UncoderIO
diff --git a/‎translator/app/translator/mappings/platforms/graylog/aws_cloudtrail.yml‎
Lines changed: 29 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/aws_cloudtrail.yml‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/aws_eks.yml‎
Lines changed: 19 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/aws_eks.yml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/azure_AzureDiagnostics.yml‎
Lines changed: 7 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/azure_AzureDiagnostics.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/azure_BehaviorAnalytics.yml‎
Lines changed: 14 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/azure_BehaviorAnalytics.yml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/azure_aadnoninteractiveusersigninlogs.yml‎
Lines changed: 7 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/azure_aadnoninteractiveusersigninlogs.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/azure_azureactivity.yml‎
Lines changed: 16 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/azure_azureactivity.yml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/azure_azuread.yml‎
Lines changed: 17 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/azure_azuread.yml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/azure_m365.yml‎
Lines changed: 17 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/azure_m365.yml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/azure_signinlogs.yml‎
Lines changed: 23 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/azure_signinlogs.yml‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎translator/app/translator/mappings/platforms/graylog/default.yml‎
Lines changed: 6 additions & 0 deletions b/‎translator/app/translator/mappings/platforms/graylog/default.yml‎
Lines changed: 6 additions & 0 deletions
@@ -0,0 +1,29 @@
+platform: Graylog
+source: aws_cloudtrail
+description: Text that describe current mapping
+
+field_mapping:
+  eventSource: event.provider
+  eventName: event.action
+  AdditionalEventData: AdditionalEventData
+  additionalEventData.MFAUsed: additionalEventData.MFAUsed
+  errorCode: errorCode
+  errorMessage: errorMessage
+  eventType: eventType
+  requestParameters: requestParameters
+  requestParameters.attribute: requestParameters.attribute
+  requestParameters.ipPermissions.items.ipRanges.items.cidrIP:  requestParameters.ipPermissions.items.ipRanges.items.cidrIP
+  requestParameters.ipPermissions.items.ipRanges.items.fromPort: requestParameters.ipPermissions.items.ipRanges.items.fromPort
+  requestParameters.userData: requestParameters.userData
+  responseElements: responseElements
+  responseElements.ConsoleLogin: responseElements.ConsoleLogin
+  responseElements.pendingModifiedValues.masterUserPassword: responseElements.pendingModifiedValues.masterUserPassword
+  responseElements.publiclyAccessible: responseElements.publiclyAccessible
+  status: status
+  terminatingRuleId: terminatingRuleId
+  userAgent: userAgent
+  userIdentity.arn: userIdentity.arn
+  userIdentity.principalId: userIdentity.principalId
+  userIdentity.sessionContext.sessionIssuer.type: userIdentity.sessionContext.sessionIssuer.type
+  userIdentity.type: userIdentity.type
+  userIdentity.userName: userIdentity.userName
@@ -0,0 +1,19 @@
+platform: Graylog
+source: aws_eks
+description: Text that describe current mapping
+
+field_mapping:
+  annotations.authorization.k8s.io\/decision: annotations.authorization.k8s.io\/decision
+  annotations.podsecuritypolicy.policy.k8s.io\/admit-policy: annotations.podsecuritypolicy.policy.k8s.io\/admit-policy
+  aws_node_type: aws_node_type
+  objectRef.namespace: objectRef.namespace
+  objectRef.resource: objectRef.resource
+  objectRef.subresource: objectRef.subresource
+  requestObject.rules.resources: requestObject.rules.resources
+  requestObject.rules.verbs: requestObject.rules.verbs
+  requestObject.spec.containers.image: requestObject.spec.containers.image
+  requestURI: requestURI
+  stage: stage
+  user.groups: user.groups
+  user.username: user.username
+  verb: verb
@@ -0,0 +1,7 @@
+platform: Graylog
+source: azure_AzureDiagnostics
+description: Text that describe current mapping
+
+field_mapping:
+  ResultDescription: ResultDescription
+  Category: Category
@@ -0,0 +1,14 @@
+platform: Graylog
+source: azure_BehaviorAnalytics
+description: Text that describe current mapping
+
+field_mapping:
+  ActionType: ActionType
+  ActivityInsights: ActivityInsights
+  ActivityType: ActivityType
+  EventSource: EventSource
+  DevicesInsights: DevicesInsights
+  RiskDetail: RiskDetail
+  UsersInsights: UsersInsights
+  UsersInsights.IsDormantAccount: UsersInsights.IsDormantAccount
+  UsersInsights.IsNewAccount: UsersInsights.IsNewAccount
@@ -0,0 +1,7 @@
+platform: Graylog
+source: azure_aadnoninteractiveusersigninlogs
+description: Text that describe current mapping
+
+field_mapping:
+  UserAgent: UserAgent
+  Type: Type
@@ -0,0 +1,16 @@
+platform: Graylog
+source: azure_azureactivity
+description: Text that describe current mapping
+
+field_mapping:
+  ActivityStatus: ActivityStatus
+  ActivityStatusValue: ActivityStatusValue
+  ActivitySubstatusValue: ActivitySubstatusValue
+  Authorization: Authorization
+  Category: Category
+  CategoryValue: CategoryValue
+  OperationName: OperationName
+  OperationNameValue: OperationNameValue
+  ResourceId: ResourceId
+  ResourceProviderValue: ResourceProviderValue
+  Type: Type
@@ -0,0 +1,17 @@
+platform: Graylog
+source: azure_azuread
+description: Text that describe current mapping
+
+field_mapping:
+  ActivityDisplayName: event.action
+  Category: azure.auditlogs.properties.category
+  LoggedByService: azure.auditlogs.properties.logged_by_service
+  Result: event.outcome
+  OperationName: OperationName
+  TargetResources: TargetResources
+  AADOperationType: AADOperationType
+  InitiatedBy: InitiatedBy
+  ResultReason: ResultReason
+  Status: Status
+  Status.errorCode: Status.errorCode
+  UserAgent: UserAgent
@@ -0,0 +1,17 @@
+platform: Graylog
+source: azure_m365
+description: Text that describe current mapping
+
+field_mapping:
+  ClientInfoString: ClientInfoString
+  LogonError: LogonError
+  ModifiedProperties: ModifiedProperties
+  OfficeObjectId: OfficeObjectId
+  OfficeWorkload: OfficeWorkload
+  Operation: Operation
+  Parameters: Parameters
+  RecordType: RecordType
+  ResultStatus: ResultStatus
+  SourceFileExtension: SourceFileExtension
+  SourceFileName: SourceFileName
+  UserAgent: UserAgent
@@ -0,0 +1,23 @@
+platform: Graylog
+source: azure_signinlogs
+description: Text that describe current mapping
+
+field_mapping:
+  AppDisplayName: AppDisplayName
+  AppId: AppId
+  AuthenticationRequirement: AuthenticationRequirement
+  Category: Category
+  ConditionalAccessStatus: ConditionalAccessStatus
+  DeviceDetail: DeviceDetail
+  IsInteractive: IsInteractive
+  NetworkLocationDetails: NetworkLocationDetails
+  ResourceDisplayName: ResourceDisplayName
+  ResourceIdentity: ResourceIdentity
+  ResultDescription: ResultDescription
+  ResultType: ResultType
+  Status.errorCode: Status.errorCode
+  Status: Status
+  Status.failureReason: Status.failureReason
+  TokenIssuerType: TokenIssuerType
+  UserAgent: UserAgent
+  UserPrincipalName: UserPrincipalName
@@ -0,0 +1,6 @@
+platform: Graylog
+source: default
+description: Text that describe current mapping
+
+default_log_source:
+  index: ""