diff --git a/adapter-guide/connectors/alertflex_supported_stix.md b/adapter-guide/connectors/alertflex_supported_stix.md
index 256cab017..be7895783 100644
--- a/adapter-guide/connectors/alertflex_supported_stix.md
+++ b/adapter-guide/connectors/alertflex_supported_stix.md
@@ -1,4 +1,21 @@
+##### Updated on 02/04/22
 ## Alertflex
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| = | = |
+| != | != |
+| LIKE | LIKE |
+| IN | IN |
+| MATCHES | LIKE |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | file | name | file |
diff --git a/adapter-guide/connectors/arcsight_supported_stix.md b/adapter-guide/connectors/arcsight_supported_stix.md
index 66a7fb32c..7a13b821c 100644
--- a/adapter-guide/connectors/arcsight_supported_stix.md
+++ b/adapter-guide/connectors/arcsight_supported_stix.md
@@ -1,4 +1,22 @@
+##### Updated on 02/04/22
 ## Micro Focus ArcSight
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | AND |
+| OR | OR |
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| = | = |
+| != | != |
+| LIKE | = |
+| IN | IN |
+| MATCHES | CONTAINS |
+| ISSUBSET | insubnet |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | filePath |
diff --git a/adapter-guide/connectors/aws_athena_supported_stix.md b/adapter-guide/connectors/aws_athena_supported_stix.md
index 34a0f7854..3b50b936a 100644
--- a/adapter-guide/connectors/aws_athena_supported_stix.md
+++ b/adapter-guide/connectors/aws_athena_supported_stix.md
@@ -1,4 +1,21 @@
+##### Updated on 02/04/22
 ## Amazon Athena
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | INTERSECT |
+| OR | UNION |
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| = | = |
+| != | != |
+| LIKE | LIKE |
+| IN | IN |
+| MATCHES | REGEXP_LIKE |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | domain-name | resolves_to_refs | resource_instancedetails_networkinterfaces_0_privateipaddress |
diff --git a/adapter-guide/connectors/aws_cloud_watch_logs_supported_stix.md b/adapter-guide/connectors/aws_cloud_watch_logs_supported_stix.md
index 5fdd7bed9..242c9e135 100644
--- a/adapter-guide/connectors/aws_cloud_watch_logs_supported_stix.md
+++ b/adapter-guide/connectors/aws_cloud_watch_logs_supported_stix.md
@@ -1,4 +1,21 @@
+##### Updated on 02/04/22
 ## Amazon CloudWatch Logs
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| = | = |
+| != | != |
+| LIKE | LIKE |
+| IN | IN |
+| MATCHES | LIKE |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | domain-name | resolves_to_refs | detail_resource_instanceDetails_networkInterfaces_0_privateIpAddress |
diff --git a/adapter-guide/connectors/azure_sentinel_supported_stix.md b/adapter-guide/connectors/azure_sentinel_supported_stix.md
index 9da05d16b..b90f7d182 100644
--- a/adapter-guide/connectors/azure_sentinel_supported_stix.md
+++ b/adapter-guide/connectors/azure_sentinel_supported_stix.md
@@ -1,4 +1,21 @@
+##### Updated on 02/04/22
 ## Microsoft Azure Sentinel
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | and |
+| OR | or |
+| > | gt |
+| >= | ge |
+| < | lt |
+| <= | le |
+| = | eq |
+| != | ne |
+| LIKE | contains |
+| IN | eq |
+| MATCHES | contains |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | path |
@@ -46,6 +63,8 @@
 | process | pid | processId |
 | process | pid | registryKeyStates |
 | <br> | | |
+| software | name | destinationServiceName |
+| software | name | os |
 | software | name | applicationName |
 | software | name | provider |
 | software | vendor | vendor |
@@ -59,48 +78,49 @@
 | <br> | | |
 | windows-registry-key | key | registryKeyStates |
 | <br> | | |
+| x-ibm-finding | dst_application_ref | destinationServiceName |
+| x-ibm-finding | createddatetime | createdDateTime |
+| x-ibm-finding | description | description |
+| x-ibm-finding | src_os_ref.name | os |
+| x-ibm-finding | time_observed | lastModifiedDateTime |
+| x-ibm-finding | dst_geolocation | destinationLocation |
+| x-ibm-finding | dst_ip_ref.value | natDestinationAddress |
+| x-ibm-finding | src_ip_ref.value | natSourceAddress |
+| x-ibm-finding | src_geolocation | sourceLocation |
+| x-ibm-finding | severity | severity |
+| x-ibm-finding | name | title |
+| x-ibm-finding | src_application_user_ref.user_id | aadUserId |
+| x-ibm-finding | src_application_user_ref.type | logonType |
+| <br> | | |
 | x-msazure-sentinel | tenant_id | azureTenantId |
 | x-msazure-sentinel | subscription_id | azureSubscriptionId |
 | <br> | | |
 | x-msazure-sentinel-alert | activityGroupName | activityGroupName |
 | x-msazure-sentinel-alert | assignedTo | assignedTo |
-| x-msazure-sentinel-alert | category | category |
-| x-msazure-sentinel-alert | closedDateTime | closedDateTime |
-| x-msazure-sentinel-alert | cloudAppStates.destinationServiceName | destinationServiceName |
 | x-msazure-sentinel-alert | cloudAppStates.destinationServiceIp | destinationServiceIp |
 | x-msazure-sentinel-alert | cloudAppStates.riskScore | riskScore |
 | x-msazure-sentinel-alert | comments | comments |
 | x-msazure-sentinel-alert | confidence | confidence |
-| x-msazure-sentinel-alert | createddatetime | createdDateTime |
-| x-msazure-sentinel-alert | description | description |
 | x-msazure-sentinel-alert | detectionids | detectionIds |
 | x-msazure-sentinel-alert | feedback | feedback |
 | x-msazure-sentinel-alert | fileStates.riskScore | riskScore |
 | x-msazure-sentinel-alert | hostStates.isAzureAadJoined | isAzureAadJoined |
 | x-msazure-sentinel-alert | hostStates.isAzureAadRegistered | isAzureAadRegistered |
 | x-msazure-sentinel-alert | hostStates.isHybridAzureDomainJoined | isHybridAzureDomainJoined |
-| x-msazure-sentinel-alert | hostStates.os | os |
 | x-msazure-sentinel-alert | hostStates.riskScore | riskScore |
-| x-msazure-sentinel-alert | providerid | id |
 | x-msazure-sentinel-alert | incidentIds | incidentIds |
-| x-msazure-sentinel-alert | lastmodifieddatetime | lastModifiedDateTime |
 | x-msazure-sentinel-alert | malwareStates.category | category |
 | x-msazure-sentinel-alert | malwareStates.family | family |
 | x-msazure-sentinel-alert | malwareStates.name | name |
 | x-msazure-sentinel-alert | malwareStates.severity | severity |
 | x-msazure-sentinel-alert | malwareStates.wasRunning | wasRunning |
-| x-msazure-sentinel-alert | networkConnections.destinationLocation | destinationLocation |
 | x-msazure-sentinel-alert | networkConnections.direction | direction |
 | x-msazure-sentinel-alert | networkConnections.domainRegisteredDateTime | domainRegisteredDateTime |
 | x-msazure-sentinel-alert | networkConnections.localDnsName | localDnsName |
-| x-msazure-sentinel-alert | networkConnections.natDestinationAddress | natDestinationAddress |
 | x-msazure-sentinel-alert | networkConnections.natDestinationPort | natDestinationPort |
-| x-msazure-sentinel-alert | networkConnections.natSourceAddress | natSourceAddress |
 | x-msazure-sentinel-alert | networkConnections.natSourcePort | natSourcePort |
 | x-msazure-sentinel-alert | networkConnections.riskScore | riskScore |
-| x-msazure-sentinel-alert | networkConnections.sourceLocation | sourceLocation |
 | x-msazure-sentinel-alert | networkConnections.status | status |
-| x-msazure-sentinel-alert | networkConnections.urlParameters | urlParameters |
 | x-msazure-sentinel-alert | processes.integrityLevel | integrityLevel |
 | x-msazure-sentinel-alert | processes.isElevated | isElevated |
 | x-msazure-sentinel-alert | recommendedactions | recommendedActions |
@@ -111,25 +131,28 @@
 | x-msazure-sentinel-alert | registryKeyStates.operation | registryKeyStates |
 | x-msazure-sentinel-alert | securityresources.resource | resource |
 | x-msazure-sentinel-alert | securityresources.resourcetype | resourceType |
-| x-msazure-sentinel-alert | severity | severity |
 | x-msazure-sentinel-alert | sourcematerials | sourceMaterials |
 | x-msazure-sentinel-alert | status | status |
 | x-msazure-sentinel-alert | tags | tags |
-| x-msazure-sentinel-alert | title | title |
 | x-msazure-sentinel-alert | triggers.name | name |
 | x-msazure-sentinel-alert | triggers.type | type |
 | x-msazure-sentinel-alert | triggers.value | value |
-| x-msazure-sentinel-alert | userStates.aaduserid | aadUserId |
 | x-msazure-sentinel-alert | userStates.emailrole | emailRole |
 | x-msazure-sentinel-alert | userStates.isvpn | isVpn |
 | x-msazure-sentinel-alert | userStates.logonLocation | logonLocation |
-| x-msazure-sentinel-alert | userStates.logonType | logonType |
 | x-msazure-sentinel-alert | userStates.onpremisessecurityidentifier | onPremisesSecurityIdentifier |
 | x-msazure-sentinel-alert | userStates.riskScore | riskScore |
 | x-msazure-sentinel-alert | userStates.useraccounttype | userAccountType |
 | x-msazure-sentinel-alert | userStates.userPrincipalName | userPrincipalName |
-| x-msazure-sentinel-alert | vendorinformation.subprovider | subProvider |
 | x-msazure-sentinel-alert | vulnerabilityStates.cve | cve |
 | x-msazure-sentinel-alert | vulnerabilityStates.severity | severity |
 | x-msazure-sentinel-alert | vulnerabilityStates.wasRunning | wasRunning |
 | <br> | | |
+| x-oca-event | category | category |
+| x-oca-event | created | createdDateTime |
+| x-oca-event | code | id |
+| x-oca-event | domain_ref.value | urlParameters |
+| x-oca-event | url_ref.value | urlParameters |
+| x-oca-event | action | title |
+| x-oca-event | provider | subProvider |
+| <br> | | |
diff --git a/adapter-guide/connectors/bigfix_supported_stix.md b/adapter-guide/connectors/bigfix_supported_stix.md
index 51033fcd9..d836d44da 100644
--- a/adapter-guide/connectors/bigfix_supported_stix.md
+++ b/adapter-guide/connectors/bigfix_supported_stix.md
@@ -1,4 +1,21 @@
+##### Updated on 02/04/22
 ## HCL BigFix
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| = | = |
+| != | != |
+| LIKE | contains |
+| MATCHES | matches |
+| > | is greater than |
+| >= | is greater than or equal to |
+| < | is less than |
+| <= | is less than or equal to |
+| IN | = |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | file_path |
diff --git a/adapter-guide/connectors/carbonblack_supported_stix.md b/adapter-guide/connectors/carbonblack_supported_stix.md
index 85a935d0b..4da4dbfc1 100644
--- a/adapter-guide/connectors/carbonblack_supported_stix.md
+++ b/adapter-guide/connectors/carbonblack_supported_stix.md
@@ -1,4 +1,18 @@
+##### Updated on 02/04/22
 ## Carbon Black CB Response
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | or |
+| OR | or |
+| = | : |
+| != | : |
+| > | : |
+| >= | : |
+| < | : |
+| <= | : |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | path |
diff --git a/adapter-guide/connectors/cbcloud_supported_stix.md b/adapter-guide/connectors/cbcloud_supported_stix.md
index b2018c9f4..c4f460324 100644
--- a/adapter-guide/connectors/cbcloud_supported_stix.md
+++ b/adapter-guide/connectors/cbcloud_supported_stix.md
@@ -1,4 +1,19 @@
+##### Updated on 02/04/22
 ## Carbon Black Cloud
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | AND |
+| OR | OR |
+| = | : |
+| != | : |
+| > | : |
+| >= | : |
+| < | : |
+| <= | : |
+| IN | : |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | process_path |
diff --git a/adapter-guide/connectors/crowdstrike_supported_stix.md b/adapter-guide/connectors/crowdstrike_supported_stix.md
index e5d99b178..09491f4a0 100644
--- a/adapter-guide/connectors/crowdstrike_supported_stix.md
+++ b/adapter-guide/connectors/crowdstrike_supported_stix.md
@@ -1,4 +1,18 @@
+##### Updated on 02/04/22
