Skip to content

Commit

Permalink
Update AWS Athena for OCSF schema support (#1178)
Browse files Browse the repository at this point in the history 
Co-authored-by: Md Azam <mdazam@ca.ibm.com>
  • Loading branch information
@mdazam1942
Arthur Muradyan and mdazam1942 authored Nov 9, 2022
1 parent fa8aa6c commit 2e87d53
Show file tree
Hide file tree
Showing 7 changed files with 449 additions and 42 deletions.
126 changes: 114 additions & 12 deletions stix_shifter_modules/aws_athena/stix_translation/json/ocsf_from_stix_map.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,74 @@
"ipv4-addr": {
"fields": {
"value": [
"src_endpoint.intermediate_ips"
"dst_endpoint.ip",
"src_endpoint.ip"
]
}
},
"ipv6-addr": {
"fields": {
"value": [
"src_endpoint.intermediate_ips"
"dst_endpoint.ip",
"src_endpoint.ip"
]
}
},
"network-traffic": {
"fields": {
"dst_byte_count": [
"traffic.bytes_in"
],
"dst_packets": [
"traffic.packets_in"
],
"dst_port": [
"dst_endpoint.port"
],
"dst_ref.value": [
"dst_endpoint.ip"
],
"extensions.'x-network-ext'.boundary": [
"connection_info.boundary"
],
"extensions.'x-network-ext'.boundary_id": [
"connection_info.boundary_id"
],
"extensions.'x-network-ext'.bytes": [
"traffic.bytes"
],
"extensions.'x-network-ext'.direction": [
"connection_info.direction"
],
"extensions.'x-network-ext'.direction_id": [
"connection_info.direction_id"
],
"extensions.'x-network-ext'.packets": [
"traffic.packets"
],
"extensions.'x-network-ext'.protocol_ver": [
"connection_info.protocol_ver"
],
"extensions.'x-network-ext'.tcp_flags": [
"connection_info.tcp_flags"
],
"protocol": [
"connection_info.protocol_name"
],
"protocols[*]": [
"connection_info.protocol_num"
],
"src_byte_count": [
"traffic.bytes_out"
],
"src_packets": [
"traffic.packets_out"
],
"src_port": [
"src_endpoint.port"
],
"src_ref.value": [
"src_endpoint.ip"
]
}
},
Expand Down Expand Up @@ -124,6 +184,9 @@
"description": [
"observables.value"
],
"dst_ip_ref.value": [
"dst_endpoint.ip"
],
"end": [
"end_time"
],
Expand All @@ -139,31 +202,65 @@
"severity": [
"severity_id"
],
"src_ip_ref.value": [
"src_endpoint.ip"
],
"start": [
"start_time"
],
"time_observed": [
"_time"
]
}
},
"x-oca-asset": {
"fields": {
"extensions.'x-oca-endpoint-ext'.port": [
"src_endpoint.port"
"extensions.'x-dst-endpoint'.instance_uid": [
"dst_endpoint.instance_uid"
],
"extensions.'x-dst-endpoint'.interface_uid": [
"dst_endpoint.interface_uid"
],
"extensions.'x-dst-endpoint'.subnet_uid": [
"dst_endpoint.subnet_uid"
],
"extensions.'x-dst-endpoint'.svc_name": [
"dst_endpoint.svc_name"
],
"extensions.'x-dst-endpoint'.vpc_uid": [
"dst_endpoint.vpc_uid"
],
"extensions.'x-src-endpoint'.instance_uid": [
"src_endpoint.instance_uid"
],
"extensions.'x-oca-endpoint-ext'.svc_name": [
"extensions.'x-src-endpoint'.interface_uid": [
"src_endpoint.interface_uid"
],
"extensions.'x-src-endpoint'.subnet_uid": [
"src_endpoint.subnet_uid"
],
"extensions.'x-src-endpoint'.svc_name": [
"src_endpoint.svc_name"
],
"extensions.'x-src-endpoint'.vpc_uid": [
"src_endpoint.vpc_uid"
],
"ip_refs[*].value": [
"src_endpoint.intermediate_ips"
"dst_endpoint.ip",
"src_endpoint.ip"
],
"name": [
"dst_endpoint.name",
"src_endpoint.name"
]
}
},
"x-oca-event": {
"fields": {
"action": [
"activity",
"activity"
],
"category": [
"category_name"
],
"code": [
Expand All @@ -182,6 +279,12 @@
"module": [
"class_name"
],
"network_ref.dst_ref.value": [
"dst_endpoint.ip"
],
"network_ref.src_ref.value": [
"dst_endpoint.ip"
],
"timezone": [
"timezone_offset"
]
Expand All @@ -201,9 +304,6 @@
"api_version": [
"api.version"
],
"http_request.user_agent": [
"http_request.user_agent"
],
"message": [
"message"
],
Expand All @@ -214,8 +314,7 @@
"cloud.org_uid"
],
"profiles": [
"profiles",
"unmapped.profiles"
"profiles"
],
"project_uid": [
"cloud.project_uid"
Expand Down Expand Up @@ -340,6 +439,9 @@
"uid": [
"http_request.uid"
],
"user_agent": [
"http_request.user_agent"
],
"value": [
"http_request.args"
],
Expand Down
Loading

0 comments on commit 2e87d53

Please sign in to comment.