diff --git a/docs/supported-mappings.md b/docs/supported-mappings.md
index a301ed8f3..3c23490f3 100644
--- a/docs/supported-mappings.md
+++ b/docs/supported-mappings.md
@@ -1,7 +1,6 @@
 # Currently supported STIX objects and properties
 
 Each connector supports a set of STIX objects and properties as defined in the connector's mapping files. There is also a set of common STIX properties that all cyber observable objects must contain. See [STIX™ Version 2.0. Part 4: Cyber Observable Objects](http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part4-cyber-observable-objects.html) for more information on STIX objects.
-
 ## Common cyber observable properties
 
 - created
@@ -14,33 +13,36 @@ Each connector supports a set of STIX objects and properties as defined in the c
 
 Stix-shifter currently offers connector support for the following cybersecurity products. Click on a data source to see a list of STIX attributes and properties it supports.
 
-- [IBM QRadar](../stix_shifter_modules/qradar/qradar_supported_stix.md)
-- [Splunk Enterprise Security](../stix_shifter_modules/splunk/splunk_supported_stix.md)
-- [HCL BigFix](../stix_shifter_modules/bigfix/bigfix_supported_stix.md)
-- [Carbon Black CB Response](../stix_shifter_modules/carbonblack/carbonblack_supported_stix.md)
-- [Carbon Black Cloud](../stix_shifter_modules/cbcloud/cbcloud_supported_stix.md)
-- [Elasticsearch ECS](../stix_shifter_modules/elastic_ecs/elastic_ecs_supported_stix.md)
-- [Microsoft Defender for Endpoint](../stix_shifter_modules/msatp/msatp_supported_stix.md)
-- [IBM Guardium Data Protection](../stix_shifter_modules/guardium/guardium_supported_stix.md)
-- [Amazon CloudWatch Logs](../stix_shifter_modules/aws_cloud_watch_logs/aws_cloud_watch_logs_supported_stix.md)
-- [Microsoft Graph Security](../stix_shifter_modules/azure_sentinel/azure_sentinel_supported_stix.md)
 - [Alertflex](../stix_shifter_modules/alertflex/alertflex_supported_stix.md)
 - [Micro Focus ArcSight](../stix_shifter_modules/arcsight/arcsight_supported_stix.md)
 - [Amazon Athena](../stix_shifter_modules/aws_athena/aws_athena_supported_stix.md)
+- [Amazon CloudWatch Logs](../stix_shifter_modules/aws_cloud_watch_logs/aws_cloud_watch_logs_supported_stix.md)
+- [Amazon GuardDuty](../stix_shifter_modules/aws_guardduty/aws_guardduty_supported_stix.md)
+- [Azure Log Analytics](../stix_shifter_modules/azure_log_analytics/azure_log_analytics_supported_stix.md)
+- [Microsoft Graph Security](../stix_shifter_modules/azure_sentinel/azure_sentinel_supported_stix.md)
+- [HCL BigFix](../stix_shifter_modules/bigfix/bigfix_supported_stix.md)
+- [Carbon Black CB Response](../stix_shifter_modules/carbonblack/carbonblack_supported_stix.md)
+- [Carbon Black Cloud](../stix_shifter_modules/cbcloud/cbcloud_supported_stix.md)
+- [Cisco Secure Email](../stix_shifter_modules/cisco_secure_email/cisco_secure_email_supported_stix.md)
 - [CrowdStrike Falcon](../stix_shifter_modules/crowdstrike/crowdstrike_supported_stix.md)
-- [Trend Micro Vision One](../stix_shifter_modules/trendmicro_vision_one/trendmicro_vision_one_supported_stix.md)
-- [OneLogin](../stix_shifter_modules/onelogin/onelogin_supported_stix.md)
-- [IBM Security Verify Privilege Vault](../stix_shifter_modules/secretserver/secretserver_supported_stix.md)
-- [Sumo Logic](../stix_shifter_modules/sumologic/sumologic_supported_stix.md)
-- [Datadog](../stix_shifter_modules/datadog/datadog_supported_stix.md)
-- [Proofpoint (SIEM API)](../stix_shifter_modules/proofpoint/proofpoint_supported_stix.md)
 - [Cybereason](../stix_shifter_modules/cybereason/cybereason_supported_stix.md)
-- [PaloAlto Cortex XDR](../stix_shifter_modules/paloalto/paloalto_supported_stix.md)
-- [SentinelOne](../stix_shifter_modules/sentinelone/sentinelone_supported_stix.md)
-- [IBM Security QRadar EDR](../stix_shifter_modules/reaqta/reaqta_supported_stix.md)
 - [Darktrace](../stix_shifter_modules/darktrace/darktrace_supported_stix.md)
-- [Red Hat Advanced Cluster Security for Kubernetes (StackRox)](../stix_shifter_modules/rhacs/rhacs_supported_stix.md)
-- [IBM Security Verify](../stix_shifter_modules/ibm_security_verify/ibm_security_verify_supported_stix.md)
+- [Datadog](../stix_shifter_modules/datadog/datadog_supported_stix.md)
+- [Elasticsearch ECS](../stix_shifter_modules/elastic_ecs/elastic_ecs_supported_stix.md)
 - [GCP Chronicle](../stix_shifter_modules/gcp_chronicle/gcp_chronicle_supported_stix.md)
-- [Azure Log Analytics](../stix_shifter_modules/azure_log_analytics/azure_log_analytics_supported_stix.md)
+- [IBM Guardium Data Protection](../stix_shifter_modules/guardium/guardium_supported_stix.md)
+- [IBM Security Verify](../stix_shifter_modules/ibm_security_verify/ibm_security_verify_supported_stix.md)
+- [Microsoft Defender for Endpoint](../stix_shifter_modules/msatp/msatp_supported_stix.md)
 - [Okta](../stix_shifter_modules/okta/okta_supported_stix.md)
+- [OneLogin](../stix_shifter_modules/onelogin/onelogin_supported_stix.md)
+- [PaloAlto Cortex XDR](../stix_shifter_modules/paloalto/paloalto_supported_stix.md)
+- [Proofpoint (SIEM API)](../stix_shifter_modules/proofpoint/proofpoint_supported_stix.md)
+- [IBM QRadar](../stix_shifter_modules/qradar/qradar_supported_stix.md)
+- [IBM Security QRadar EDR](../stix_shifter_modules/reaqta/reaqta_supported_stix.md)
+- [Red Hat Advanced Cluster Security for Kubernetes](../stix_shifter_modules/rhacs/rhacs_supported_stix.md)
+- [IBM Security Verify Privilege Vault](../stix_shifter_modules/secretserver/secretserver_supported_stix.md)
+- [SentinelOne](../stix_shifter_modules/sentinelone/sentinelone_supported_stix.md)
+- [Splunk Enterprise Security](../stix_shifter_modules/splunk/splunk_supported_stix.md)
+- [Sumo Logic](../stix_shifter_modules/sumologic/sumologic_supported_stix.md)
+- [Trend Micro Vision One](../stix_shifter_modules/trendmicro_vision_one/trendmicro_vision_one_supported_stix.md)
+- [Vectra NDR](../stix_shifter_modules/vectra/vectra_supported_stix.md)
diff --git a/stix_shifter/scripts/supported_property_exporter.py b/stix_shifter/scripts/supported_property_exporter.py
index d7547ff4a..b44760059 100644
--- a/stix_shifter/scripts/supported_property_exporter.py
+++ b/stix_shifter/scripts/supported_property_exporter.py
@@ -11,43 +11,46 @@
 current_dir = path.abspath(path.dirname(__file__))
 
 CONNECTOR_MODULE_PATH = path.abspath(path.join(current_dir, "../../stix_shifter_modules"))
-ADAPTER_GUIDE_PATH = path.abspath(path.join(current_dir, '../../adapter-guide'))
+TABLE_CONTENTS_PATH = path.abspath(path.join(current_dir, '../../docs/supported-mappings.md'))
 
 # Add new connectors to this dictionary as they become available. The key must match the name of the translation module.
 # Comment out any connectors you wish to ommit.
 SCO_CONNECTORS = {
-    "qradar": "IBM QRadar", 
-    "splunk": "Splunk Enterprise Security", 
-    "bigfix": "HCL BigFix", 
-    "carbonblack": "Carbon Black CB Response",
-    "cbcloud": "Carbon Black Cloud", 
-    "elastic_ecs": "Elasticsearch ECS", 
-    "msatp": "Microsoft Defender for Endpoint",
-    # "security_advisor": "IBM Cloud Security Advisor",
-    "guardium": "IBM Guardium Data Protection",
-    "aws_cloud_watch_logs": "Amazon CloudWatch Logs",
-    # "azure_sentinel": "Microsoft Graph Security",
     "alertflex": "Alertflex",
     "arcsight": "Micro Focus ArcSight",
     "aws_athena": "Amazon Athena",
+    "aws_cloud_watch_logs": "Amazon CloudWatch Logs",
+    "aws_guardduty": "Amazon GuardDuty",
+    "azure_log_analytics": "Azure Log Analytics",
+    "azure_sentinel": "Microsoft Graph Security", #
+    "bigfix": "HCL BigFix",
+    "carbonblack": "Carbon Black CB Response",
+    "cbcloud": "Carbon Black Cloud", 
+    "cisco_secure_email": "Cisco Secure Email",
     "crowdstrike": 'CrowdStrike Falcon',
-    "trendmicro_vision_one": "Trend Micro Vision One",
-    "onelogin": "OneLogin",
-    "secretserver": "IBM Security Verify Privilege Vault",
-    "sumologic": "Sumo Logic",
+    "cybereason": "Cybereason",
+    "darktrace": "Darktrace",
     "datadog": "Datadog",
-    "proofpoint": "Proofpoint (SIEM API)",
+    "elastic_ecs": "Elasticsearch ECS",
+    "gcp_chronicle": "GCP Chronicle",
+    "guardium": "IBM Guardium Data Protection",
+    "ibm_security_verify": "IBM Security Verify",
     # "infoblox": "Infoblox BloxOne Threat Defense",
-    "cybereason": "Cybereason",
+    "msatp": "Microsoft Defender for Endpoint",
+    "okta": "Okta",
+    "onelogin": "OneLogin",
     "paloalto": "PaloAlto Cortex XDR",
-    "sentinelone": "SentinelOne",
+    "proofpoint": "Proofpoint (SIEM API)",
+    "qradar": "IBM QRadar",
     "reaqta": "IBM Security QRadar EDR",
-    "darktrace": "Darktrace",
-    "rhacs": "Red Hat Advanced Cluster Security for Kubernetes (StackRox)",
-    "ibm_security_verify": "IBM Security Verify",
-    "gcp_chronicle": "GCP Chronicle",
-    "azure_log_analytics": "Azure Log Analytics",
-    "okta": "Okta"
+    "rhacs": "Red Hat Advanced Cluster Security for Kubernetes",
+    "secretserver": "IBM Security Verify Privilege Vault",
+    # "security_advisor": "IBM Cloud Security Advisor",
+    "sentinelone": "SentinelOne",
+    "splunk": "Splunk Enterprise Security",
+    "sumologic": "Sumo Logic",
+    "trendmicro_vision_one": "Trend Micro Vision One",
+    "vectra": "Vectra NDR"
 }
 
 SDO_CONNECTORS = {
@@ -64,23 +67,28 @@
 
 DEFAULT_DIALECT = "default"
 
-DIALECTS = {
-    "qradar": ["events", "flows"],
+FROM_STIX_DIALECTS = {
     "aws_athena": ["guardduty", "ocsf", "vpcflow"],
     "aws_cloud_watch_logs": ["guardduty", "vpcflow"],
+    "azure_log_analytics": ["SecurityAlert", "SecurityEvent", "SecurityIncident"],
+    "azure_sentinel": ["alert", "alertV2"],
     "datadog": ["events", "processes"],
+    "elastic_ecs": [DEFAULT_DIALECT, "beats"],
     "guardium": ["qsearch", "report"],
     "infoblox": ["dnsEventData", "dossierData", "tideDbData"],
     "paloalto": ["xdr_data"],
+    "qradar": ["events", "flows"],
     "secretserver": ["event"],
-    "trendmicro_vision_one": ["endpointActivityData", "messageActivityData"],
-    "azure_log_analytics": ["SecurityAlert", "SecurityEvent", "SecurityIncident"],
-    "elastic_ecs": [DEFAULT_DIALECT, "beats"]
+    "trendmicro_vision_one": ["endpointActivityData", "messageActivityData"]
+}
+
+TO_STIX_DIALECTS = {
+    "aws_athena" : ["guardduty", "ocsf", "vpcflow"]
 }
 
 STIX_OPERATORS = {
-    "ComparisonExpressionOperators.And": "AND (Comparision)",
-    "ComparisonExpressionOperators.Or": "OR (Comparision)",
+    "ComparisonExpressionOperators.And": "AND (Comparison)",
+    "ComparisonExpressionOperators.Or": "OR (Comparison)",
     "ComparisonComparators.GreaterThan": ">",
     "ComparisonComparators.GreaterThanOrEqual": ">=",
     "ComparisonComparators.LessThan": "<",
@@ -125,8 +133,8 @@ def __main__():
     table_of_contents += "## Supported data sources\n\n"
     table_of_contents += "Stix-shifter currently offers connector support for the following cybersecurity products. Click on a data source to see a list of STIX attributes and properties it supports.\n\n"
 
-    table_of_contents_file_path = path.abspath(path.join(ADAPTER_GUIDE_PATH, "supported-mappings.md"))
-    table_of_contents_file = open(table_of_contents_file_path, "w")
+    # table_of_contents_file_path = TABLE_CONTENTS_PATH
+    table_of_contents_file = open(TABLE_CONTENTS_PATH, "w")
 
     for _, (key, module) in enumerate(CONNECTORS.items()):
 
@@ -168,8 +176,8 @@ def __main__():
         try:
             # TODO: Dynamically fetch dialects and wrap in loop to capture all dialects
             dialects = [DEFAULT_DIALECT]
-            if key in DIALECTS:
-                dialects = DIALECTS[key]
+            if key in FROM_STIX_DIALECTS:
+                dialects = FROM_STIX_DIALECTS[key]
             for dialect in dialects:
                 if dialect == DEFAULT_DIALECT:
                     dialect = ""
@@ -188,10 +196,23 @@ def __main__():
         # TO-STIX 
         if not args.sdo:
             try:
-                filepath = path.abspath(path.join(CONNECTOR_MODULE_PATH, key, "stix_translation/json", "to_stix_map.json"))    
-                to_stix_json_file = open(filepath) 
-                output_string = _generate_to_stix_table(key, to_stix_json_file, data_field_alias_mapping, output_string)
-                to_stix_json_file.close()
+
+                dialects = [DEFAULT_DIALECT]
+                if key in TO_STIX_DIALECTS:
+                    dialects = TO_STIX_DIALECTS[key]
+                for dialect in dialects:
+                    if dialect == DEFAULT_DIALECT:
+                        dialect = ""
+                        output_string += "### Supported STIX Objects and Properties for Query Results\n"
+                        filepath = path.abspath(path.join(CONNECTOR_MODULE_PATH, key, "stix_translation/json", "to_stix_map.json"))
+                    else:
+                        output_string += "### Supported STIX Objects and Properties for Query Results from {} dialect\n".format(dialect.capitalize())
+                        filepath = path.abspath(path.join(CONNECTOR_MODULE_PATH, key, "stix_translation/json", "{}to_stix_map.json".format(dialect + "_")))
+
+                    # filepath = path.abspath(path.join(CONNECTOR_MODULE_PATH, key, "stix_translation/json", "to_stix_map.json"))    
+                    to_stix_json_file = open(filepath) 
+                    output_string = _generate_to_stix_table(key, to_stix_json_file, data_field_alias_mapping, output_string)
+                    to_stix_json_file.close()
             except Exception as e:
                 print("Error constructing to-STIX mapping table for {} module: {}".format(key, e))
                 continue
@@ -257,7 +278,7 @@ def _generate_to_stix_table(key, to_stix_json_file, data_field_alias_mapping, ou
     stix_attribute_collection = _parse_attributes(loaded_to_stix_json, key, {})
     sorted_attribute_objects = json.dumps(stix_attribute_collection, sort_keys=True)
     sorted_attribute_objects = json.loads(sorted_attribute_objects)
-    output_string += "### Supported STIX Objects and Properties for Query Results\n"
+    # output_string += "### Supported STIX Objects and Properties for Query Results\n"
     output_string += "| STIX Object | STIX Property | Data Source Field |\n"
     output_string += "|--|--|--|\n"
     for stix_object, property_list in sorted_attribute_objects.items():
diff --git a/stix_shifter_modules/alertflex/alertflex_supported_stix.md b/stix_shifter_modules/alertflex/alertflex_supported_stix.md
index e89964861..a484ae522 100644
--- a/stix_shifter_modules/alertflex/alertflex_supported_stix.md
+++ b/stix_shifter_modules/alertflex/alertflex_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Alertflex
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | > |
 | >= | >= |
 | < | < |
diff --git a/stix_shifter_modules/arcsight/arcsight_supported_stix.md b/stix_shifter_modules/arcsight/arcsight_supported_stix.md
index 6b78938c7..f08403576 100644
--- a/stix_shifter_modules/arcsight/arcsight_supported_stix.md
+++ b/stix_shifter_modules/arcsight/arcsight_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Micro Focus ArcSight
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | > |
 | >= | >= |
 | < | < |
diff --git a/stix_shifter_modules/aws_athena/aws_athena_supported_stix.md b/stix_shifter_modules/aws_athena/aws_athena_supported_stix.md
index 0aa923777..fdefd8172 100644
--- a/stix_shifter_modules/aws_athena/aws_athena_supported_stix.md
+++ b/stix_shifter_modules/aws_athena/aws_athena_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Amazon Athena
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | > |
 | >= | >= |
 | < | < |
@@ -311,29 +311,27 @@
 ### Searchable STIX objects and properties for Vpcflow dialect
 | STIX Object and Property | Mapped Data Source Fields |
 |--|--|
-| **ipv4-addr**:value | sourceaddress, destinationaddress |
-| **ipv4-addr**:x_aws_interface_id | interfaceId |
-| **ipv6-addr**:value | sourceaddress, destinationaddress |
-| **ipv6-addr**:x_aws_interface_id | interfaceid |
-| **network-traffic**:src_port | sourceport |
-| **network-traffic**:dst_port | destinationport |
-| **network-traffic**:src_ref.value | sourceaddress |
-| **network-traffic**:dst_ref.value | destinationaddress |
+| **ipv4-addr**:value | srcaddr, dstaddr |
+| **ipv4-addr**:x_aws_interface_id | interface_id |
+| **ipv6-addr**:value | srcaddr, dstaddr |
+| **ipv6-addr**:x_aws_interface_id | interface_id |
+| **network-traffic**:src_port | srcport |
+| **network-traffic**:dst_port | dstport |
+| **network-traffic**:src_ref.value | srcaddr |
+| **network-traffic**:dst_ref.value | dstaddr |
 | **network-traffic**:protocols[*] | protocol |
 | **network-traffic**:start | starttime |
 | **network-traffic**:end | endtime |
 | **x-aws-details**:account_id | account |
 | **x-ibm-finding**:finding_type | action |
-| **x-ibm-finding**:src_ip_ref.value | sourceaddress |
-| **x-ibm-finding**:dst_ip_ref.value | destinationaddress |
+| **x-ibm-finding**:src_ip_ref.value | srcaddr |
+| **x-ibm-finding**:dst_ip_ref.value | dstaddr |
 | **x-ibm-finding**:start | starttime |
 | **x-ibm-finding**:end | endtime |
 | <br> | |
-### Supported STIX Objects and Properties for Query Results
+### Supported STIX Objects and Properties for Query Results from Guardduty dialect
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
-| directory | path | parent_folder |
-| <br> | | |
 | domain-name | resolves_to_refs | resource_instancedetails_networkinterfaces_0_privateipaddress |
 | domain-name | resolves_to_refs | resource_instancedetails_networkinterfaces_0_publicip |
 | domain-name | value | resource_instancedetails_networkinterfaces_0_privatednsname |
@@ -344,6 +342,84 @@
 | domain-name | resolves_to_refs | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
 | domain-name | value | service_action_dnsrequestaction_domain |
 | <br> | | |
+| ipv4-addr | value | resource_instancedetails_networkinterfaces_0_privateipaddress |
+| ipv4-addr | x_aws_interface_id | resource_instancedetails_networkinterfaces_0_privateipaddress |
+| ipv4-addr | x_aws_ip_type | resource_instancedetails_networkinterfaces_0_privateipaddress |
+| ipv4-addr | value | resource_instancedetails_networkinterfaces_0_publicip |
+| ipv4-addr | x_aws_interface_id | resource_instancedetails_networkinterfaces_0_publicip |
+| ipv4-addr | x_aws_ip_type | resource_instancedetails_networkinterfaces_0_publicip |
+| ipv4-addr | value | resource_instancedetails_networkinterfaces_1_privateipaddress |
+| ipv4-addr | x_aws_interface_id | resource_instancedetails_networkinterfaces_1_privateipaddress |
+| ipv4-addr | x_aws_ip_type | resource_instancedetails_networkinterfaces_1_privateipaddress |
+| ipv4-addr | value | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
+| ipv4-addr | x_aws_remote_city_name | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
+| ipv4-addr | x_aws_remote_country_name | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
+| ipv4-addr | value | portprobe_resource_instancedetails_networkinterfaces_0_privateipaddress |
+| ipv4-addr | x_aws_interface_id | portprobe_resource_instancedetails_networkinterfaces_0_privateipaddress |
+| ipv4-addr | x_aws_ip_type | portprobe_resource_instancedetails_networkinterfaces_0_privateipaddress |
+| ipv4-addr | value | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
+| ipv4-addr | x_aws_remote_city_name | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
+| ipv4-addr | x_aws_remote_country_name | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
+| ipv4-addr | value | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
+| ipv4-addr | x_aws_remote_city_name | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
+| ipv4-addr | x_aws_remote_country_name | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
+| ipv4-addr | value | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
+| ipv4-addr | x_aws_interface_id | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
+| ipv4-addr | x_aws_ip_type | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
+| <br> | | |
+| ipv6-addr | value | resource_instancedetails_networkinterfaces_0_ipv6addresses_0 |
+| ipv6-addr | x_aws_interface_id | resource_instancedetails_networkinterfaces_0_ipv6addresses_0 |
+| <br> | | |
+| network-traffic | src_ref | resource_instancedetails_networkinterfaces_0_privateipaddress |
+| network-traffic | dst_ref | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
+| network-traffic | src_port | service_action_networkconnectionaction_localportdetails_port |
+| network-traffic | dst_port | service_action_networkconnectionaction_remoteportdetails_port |
+| network-traffic | protocols | service_action_networkconnectionaction_protocol |
+| <br> | | |
+| software | name | resource_instancedetails_platform |
+| <br> | | |
+| user-account | user_id | resource_accesskeydetails_principalid |
+| user-account | account_login | resource_accesskeydetails_username |
+| <br> | | |
+| x-aws-api | access_key_id | resource_accesskeydetails_accesskeyid |
+| x-aws-api | api | service_action_awsapicallaction_api |
+| x-aws-api | service_name | service_action_awsapicallaction_servicename |
+| <br> | | |
+| x-aws-details | account_id | accountid |
+| x-aws-details | region | region |
+| <br> | | |
+| x-aws-instance | image_id | resource_instancedetails_imageid |
+| x-aws-instance | instance_id | resource_instancedetails_instanceid |
+| x-aws-instance | availability_zone | resource_instancedetails_availabilityzone |
+| <br> | | |
+| x-aws-vpc | subnet_id | resource_instancedetails_networkinterfaces_0_subnetid |
+| x-aws-vpc | vpc_id | resource_instancedetails_networkinterfaces_0_vpcid |
+| x-aws-vpc | security_group_id | resource_instancedetails_networkinterfaces_0_securitygroups_0_groupid |
+| x-aws-vpc | security_group_name | resource_instancedetails_networkinterfaces_0_securitygroups_0_groupname |
+| <br> | | |
+| x-ibm-finding | src_ip_ref | resource_instancedetails_networkinterfaces_0_privateipaddress |
+| x-ibm-finding | dst_ip_ref | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
+| x-ibm-finding | dst_geolocation | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
+| x-ibm-finding | src_ip_ref | portprobe_resource_instancedetails_networkinterfaces_0_privateipaddress |
+| x-ibm-finding | dst_ip_ref | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
+| x-ibm-finding | dst_geolocation | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
+| x-ibm-finding | probe_port | service_action_portprobeaction_portprobedetails_0_localportdetails_port |
+| x-ibm-finding | dst_ip_ref | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
+| x-ibm-finding | dst_geolocation | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
+| x-ibm-finding | src_ip_ref | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
+| x-ibm-finding | severity | severity |
+| x-ibm-finding | name | title |
+| x-ibm-finding | finding_type | type |
+| x-ibm-finding | description | description |
+| x-ibm-finding | src_os_ref | resource_instancedetails_platform |
+| x-ibm-finding | start | service_eventfirstseen |
+| x-ibm-finding | end | service_eventlastseen |
+| <br> | | |
+### Supported STIX Objects and Properties for Query Results from Ocsf dialect
+| STIX Object | STIX Property | Data Source Field |
+|--|--|--|
+| directory | path | parent_folder |
+| <br> | | |
 | email-addr | value | email_addr |
 | <br> | | |
 | file | accessed | accessed_time |
@@ -373,41 +449,9 @@
 | <br> | | |
 | ipv4-addr | value | ip |
 | ipv4-addr | value | intermediate_ips |
-| ipv4-addr | value | sourceaddress |
-| ipv4-addr | x_aws_interface_id | sourceaddress |
-| ipv4-addr | value | destinationaddress |
-| ipv4-addr | value | resource_instancedetails_networkinterfaces_0_privateipaddress |
-| ipv4-addr | x_aws_interface_id | resource_instancedetails_networkinterfaces_0_privateipaddress |
-| ipv4-addr | x_aws_ip_type | resource_instancedetails_networkinterfaces_0_privateipaddress |
-| ipv4-addr | value | resource_instancedetails_networkinterfaces_0_publicip |
-| ipv4-addr | x_aws_interface_id | resource_instancedetails_networkinterfaces_0_publicip |
-| ipv4-addr | x_aws_ip_type | resource_instancedetails_networkinterfaces_0_publicip |
-| ipv4-addr | value | resource_instancedetails_networkinterfaces_1_privateipaddress |
-| ipv4-addr | x_aws_interface_id | resource_instancedetails_networkinterfaces_1_privateipaddress |
-| ipv4-addr | x_aws_ip_type | resource_instancedetails_networkinterfaces_1_privateipaddress |
-| ipv4-addr | value | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
-| ipv4-addr | x_aws_remote_city_name | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
-| ipv4-addr | x_aws_remote_country_name | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
-| ipv4-addr | value | portprobe_resource_instancedetails_networkinterfaces_0_privateipaddress |
-| ipv4-addr | x_aws_interface_id | portprobe_resource_instancedetails_networkinterfaces_0_privateipaddress |
-| ipv4-addr | x_aws_ip_type | portprobe_resource_instancedetails_networkinterfaces_0_privateipaddress |
-| ipv4-addr | value | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
-| ipv4-addr | x_aws_remote_city_name | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
-| ipv4-addr | x_aws_remote_country_name | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
-| ipv4-addr | value | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
-| ipv4-addr | x_aws_remote_city_name | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
-| ipv4-addr | x_aws_remote_country_name | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
-| ipv4-addr | value | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
-| ipv4-addr | x_aws_interface_id | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
-| ipv4-addr | x_aws_ip_type | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
 | <br> | | |
 | ipv6-addr | value | ip |
 | ipv6-addr | value | intermediate_ips |
-| ipv6-addr | value | sourceaddress |
-| ipv6-addr | x_aws_interface_id | sourceaddress |
-| ipv6-addr | value | destinationaddress |
-| ipv6-addr | value | resource_instancedetails_networkinterfaces_0_ipv6addresses_0 |
-| ipv6-addr | x_aws_interface_id | resource_instancedetails_networkinterfaces_0_ipv6addresses_0 |
 | <br> | | |
 | network-traffic | src_port | port |
 | network-traffic | src_ref | ip |
@@ -428,18 +472,6 @@
 | network-traffic | dst_byte_count | bytes_in |
 | network-traffic | src_byte_count | bytes_out |
 | network-traffic | extensions.x-network-ext.bytes | bytes |
-| network-traffic | src_ref | sourceaddress |
-| network-traffic | dst_ref | destinationaddress |
-| network-traffic | src_port | sourceport |
-| network-traffic | dst_port | destinationport |
-| network-traffic | protocols | protocol |
-| network-traffic | start | starttime |
-| network-traffic | end | endtime |
-| network-traffic | src_ref | resource_instancedetails_networkinterfaces_0_privateipaddress |
-| network-traffic | dst_ref | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
-| network-traffic | src_port | service_action_networkconnectionaction_localportdetails_port |
-| network-traffic | dst_port | service_action_networkconnectionaction_remoteportdetails_port |
-| network-traffic | protocols | service_action_networkconnectionaction_protocol |
 | <br> | | |
 | process | command_line | cmd_line |
 | process | created | created_time |
@@ -470,7 +502,6 @@
 | software | extensions.x-ocsf-product-ext.product_uid | uid |
 | software | vendor | vendor_name |
 | software | version | version |
-| software | name | resource_instancedetails_platform |
 | <br> | | |
 | url | value | url |
 | <br> | | |
@@ -509,25 +540,6 @@
 | user-account | user_id | uid |
 | user-account | extensions.x-accessor-ext.uuid | uuid |
 | user-account | creator_user_ref | uid |
-| user-account | user_id | resource_accesskeydetails_principalid |
-| user-account | account_login | resource_accesskeydetails_username |
-| <br> | | |
-| x-aws-api | access_key_id | resource_accesskeydetails_accesskeyid |
-| x-aws-api | api | service_action_awsapicallaction_api |
-| x-aws-api | service_name | service_action_awsapicallaction_servicename |
-| <br> | | |
-| x-aws-details | account_id | account |
-| x-aws-details | account_id | accountid |
-| x-aws-details | region | region |
-| <br> | | |
-| x-aws-instance | image_id | resource_instancedetails_imageid |
-| x-aws-instance | instance_id | resource_instancedetails_instanceid |
-| x-aws-instance | availability_zone | resource_instancedetails_availabilityzone |
-| <br> | | |
-| x-aws-vpc | subnet_id | resource_instancedetails_networkinterfaces_0_subnetid |
-| x-aws-vpc | vpc_id | resource_instancedetails_networkinterfaces_0_vpcid |
-| x-aws-vpc | security_group_id | resource_instancedetails_networkinterfaces_0_securitygroups_0_groupid |
-| x-aws-vpc | security_group_name | resource_instancedetails_networkinterfaces_0_securitygroups_0_groupname |
 | <br> | | |
 | x-ibm-finding | time_observed | _time |
 | x-ibm-finding | ttp_tagging_refs | name |
@@ -553,28 +565,6 @@
 | x-ibm-finding | severity | severity_id |
 | x-ibm-finding | src_ip_ref | ip |
 | x-ibm-finding | dst_ip_ref | ip |
-| x-ibm-finding | src_ip_ref | sourceaddress |
-| x-ibm-finding | dst_ip_ref | destinationaddress |
-| x-ibm-finding | start | starttime |
-| x-ibm-finding | end | endtime |
-| x-ibm-finding | finding_type | action |
-| x-ibm-finding | name | name |
-| x-ibm-finding | src_ip_ref | resource_instancedetails_networkinterfaces_0_privateipaddress |
-| x-ibm-finding | dst_ip_ref | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
-| x-ibm-finding | dst_geolocation | service_action_networkconnectionaction_remoteipdetails_ipaddressv4 |
-| x-ibm-finding | src_ip_ref | portprobe_resource_instancedetails_networkinterfaces_0_privateipaddress |
-| x-ibm-finding | dst_ip_ref | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
-| x-ibm-finding | dst_geolocation | service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4 |
-| x-ibm-finding | probe_port | service_action_portprobeaction_portprobedetails_0_localportdetails_port |
-| x-ibm-finding | dst_ip_ref | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
-| x-ibm-finding | dst_geolocation | service_action_awsapicallaction_remoteipdetails_ipaddressv4 |
-| x-ibm-finding | src_ip_ref | dnsrequest_resource_instancedetails_networkinterfaces_0_privateipaddress |
-| x-ibm-finding | severity | severity |
-| x-ibm-finding | finding_type | type |
-| x-ibm-finding | description | description |
-| x-ibm-finding | src_os_ref | resource_instancedetails_platform |
-| x-ibm-finding | start | service_eventfirstseen |
-| x-ibm-finding | end | service_eventlastseen |
 | <br> | | |
 | x-ibm-observables | name | name |
 | x-ibm-observables | finding_type | type |
@@ -763,3 +753,31 @@
 | x-ocsf-vulnerabilities | title | title |
 | x-ocsf-vulnerabilities | vendor_name | vendor_name |
 | <br> | | |
+### Supported STIX Objects and Properties for Query Results from Vpcflow dialect
+| STIX Object | STIX Property | Data Source Field |
+|--|--|--|
+| ipv4-addr | value | srcaddr |
+| ipv4-addr | x_aws_interface_id | srcaddr |
+| ipv4-addr | value | dstaddr |
+| <br> | | |
+| ipv6-addr | value | srcaddr |
+| ipv6-addr | x_aws_interface_id | srcaddr |
+| ipv6-addr | value | dstaddr |
+| <br> | | |
+| network-traffic | src_ref | srcaddr |
+| network-traffic | dst_ref | dstaddr |
+| network-traffic | src_port | srcport |
+| network-traffic | dst_port | dstport |
+| network-traffic | protocols | protocol |
+| network-traffic | start | starttime |
+| network-traffic | end | endtime |
+| <br> | | |
+| x-aws-details | account_id | account |
+| <br> | | |
+| x-ibm-finding | src_ip_ref | srcaddr |
+| x-ibm-finding | dst_ip_ref | dstaddr |
+| x-ibm-finding | start | starttime |
+| x-ibm-finding | end | endtime |
+| x-ibm-finding | finding_type | action |
+| x-ibm-finding | name | name |
+| <br> | | |
diff --git a/stix_shifter_modules/aws_cloud_watch_logs/aws_cloud_watch_logs_supported_stix.md b/stix_shifter_modules/aws_cloud_watch_logs/aws_cloud_watch_logs_supported_stix.md
index 1fcf22d0e..b84fb487b 100644
--- a/stix_shifter_modules/aws_cloud_watch_logs/aws_cloud_watch_logs_supported_stix.md
+++ b/stix_shifter_modules/aws_cloud_watch_logs/aws_cloud_watch_logs_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Amazon CloudWatch Logs
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | > |
 | >= | >= |
 | < | < |
diff --git a/stix_shifter_modules/aws_guardduty/aws_guardduty_supported_stix.md b/stix_shifter_modules/aws_guardduty/aws_guardduty_supported_stix.md
index 03e6f6763..4f0785e34 100644
--- a/stix_shifter_modules/aws_guardduty/aws_guardduty_supported_stix.md
+++ b/stix_shifter_modules/aws_guardduty/aws_guardduty_supported_stix.md
@@ -1,5 +1,9 @@
-##### Updated on 07/11/23
-## AWS GuardDuty
+##### Updated on 10/25/23
+## Amazon GuardDuty
+### Results STIX Domain Objects
+* Identity
+* Observed Data
+<br>
 ### Supported STIX Operators
 *Comparison AND/OR operators are inside the observation while observation AND/OR operators are between observations (square brackets).*
 