 ## CrowdStrike Falcon
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | + |
+| OR | , |
+| = | : |
+| != | :! |
+| > | :> |
+| >= | :>= |
+| < | :< |
+| <= | :<= |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | filepath |
diff --git a/adapter-guide/connectors/cybereason_supported_stix.md b/adapter-guide/connectors/cybereason_supported_stix.md
index 9df33cef5..37e05495f 100644
--- a/adapter-guide/connectors/cybereason_supported_stix.md
+++ b/adapter-guide/connectors/cybereason_supported_stix.md
@@ -1,244 +1,519 @@
-| STIX Object              | STIX Property                             | Data Source Field                        |
-|--------------------------| ----------------------------------------- | ---------------------------------------- |
-| ipv4-addr                | value                                     |   localAddress                           |
-| ipv4-addr                | value                                     |   remoteAddress                          |
-| ipv6-addr                | value                                     |   localAddress                           |
-| ipv6-addr                | value                                     |   remoteAddress                          |
-| network-traffic          | src\_port                                 | localPort                                |
-| network-traffic          | dst\_port                                 |  remotePort                              |
-| network-traffic          | protocols                                 | transportProtocol                        |
-| network-traffic          | src\_ref                                  | localAddress                             |
-| network-traffic          | dst\_ref                                  | remoteAddress                            |
-| network-traffic          | src\_byte\_count                          | aggregatedTransmittedBytesCount          |
-| network-traffic          | dst\_byte\_count                          | aggregatedReceivedBytesCount             |
-| network-traffic          | dst\_byte\_count                          | receivedBytesCount                       |
-| email-addr               | value                                     | emailAddress                             |
-| email-addr               | value                                     | adMail                                   |
-| email-addr               | value                                     | adLogonName                              |
-| domain-name              | value                                     | domainName                               |
-| domain-name              | value                                     | urlDomains                               |
-| domain-name              | value                                     | domainFqdn                               |
-| domain-name              | value                                     | adDNSHostName                            |
-| domain-name              | value                                     | domain                                   |
-| domain-name              | value                                     | adAssociatedDomain                       |
-| url                      | value                                     | pacUrl                                   |
-| mac-addr                 | value                                     | macAddressFormat                         |
-| process                  | command\_line                             | commandLine                              |
-| process                  | command\_line                             | decodedCommandLine                       |
-| process                  | created                                   |  creationTime                            |
-| process                  | created                                   | firstSeen                                |
-| process                  | pid                                       | applicablePid                            |
-| process                  | name                                      | elementDisplayName                       |
-| process                  | name                                      | parentProcess                            |
-| process                  | name                                      | execedBy                                 |
-| process                  | creator\_user\_ref.user\_id               | user                                     |
-| process                  | parent\_ref.pid                           | applicablePid                            |
-| process                  | parent\_ref.name                          | parentProcess                            |
-| process                  | binary\_ref.name                          | elementDisplayName                       |
-| user-account             | user\_id                                  | adSid                                    |
-| user-account             | user\_id                                  | user                                     |
-| user-account             | user\_id                                  | hostUser                                 |
-| user-account             | user\_id                                  | elementDisplayName                       |
-| user-account             | account\_login                            | user                                     |
-| user-account             | account\_login                            | winLogonDetails                          |
-| user-account             | is\_privileged                            | isAdmin                                  |
-| user-account             | display\_name                             |  elementDisplayName                      |
-| user-account             | display\_name                             | adDisplayName                            |
-| user-account             | display\_name                             | adCanonicalName                          |
-| file                     | name                                      | elementDisplayName                       |
-| file                     | name                                      | originalFileName                         |
-| file                     | name                                      | file                                     |
-| file                     | name                                      | file                                     |
-| file                     | name                                      | binaryFile                               |
-| file                     | name                                      | oldBinaryFile                            |
-| file                     | size                                      | size                                     |
-| file                     | hashes.MD5                                | md5String                                |
-| file                     | hashes.SHA-1                              | sha1String                               |
-| file                     | hashes.SHA-256                            | sha256String                             |
-| file                     | parent\_directory\_ref.path               | canonizedPath                            |
-| file                     | parent\_directory\_ref.path               | canonizedPath                            |
-| file                     | parent\_directory\_ref.path               | path                                     |
-| file                     | parent\_directory\_ref.path               | path                                     |
-| file                     | parent\_directory\_ref.path               | unitFilePath                             |
-| directory                |  path                                     | canonizedPath                            |
-| directory                |  path                                     | canonizedPath                            |
-| directory                |  path                                     | path                                     |
-| directory                | path                                      | path                                     |
-| directory                | path                                      | unitFilePath                             |
-| windows-registry-key     | key                                       | elementDisplayName                       |
-| windows-registry-key     | values                                    | value                                    |
-| x-cybereason-file        | company\_name                             |  companyName                             |
-| x-cybereason-file        |  extension\_type                          | extensionType                            |
-| x-cybereason-file        | extension\_type                           | secondExtensionType                      |
-| x-cybereason-file        |  classification\_type                     | maliciousClassificationType              |
-| x-cybereason-file        | description                               | fileDescription                          |
-| x-cybereason-file        | internal\_name                            |  internalName                            |
-| x-cybereason-file        | product\_name                             | productName                              |
-| x-cybereason-file        | product\_type                             | productType                              |
-| x-cybereason-file        |  product\_version                         | productVersion                           |
-| x-cybereason-file        | version                                   | fileVersion                              |
-| x-cybereason-file        |  version                                  | originalVersion                          |
-| x-cybereason-file        |  copyright                                |  legalCopyright                          |
-| x-cybereason-file        | build                                     |  privateBuild                            |
-| x-cybereason-file        |   build                                   | specialBuild                             |
-| x-cybereason-file        |  classification\_link                     | classificationLink                       |
-| x-cybereason-file        |  is\_sign\_verified                       |  signatureVerifiedInternalOrExternal     |
-| x-cybereason-file        | signer                                    | signerInternalOrExternal                 |
-| x-cybereason-file        | signer                                    | signer                                   |
-| x-cybereason-file        |  is\_file\_signed                         | signedInternalOrExternal                 |
-| x-cybereason-file        | registry\_key                             | autorun                                  |
-| x-cybereason-file        |  quarantined\_file\_version               | fileIsQuarantinedVersion                 |
-| x-cybereason-file        |  event                                    |  fileAccessEvents                        |
-| x-cybereason-file        | downloaded\_domain                        | downloadedFromDomain                     |
-| x-cybereason-file        |   owner\_machine                          | ownerMachine                             |
-| x-cybereason-file        |  mount\_point                             | mount                                    |
