|
- x-windows:startaddress
|
|
StartFunction:
|
|
- x-windows:startfunction
|
|
StartModule:
|
|
- x-windows:startmodule
|
|
TargetAccountSecurityID:
|
|
- x-windows:targetaccountsecurityid
|
|
TargetComputerDomain:
|
|
- x-windows:targetcomputerdomain
|
|
TargetComputerName:
|
|
- x-windows:targetcomputername
|
|
TargetDetails:
|
|
- x-windows:targetdetails
|
|
TargetImageName:
|
|
- x-windows:targetimagename
|
|
TargetProcessGuid:
|
|
- x-windows:targetprocessguid
|
|
TargetProcessAddress:
|
|
- x-windows:startaddress
|
|
TargetUserDomain:
|
|
- x-windows:targetuserdomain
|
|
TargetUserName:
|
|
- x-windows:targetusername
|
|
TaskName:
|
|
- x-windows:taskname
|
|
TicketEncryptionType:
|
|
- x-windows:ticketencryptiontype
|
|
event_data.PipeName:
|
|
- x-windows:pipename
|
|
event_data.ServiceFileName:
|
|
- process:extensions.'windows-service-ext'.service_dll_refs[*].name
|
|
event_data.ShareName:
|
|
- x-windows:sharename
|
|
event_data.Signature:
|
|
- x-windows:signature
|
|
event_data.SourceImage:
|
|
- x-windows:sourceimage
|
|
event_data.StartModule:
|
|
- x-windows:startmodule
|
|
event_data.TargetImage:
|
|
- x-windows:targetimage
|
|
key:
|
|
- x-sigma:keywords
|
|
sc-status:
|
|
- x-web:status_code
|