@@ -16,18 +20,16 @@
 | IN | Equals |
 | OR (Observation) | or |
 | AND (Observation) | or |
-
+| <br> | |
 ### Searchable STIX objects and properties
 | STIX Object and Property | Mapped Data Source Fields |
 |--|--|
 | **ipv4-addr**:value | resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress, resource.instanceDetails.networkInterfaces.publicIp, service.action.networkConnectionAction.remoteIpDetails.ipAddressV4, service.action.awsApiCallAction.remoteIpDetails.ipAddressV4, service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4 |
 | **ipv4-addr**:x_geo_ref.country_name | service.action.networkConnectionAction.remoteIpDetails.country.countryName, service.action.awsApiCallAction.remoteIpDetails.country.countryName |
 | **ipv4-addr**:belongs_to_refs[*].number | service.action.networkConnectionAction.remoteIpDetails.organization.asn, service.action.awsApiCallAction.remoteIpDetails.organization.asn |
-| **ipv6-addr**:value| resource.instanceDetails.networkInterfaces.ipv6Addresses |
-| **autonomous-system**:number | service.action.networkConnectionAction.remoteIpDetails.organization.asn,service.action.awsApiCallAction.remoteIpDetails.organization.asn |
-| **autonomous-system**:name | service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg,service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg |
-| **x-oca-geo**:country_name | service.action.networkConnectionAction.remoteIpDetails.country.countryName, service.action.awsApiCallAction.remoteIpDetails.country.countryName |
-| **x-oca-geo**:city_name | service.action.awsApiCallAction.remoteIpDetails.city.cityName, service.action.networkConnectionAction.remoteIpDetails.city.cityName |
+| **ipv6-addr**:value | resource.instanceDetails.networkInterfaces.ipv6Addresses |
+| **autonomous-system**:number | service.action.networkConnectionAction.remoteIpDetails.organization.asn, service.action.awsApiCallAction.remoteIpDetails.organization.asn |
+| **autonomous-system**:name | service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg, service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg |
 | **network-traffic**:src_port | service.action.networkConnectionAction.localPortDetails.port |
 | **network-traffic**:dst_port | service.action.networkConnectionAction.remotePortDetails.port |
 | **network-traffic**:protocols[*] | service.action.networkConnectionAction.protocol |
@@ -48,6 +50,10 @@
 | **file**:hashes.'SHA-1' | service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash |
 | **file**:hashes.MD5 | service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash |
 | **file**:x_unknown_hash | service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash |
+| **x-oca-geo**:country_name | service.action.networkConnectionAction.remoteIpDetails.country.countryName, service.action.awsApiCallAction.remoteIpDetails.country.countryName |
+| **x-oca-geo**:city_name | service.action.awsApiCallAction.remoteIpDetails.city.cityName, service.action.networkConnectionAction.remoteIpDetails.city.cityName |
+| **x-aws-resource**:account_id | accountId |
+| **x-aws-resource**:region | region |
 | **x-aws-resource**:instance_ref.image_id | resource.instanceDetails.imageId |
 | **x-aws-resource**:s3_bucket_refs[*].name | resource.s3BucketDetails.name |
 | **x-aws-resource**:rds_database_ref.instance_id | resource.rdsDbInstanceDetails.dbInstanceIdentifier |
@@ -67,7 +73,7 @@
 | **x-aws-network-interface**:security_group_id | resource.instanceDetails.networkInterfaces.securityGroups.groupId |
 | **x-aws-network-interface**:security_group_name | resource.instanceDetails.networkInterfaces.securityGroups.groupName |
 | **x-aws-network-interface**:subnet_id | resource.instanceDetails.networkInterfaces.subnetId |
-| **x-aws-network-interface**:vpc_id  | resource.instanceDetails.networkInterfaces.vpcId |
+| **x-aws-network-interface**:vpc_id | resource.instanceDetails.networkInterfaces.vpcId |
 | **x-aws-s3-bucket**:name | resource.s3BucketDetails.name |
 | **x-aws-s3-bucket**:bucket_permission | resource.s3BucketDetails.publicAccess.effectivePermission |
 | **x-aws-s3-bucket**:tag_key | resource.s3BucketDetails.tags.key |
@@ -77,8 +83,8 @@
 | **x-aws-rds-db-instance**:engine | resource.rdsDbInstanceDetails.engine |
 | **x-aws-rds-db-instance**:instance_id | resource.rdsDbInstanceDetails.dbInstanceIdentifier |
 | **x-aws-rds-db-instance**:tag_key | resource.rdsDbInstanceDetails.tags.key |
-| **x-aws-rds-db-instance**:tag_value| resource.rdsDbInstanceDetails.tags.value |
-| **x-aws-rds-db-instance**:anomalous_login_user_ref.user_name| resource.rdsDbUserDetails.user |
+| **x-aws-rds-db-instance**:tag_value | resource.rdsDbInstanceDetails.tags.value |
+| **x-aws-rds-db-instance**:anomalous_login_user_ref.user_name | resource.rdsDbUserDetails.user |
 | **x-aws-rds-db-user**:user_name | resource.rdsDbUserDetails.user |
 | **x-aws-lambda**:function_arn | resource.lambdaDetails.functionArn |
 | **x-aws-lambda**:function_name | resource.lambdaDetails.functionName |
@@ -92,8 +98,6 @@
 | **x-aws-kubernetes-workload**:workload_namespace | resource.kubernetesDetails.kubernetesWorkloadDetails.namespace |
 | **x-aws-eks-cluster**:name | resource.eksClusterDetails.name |
 | **x-aws-ebs-volume-malware-scan**:scan_id | service.ebsVolumeScanDetails.scanId |
-| **x-aws**:account_id | accountId |
-| **x-aws**:region | region |
 | **x-ibm-finding**:confidence | confidence |
 | **x-ibm-finding**:alert_id | id |
 | **x-ibm-finding**:x_archived | service.archived |
@@ -108,415 +112,334 @@
 | **x-aws-finding-service**:action.service_name | service.action.awsApiCallAction.serviceName |
 | **x-aws-finding-service**:action.remote_ref.value | service.action.awsApiCallAction.remoteIpDetails.ipAddressV4 |
 | **x-aws-finding-service**:action.error_code | service.action.awsApiCallAction.errorCode |
-| **x-aws-finding-service**:action.is_caller_account_affiliated_to_aws | service.action.awsApiCallAction.remoteAccountDetails.affiliated |
+| **x-aws-finding-service**:action.is_caller_account_affiliated_to_aws | service.action.awsApiCallAction.RemoteAccountDetails.affiliated |
 | **x-aws-finding-service**:additional_info | service.additionalInfo.threatListName |
 | **x-aws-threat**:threat_name | service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name |
 | **x-aws-threat**:severity | service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity |
 | **x-aws-evidence**:threat_intelligence_list_name | service.additionalInfo.threatListName |
-
+| <br> | |
 ### Supported STIX Objects and Properties for Query Results
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
-| ipv4-addr | value | Resource.InstanceDetails.NetworkInterfaces.PrivateIpAddresses.PrivateIpAddress |
-| ipv4-addr | value | Resource.InstanceDetails.NetworkInterfaces.PublicIp |
-| ipv4-addr | value | Service.NetworkConnectionAction.RemoteIpDetails.IpAddressV4 |
-| ipv4-addr | value | Service.Action.PortProbeAction.PortProbeDetails.LocalIpDetails.IpAddressV4 |
-| ipv4-addr | value | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.IpAddressV4 |
-| ipv4-addr | value | Service.Action.NetworkConnectionAction.RemoteIpDetails.IpAddressV4 |
-| ipv4-addr | value | Service.Action.KubernetesApiCallAction.RemoteIpDetails.IpAddressV4 |
-| ipv4-addr | value | Service.Action.KubernetesApiCallAction.SourceIPs |
-| ipv4-addr | value | Service.Action.AwsApiCallAction.RemoteIpDetails.IpAddressV4 |
-| ipv4-addr | value | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.IpAddressV4 |
-| ipv4-addr | belongs_to_refs | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.Organization.Asn |
-| ipv4-addr | belongs_to_refs | Service.Action.AwsApiCallAction.RemoteIpDetails.Organization.Asn|
-| ipv4-addr | belongs_to_refs | Service.Action.NetworkConnectionAction.RemoteIpDetails.Organization.Asn|
-| ipv4-addr | belongs_to_refs | Service.Action.KubernetesApiCallAction.RemoteIpDetails.Organization.Asn |
-| ipv4-addr | belongs_to_refs | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.Organization.Asn|
-| ipv4-addr | x_geo_ref | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.Country.CountryName |
-| ipv4-addr | x_geo_ref | Service.Action.AwsApiCallAction.RemoteIpDetails.Country.CountryName |
-| ipv4-addr | x_geo_ref | Service.Action.NetworkConnectionAction.RemoteIpDetails.Country.CountryName |
-| ipv4-addr | x_geo_ref | Service.Action.KubernetesApiCallAction.RemoteIpDetails.Country.CountryName |
-| ipv4-addr | x_geo_ref | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.Country.CountryName |
-| ipv4-addr | x_geo_ref | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.City.CityName |
-| ipv4-addr | x_geo_ref | Service.Action.KubernetesApiCallAction.RemoteIpDetails.City.CityName |
+| autonomous-system | name | AsnOrg |
+| autonomous-system | number | Asn |
+| autonomous-system | x_isp | Isp |
+| autonomous-system | x_organisation | Org |
 | <br> | | |
-| ipv6-addr | value | Resource.InstanceDetails.NetworkInterfaces.Ipv6Addresses |
+| domain-name | value | PrivateDnsName |
+| domain-name | resolves_to_refs | PrivateIpAddress |
+| domain-name | value | PublicDnsName |
+| domain-name | resolves_to_refs | PublicIp |
+| domain-name | value | Domain |
 | <br> | | |
-| autonomous-system | number | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.Organization.Asn |
-| autonomous-system | number | Service.Action.AwsApiCallAction.RemoteIpDetails.Organization.Asn|
-| autonomous-system | number | Service.Action.NetworkConnectionAction.RemoteIpDetails.Organization.Asn|
-| autonomous-system | number | Service.Action.KubernetesApiCallAction.RemoteIpDetails.Organization.Asn |
-| autonomous-system | number | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.Organization.Asn|
-| autonomous-system | name | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.Organization.AsnOrg |
-| autonomous-system | name | Service.Action.AwsApiCallAction.RemoteIpDetails.Organization.AsnOrg |
-| autonomous-system | name | Service.Action.NetworkConnectionAction.RemoteIpDetails.Organization.AsnOrg |
-| autonomous-system | name | Service.Action.KubernetesApiCallAction.RemoteIpDetails.Organization.AsnOrg |
-| autonomous-system | name | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.Organization.AsnOrg |
-| autonomous-system | x_isp | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.Organization.Isp |
-| autonomous-system | x_isp | Service.Action.AwsApiCallAction.RemoteIpDetails.Organization.Isp |
-| autonomous-system | x_isp |  Service.Action.NetworkConnectionAction.RemoteIpDetails.Organization.Isp |
-| autonomous-system | x_isp | Service.Action.KubernetesApiCallAction.RemoteIpDetails.Organization.Isp |
-| autonomous-system | x_isp | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.Organization.Isp |
-| autonomous-system | x_organisation | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.Organization.Org |
-| autonomous-system | x_organisation | Service.Action.AwsApiCallAction.RemoteIpDetails.Organization.Org |
-| autonomous-system | x_organisation | Service.Action.NetworkConnectionAction.RemoteIpDetails.Organization.Org |
-| autonomous-system | x_organisation | Service.Action.KubernetesApiCallAction.RemoteIpDetails.Organization.Org |
-| autonomous-system | x_organisation | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.Organization.Org |
+| file | name | FileName |
+| file | x_path | FilePath |
+| file | hashes.SHA-256 | FileSha256 |
+| file | hashes.SHA-1 | FileSha1 |
+| file | hashes.MD5 | FileMd5 |
+| file | x_unknown_hash | UnknownHash |
+| file | x_volume_arn | VolumeArn |
+| file | x_path | ExecutablePath |
+| file | hashes.SHA-256 | ExecutableSha256 |
+| file | x_path | ModuleFilePath |
+| file | name | ModuleName |
+| file | hashes.SHA-256 | ModuleSha256 |
 | <br> | | |
-| x-oca-geo| country_iso_code | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.Country.CountryCode |
-| x-oca-geo| country_iso_code | Service.Action.AwsApiCallAction.RemoteIpDetails.Country.CountryCode |
-| x-oca-geo| country_iso_code | Service.Action.NetworkConnectionAction.RemoteIpDetails.Country.CountryCode |
-| x-oca-geo| country_iso_code | Service.Action.KubernetesApiCallAction.RemoteIpDetails.Country.CountryCode |
-| x-oca-geo| country_iso_code | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.Country.CountryCode |
-| x-oca-geo| country_name | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.Country.CountryName |
-| x-oca-geo| country_name | Service.Action.AwsApiCallAction.RemoteIpDetails.Country.CountryName |
-| x-oca-geo| country_name | Service.Action.NetworkConnectionAction.RemoteIpDetails.Country.CountryName |
-| x-oca-geo| country_name | Service.Action.KubernetesApiCallAction.RemoteIpDetails.Country.CountryName |
-| x-oca-geo| country_name | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.Country.CountryName |
-| x-oca-geo| city_name | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.City.CityName |
-| x-oca-geo| city_name | Service.Action.AwsApiCallAction.RemoteIpDetails.City.CityName |
-| x-oca-geo| city_name | Service.Action.NetworkConnectionAction.RemoteIpDetails.City.CityName |
-| x-oca-geo| city_name | Service.Action.KubernetesApiCallAction.RemoteIpDetails.City.CityName |
-| x-oca-geo| city_name | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.City.CityName |
-| x-oca-geo| location | Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.GeoLocation |
-| x-oca-geo| location | Service.Action.NetworkConnectionAction.RemoteIpDetails.GeoLocation |
-| x-oca-geo| location | Service.Action.KubernetesApiCallAction.RemoteIpDetails.GeoLocation |
-| x-oca-geo| location | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.GeoLocation |
-| x-oca-geo| location | Service.Action.AwsApiCallAction.RemoteIpDetails.GeoLocation |
+| ipv4-addr | value | PrivateIpAddress |
+| ipv4-addr | value | PublicIp |
+| ipv4-addr | value | IpAddressV4 |
+| ipv4-addr | belongs_to_refs | Asn |
+| ipv4-addr | x_geo_ref | CountryName |
+| ipv4-addr | x_geo_ref | CityName |
+| ipv4-addr | value | SourceIPs |
 | <br> | | |
-| network-traffic | x_is_target_port_blocked | Service.Action.DnsRequestAction.Blocked |
-| network-traffic | x_is_target_port_blocked | Service.Action.NetworkConnectionAction.Blocked |
-| network-traffic | src_ref |Service.Action.DnsRequestAction.Domain |
-| network-traffic | src_ref |Service.Action.PortProbeAction.PortProbeDetails.LocalIpDetails.IpAddressV4 |
-| network-traffic | src_ref |Service.Action.NetworkConnectionAction.LocalIpDetails.IpAddressV4 |
-| network-traffic | src_ref |Service.Action.KubernetesApiCallAction.SourceIPs |
-| network-traffic | dst_ref |Service.Action.PortProbeAction.PortProbeDetails.RemoteIpDetails.IpAddressV4 |
-| network-traffic | dst_ref |Service.Action.NetworkConnectionAction.RemoteIpDetails.IpAddressV4 |
-| network-traffic | dst_ref |Service.Action.KubernetesApiCallAction.RemoteIpDetails.IpAddressV4 |
-| network-traffic | protocols | Service.Action.DnsRequestAction.Protocol |
-| network-traffic | protocols | Service.Action.PortProbeAction.PortProbeDetails.LocalPortDetails.PortName |
-| network-traffic | protocols | Service.Action.NetworkConnectionAction.Protocol |
-| network-traffic | protocols | Service.Action.KubernetesApiCallAction.Protocol |
-| network-traffic | src_port | Service.Action.PortProbeAction.PortProbeDetails.LocalPortDetails.Port |
-| network-traffic | src_port | Service.Action.NetworkConnectionAction.LocalPortDetails.Port |
-| network-traffic | dst_port | Service.Action.NetworkConnectionAction.RemotePortDetails.Port |
-| network-traffic | x_direction | Service.Action.NetworkConnectionAction.ConnectionDirection |
-| network-traffic | x_dst_port_name | Service.Action.NetworkConnectionAction.RemotePortDetails.PortName |
-| network-traffic | x_src_port_name | Service.Action.NetworkConnectionAction.LocalPortDetails.PortName |
-| network-traffic | extensions.http-request-ext.x_parameters | Service.Action.KubernetesApiCallAction.Parameters |
-| network-traffic | extensions.http-request-ext.request_value | Service.Action.KubernetesApiCallAction.RequestUri |
-| network-traffic | extensions.http-request-ext.x_status_code | Service.Action.KubernetesApiCallAction.StatusCode |
-| network-traffic | extensions.http-request-ext.request_header.User-Agent | Service.Action.KubernetesApiCallAction.UserAgent |
-| network-traffic | extensions.http-request-ext.request_method | Service.Action.KubernetesApiCallAction.Verb |
+| ipv6-addr | value | Ipv6Addresses |
 | <br> | | |
-| user-account | user_id | Resource.AccessKeyDetails.PrincipalId |
-| user-account | user_id | Resource.KubernetesDetails.KubernetesUserDetails.Uid |
-| user-account | user_id | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.UserId |
-| user-account | user_id | Service.RuntimeDetails.Context.ModifyingProcess.UserId |
-| user-account | user_id | Service.RuntimeDetails.Context.TargetProcess.Lineage.UserId |
-| user-account | user_id | Service.RuntimeDetails.Context.TargetProcess.UserId |
-| user-account | user_id | Service.RuntimeDetails.Context.Process.Lineage.UserId |
-| user-account | user_id | Service.RuntimeDetails.Context.Process.UserId|
-| user-account | display_name | Resource.AccessKeyDetails.UserName |
-| user-account | display_name | Resource.KubernetesDetails.KubernetesUserDetails.UserName |
-| user-account | display_name | Service.RuntimeDetails.Context.ModifyingProcess.User |
-| user-account | display_name | Service.RuntimeDetails.Context.TargetProcess.User |
-| user-account | display_name | Service.RuntimeDetails.Process.User |
-| user-account | x_user_type |  Resource.AccessKeyDetails.UserType |
-| user-account | x_groups | Resource.KubernetesDetails.KubernetesUserDetails.Groups |
-| user-account | x_session_name | Resource.KubernetesDetails.KubernetesUserDetails.SessionName |
-| user-account | x_effective_user_id | Service.RuntimeDetails.Context.ModifyingProcess.Euid |
-| user-account | x_effective_user_id | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.Euid |
-| user-account | x_effective_user_id | Service.RuntimeDetails.Context.TargetProcess.Euid |
-| user-account | x_effective_user_id | Service.RuntimeDetails.Context.TargetProcess.Lineage.Euid |
-| user-account | x_effective_user_id | Service.RuntimeDetails.Process.Euid |
-| user-account | x_effective_user_id | Service.RuntimeDetails.Process.Lineage.Euid |
-| user-account | x_access_key_id | Resource.AccessKeyDetails.AccessKeyId |
+| network-traffic | x_is_target_port_blocked | Blocked |
+| network-traffic | src_ref | Domain |
+| network-traffic | protocols | Protocol |
+| network-traffic | src_ref | IpAddressV4 |
+| network-traffic | src_port | Port |
+| network-traffic | protocols | PortName |
+| network-traffic | dst_ref | IpAddressV4 |
+| network-traffic | x_direction | ConnectionDirection |
+| network-traffic | dst_port | Port |
+| network-traffic | x_dst_port_name | PortName |
+| network-traffic | x_src_port_name | PortName |
+| network-traffic | extensions.http-request-ext.x_parameters | Parameters |
+| network-traffic | extensions.http-request-ext.request_value | RequestUri |
+| network-traffic | src_ref | SourceIPs |
+| network-traffic | extensions.http-request-ext.x_status_code | StatusCode |
+| network-traffic | extensions.http-request-ext.request_header.User-Agent | UserAgent |
+| network-traffic | extensions.http-request-ext.request_method | Verb |
 | <br> | | |
-| domain-name | value | Resource.InstanceDetails.NetworkInterfaces.PublicDnsName |
-| domain-name | value | Resource.InstanceDetails.NetworkInterfaces.PrivateIpAddresses.PrivateDnsName |
-| domain-name | value | Service.Action.DnsRequestAction.Domain |
-| domain-name | value |Service.Action.AwsApiCallAction.DomainDetails.Domain |
-| domain-name | resolves_to_refs | Resource.InstanceDetails.NetworkInterfaces.PrivateIpAddresses.PrivateIpAddress |
-| domain-name | resolves_to_refs | Resource.InstanceDetails.NetworkInterfaces.PublicIp |
+| process | creator_user_ref | Euid |
+| process | binary_ref | ExecutableSha256 |
+| process | x_absolute_path | ExecutablePath |
+| process | name | Name |
+| process | pid | NamespacePid |
+| process | child_refs | NamespacePid |
+| process | x_parent_unique_id | ParentUuid |
+| process | pid | Pid |
+| process | created | StartTime |
+| process | creator_user_ref | UserId |
+| process | x_unique_id | Uuid |
+| process | x_lineage_refs | GroupModifyingProcessLineageReferences |
+| process | cwd | Pwd |
+| process | x_lineage_refs | GroupTargetProcessLineageReferences |
+| process | x_lineage_refs | GroupModifiedProcessLineageReferences |
 | <br> | | |
-| software | name | Resource.InstanceDetails.Platform |
-| software | name | Service.Action.AwsApiCallAction.UserAgent |
+| software | name | Platform |
+| software | name | UserAgent |
 | <br> | | |
-| process | name | Service.RuntimeDetails.Context.ModifyingProcess.Name |
-| process | name | Service.RuntimeDetails.Context.TargetProcess.Lineage.Name |
-| process | name | Service.RuntimeDetails.Context.TargetProcess.Name |
-| process | name | Service.RuntimeDetails.Process.Lineage.Name |
-| process | name | Service.RuntimeDetails.Process.Name |
-| process | name | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.Name |
-| process | binary_ref | Service.RuntimeDetails.Context.ModifyingProcess.ExecutableSha256 |
-| process | binary_ref | Service.RuntimeDetails.Context.TargetProcess.ExecutableSha256 |
-| process | binary_ref | Service.RuntimeDetails.Context.Process.ExecutableSha256 |
-| process | pid | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.NamespacePid |
-| process | pid | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.Pid |
-| process | pid | Service.RuntimeDetails.Context.ModifyingProcess.NamespacePid |
-| process | pid | Service.RuntimeDetails.Context.ModifyingProcess.Pid |
-| process | pid | Service.RuntimeDetails.Context.TargetProcess.Lineage.NamespacePid |
-| process | pid | Service.RuntimeDetails.Context.TargetProcess.Lineage.Pid |
-| process | pid | Service.RuntimeDetails.Context.TargetProcess.NamespacePid |
-| process | pid | Service.RuntimeDetails.Context.TargetProcess.Pid |
-| process | pid | Service.RuntimeDetails.Process.Lineage.NamespacePid |
-| process | pid | Service.RuntimeDetails.Process.Lineage.Pid |
-| process | pid | Service.RuntimeDetails.Process.NamespacePid |
-| process | pid | Service.RuntimeDetails.Process.Pid |
-| process | x_parent_unique_id | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.ParentUuid |
-| process | x_parent_unique_id | Service.RuntimeDetails.Context.ModifyingProcess.ParentUuid |
-| process | x_parent_unique_id | Service.RuntimeDetails.Context.TargetProcess.Lineage.ParentUuid |
-| process | x_parent_unique_id | Service.RuntimeDetails.Context.TargetProcess.ParentUuid |
-| process | x_parent_unique_id | Service.RuntimeDetails.Process.Lineage.ParentUuid |
-| process | x_parent_unique_id | Service.RuntimeDetails.Process.ParentUuid |
-| process | created | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.StartTime |
-| process | created | Service.RuntimeDetails.Context.ModifyingProcess.StartTime |
-| process | created | Service.RuntimeDetails.Context.TargetProcess.Lineage.StartTime |
-| process | created | Service.RuntimeDetails.Context.TargetProcess.StartTime |
-| process | created | Service.RuntimeDetails.Process.Lineage.StartTime |
-| process | created | Service.RuntimeDetails.Process.StartTime |
-| process | x_unique_id | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.Uuid |
-| process | x_unique_id | Service.RuntimeDetails.Context.ModifyingProcess.Uuid |
-| process | x_unique_id | Service.RuntimeDetails.Context.TargetProcess.Lineage.Uuid |
-| process | x_unique_id | Service.RuntimeDetails.Context.TargetProcess.Uuid |
-| process | x_unique_id | Service.RuntimeDetails.Process.Lineage.Uuid |
-| process | x_unique_id | Service.RuntimeDetails.Process.Uuid |
-| process | cwd | Service.RuntimeDetails.Context.ModifyingProcess.Pwd |
-| process | cwd | Service.RuntimeDetails.Context.TargetProcess.Pwd |
-| process | cwd |  Service.RuntimeDetails.Process.Pwd |