-| x-cybereason-file        | mounted\_as                               | mountedAs                                |
-| x-cybereason-file        | quarantined\_action                       | fileIsQuarantined                        |
-| x-cybereason-logonsession | session                                   | clientRemoteSession                      |
-| x-cybereason-logonsession |  session                                  | serverRemoteSession                      |
-| x-cybereason-logonsession |  user\_id                                 | LUID                                     |
-| x-cybereason-logonsession | type                                      | logonType                                |
-| x-cybereason-logonsession |  application                              | logonApplication                         |
-| x-cybereason-logonsession |  name                                     | elementDisplayName                       |
-| x-cybereason-logonsession | machine                                   | ownerMachine                             |
-| x-cybereason-logonsession | machine                                   | remoteMachine                            |
-| x-cybereason-logonsession | machine                                   |  remoteNetworkMachine                    |
-| x-cybereason-logonsession | processes                                 | processes                                |
-| x-cybereason-logonsession | proxies                                   | proxies                                  |
-| x-cybereason-logonsession | ip\_address                               | sourceIp                                 |
-| x-oca-asset              |  name                                     | elementDisplayName                       |
-| x-oca-asset              | name                                      | adDisplayName                            |
-| x-oca-asset              | name                                      | adCanonicalName                          |
-| x-oca-asset              | os\_version                               | osVersionType                            |
-| x-oca-asset              | platform                                  | platformArchitecture                     |
-| x-oca-asset              | os\_type                                  | osType                                   |
-| x-oca-asset              |  timezone                                 | timezoneUTCOffsetMinutes                 |
-| x-oca-asset              | mbr\_hash                                 | mbrHashString                            |
-| x-oca-asset              |  hosts\_file                              | hostsFile                                |
-| x-oca-asset              | company                                   | ownerOrganization                        |
-| x-oca-asset              |  department\_or\_unit                     | adOU                                     |
-| x-oca-asset              |  removable\_devices                       | removableDevices                         |
-| x-oca-asset              | last\_communication\_with\_server         | timeStampSinceLastConnectionTime         |
-| x-oca-asset              | activity\_time                            | uptime                                   |
-| x-oca-asset              | model                                     | deviceModel                              |
-| x-oca-asset              |   location                                | adLocation                               |
-| x-oca-asset              | network\_interface                        | networkInterfaces                        |
-| x-cybereason-service     |  execution                                | automaticExecution                       |
-| x-cybereason-service     |  arguments                                | commandLineArguments                     |
-| x-cybereason-service     |  description                              | description                              |
-| x-cybereason-service     | name                                      | displayName                              |
-| x-cybereason-service     |  name                                     | oldServiceStartName                      |
-| x-cybereason-service     | name                                      | elementDisplayName                       |
-| x-cybereason-service     |   name                                    | serviceStartName                         |
-| x-cybereason-service     |  name                                     | service                                  |
-| x-cybereason-service     | name                                      | service                                  |
-| x-cybereason-service     | driver                                    | driver                                   |
-| x-cybereason-service     | state                                     | serviceState                             |
-| x-cybereason-service     |  sub\_state                               | serviceSubState                          |
-| x-cybereason-service     | type                                      | serviceType                              |
-| x-cybereason-service     | start\_type                               | startType                                |
-| x-cybereason-service     | machine                                   | ownerMachine                             |
-| x-cybereason-connection  | name                                      | elementDisplayName                       |
-| x-cybereason-connection  |  location                                 | remoteAddressCountryName                 |
-| x-cybereason-connection  | dns\_query                                | dnsQuery                                 |
-| x-cybereason-connection  | direction                                 | direction                                |
-| x-cybereason-connection  | port\_type                                | portType                                 |
-| x-cybereason-connection  |   state                                   | state                                    |
-| x-cybereason-connection  | remote\_address\_type                     | remoteAddressInternalExternalLocal       |
-| x-cybereason-connection  |  parent\_listening\_socket                | parent                                   |
-| x-cybereason-connection  | classification\_type                      | remoteAddressMaliciousClassificationType |
-| x-cybereason-connection  | machine                                   | ownerMachine                             |
-| x-cybereason-connection  | machine                                   | remoteMachine                            |
-| x-cybereason-connection  | owner\_process                            | ownerProcess                             |
-| x-cybereason-connection  | owner\_process                            | processName                              |
-| x-cybereason-process     | architecture                              | architecture                             |
-| x-cybereason-process     | block\_listed\_domain                     | unresolvedQueryFromBlackListDomain       |
-| x-cybereason-process     | extension\_type                           | imageFileExtensionType                   |
-| x-cybereason-process     |  integrity                                | integrity                                |
-| x-cybereason-process     | thread\_id                                | tid                                      |
-| x-cybereason-process     | openedFiles                               | openedFiles                              |
-| x-cybereason-process     | injection\_method                         | injectionMethod                          |
-| x-cybereason-process     | executed\_a\_file\_with\_malicious\_hash  | maliciousOpenedFiles                     |
-| x-cybereason-process     | machine                                   | ownerMachine                             |
-| x-cybereason-process     | connections                               | connectionsToMaliciousDomain             |
-| x-cybereason-process     | connections                               | connectionsToBlackListDomain             |
-| x-cybereason-process     | connections                               | internalConnections                      |
-| x-cybereason-process     |  connections                              | connectionsToMalwareAddresses            |
-| x-cybereason-process     | connections                               | connections                              |
-| x-cybereason-process     | connections                               | outgoingConnections                      |
-| x-cybereason-process     | connections                               | outgoingConnectionsOfHostProcess         |
-| x-cybereason-process     | connections                               | connectionsOfHostProcess                 |
-| x-cybereason-process     | connections                               | outgoingExternalConnections              |
-| x-cybereason-process     | total\_connections                        | totalNumberOfConnections                 |
-| x-cybereason-process     | powershell\_modules                       | powerShellModules                        |
-| x-cybereason-process     |  loaded\_modules                          | modulesFromTemp                          |
-| x-cybereason-process     |  loaded\_modules                          | loadedModules                            |
-| x-cybereason-process     |  product\_type                            | productType                              |
-| x-cybereason-process     | registry\_events                          | registryEvents                           |
-| x-cybereason-process     | ransomware\_classification\_modules       | ransomwareClassificationModules          |
-| x-cybereason-process     | remote\_session                           | remoteSession                            |
-| x-cybereason-process     | resolved\_dns\_domain\_to\_domain         | resolvedDnsQueriesDomainToDomain         |
-| x-cybereason-process     | resolved\_dns\_domain\_to\_ip             | resolvedDnsQueriesDomainToIp             |
-| x-cybereason-process     | resolved\_dns\_ip\_to\_domain             | resolvedDnsQueriesIpToDomain             |
-| x-cybereason-process     | suspicious\_domain\_to\_domain            | suspiciousDnsQueryDomainToDomain         |
-| x-cybereason-process     | suspicious\_unresolved\_dns               | unresolvedQueryFromSuspiciousDomain      |
-| x-cybereason-process     | suspicious\_external\_connections         | suspiciousExternalConnections            |
-| x-cybereason-process     | suspicious\_internal\_connections         | suspiciousInternalConnections            |
-| x-cybereason-process     |  scheduled\_task                          | scheduledTask                            |
-| x-cybereason-process     | service                                   | service                                  |
-| x-cybereason-process     | received\_bytes                           | totalReceivedBytes                       |
-| x-cybereason-process     | transmitted\_bytes                        | totalTransmittedBytes                    |
-| x-cybereason-process     | unresolved\_domain\_lookups               | unresolvedDnsQueriesFromDomain           |
