Remove deprecated SourceImage field from aql search (#950)

opencybersecurityalliance · May 25, 2022 · 103285f · 103285f
1 parent 1ab8504
commit 103285f
Show file tree

Hide file tree

Showing 6 changed files with 0 additions and 64 deletions.
diff --git a/stix_shifter_modules/qradar/stix_translation/json/aql_events_fields.json b/stix_shifter_modules/qradar/stix_translation/json/aql_events_fields.json
@@ -51,7 +51,6 @@
     "\"Process CommandLine\" as ProcessCommandLine",
     "ParentCommandLine",
     "TargetImage",
-    "SourceImage",
     "Message",
     "\"Registry Value Name\" as RegistryValueName",
     "\"IMP Hash\" as IMPHash",

diff --git a/stix_shifter_modules/qradar/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/qradar/stix_translation/json/stix_2_1/to_stix_map.json
@@ -811,10 +811,6 @@
     "key": "x-ibm-windows.call_trace",
     "object": "xwin"
   },
-  "SourceImage": {
-    "key": "x-ibm-windows.source_image",
-    "object": "xwin"
-  },
   "PipeName": {
     "key": "x-ibm-windows.pipe_name",
     "object": "xwin"

diff --git a/stix_shifter_modules/qradar/stix_translation/json/to_stix_map.json b/stix_shifter_modules/qradar/stix_translation/json/to_stix_map.json
@@ -831,33 +831,6 @@
       "references": "directory_target_image"
     }
   ],
-  "SourceImage": [
-    {
-      "key": "file.name",
-      "object": "file_image",
-      "transformer": "ToFileName"
-    },
-    {
-      "key": "directory.path",
-      "object": "directory_image",
-      "transformer": "ToDirectoryPath"
-    },
-    {
-      "key": "process.binary_ref",
-      "object": "process",
-      "references": "file_image"
-    },
-    {
-      "key": "file.parent_directory_ref",
-      "object": "file_image",
-      "references": "directory_image"
-    },
-    {
-      "key": "x-oca-event.process_ref",
-      "object": "event",
-      "references": "process"
-    }
-  ],
   "Message": [
     {
       "key": "artifact.payload_bin",

diff --git a/stix_shifter_modules/qradar_perf_test/stix_translation/json/aql_events_fields.json b/stix_shifter_modules/qradar_perf_test/stix_translation/json/aql_events_fields.json
@@ -51,7 +51,6 @@
     "\"Process CommandLine\" as ProcessCommandLine",
     "ParentCommandLine",
     "TargetImage",
-    "SourceImage",
     "Message",
     "\"Registry Value Name\" as RegistryValueName",
     "\"IMP Hash\" as IMPHash",

diff --git a/stix_shifter_modules/qradar_perf_test/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/qradar_perf_test/stix_translation/json/stix_2_1/to_stix_map.json
@@ -799,10 +799,6 @@
     "key": "x-ibm-windows.call_trace",
     "object": "xwin"
   },
-  "SourceImage": {
-    "key": "x-ibm-windows.source_image",
-    "object": "xwin"
-  },
   "PipeName": {
     "key": "x-ibm-windows.pipe_name",
     "object": "xwin"

diff --git a/stix_shifter_modules/qradar_perf_test/stix_translation/json/to_stix_map.json b/stix_shifter_modules/qradar_perf_test/stix_translation/json/to_stix_map.json
@@ -839,33 +839,6 @@
       "references": "directory_target_image"
     }
   ],
-  "SourceImage": [
-    {
-      "key": "file.name",
-      "object": "file_image",
-      "transformer": "ToFileName"
-    },
-    {
-      "key": "directory.path",
-      "object": "directory_image",
-      "transformer": "ToDirectoryPath"
-    },
-    {
-      "key": "process.binary_ref",
-      "object": "process",
-      "references": "file_image"
-    },
-    {
-      "key": "file.parent_directory_ref",
-      "object": "file_image",
-      "references": "directory_image"
-    },
-    {
-      "key": "x-oca-event.process_ref",
-      "object": "event",
-      "references": "process"
-    }
-  ],
   "Message": [
     {
       "key": "artifact.payload_bin",