-| process | x_absolute_path |  Service.RuntimeDetails.Context.ModifyingProcess.Lineage.ExecutablePath |
-| process | x_absolute_path |  Service.RuntimeDetails.Context.TargetProcess.Lineage.ExecutablePath |
-| process | x_absolute_path |  Service.RuntimeDetails.Process.Lineage.ExecutablePath |
-| process | child_refs | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.NamespacePid |
-| process | child_refs | Service.RuntimeDetails.Context.ModifyingProcess.NamespacePid |
-| process | child_refs | Service.RuntimeDetails.Context.TargetProcess.Lineage.NamespacePid |
-| process | child_refs | Service.RuntimeDetails.Context.TargetProcess.NamespacePid |
-| process | child_refs | Service.RuntimeDetails.Context.Process.Lineage.NamespacePid |
-| process | child_refs | Service.RuntimeDetails.Context.Process.NamespacePid |
-| process | creator_user_ref | Service.RuntimeDetails.Context.ModifyingProcess.Euid |
-| process | creator_user_ref | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.Euid |
-| process | creator_user_ref | Service.RuntimeDetails.Context.ModifyingProcess.Lineage.UserId |
-| process | creator_user_ref | Service.RuntimeDetails.Context.ModifyingProcess.UserId |
-| process | creator_user_ref | Service.RuntimeDetails.Context.TargetProcess.Euid |
-| process | creator_user_ref | Service.RuntimeDetails.Context.TargetProcess.Lineage.Euid |
-| process | creator_user_ref | Service.RuntimeDetails.Context.TargetProcess.Lineage.UserId |
-| process | creator_user_ref | Service.RuntimeDetails.Context.TargetProcess.UserId |
-| process | creator_user_ref | Service.RuntimeDetails.Context.Process.Lineage.Euid |
-| process | creator_user_ref | Service.RuntimeDetails.Context.Process.Lineage.UserId |
-| process | creator_user_ref | Service.RuntimeDetails.Context.Process.UserId |
-| process | creator_user_ref | Service.RuntimeDetails.Context.Process.Euid |
-| <br> | 
-| file | name | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.FilePaths.FileName |
-| file | name | Service.RuntimeDetails.Context.ModuleName |
-| file | hashes.SHA-256 | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.FilePaths.FileSha256 |
-| file | hashes.SHA-256 | Service.RuntimeDetails.Context.ModifyingProcess.ExecutableSha256 |
-| file | hashes.SHA-256 | Service.RuntimeDetails.Context.ModuleSha256 |
-| file | hashes.SHA-256 | Service.RuntimeDetails.Context.TargetProcess.ExecutableSha256 |
-| file | hashes.SHA-256 | Service.RuntimeDetails.Process.ExecutableSha256 |
-| file | x_path |Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.FilePaths.FilePath |
-| file | x_path |Service.RuntimeDetails.Context.ModifyingProcess.ExecutablePath |
-| file | x_path |Service.RuntimeDetails.Context.ModuleFilePath |
-| file | x_path | Service.RuntimeDetails.Context.TargetProcess.ExecutablePath|
-| file | x_path | Service.RuntimeDetails.Context.Process.ExecutablePath|
-| file | hashes.SHA-1 | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.FilePaths.FileSha1 |
-| file | hashes.MD5 | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.FilePaths.FileMd5 |
-| file | x_unknown_hash | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.FilePaths.UnknownHash |
-| file | x_volume_arn | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.FilePaths.VolumeArn |
+| user-account | x_access_key_id | AccessKeyId |
+| user-account | user_id | PrincipalId |
+| user-account | display_name | UserName |
+| user-account | x_user_type | UserType |
+| user-account | x_groups | Groups |
+| user-account | x_session_name | SessionName |
+| user-account | user_id | Uid |
+| user-account | display_name | Username |
+| user-account | x_effective_user_id | Euid |
+| user-account | user_id | UserId |
+| user-account | display_name | User |
 | <br> | | |
-| x-aws-resource | resource_type | Resource.ResourceType |
-| x-aws-resource | resource_role | Service.ResourceRole |
-| x-aws-resource | access_key_ref | Resource.AccessKeyDetails.PrincipalId |
-| x-aws-resource | standalone_container_ref | Resource.ContainerDetails.Id |
-| x-aws-resource | ecs_cluster_ref | Resource.EcsClusterDetails.Name |
-| x-aws-resource | eks_cluster_ref | Resource.EksClusterDetails.Name |
-| x-aws-resource | instance_ref | Resource.InstanceDetails.ImageId |
-| x-aws-resource | rds_database_ref | Resource.RdsDbInstanceDetails.DbClusterIdentifier |
-| x-aws-resource | rds_database_ref | Resource.RdsDbInstanceDetails.DbInstanceIdentifier |
-| x-aws-resource | lambda_details_ref | Resource.LambdaDetails.FunctionName |
-| x-aws-resource | account_id | AccountId |
-| x-aws-resource | partition | Partition |
-| x-aws-resource | region | Region |
+| x-aws-container | container_runtime | ContainerRuntime |
+| x-aws-container | container_id | Id |
+| x-aws-container | image | Image |
+| x-aws-container | image_prefix | ImagePrefix |
+| x-aws-container | name | Name |
+| x-aws-container | is_container_privileged | Privileged |
+| x-aws-container | volume_mount_refs | GroupContainerVolumeMountReferences |
+| x-aws-container | container_runtime | containerRuntime |
+| <br> | | |
+| x-aws-container-volume-mount | path | MountPath |
+| x-aws-container-volume-mount | name | Name |
 | <br> | | |
-| x-aws-instance | availability_zone | Resource.InstanceDetails.AvailabilityZone |
-| x-aws-instance | instance_arn | Resource.InstanceDetails.IamInstanceProfile.Arn |
-| x-aws-instance | profile_id | Resource.InstanceDetails.IamInstanceProfile.Id |
-| x-aws-instance | instance_id | Resource.InstanceDetails.InstanceId |
-| x-aws-instance | state | Resource.InstanceDetails.InstanceState |
-| x-aws-instance | instance_type | Resource.InstanceDetails.InstanceType |
-| x-aws-instance | launch_time | Resource.InstanceDetails.LaunchTime |
-| x-aws-instance | outpost_arn |  Resource.InstanceDetails.OutpostArn |
-| x-aws-instance | product_codes | Resource.InstanceDetails.ProductCodes |
-| x-aws-instance | tags | Resource.InstanceDetails.Tags |
-| x-aws-instance | os_ref | Resource.InstanceDetails.Platform |
-| x-aws-instance | image_description | Resource.InstanceDetails.ImageDescription |
-| x-aws-instance | image_id | Resource.InstanceDetails.ImageId |
+| x-aws-ebs-volume-malware-scan | scan_completed_at | ScanCompletedAt |
+| x-aws-ebs-volume-malware-scan | highest_severity_threat.total_infected_files | Count |
+| x-aws-ebs-volume-malware-scan | highest_severity_threat.severity | Severity |
+| x-aws-ebs-volume-malware-scan | highest_severity_threat.name | ThreatName |
+| x-aws-ebs-volume-malware-scan | scanned_items.total_scanned_files | Files |
+| x-aws-ebs-volume-malware-scan | scanned_items.total_files_scanned_in_gb | TotalGb |
+| x-aws-ebs-volume-malware-scan | scanned_items.total_volumes_scanned | Volumes |
+| x-aws-ebs-volume-malware-scan | threat_detected_by_name.infected_files_count | ItemCount |
+| x-aws-ebs-volume-malware-scan | threat_detected_by_name.is_finding_shortened | Shortened |
+| x-aws-ebs-volume-malware-scan | threat_detected_by_name.threat_refs | GroupThreatNamesReferences |
+| x-aws-ebs-volume-malware-scan | threat_detected_by_name.unique_threats_count_based_on_name | UniqueThreatNameCount |
+| x-aws-ebs-volume-malware-scan | total_infected_files | Files |
+| x-aws-ebs-volume-malware-scan | scan_id | ScanId |
+| x-aws-ebs-volume-malware-scan | scan_started_time | ScanStartedAt |
+| x-aws-ebs-volume-malware-scan | scan_type | ScanType |
+| x-aws-ebs-volume-malware-scan | sources | Sources |
+| x-aws-ebs-volume-malware-scan | triggered_finding_id | TriggerFindingId |
 | <br> | | |
-| x-aws-network-interface | interface_id | Resource.InstanceDetails.NetworkInterfaces.NetworkInterfaceId |
-| x-aws-network-interface | security_groups | Resource.InstanceDetails.NetworkInterfaces.SecurityGroups |
-| x-aws-network-interface | subnet_id  | Resource.InstanceDetails.NetworkInterfaces.SubnetId |
-| x-aws-network-interface | vpc_id  | Resource.InstanceDetails.NetworkInterfaces.VpcId |
-| x-aws-network-interface | ip_refs | Resource.InstanceDetails.NetworkInterfaces.Ipv6Addresses |
-| x-aws-network-interface | public_domain_ref | Resource.InstanceDetails.NetworkInterfaces.PublicDnsName |
+| x-aws-ebs-volume-scanned | device_name | DeviceName |
+| x-aws-ebs-volume-scanned | encryption_type | EncryptionType |
+| x-aws-ebs-volume-scanned | kms_key_arn | KmsKeyArn |
+| x-aws-ebs-volume-scanned | snapshot_key_arn | SnapshotArn |
+| x-aws-ebs-volume-scanned | volume_arn | VolumeArn |
+| x-aws-ebs-volume-scanned | volume_size | VolumeSizeInGB |
+| x-aws-ebs-volume-scanned | volume_type | VolumeType |
 | <br> | | |
-| x-aws-s3-bucket | arn | Resource.S3BucketDetails.Arn |
-| x-aws-s3-bucket | created_at | Resource.S3BucketDetails.CreatedAt |
-| x-aws-s3-bucket | server_side_encryption_type | Resource.S3BucketDetails.DefaultServerSideEncryption.EncryptionType |
-| x-aws-s3-bucket | kms_encryption_key_arn | Resource.S3BucketDetails.DefaultServerSideEncryption.KmsMasterKeyArn |
-| x-aws-s3-bucket | name | Resource.S3BucketDetails.Name |
-| x-aws-s3-bucket | canonical_id_of_bucket_owner | Resource.S3BucketDetails.Owner.Id |
-| x-aws-s3-bucket | bucket_permission | Resource.S3BucketDetails.PublicAccess.EffectivePermission |
-| x-aws-s3-bucket | permissions.account_level.block_public_acls | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.AccountLevelPermissions.BlockPublicAccess.BlockPublicAcls |
-| x-aws-s3-bucket | permissions.account_level.block_public_policy | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.AccountLevelPermissions.BlockPublicAccess.BlockPublicPolicy |
-| x-aws-s3-bucket | permissions.account_level.ignore_public_acls | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.AccountLevelPermissions.BlockPublicAccess.IgnorePublicAcls |
-| x-aws-s3-bucket | permissions.account_level.restrict_public_buckets | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.AccountLevelPermissions.BlockPublicAccess.RestrictPublicBuckets |
-| x-aws-s3-bucket | permissions.bucket_level.access_control_policies.allows_public_read_access | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.BucketLevelPermissions.AccessControlList.AllowsPublicReadAccess |
-| x-aws-s3-bucket | permissions.bucket_level.access_control_policies.allows_public_write_access |Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.BucketLevelPermissions.AccessControlList.AllowsPublicWriteAccess |
-| x-aws-s3-bucket | permissions.bucket_level.block_public_access_settings.block_public_acls | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.BucketLevelPermissions.BlockPublicAccess.BlockPublicAcls |
-| x-aws-s3-bucket | permissions.bucket_level.block_public_access_settings.block_public_policy | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.BucketLevelPermissions.BlockPublicAccess.BlockPublicPolicy |
-| x-aws-s3-bucket | permissions.bucket_level.block_public_access_settings.ignore_public_acls | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.BucketLevelPermissions.BlockPublicAccess.IgnorePublicAcls |
-| x-aws-s3-bucket | permissions.bucket_level.block_public_access_settings.restrict_public_buckets |  Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.BucketLevelPermissions.BlockPublicAccess.RestrictPublicBuckets|
-| x-aws-s3-bucket | permissions.bucket_level.bucket_policies.allows_public_read_access |Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.BucketLevelPermissions.BucketPolicy.AllowsPublicReadAccess |
-| x-aws-s3-bucket | permissions.bucket_level.bucket_policies.allows_public_write_access | Resource.S3BucketDetails.PublicAccess.PermissionConfiguration.BucketLevelPermissions.BucketPolicy.AllowsPublicWriteAccess |
-| x-aws-s3-bucket | tags | Resource.S3BucketDetails.Tag |
-| x-aws-s3-bucket | bucket_type | Resource.S3BucketDetails.Type |
+| x-aws-ebs-volume-skipped | device_name | DeviceName |
+| x-aws-ebs-volume-skipped | encryption_type | EncryptionType |
+| x-aws-ebs-volume-skipped | kms_key_arn | KmsKeyArn |
+| x-aws-ebs-volume-skipped | snapshot_key_arn | SnapshotArn |
+| x-aws-ebs-volume-skipped | volume_arn | VolumeArn |
+| x-aws-ebs-volume-skipped | volume_size | VolumeSizeInGB |
+| x-aws-ebs-volume-skipped | volume_type | VolumeType |
 | <br> | | |
-| x-aws-rds-db-instance | cluster_id | Resource.RdsDbInstanceDetails.DbClusterIdentifier |
-| x-aws-rds-db-instance | instance_arn | Resource.RdsDbInstanceDetails.DbInstanceArn |
-| x-aws-rds-db-instance | instance_id | Resource.RdsDbInstanceDetails.DbInstanceIdentifier |
-| x-aws-rds-db-instance | engine | Resource.RdsDbInstanceDetails.Engine |
-| x-aws-rds-db-instance | engine_version | Resource.RdsDbInstanceDetails.EngineVersion |
-| x-aws-rds-db-instance | tags |  Resource.RdsDbInstanceDetails.Tags |
-| x-aws-rds-db-instance | anomalous_login_user_ref |  Resource.RdsDbUserDetails.Application |
-| x-aws-rds-db-instance | anomalous_login_user_ref |  Resource.RdsDbUserDetails.AuthMethod |
-| x-aws-rds-db-instance | anomalous_login_user_ref |  Resource.RdsDbInstanceDetails.Database |
-| x-aws-rds-db-instance | anomalous_login_user_ref |  Resource.RdsDbInstanceDetails.Ssl |
-| x-aws-rds-db-instance | anomalous_login_user_ref |  Resource.RdsDbInstanceDetails.User |
+| x-aws-ecs-cluster | active_services_count | ActiveServicesCount |
+| x-aws-ecs-cluster | cluster_arn | Arn |
+| x-aws-ecs-cluster | name | Name |
+| x-aws-ecs-cluster | container_instances_registered_count | RegisteredContainerInstancesCount |
+| x-aws-ecs-cluster | running_tasks_count | RunningTasksCount |
+| x-aws-ecs-cluster | status | Status |
+| x-aws-ecs-cluster | tags | Tags |
+| x-aws-ecs-cluster | task.arn | Arn |
+| x-aws-ecs-cluster | task.container_refs | GroupClusterContainerReferences |
+| x-aws-ecs-cluster | task.definition_arn | DefinitionArn |
+| x-aws-ecs-cluster | task.group_name | Group |
+| x-aws-ecs-cluster | task.started_at | StartedAt |
+| x-aws-ecs-cluster | task.started_by | StartedBy |
+| x-aws-ecs-cluster | task.tags | Tags |
+| x-aws-ecs-cluster | task.created_at | CreatedAt |
+| x-aws-ecs-cluster | task.version | Version |
+| x-aws-ecs-cluster | task.volumes | Volumes |
 | <br> | | |
-| x-aws-rds-db-user | application_name | Resource.RdsDbUserDetails.Application |
-| x-aws-rds-db-user | authentication_method | Resource.RdsDbUserDetails.AuthMethod |
-| x-aws-rds-db-user | database_name | Resource.RdsDbUserDetails.Database |
-| x-aws-rds-db-user | ssl | Resource.RdsDbUserDetails.Ssl |
-| x-aws-rds-db-user | user_name | Resource.RdsDbUserDetails.User |
+| x-aws-eks-cluster | arn | Arn |
+| x-aws-eks-cluster | created_at | CreatedAt |
+| x-aws-eks-cluster | name | Name |
+| x-aws-eks-cluster | status | Status |
+| x-aws-eks-cluster | tags | Tags |
+| x-aws-eks-cluster | vpc_id | VpcId |
+| x-aws-eks-cluster | kubernetes_user_ref | Uid |
+| x-aws-eks-cluster | kubernetes_user_ref | Username |
+| x-aws-eks-cluster | kubernetes_workload_ref | Name |
 | <br> | | |
-| x-aws-lambda | description | Resource.LambdaDetails.Description |
-| x-aws-lambda | function_arn | Resource.LambdaDetails.FunctionArn |
-| x-aws-lambda | function_name | Resource.LambdaDetails.FunctionName |
-| x-aws-lambda | function_version | Resource.LambdaDetails.FunctionVersion |
-| x-aws-lambda | last_modified_at | Resource.LambdaDetails.LastModifiedAt |
-| x-aws-lambda | execution_role | Resource.LambdaDetails.Role |
-| x-aws-lambda | tags | Resource.LambdaDetails.Tags |
-| x-aws-lambda | revision_id | Resource.LambdaDetails.RevisionId |
-| x-aws-lambda | security_groups | Resource.LambdaDetails.VpcConfig.SecurityGroups |
-| x-aws-lambda | subnet_ids | Resource.LambdaDetails.VpcConfig.SubnetIds |
-| x-aws-lambda | amazon_vpc_id | Resource.LambdaDetails.VpcConfig.VpcId |
+| x-aws-evidence | threat_intelligence_list_name | ThreatListName |
+| x-aws-evidence | threat_names | ThreatNames |
 | <br> | | |
-| x-aws-rds-login-attributes | login_application_name | Service.Action.RdsLoginAttemptAction.LoginAttributes.Application |
-| x-aws-rds-login-attributes | failed_login_attempts | Service.Action.RdsLoginAttemptAction.LoginAttributes.FailedLoginAttempts |
-| x-aws-rds-login-attributes | successful_login_attempts | Service.Action.RdsLoginAttemptAction.LoginAttributes.SuccessfulLoginAttempts |
-| x-aws-rds-login-attributes | login_attempted_user_name | Service.Action.RdsLoginAttemptAction.LoginAttributes.User |
+| x-aws-finding-service | action.action_type | ActionType |
+| x-aws-finding-service | action.network_ref | Protocol |
+| x-aws-finding-service | action.is_port_probe_blocked | Blocked |
+| x-aws-finding-service | action.network_refs | GroupPortProbeDetailsReferences |
+| x-aws-finding-service | action.affected_resources | AffectedResources |
+| x-aws-finding-service | action.api_called | Api |
+| x-aws-finding-service | action.caller_type | CallerType |
+| x-aws-finding-service | action.domain_ref | Domain |
+| x-aws-finding-service | action.error_code | ErrorCode |
+| x-aws-finding-service | action.service_name | ServiceName |
+| x-aws-finding-service | action.software_ref | UserAgent |
+| x-aws-finding-service | action.caller_account_id | AccountId |
+| x-aws-finding-service | action.is_caller_account_affiliated_to_aws | Affiliated |
+| x-aws-finding-service | action.remote_ref | IpAddressV4 |
+| x-aws-finding-service | action.rds_login_refs | GroupRdsLoginAttributes |
+| x-aws-finding-service | additional_info | AdditionalInfo |
+| x-aws-finding-service | event_first_seen | EventFirstSeen |
+| x-aws-finding-service | event_last_seen | EventLastSeen |
+| x-aws-finding-service | evidence_refs | GroupEvidenceReferences |
+| x-aws-finding-service | ebs_volume_malware_scan_ref | ScanId |
 | <br> | | |
-| x-aws-ecs-cluster | active_services_count | Resource.EcsClusterDetails.ActiveServicesCount |
-| x-aws-ecs-cluster | cluster_arn | Resource.EcsClusterDetails.Arn |
-| x-aws-ecs-cluster | name | Resource.EcsClusterDetails.Name |
-| x-aws-ecs-cluster | container_instances_registered_count | Resource.EcsClusterDetails.RegisteredContainerInstancesCount |
-| x-aws-ecs-cluster | running_tasks_count | Resource.EcsClusterDetails.RunningTasksCount |
-| x-aws-ecs-cluster | status | Resource.EcsClusterDetails.Status |
-| x-aws-ecs-cluster | tags | Resource.EcsClusterDetails.Tags |
-| x-aws-ecs-cluster | task.arn | Resource.EcsClusterDetails.TaskDetails.TaskDetails.Arn |
-| x-aws-ecs-cluster | task.definition_arn | Resource.EcsClusterDetails.TaskDetails.DefinitionArn |
-| x-aws-ecs-cluster | task.group_name | Resource.EcsClusterDetails.TaskDetails.Group |
-| x-aws-ecs-cluster | task.started_at | Resource.EcsClusterDetails.TaskDetails.StartedAt |
-| x-aws-ecs-cluster | task.started_by | Resource.EcsClusterDetails.TaskDetails.StartedBy |
-| x-aws-ecs-cluster | task.tags | Resource.EcsClusterDetails.TaskDetails.Tags |
-| x-aws-ecs-cluster | task.created_at | Resource.EcsClusterDetails.TaskDetails.CreatedAt |
-| x-aws-ecs-cluster | task.version | Resource.EcsClusterDetails.TaskDetails.Version |
-| x-aws-ecs-cluster | task.volumes | Resource.EcsClusterDetails.TaskDetails.Volumes |
+| x-aws-instance | availability_zone | AvailabilityZone |
+| x-aws-instance | instance_arn | Arn |
+| x-aws-instance | profile_id | Id |
+| x-aws-instance | image_description | ImageDescription |
+| x-aws-instance | image_id | ImageId |
+| x-aws-instance | instance_id | InstanceId |
+| x-aws-instance | state | InstanceState |
+| x-aws-instance | instance_type | InstanceType |
+| x-aws-instance | launch_time | LaunchTime |
+| x-aws-instance | x_network_interface_refs | GroupNetworkInterfaceReferences |
+| x-aws-instance | outpost_arn | OutpostArn |
+| x-aws-instance | os_ref | Platform |
+| x-aws-instance | product_codes | ProductCodes |
+| x-aws-instance | tags | Tags |
 | <br> | | |
-| x-aws-ebs-volume-scanned | device_name | Resource.EbsVolumeDetails.ScannedVolumeDetails.DeviceName |
-| x-aws-ebs-volume-scanned | encryption_type | Resource.EbsVolumeDetails.ScannedVolumeDetails.EncryptionType |
-| x-aws-ebs-volume-scanned | kms_key_arn | Resource.EbsVolumeDetails.ScannedVolumeDetails.KmsKeyArn |
-| x-aws-ebs-volume-scanned | snapshot_key_arn | Resource.EbsVolumeDetails.ScannedVolumeDetails.SnapshotArn |
-| x-aws-ebs-volume-scanned | volume_arn | Resource.EbsVolumeDetails.ScannedVolumeDetails.VolumeArn |
-| x-aws-ebs-volume-scanned | volume_size | Resource.EbsVolumeDetails.ScannedVolumeDetails.VolumeSizeInGB |
-| x-aws-ebs-volume-scanned | volume_type | Resource.EbsVolumeDetails.ScannedVolumeDetails.VolumeType |
+| x-aws-kubernetes-workload | container_refs | GroupKubernetesContainerReferences |
+| x-aws-kubernetes-workload | is_enabled_host_network_for_pods | HostNetwork |
+| x-aws-kubernetes-workload | workload_name | Name |
+| x-aws-kubernetes-workload | workload_namespace | Namespace |
+| x-aws-kubernetes-workload | workload_type | Type |
+| x-aws-kubernetes-workload | workload_id | Uid |
+| x-aws-kubernetes-workload | volumes | Volumes |
+| x-aws-kubernetes-workload | runtime_context_ref | ModifiedAt |
+| x-aws-kubernetes-workload | runtime_context_ref | Name |
+| x-aws-kubernetes-workload | runtime_context_ref | ModuleName |
+| x-aws-kubernetes-workload | runtime_context_ref | ScriptPath |
+| x-aws-kubernetes-workload | runtime_observed_process_ref | Name |
+| x-aws-kubernetes-workload | runtime_observed_process_ref | Pid |
 | <br> | | |
-| x-aws-ebs-volume-skipped | device_name | Resource.EbsVolumeDetails.SkippedVolumeDetails.DeviceName |
-| x-aws-ebs-volume-skipped | encryption_type | Resource.EbsVolumeDetails.SkippedVolumeDetails.EncryptionType |
-| x-aws-ebs-volume-skipped | kms_key_arn | Resource.EbsVolumeDetails.SkippedVolumeDetails.KmsKeyArn |
-| x-aws-ebs-volume-skipped | snapshot_key_arn | Resource.EbsVolumeDetails.SkippedVolumeDetails.SnapshotArn |
-| x-aws-ebs-volume-skipped | volume_arn | Resource.EbsVolumeDetails.SkippedVolumeDetails.VolumeArn |
-| x-aws-ebs-volume-skipped | volume_size | Resource.EbsVolumeDetails.SkippedVolumeDetails.VolumeSizeInGB |
-| x-aws-ebs-volume-skipped | volume_type | Resource.EbsVolumeDetails.SkippedVolumeDetails.VolumeType |
+| x-aws-lambda | description | Description |
+| x-aws-lambda | function_arn | FunctionArn |
+| x-aws-lambda | function_name | FunctionName |
+| x-aws-lambda | function_version | FunctionVersion |
+| x-aws-lambda | last_modified_at | LastModifiedAt |
+| x-aws-lambda | revision_id | RevisionId |
+| x-aws-lambda | execution_role | Role |
+| x-aws-lambda | tags | Tags |
+| x-aws-lambda | security_groups | securityGroups |
+| x-aws-lambda | subnet_ids | SubnetIds |
+| x-aws-lambda | amazon_vpc_id | VpcId |
 | <br> | | |
-| x-aws-container | container_runtime | Resource.ContainerDetails.ContainerRuntime |
-| x-aws-container | container_runtime | Resource.EcsClusterDetails.TaskDetails.Containers.ContainerRuntime |
-| x-aws-container | container_runtime | Resource.KubernetesDetails.KubernetesWorkloadDetails.Containers.ContainerRuntime |
-| x-aws-container | container_id | Resource.ContainerDetails.Id |
-| x-aws-container | container_id | Resource.EcsClusterDetails.TaskDetails.Containers.Id |
-| x-aws-container | container_id | Resource.KubernetesDetails.KubernetesWorkloadDetails.Containers.Id |
-| x-aws-container | image | Resource.ContainerDetails.Image |
-| x-aws-container | image | Resource.EcsClusterDetails.TaskDetails.Containers.Image |
-| x-aws-container | image | Resource.KubernetesDetails.KubernetesWorkloadDetails.Containers.Image |
-| x-aws-container | image_prefix | Resource.ContainerDetails.ImagePrefix |
-| x-aws-container | image_prefix | Resource.EcsClusterDetails.TaskDetails.Containers.ImagePrefix |
-| x-aws-container | image_prefix | Resource.KubernetesDetails.KubernetesWorkloadDetails.Containers.ImagePrefix |
-| x-aws-container | name | Resource.ContainerDetails.Name |
-| x-aws-container | name | Resource.EcsClusterDetails.TaskDetails.Containers.Name |
-| x-aws-container | name | Resource.KubernetesDetails.KubernetesWorkloadDetails.Containers.Name |
-| x-aws-container | is_container_privileged | Resource.ContainerDetails.SecurityContext.Privileged |