-| x-cybereason-process     | unresolved\_ip\_lookups                   | unresolvedDnsQueriesFromIp               |
-| x-cybereason-process     | unresolved\_record\_not\_exist            | unresolvedRecordNotExist                 |
-| x-cybereason-process     |  unwanted\_classification\_modules        | unwantedClassificationModules            |
-| x-cybereason-process     |  unsigned\_with\_signed\_version\_modules | unsignedWithSignedVersionModules         |
-| x-cybereason-process     |  well\_known\_port\_connection            | wellKnownPortConnections                 |
-| x-cybereason-process     |  wmi\_activities                          | wmiActivities                            |
-| x-cybereason-user        |  total\_machines                          | numberOfMachines                         |
-| x-cybereason-user        |  privileges                               | privileges                               |
-| x-cybereason-user        |  security\_id                             | sid                                      |
-| x-cybereason-user        |  security\_id                             | adSid                                    |
-| x-cybereason-user        | company                                   | adCompany                                |
-| x-cybereason-user        | country                                   | adCountry                                |
-| x-cybereason-user        |  country                                  | adTextCountry                            |
-| x-cybereason-user        | department                                | adDepartment                             |
-| x-cybereason-user        | member                                    | adMemberOf                               |
-| x-cybereason-user        | organization                              | adOU                                     |
-| x-cybereason-user        | organizational\_unit                      | ownerOrganization                        |
-| x-cybereason-user        | group\_id                                 | adPrimaryGroupID                         |
-| x-cybereason-user        | sam\_account\_name                        | adSamAccountName                         |
-| x-cybereason-user        | logged\_last\_machine                     | ownerMachine                             |
-| x-cybereason-user        | process\_count                            | newProcessesCount                        |
-| x-cybereason-driver      | name                                      | elementDisplayName                       |
-| x-cybereason-driver      |  service                                  | service                                  |
-| x-cybereason-driver      | machine                                   | ownerMachine                             |
-| x-oca-event              |  name                                     | elementDisplayName                       |
-| x-oca-event              | name                                      | elementDisplayName                       |
-| x-oca-event              | name                                      | elementDisplayName                       |
-| x-oca-event              |  detection\_event\_user                   | user                                     |
-| x-oca-event              | file\_event\_user                         | ownerUser                                |
-| x-oca-event              | connection                                | connection                               |
-| x-oca-event              | detection\_value                          | detectionValue                           |
-| x-oca-event              | detection\_value\_type                    | detectionValueType                       |
-| x-oca-event              | status                                    | decisionStatus                           |
-| x-oca-event              | engine                                    | detectionEngine                          |
-| x-oca-event              | script\_engine                            | scriptEngine                             |
-| x-oca-event              |  domain                                   | domain                                   |
-| x-oca-event              | process                                   | process                                  |
-| x-oca-event              | process                                   | registryProcess                          |
-| x-oca-event              | process                                   | ownerProcess                             |
-| x-oca-event              |  collection\_of\_machines                 | machine                                  |
-| x-oca-event              | machine                                   | ownerMachine                             |
-| x-oca-event              | machine                                   | ownerMachine                             |
-| x-oca-event              |  machine                                  | ownerMachine                             |
-| x-oca-event              | file\_event\_type                         | fileEventType                            |
-| x-oca-event              | data                                      | data                                     |
-| x-oca-event              | detection\_time                           | detectionTimesNumber                     |
-| x-oca-event              |  time                                     | firstTime                                |
-| x-oca-event              | time                                      | timestamp                                |
-| x-oca-event              | time                                      | firstAccessTime                          |
-| x-oca-event              | registry\_entry                           | registryEntry                            |
-| x-oca-event              | data\_type                                | registryDataType                         |
-| x-oca-event              | registry\_entry\_type                     | registryEntryType                        |
-| x-oca-event              | operation\_type                           | registryOperationType                    |
\ No newline at end of file
+##### Updated on 02/04/22
+## Cybereason
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | AND |
+| > | GreaterThan |
+| >= | GreaterOrEqualsTo |
+| < | LessThan |
+| <= | LessOrEqualsTo |
+| = | Equals |
+| != | NotEquals |
+| LIKE | ContainsIgnoreCase |
+| IN | Equals |
+| MATCHES | ContainsIgnoreCase |
+| <br> | |
+### Supported STIX Objects and Properties
+| STIX Object | STIX Property | Data Source Field |
+|--|--|--|
+| directory | path | correctedPath |
+| directory | path | canonizedPath |
+| directory | path | path |
+| directory | path | unitFilePath |
+| <br> | | |
+| domain-name | value | domainName |
+| domain-name | value | urlDomains |
+| domain-name | value | adAssociatedDomain |
+| domain-name | value | domainFqdn |
+| domain-name | value | adDNSHostName |
+| <br> | | |
+| email-addr | value | adLogonName |
+| email-addr | value | emailAddress |
+| email-addr | value | adMail |
+| <br> | | |
+| file | name | ownerProcess |
+| file | name | elementDisplayName |
+| file | hashes.SHA-1 | imageFile.sha1String |
+| file | hashes.SHA-256 | imageFile.sha256String |
+| file | hashes.MD5 | imageFile.md5String |
+| file | name | imageFile |
+| file | name | parentProcess |
+| file | name | execedBy |
+| file | hashes.SHA-1 | sha1String |
+| file | hashes.MD5 | md5String |
+| file | hashes.SHA-256 | sha256String |
+| file | created | createdTime |
+| file | modified | modifiedTime |
+| file | size | size |
+| file | parent_directory_ref | correctedPath |
+| file | parent_directory_ref | canonizedPath |
+| file | parent_directory_ref | path |
+| file | extensions.x-cybereason-file.description | fileDescription |
+| file | extensions.x-cybereason-file.version | fileVersion |
+| file | extensions.x-cybereason-file-product.product_name | productName |
+| file | name | originalFileName |
+| file | extensions.x-cybereason-file-product.product_version | productVersion |
+| file | extensions.x-cybereason-file.is_file_signed | signedInternalOrExternal |
+| file | extensions.x-cybereason-file.extension_type | extensionType |
+| file | extensions.x-cybereason-file.is_pefile | isPEFile |
+| file | extensions.x-cybereason-file-product.copyright | legalCopyright |
+| file | extensions.x-cybereason-file.is_sign_verified | signatureVerifiedInternalOrExternal |
+| file | extensions.x-cybereason-file.company_name | companyName |
+| file | extensions.x-cybereason-file.av_remediation_status | avRemediationStatus |
+| file | extensions.x-cybereason-file.signer | signerInternalOrExternal |
+| file | extensions.x-cybereason-file.autoruns | autoruns |
+| file | extensions.x-cybereason-file.owner_machine | ownerMachine |
+| file | extensions.x-cybereason-file.mount | mount |
+| file | extensions.x-cybereason-file.registry_key | autorun |
+| file | extensions.x-cybereason-file.dual_extension_evidence | dualExtensionEvidence |
+| file | extensions.x-cybereason-file.hidden_file_extension_evidence | hiddenFileExtensionEvidence |
+| file | extensions.x-cybereason-file.right_to_left_file_extension_evidence | rightToLeftFileExtensionEvidence |
+| file | extensions.x-cybereason-file.hacking_tool_classification_evidence | hackingToolClassificationEvidence |
+| file | extensions.x-cybereason-file.classification_link | classificationLink |
+| file | extensions.x-cybereason-file.executed_by_process_evidence | executedByProcessEvidence |
+| file | extensions.x-cybereason-file.has_autorun | hasAutorun |
+| file | extensions.x-cybereason-file.is_installer_properties | isInstallerProperties |
+| file | extensions.x-cybereason-file.is_from_removable_device | isFromRemovableDevice |
+| file | extensions.x-cybereason-file-product.product_type | productType |
+| file | extensions.x-cybereason-file.second_extension_type | secondExtensionType |
+| file | extensions.x-cybereason-file.temporary_folder_evidence | temporaryFolderEvidence |
+| file | extensions.x-cybereason-file.multiple_company_names_evidence | multipleCompanyNamesEvidence |
+| file | extensions.x-cybereason-file.multiple_hash_for_unsigned_pe_info_evidence | multipleHashForUnsignedPeInfoEvidence |
+| file | extensions.x-cybereason-file.unsigned_has_signed_version_evidence | unsignedHasSignedVersionEvidence |
+| file | extensions.x-cybereason-file.classification_comment | classificationComment |
+| file | extensions.x-cybereason-file.is_downloaded_from_internet | isDownloadedFromInternet |
+| file | extensions.x-cybereason-file.downloaded_domain | downloadedFromDomain |
+| file | extensions.x-cybereason-file.downloaded_from_ip_address | downloadedFromIpAddress |
+| file | extensions.x-cybereason-file.downloaded_from_url | downloadedFromUrl |
+| file | extensions.x-cybereason-file.downloaded_from_url_referrer | downloadedFromUrlReferrer |
+| file | extensions.x-cybereason-file.downloaded_from_email_from | downloadedFromEmailFrom |
+| file | extensions.x-cybereason-file.downloaded_from_email_message_id | downloadedFromEmailMessageId |
+| file | extensions.x-cybereason-file.downloaded_from_email_subject | downloadedFromEmailSubject |
+| file | extensions.x-cybereason-file.legal_trademarks | legalTrademarks |
+| file | extensions.x-cybereason-file.private_build | privateBuild |
+| file | extensions.x-cybereason-file.special_build | specialBuild |
