SumoLogics readme and supported_stix docs update (#1691)

* Update sumologic_supported_stix.md * Update README.md * Update README.md --------- Co-authored-by: DerekRushton <41486484+DerekRushton@users.noreply.github.com>
opencybersecurityalliance · May 30, 2024 · 0b9cbcb · 0b9cbcb
1 parent 9464ebf
commit 0b9cbcb
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/stix_shifter_modules/sumologic/README.md b/stix_shifter_modules/sumologic/README.md
@@ -18,6 +18,10 @@ Result Endpoint: `https://api.sumologic.com/api/v1/search/jobs/<SEARCH_JOB_ID>/m
 
 [SumoLogic Search Job API](https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API)
 
+## Dialects
+
+The connector supports two dialects: the default one and [the cloud_siem one](https://help.sumologic.com/docs/cse/get-started-with-cloud-siem/insight-generation-process/#entities-in-messages-are-mapped-to-entity-type-schema-attributes)
+
 ### Format for making STIX translation calls via the CLI
 
 `python main.py <translator_module> <query or result> <STIX identity object> <data>`

diff --git a/stix_shifter_modules/sumologic/sumologic_supported_stix.md b/stix_shifter_modules/sumologic/sumologic_supported_stix.md
@@ -17,6 +17,7 @@
 | IN | OR |
 | OR (Observation) | OR |
 | AND (Observation) | AND |
+| LIKE | = |
 | <br> | |
 ### Searchable STIX objects and properties
 | STIX Object and Property | Mapped Data Source Fields |
@@ -43,6 +44,39 @@
 | **user-account**:account_created | createdAt |
 | **user-account**:account_last_login | lastLoginTimestamp |
 | <br> | |
+### Searchable STIX objects and properties for Cloud_Siem dialect
+| STIX Object and Property | Mapped Data Source Fields |
+|--|--|
+| **ipv4-addr**:value | device_ip, device_natIp, dns_replyIp, dstDevice_ip, srcDevice_ip, dstDevice_natIp, srcDevice_natIp |
+| **ipv4-addr**:resolves-to-ref.value | srcDevice_mac, dstDevice_mac |
+| **network-traffic**:dst_port | dstPort |
+| **network-traffic**:src_port | srcPort |
+| **network-traffic**:dst_ref.value | dstDevice_ip |
+| **network-traffic**:src_ref.value | srcDevice_ip |
+| **x-oca-event**:network_ref.src_ref.value | srcDevice_ip |
+| **x-oca-event**:network_ref.dst_ref.value | dstDevice_ip |
+| **x-oca-event**:process_ref.binary_ref.name | baseImage |
+| **x-oca-event**:process_ref.command_line | commandLine |
+| **x-oca-event**:parent_process_ref.binary_ref.name | parentBaseImage |
+| **x-oca-event**:user_ref.user_id | user_username, user_username_raw |
+| **x-oca-event**:code | metadata_deviceEventId |
+| **mac-addr**:value | device_mac, srcDevice_mac, dstDevice_mac |
+| **file**:name | baseImage, parentBaseImage, file_basename, file_path |
+| **file**:parent_directory_ref.binary_ref.name | baseImage, parentBaseImage |
+| **file**:hashes.SHA-256 | file_hash_sha256 |
+| **file**:hashes.MD5 | file_hash_md5 |
+| **file**:hashes.SHA-1 | file_hash_sha1 |
+| **directory**:path | baseImage, parentBaseImage, file_path |
+| **process**:binary_ref.name | baseImage, parentBaseImage |
+| **process**:command_line | commandLine |
+| **process**:parent_ref.binary_ref.name | parentBaseImage |
+| **process**:creator_user_ref.user_id | user_username, user_username_raw |
+| **user-account**:user_id | user_username, user_username_raw, fromUser_username, fromUser_username_raw |
+| **user-account**:display_name | user_username, user_username_raw, fromUser_username, fromUser_username_raw |
+| **domain-name**:value | http_referer_fqdn, http_url_fqdn |
+| **url**:value | http_url |
+| **email-addr**:value | targetUser_email, user_email |
+| <br> | |
 ### Supported STIX Objects and Properties for Query Results
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|