-| x-aws-container | is_container_privileged | Resource.EcsClusterDetails.TaskDetails.Containers.SecurityContext.Privileged |
-| x-aws-container | is_container_privileged | Resource.KubernetesDetails.KubernetesWorkloadDetails.Containers.SecurityContext.Privileged |
+| x-aws-network-interface | ip_refs | Ipv6Addresses |
+| x-aws-network-interface | interface_id | NetworkInterfaceId |
+| x-aws-network-interface | private_domain_refs | GroupPrivateDomainReferences |
+| x-aws-network-interface | public_domain_ref | PublicDnsName |
+| x-aws-network-interface | security_groups | SecurityGroups |
+| x-aws-network-interface | subnet_id | SubnetId |
+| x-aws-network-interface | vpc_id | VpcId |
 | <br> | | |
-| x-aws-container-volume-mount | path | Resource.ContainerDetails.VolumeMounts.MountPath |
-| x-aws-container-volume-mount | path | Resource.EcsClusterDetails.TaskDetails.Containers.VolumeMounts.MountPath |
-| x-aws-container-volume-mount | path | Resource.KubernetesDetails.KubernetesWorkloadDetails.Containers.VolumeMounts.MountPath |
-| x-aws-container-volume-mount | name | Resource.ContainerDetails.VolumeMounts.Name |
-| x-aws-container-volume-mount | name | Resource.EcsClusterDetails.TaskDetails.Containers.VolumeMounts.Name |
-| x-aws-container-volume-mount | name | Resource.KubernetesDetails.KubernetesWorkloadDetails.Containers.VolumeMounts.Name |
+| x-aws-rds-db-instance | cluster_id | DbClusterIdentifier |
+| x-aws-rds-db-instance | instance_arn | DbInstanceArn |
+| x-aws-rds-db-instance | instance_id | DbInstanceIdentifier |
+| x-aws-rds-db-instance | engine | Engine |
+| x-aws-rds-db-instance | engine_version | EngineVersion |
+| x-aws-rds-db-instance | tags | Tags |
+| x-aws-rds-db-instance | anomalous_login_user_ref | Application |
+| x-aws-rds-db-instance | anomalous_login_user_ref | AuthMethod |
+| x-aws-rds-db-instance | anomalous_login_user_ref | Database |
+| x-aws-rds-db-instance | anomalous_login_user_ref | Ssl |
+| x-aws-rds-db-instance | anomalous_login_user_ref | User |
 | <br> | | |
-| x-aws-kubernetes-workload | is_enabled_host_network_for_pods | Resource.KubernetesDetails.KubernetesWorkloadDetails.HostNetwork |
-| x-aws-kubernetes-workload | workload_name |  Resource.KubernetesDetails.KubernetesWorkloadDetails.Name |
-| x-aws-kubernetes-workload | workload_namespace |  Resource.KubernetesDetails.KubernetesWorkloadDetails.Namespace |
-| x-aws-kubernetes-workload | workload_type |  Resource.KubernetesDetails.KubernetesWorkloadDetails.Type |
-| x-aws-kubernetes-workload | workload_id |  Resource.KubernetesDetails.KubernetesWorkloadDetails.Uid |
-| x-aws-kubernetes-workload | volumes |  Resource.KubernetesDetails.KubernetesWorkloadDetails.Volumes |
-| x-aws-kubernetes-workload | runtime_context_ref | Service.RuntimeDetails.Context.ModifiedAt |
-| x-aws-kubernetes-workload | runtime_context_ref | Service.RuntimeDetails.Context.ModuleName |
-| x-aws-kubernetes-workload | runtime_context_ref | Service.RuntimeDetails.Context.ScriptPath |
-| x-aws-kubernetes-workload | runtime_context_ref | Service.RuntimeDetails.Context.ModifyingProcess.Name |
-| x-aws-kubernetes-workload | runtime_context_ref | Service.RuntimeDetails.Context.TargetProcess.Name |
-| x-aws-kubernetes-workload | runtime_observed_process_ref | Service.RuntimeDetails.Process.Name |
-| x-aws-kubernetes-workload | runtime_observed_process_ref | Service.RuntimeDetails.Process.Pid |
+| x-aws-rds-db-user | application_name | Application |
+| x-aws-rds-db-user | authentication_method | AuthMethod |
+| x-aws-rds-db-user | database_name | Database |
+| x-aws-rds-db-user | ssl | Ssl |
+| x-aws-rds-db-user | user_name | User |
 | <br> | | |
-| x-aws-eks-cluster | arn | Resource.EksClusterDetails.Arn |
-| x-aws-eks-cluster | created_at | Resource.EksClusterDetails.CreatedAt |
-| x-aws-eks-cluster | name | Resource.EksClusterDetails.Name |
-| x-aws-eks-cluster | status | Resource.EksClusterDetails.Status |
-| x-aws-eks-cluster | tags | Resource.EksClusterDetails.Tags |
-| x-aws-eks-cluster | vpc_id | Resource.EksClusterDetails.VpcId |
-| x-aws-eks-cluster | kubernetes_user_ref | Resource.KubernetesDetails.KubernetesUserDetails.Uid |
-| x-aws-eks-cluster | kubernetes_user_ref | Resource.KubernetesDetails.KubernetesUserDetails.Username |
-| x-aws-eks-cluster | kubernetes_workload_ref | Resource.kubernetesDetails.kubernetesWorkloadDetails.Name |
+| x-aws-rds-login-attributes | login_application_name | Application |
+| x-aws-rds-login-attributes | failed_login_attempts | FailedLoginAttempts |
+| x-aws-rds-login-attributes | successful_login_attempts | SuccessfulLoginAttempts |
+| x-aws-rds-login-attributes | login_attempted_user_name | User |
 | <br> | | |
-| x-aws-ebs-volume-malware-scan | scan_completed_at | Service.EbsVolumeScanDetails.ScanCompletedAt |
-| x-aws-ebs-volume-malware-scan | highest_severity_threat.total_infected_files | Service.EbsVolumeScanDetails.ScanDetections.HighestSeverityThreatDetails.Count |
-| x-aws-ebs-volume-malware-scan | highest_severity_threat.severity | Service.EbsVolumeScanDetails.ScanDetections.HighestSeverityThreatDetails.Severity |
-| x-aws-ebs-volume-malware-scan | highest_severity_threat.name | Service.EbsVolumeScanDetails.ScanDetections.HighestSeverityThreatDetails.ThreatName |
-| x-aws-ebs-volume-malware-scan | scanned_items.total_scanned_files | Service.EbsVolumeScanDetails.ScanDetections.ScannedItemCount.Files |
-| x-aws-ebs-volume-malware-scan | scanned_items.total_files_scanned_in_gb | Service.EbsVolumeScanDetails.ScanDetections.ScannedItemCount.TotalGb |
-| x-aws-ebs-volume-malware-scan | scanned_items.total_volumes_scanned | Service.EbsVolumeScanDetails.ScanDetections.ScannedItemCount.Volumes |
-| x-aws-ebs-volume-malware-scan | threat_detected_by_name.infected_files_count |  Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ItemCount |
-| x-aws-ebs-volume-malware-scan | threat_detected_by_name.is_finding_shortened |  Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.Shortened |
-| x-aws-ebs-volume-malware-scan | threat_detected_by_name.unique_threats_count_based_on_name |  Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.UniqueThreatNameCount |
-| x-aws-ebs-volume-malware-scan | total_infected_files |  Service.EbsVolumeScanDetails.ScanDetections.ThreatsDetectedItemCount.Files |
-| x-aws-ebs-volume-malware-scan | scan_id | Service.EbsVolumeScanDetails.ScanId |
-| x-aws-ebs-volume-malware-scan | scan_started_time | Service.EbsVolumeScanDetails.ScanStartedAt |
-| x-aws-ebs-volume-malware-scan | scan_type | Service.EbsVolumeScanDetails.ScanType |
-| x-aws-ebs-volume-malware-scan | sources | Service.EbsVolumeScanDetails.Sources |
-| x-aws-ebs-volume-malware-scan | triggered_finding_id | Service.EbsVolumeScanDetails.TriggerFindingId |
+| x-aws-resource | account_id | AccountId |
+| x-aws-resource | partition | Partition |
+| x-aws-resource | region | Region |
+| x-aws-resource | resource_type | ResourceType |
+| x-aws-resource | access_key_ref | PrincipalId |
+| x-aws-resource | ebs_volume.scanned_refs | GroupEbsVolumeScannedReferences |
+| x-aws-resource | ebs_volume.skipped_refs | GroupEbsVolumeSkippedReferences |
+| x-aws-resource | standalone_container_ref | Id |
+| x-aws-resource | ecs_cluster_ref | Name |
+| x-aws-resource | eks_cluster_ref | Name |
+| x-aws-resource | instance_ref | ImageId |
+| x-aws-resource | rds_database_ref | DbClusterIdentifier |
+| x-aws-resource | rds_database_ref | DbInstanceIdentifier |
+| x-aws-resource | s3_bucket_refs | GroupS3BucketReferences |
+| x-aws-resource | lambda_details_ref | FunctionName |
+| x-aws-resource | resource_role | ResourceRole |
+| <br> | | |
+| x-aws-runtime-context | address_family | AddressFamily |
+| x-aws-runtime-context | mounted_file_system_type | FileSystemType |
+| x-aws-runtime-context | flags | Flags |
+| x-aws-runtime-context | iana_protocol_number | IanaProtocolNumber |
+| x-aws-runtime-context | environmental_variables.LD_PRELOAD | LdPreloadValue |
+| x-aws-runtime-context | new_library_path | LibraryPath |
+| x-aws-runtime-context | memory_regions | MemoryRegions |
+| x-aws-runtime-context | process_modified_time | ModifiedAt |
+| x-aws-runtime-context | modifying_process_ref | Name |
+| x-aws-runtime-context | module_ref | ModuleFilePath |
+| x-aws-runtime-context | module_ref | ModuleName |
+| x-aws-runtime-context | host_path | MountSource |
+| x-aws-runtime-context | container_path | MountTarget |
+| x-aws-runtime-context | release_agent_path | ReleaseAgentPath |
+| x-aws-runtime-context | runc_implementation_path | RuncBinaryPath |
+| x-aws-runtime-context | script_path | ScriptPath |
+| x-aws-runtime-context | shell_history_file_path | ShellHistoryFilePath |
+| x-aws-runtime-context | socket_path | SocketPath |
+| x-aws-runtime-context | target_process_ref | Name |
+| <br> | | |
+| x-aws-s3-bucket | arn | Arn |
+| x-aws-s3-bucket | created_at | CreatedAt |
+| x-aws-s3-bucket | server_side_encryption_type | EncryptionType |
+| x-aws-s3-bucket | kms_encryption_key_arn | KmsMasterKeyArn |
+| x-aws-s3-bucket | name | Name |
+| x-aws-s3-bucket | canonical_id_of_bucket_owner | Id |
+| x-aws-s3-bucket | bucket_permission | EffectivePermission |
+| x-aws-s3-bucket | permissions.account_level.block_public_acls | BlockPublicAcls |
+| x-aws-s3-bucket | permissions.account_level.block_public_policy | BlockPublicPolicy |
+| x-aws-s3-bucket | permissions.account_level.ignore_public_acls | IgnorePublicAcls |
+| x-aws-s3-bucket | permissions.account_level.restrict_public_buckets | RestrictPublicBuckets |
+| x-aws-s3-bucket | permissions.bucket_level.access_control_policies.allows_public_read_access | AllowsPublicReadAccess |
+| x-aws-s3-bucket | permissions.bucket_level.access_control_policies.allows_public_write_access | AllowsPublicWriteAccess |
+| x-aws-s3-bucket | permissions.bucket_level.block_public_access_settings.block_public_acls | BlockPublicAcls |
+| x-aws-s3-bucket | permissions.bucket_level.block_public_access_settings.block_public_policy | BlockPublicPolicy |
+| x-aws-s3-bucket | permissions.bucket_level.block_public_access_settings.ignore_public_acls | IgnorePublicAcls |
+| x-aws-s3-bucket | permissions.bucket_level.block_public_access_settings.restrict_public_buckets | RestrictPublicBuckets |
+| x-aws-s3-bucket | permissions.bucket_level.bucket_policies.allows_public_read_access | AllowsPublicReadAccess |
+| x-aws-s3-bucket | permissions.bucket_level.bucket_policies.allows_public_write_access | AllowsPublicWriteAccess |
+| x-aws-s3-bucket | tags | Tags |
+| x-aws-s3-bucket | bucket_type | Type |
+| <br> | | |
+| x-aws-threat | infected_file_refs | GroupThreatFileReferences |
+| x-aws-threat | total_files_infected | ItemCount |
+| x-aws-threat | threat_name | Name |
+| x-aws-threat | severity | Severity |
 | <br> | | |
 | x-ibm-finding | finding_type | FindingType |
+| x-ibm-finding | x_resource_ref | AccountId |
 | x-ibm-finding | x_arn | Arn |
 | x-ibm-finding | confidence | Confidence |
 | x-ibm-finding | description | Description |
@@ -526,67 +449,22 @@
 | x-ibm-finding | x_title | Title |
 | x-ibm-finding | name | Type |
 | x-ibm-finding | time_observed | UpdatedAt |
-| x-ibm-finding | x_archived | Service.Archived |
-| x-ibm-finding | event_count | Service.Count |
-| x-ibm-finding | x_detector_id | Service.DetectorId |
-| x-ibm-finding | x_feature_name | Service.FeatureName |
-| x-ibm-finding | x_finding_feedback | Service.UserFeedback |
-| x-ibm-finding | src_application_user_ref | Resource.KubernetesDetails.KubernetesUserDetails.Uid |
-| x-ibm-finding | src_application_user_ref | Resource.KubernetesDetails.KubernetesUserDetails.Username |
-| x-ibm-finding | x_resource_ref | Resource.ResourceType |
-| x-ibm-finding | x_resource_ref | AccountId |
-| x-ibm-finding | x_service_ref | Service.Action.ActionType |
-| x-ibm-finding | x_service_ref | Service.Action.AwsApiCallAction.Api |
-| x-ibm-finding | x_service_ref | Service.Action.RdsLoginAttemptAction.LoginAttributes.Application |
-| x-ibm-finding | x_service_ref | Service.Action.RdsLoginAttemptAction.RemoteIpDetails.IpAddressV4 |
-| x-ibm-finding | x_service_ref | Service.EventFirstSeen |
-| <br> | | |
-| x-aws-finding-service | action.action_type | Service.Action.ActionType |
-| x-aws-finding-service | action.is_port_probe_blocked | Service.Action.PortProbeAction.Blocked |
-| x-aws-finding-service | action.affected_resources | Service.Action.AwsApiCallAction.AffectedResources |
-| x-aws-finding-service | action.api_called |  Service.Action.AwsApiCallAction.Api |
-| x-aws-finding-service | action.caller_type | Service.Action.AwsApiCallAction.CallerType |
-| x-aws-finding-service | action.error_code | Service.Action.AwsApiCallAction.ErrorCode |
-| x-aws-finding-service | action.service_name | Service.Action.AwsApiCallAction.ServiceName |
-| x-aws-finding-service | action.caller_account_id | Service.Action.AwsApiCallAction.RemoteAccountDetails.AccountId |
-| x-aws-finding-service | action.is_caller_account_affiliated_to_aws | Service.Action.AwsApiCallAction.RemoteAccountDetails.Affiliated |
-| x-aws-finding-service | additional_info | Service.AdditionalInfo |
-| x-aws-finding-service | event_first_seen | Service.EventFirstSeen |
-| x-aws-finding-service | event_last_seen | Service.EventLastSeen |
-| x-aws-finding-service | evidence_refs | Service.Evidence.ThreatIntelligenceDetails.GroupEvidenceReferences |
-| x-aws-finding-service | action.network_ref | Service.Action.DnsRequestAction.Protocol |
-| x-aws-finding-service | action.domain_ref | Service.Action.AwsApiCallAction.DomainDetails.Domain |
-| x-aws-finding-service | action.software_ref | Service.Action.AwsApiCallAction.UserAgent |
-| x-aws-finding-service | action.remote_ref |Service.Action.AwsApiCallAction.RemoteIpDetails.IpAddressV4 |
-| x-aws-finding-service | action.remote_ref |Service.Action.RdsLoginAttemptAction.RemoteIpDetails.IpAddressV4 |
-| x-aws-finding-service | action.network_ref | Service.Action.NetworkConnectionAction.Protocol |
-| x-aws-finding-service | action.network_ref | Service.Action.KubernetesApiCallAction.Protocol |
-| x-aws-finding-service | ebs_volume_malware_scan_ref | Service.EbsVolumeScanDetails.ScanId |
-| <br> | | |
-| x-aws-runtime-context | address_family | Service.RuntimeDetails.Context.AddressFamily |
-| x-aws-runtime-context | mounted_file_system_type | Service.RuntimeDetails.Context.FileSystemType |
-| x-aws-runtime-context | flags | Service.RuntimeDetails.Context.Flags |
-| x-aws-runtime-context | iana_protocol_number | Service.RuntimeDetails.Context.IanaProtocolNumber |
-| x-aws-runtime-context | environmental_variables.LD_PRELOAD | Service.RuntimeDetails.Context.LdPreloadValue |
-| x-aws-runtime-context | new_library_path | Service.RuntimeDetails.Context.LibraryPath |
-| x-aws-runtime-context | memory_regions | Service.RuntimeDetails.Context.MemoryRegions |
-| x-aws-runtime-context | process_modified_time | Service.RuntimeDetails.Context.ModifiedAt |
-| x-aws-runtime-context | modifying_process_ref | Service.RuntimeDetails.Context.ModifyingProcess.Name |
-| x-aws-runtime-context | module_ref | Service.RuntimeDetails.Context.ModuleFilePath |
-| x-aws-runtime-context | module_ref | Service.RuntimeDetails.Context.ModuleName |
-| x-aws-runtime-context | host_path | Service.RuntimeDetails.Context.MountSource |
-| x-aws-runtime-context | container_path | Service.RuntimeDetails.Context.MountTarget |
-| x-aws-runtime-context | release_agent_path | Service.RuntimeDetails.Context.ReleaseAgentPath |
-| x-aws-runtime-context | runc_implementation_path | Service.RuntimeDetails.Context.RuncBinaryPath |
-| x-aws-runtime-context | script_path | Service.RuntimeDetails.Context.ScriptPath |
-| x-aws-runtime-context | shell_history_file_path | Service.RuntimeDetails.Context.ShellHistoryFilePath |
-| x-aws-runtime-context | socket_path | Service.RuntimeDetails.Context.SocketPath |
-| x-aws-runtime-context | target_process_ref | Service.RuntimeDetails.Context.TargetProcess.Name |
+| x-ibm-finding | x_resource_ref | ResourceType |
+| x-ibm-finding | src_application_user_ref | Uid |
+| x-ibm-finding | src_application_user_ref | Username |
+| x-ibm-finding | x_service_ref | ActionType |
+| x-ibm-finding | x_service_ref | Api |
+| x-ibm-finding | x_service_ref | Application |
+| x-ibm-finding | x_service_ref | IpAddressV4 |
+| x-ibm-finding | x_archived | Archived |
+| x-ibm-finding | event_count | Count |
+| x-ibm-finding | x_detector_id | DetectorId |
+| x-ibm-finding | x_service_ref | EventFirstSeen |
+| x-ibm-finding | x_feature_name | FeatureName |
+| x-ibm-finding | x_finding_feedback | UserFeedback |
 | <br> | | |
-| x-aws-threat | total_files_infected | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.ItemCount |
-| x-aws-threat | threat_name | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.Name |
-| x-aws-threat | severity | Service.EbsVolumeScanDetails.ScanDetections.ThreatDetectedByName.ThreatNames.Severity |
+| x-oca-geo | country_iso_code | CountryCode |
+| x-oca-geo | country_name | CountryName |
+| x-oca-geo | city_name | CityName |
+| x-oca-geo | location | GeoLocation |
 | <br> | | |
-| x-aws-evidence | threat_intelligence_list_name | Service.Evidence.ThreatIntelligenceDetails.ThreatListName |
-| x-aws-evidence | threat_names | Service.Evidence.ThreatIntelligenceDetails.ThreatNames |
-| <br> | | |
\ No newline at end of file
diff --git a/stix_shifter_modules/azure_log_analytics/azure_log_analytics_supported_stix.md b/stix_shifter_modules/azure_log_analytics/azure_log_analytics_supported_stix.md
index 7992a2132..060f50059 100644
--- a/stix_shifter_modules/azure_log_analytics/azure_log_analytics_supported_stix.md
+++ b/stix_shifter_modules/azure_log_analytics/azure_log_analytics_supported_stix.md
@@ -1,23 +1,27 @@
-##### Updated on 25/05/23
+##### Updated on 10/25/23
 ## Azure Log Analytics
+### Results STIX Domain Objects
+* Identity
+* Observed Data
+<br>
 ### Supported STIX Operators
 *Comparison AND/OR operators are inside the observation while observation AND/OR operators are between observations (square brackets).*
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | and |
-| OR (Comparision) | or |
+| AND (Comparison) | and |
+| OR (Comparison) | or |
 | = | == |
 | != | != |
 | IN | in~ |
-| MATCHES | matches |
+| MATCHES | matches regex |
+| LIKE | contains |
 | > | > |
 | >= | >= |
 | < | < |
 | <= | <= |
-| LIKE | contains |
-| OR (Observation) | OR |
-| AND (Observation) | OR |
+| OR (Observation) | or |
+| AND (Observation) | or |
 | <br> | |
 ### Searchable STIX objects and properties for Securityalert dialect
 | STIX Object and Property | Mapped Data Source Fields |
@@ -36,8 +40,8 @@
 | **ipv6-addr**:x_location_ref.longitude | Entities.Location.Longitude |
 | **ipv6-addr**:x_location_ref.latitude | Entities.Location.Latitude |
 | **ipv6-addr**:x_location_ref.organization | Entities.Location.Organization |
-| **user-account**:name | Entities.Name |
-| **user-account**:user_id | Entities.AadUserId |
+| **user-account**:user_id | Entities.Name |
+| **user-account**:x_aad_user_id | Entities.AadUserId |
 | **user-account**:display_name | Entities.DisplayName |
 | **user-account**:x_nt_domain | Entities.NTDomain |
 | **user-account**:x_dns_domain | Entities.DnsDomain |
@@ -73,7 +77,7 @@
 | **software**:version | Entities.OSVersion |
 | **software**:vendor | VendorName |
 | **software**:x_product_component_name | ProductComponentName |
-| **software**:x_provider | ProviderName |
+| **software**:x_provider_name | ProviderName |
 | **x-oca-asset**:hostname | Entities.HostName |
 | **x-oca-asset**:x_resource_id | ResourceId |
 | **x-oca-asset**:x_nt_domain | Entities.NTDomain |
@@ -92,7 +96,7 @@
 | **x-ibm-finding**:description | Description |
 | **x-ibm-finding**:end | EndTime |
 | **x-ibm-finding**:x_processing_endtime | ProcessingEndTime |
-| **x-ibm-finding**:x_remediationSteps | RemediationSteps |
+| **x-ibm-finding**:x_remediationsteps | RemediationSteps |
 | **x-ibm-finding**:start | StartTime |
 | **x-ibm-finding**:x_status | Status |
 | **x-ibm-finding**:x_system_alert_id | SystemAlertId |
@@ -140,9 +144,9 @@
 |--|--|
 | **ipv4-addr**:value | IpAddress, ClientIPAddress |
 | **ipv6-addr**:value | IpAddress, ClientIPAddress |
-| **user-account**:account_login | TargetUserName, SubjectUserName |
+| **user-account**:account_login | TargetAccount, SubjectAccount |
 | **user-account**:user_id | TargetUserName, SubjectUserName |
-| **user-account**:display_name | TargetAccount, SubjectAccount |
+| **user-account**:display_name | TargetUserName, SubjectUserName |
 | **user-account**:x_domain_name | TargetDomainName, SubjectDomainName |
 | **user-account**:x_login_id | TargetLogonId, SubjectLogonId |
 | **user-account**:x_user_sid | TargetUserSid, SubjectUserSid |
@@ -185,7 +189,7 @@
 | **x-oca-event**:parent_process_ref | ParentProcessName |
 | **x-oca-event**:user_ref | TargetUserName |
 | **x-oca-event**:ip_refs.ip | IpAddress, ClientIPAddress |
-| **x-oca-event**:x_service_file | ServiceFileName |
+| **x-oca-event**:x_service_file_ref | ServiceFileName |
 | **x-oca-event**:x_service_name | ServiceName |
 | **x-oca-event**:x_modified_account_sid | TargetSid |
 | **x-oca-event**:x_description | DeviceDescription |
@@ -221,7 +225,7 @@
 | **x-ibm-finding**:x_provider_incident_id | ProviderIncidentId |
 | **x-ibm-finding**:x_modified_by | ModifiedBy |
 | **x-ibm-finding**:x_status | Status |
-| **x-ibm-finding**:x_provider | ProviderName |
+| **x-ibm-finding**:x_provider_name | ProviderName |
 | **x-ibm-finding**:ttp_tagging_refs[*].name | Title |
 | **x-ibm-finding**:ttp_tagging_refs[*].extensions.'mitre-attack-ext'.tactic_name | AdditionalData.tactics |
 | **x-ibm-finding**:ttp_tagging_refs[*].extensions.'mitre-attack-ext'.technique_name | AdditionalData.techniques |
@@ -249,277 +253,191 @@
 ### Supported STIX Objects and Properties for Query Results
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
-| ipv4-addr | value | Entities.Address |
-| ipv4-addr | x_location_ref.country | Entities.Location.CountryName |
-| ipv4-addr | x_location_ref.city | Entities.Location.City |
-| ipv4-addr | x_location_ref.carrier | Entities.Location.Carrier |
-| ipv4-addr | x_location_ref.longitude | Entities.Location.Longitude |
-| ipv4-addr | x_location_ref.latitude | Entities.Location.Latitude |
-| ipv4-addr | x_location_ref.organization | Entities.Location.Organization |
-| <br> | | |
-| ipv6-addr | value | Entities.Address |
-| ipv6-addr | x_location_ref.country | Entities.Location.CountryName |
-| ipv6-addr | x_location_ref.city | Entities.Location.City |
-| ipv6-addr | x_location_ref.carrier | Entities.Location.Carrier |
-| ipv6-addr | x_location_ref.longitude | Entities.Location.Longitude |
-| ipv6-addr | x_location_ref.latitude | Entities.Location.Latitude |
-| ipv6-addr | x_location_ref.organization | Entities.Location.Organization |
+| directory | path | NewProcessName |
+| directory | path | ParentProcessName |
+| directory | path | ProcessName |
+| directory | path | HomeDirectory |
+| directory | path | HomePath |
+| directory | path | Directory |
 | <br> | | |
-| user-account | user_id | Entities.Name |
-| user-account | x_aad_user_id | Entities.AadUserId |
-| user-account | display_name | Entities.DisplayName |
-| user-account | x_nt_domain | Entities.NTDomain |
-| user-account | x_dns_domain | Entities.DnsDomain |
-| user-account | x_upn_suffix | Entities.UPNSuffix |
-| user-account | x_passport_userid | Entities.PUID |
-| user-account | x_account_sid | Entities.Sid |
-| user-account | x_is_domain_account | Entities.IsDomainJoined |
+| domain-name | value | DomainName |
+| domain-name | resolves_to_refs | groupIpReference |
 | <br> | | |
-| network-traffic | dst_port | Entities.DestinationPort |
-| network-traffic | protocols | Entities.Protocol |
-| network-traffic | src_ref.value | Entities.Address |
+| email-addr | value | email |
+| email-addr | value | userPrincipalName |
+| email-addr | display_name | assignedTo |
 | <br> | | |
-| file | name | Entities.Name |
-| file | hashes.'SHA-256' | Entities.Value |