+| file | extensions.x-cybereason-file.internal_name | internalName |
+| file | extensions.x-cybereason-file.comments | comments |
+| file | extensions.x-cybereason-file.application_identifier | applicationIdentifier |
+| file | name | registryProcess |
+| file | name | process |
+| file | name | file |
+| file | created | creationTime |
+| file | extensions.x-cybereason-file-event.name | elementDisplayName |
+| file | extensions.x-cybereason-file-event.machine | ownerMachine |
+| file | extensions.x-cybereason-file-event.file_info | fileInfo |
+| file | extensions.x-cybereason-file-event.new_path | newPath |
+| file | extensions.x-cybereason-file-event.is_hidden | isHidden |
+| file | name | binaryFile |
+| file | name | oldBinaryFile |
+| file | parent_directory_ref | unitFilePath |
+| <br> | | |
+| ipv4-addr | value | localAddress |
+| ipv4-addr | value | remoteAddress |
+| ipv4-addr | extensions.x-cybereason-networkinterface.name | elementDisplayName |
+| ipv4-addr | extensions.x-cybereason-networkinterface.ip_address | ipAddress |
+| ipv4-addr | extensions.x-cybereason-networkinterface.owner_machine | ownerMachine |
+| ipv4-addr | extensions.x-cybereason-networkinterface.dns_server | dnsServer |
+| ipv4-addr | value | dhcpServer |
+| ipv4-addr | resolves_to_refs | macAddressFormat |
+| ipv4-addr | extensions.x-cybereason-networkinterface.interface_id | id |
+| ipv4-addr | extensions.x-cybereason-networkinterface.proxies | proxies |
+| ipv4-addr | value | sourceIp |
+| <br> | | |
+| ipv6-addr | value | localAddress |
+| ipv6-addr | value | remoteAddress |
+| ipv6-addr | value | dhcpServer |
+| ipv6-addr | value | sourceIp |
+| <br> | | |
+| mac-addr | value | macAddressFormat |
+| <br> | | |
+| network-traffic | src_ref | localAddress |
+| network-traffic | protocols | transportProtocol |
+| network-traffic | dst_ref | remoteAddress |
+| network-traffic | dst_port | remotePort |
+| network-traffic | src_port | localPort |
+| network-traffic | src_byte_count | aggregatedTransmittedBytesCount |
+| network-traffic | dst_byte_count | aggregatedReceivedBytesCount |
+| network-traffic | start | calculatedCreationTime |
+| network-traffic | end | endTime |
+| network-traffic | extensions.x-cybereason-connection.direction | direction |
+| network-traffic | extensions.x-cybereason-connection.machine | ownerMachine |
+| network-traffic | extensions.x-cybereason-connection.port_type | portType |
+| network-traffic | extensions.x-cybereason-connection.dns_query | dnsQuery |
+| network-traffic | extensions.x-cybereason-connection.port_description | portDescription |
+| network-traffic | extensions.x-cybereason-connection.name | elementDisplayName |
+| network-traffic | extensions.x-cybereason-connection.state | state |
+| network-traffic | extensions.x-cybereason-connection.location | remoteAddressCountryName |
+| network-traffic | extensions.x-cybereason-connection.remote_address_type | remoteAddressInternalExternalLocal |
+| network-traffic | extensions.x-cybereason-connection.parent_listening_socket | parent |
+| network-traffic | extensions.x-cybereason-connection.external_connection | isExternalConnection |
+| network-traffic | extensions.x-cybereason-connection.incoming | isIncoming |
+| network-traffic | extensions.x-cybereason-connection.well_known_port | isWellKnownPort |
+| network-traffic | extensions.x-cybereason-connection.legit_process | isProcessLegit |
+| <br> | | |
+| process | name | ownerProcess |
+| process | binary_ref | ownerProcess |
+| process | name | elementDisplayName |
+| process | binary_ref | elementDisplayName |
+| process | pid | applicablePid |
+| process | command_line | commandLine |
+| process | created | creationTime |
+| process | name | parentProcess |
+| process | parent_ref | parentProcess |
+| process | creator_user_ref | calculatedUser |
+| process | extensions.x-cybereason-process.company_name | imageFile.companyName |
+| process | extensions.x-cybereason-process.product_name | imageFile.productName |
+| process | extensions.x-cybereason-process.machine | ownerMachine |
+| process | extensions.x-cybereason-process.extension_type | imageFileExtensionType |
+| process | extensions.x-cybereason-process.integrity | integrity |
+| process | extensions.x-cybereason-process.tid | tid |
+| process | extensions.x-cybereason-process.is_aggregate | isAggregate |
+| process | extensions.x-cybereason-process.is_dot_net_protected | isDotNetProtected |
+| process | extensions.x-cybereason-process.multiple_size_for_hash_evidence | multipleSizeForHashEvidence |
+| process | extensions.x-cybereason-process.is_verified | isImageFileVerified |
+| process | extensions.x-cybereason-process.multiple_company_evidence | imageFileMultipleCompanyNamesEvidence |
+| process | extensions.x-cybereason-process.multiple_hash_unsigned_pe_evidence | multipleHashForUnsignedPeInfoEvidence |
+| process | extensions.x-cybereason-process.multiple_name_hash_evidence | multipleNameForHashEvidence |
+| process | extensions.x-cybereason-process.unknown_evidence | unknownEvidence |
+| process | extensions.x-cybereason-process.rare_pe_mismatch_evidence | rareHasPeMismatchEvidence |
+| process | extensions.x-cybereason-process.signed_internal_or_external | imageFile.signedInternalOrExternal |
+| process | extensions.x-cybereason-process.unknown_unsigned_sign_company | unknownUnsignedBySigningCompany |
+| process | extensions.x-cybereason-process.unsigned_evidence | imageFileUnsignedEvidence |
+| process | extensions.x-cybereason-process.unsigned_has_signed_version | imageFileUnsignedHasSignedVersionEvidence |
+| process | extensions.x-cybereason-process.signer_internal_or_external | imageFile.signerInternalOrExternal |
+| process | extensions.x-cybereason-process.architecture | architecture |
+| process | extensions.x-cybereason-process.command_line_contains_temp | commandLineContainsTempEvidence |
+| process | extensions.x-cybereason-process.has_children | hasChildren |
+| process | extensions.x-cybereason-process.has_visible_windows | hasVisibleWindows |
+| process | extensions.x-cybereason-process.has_windows | hasWindows |
+| process | extensions.x-cybereason-process.is_installer | isInstaller |
+| process | extensions.x-cybereason-process.is_identified_product | isIdentifiedProduct |
+| process | extensions.x-cybereason-process.has_module_temp_evidence | hasModuleFromTempEvidence |
+| process | extensions.x-cybereason-process.non_executable_extension | nonExecutableExtensionEvidence |
+| process | extensions.x-cybereason-process.is_not_shell_runner | isNotShellRunner |
+| process | extensions.x-cybereason-process.running_from_temp | runningFromTempEvidence |
+| process | extensions.x-cybereason-process.shell_elevated_privileges | shellWithElevatedPrivilegesEvidence |
+| process | extensions.x-cybereason-process.system_user_evidence | systemUserEvidence |
+| process | extensions.x-cybereason-process.unresolved_record_not_exists | multipleUnresolvedRecordNotExistsEvidence |
+| process | extensions.x-cybereason-process.non_default_resolver | hasNonDefaultResolverEvidence |
+| process | extensions.x-cybereason-process.parent_process_not_admin | parentProcessNotAdminUserEvidence |
+| process | extensions.x-cybereason-process.parent_process_removable_device | parentProcessFromRemovableDeviceEvidence |
+| process | extensions.x-cybereason-process.autorun | autorun |
+| process | extensions.x-cybereason-process.children_created_thread | childrenCreatedByThread |
+| process | extensions.x-cybereason-process.elevated_privilege_children | elevatedPrivilegeChildren |
+| process | extensions.x-cybereason-process.hacker_tool_children | hackerToolChildren |
+| process | extensions.x-cybereason-process.host_process | hostProcess |
+| process | extensions.x-cybereason-process.hosted_children | hostedChildren |
+| process | extensions.x-cybereason-process.injected_children | injectedChildren |
+| process | extensions.x-cybereason-process.loaded_modules | loadedModules |
+| process | extensions.x-cybereason-process.logon_session | logonSession |
+| process | extensions.x-cybereason-process.remote_session | remoteSession |
+| process | extensions.x-cybereason-process.service | service |
+| process | name | execedBy |
+| process | extensions.x-cybereason-process.low_ttl_dns_queries | lowTtlDnsQueries |
+| process | extensions.x-cybereason-process.non_default_resolver_queries | nonDefaultResolverQueries |
+| process | extensions.x-cybereason-process.resolved_dns_domain_to_domain | resolvedDnsQueriesDomainToDomain |
+| process | extensions.x-cybereason-process.resolved_dns_domain_to_ip | resolvedDnsQueriesDomainToIp |
+| process | extensions.x-cybereason-process.resolved_dns_ip_to_domain | resolvedDnsQueriesIpToDomain |
+| process | extensions.x-cybereason-process.unresolved_record_not_exist | unresolvedRecordNotExist |
+| process | extensions.x-cybereason-process.unresolved_domain_lookups | unresolvedDnsQueriesFromDomain |
+| process | extensions.x-cybereason-process.unresolved_ip_lookups | unresolvedDnsQueriesFromIp |
+| process | extensions.x-cybereason-process.modules_not_db_list | modulesNotInLoaderDbList |
+| process | extensions.x-cybereason-process.modules_from_temp | modulesFromTemp |
+| process | extensions.x-cybereason-process.unsigned_signed_version_module | unsignedWithSignedVersionModules |
+| process | extensions.x-cybereason-process.unwanted_classification_modules | unwantedClassificationModules |
+| process | extensions.x-cybereason-process.external_connection_evidence | hasRareExternalConnectionEvidence |
+| process | extensions.x-cybereason-process.remote_address_evidence | hasRareRemoteAddressEvidence |
+| process | extensions.x-cybereason-process.high_volume_external_outgoing_connection | hasAbsoluteHighVolumeExternalOutgoingConnectionEvidence |
+| process | extensions.x-cybereason-process.high_data_volume_transmitted_by_unknown_process | highDataVolumeTransmittedByUnknownProcess |
+| process | extensions.x-cybereason-process.high_number_internal_outgoing_embryonic_connections_evidence | absoluteHighNumberOfInternalOutgoingEmbryonicConnectionsEvidence |
+| process | extensions.x-cybereason-process.low_ttl_dns_query_evidence | hasLowTtlDnsQueryEvidence |
+| process | extensions.x-cybereason-process.high_unresolved_to_resolved_rate_evidence | highUnresolvedToResolvedRateEvidence |
+| process | extensions.x-cybereason-process.many_unresolved_record_not_exists_evidence | manyUnresolvedRecordNotExistsEvidence |
+| process | extensions.x-cybereason-process.child_known_hacker_tool_evidence | hasChildKnownHackerToolEvidence |
+| process | extensions.x-cybereason-process.hacking_tool_non_tool_runner_evidence | hackingToolOfNonToolRunnerEvidence |
+| process | extensions.x-cybereason-process.rare_child_process_known_hacker_tool_evidence | hasRareChildProcessKnownHackerToolEvidence |
+| process | extensions.x-cybereason-process.deleted_parent_process_evidence | deletedParentProcessEvidence |
+| process | extensions.x-cybereason-process.dual_extension_name_evidence | dualExtensionNameEvidence |
+| process | extensions.x-cybereason-process.hidden_file_extension_evidence | hiddenFileExtensionEvidence |
+| process | extensions.x-cybereason-process.right_to_left_file_extension_evidence | rightToLeftFileExtensionEvidence |
+| process | extensions.x-cybereason-process.screen_saver_with_children_evidence | screenSaverWithChildrenEvidence |
