From 4feacbcc16f3700446360ae3b170fc07ae56b823 Mon Sep 17 00:00:00 2001
From: spsocprime <94110440+spsocprime@users.noreply.github.com>
Date: Fri, 2 Aug 2024 09:41:53 +0300
Subject: [PATCH] new mappings

---
 .../mappings/platforms/palo_alto_cortex/default.yml  |  1 +
 .../translator/mappings/platforms/qradar/default.yml | 12 +++++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
index f767249b..3e6d361e 100644
--- a/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
+++ b/uncoder-core/app/translator/mappings/platforms/palo_alto_cortex/default.yml
@@ -139,3 +139,4 @@ field_mapping:
   Workstation: xdm.source.host.hostname
   RegistryKey: xdm.target.registry.key
   RegistryValue: xdm.target.registry.value
+  RegistryValueData: xdm.target.registry.data
\ No newline at end of file
diff --git a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
index 813772e0..d7a96174 100644
--- a/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
+++ b/uncoder-core/app/translator/mappings/platforms/qradar/default.yml
@@ -14,6 +14,8 @@ field_mapping:
     - DstPort
     - DestinationPort
     - remoteport
+  dst-hostname: DstHost
+  src-hostname: SrcHost
   src-port:
     - SourcePort
     - localport
@@ -23,7 +25,6 @@ field_mapping:
     - source_ip
     - SourceIP
     - sourceIP
-    - SrcHost
   dst-ip:
     - DestinationIP
     - destinationip
@@ -31,7 +32,6 @@ field_mapping:
     - destinationIP
     - destinationaddress
     - destination
-    - DstHost
   User:
     - userName
     - EventUserName
@@ -71,6 +71,7 @@ field_mapping:
     - SourceMAC
     - MAC
     - sourceMAC
+    - identityMAC
   DestinationMAC: DestinationMAC
   SourceOS:
     - SourceOS
@@ -89,7 +90,9 @@ field_mapping:
     - Alert Blocked Threat Category
   AnalyzerName: Analyzer Name
   Classification: Classification
-  ResultCode: Alert Reason Code
+  ResultCode: 
+    - Alert Reason Code
+    - Error Code
   Technique: Technique
   Action: Action
   Workstation: Machine Identifier
@@ -97,10 +100,9 @@ field_mapping:
   FileName: 
     - Filename
     - File Name
-    - Encoded Filename
   RegistryKey: 
     - Registry Key
     - Target Object
   RegistryValue: RegistryValue
+  RegistryValueData: Registry Value Data
   ProcessPath: Process Path
-  hasIdentity: hasIdentity