-| file | hashes.'SHA-1' | Entities.Value |
-| file | hashes.MD5 | Entities.Value |
-| file | parent_directory_ref.path | Entities.Directory |
+| file | name | NewProcessName |
+| file | parent_directory_ref | NewProcessName |
+| file | name | ParentProcessName |
+| file | parent_directory_ref | ParentProcessName |
+| file | name | ProcessName |
+| file | parent_directory_ref | ProcessName |
+| file | path | FilePath |
+| file | name | FilePath |
+| file | x_fqbn | Fqbn |
+| file | hashes.SHA-256 | SHA256 |
+| file | hashes.SHA-1 | SHA1 |
+| file | hashes.MD5 | MD5 |
+| file | name | Name |
+| file | parent_directory_ref | Directory |
 | <br> | | |
-| directory | path | Entities.Directory |
+| ipv4-addr | value | IpAddress |
+| ipv4-addr | value | ClientIPAddress |
+| ipv4-addr | value | Address |
+| ipv4-addr | x_location_ref | CountryName |
 | <br> | | |
-| process | pid | Entities.ProcessId |
-| process | command_line | Entities.CommandLine |
-| process | created | Entities.CreationTimeUtc |
-| process | x_elevation_token | Entities.ElevationToken |
-| process | creator_user_ref.user_id | Entities.Name |
-| process | binary_ref.hashes.MD5 | Entities.Value |
-| process | binary_ref.hashes.'SHA-256' | Entities.Value |
-| process | binary_ref.hashes.'SHA1' | Entities.Value |
-| process | parent_ref.pid | Entities.ProcessId |
-| process | parent_ref.command_line | Entities.CommandLine |
-| process | parent_ref.binary_ref.hashes.MD5 | Entities.Value |
-| process | parent_ref.binary_ref.hashes.'SHA-256' | Entities.Value |
-| process | parent_ref.binary_ref.hashes.'SHA1' | Entities.Value |
+| ipv6-addr | value | IpAddress |
+| ipv6-addr | value | ClientIPAddress |
+| ipv6-addr | value | Address |
+| ipv6-addr | x_location_ref | CountryName |
 | <br> | | |
-| domain-name | value | Entities.DomainName |
+| network-traffic | src_ref | Address |
+| network-traffic | dst_port | DestinationPort |
+| network-traffic | protocols | Protocol |
 | <br> | | |
-| url | value | Entities.Url |
+| process | pid | NewProcessId |
+| process | binary_ref | NewProcessName |
+| process | command_line | CommandLine |
+| process | binary_ref | ParentProcessName |
+| process | parent_ref | ParentProcessName |
+| process | pid | ProcessId |
+| process | binary_ref | ProcessName |
+| process | x_token_elevation_type | TokenElevationType |
+| process | x_mandatory_label | MandatoryLabel |
+| process | binary_ref | FilePath |
+| process | created | CreationTimeUtc |
+| process | x_elevation_token | ElevationToken |
+| process | parent_ref | ProcessId |
+| process | binary_ref | Name |
+| process | creator_user_ref | Name |
 | <br> | | |
-| software | name | Entities.OSFamily |
+| software | x_product_component_name | ProductComponentName |
 | software | name | ProductName |
-| software | version | Entities.OSVersion |
+| software | x_provider_name | ProviderName |
 | software | vendor | VendorName |
-| software | x_product_component_name | ProductComponentName |
-| software | x_provider | ProviderName |
+| software | name | OSFamily |
+| software | version | OSVersion |
 | <br> | | |
-| x-oca-asset | hostname | Entities.HostName |
-| x-oca-asset | x_resource_id | ResourceId |
-| x-oca-asset | x_nt_domain | Entities.NTDomain |
-| x-oca-asset | x_netbios_name | Entities.NetBiosName |
-| x-oca-asset | x_oms_agent_id | Entities.OMSAgentID |
-| x-oca-asset | os_ref.name | Entities.OSFamily |
-| x-oca-asset | os_ref.version | Entities.OSVersion |
-| x-oca-asset | x_is_domain_host | Entities.IsDomainJoined |
+| url | value | IncidentUrl |
+| url | value | QuarantineHelpURL |
+| url | value | Url |
+| <br> | | |
+| user-account | account_login | TargetAccount |
+| user-account | x_domain_name | TargetDomainName |
+| user-account | x_login_id | TargetLogonId |
+| user-account | user_id | TargetUserName |
+| user-account | display_name | TargetUserName |
+| user-account | x_user_sid | TargetUserSid |
+| user-account | account_login | SubjectAccount |
+| user-account | x_domain_name | SubjectDomainName |
+| user-account | x_login_id | SubjectLogonId |
+| user-account | user_id | SubjectUserName |
+| user-account | display_name | SubjectUserName |
+| user-account | x_user_sid | SubjectUserSid |
+| user-account | user_id | Name |
+| user-account | x_aad_user_id | AadUserId |
+| user-account | display_name | DisplayName |
+| user-account | x_nt_domain | NTDomain |
+| user-account | x_dns_domain | DnsDomain |
+| user-account | x_upn_suffix | UPNSuffix |
+| user-account | x_passport_userid | PUID |
+| user-account | x_account_sid | Sid |
+| user-account | is_service_account | IsDomainJoined |
+| user-account | account_type | AccountType |
+| <br> | | |
+| x-azure-blob | name | Name |
+| x-azure-blob | url_ref | Url |
+| x-azure-blob | etag | Etag |
+| x-azure-blob | blob_container | Name |
+| <br> | | |
+| x-azure-container | container_id | ContainerId |
+| x-azure-container | image_id | ImageId |
+| x-azure-container | image_type | Type |
+| <br> | | |
+| x-azure-malware | name | Name |
+| x-azure-malware | category | Category |
+| x-azure-malware | file_refs | groupMalwareReference |
+| <br> | | |
+| x-cloud-provider | tenant_id | TenantId |
+| <br> | | |
+| x-cloud-resource | resource_type | resourceType |
+| x-cloud-resource | resource_id | ResourceId |
+| x-cloud-resource | resource_id | _ResourceId |
+| <br> | | |
+| x-geo-location | country | CountryName |
+| x-geo-location | city | City |
+| x-geo-location | carrier | Carrier |
+| x-geo-location | longitude | Longitude |
+| x-geo-location | latitude | Latitude |
+| x-geo-location | organization | Organization |
+| <br> | | |
+| x-host-logon-session | host_ref | HostName |
+| x-host-logon-session | account_ref | Name |
+| x-host-logon-session | session_id | SessionId |
+| x-host-logon-session | start_time | StartTimeUtc |
+| x-host-logon-session | end_time | EndTimeUtc |
 | <br> | | |
 | x-ibm-finding | x_alert_link | AlertLink |
 | x-ibm-finding | name | AlertName |
+| x-ibm-finding | ttp_tagging_refs | AlertName |
 | x-ibm-finding | severity | AlertSeverity |
 | x-ibm-finding | x_alert_type | AlertType |
 | x-ibm-finding | x_compromised_entity | CompromisedEntity |
 | x-ibm-finding | x_confidence_level | ConfidenceLevel |
 | x-ibm-finding | confidence | ConfidenceScore |
-| x-ibm-finding | description | Description |
 | x-ibm-finding | end | EndTime |
 | x-ibm-finding | x_processing_endtime | ProcessingEndTime |
-| x-ibm-finding | x_remediationSteps | RemediationSteps |
+| x-ibm-finding | dst_application_ref | ProductName |
+| x-ibm-finding | x_remediationsteps | RemediationSteps |
 | x-ibm-finding | start | StartTime |
 | x-ibm-finding | x_status | Status |
 | x-ibm-finding | x_system_alert_id | SystemAlertId |
 | x-ibm-finding | alert_id | VendorOriginalId |
 | x-ibm-finding | time_observed | TimeGenerated |
 | x-ibm-finding | finding_type | Type |
-| x-ibm-finding | ttp_tagging_refs.name | AlertName |
-| x-ibm-finding | ttp_tagging_refs.confidence | ConfidenceScore |
-| x-ibm-finding | ttp_tagging_refs.extensions.'mitre-attack-ext'.tactic_name | Tactics |
-| x-ibm-finding | ttp_tagging_refs.extensions.'mitre-attack-ext'.technique_name | Techniques |
-| x-ibm-finding | ioc_refs.value | Entities.Name |
-| x-ibm-finding | ioc_refs.value | Entities.Address |
-| x-ibm-finding | ioc_refs.value | Entities.Url |
-| x-ibm-finding | ioc_refs.value | Entities.DomainName |
-| x-ibm-finding | dst_application_ref.name | ProductName |
-| x-ibm-finding | dst_application_ref.vendor | VendorName |
-| x-ibm-finding | dst_os_ref.name | Entities.OSFamily |
-| x-ibm-finding | dst_os_ref.version | Entities.OSVersion |
-| x-ibm-finding | dst_os_user_ref.user_id | Entities.Name |
-| <br> | | |
-| x-ibm-ttp-tagging | name | AlertName |
-| x-ibm-ttp-tagging | confidence | ConfidenceScore |
-| x-ibm-ttp-tagging | extensions.'mitre-attack-ext'.tactic_name | Tactics |
-| x-ibm-ttp-tagging | extensions.'mitre-attack-ext'.technique_name | Techniques |
-| <br> | | |
-| x-geo-location | country | Entities.Location.CountryName |
-| x-geo-location | city | Entities.Location.City |
-| x-geo-location | carrier | Entities.Location.Carrier |
-| x-geo-location | longitude | Entities.Location.Longitude |
-| x-geo-location | latitude | Entities.Location.Latitude |
-| x-geo-location | organization | Entities.Location.Organization |
-| <br> | | |
-| x-cloud-provider | tenant_id | TenantId |
-| <br> | | |
-| x-cloud-resource | resource_type | ExtendedProperties.resourceType |
-| x-cloud-resource | resource_id | ResourceId |
-| <br> | | |
-| x-host-logon-session | session_id | Entities.SessionId |
-| x-host-logon-session | start_time | Entities.StartTimeUtc |
-| x-host-logon-session | end_time | Entities.EndTimeUtc |
-| <br> | | |
-| x-azure-blob | name | Entities.Name |
-| x-azure-blob | etag | Entities.Etag |
-| x-azure-blob | blob_container | Entities.Name |
-| <br> | | |
-| x-azure-malware | name | Entities.Name |
-| x-azure-malware | category | Entities.Category |
-| <br> | | |
-| x-azure-container | container_id | Entities.ContainerId |
-| x-azure-container | image_id | Entities.ImageId |
-| x-azure-container | image_type | Entities.Type |
-| <br> | | |
-| x-k8s-cluster | name | Entities.Name |
-| <br> | | |
-| ipv4-addr | value | IpAddress |
-| ipv4-addr | value | ClientIPAddress |
-| <br> | | |
-| ipv6-addr | value | IpAddress |
-| ipv6-addr | value | ClientIPAddress |
-| <br> | | |
-| user-account | account_login | TargetAccount |
-| user-account | account_login | SubjectAccount |
-| user-account | user_id | TargetUserName |
-| user-account | user_id | SubjectUserName |
-| user-account | display_name | TargetUserName |
-| user-account | display_name | SubjectUserName |
-| user-account | x_domain_name | TargetDomainName |
-| user-account | x_domain_name | SubjectDomainName |
-| user-account | x_login_id | TargetLogonId |
-| user-account | x_login_id | SubjectLogonId |
-| user-account | x_user_sid | TargetUserSid |
-| user-account | x_user_sid | SubjectUserSid |
-| <br> | | |
-| directory | path | HomeDirectory |
-| directory | path | HomePath |
-| directory | path | ProcessName |
-| directory | path | ParentProcessName |
-| directory | path | NewProcessName |
-| <br> | | |
-| file | name | FilePath |
-| file | path | FilePath |
-| file | hashes.'SHA-256' | FileHash |
-| file | hashes.MD5 | FileHash |
-| file | hashes.'SHA-1' | FileHash |
-| file | parent_directory_ref | ProcessName |
-| file | parent_directory_ref | ParentProcessName |
-| file | x_fqbn | Fqbn |
-| <br> | | |
-| process | parent_ref.name | ParentProcessName |
-| process | command_line | CommandLine |
-| process | pid | ProcessId |
-| process | pid | NewProcessId |
-| process | x_token_elevation_type | TokenElevationType |
-| process | x_mandatory_label | MandatoryLabel |
-| <br> | | |
-| url | value | QuarantineHelpURL |
-| <br> | | |
+| x-ibm-finding | x_alert_count | alertsCount |
+| x-ibm-finding | x_alert_product_names | alertProductNames |
+| x-ibm-finding | x_alert_ids | AlertIds |
+| x-ibm-finding | start | CreatedTime |
+| x-ibm-finding | description | Description |
+| x-ibm-finding | x_incident_name | IncidentName |
+| x-ibm-finding | x_provider_incident_id | ProviderIncidentId |
+| x-ibm-finding | x_provider_name | ProviderNameIncident |
+| x-ibm-finding | end | LastModifiedTime |
+| x-ibm-finding | x_modified_by | ModifiedBy |
+| x-ibm-finding | x_owner_ref | userPrincipalName |
+| x-ibm-finding | rule_names | RelatedAnalyticRuleIds |
+| x-ibm-finding | severity | Severity |
+| x-ibm-finding | name | Title |
+| x-ibm-finding | ttp_tagging_refs | Title |
 | x-ibm-finding | alert_id | EventOriginId |
 | x-ibm-finding | start | PreviousTime |
-| x-ibm-finding | name | Activity |
-| x-ibm-finding | finding_type | Type |
-| x-ibm-finding | time_observed | TimeGenerated |
 | x-ibm-finding | src_ip_ref | IpAddress |
-| x-ibm-finding | dst_device | WorkstationName |
-| x-ibm-finding | dst_device | TargetServerName |
-| x-ibm-finding | src_application_user_ref | TargetUserName |
-| x-ibm-finding | dst_application_user_ref | SubjectUserName |
-| x-ibm-finding | ioc_refs | FilePath |
 | x-ibm-finding | ioc_refs | IpAddress |
+| x-ibm-finding | dst_ip_ref | ClientIPAddress |
 | x-ibm-finding | ioc_refs | ClientIPAddress |
+| x-ibm-finding | ioc_refs | FilePath |
+| x-ibm-finding | src_application_user_ref | TargetUserName |
+| x-ibm-finding | name | Activity |
+| x-ibm-finding | dst_application_user_ref | SubjectUserName |
+| x-ibm-finding | dst_device | WorkstationName |
+| x-ibm-finding | dst_device | TargetServerName |
+| x-ibm-finding | ioc_refs | Name |
+| x-ibm-finding | dst_os_ref | OSFamily |
+| x-ibm-finding | dst_os_user_ref | Name |
+| x-ibm-finding | ioc_refs | groupIPReference |
+| x-ibm-finding | ioc_refs | groupIpfindingReference |
+| x-ibm-finding | ioc_refs | Url |
+| x-ibm-finding | ioc_refs | groupfindingReference |
 | <br> | | |
-| x-oca-event | agent | Account |
-| x-oca-event | x_provider_type | AccountType |
-| x-oca-event | module | Channel |
-| x-oca-event | provider | EventSourceName |
-| x-oca-event | action | Activity |
-| x-oca-event | created | TimeCollected |
-| x-oca-event | code | EventID |
-| x-oca-event | dataset | EventData |
-| x-oca-event | host_ref | Computer |
-| x-oca-event | url_ref | QuarantineHelpURL |
-| x-oca-event | process_ref | NewProcessName |
-| x-oca-event | process_ref | Process |
-| x-oca-event | process_ref | ProcessName |
-| x-oca-event | file_ref.hash | FileHash |
-| x-oca-event | file_ref.path | FilePath |
-| x-oca-event | parent_process_ref | ParentProcessName |
-| x-oca-event | user_ref | TargetUserName |
-| x-oca-event | ip_refs.ip | IpAddress |
-| x-oca-event | ip_refs.ip | ClientIPAddress |
-| x-oca-event | x_service_file | ServiceFileName |
-| x-oca-event | x_service_name | ServiceName |
-| x-oca-event | x_modified_account_sid | TargetSid |
-| x-oca-event | x_description | DeviceDescription |
-| x-oca-event | x_task | Task |
-| x-oca-event | x_user_parameter | UserParameters |
-| x-oca-event | x_member_name | MemberName |
-| x-oca-event | x_requester | Requester |
-| <br> | | |
-| x-cloud-resource | resource_id | _ResourceId |
-| <br> | | |
-| x-oca-asset | device_id | DeviceId |
-| x-oca-asset | device_id | SourceComputerId |
-| x-oca-asset | hostname | Computer |
-| <br> | | |
-| x-logon-info | guid | LogonGuid |
-| x-logon-info | logon_process | LogonProcessName |
-| x-logon-info | logon_type | LogonType |
-| x-logon-info | logon_type_name | LogonTypeName |
-| x-logon-info | authentication_package_name | AuthenticationPackageName |
-| <br> | | |
-| url | value | IncidentUrl |
-| <br> | | |
-| email-addr | value | Owner.email |
-| email-addr | value | Owner.userPrincipalName |
-| email-addr | display_name | Owner.assignedTo |
-| <br> | | |
-| x-ibm-finding | description | Description |
-| x-ibm-finding | name | Title |
-| x-ibm-finding | start | CreatedTime |
-| x-ibm-finding | end | LastModifiedTime |
-| x-ibm-finding | severity | Severity |
-| x-ibm-finding | time_observed | TimeGenerated |
-| x-ibm-finding | finding_type | Type |
-| x-ibm-finding | rule_names | RelatedAnalyticRuleIds |
-| x-ibm-finding | x_owner_ref | Owner.email |
-| x-ibm-finding | x_owner_ref | Owner.userPrincipalName |
-| x-ibm-finding | x_owner_ref | Owner.assignedTo |
-| x-ibm-finding | x_incident_name | IncidentName |
-| x-ibm-finding | x_provider_incident_id | ProviderIncidentId |
-| x-ibm-finding | x_modified_by | ModifiedBy |
-| x-ibm-finding | x_status | Status |
-| x-ibm-finding | x_provider | ProviderName |
-| x-ibm-finding | x_alert_count | AdditionalData.alertsCount |
-| x-ibm-finding | x_alert_product_names | AdditionalData.alertProductNames |
-| x-ibm-finding | x_alert_ids | AlertIds |
-| x-ibm-finding | ttp_tagging_refs.name | Title |
-| x-ibm-finding | ttp_tagging_refs.extensions.'mitre-attack-ext'.tactic_name | AdditionalData.tactics |
-| x-ibm-finding | ttp_tagging_refs.extensions.'mitre-attack-ext'.technique_name | AdditionalData.techniques |
-| x-ibm-finding | x_owner_ref.value | Owner.email |
-| x-ibm-finding | x_owner_ref.value | Owner.userPrincipalName |
-| x-ibm-finding | x_owner_ref.display_name | Owner.assignedTo |
-| <br> | | |
+| x-ibm-ttp-tagging | name | AlertName |
+| x-ibm-ttp-tagging | confidence | ConfidenceScore |
+| x-ibm-ttp-tagging | extensions.mitre-attack-ext.tactic_name | Tactics |
+| x-ibm-ttp-tagging | extensions.mitre-attack-ext.technique_name | Techniques |
+| x-ibm-ttp-tagging | extensions.mitre-attack-ext.tactic_name | tactics |
+| x-ibm-ttp-tagging | extensions.mitre-attack-ext.technique_name | techniques |
 | x-ibm-ttp-tagging | name | Title |
-| x-ibm-ttp-tagging | extensions.'mitre-attack-ext'.tactic_name | AdditionalData.tactics |
-| x-ibm-ttp-tagging | extensions.'mitre-attack-ext'.technique_name | AdditionalData.techniques |
-| <br> | | |
-| x-cloud-provider | tenant_id | TenantId |
 | <br> | | |
 | x-incident-info | classification | Classification |
 | x-incident-info | classification_comment | ClassificationComment |
@@ -528,8 +446,51 @@
 | x-incident-info | comments | Comments |
 | x-incident-info | first_activity | FirstActivityTime |
 | x-incident-info | first_modified | FirstModifiedTime |
+| x-incident-info | incident_url_ref | IncidentUrl |
 | x-incident-info | labels | Labels |
 | x-incident-info | last_active | LastActivityTime |
 | x-incident-info | tasks | Tasks |
-| x-incident-info | incident_url_ref.value | IncidentUrl |
+| <br> | | |
+| x-k8s-cluster | name | Name |
+| <br> | | |
+| x-logon-info | guid | LogonGuid |
+| x-logon-info | logon_process | LogonProcessName |
+| x-logon-info | logon_type | LogonType |
+| x-logon-info | logon_type_name | LogonTypeName |
+| x-logon-info | authentication_package_name | AuthenticationPackageName |
+| <br> | | |
+| x-oca-asset | x_description | DeviceDescription |
+| x-oca-asset | device_id | DeviceId |
+| x-oca-asset | hostname | Computer |
+| x-oca-asset | device_id | SourceComputerId |
+| x-oca-asset | hostname | HostName |
+| x-oca-asset | x_nt_domain | NTDomain |
+| x-oca-asset | x_dns_domain | DnsDomain |
+| x-oca-asset | x_netbios_name | NetBiosName |
+| x-oca-asset | x_oms_agent_id | OMSAgentID |
+| x-oca-asset | os_ref | OSFamily |
+| x-oca-asset | x_is_domain_host | IsDomainJoined |
+| <br> | | |
+| x-oca-event | code | EventID |
+| x-oca-event | ip_refs | IpAddress |
+| x-oca-event | ip_refs | ClientIPAddress |
+| x-oca-event | module | Channel |
+| x-oca-event | url_ref | QuarantineHelpURL |
+| x-oca-event | process_ref | NewProcessId |
+| x-oca-event | parent_process_ref | ParentProcessName |
+| x-oca-event | file_ref | FilePath |
+| x-oca-event | x_service_file | ServiceFileName |
+| x-oca-event | x_service_name | ServiceName |
+| x-oca-event | user_ref | TargetUserName |
+| x-oca-event | x_modified_account_sid | TargetSid |
+| x-oca-event | provider | EventSourceName |
+| x-oca-event | action | Activity |
+| x-oca-event | host_ref | Computer |
+| x-oca-event | dataset | EventData |
+| x-oca-event | x_task | Task |
+| x-oca-event | x_user_parameter | UserParameters |
+| x-oca-event | x_member_name | MemberName |
+| x-oca-event | x_requester | Requester |
+| x-oca-event | created | TimeCollected |
+| x-oca-event | modified | TimeCollected |
 | <br> | | |
diff --git a/stix_shifter_modules/azure_sentinel/azure_sentinel_supported_stix.md b/stix_shifter_modules/azure_sentinel/azure_sentinel_supported_stix.md
index a5944643f..a95bd5fb8 100644
--- a/stix_shifter_modules/azure_sentinel/azure_sentinel_supported_stix.md
+++ b/stix_shifter_modules/azure_sentinel/azure_sentinel_supported_stix.md
@@ -1,12 +1,16 @@
-##### Updated on 05/02/23
+##### Updated on 10/25/23
 ## Microsoft Graph Security
+### Results STIX Domain Objects
+* Identity
+* Observed Data
+<br>
 ### Supported STIX Operators
 *Comparison AND/OR operators are inside the observation while observation AND/OR operators are between observations (square brackets).*
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | and |
-| OR (Comparision) | or |
+| AND (Comparison) | and |
+| OR (Comparison) | or |
 | > | gt |
 | >= | ge |
 | < | lt |
@@ -17,16 +21,23 @@
 | IN | eq |
 | MATCHES | contains |
 | <br> | |
-### Searchable STIX objects and properties
+### Searchable STIX objects and properties for Alert dialect
 | STIX Object and Property | Mapped Data Source Fields |
 |--|--|
 | **ipv4-addr**:value | networkConnections.sourceAddress, networkConnections.destinationAddress, networkConnections.natSourceAddress, networkConnections.natDestinationAddress |
 | **ipv6-addr**:value | networkConnections.sourceAddress, networkConnections.destinationAddress |
-| **network-traffic**:src_port | networkConnections.sourcePort, networkConnections.natSourcePort |
+| **network-traffic**:src_port | networkConnections.sourcePort, networkConnections.natSourcePort, networkConnections.natDestinationPort |
 | **network-traffic**:dst_port | networkConnections.destinationPort, networkConnections.natDestinationPort |
 | **network-traffic**:protocols[*] | networkConnections.protocol |
 | **network-traffic**:src_ref.value | networkConnections.sourceAddress |
 | **network-traffic**:dst_ref.value | networkConnections.destinationAddress |
+| **network-traffic**:x_applicationName | networkConnections.applicationName |
+| **network-traffic**:x_direction | networkConnections.direction |
+| **network-traffic**:x_domainRegisteredDateTime | networkConnections.domainRegisteredDateTime |
+| **network-traffic**:x_localDnsName | networkConnections.localDnsName |
+| **network-traffic**:x_riskScore | networkConnections.riskScore |
+| **network-traffic**:x_status | networkConnections.status |
+| **network-traffic**:x_urlParameters | networkConnections.urlParameters |
 | **directory**:path | fileStates.path, process.path |
 | **file**:parent_directory_ref.path | fileStates.path |
 | **file**:name | fileStates.name |
@@ -46,12 +57,23 @@
 | **process**:created | processes.createdDateTime |
 | **process**:parent_ref.pid | processes.parentProcessId |
 | **process**:binary_ref.parent_directory_ref.path | processes.path |
+| **process**:x_integrityLevel | processes.integrityLevel |
+| **process**:x_isElevated | processes.isElevated |
 | **domain-name**:value | hostStates.fqdn, hostStates.netBiosName, networkConnections.destinationDomain, userStates.domainName |
 | **user-account**:user_id | userStates.accountName, processes.accountName, userStates.aadUserId |
 | **user-account**:account_login | userStates.logonId |
 | **user-account**:account_type | userStates.userAccountType |
 | **user-account**:account_last_login | userStates.logonDateTime |
-| **software**:name | vendorInformation.provider |
+| **user-account**:x_aadUserId | userStates.aadUserId |
+| **user-account**:x_emailRole | userStates.emailRole |
+| **user-account**:x_isVpn | userStates.isVpn |
+| **user-account**:x_logonLocation | userStates.logonLocation |
+| **user-account**:x_logonType | userStates.logonType |
+| **user-account**:x_onPremisesSecurityIdentifier | userStates.onPremisesSecurityIdentifier |
+| **user-account**:x_riskScore | userStates.riskScore |
+| **user-account**:x_userAccountType | userStates.userAccountType |
+| **user-account**:x_userPrincipalName | userStates.userPrincipalName |
+| **software**:name | vendorInformation.provider, networkConnections.applicationName |
 | **software**:vendor | vendorInformation.vendor |
 | **software**:version | vendorInformation.providerVersion |
 | **url**:value | networkConnections.destinationUrl |
@@ -61,62 +83,8 @@
 | **windows-registry-key**:values[*].data_type | registryKeyStates.valueType |
 | **x-msazure-sentinel**:tenant_id | azureTenantId |
 | **x-msazure-sentinel**:subscription_id | azureSubscriptionId |
-| **x-msazure-sentinel-alert**:activityGroupName | activityGroupName |
-| **x-msazure-sentinel-alert**:assignedTo | assignedTo |
-| **x-msazure-sentinel-alert**:comments | comments |
-| **x-msazure-sentinel-alert**:confidence | confidence |
-| **x-msazure-sentinel-alert**:detectionIds | detectionIds |