+| process | extensions.x-cybereason-process.has_pe_floating_code_evidence | hasPeFloatingCodeEvidence |
+| process | extensions.x-cybereason-process.has_section_mismatch_evidence | hasSectionMismatchEvidence |
+| process | extensions.x-cybereason-process.detected_injected_evidence | detectedInjectedEvidence |
+| process | extensions.x-cybereason-process.detected_injecting_evidence | detectedInjectingEvidence |
+| process | extensions.x-cybereason-process.detected_injecting_to_protected_process_evidence | detectedInjectingToProtectedProcessEvidence |
+| process | extensions.x-cybereason-process.has_injected_children | hasInjectedChildren |
+| process | extensions.x-cybereason-process.hosting_injected_thread_evidence | hostingInjectedThreadEvidence |
+| process | extensions.x-cybereason-process.injected_protected_process_evidence | injectedProtectedProcessEvidence |
+| process | extensions.x-cybereason-process.injection_method | injectionMethod |
+| process | extensions.x-cybereason-process.is_hosting_injected_thread | isHostingInjectedThread |
+| process | extensions.x-cybereason-process.high_internal_outgoing_evidence | highInternalOutgoingEmbryonicConnectionRateEvidence |
+| process | extensions.x-cybereason-process.high_number_of_internal_connections_evidence | highNumberOfInternalConnectionsEvidence |
+| process | extensions.x-cybereason-process.new_processes_above_threshold_evidence | newProcessesAboveThresholdEvidence |
+| process | extensions.x-cybereason-process.has_rare_internal_connection_evidence | hasRareInternalConnectionEvidence |
+| process | extensions.x-cybereason-process.elevating_privileges_to_child_evidence | elevatingPrivilegesToChildEvidence |
+| process | extensions.x-cybereason-process.parent_process_not_system_user_evidence | parentProcessNotSystemUserEvidence |
+| process | extensions.x-cybereason-process.privilege_escalation_evidence | privilegeEscalationEvidence |
+| process | extensions.x-cybereason-process.first_execution_of_downloaded_process_evidence | firstExecutionOfDownloadedProcessEvidence |
+| process | extensions.x-cybereason-process.has_autorun | hasAutorun |
+| process | extensions.x-cybereason-process.new_process_evidence | newProcessEvidence |
+| process | extensions.x-cybereason-process.ransomware_auto_remediation_suspended | ransomwareAutoRemediationSuspended |
+| process | extensions.x-cybereason-process.total_num_of_instances | totalNumOfInstances |
+| process | extensions.x-cybereason-process.last_minute_num_of_instances | lastMinuteNumOfInstances |
+| process | extensions.x-cybereason-process.last_seen_time_stamp | lastSeenTimeStamp |
+| process | extensions.x-cybereason-process.wmi_query_strings | wmiQueryStrings |
+| process | extensions.x-cybereason-process.is_executed_by_wmi | isExectuedByWmi |
+| process | extensions.x-cybereason-process.absolute_high_number_of_internal_connections | absoluteHighNumberOfInternalConnectionsEvidence |
+| process | extensions.x-cybereason-process.is_downloaded_from_internet | imageFile.isDownloadedFromInternet |
+| process | extensions.x-cybereason-process.downloaded_from_domain | imageFile.downloadedFromDomain |
+| process | extensions.x-cybereason-process.downloaded_from_ip_address | imageFile.downloadedFromIpAddress |
+| process | extensions.x-cybereason-process.user_id | imageFile.downloadedFromUrl |
+| process | extensions.x-cybereason-process.downloaded_from_url_referrer | imageFile.downloadedFromUrlReferrer |
+| process | extensions.x-cybereason-process.downloaded_from_email_from | imageFile.downloadedFromEmailFrom |
+| process | extensions.x-cybereason-process.downloaded_from_email_message_id | imageFile.downloadedFromEmailMessageId |
+| process | extensions.x-cybereason-process.downloaded_from_email_subject | imageFile.downloadedFromEmailSubject |
+| process | extensions.x-cybereason-process.rpc_requests | rpcRequests |
+| process | extensions.x-cybereason-process.icon_base64 | iconBase64 |
+| process | extensions.x-cybereason-process.matched_white_list_rule_ids | matchedWhiteListRuleIds |
+| process | name | registryProcess |
+| process | binary_ref | registryProcess |
+| process | name | process |
+| process | binary_ref | process |
+| process | created | process.creationTime |
+| process | created | firstSeen |
+| process | created | firstAccessTime |
+| <br> | | |
+| url | value | pacUrl |
+| <br> | | |
+| user-account | user_id | calculatedUser |
+| user-account | user_id | hostUser |
+| user-account | user_id | elementDisplayName |
+| user-account | display_name | elementDisplayName |
+| user-account | user_id | username |
+| user-account | is_privileged | isAdmin |
+| user-account | account_created | adCreated |
+| user-account | extensions.x-cybereason-user.domain | domain |
+| user-account | extensions.x-cybereason-user.organizational_unit | ownerOrganization.name |
+| user-account | extensions.x-cybereason-user.last_logged_machine | ownerMachine |
+| user-account | extensions.x-cybereason-user.is_local_system | isLocalSystem |
+| user-account | extensions.x-cybereason-user.department | adDepartment |
+| user-account | extensions.x-cybereason-user.country | adCountry |
+| user-account | extensions.x-cybereason-user.company | adCompany |
+| user-account | extensions.x-cybereason-user.total_machines | numberOfMachines |
+| user-account | extensions.x-cybereason-user.password_age_days | passwordAgeDays |
+| user-account | extensions.x-cybereason-user.privileges | privileges |
+| user-account | extensions.x-cybereason-user.comment | comment |
+| user-account | extensions.x-cybereason-user.canonical_name | adCanonicalName |
+| user-account | display_name | adDisplayName |
+| user-account | extensions.x-cybereason-user.member_of | adMemberOf |
+| user-account | extensions.x-cybereason-user.organization | adOU |
+| user-account | extensions.x-cybereason-user.group_id | adPrimaryGroupID |
+| user-account | extensions.x-cybereason-user.sam_account_name | adSamAccountName |
+| user-account | extensions.x-cybereason-user.title | adTitle |
+| user-account | extensions.x-cybereason-user.sid | sid |
+| user-account | extensions.x-cybereason-user.has_power_tool | hasPowerTool |
+| user-account | extensions.x-cybereason-user.unusual_process_ext_connection | hasRareProcessWithExternalConnections |
+| user-account | user_id | user |
+| user-account | user_id | adSid |
+| user-account | account_login | user |
+| <br> | | |
+| windows-registry-key | extensions.x-cybereason-registry-event.name | elementDisplayName |
+| windows-registry-key | extensions.x-cybereason-registry-event.registry_operation_type | registryOperationType |
+| windows-registry-key | extensions.x-cybereason-registry-event.first_seen | firstTime |
+| windows-registry-key | extensions.x-cybereason-registry-event.last_seen | timestamp |
+| windows-registry-key | extensions.x-cybereason-registry-event.detection_time_number | detectionTimesNumber |
+| windows-registry-key | key | registryEntry |
+| windows-registry-key | extensions.x-cybereason-registry-event.owner_machine | ownerMachine |
+| windows-registry-key | key | elementDisplayName |
+| windows-registry-key | extensions.x-cybereason-registryentry.value | value |
+| windows-registry-key | extensions.x-cybereason-registryentry.depend_in_file | dependInFile |
+| windows-registry-key | extensions.x-cybereason-registryentry.owner_machine | ownerMachine |
+| windows-registry-key | extensions.x-cybereason-registryentry.is_pointing_to_tmp | isPointingToTemp |
+| windows-registry-key | extensions.x-cybereason-registryentry.registry_entry | registryEntry |
+| windows-registry-key | extensions.x-cybereason-registryentry.end_time | endTime |
+| <br> | | |
+| x-cybereason-connection | has_external_connection | hasExternalConnection |
+| x-cybereason-connection | external_connection_known_port | hasExternalConnectionToWellKnownPortEvidence |
+| x-cybereason-connection | has_incoming_connection | hasIncomingConnection |
+| x-cybereason-connection | has_internal_connection | hasInternalConnection |
+| x-cybereason-connection | mail_connection_for_non_mail_process | hasMailConnectionForNonMailProcessEvidence |
+| x-cybereason-connection | has_listening_connection | hasListeningConnection |
+| x-cybereason-connection | has_outgoing_connection | hasOutgoingConnection |
+| x-cybereason-connection | has_unresolved_dns_query | hasUnresolvedDnsQueriesFromDomain |
+| x-cybereason-connection | connections | connections |
+| x-cybereason-connection | external_connections | externalConnections |
+| x-cybereason-connection | absolute_high_vol_external_connections | absoluteHighVolumeExternalConnections |
+| x-cybereason-connection | incoming_connections | incomingConnections |
+| x-cybereason-connection | incoming_external_connections | incomingExternalConnections |
+| x-cybereason-connection | incoming_internal_connections | incomingInternalConnections |
+| x-cybereason-connection | internal_connections | internalConnections |
+| x-cybereason-connection | listening_connections | listeningConnections |
+| x-cybereason-connection | local_connections | localConnections |
+| x-cybereason-connection | mail_connections | mailConnections |
+| x-cybereason-connection | outgoing_connections | outgoingConnections |
+| x-cybereason-connection | outgoing_external_connections | outgoingExternalConnections |
+| x-cybereason-connection | outgoing_internal_connections | outgoingInternalConnections |
+| x-cybereason-connection | well_known_port_connections | wellKnownPortConnections |
+| <br> | | |
+| x-cybereason-detectionevent | process_name | process.calculatedName |
+| x-cybereason-detectionevent | user | process.calculatedUser |
+| x-cybereason-detectionevent | end_time | process.endTime |
+| x-cybereason-detectionevent | classification_type | process.imageFile.maliciousClassificationType |
+| <br> | | |
+| x-cybereason-driver | file_ref | file |
+| x-cybereason-driver | name | elementDisplayName |
+| x-cybereason-driver | machine | ownerMachine |
+| x-cybereason-driver | service | service |
+| x-cybereason-driver | end_time | endTime |
+| x-cybereason-driver | new_driver_evidence | newDriverEvidence |
+| <br> | | |
+| x-cybereason-logonsession | name | elementDisplayName |
+| x-cybereason-logonsession | processes | processes |
+| x-cybereason-logonsession | owner_machine | ownerMachine |
+| x-cybereason-logonsession | remote_machine | remoteMachine |
+| x-cybereason-logonsession | logon_type | logonType |
+| x-cybereason-logonsession | creation_time | creationTime |
+| x-cybereason-logonsession | last_seen | lastSeenTime |
+| x-cybereason-logonsession | application | logonApplication |
+| x-cybereason-logonsession | end_time | endTime |
+| <br> | | |
+| x-cybereason-malops | malops | hasMalops |
+| x-cybereason-malops | suspicions | hasSuspicions |
+| x-cybereason-malops | related_to_malop | relatedToMalop |
+| x-cybereason-malops | malware_process | isProcessMalware |
+| x-cybereason-malops | has_malops | hasMalops |
+| x-cybereason-malops | has_suspicions | hasSuspicions |
+| x-cybereason-malops | malicious_tool_suspicion | knownMaliciousToolSuspicion |
+| x-cybereason-malops | malware_suspicion | knownMalwareSuspicion |
+| x-cybereason-malops | unwanted_suspicion | knownUnwantedSuspicion |
+| x-cybereason-malops | malicious_hash_evidence | isMaliciousByHashEvidence |
+| x-cybereason-malops | unwanted_module_suspicion | unwantedModuleSuspicion |
