Skip to content

Commit

Permalink
Merge branch 'develop' into to-stix-dialect-mapping-table
Browse files Browse the repository at this point in the history
  • Loading branch information
@mdazam1942
mdazam1942 authored Oct 31, 2023
2 parents 7a7d800 + 1fc9298 commit 18d5820
Show file tree
Hide file tree
Showing 5 changed files with 229 additions and 73 deletions.
4 changes: 2 additions & 2 deletions stix_shifter/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
aioboto3==11.3.0
aioboto3==12.0.0
aiohttp-retry==2.8.3
aiomysql==0.2.0
antlr4-python3-runtime==4.8
Expand All @@ -11,7 +11,7 @@ flask==3.0.0
flatten_json==0.1.13
json-fix==0.5.2
jsonmerge==1.9.2
pyOpenSSL==23.2.0
pyOpenSSL==23.3.0
python-dateutil==2.8.2
requests_toolbelt==0.10.1
stix2-matcher==3.0.0
Expand Down
112 changes: 80 additions & 32 deletions stix_shifter_modules/azure_log_analytics/stix_translation/json/stix_2_1/to_stix_map.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,17 @@
"transformer": "ConvertToReal"
}
],
"EndTime": {
"key": "x-ibm-finding.end",
"object": "finding"
},
"EndTime": [
{
"key": "x-ibm-finding.end",
"object": "finding",
"transformer": "TimestampConversion"
},
{
"key": "last_observed",
"transformer": "TimestampConversion"
}
],
"ExtendedProperties": {
"resourceType": {
"key": "x-cloud-resource.resource_type",
Expand All @@ -59,7 +66,8 @@
},
"ProcessingEndTime": {
"key": "x-ibm-finding.x_processing_endtime",
"object": "finding"
"object": "finding",
"transformer": "TimestampConversion"
},
"ProductComponentName": {
"key": "software.x_product_component_name",
Expand Down Expand Up @@ -88,10 +96,17 @@
"key": "x-cloud-resource.resource_id",
"object": "cloud_resource"
},
"StartTime": {
"key": "x-ibm-finding.start",
"object": "finding"
},
"StartTime": [
{
"key": "x-ibm-finding.start",
"object": "finding",
"transformer": "TimestampConversion"
},
{
"key": "first_observed",
"transformer": "TimestampConversion"
}
],
"Status": {
"key": "x-ibm-finding.x_status",
"object": "finding"
Expand All @@ -118,7 +133,8 @@
},
"TimeGenerated": {
"key": "x-ibm-finding.time_observed",
"object": "finding"
"object": "finding",
"transformer": "TimestampConversion"
},
"Type": {
"key": "x-ibm-finding.finding_type",
Expand Down Expand Up @@ -165,27 +181,37 @@
},
"ClosedTime": {
"key": "x-incident-info.closed_time",
"object": "incident"
"object": "incident",
"transformer": "TimestampConversion"
},
"Comments": {
"key": "x-incident-info.comments",
"object": "incident"
},
"CreatedTime": {
"key": "x-ibm-finding.start",
"object": "finding"
},
"CreatedTime": [
{
"key": "x-ibm-finding.start",
"object": "finding",
"transformer": "TimestampConversion"
},
{
"key": "first_observed",
"transformer": "TimestampConversion"
}
],
"Description": {
"key": "x-ibm-finding.description",
"object": "finding"
},
"FirstActivityTime": {
"key": "x-incident-info.first_activity",
"object": "incident"
"object": "incident",
"transformer": "TimestampConversion"
},
"FirstModifiedTime": {
"key": "x-incident-info.first_modified",
"object": "incident"
"object": "incident",
"transformer": "TimestampConversion"
},
"IncidentName": {
"key": "x-ibm-finding.x_incident_name",
Expand Down Expand Up @@ -216,12 +242,21 @@
},
"LastActivityTime": {
"key": "x-incident-info.last_active",
"object": "incident"
},
"LastModifiedTime": {
"key": "x-ibm-finding.end",
"object": "finding"
"object": "incident",
"transformer": "TimestampConversion"
},
"LastModifiedTime": [
{
"key": "x-ibm-finding.end",
"object": "finding",
"transformer": "TimestampConversion"
},
{
"key": "last_observed",
"transformer": "TimestampConversion"
}

],
"ModifiedBy": {
"key": "x-ibm-finding.x_modified_by",
"object": "finding"
Expand Down Expand Up @@ -280,10 +315,17 @@
"key": "x-ibm-finding.alert_id",
"object": "finding"
},
"PreviousTime": {
"key": "x-ibm-finding.start",
"object": "finding"
},
"PreviousTime": [
{
"key": "x-ibm-finding.start",
"object": "finding",
"transformer": "TimestampConversion"
},
{
"key": "first_observed",
"transformer": "TimestampConversion"
}
],
"EventID": {
"key": "x-oca-event.code",
"object": "event"
Expand Down Expand Up @@ -708,7 +750,8 @@
},
"CreationTimeUtc": {
"key": "process.created",
"object": "process1"
"object": "process1",
"transformer": "TimestampConversion"
},
"ElevationToken": {
"key": "process.x_elevation_token",
Expand All @@ -733,7 +776,8 @@
},
"CreationTimeUtc": {
"key": "process.created",
"object": "parent_process"
"object": "parent_process",
"transformer": "TimestampConversion"
},
"ElevationToken": {
"key": "process.x_elevation_token",
Expand Down Expand Up @@ -958,11 +1002,13 @@
},
"StartTimeUtc": {
"key": "x-host-logon-session.start_time",
"object": "logon_session"
"object": "logon_session",
"transformer": "TimestampConversion"
},
"EndTimeUtc": {
"key": "x-host-logon-session.end_time",
"object": "logon_session"
"object": "logon_session",
"transformer": "TimestampConversion"
}
},
"file": {
Expand Down Expand Up @@ -1054,11 +1100,13 @@
},
"Longitude": {
"key": "x-geo-location.longitude",
"object": "location"
"object": "location",
"transformer": "ToFloat"
},
"Latitude": {
"key": "x-geo-location.latitude",
"object": "location"
"object": "location",
"transformer": "ToFloat"
},
"Organization": {
"key": "x-geo-location.organization",
Expand Down
Loading

0 comments on commit 18d5820

Please sign in to comment.