-| **x-msazure-sentinel-alert**:feedback | feedback |
-| **x-msazure-sentinel-alert**:id | id |
-| **x-msazure-sentinel-alert**:incidentIds | incidentIds |
-| **x-msazure-sentinel-alert**:recommendedActions | recommendedActions |
-| **x-msazure-sentinel-alert**:sourceMaterials | sourceMaterials |
-| **x-msazure-sentinel-alert**:status | status |
-| **x-msazure-sentinel-alert**:tags | tags |
-| **x-msazure-sentinel-alert**:cloudAppStates.destinationServiceName | cloudAppStates.destinationServiceName |
-| **x-msazure-sentinel-alert**:cloudAppStates.destinationServiceIp | cloudAppStates.destinationServiceIp |
-| **x-msazure-sentinel-alert**:cloudAppStates.riskScore | cloudAppStates.riskScore |
-| **x-msazure-sentinel-alert**:hostStates.isAzureAadJoined | hostStates.isAzureAadJoined |
-| **x-msazure-sentinel-alert**:hostStates.isAzureAadRegistered | hostStates.isAzureAadRegistered |
-| **x-msazure-sentinel-alert**:hostStates.isHybridAzureDomainJoined | hostStates.isHybridAzureDomainJoined |
-| **x-msazure-sentinel-alert**:hostStates.os | hostStates.os |
-| **x-msazure-sentinel-alert**:hostStates.publicIpAddress | hostStates.publicIpAddress |
-| **x-msazure-sentinel-alert**:hostStates.privateIpAddress | hostStates.privateIpAddress |
-| **x-msazure-sentinel-alert**:hostStates.riskScore | hostStates.riskScore |
-| **x-msazure-sentinel-alert**:malwareStates.category | malwareStates.category |
-| **x-msazure-sentinel-alert**:malwareStates.family | malwareStates.family |
-| **x-msazure-sentinel-alert**:malwareStates.name | malwareStates.family |
-| **x-msazure-sentinel-alert**:malwareStates.severity | malwareStates.family |
-| **x-msazure-sentinel-alert**:malwareStates.wasRunning | malwareStates.family |
-| **x-msazure-sentinel-alert**:networkConnections.applicationName | networkConnections.applicationName |
-| **x-msazure-sentinel-alert**:networkConnections.direction | networkConnections.direction |
-| **x-msazure-sentinel-alert**:networkConnections.domainRegisteredDateTime | networkConnections.domainRegisteredDateTime |
-| **x-msazure-sentinel-alert**:networkConnections.localDnsName | networkConnections.localDnsName |
-| **x-msazure-sentinel-alert**:networkConnections.natDestinationPort | networkConnections.natDestinationPort |
-| **x-msazure-sentinel-alert**:networkConnections.natSourcePort | networkConnections.natSourcePort |
-| **x-msazure-sentinel-alert**:networkConnections.riskScore | networkConnections.riskScore |
-| **x-msazure-sentinel-alert**:networkConnections.status | networkConnections.status |
-| **x-msazure-sentinel-alert**:processes.integrityLevel | processes.integrityLevel |
-| **x-msazure-sentinel-alert**:processes.isElevated | processes.isElevated |
-| **x-msazure-sentinel-alert**:securityResources.resource | securityResources.resource |
-| **x-msazure-sentinel-alert**:securityResources.resourceType | securityResources.resourceType |
-| **x-msazure-sentinel-alert**:triggers.name | triggers.name |
-| **x-msazure-sentinel-alert**:triggers.type | triggers.type |
-| **x-msazure-sentinel-alert**:triggers.value | triggers.value |
-| **x-msazure-sentinel-alert**:userStates.logonIp | userStates.logonIp |
-| **x-msazure-sentinel-alert**:userStates.aadUserId | userStates.aadUserId |
-| **x-msazure-sentinel-alert**:userStates.emailRole | userStates.emailRole |
-| **x-msazure-sentinel-alert**:userStates.isVpn | userStates.isVpn |
-| **x-msazure-sentinel-alert**:userStates.logonLocation | userStates.logonLocation |
-| **x-msazure-sentinel-alert**:userStates.logonType | userStates.logonType |
-| **x-msazure-sentinel-alert**:userStates.onPremisesSecurityIdentifier | userStates.onPremisesSecurityIdentifier |
-| **x-msazure-sentinel-alert**:userStates.riskScore | userStates.riskScore |
-| **x-msazure-sentinel-alert**:userStates.userAccountType | userStates.userAccountType |
-| **x-msazure-sentinel-alert**:userStates.userPrincipalName | userStates.userPrincipalName |
-| **x-msazure-sentinel-alert**:vulnerabilityStates.cve | vulnerabilityStates.cve |
-| **x-msazure-sentinel-alert**:vulnerabilityStates.severity | vulnerabilityStates.severity |
-| **x-msazure-sentinel-alert**:vulnerabilityStates.wasRunning | vulnerabilityStates.wasRunning |
 | **x-ibm-finding**:name | title |
+| **x-ibm-finding**:alert_id | id |
 | **x-ibm-finding**:description | description |
 | **x-ibm-finding**:severity | severity |
 | **x-ibm-finding**:start | createdDateTime |
@@ -128,25 +96,70 @@
 | **x-ibm-finding**:dst_application_ref.name | cloudAppStates.destinationServiceName |
 | **x-ibm-finding**:src_geolocation | networkConnections.sourceLocation |
 | **x-ibm-finding**:dst_geolocation | networkConnections.destinationLocation |
+| **x-ibm-finding**:src_application_ref | networkConnections.applicationName |
 | **x-ibm-finding**:src_application_user_ref.user_id | userStates.aadUserId |
 | **x-ibm-finding**:src_application_user_ref.type | userStates.logonType |
 | **x-ibm-finding**:time_observed | lastModifiedDateTime |
+| **x-ibm-finding**:x_activityGroupName | activityGroupName |
+| **x-ibm-finding**:x_assignedTo | assignedTo |
+| **x-ibm-finding**:x_comments | comments |
+| **x-ibm-finding**:confidence | confidence |
+| **x-ibm-finding**:x_detectionIds | detectionIds |
+| **x-ibm-finding**:x_feedback | feedback |
+| **x-ibm-finding**:x_incidentIds | incidentIds |
+| **x-ibm-finding**:x_recommendedActions | recommendedActions |
+| **x-ibm-finding**:x_sourceMaterials | sourceMaterials |
+| **x-ibm-finding**:x_status | status |
+| **x-ibm-finding**:x_tags | tags |
+| **x-ibm-finding**:x_cloudAppStates.destinationServiceName | cloudAppStates.destinationServiceName |
+| **x-ibm-finding**:x_cloudAppStates.destinationServiceIp | cloudAppStates.destinationServiceIp |
+| **x-ibm-finding**:x_cloudAppStates.riskScore | cloudAppStates.riskScore |
+| **x-ibm-finding**:x_hostStates.isAzureAadJoined | hostStates.isAzureAadJoined |
+| **x-ibm-finding**:x_hostStates.isAzureAadRegistered | hostStates.isAzureAadRegistered |
+| **x-ibm-finding**:x_hostStates.isHybridAzureDomainJoined | hostStates.isHybridAzureDomainJoined |
+| **x-ibm-finding**:x_hostStates.os | hostStates.os |
+| **x-ibm-finding**:x_hostStates.publicIpAddress | hostStates.publicIpAddress |
+| **x-ibm-finding**:x_hostStates.privateIpAddress | hostStates.privateIpAddress |
+| **x-ibm-finding**:x_hostStates.riskScore | hostStates.riskScore |
+| **x-ibm-finding**:x_malwareStates.category | malwareStates.category |
+| **x-ibm-finding**:x_malwareStates.family | malwareStates.family |
+| **x-ibm-finding**:x_malwareStates.name | malwareStates.family |
+| **x-ibm-finding**:x_malwareStates.severity | malwareStates.family |
+| **x-ibm-finding**:x_malwareStates.wasRunning | malwareStates.family |
+| **x-ibm-finding**:x_securityResources.resource | securityResources.resource |
+| **x-ibm-finding**:x_securityResources.resourceType | securityResources.resourceType |
+| **x-ibm-finding**:x_triggers.name | triggers.name |
+| **x-ibm-finding**:x_triggers.type | triggers.type |
+| **x-ibm-finding**:x_triggers.value | triggers.value |
+| **x-ibm-finding**:x_vulnerabilityStates.cve | vulnerabilityStates.cve |
+| **x-ibm-finding**:x_vulnerabilityStates.severity | vulnerabilityStates.severity |
+| **x-ibm-finding**:x_vulnerabilityStates.wasRunning | vulnerabilityStates.wasRunning |
 | **x-oca-event**:action | title |
-| **x-oca-event**:code | id |
 | **x-oca-event**:category | category |
 | **x-oca-event**:created | createdDateTime |
 | **x-oca-event**:provider | vendorInformation.subProvider |
-| **x-oca-event**:domain_ref.value | networkConnections.urlParameters |
-| **x-oca-event**:url_ref.value | networkConnections.urlParameters |
+| <br> | |
+### Searchable STIX objects and properties for Alertv2 dialect
+| STIX Object and Property | Mapped Data Source Fields |
+|--|--|
+| **software**:name | serviceSource |
+| **x-ibm-finding**:severity | severity |
+| **x-ibm-finding**:x_assignedTo | assignedTo |
+| **x-ibm-finding**:x_classification | classification |
+| **x-ibm-finding**:x_determination | determination |
+| **x-ibm-finding**:x_lastUpdateDateTime | lastUpdateDateTime |
+| **x-ibm-finding**:x_status | status |
 | <br> | |
 ### Supported STIX Objects and Properties for Query Results
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | directory | path | path |
+| directory | path | filePath |
 | <br> | | |
 | domain-name | value | fqdn |
 | domain-name | value | destinationDomain |
 | domain-name | value | domainName |
+| domain-name | value | deviceDnsName |
 | <br> | | |
 | file | hashes.SHA-256 | sha256 |
 | file | hashes.SHA-1 | sha1 |
@@ -159,18 +172,40 @@
 | file | hashes.UNKNOWN | unknown |
 | file | name | name |
 | file | parent_directory_ref | path |
+| file | x_detectionStatus | detectionStatus |
+| file | x_mdeDeviceId | mdeDeviceId |
+| file | name | fileName |
+| file | parent_directory_ref | filePath |
+| file | size | fileSize |
+| file | x_filePublisher | filePublisher |
+| file | x_signer | signer |
+| file | x_issuer | issuer |
 | <br> | | |
 | ipv4-addr | value | privateIpAddress |
 | ipv4-addr | value | publicIpAddress |
 | ipv4-addr | value | destinationAddress |
+| ipv4-addr | value | natDestinationAddress |
+| ipv4-addr | value | natSourceAddress |
 | ipv4-addr | value | sourceAddress |
 | ipv4-addr | value | logonIp |
+| ipv4-addr | value | ipAddress |
+| ipv4-addr | x_country_letter_code | countryLetterCode |
 | <br> | | |
 | network-traffic | dst_ref | destinationAddress |
 | network-traffic | dst_port | destinationPort |
+| network-traffic | x_direction | direction |
+| network-traffic | x_domainRegisteredDateTime | domainRegisteredDateTime |
+| network-traffic | x_localDnsName | localDnsName |
+| network-traffic | x_nat_destination_address | natDestinationAddress |
+| network-traffic | x_nat_destination_port | natDestinationPort |
+| network-traffic | x_nat_src_ref | natSourceAddress |
+| network-traffic | x_nat_source_port | natSourcePort |
 | network-traffic | protocols | protocol |
+| network-traffic | x_riskScore | riskScore |
 | network-traffic | src_ref | sourceAddress |
 | network-traffic | src_port | sourcePort |
+| network-traffic | x_status | status |
+| network-traffic | x_url_parameters | urlParameters |
 | <br> | | |
 | process | creator_user_ref | accountName |
 | process | command_line | commandLine |
@@ -182,6 +217,15 @@
 | process | name | parentProcessName |
 | process | pid | processId |
 | process | pid | registryKeyStates |
+| process | command_line | processCommandLine |
+| process | created | processCreationDateTime |
+| process | created | parentProcessCreationDateTime |
+| process | x_detectionStatus | detectionStatus |
+| process | x_mdeDeviceId | mdeDeviceId |
+| process | binary_ref | fileName |
+| <br> | | |
+| processes | x_integrityLevel | integrityLevel |
+| processes | x_isElevated | isElevated |
 | <br> | | |
 | software | name | destinationServiceName |
 | software | name | os |
@@ -189,93 +233,139 @@
 | software | name | provider |
 | software | vendor | vendor |
 | software | version | providerVersion |
+| software | name | serviceSource |
+| software | name | detectionSource |
+| software | name | osPlatform |
+| software | version | version |
 | <br> | | |
 | url | value | destinationUrl |
+| url | value | alertWebUrl |
+| url | value | incidentWebUrl |
+| url | value | url |
 | <br> | | |
 | user-account | user_id | accountName |
+| user-account | x_aad_user_id | aadUserId |
+| user-account | x_email_role | emailRole |
+| user-account | x_isvpn | isVpn |
 | user-account | account_last_login | logonDateTime |
 | user-account | account_login | logonId |
+| user-account | x_logon_location | logonLocation |
+| user-account | x_logon_type | logonType |
+| user-account | x_on_premises_security_identifier | onPremisesSecurityIdentifier |
+| user-account | x_riskScore | riskScore |
+| user-account | x_user_account_type | userAccountType |
+| user-account | x_user_principal_name | userPrincipalName |
+| user-account | user_id | actorDisplayName |
+| user-account | x_azure_domain_name | domainName |
+| user-account | x_userSid | userSid |
+| user-account | x_azureAdUserId | azureAdUserId |
+| user-account | x_userPrincipalName | userPrincipalName |
+| user-account | x_user_sid | userSid |
+| user-account | x_azure_ad_userid | azureAdUserId |
 | <br> | | |
 | windows-registry-key | key | registryKeyStates |
 | windows-registry-key | values.data | registryKeyStates |
 | windows-registry-key | values.name | registryKeyStates |
 | windows-registry-key | values.data_type | registryKeyStates |
+| windows-registry-key | key | registryKey |
+| windows-registry-key | x_registryHive | registryHive |
+| windows-registry-key | x_registry_hive | registryHive |
+| windows-registry-key | values.data | registryValue |
+| windows-registry-key | values.name | registryValueName |
+| windows-registry-key | values.data_type | registryValueType |
+| <br> | | |
+| x-alert-evidence | evidence_type | @odata.type |
+| x-alert-evidence | process_ref | @odata.type |
+| x-alert-evidence | created | createdDateTime |
+| x-alert-evidence | verdict | verdict |
+| x-alert-evidence | remediationStatus | remediationStatus |
+| x-alert-evidence | remediationStatusDetails | remediationStatusDetails |
+| x-alert-evidence | roles | roles |
+| x-alert-evidence | tags | tags |
+| x-alert-evidence | registry_ref | @odata.type |
+| x-alert-evidence | ip_ref | @odata.type |
+| x-alert-evidence | user_ref | @odata.type |
 | <br> | | |
+| x-ibm-finding | x_activityGroupName | activityGroupName |
+| x-ibm-finding | x_assignedTo | assignedTo |
 | x-ibm-finding | dst_application_ref | destinationServiceName |
-| x-ibm-finding | createddatetime | createdDateTime |
+| x-ibm-finding | x_cloudAppStates.destinationServiceIp | destinationServiceIp |
+| x-ibm-finding | x_cloudAppStates.riskScore | riskScore |
+| x-ibm-finding | x_comments | comments |
+| x-ibm-finding | confidence | confidence |
 | x-ibm-finding | description | description |
-| x-ibm-finding | src_os_ref.name | os |
+| x-ibm-finding | x_detectionids | detectionIds |
+| x-ibm-finding | x_feedback | feedback |
+| x-ibm-finding | x_fileStates.riskScore | riskScore |
+| x-ibm-finding | x_hostStates.isAzureAadJoined | isAzureAadJoined |
+| x-ibm-finding | x_hostStates.isAzureAadRegistered | isAzureAadRegistered |
+| x-ibm-finding | x_hostStates.isHybridAzureDomainJoined | isHybridAzureDomainJoined |
+| x-ibm-finding | src_os_ref | os |
+| x-ibm-finding | x_hostStates.riskScore | riskScore |
+| x-ibm-finding | alert_id | id |
+| x-ibm-finding | x_incidentIds | incidentIds |
 | x-ibm-finding | time_observed | lastModifiedDateTime |
+| x-ibm-finding | x_malwareStates.category | category |
+| x-ibm-finding | x_malwareStates.family | family |
+| x-ibm-finding | x_malwareStates.name | name |
+| x-ibm-finding | x_malwareStates.severity | severity |
+| x-ibm-finding | x_malwareStates.wasRunning | wasRunning |
+| x-ibm-finding | src_application_ref | applicationName |
 | x-ibm-finding | dst_geolocation | destinationLocation |
-| x-ibm-finding | dst_ip_ref.value | natDestinationAddress |
-| x-ibm-finding | src_ip_ref.value | natSourceAddress |
 | x-ibm-finding | src_geolocation | sourceLocation |
+| x-ibm-finding | x_recommendedactions | recommendedActions |
+| x-ibm-finding | x_registryKeyStates.hive | registryKeyStates |
+| x-ibm-finding | x_registryKeyStates.oldKey | registryKeyStates |
+| x-ibm-finding | x_registryKeyStates.oldValueData | registryKeyStates |
+| x-ibm-finding | x_registryKeyStates.oldValueName | registryKeyStates |
+| x-ibm-finding | x_registryKeyStates.operation | registryKeyStates |
+| x-ibm-finding | x_securityresources.resource | resource |
+| x-ibm-finding | x_securityresources.resourcetype | resourceType |
 | x-ibm-finding | severity | severity |
+| x-ibm-finding | x_sourcematerials | sourceMaterials |
+| x-ibm-finding | x_status | status |
+| x-ibm-finding | x_tags | tags |
 | x-ibm-finding | name | title |
-| x-ibm-finding | src_application_user_ref.user_id | aadUserId |
-| x-ibm-finding | src_application_user_ref.type | logonType |
+| x-ibm-finding | x_triggers.name | name |
+| x-ibm-finding | x_triggers.type | type |
+| x-ibm-finding | x_triggers.value | value |
+| x-ibm-finding | x_vulnerabilityStates.cve | cve |
+| x-ibm-finding | x_vulnerabilityStates.severity | severity |
+| x-ibm-finding | x_vulnerabilityStates.wasRunning | wasRunning |
+| x-ibm-finding | finding_type | @odata.type |
+| x-ibm-finding | alert_id | providerAlertId |
+| x-ibm-finding | x_incidentId | incidentId |
+| x-ibm-finding | x_classification | classification |
+| x-ibm-finding | x_determination | determination |
+| x-ibm-finding | x_detectorId | detectorId |
+| x-ibm-finding | x_tenantId | tenantId |
+| x-ibm-finding | x_threatDisplayName | threatDisplayName |
+| x-ibm-finding | x_threatFamilyName | threatFamilyName |
+| x-ibm-finding | x_mitreTechniques | mitreTechniques |
+| x-ibm-finding | x_lastUpdateDateTime | lastUpdateDateTime |
+| x-ibm-finding | end | resolvedDateTime |
+| x-ibm-finding | start | firstActivityDateTime |
+| x-ibm-finding | x_lastActivityDateTime | lastActivityDateTime |
 | <br> | | |
-| x-msazure-sentinel | tenant_id | azureTenantId |
-| x-msazure-sentinel | subscription_id | azureSubscriptionId |
+| x-microsoft-graph | tenant_id | azureTenantId |
+| x-microsoft-graph | subscription_id | azureSubscriptionId |
 | <br> | | |
-| x-msazure-sentinel-alert | activityGroupName | activityGroupName |
-| x-msazure-sentinel-alert | assignedTo | assignedTo |
-| x-msazure-sentinel-alert | cloudAppStates.destinationServiceIp | destinationServiceIp |
-| x-msazure-sentinel-alert | cloudAppStates.riskScore | riskScore |
-| x-msazure-sentinel-alert | comments | comments |
-| x-msazure-sentinel-alert | confidence | confidence |
-| x-msazure-sentinel-alert | detectionids | detectionIds |
-| x-msazure-sentinel-alert | feedback | feedback |
-| x-msazure-sentinel-alert | fileStates.riskScore | riskScore |
-| x-msazure-sentinel-alert | hostStates.isAzureAadJoined | isAzureAadJoined |
-| x-msazure-sentinel-alert | hostStates.isAzureAadRegistered | isAzureAadRegistered |
-| x-msazure-sentinel-alert | hostStates.isHybridAzureDomainJoined | isHybridAzureDomainJoined |
-| x-msazure-sentinel-alert | hostStates.riskScore | riskScore |
-| x-msazure-sentinel-alert | incidentIds | incidentIds |
-| x-msazure-sentinel-alert | malwareStates.category | category |
-| x-msazure-sentinel-alert | malwareStates.family | family |
-| x-msazure-sentinel-alert | malwareStates.name | name |
-| x-msazure-sentinel-alert | malwareStates.severity | severity |
-| x-msazure-sentinel-alert | malwareStates.wasRunning | wasRunning |
-| x-msazure-sentinel-alert | networkConnections.direction | direction |
-| x-msazure-sentinel-alert | networkConnections.domainRegisteredDateTime | domainRegisteredDateTime |
-| x-msazure-sentinel-alert | networkConnections.localDnsName | localDnsName |
-| x-msazure-sentinel-alert | networkConnections.natDestinationPort | natDestinationPort |
-| x-msazure-sentinel-alert | networkConnections.natSourcePort | natSourcePort |
-| x-msazure-sentinel-alert | networkConnections.riskScore | riskScore |
-| x-msazure-sentinel-alert | networkConnections.status | status |
-| x-msazure-sentinel-alert | processes.integrityLevel | integrityLevel |
-| x-msazure-sentinel-alert | processes.isElevated | isElevated |
-| x-msazure-sentinel-alert | recommendedactions | recommendedActions |
-| x-msazure-sentinel-alert | registryKeyStates.hive | registryKeyStates |
-| x-msazure-sentinel-alert | registryKeyStates.oldKey | registryKeyStates |
-| x-msazure-sentinel-alert | registryKeyStates.oldValueData | registryKeyStates |
-| x-msazure-sentinel-alert | registryKeyStates.oldValueName | registryKeyStates |
-| x-msazure-sentinel-alert | registryKeyStates.operation | registryKeyStates |
-| x-msazure-sentinel-alert | securityresources.resource | resource |
-| x-msazure-sentinel-alert | securityresources.resourcetype | resourceType |
-| x-msazure-sentinel-alert | sourcematerials | sourceMaterials |
-| x-msazure-sentinel-alert | status | status |
-| x-msazure-sentinel-alert | tags | tags |
-| x-msazure-sentinel-alert | triggers.name | name |
-| x-msazure-sentinel-alert | triggers.type | type |
-| x-msazure-sentinel-alert | triggers.value | value |
-| x-msazure-sentinel-alert | userStates.emailrole | emailRole |
-| x-msazure-sentinel-alert | userStates.isvpn | isVpn |
-| x-msazure-sentinel-alert | userStates.logonLocation | logonLocation |
-| x-msazure-sentinel-alert | userStates.onpremisessecurityidentifier | onPremisesSecurityIdentifier |
-| x-msazure-sentinel-alert | userStates.riskScore | riskScore |
-| x-msazure-sentinel-alert | userStates.useraccounttype | userAccountType |
-| x-msazure-sentinel-alert | userStates.userPrincipalName | userPrincipalName |
-| x-msazure-sentinel-alert | vulnerabilityStates.cve | cve |
-| x-msazure-sentinel-alert | vulnerabilityStates.severity | severity |
-| x-msazure-sentinel-alert | vulnerabilityStates.wasRunning | wasRunning |
+| x-oca-asset | x_firstSeenDateTime | firstSeenDateTime |
+| x-oca-asset | device_id | mdeDeviceId |
+| x-oca-asset | x_azureAdDeviceId | azureAdDeviceId |
+| x-oca-asset | os_ref | osPlatform |
+| x-oca-asset | x_tags | osBuild |
+| x-oca-asset | x_tags | healthStatus |
+| x-oca-asset | x_tags | riskScore |
+| x-oca-asset | x_tags | rbacGroupId |
+| x-oca-asset | x_tags | rbacGroupName |
+| x-oca-asset | x_tags | onboardingStatus |
+| x-oca-asset | x_tags | defenderAvStatus |
+| x-oca-asset | x_tags | loggedOnUsers |
+| x-oca-asset | x_vmMetadata | vmMetadata |
 | <br> | | |
 | x-oca-event | category | category |
 | x-oca-event | created | createdDateTime |
-| x-oca-event | code | id |
-| x-oca-event | domain_ref.value | urlParameters |
-| x-oca-event | url_ref.value | urlParameters |
 | x-oca-event | action | title |
 | x-oca-event | provider | subProvider |
 | <br> | | |
diff --git a/stix_shifter_modules/bigfix/bigfix_supported_stix.md b/stix_shifter_modules/bigfix/bigfix_supported_stix.md
index c2b1eadb2..a043eaf4e 100644
--- a/stix_shifter_modules/bigfix/bigfix_supported_stix.md
+++ b/stix_shifter_modules/bigfix/bigfix_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## HCL BigFix
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | = | = |
 | != | != |
 | LIKE | contains |
diff --git a/stix_shifter_modules/carbonblack/carbonblack_supported_stix.md b/stix_shifter_modules/carbonblack/carbonblack_supported_stix.md
index 668882584..0679b5c13 100644
--- a/stix_shifter_modules/carbonblack/carbonblack_supported_stix.md
+++ b/stix_shifter_modules/carbonblack/carbonblack_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Carbon Black CB Response
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | and |
-| OR (Comparision) | or |
+| AND (Comparison) | and |
+| OR (Comparison) | or |
 | = | : |
 | IN | : |
 | != | : |
diff --git a/stix_shifter_modules/cbcloud/cbcloud_supported_stix.md b/stix_shifter_modules/cbcloud/cbcloud_supported_stix.md
index d9b786d8d..8c641cad4 100644
--- a/stix_shifter_modules/cbcloud/cbcloud_supported_stix.md
+++ b/stix_shifter_modules/cbcloud/cbcloud_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Carbon Black Cloud
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | = | : |
 | != | : |
 | > | : |
diff --git a/stix_shifter_modules/cisco_secure_email/cisco_secure_email_supported_stix.md b/stix_shifter_modules/cisco_secure_email/cisco_secure_email_supported_stix.md
index d6aa8c354..d2830d08f 100644
--- a/stix_shifter_modules/cisco_secure_email/cisco_secure_email_supported_stix.md
+++ b/stix_shifter_modules/cisco_secure_email/cisco_secure_email_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 14/09/23
+##### Updated on 10/25/23
 ## Cisco Secure Email
 ### Results STIX Domain Objects
 * Identity
@@ -7,14 +7,15 @@
 ### Supported STIX Operators
 *Comparison AND/OR operators are inside the observation while observation AND/OR operators are between observations (square brackets).*
 