+| x-cybereason-malops | has_classification | hasClassification |
+| x-cybereason-malops | non_shell_runner_suspicion | shellOfNonShellRunnerSuspicion |
+| x-cybereason-malops | parent_process_not_hierarchy_suspicion | parentProcessNotMatchHierarchySuspicion |
+| x-cybereason-malops | connections_to_malicious_domain | connectionsToMaliciousDomain |
+| x-cybereason-malops | connections_to_malware_addresses | connectionsToMalwareAddresses |
+| x-cybereason-malops | absolute_high_vol_malicious_address_connections | absoluteHighVolumeMaliciousAddressConnections |
+| x-cybereason-malops | suspicious_external_connections | suspiciousExternalConnections |
+| x-cybereason-malops | suspicious_internal_connections | suspiciousInternalConnections |
+| x-cybereason-malops | suspicious_domain_to_domain | suspiciousDnsQueryDomainToDomain |
+| x-cybereason-malops | suspicious_unresolved_dns | unresolvedQueryFromSuspiciousDomain |
+| x-cybereason-malops | dns_query_from_suspicious_domain | dnsQueryFromSuspiciousDomain |
+| x-cybereason-malops | dns_query_to_suspicious_domain | dnsQueryToSuspiciousDomain |
+| x-cybereason-malops | malicious_tool_classification_modules | maliciousToolClassificationModules |
+| x-cybereason-malops | malware_classification_modules | malwareClassificationModules |
+| x-cybereason-malops | access_to_malware_address_infected_process | accessToMalwareAddressInfectedProcess |
+| x-cybereason-malops | connecting_to_bad_reputation_address_suspicion | connectingToBadReputationAddressSuspicion |
+| x-cybereason-malops | has_malicious_connection_evidence | hasMaliciousConnectionEvidence |
+| x-cybereason-malops | has_suspicious_external_connection_suspicion | hasSuspiciousExternalConnectionSuspicion |
+| x-cybereason-malops | high_number_of_external_connections_suspicion | highNumberOfExternalConnectionsSuspicion |
+| x-cybereason-malops | non_default_resolver_suspicion | nonDefaultResolverSuspicion |
+| x-cybereason-malops | suspicious_mail_connections | suspiciousMailConnections |
+| x-cybereason-malops | access_to_malware_address | accessToMalwareAddressByUnknownProcess |
+| x-cybereason-malops | high_volume_connection_to_malicious_address | hasAbsoluteHighVolumeConnectionToMaliciousAddressEvidence |
+| x-cybereason-malops | high_data_transmitted_suspicion | highDataTransmittedSuspicion |
+| x-cybereason-malops | high_data_volume_transmitted_to_malicious_address_suspicion | highDataVolumeTransmittedToMaliciousAddressSuspicion |
+| x-cybereason-malops | dga_suspicion | dgaSuspicion |
+| x-cybereason-malops | hacking_tool_non_tool_runner_suspicion | hackingToolOfNonToolRunnerSuspicion |
+| x-cybereason-malops | malicious_tool_module_suspicion | maliciousToolModuleSuspicion |
+| x-cybereason-malops | malware_module_suspicion | malwareModuleSuspicion |
+| x-cybereason-malops | suspicions_screen_saver_evidence | suspicionsScreenSaverEvidence |
+| x-cybereason-malops | malicious_injecting_code_suspicion | maliciousInjectingCodeSuspicion |
+| x-cybereason-malops | injected_code_suspicion | maliciousInjectedCodeSuspicion |
+| x-cybereason-malops | pe_execution_suspicion | maliciousPeExecutionSuspicion |
+| x-cybereason-malops | suspicious_internal_connection | hasSuspiciousInternalConnectionEvidence |
+| x-cybereason-malops | marked_for_prevention | markedForPrevention |
+| x-cybereason-malops | scanning_process_suspicion | scanningProcessSuspicion |
+| x-cybereason-malops | malicious_classification_type | imageFile.maliciousClassificationType |
+| x-cybereason-malops | execution_prevented | executionPrevented |
+| x-cybereason-malops | is_white_list_classification | isWhiteListClassification |
+| x-cybereason-malops | classification_type | maliciousClassificationType |
+| x-cybereason-malops | classification_blocking | classificationBlocking |
+| x-cybereason-malops | has_malicious_process | hasMaliciousProcess |
+| x-cybereason-malops | has_suspicious_process | hasSuspiciousProcess |
+| x-cybereason-malops | running_malicious_process_evidence | runningMaliciousProcessEvidence |
+| x-cybereason-malops | is_isolated | isIsolated |
+| x-cybereason-malops | suspicious_process_or_file | isSuspiciousOrHasSuspiciousProcessOrFile |
+| x-cybereason-malops | malicious_tools | maliciousTools |
+| x-cybereason-malops | malicious_processes | maliciousProcesses |
+| x-cybereason-malops | suspicious_processes | suspiciousProcesses |
+| <br> | | |
+| x-cybereason-proxy | name | elementDisplayName |
+| x-cybereason-proxy | discovery_type | discoveryType |
+| x-cybereason-proxy | host | host |
+| x-cybereason-proxy | ip_address | ipAddress |
+| x-cybereason-proxy | pac_url | pacUrl |
+| x-cybereason-proxy | port | port |
+| <br> | | |
+| x-cybereason-service | name | elementDisplayName |
+| x-cybereason-service | file_ref | binaryFile |
+| x-cybereason-service | file_ref | oldBinaryFile |
+| x-cybereason-service | machine | ownerMachine |
+| x-cybereason-service | start_name | serviceStartName |
+| x-cybereason-service | arguments | commandLineArguments |
+| x-cybereason-service | description | description |
+| x-cybereason-service | display_name | displayName |
+| x-cybereason-service | end_time | endTime |
+| x-cybereason-service | is_active | isActive |
+| x-cybereason-service | start_type | startType |
+| x-cybereason-service | state | serviceState |
+| x-cybereason-service | sub_state | serviceSubState |
+| x-cybereason-service | auto_restart_service | isAutoRestartService |
+| x-cybereason-service | new_service_evidence | newServiceEvidence |
+| x-cybereason-service | rare_service_evidence | rareServiceEvidence |
+| x-cybereason-service | type | serviceType |
+| x-cybereason-service | driver | driver |
+| <br> | | |
+| x-oca-asset | user_ref | username |
+| x-oca-asset | active_probe_connected | ownerMachine.isActiveProbeConnected |
+| x-oca-asset | os_version | ownerMachine.osVersionType |
+| x-oca-asset | name | elementDisplayName |
+| x-oca-asset | mount_points | mountPoints |
+| x-oca-asset | processes | processes |
+| x-oca-asset | services | services |
+| x-oca-asset | logon_sessions | logonSessions |
+| x-oca-asset | has_removable_device | hasRemovableDevice |
+| x-oca-asset | timezone | timezoneUTCOffsetMinutes |
+| x-oca-asset | version_type | osVersionType |
+| x-oca-asset | platform | platformArchitecture |
+| x-oca-asset | mbr_hash | mbrHashString |
+| x-oca-asset | os_type | osType |
+| x-oca-asset | owner_organization | ownerOrganization |
+| x-oca-asset | pylum_id | pylumId |
+| x-oca-asset | department_or_unit | adOU |
+| x-oca-asset | ad_organization | adOrganization |
+| x-oca-asset | name | adCanonicalName |
+| x-oca-asset | ad_company | adCompany |
+| x-oca-asset | department | adDepartment |
+| x-oca-asset | name | adDisplayName |
+| x-oca-asset | location | adLocation |
+| x-oca-asset | machine_role | adMachineRole |
+| x-oca-asset | description | adDescription |
+| x-oca-asset | free_disk_space | freeDiskSpace |
+| x-oca-asset | total_disk_space | totalDiskSpace |
+| x-oca-asset | free_memory | freeMemory |
+| x-oca-asset | total_memory | totalMemory |
+| x-oca-asset | cpu_count | cpuCount |
+| x-oca-asset | is_laptop | isLaptop |
+| x-oca-asset | model | deviceModel |
+| x-oca-asset | is_active_probe_connected | isActiveProbeConnected |
+| x-oca-asset | activity_time | uptime |
+| x-oca-asset | last_communication_with_server | timeStampSinceLastConnectionTime |
+| <br> | | |
+| x-oca-event | network_ref | transportProtocol |
+| x-oca-event | file_ref | elementDisplayName |
+| x-oca-event | name | elementDisplayName |
+| x-oca-event | user_ref | user |
+| x-oca-event | engine | detectionEngine |
+| x-oca-event | status | decisionStatus |
+| x-oca-event | detection_value | detectionValue |
+| x-oca-event | machine | ownerMachine |
+| x-oca-event | detection_value_type | detectionValueType |
+| x-oca-event | file_event_type | fileEventType |
+| x-oca-event | src_ref | sourceIp |
+| <br> | | |
+| x-windows-registry-value-type | data_type | registryDataType |
+| x-windows-registry-value-type | data | data |
+| <br> | | |
diff --git a/adapter-guide/connectors/datadog_supported_stix.md b/adapter-guide/connectors/datadog_supported_stix.md
index 7b74ba24f..c7a44c111 100644
--- a/adapter-guide/connectors/datadog_supported_stix.md
+++ b/adapter-guide/connectors/datadog_supported_stix.md
@@ -1,5 +1,14 @@
-##### Updated on 10/29/21
+##### Updated on 02/04/22
 ## Datadog
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| = | : |
+| IN | : |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | artifact | payload_bin | text |
diff --git a/adapter-guide/connectors/elastic_ecs_supported_stix.md b/adapter-guide/connectors/elastic_ecs_supported_stix.md
index d8c9c5ada..597ef56c4 100644
--- a/adapter-guide/connectors/elastic_ecs_supported_stix.md
+++ b/adapter-guide/connectors/elastic_ecs_supported_stix.md
@@ -1,5 +1,23 @@
-##### Updated on 10/29/21
+##### Updated on 02/04/22
 ## Elasticsearch ECS
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| > | :> |
+| >= | :>= |
+| < | :< |
+| <= | :<= |
+| = | : |
+| != | NOT |
+| LIKE | : |
+| IN | : |
+| MATCHES | : |
+| ISSUBSET | : |
+| ISSUPERSET | : |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | artifact | payload_bin | original |
diff --git a/adapter-guide/connectors/guardium_supported_stix.md b/adapter-guide/connectors/guardium_supported_stix.md
index e293c9fd7..9dc49c02c 100644
--- a/adapter-guide/connectors/guardium_supported_stix.md
+++ b/adapter-guide/connectors/guardium_supported_stix.md
@@ -1,4 +1,13 @@
+##### Updated on 02/04/22
 ## IBM Guardium Data Protection
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| = | = |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | artifact | payload_bin | Payload |
diff --git a/adapter-guide/connectors/msatp_supported_stix.md b/adapter-guide/connectors/msatp_supported_stix.md
index f28a1ee55..432839a96 100644
--- a/adapter-guide/connectors/msatp_supported_stix.md
+++ b/adapter-guide/connectors/msatp_supported_stix.md
@@ -1,4 +1,21 @@
+##### Updated on 02/04/22
 ## Microsoft Defender for Endpoint
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | or |
+| OR | or |
+| = | == |
+| != | != |
+| LIKE | contains |
+| MATCHES | matches |
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| IN | in~ |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | InitiatingProcessFolderPath |
diff --git a/adapter-guide/connectors/onelogin_supported_stix.md b/adapter-guide/connectors/onelogin_supported_stix.md
index ebe246989..fa1385753 100644
--- a/adapter-guide/connectors/onelogin_supported_stix.md
+++ b/adapter-guide/connectors/onelogin_supported_stix.md
@@ -1,5 +1,13 @@
-##### Updated on 09/28/21
+##### Updated on 02/04/22
 ## OneLogin
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | or |
+| = | = |
+| OR | or |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | ipv4-addr | value | ipaddr |
diff --git a/adapter-guide/connectors/proofpoint_supported_stix.md b/adapter-guide/connectors/proofpoint_supported_stix.md
index 086b5ee59..39bfdfb70 100644
--- a/adapter-guide/connectors/proofpoint_supported_stix.md
+++ b/adapter-guide/connectors/proofpoint_supported_stix.md
@@ -1,5 +1,21 @@
-##### Updated on 10/29/21
+##### Updated on 02/04/22
 ## Proofpoint (SIEM API)
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| = | = |
+| != | != |
+| LIKE | LIKE |
+| IN | IN |
+| MATCHES | LIKE |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | email-addr | value | ccAddresses |
diff --git a/adapter-guide/connectors/qradar_supported_stix.md b/adapter-guide/connectors/qradar_supported_stix.md
index f8017e26b..2fc7a7cf1 100644
--- a/adapter-guide/connectors/qradar_supported_stix.md
+++ b/adapter-guide/connectors/qradar_supported_stix.md
@@ -1,5 +1,22 @@
-##### Updated on 11/09/21
+##### Updated on 02/04/22
 ## IBM QRadar
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| = | = |
+| != | != |
+| LIKE | LIKE |
+| IN | IN |
+| MATCHES | MATCHES |
+| ISSUBSET | INCIDR |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | artifact | payload_bin | UTF8(payload) |
@@ -14,6 +31,8 @@
 | directory | path | "File Path" |
 | directory | path | Image |
 | directory | path | ParentImage |
+| directory | path | TargetImage |
+| directory | path | SourceImage |
 | directory | path | ServiceFileName |
 | <br> | | |
 | domain-name | value | UrlHost |
@@ -34,12 +53,12 @@
 | file | parent_directory_ref | Image |
 | file | name | ParentImage |
 | file | parent_directory_ref | ParentImage |
-| file | name | ServiceFileName |
-| file | parent_directory_ref | ServiceFileName |
 | file | name | TargetImage |
 | file | parent_directory_ref | TargetImage |
 | file | name | SourceImage |
 | file | parent_directory_ref | SourceImage |
+| file | name | ServiceFileName |
+| file | parent_directory_ref | ServiceFileName |
 | <br> | | |
 | ipv4-addr | value | identityip |
 | ipv4-addr | value | destinationaddress |
@@ -83,7 +102,6 @@
 | process | creator_user_ref | username |
 | process | binary_ref | Image |
 | process | binary_ref | ParentImage |
-| process | binary_ref | TargetImage |
 | process | parent_ref | ParentImage |
 | process | command_line | "Process CommandLine" |
 | process | command_line | ParentCommandLine |
@@ -92,6 +110,8 @@
 | process | pid | "Process ID" |
 | process | pid | "Parent Process ID" |
 | process | parent_ref | "Parent Process ID" |
+| process | binary_ref | TargetImage |
+| process | binary_ref | SourceImage |
 | process | extensions.windows-service-ext.service_dll_refs | ServiceFileName |
 | <br> | | |
 | software | name | applicationname |
@@ -125,6 +145,7 @@
 | x-oca-asset | hostname | identityhostname |
 | x-oca-asset | ip_refs | sourceaddress |
 | x-oca-asset | mac_refs | sourcemac |
+| x-oca-asset | hostname | "Machine ID" |
 | <br> | | |
 | x-oca-event | user_ref | username |
 | x-oca-event | outcome | CATEGORYNAME(category) |
@@ -155,8 +176,10 @@
 | x-oca-event | parent_process_ref | "Parent Process ID" |
 | x-oca-event | registry_ref | ObjectName |
 | x-oca-event | registry_ref | "Registry Value Name" |
+| x-oca-event | process_ref | SourceImage |
 | x-oca-event | original_ref | Message |
 | x-oca-event | original | Message |
+| x-oca-event | host_ref | "Machine ID" |
 | <br> | | |
 | x-qradar | category_id | category |
 | x-qradar | high_level_category_id | highlevelcategory |
diff --git a/adapter-guide/connectors/secretserver_supported_stix.md b/adapter-guide/connectors/secretserver_supported_stix.md
index 5751a34ec..ec9749073 100644
--- a/adapter-guide/connectors/secretserver_supported_stix.md
+++ b/adapter-guide/connectors/secretserver_supported_stix.md
@@ -1,5 +1,21 @@
-##### Updated on 09/28/21
+##### Updated on 02/04/22
 ## Secret Server
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | OR |
+| OR | OR |
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| = | = |
+| != | != |
+| LIKE | LIKE |
+| IN | IN |
+| MATCHES | LIKE |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | ipv4-addr | value | IpAddress |
diff --git a/adapter-guide/connectors/splunk_supported_stix.md b/adapter-guide/connectors/splunk_supported_stix.md
index d8a167f7a..b80e099d2 100644
--- a/adapter-guide/connectors/splunk_supported_stix.md
+++ b/adapter-guide/connectors/splunk_supported_stix.md
@@ -1,5 +1,23 @@
-##### Updated on 09/28/21
+##### Updated on 02/04/22
 ## Splunk Enterprise Security
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| > | > |
+| >= | >= |
+| < | < |
+| <= | <= |
+| = | = |
+| != | != |
+| LIKE | encoders.like |
+| IN | encoders.set |
+| MATCHES | encoders.matches |
+| AND | {expr1} OR {expr2} |
+| OR | {expr1} OR {expr2} |
+| ISSUBSET | = |
+| FOLLOWEDBY | latest=[search {expr2} | append [makeresults 1 | eval _time=0] | head 1 | return $_time] | where {expr1} |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | artifact | payload_bin | _raw |
diff --git a/adapter-guide/connectors/sumologic_supported_stix.md b/adapter-guide/connectors/sumologic_supported_stix.md
index c628abcc9..b87a1317b 100644
--- a/adapter-guide/connectors/sumologic_supported_stix.md
+++ b/adapter-guide/connectors/sumologic_supported_stix.md
@@ -1,5 +1,13 @@
-##### Updated on 10/29/21
+##### Updated on 02/04/22
 ## Sumo Logic
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | AND |
+| OR | OR |
+| = | = |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | artifact | payload_bin | _raw |
diff --git a/adapter-guide/connectors/trendmicro_vision_one_supported_stix.md b/adapter-guide/connectors/trendmicro_vision_one_supported_stix.md
index ba4b2b127..bc24583ae 100644
--- a/adapter-guide/connectors/trendmicro_vision_one_supported_stix.md
+++ b/adapter-guide/connectors/trendmicro_vision_one_supported_stix.md
@@ -1,4 +1,15 @@
+##### Updated on 02/04/22
 ## Trend Micro Vision One
+### Supported STIX Operators
+| STIX Operator | Data Source Operator |
+|--|--|
+| AND | AND |
+| OR | OR |
+| = | : |
+| != | : |
+| LIKE | : |
+| <br> | |
+### Supported STIX Objects and Properties
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | objectFilePath |
diff --git a/stix_shifter/scripts/supported_property_exporter.py b/stix_shifter/scripts/supported_property_exporter.py
index dbf0fa9a6..ce1b23258 100644
--- a/stix_shifter/scripts/supported_property_exporter.py
+++ b/stix_shifter/scripts/supported_property_exporter.py
@@ -17,7 +17,7 @@
     "cbcloud": "Carbon Black Cloud", 
     "elastic_ecs": "Elasticsearch ECS", 
     "msatp": "Microsoft Defender for Endpoint",
-    "security_advisor": "IBM Cloud Security Advisor",
+    # "security_advisor": "IBM Cloud Security Advisor",
     "guardium": "IBM Guardium Data Protection",
     "aws_cloud_watch_logs": "Amazon CloudWatch Logs",
     "azure_sentinel": "Microsoft Azure Sentinel",
@@ -31,10 +31,30 @@
     "sumologic": "Sumo Logic",
     "datadog": "Datadog",
     "proofpoint": "Proofpoint (SIEM API)",
-    "infoblox": "Infoblox BloxOne Threat Defense",
+    # "infoblox": "Infoblox BloxOne Threat Defense",
     "cybereason": "Cybereason"
 }
 
+STIX_OPERATORS ={
+    "ComparisonExpressionOperators.And": "AND",
+    "ComparisonExpressionOperators.Or": "OR",
+    "ComparisonComparators.GreaterThan": ">",
+    "ComparisonComparators.GreaterThanOrEqual": ">=",
+    "ComparisonComparators.LessThan": "<",
+    "ComparisonComparators.LessThanOrEqual": "<=",
+    "ComparisonComparators.Equal": "=",
+    "ComparisonComparators.NotEqual": "!=",
+    "ComparisonComparators.Like": "LIKE",
+    "ComparisonComparators.In": "IN",
+    "ComparisonComparators.Matches": "MATCHES",
+    "ComparisonComparators.IsSubSet": "ISSUBSET",
+    "ComparisonComparators.IsSuperSet": "ISSUPERSET",
+    "ComparisonComparators.Exists": "EXISTS",
+    "ObservationOperators.Or": "OR",
+    "ObservationOperators.And": "AND",
+    "ObservationOperators.FollowedBy": "FOLLOWEDBY"
+}
+
 now = datetime.now()
 UPDATED_AT = now.strftime("%D")
 
@@ -57,8 +77,12 @@ def __main__():
     for index, (key, module) in enumerate(CONNECTORS.items()):
         try:
             filepath = path.abspath(path.join(TRANSLATION_MODULE_PATH, key, "stix_translation/json", "to_stix_map.json"))    
-            json_file = open(filepath)
-            loaded_json = json.loads(json_file.read())
+            to_stix_json_file = open(filepath)
+            loaded_to_stix_json = json.loads(to_stix_json_file.read())
+            filepath = path.abspath(path.join(TRANSLATION_MODULE_PATH, key, "stix_translation/json", "operators.json")) 
+            operators_json_file = open(filepath)   
+            loaded_operators_json = json.loads(operators_json_file.read())
+
         except(Exception):
             print("Error for {} module".format(key))
             continue
@@ -70,12 +94,13 @@ def __main__():
                 fields_json_file = open(fields_filepath)
                 loaded_fields_json = json.loads(fields_json_file.read())
                 aliased_data_fields = loaded_fields_json.get('default') # array of fields
+                fields_json_file.close()
             except(Exception):
                 print("Error for {} module".format(key))
                 continue
         
-        stix_attribute_collection = _parse_attributes(loaded_json, key, {})
-        json_file.close()
+        stix_attribute_collection = _parse_attributes(loaded_to_stix_json, key, {})
+        stix_operator_collection = _parse_operators(loaded_operators_json, {})
         supported_stix_file_path = path.abspath(path.join(ADAPTER_GUIDE_PATH, "connectors", "{}_supported_stix.md".format(key)))
         supported_stix_file = open(supported_stix_file_path, "w")
         
@@ -83,18 +108,26 @@ def __main__():
         output_string += "##### Updated on " + UPDATED_AT + "\n"
         output_string += "## " + module + "\n"
         table_of_contents += "- [{}]({})\n".format(module, "connectors/{}_supported_stix.md".format(key))
-        sorted_objects = json.dumps(stix_attribute_collection, sort_keys=True)
-        sorted_objects = json.loads(sorted_objects)
+        output_string += "### Supported STIX Operators\n"
+        output_string += "| STIX Operator | Data Source Operator |\n"
+        output_string += "|--|--|\n"
+        for stix_operator, ds_operator in stix_operator_collection.items():
+            output_string += "| {} | {} |\n".format(stix_operator, ds_operator)
+        output_string += "| <br> | |\n"
+        operators_json_file.close()
+        sorted_attribute_objects = json.dumps(stix_attribute_collection, sort_keys=True)
+        sorted_attribute_objects = json.loads(sorted_attribute_objects)
+        output_string += "### Supported STIX Objects and Properties\n"
         output_string += "| STIX Object | STIX Property | Data Source Field |\n"
         output_string += "|--|--|--|\n"
-        for stix_object, property_list in sorted_objects.items():
+        for stix_object, property_list in sorted_attribute_objects.items():
             for index, prop in enumerate(property_list):
                 stix_property, data_field = prop.split(":")
                 if aliased_data_fields:
                     data_field = _get_data_field(data_field, aliased_data_fields)
                 output_string += "| {} | {} | {} |\n".format(stix_object, stix_property, data_field)
             output_string += "| <br> | | |\n"
-
+        to_stix_json_file.close()
         supported_stix_file.write(output_string)
         supported_stix_file.close()
     table_of_contents_file.write(table_of_contents)
@@ -141,6 +174,11 @@ def _parse_attributes(element, module, stix_attribute_collection, data_source_fi
     # print("COLLECTION {}".format(stix_attribute_collection))
     return stix_attribute_collection
 
+def _parse_operators(element, operator_collection):
+    for key, value in element.items():
+        operator_collection[STIX_OPERATORS[key]] = value
+    return operator_collection
+
 
 
 if __name__ == "__main__":