-| STIX Operator | Data Cisco Secure Email Operator |
+| STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | & |
+| AND (Comparison) | & |
+| OR (Comparison) |   |
 | = | = |
 | IN | = |
 | LIKE | = |
-| OR (Observation) | OR |
-| AND (Observation) | OR |
+| OR (Observation) |  |
+| AND (Observation) |  |
 | <br> | |
 ### Searchable STIX objects and properties
 | STIX Object and Property | Mapped Data Source Fields |
@@ -57,7 +58,6 @@
 | **x-cisco-email-msgevent**:macro_mailflow_direction | macroMailflowDirection |
 | **x-cisco-email-msgevent**:macro_file_types_detected | macroFileTypesDetected |
 | **x-cisco-email-msgevent**:message_filters | messageFilters |
-| **x-cisco-email-msgevent**:message_direction | messageDirection |
 | **x-cisco-email-msgevent**:contained_malicious_urls | containedMaliciousUrls |
 | **x-cisco-email-msgevent**:contained_neutral_urls | containedNeutralUrls |
 | **x-cisco-email-msgevent**:outbreak_filters_url_rewritten_byof | outbreakFiltersUrlRewrittenByOf |
@@ -66,7 +66,6 @@
 | **x-cisco-email-msgevent**:quarantined_to | quarantinedTo |
 | **x-cisco-email-msgevent**:reply_to | replyToValue |
 | **x-cisco-email-msgevent**:s_mime | smime |
-| **x-cisco-email-msgevent**:domain_categories | domainCategories |
 | **x-cisco-email-msgevent**:sdr_categories | sdrCategories |
 | **x-cisco-email-msgevent**:sdr_threat_levels | sdrThreatLevels |
 | **x-cisco-email-msgevent**:soft_bounced | softBounced |
@@ -87,76 +86,37 @@
 ### Supported STIX Objects and Properties for Query Results
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
-| email-addr | value | envelopeRecipientfilterValue |
-| email-addr | value | envelopeSenderfilterValue |
+| domain-name | value | senderDomain |
+| domain-name | resolves_to_refs | senderDomain |
 | <br> | | |
-| email-message | from_ref | envelopeSenderfilterValue |
-| email-message | sender_ref | envelopeSenderfilterValue |
-| email-message | to_refs | envelopeRecipientfilterValue |
-| email-message | subject | subjectfilterValue |
-| email-message | x_message_id_header | messageIdHeader |
-| email-message | x_cisco_mid | ciscoMid |
-| email-message | x_sender_ip_ref | senderIp |
+| email-addr | value | recipient |
+| email-addr | value | friendly_from |
+| email-addr | value | sender |
+| email-addr | value | replyTo |
 | <br> | | |
-| file | name | attachmentNameValue |
-| file | hashes.'SHA-256' | fileSha256 |
+| email-message | x_cisco_host_ref | hostName |
+| email-message | date | timestamp |
+| email-message | to_refs | recipient |
+| email-message | from_ref | friendly_from |
+| email-message | sender_ref | sender |
+| email-message | subject | subject |
+| email-message | is_multipart | is_multipart |
+| email-message | x_message_id_header | messageID |
+| email-message | x_sender_ip_ref | senderIp |
+| email-message | x_sender_group | senderGroup |
+| email-message | x_cisco_mid | mid |
+| email-message | x_cisco_icid | icid |
+| email-message | x_serial_number | serialNumber |
 | <br> | | |
 | ipv4-addr | value | senderIp |
 | <br> | | |
 | ipv6-addr | value | senderIp |
 | <br> | | |
-| domain-name | value | domainNameValue |
-| <br> | | |
-| x-oca-host | hostname | ciscoHost |
+| x-cisco-email-msgevent | reply_to | replyTo |
+| x-cisco-email-msgevent | mail_policy | mailPolicy |
+| x-cisco-email-msgevent | direction | direction |
+| x-cisco-email-msgevent | message_status | messageStatus |
+| x-cisco-email-msgevent | sbrs_score | sbrs |
 | <br> | | |
-| x-cisco-email-msgevent | advanced_malware_protection_mailflow_direction | advancedMalwareProtectionMailflowDirection |
-| x-cisco-email-msgevent | advanced_malware_protection | advancedMalwareProtection |
-| x-cisco-email-msgevent | app_forwarding | appForwarding |
-| x-cisco-email-msgevent | content_filters_name | contentFiltersName |
-| x-cisco-email-msgevent | content_filters_direction | contentFiltersDirection |
-| x-cisco-email-msgevent | content_filters_action | contentFiltersAction |
-| x-cisco-email-msgevent | dane_failure | daneFailure |
-| x-cisco-email-msgevent | message_status | deliveryStatus |
-| x-cisco-email-msgevent | message_delivered | message_delivered |
-| x-cisco-email-msgevent | dlp_violations_names | dlpViolationsNames |
-| x-cisco-email-msgevent | dlpViolationsSeverities | dlpViolationsSeverities |
-| x-cisco-email-msgevent | dlp_action | dlpAction |
-| x-cisco-email-msgevent | dmarc_from | dmarcFrom |
-| x-cisco-email-msgevent | dmarc_action | dmarcAction |
-| x-cisco-email-msgevent | etf_sources | etfSources |
-| x-cisco-email-msgevent | etf_iocs | etfIocs |
-| x-cisco-email-msgevent | forged_email_detection | forgedEmailDetection |
-| x-cisco-email-msgevent | geo_location | geoLocation |
-| x-cisco-email-msgevent | graymail | graymail |
-| x-cisco-email-msgevent | hard_bounced | hardBounced |
-| x-cisco-email-msgevent | ip_reputation | ipReputation |
-| x-cisco-email-msgevent | macro_mailflow_direction | macroMailflowDirection |
-| x-cisco-email-msgevent | macro_file_types_detected | macroFileTypesDetected |
-| x-cisco-email-msgevent | message_filters | messageFilters |
-| x-cisco-email-msgevent | message_direction | messageDirection |
-| x-cisco-email-msgevent | contained_malicious_urls | containedMaliciousUrls |
-| x-cisco-email-msgevent | contained_neutral_urls | containedNeutralUrls |
-| x-cisco-email-msgevent | outbreak_filters_url_rewritten_byof | outbreakFiltersUrlRewrittenByOf |
-| x-cisco-email-msgevent | outbreak_filtersVofThreatCategory | outbreakFiltersVofThreatCategory |
-| x-cisco-email-msgevent | in_outbreak_quarantine | inOutbreakQuarantine |
-| x-cisco-email-msgevent | quarantined_to | quarantinedTo |
-| x-cisco-email-msgevent | reply_to | replyToValue |
-| x-cisco-email-msgevent | s_mime | smime |
-| x-cisco-email-msgevent | domain_categories | domainCategories |
-| x-cisco-email-msgevent | sdr_categories | sdrCategories |
-| x-cisco-email-msgevent | sdr_threat_levels | sdrThreatLevels |
-| x-cisco-email-msgevent | soft_bounced | softBounced |
-| x-cisco-email-msgevent | spam_positive | spamPositive |
-| x-cisco-email-msgevent | quarantined_as_spam | quarantinedAsSpam |
-| x-cisco-email-msgevent | quarantine_status | quarantineStatus |
-| x-cisco-email-msgevent | threat_name | threatName |
-| x-cisco-email-msgevent | suspect_spam | suspectSpam |
-| x-cisco-email-msgevent | url_categories | urlCategories |
-| x-cisco-email-msgevent | url_reputation | urlReputation |
-| x-cisco-email-msgevent | safeprint_ext | safeprintExt |
-| x-cisco-email-msgevent | virus_positive | virusPositive |
-| x-cisco-email-msgevent | web_interaction_tracking_urls | webInteractionTrackingUrls |
-| x-cisco-email-msgevent | web_interaction_tracking_mailflow_direction | webInteractionTrackingMailflowDirection |
-| x-cisco-email-msgevent | mail_policy | mailPolicyName |
-| x-cisco-email-msgevent | mail_policy_direction | mailPolicyDirection |
+| x-oca-asset | hostname | hostName |
 | <br> | | |
diff --git a/stix_shifter_modules/crowdstrike/crowdstrike_supported_stix.md b/stix_shifter_modules/crowdstrike/crowdstrike_supported_stix.md
index feb29b3cd..c000a41a1 100644
--- a/stix_shifter_modules/crowdstrike/crowdstrike_supported_stix.md
+++ b/stix_shifter_modules/crowdstrike/crowdstrike_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## CrowdStrike Falcon
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | + |
-| OR (Comparision) | , |
+| AND (Comparison) | + |
+| OR (Comparison) | , |
 | = | : |
 | != | :! |
 | > | :> |
diff --git a/stix_shifter_modules/cybereason/cybereason_supported_stix.md b/stix_shifter_modules/cybereason/cybereason_supported_stix.md
index 1612eea69..028aedebf 100644
--- a/stix_shifter_modules/cybereason/cybereason_supported_stix.md
+++ b/stix_shifter_modules/cybereason/cybereason_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Cybereason
 ### Results STIX Domain Objects
 * Identity
@@ -9,7 +9,7 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
+| AND (Comparison) | AND |
 | > | GreaterThan |
 | >= | GreaterOrEqualsTo |
 | < | LessThan |
diff --git a/stix_shifter_modules/darktrace/darktrace_supported_stix.md b/stix_shifter_modules/darktrace/darktrace_supported_stix.md
index fce651461..e2a34eb89 100644
--- a/stix_shifter_modules/darktrace/darktrace_supported_stix.md
+++ b/stix_shifter_modules/darktrace/darktrace_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Darktrace
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | :> |
 | < | :< |
 | >= | :> |
diff --git a/stix_shifter_modules/datadog/datadog_supported_stix.md b/stix_shifter_modules/datadog/datadog_supported_stix.md
index 2610e43ea..532df70a0 100644
--- a/stix_shifter_modules/datadog/datadog_supported_stix.md
+++ b/stix_shifter_modules/datadog/datadog_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Datadog
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | = | : |
 | IN | : |
 | OR (Observation) | OR |
diff --git a/stix_shifter_modules/elastic_ecs/elastic_ecs_supported_stix.md b/stix_shifter_modules/elastic_ecs/elastic_ecs_supported_stix.md
index bc62406a4..0ddb4b275 100644
--- a/stix_shifter_modules/elastic_ecs/elastic_ecs_supported_stix.md
+++ b/stix_shifter_modules/elastic_ecs/elastic_ecs_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Elasticsearch ECS
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | :> |
 | >= | :>= |
 | < | :< |
@@ -100,7 +100,7 @@
 | **process**:parent_ref.pid | process.ppid, process.parent.ppid |
 | **process**:parent_ref.name | process.parent.name |
 | **process**:parent_ref.x_exit_code | process.parent.exit_code |
-| **process**:parent_ref.pgid | process.parent.pgid |
+| **process**:parent_ref.x_pgid | process.parent.pgid |
 | **process**:parent_ref.x_window_title | process.parent.title |
 | **process**:parent_ref.x_thread_id | process.parent.thread.id |
 | **process**:parent_ref.x_uptime | process.parent.uptime |
@@ -116,9 +116,10 @@
 | **process**:x_window_title | process.title |
 | **process**:x_exit_code | process.exit_code |
 | **process**:x_thread_id | process.thread.id |
-| **process**:x_ttp_tags | tags |
+| **process**:x_tags | tags |
 | **process**:x_unique_id | process.entity_id, process.parent.entity_id |
 | **process**:x_uptime | process.uptime |
+| **process**:x_pgid | process.pgid |
 | **url**:value | url.original |
 | **domain-name**:value | url.domain, dns.question.name, dns.question.registered_domain, host.hostname, source.domain, destination.domain, server.domain, client.domain, source.registered_domain, destination.registered_domain, server.registered_domain, client.registered_domain, source.top_level_domain, destination.top_level_domain, server.top_level_domain, client.top_level_domain |
 | **windows-registry-key**:key | registry.key |
@@ -129,10 +130,10 @@
 | **software**:x_description | process.pe.description, file.pe.description, dll.pe.description |
 | **autonomous-system**:value | client.as.organization.name, server.as.organization.name, source.as.organization.name, destination.as.organization.name |
 | **autonomous-system**:number | client.as.number, server.as.number, source.as.number, destination.as.number |
-| **email-addr**:name | user.email |
+| **email-addr**:value | user.email |
 | **x-oca-event**:action | event.action |
-| **x-oca-event**:id | event.id |
-| **x-oca-event**:category | event.category |
+| **x-oca-event**:event_id | event.id |
+| **x-oca-event**:category | event.category, event.type, event.kind |
 | **x-oca-event**:code | event.code |
 | **x-oca-event**:created | event.created |
 | **x-oca-event**:dataset | event.dataset |
@@ -140,7 +141,6 @@
 | **x-oca-event**:end | event.end |
 | **x-oca-event**:hash | event.hash |
 | **x-oca-event**:ingested | event.ingested |
-| **x-oca-event**:kind | event.kind |
 | **x-oca-event**:module | event.module |
 | **x-oca-event**:outcome | event.outcome |
 | **x-oca-event**:provider | event.provider |
@@ -150,7 +150,6 @@
 | **x-oca-event**:severity | event.severity |
 | **x-oca-event**:start | event.start |
 | **x-oca-event**:timezone | event.timezone |
-| **x-oca-event**:type | event.type |
 | **x-oca-event**:url | event.url |
 | **x-oca-event**:original | message, powershell.file.script_block_text |
 | **x-oca-event**:process_ref.pid | process.pid |
@@ -180,7 +179,7 @@
 | **x-ecs-dns**:answers_ttl | dns.answers.ttl |
 | **x-ecs-dns**:answers_type | dns.answers.type |
 | **x-ecs-dns**:header_flags | dns.header_flags |
-| **x-ecs-dns**:id | dns.id |
+| **x-ecs-dns**:dns_id | dns.id |
 | **x-ecs-dns**:op_code | dns.op_code |
 | **x-ecs-dns**:question_class | dns.question.class |
 | **x-ecs-dns**:question_name | dns.question.name |
@@ -190,24 +189,23 @@
 | **x-ecs-dns**:question_type | dns.question.type |
 | **x-ecs-dns**:resolved_ip | dns.resolved_ip |
 | **x-ecs-dns**:response_code | dns.response_code |
-| **x-ecs-dns**:type | dns.type |
+| **x-ecs-dns**:dns_type | dns.type |
 | **x-ecs**:version | ecs.version |
 | **x-ecs-error**:code | error.code |
-| **x-ecs-error**:id | error.id |
+| **x-ecs-error**:error_id | error.id |
 | **x-ecs-error**:message | error.message |
 | **x-ecs-error**:stack_trace | error.stack_trace |
-| **x-ecs-error**:type | error.type |
+| **x-ecs-error**:error_type | error.type |
 | **x-ecs-group**:domain | group.domain |
-| **x-ecs-group**:id | group.id |
+| **x-ecs-group**:group_id | group.id |
 | **x-ecs-group**:name | group.name |
 | **x-oca-asset**:architecture | host.architecture |
 | **x-oca-asset**:domain | host.domain |
-| **x-oca-asset**:hostname | host.hostname, observer.hostname |
-| **x-oca-asset**:id | host.id, observer.serial_number |
+| **x-oca-asset**:hostname | host.hostname, observer.hostname, host.name, observer.name |
+| **x-oca-asset**:device_id | host.id, observer.serial_number |
 | **x-oca-asset**:ip | host.ip, observer.ip |
 | **x-oca-asset**:mac | host.mac, observer.mac |
-| **x-oca-asset**:name | host.name, observer.name |
-| **x-oca-asset**:type | host.type, observer.type |
+| **x-oca-asset**:host_type | host.type, observer.type |
 | **x-oca-asset**:ingress.zone | observer.ingress.zone |
 | **x-oca-asset**:ingress.interface.alias | observer.ingress.interface.alias |
 | **x-oca-asset**:ingress.interface.id | observer.ingress.interface.id |
@@ -217,7 +215,7 @@
 | **x-oca-asset**:egress.interface.id | observer.egress.interface.id |
 | **x-oca-asset**:egress.interface.name | observer.egress.interface.name |
 | **x-oca-asset**:uptime | host.uptime |
-| **x-oca-asset**:os_ref.name | host.os.name, observer.os.name, observer.product |
+| **x-oca-asset**:os_ref.name | host.os.name, os.name, os.type, observer.os.name, observer.product |
 | **x-oca-asset**:os_ref.vendor | host.os.platform, observer.os.platform, observer.vendor |
 | **x-oca-asset**:os_ref.version | host.os.version, observer.os.version, observer.version |
 | **x-oca-asset**:container.id | container.id |
@@ -255,7 +253,7 @@
 | **x-ecs-log**:syslog_priority | log.syslog.priority |
 | **x-ecs-log**:severity_syslog_code | log.syslog.severity.code |
 | **x-ecs-log**:severity_syslog_name | log.syslog.severity.name |
-| **x-ecs-organization**:id | organization.id |
+| **x-ecs-organization**:organization_id | organization.id |
 | **x-ecs-organization**:name | organization.name |
 | **x-ecs-pe**:company | dll.pe.company, process.pe.company, file.pe.company |
 | **x-ecs-pe**:description | dll.pe.description, process.pe.description, file.pe.description |
@@ -268,17 +266,17 @@
 | **x-ecs-rule**:author | rule.author |
 | **x-ecs-rule**:category | rule.category |
 | **x-ecs-rule**:description | rule.description |
-| **x-ecs-rule**:id | rule.id |
+| **x-ecs-rule**:rule_id | rule.id |
 | **x-ecs-rule**:license | rule.license |
 | **x-ecs-rule**:name | rule.name |
 | **x-ecs-rule**:reference | rule.reference |
 | **x-ecs-rule**:ruleset | rule.ruleset |
 | **x-ecs-rule**:uuid | rule.uuid |
 | **x-ecs-rule**:version | rule.version |
-| **x-ecs-service**:id | service.id |
+| **x-ecs-service**:service_id | service.id |
 | **x-ecs-service**:name | service.name |
 | **x-ecs-service**:state | service.state |
-| **x-ecs-service**:type | service.type |
+| **x-ecs-service**:service_type | service.type |
 | **x-ecs-service**:version | service.version |
 | **x-ecs-threat**:framework | threat.framework |
 | **x-ecs-threat**:tactic_id | threat.tactic.id |
@@ -287,8 +285,8 @@
 | **x-ecs-threat**:technique_id | threat.technique.id |
 | **x-ecs-threat**:technique_name | threat.technique.name |
 | **x-ecs-threat**:technique_reference | threat.technique.reference |
-| **x-ecs-trace**:id | trace.id |
-| **x-ecs-transaction**:id | transaction.id |
+| **x-ecs-trace**:trace_id | trace.id |
+| **x-ecs-transaction**:transaction_id | transaction.id |
 | **x-ecs-user-agent**:name | user_agent.name |
 | **x-ecs-user-agent**:original | user_agent.original |
 | **x-ecs-user-agent**:version | user_agent.version |
@@ -297,7 +295,7 @@
 | **x-ecs-vulnerability**:classification | vulnerability.classification |
 | **x-ecs-vulnerability**:description | vulnerability.description |
 | **x-ecs-vulnerability**:enumeration | vulnerability.enumeration |
-| **x-ecs-vulnerability**:id | vulnerability.id |
+| **x-ecs-vulnerability**:vulnerability_id | vulnerability.id |
 | **x-ecs-vulnerability**:reference | vulnerability.reference |
 | **x-ecs-vulnerability**:report_id | vulnerability.report_id |
 | **x-ecs-vulnerability**:severity | vulnerability.severity |
@@ -382,7 +380,7 @@
 | **process**:parent_ref.pid | process.ppid, process.parent.ppid |
 | **process**:parent_ref.name | process.parent.name.keyword |
 | **process**:parent_ref.x_exit_code | process.parent.exit_code |
-| **process**:parent_ref.pgid | process.parent.pgid |
+| **process**:parent_ref.x_pgid | process.parent.pgid |
 | **process**:parent_ref.x_window_title | process.parent.title.keyword |
 | **process**:parent_ref.x_thread_id | process.parent.thread.id |
 | **process**:parent_ref.x_uptime | process.parent.uptime |
@@ -398,9 +396,10 @@
 | **process**:x_window_title | process.title |
 | **process**:x_exit_code | process.exit_code |
 | **process**:x_thread_id | process.thread.id |
-| **process**:x_ttp_tags | tags |
+| **process**:x_tags | tags |
 | **process**:x_unique_id | process.entity_id.keyword, process.parent.entity_id.keyword |
 | **process**:x_uptime | process.uptime |
+| **process**:x_pgid | process.pgid |
 | **url**:value | url.original |
 | **domain-name**:value | url.domain, dns.question.name, dns.question.registered_domain, host.hostname.keyword, source.domain, destination.domain, server.domain, client.domain, source.registered_domain, destination.registered_domain, server.registered_domain, client.registered_domain, source.top_level_domain, destination.top_level_domain, server.top_level_domain, client.top_level_domain |
 | **windows-registry-key**:key | registry.key |
@@ -411,10 +410,10 @@
 | **software**:x_description | process.pe.description.keyword, file.pe.description.keyword, dll.pe.description.keyword |
 | **autonomous-system**:value | client.as.organization.name, server.as.organization.name, source.as.organization.name, destination.as.organization.name |
 | **autonomous-system**:number | client.as.number, server.as.number, source.as.number, destination.as.number |
-| **email-addr**:name | user.email |
+| **email-addr**:value | user.email |
 | **x-oca-event**:action | event.action.keyword |
-| **x-oca-event**:id | event.id |
-| **x-oca-event**:category | event.category.keyword |
+| **x-oca-event**:event_id | event.id |
+| **x-oca-event**:category | event.category.keyword, event.type.keyword, event.kind.keyword |
 | **x-oca-event**:code | event.code |
 | **x-oca-event**:created | event.created |
 | **x-oca-event**:dataset | event.dataset |
@@ -422,7 +421,6 @@
 | **x-oca-event**:end | event.end |
 | **x-oca-event**:hash | event.hash |
 | **x-oca-event**:ingested | event.ingested |
-| **x-oca-event**:kind | event.kind.keyword |
 | **x-oca-event**:module | event.module.keyword |
 | **x-oca-event**:outcome | event.outcome.keyword |
 | **x-oca-event**:provider | event.provider.keyword |
@@ -432,7 +430,6 @@
 | **x-oca-event**:severity | event.severity |
 | **x-oca-event**:start | event.start |
 | **x-oca-event**:timezone | event.timezone |
-| **x-oca-event**:type | event.type.keyword |
 | **x-oca-event**:url | event.url |
 | **x-oca-event**:original | message, powershell.file.script_block_text.keyword |
 | **x-oca-event**:process_ref.pid | process.pid |
@@ -462,7 +459,7 @@
 | **x-ecs-dns**:answers_ttl | dns.answers.ttl |
 | **x-ecs-dns**:answers_type | dns.answers.type |
 | **x-ecs-dns**:header_flags | dns.header_flags |
-| **x-ecs-dns**:id | dns.id |
+| **x-ecs-dns**:dns_id | dns.id |
 | **x-ecs-dns**:op_code | dns.op_code |
 | **x-ecs-dns**:question_class | dns.question.class |
 | **x-ecs-dns**:question_name | dns.question.name |
@@ -472,24 +469,23 @@
 | **x-ecs-dns**:question_type | dns.question.type |
 | **x-ecs-dns**:resolved_ip | dns.resolved_ip |
 | **x-ecs-dns**:response_code | dns.response_code |
-| **x-ecs-dns**:type | dns.type |
+| **x-ecs-dns**:dns_type | dns.type |
 | **x-ecs**:version | ecs.version.keyword |
 | **x-ecs-error**:code | error.code |
-| **x-ecs-error**:id | error.id |
+| **x-ecs-error**:error_id | error.id |
 | **x-ecs-error**:message | error.message |
 | **x-ecs-error**:stack_trace | error.stack_trace |
-| **x-ecs-error**:type | error.type |
+| **x-ecs-error**:error_type | error.type |
 | **x-ecs-group**:domain | group.domain |
-| **x-ecs-group**:id | group.id |
+| **x-ecs-group**:group_id | group.id |
 | **x-ecs-group**:name | group.name |
 | **x-oca-asset**:architecture | host.architecture.keyword |
 | **x-oca-asset**:domain | host.domain |
-| **x-oca-asset**:hostname | host.hostname.keyword, observer.hostname.keyword |
-| **x-oca-asset**:id | host.id.keyword, observer.serial_number.keyword |
+| **x-oca-asset**:hostname | host.hostname.keyword, observer.hostname.keyword, host.name.keyword, observer.name.keyword |
+| **x-oca-asset**:device_id | host.id.keyword, observer.serial_number.keyword |
 | **x-oca-asset**:ip | host.ip.keyword, observer.ip.keyword |
 | **x-oca-asset**:mac | host.mac.keyword, observer.mac.keyword |
-| **x-oca-asset**:name | host.name.keyword, observer.name.keyword |
-| **x-oca-asset**:type | host.type, observer.type |
+| **x-oca-asset**:host_type | host.type, observer.type |
 | **x-oca-asset**:ingress.zone | observer.ingress.zone |
 | **x-oca-asset**:ingress.interface.alias | observer.ingress.interface.alias |
 | **x-oca-asset**:ingress.interface.id | observer.ingress.interface.id |
@@ -537,7 +533,7 @@
 | **x-ecs-log**:syslog_priority | log.syslog.priority |
 | **x-ecs-log**:severity_syslog_code | log.syslog.severity.code |
 | **x-ecs-log**:severity_syslog_name | log.syslog.severity.name |
-| **x-ecs-organization**:id | organization.id |
+| **x-ecs-organization**:organization_id | organization.id |
 | **x-ecs-organization**:name | organization.name |
 | **x-ecs-pe**:company | dll.pe.company, process.pe.company.keyword, file.pe.company |
 | **x-ecs-pe**:description | dll.pe.description, process.pe.description.keyword, file.pe.description |
@@ -550,17 +546,17 @@
 | **x-ecs-rule**:author | rule.author |
 | **x-ecs-rule**:category | rule.category |
 | **x-ecs-rule**:description | rule.description |
-| **x-ecs-rule**:id | rule.id |
+| **x-ecs-rule**:rule_id | rule.id |
 | **x-ecs-rule**:license | rule.license |
 | **x-ecs-rule**:name | rule.name |
 | **x-ecs-rule**:reference | rule.reference |
 | **x-ecs-rule**:ruleset | rule.ruleset |
 | **x-ecs-rule**:uuid | rule.uuid |
 | **x-ecs-rule**:version | rule.version |
-| **x-ecs-service**:id | service.id |
+| **x-ecs-service**:service_id | service.id |
 | **x-ecs-service**:name | service.name |
 | **x-ecs-service**:state | service.state |
-| **x-ecs-service**:type | service.type |
+| **x-ecs-service**:service_type | service.type |
 | **x-ecs-service**:version | service.version |
 | **x-ecs-threat**:framework | threat.framework |
 | **x-ecs-threat**:tactic_id | threat.tactic.id |
@@ -569,8 +565,8 @@
 | **x-ecs-threat**:technique_id | threat.technique.id |
 | **x-ecs-threat**:technique_name | threat.technique.name |
 | **x-ecs-threat**:technique_reference | threat.technique.reference |
-| **x-ecs-trace**:id | trace.id |
-| **x-ecs-transaction**:id | transaction.id |
+| **x-ecs-trace**:trace_id | trace.id |
+| **x-ecs-transaction**:transaction_id | transaction.id |
 | **x-ecs-user-agent**:name | user_agent.name |
 | **x-ecs-user-agent**:original | user_agent.original |
 | **x-ecs-user-agent**:version | user_agent.version |
@@ -579,7 +575,7 @@
 | **x-ecs-vulnerability**:classification | vulnerability.classification |
 | **x-ecs-vulnerability**:description | vulnerability.description |
 | **x-ecs-vulnerability**:enumeration | vulnerability.enumeration |
-| **x-ecs-vulnerability**:id | vulnerability.id |
+| **x-ecs-vulnerability**:vulnerability_id | vulnerability.id |
 | **x-ecs-vulnerability**:reference | vulnerability.reference |
 | **x-ecs-vulnerability**:report_id | vulnerability.report_id |
 | **x-ecs-vulnerability**:severity | vulnerability.severity |
@@ -593,7 +589,7 @@
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
 | artifact | payload_bin | original |
-| artifact | mime_type | mime_type_event |
+| artifact | mime_type | original |
 | <br> | | |
 | autonomous-system | number | number |
 | autonomous-system | name | name |
@@ -601,12 +597,10 @@
 | directory | path | executable |
 | directory | path | directory |
 | <br> | | |
+| domain-name | resolves_to_refs | ip |
 | domain-name | value | domain |
-| domain-name | resolves_to_refs | domain |
 | domain-name | value | registered_domain |
-| domain-name | resolves_to_refs | registered_domain |
 | domain-name | value | top_level_domain |
-| domain-name | resolves_to_refs | top_level_domain |
 | domain-name | value | url |
 | domain-name | value | name |
 | <br> | | |
@@ -625,9 +619,7 @@
 | file | name | name |
 | file | dll_ref | name |
 | file | x_path | path |
-| file | x_software_ref.vendor | company |
-| file | x_software_ref.version | file_version |
-| file | x_software_ref.name | original_file_name |
+| file | x_software_ref | company |
 | file | x_code_signature.exists | exists |
 | file | x_code_signature.subject_name | subject_name |
 | file | created | created |
@@ -658,6 +650,7 @@
 | <br> | | |
 | ipv6-addr | value | ip |
 | ipv6-addr | resolves_to_refs | mac |
+| ipv6-addr | belongs_to_refs | number |
 | ipv6-addr | value | resolved_ip |
 | <br> | | |
 | mac-addr | value | mac |
@@ -709,17 +702,16 @@
 | process | x_unique_id | entity_id |
 | process | x_exit_code | exit_code |
 | process | parent_ref | name |
-| process | parent_ref.pgid | pgid |
+| process | pid | pgid |
+| process | group_leader_ref | pgid |
 | process | parent_ref | pid |
-| process | parent_ref.ppid | ppid |
 | process | x_thread_id | id |
 | process | x_window_title | title |
 | process | x_uptime | uptime |
 | process | cwd | working_directory |
-| process | x_exit_code | pgid |
 | process | creator_user_ref | name |
 | process | creator_user_ref | id |
-| process | x_ttp_tags | tags |
+| process | x_tags | tags |
 | <br> | | |
 | software | vendor | company |
 | software | version | file_version |
@@ -733,6 +725,8 @@
 | software | name | product |
 | software | vendor | vendor |
 | <br> | | |
+| source-autonomous-system | name | name |
+| <br> | | |
 | url | value | original |
 | <br> | | |
 | user-account | user_id | name |
@@ -750,8 +744,6 @@
 | <br> | | |
 | x-ecs | version | version |
 | <br> | | |
-| x-ecs-client | address | address |
-| <br> | | |
 | x-ecs-cloud | account_id | id |
 | x-ecs-cloud | availability_zone | availability_zone |
 | x-ecs-cloud | instance_id | id |
@@ -760,8 +752,6 @@
 | x-ecs-cloud | provider | provider |
 | x-ecs-cloud | region | region |
 | <br> | | |
-| x-ecs-destination | address | address |
-| <br> | | |
 | x-ecs-error | code | code |
 | x-ecs-error | error_id | id |
 | x-ecs-error | message | message |
@@ -821,8 +811,6 @@
 | x-ecs-rule | uuid | uuid |
 | x-ecs-rule | version | version |
 | <br> | | |
-| x-ecs-server | address | address |
-| <br> | | |
 | x-ecs-service | service_id | id |
 | x-ecs-service | name | name |
 | x-ecs-service | state | state |
@@ -915,6 +903,7 @@
 | x-oca-asset | ingress.interface.name | name |
 | x-oca-asset | ingress.vlan.id | id |
 | x-oca-asset | ingress.vlan.name | name |
+| x-oca-asset | hostname | name |
 | x-oca-asset | os_ref | product |
 | x-oca-asset | device_id | serial_number |
 | x-oca-asset | os_ref | vendor |
@@ -933,7 +922,7 @@
 | x-oca-event | end | end |
 | x-oca-event | hash | hash |
 | x-oca-event | ingested | ingested |
-| x-oca-event | kind | kind |
+| x-oca-event | category | kind |
 | x-oca-event | module | module |
 | x-oca-event | outcome | outcome |
 | x-oca-event | provider | provider |
@@ -944,7 +933,7 @@
 | x-oca-event | severity | severity |
 | x-oca-event | start | start |
 | x-oca-event | timezone | timezone |
-| x-oca-event | event_type | type |
+| x-oca-event | category | type |
 | x-oca-event | url | url |
 | x-oca-event | domain_ref | url |
 | x-oca-event | url_ref | original |
diff --git a/stix_shifter_modules/gcp_chronicle/gcp_chronicle_supported_stix.md b/stix_shifter_modules/gcp_chronicle/gcp_chronicle_supported_stix.md
index ac7665979..dd3cd1329 100644
--- a/stix_shifter_modules/gcp_chronicle/gcp_chronicle_supported_stix.md
+++ b/stix_shifter_modules/gcp_chronicle/gcp_chronicle_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## GCP Chronicle
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | and |
-| OR (Comparision) | or |
+| AND (Comparison) | and |
+| OR (Comparison) | or |
 | = | = |
 | != | != |
 | LIKE | = |
@@ -202,7 +202,7 @@
 | email-message | to_refs | to |
 | email-message | cc_refs | cc |
 | email-message | bcc_refs | bcc |
-| email-message | extensions.x-gcp-chronicle-email-message.file_ref | fullPath |
+| email-message | extensions.x-gcp-chronicle-email-message.file_refs | GroupAboutFileReferences |
 | <br> | | |
 | file | name | fullPath |
 | file | parent_directory_ref | fullPath |
@@ -302,7 +302,7 @@
 | x-ibm-finding | dst_ip_ref | ip |
 | x-ibm-finding | dst_os_ref | platform |
 | x-ibm-finding | dst_application_ref | name |
-| x-ibm-finding | extensions.x-gcp-chronicle-security-result.url_ref | url |
+| x-ibm-finding | extensions.x-gcp-chronicle-security-result.url_refs | groupAboutUrlReferences |
 | x-ibm-finding | finding_type | findingType |
 | x-ibm-finding | extensions.x-gcp-chronicle-security-result.threat_name | threatName |
 | x-ibm-finding | rule_names | ruleName |
diff --git a/stix_shifter_modules/guardium/guardium_supported_stix.md b/stix_shifter_modules/guardium/guardium_supported_stix.md
index b9e13374b..a8fa67d08 100644
--- a/stix_shifter_modules/guardium/guardium_supported_stix.md
+++ b/stix_shifter_modules/guardium/guardium_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## IBM Guardium Data Protection
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | = | = |
 | OR (Observation) | OR |
 | AND (Observation) | OR |
diff --git a/stix_shifter_modules/ibm_security_verify/ibm_security_verify_supported_stix.md b/stix_shifter_modules/ibm_security_verify/ibm_security_verify_supported_stix.md
index 1eaf89946..de234a814 100644
--- a/stix_shifter_modules/ibm_security_verify/ibm_security_verify_supported_stix.md
+++ b/stix_shifter_modules/ibm_security_verify/ibm_security_verify_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## IBM Security Verify
 ### Results STIX Domain Objects
 * Identity
@@ -9,7 +9,7 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | & |
+| AND (Comparison) | & |
 | = | = |
 | AND (Observation) | = |
 | IN | = |
diff --git a/stix_shifter_modules/msatp/msatp_supported_stix.md b/stix_shifter_modules/msatp/msatp_supported_stix.md
index 8e11eaabf..7e9743cb1 100644
--- a/stix_shifter_modules/msatp/msatp_supported_stix.md
+++ b/stix_shifter_modules/msatp/msatp_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Microsoft Defender for Endpoint
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | and |
-| OR (Comparision) | or |
+| AND (Comparison) | and |
+| OR (Comparison) | or |
 | = | == |
 | != | != |
 | LIKE | contains |
diff --git a/stix_shifter_modules/okta/okta_supported_stix.md b/stix_shifter_modules/okta/okta_supported_stix.md
index d49de646a..9c6b2f70f 100644
--- a/stix_shifter_modules/okta/okta_supported_stix.md
+++ b/stix_shifter_modules/okta/okta_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Okta
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | and |
-| OR (Comparision) | or |
+| AND (Comparison) | and |
+| OR (Comparison) | or |
 | > | gt |
 | >= | ge |
 | < | lt |
diff --git a/stix_shifter_modules/onelogin/onelogin_supported_stix.md b/stix_shifter_modules/onelogin/onelogin_supported_stix.md
index 5a429a510..1a56cc53d 100644
--- a/stix_shifter_modules/onelogin/onelogin_supported_stix.md
+++ b/stix_shifter_modules/onelogin/onelogin_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## OneLogin
 ### Results STIX Domain Objects
 * Identity
@@ -9,7 +9,7 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | & |
+| AND (Comparison) | & |
 | = | = |
 | AND (Observation) | or |
 | OR (Observation) | or |
diff --git a/stix_shifter_modules/paloalto/paloalto_supported_stix.md b/stix_shifter_modules/paloalto/paloalto_supported_stix.md
index 63d78bd08..b11071b0b 100644
--- a/stix_shifter_modules/paloalto/paloalto_supported_stix.md
+++ b/stix_shifter_modules/paloalto/paloalto_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## PaloAlto Cortex XDR
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | and |
-| OR (Comparision) | or |
+| AND (Comparison) | and |
+| OR (Comparison) | or |
 | = | = |
 | != | != |
 | LIKE | contains |
diff --git a/stix_shifter_modules/proofpoint/proofpoint_supported_stix.md b/stix_shifter_modules/proofpoint/proofpoint_supported_stix.md
index 72e6d51fa..5ef661612 100644
--- a/stix_shifter_modules/proofpoint/proofpoint_supported_stix.md
+++ b/stix_shifter_modules/proofpoint/proofpoint_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Proofpoint (SIEM API)
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | > |
 | >= | >= |
 | < | < |
diff --git a/stix_shifter_modules/qradar/qradar_supported_stix.md b/stix_shifter_modules/qradar/qradar_supported_stix.md
index df65763a8..fde4258b2 100644
--- a/stix_shifter_modules/qradar/qradar_supported_stix.md
+++ b/stix_shifter_modules/qradar/qradar_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## IBM QRadar
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | > |
 | >= | >= |
 | < | < |
diff --git a/stix_shifter_modules/reaqta/reaqta_supported_stix.md b/stix_shifter_modules/reaqta/reaqta_supported_stix.md
index 5bcbdf57b..6d1e51d0f 100644
--- a/stix_shifter_modules/reaqta/reaqta_supported_stix.md
+++ b/stix_shifter_modules/reaqta/reaqta_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 06/21/23
+##### Updated on 10/25/23
 ## IBM Security QRadar EDR
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | >= | = |
 | <= | = |
 | = | = |
diff --git a/stix_shifter_modules/rhacs/rhacs_supported_stix.md b/stix_shifter_modules/rhacs/rhacs_supported_stix.md
index d9cf06a9f..5fee9a0b1 100644
--- a/stix_shifter_modules/rhacs/rhacs_supported_stix.md
+++ b/stix_shifter_modules/rhacs/rhacs_supported_stix.md
@@ -1,5 +1,5 @@
-##### Updated on 05/15/23
-## Red Hat Advanced Cluster Security for Kubernetes (StackRox)
+##### Updated on 10/25/23
+## Red Hat Advanced Cluster Security for Kubernetes
 ### Results STIX Domain Objects
 * Identity
 * Observed Data
@@ -9,7 +9,7 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | + |
+| AND (Comparison) | + |
 | = | : |
 | != | :! |
 | LIKE | :r/ |
diff --git a/stix_shifter_modules/secretserver/secretserver_supported_stix.md b/stix_shifter_modules/secretserver/secretserver_supported_stix.md
index a2150c76a..852e1cff7 100644
--- a/stix_shifter_modules/secretserver/secretserver_supported_stix.md
+++ b/stix_shifter_modules/secretserver/secretserver_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## IBM Security Verify Privilege Vault
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | > |
 | >= | >= |
 | < | < |
diff --git a/stix_shifter_modules/sentinelone/sentinelone_supported_stix.md b/stix_shifter_modules/sentinelone/sentinelone_supported_stix.md
index 6845eae10..1e42a30f6 100644
--- a/stix_shifter_modules/sentinelone/sentinelone_supported_stix.md
+++ b/stix_shifter_modules/sentinelone/sentinelone_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## SentinelOne
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | = | = |
 | != | != |
 | LIKE | in contains anycase |
diff --git a/stix_shifter_modules/splunk/splunk_supported_stix.md b/stix_shifter_modules/splunk/splunk_supported_stix.md
index 53897ca2f..5ec502a30 100644
--- a/stix_shifter_modules/splunk/splunk_supported_stix.md
+++ b/stix_shifter_modules/splunk/splunk_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/18/23
+##### Updated on 10/25/23
 ## Splunk Enterprise Security
 ### Results STIX Domain Objects
 * Identity
@@ -9,36 +9,86 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
-| = | = |
-| != | != |
-| LIKE | like({field}, {value}) |
-| MATCHES | match({field}, {value}) |
 | > | > |
 | >= | >= |
 | < | < |
 | <= | <= |
-| IN | IN |
-| OR (Observation) | OR |
-| AND (Observation) | OR |
-| ISSUBSET | cidrmatch({field}, {value}) |
+| = | = |
+| != | != |
+| LIKE | encoders.like |
+| IN | encoders.set |
+| MATCHES | encoders.matches |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
+| ISSUBSET | encoders.subset |
+| AND (Observation) | {expr1} OR {expr2} |
+| OR (Observation) | {expr1} OR {expr2} |
 | FOLLOWEDBY | latest=[search {expr2} | append [makeresults 1 | eval _time=0] | head 1 | return $_time] | where {expr1} |
 | <br> | |
 ### Searchable STIX objects and properties
 | STIX Object and Property | Mapped Data Source Fields |
 |--|--|
+| **x-oca-event**:code | signature_id |
+| **x-oca-event**:action | signature |
+| **x-oca-event**:outcome | action |
+| **x-oca-event**:module | source |
+| **x-oca-event**:created | _time |
+| **x-oca-event**:duration | duration |
+| **x-oca-event**:provider | vendor_product |
+| **x-oca-event**:severity | severity |
+| **x-oca-event**:file_ref.name | file_name |
+| **x-oca-event**:process_ref.binary_ref.name | process_exec |
+| **x-oca-event**:process_ref.name | process_name |
+| **x-oca-event**:process_ref.pid | process_id |
+| **x-oca-event**:parent_process_ref.pid | parent_process_id |
+| **x-oca-event**:parent_process_ref.name | parent_process_name |
+| **x-oca-event**:domain_ref.value | query |
+| **x-oca-event**:host_ref.hostname | host |
+| **x-oca-event**:ip_refs[*].value | src_ip, dest_ip |
+| **x-oca-event**:registry_ref.key | registry_key_name |
+| **x-oca-event**:user_ref.user_id | user |
+| **x-oca-event**:url_ref.value | url |
+| **x-oca-event**:network_ref.src_port | src_port |
+| **x-oca-event**:network_ref.dst_port | dest_port |
+| **x-oca-event**:x_dest | dest |
+| **x-oca-event**:x_src | src |
+| **x-oca-event**:x_application | app |
+| **x-oca-event**:x_status | status |
+| **x-oca-event**:x_event_id | event_id |
+| **x-oca-asset**:hostname | host |
+| **x-oca-asset**:x_operating_system | os |
+| **directory**:path | file_path, process_path, parent_process_path |
+| **domain-name**:value | query, recipient_domain, src_user_domain, ssl_issuer_email_domain, ssl_subject_email_domain |
+| **x-readable-payload**:value | _raw |
+| **email-addr**:value | src_user, recipient, ssl_issuer_email, ssl_subject_email |
+| **email-addr**:x_recipient_domain_ref.value | recipient_domain |
+| **email-addr**:x_src_user_domain_ref.value | src_user_domain |
+| **email-message**:to_refs[*].value | recipient |
+| **email-message**:subject | subject |
+| **email-message**:from_ref.value | src_user |
+| **email-message**:x_url_ref.value | url |
+| **email-message**:x_internal_message_id | internal_message_id |
+| **email-message**:x_message_id | message_id |
+| **file**:hashes.MD5 | file_hash |
+| **file**:hashes.'SHA-1' | file_hash |
+| **file**:hashes.'SHA-256' | file_hash |
+| **file**:name | file_name, process_name, parent_process_name, process_exec, parent_process_exec |
+| **file**:created | file_create_time |
+| **file**:modified | file_modify_time |
+| **file**:accessed | file_access_time |
+| **file**:parent_directory_ref.path | file_path, process_path, parent_process_path |
+| **file**:size | file_size |
+| **file**:x_acl | file_acl |
 | **ipv4-addr**:value | src_ip, dest_ip |
 | **ipv4-addr**:resolves_to_refs[*].value | src_mac, dest_mac |
 | **ipv6-addr**:value | src_ip, dest_ip |
 | **ipv6-addr**:resolves_to_refs[*].value | src_mac, dest_mac |
 | **mac-addr**:value | src_mac, dest_mac |
-| **network-traffic**:dst_port | dest_port |
-| **network-traffic**:src_port | src_port |
-| **network-traffic**:protocols[*] | protocol, transport |
 | **network-traffic**:src_ref.value | src_ip |
+| **network-traffic**:src_port | src_port |
 | **network-traffic**:dst_ref.value | dest_ip |
-| **network-traffic**:dst_ref.value | dest_ip |
+| **network-traffic**:dst_port | dest_port |
+| **network-traffic**:protocols[*] | protocol, transport |
 | **network-traffic**:dst_byte_count | bytes_in |
 | **network-traffic**:src_byte_count | bytes_out |
 | **network-traffic**:dst_packets | packets_in |
@@ -59,27 +109,15 @@
 | **network-traffic**:extensions.'http-request-ext'.request_header.Referer | http_referrer |
 | **network-traffic**:extensions.'http-request-ext'.request_header.'User-Agent' | http_user_agent |
 | **network-traffic**:extensions.'http-request-ext'.x_uri_query | uri_query |
-| **domain-name**:value | query, recipient_domain, src_user_domain, ssl_issuer_email_domain, ssl_subject_email_domain |
-| **url**:value | url |
+| **process**:name | process_name, parent_process_name |
 | **process**:command_line | process, parent_process |
 | **process**:pid | process_id, parent_process_id |
-| **process**:name | process_name, parent_process_name |
 | **process**:cwd | process_current_directory |
 | **process**:binary_ref.name | process_name, parent_process_name |
+| **process**:x_unique_id | process_guid, parent_process_guid |
 | **process**:x_original_file_name | original_file_name |
 | **process**:x_memory_used | mem_used |
-| **process**:x_unique_id | process_guid, parent_process_guid |
-| **file**:name | file_name, process_name, parent_process_name, process_exec, parent_process_exec |
-| **file**:size | file_size |
-| **file**:hashes.MD5 | file_hash |
-| **file**:hashes.'SHA-1' | file_hash |
-| **file**:hashes.'SHA-256' | file_hash |
-| **file**:parent_directory_ref.path | file_path, process_path, parent_process_path |
-| **file**:created | file_create_time |
-| **file**:modified | file_modify_time |
-| **file**:accessed | file_access_time |
-| **file**:x_acl | file_acl |
-| **directory**:path | file_path, process_path, parent_process_path |
+| **url**:value | url |
 | **user-account**:user_id | user |
 | **user-account**:account_login | user_id |
 | **user-account**:x_user_name | user_name |
@@ -89,63 +127,6 @@
 | **windows-registry-key**:x_hive | registry_hive |
 | **windows-registry-key**:x_path | registry_path |
 | **windows-registry-key**:x_value_text | registry_value_text |
-| **x-oca-asset**:hostname | host |
-| **x-oca-asset**:x_operating_system | os |
-| **x-oca-event**:code | signature_id |
-| **x-oca-event**:action | signature |
-| **x-oca-event**:outcome | action |
-| **x-oca-event**:module | source |
-| **x-oca-event**:created | _time |
-| **x-oca-event**:duration | duration |
-| **x-oca-event**:provider | vendor_product |
-| **x-oca-event**:severity | severity |
-| **x-oca-event**:file_ref.name | file_name |
-| **x-oca-event**:process_ref.binary_ref.name | process_exec |
-| **x-oca-event**:process_ref.name | process_name |
-| **x-oca-event**:parent_process_ref.pid | parent_process_id |
-| **x-oca-event**:parent_process_ref.name | parent_process_name |
-| **x-oca-event**:domain_ref.value | query |
-| **x-oca-event**:host_ref.hostname | host |
-| **x-oca-event**:ip_refs[*].value | src_ip, dest_ip |
-| **x-oca-event**:registry_ref.key | registry_key_name |
-| **x-oca-event**:user_ref.user_id | user |
-| **x-oca-event**:url_ref.value | url |
-| **x-oca-event**:network_ref.src_port | src_port |
-| **x-oca-event**:network_ref.dst_port | dest_port |
-| **x-oca-event**:x_dest | dest |
-| **x-oca-event**:x_src | src |
-| **x-oca-event**:x_application | app |
-| **x-oca-event**:x_status | status |
-| **x-oca-event**:x_event_id | event_id |
-| **x-readable-payload**:value | _raw |
-| **email-addr**:value | src_user, recipient, ssl_issuer_email, ssl_subject_email |
-| **email-addr**:x_recipient_domain_ref.value | recipient_domain |
-| **email-message**:to_refs[*].value | recipient |
-| **email-message**:subject | subject |
-| **email-message**:from_ref.value | src_user |
-| **email-message**:x_url_ref.value | url |
-| **email-message**:x_internal_message_id | internal_message_id |
-| **email-message**:x_message_id | message_id |
-| **x-ibm-ttp-tagging**:extensions.'mitre-attack-ext'.technique_id | mitre_technique_id |
-| **x-splunk-vulnerability**:msft | msft |
-| **x-splunk-vulnerability**:cve | cve |
-| **x-splunk-vulnerability**:cvss | cvss |
-| **x-splunk-vulnerability**:mskb | mskb |
-| **x-splunk-authentication**:user_type | user_type |
-| **x-splunk-authentication**:user_agent | user_agent |
-| **x-splunk-authentication**:method | authentication_method |
-| **x-splunk-authentication**:service | authentication_service |
-| **x-splunk-data**:log_source | source |
-| **x-splunk-data**:log_source_type | _sourcetype |
-| **x-splunk-data**:event_type | eventtype |
-| **x-ibm-finding**:severity | severity |
-| **x-ibm-finding**:finding_type | type |
-| **x-ibm-finding**:name | signature |
-| **x-ibm-finding**:alert_id | id |
-| **x-ibm-finding**:description | description |
-| **x-ibm-finding**:src_ip_ref.value | src_ip |
-| **x-ibm-finding**:dst_ip_ref.value | dest_ip |
-| **x-ibm-finding**:ttp_tagging_refs[*].extensions.'mitre-attack-ext'.technique_id | mitre_technique_id |
 | **x509-certificate**:hashes.'SHA-256' | ssl_hash |
 | **x509-certificate**:hashes.'SHA-1' | ssl_hash |
 | **x509-certificate**:version | ssl_version |
@@ -167,10 +148,33 @@
 | **x509-certificate**:x_ssl_subject_domain_ref.value | ssl_subject_email_domain |
 | **x509-certificate**:x_ssl_issuer_organization | ssl_issuer_organization |
 | **x509-certificate**:x_ssl_subject_organization | ssl_subject_organization |
+| **x-ibm-finding**:severity | severity |
+| **x-ibm-finding**:finding_type | type |
+| **x-ibm-finding**:name | signature |
+| **x-ibm-finding**:alert_id | id |
+| **x-ibm-finding**:description | description |
+| **x-ibm-finding**:src_ip_ref.value | src_ip |
+| **x-ibm-finding**:dst_ip_ref.value | dest_ip |
+| **x-ibm-finding**:ttp_tagging_refs[*].extensions.'mitre-attack-ext'.technique_id | mitre_technique_id |
+| **x-splunk-data**:log_source | source |
+| **x-splunk-data**:log_source_type | _sourcetype |
+| **x-splunk-data**:event_type | eventtype |
+| **x-splunk-authentication**:user_type | user_type |
+| **x-splunk-authentication**:user_agent | user_agent |
+| **x-splunk-authentication**:method | authentication_method |
+| **x-splunk-authentication**:service | authentication_service |
+| **x-splunk-vulnerability**:msft | msft |
+| **x-splunk-vulnerability**:cve | cve |
+| **x-splunk-vulnerability**:cvss | cvss |
+| **x-splunk-vulnerability**:mskb | mskb |
+| **x-ibm-ttp-tagging**:extensions.'mitre-attack-ext'.technique_id | mitre_technique_id |
 | <br> | |
 ### Supported STIX Objects and Properties for Query Results
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
+| artifact | payload_bin | _raw |
+| artifact | mime_type | mime_type_raw |
+| <br> | | |
 | directory | path | process_path |
 | directory | path | parent_process_path |
 | directory | path | file_path |
@@ -181,22 +185,37 @@
 | domain-name | value | recipient_domain |
 | domain-name | value | src_user_domain |
 | <br> | | |
-| file | name | file_name |
+| email-addr | value | src_user |
+| email-addr | value | recipient |
+| email-addr | value | ssl_issuer_email |
+| email-addr | value | ssl_subject_email |
+| email-addr | x_recipient_domain_ref | recipient_domain |
+| email-addr | x_src_user_domain_ref | src_user_domain |
+| <br> | | |
+| email-message | from_ref | src_user |
+| email-message | to_refs | recipient |
+| email-message | subject | subject |
+| email-message | is_multipart | is_multipart |
+| email-message | x_internal_message_id | internal_message_id |
+| email-message | x_message_id | message_id |
+| email-message | x_message_info | message_info |
+| <br> | | |
 | file | name | process_name |
 | file | name | process_exec |
-| file | name | parent_process_name |
-| file | name | parent_process_exec |
-| file | size | file_size |
 | file | hashes | process_hash |
-| file | hashes.MD5 | file_md5 |
-| file | hashes.SHA-1 | file_sha1 |
-| file | hashes.SHA-256 | file_sha256 |
 | file | parent_directory_ref | process_path |
+| file | name | parent_process_name |
+| file | name | parent_process_exec |
 | file | parent_directory_ref | parent_process_path |
 | file | parent_directory_ref | file_path |
 | file | created | file_create_time |
 | file | modified | file_modify_time |
 | file | accessed | file_access_time |
+| file | hashes.SHA-1 | file_sha1 |
+| file | hashes.SHA-256 | file_sha256 |
+| file | hashes.MD5 | file_md5 |
+| file | name | file_name |
+| file | size | file_size |
 | file | x_acl | file_acl |
 | <br> | | |
 | ipv4-addr | value | dest_ip |
@@ -206,18 +225,18 @@
 | ipv4-addr | resolves_to_refs | dest_mac |
 | <br> | | |
 | ipv6-addr | value | dest_ip |
-| ipv6-addr | value | answer |
 | ipv6-addr | value | src_ip |
+| ipv6-addr | value | answer |
 | <br> | | |
 | mac-addr | value | src_mac |
 | mac-addr | value | dest_mac |
 | <br> | | |
-| network-traffic | src_ref | src_ip |
-| network-traffic | protocols | protocol |
-| network-traffic | protocols | transport |
 | network-traffic | dst_ref | dest_ip |
+| network-traffic | src_ref | src_ip |
 | network-traffic | dst_port | dest_port |
 | network-traffic | src_port | src_port |
+| network-traffic | protocols | protocol |
+| network-traffic | protocols | transport |
 | network-traffic | x_direction | direction |
 | network-traffic | dst_byte_count | bytes_in |
 | network-traffic | src_byte_count | bytes_out |
@@ -231,6 +250,7 @@
 | network-traffic | extensions.dns-ext.reply_code | reply_code |
 | network-traffic | extensions.dns-ext.reply_code_id | reply_code_id |
 | network-traffic | extensions.dns-ext.question.name_ref | query |
+| network-traffic | dst_ref | query |
 | network-traffic | extensions.dns-ext.resolved_ip_refs | answer |
 | network-traffic | extensions.dns-ext.transaction_id | transaction_id |
 | network-traffic | extensions.http-request-ext.request_method | http_method |
@@ -239,30 +259,31 @@
 | network-traffic | extensions.http-request-ext.request_value | uri_path |
 | network-traffic | extensions.http-request-ext.x_uri_query | uri_query |
 | <br> | | |
+| process | opened_connection_refs | protocol |
+| process | opened_connection_refs | transport |
+| process | pid | process_id |
+| process | name | process_name |
 | process | binary_ref | process_name |
+| process | command_line | process |
 | process | binary_ref | process_exec |
-| process | binary_ref | parent_process_exec |
 | process | x_unique_id | process_guid |
 | process | x_unique_id | parent_process_guid |
 | process | cwd | process_current_directory |
-| process | command_line | process |
-| process | command_line | parent_process |
-| process | x_original_file_name | original_file_name |
-| process | x_memory_used | mem_used |
-| process | pid | process_id |
 | process | pid | parent_process_id |
-| process | name | process_name |
 | process | parent_ref | parent_process_id |
 | process | name | parent_process_name |
-| process | opened_connection_refs | protocol |
-| process | opened_connection_refs | transport |
 | process | parent_ref | parent_process_name |
+| process | binary_ref | parent_process_name |
+| process | command_line | parent_process |
+| process | binary_ref | parent_process_exec |
+| process | x_original_file_name | original_file_name |
+| process | x_memory_used | mem_used |
 | <br> | | |
 | url | value | url |
 | <br> | | |
 | user-account | user_id | user |
-| user-account | x_user_name | user_name |
 | user-account | account_login | user_id |
+| user-account | x_user_name | user_name |
 | <br> | | |
 | windows-registry-key | key | registry_key_name |
 | windows-registry-key | values | registry_value |
@@ -270,14 +291,26 @@
 | windows-registry-key | x_path | registry_path |
 | windows-registry-key | x_value_text | registry_value_text |
 | <br> | | |
-| x-oca-asset | x_operating_system | os |
+| x-ibm-finding | dst_ip_ref | dest_ip |
+| x-ibm-finding | src_ip_ref | src_ip |
+| x-ibm-finding | finding_type | finding_type |
+| x-ibm-finding | severity | alert_severity |
+| x-ibm-finding | name | alert_signature |
+| x-ibm-finding | alert_id | alert_id |
+| x-ibm-finding | description | alert_description |
+| x-ibm-finding | ttp_tagging_refs | mitre_technique_id |
+| <br> | | |
+| x-ibm-ttp-tagging | extensions.mitre-attack-ext.technique_id | mitre_technique_id |
+| <br> | | |
 | x-oca-asset | hostname | host |
+| x-oca-asset | x_operating_system | os |
 | <br> | | |
 | x-oca-event | original_ref | _raw |
 | x-oca-event | ip_refs | dest_ip |
 | x-oca-event | ip_refs | src_ip |
 | x-oca-event | network_ref | dest_port |
 | x-oca-event | network_ref | src_port |
+| x-oca-event | network_ref | protocol |
 | x-oca-event | network_ref | transport |
 | x-oca-event | domain_ref | query |
 | x-oca-event | user_ref | user |
@@ -311,48 +344,20 @@
 | x-splunk-authentication | user_agent | user_agent |
 | x-splunk-authentication | user_type | user_type |
 | <br> | | |
+| x-splunk-data | log_source | source |
+| x-splunk-data | log_source_type | _sourcetype |
+| x-splunk-data | event_type | eventtype |
+| <br> | | |
 | x-splunk-vulnerability | msft | msft |
 | x-splunk-vulnerability | cve | cve |
 | x-splunk-vulnerability | cvss | cvss |
 | x-splunk-vulnerability | mskb | mskb |
 | <br> | | |
-| x-ibm-ttp-tagging | extensions.mitre-attack-ext.technique_id | mitre_technique_id |
-| <br> | | |
-| artifact | payload_bin | _raw |
-| <br> | | |
-| x-splunk-data | log_source_type | _sourcetype |
-| x-splunk-data | event_type | eventtype |
-| x-splunk-data | log_source | source |
-| <br> | | |
-| x-ibm-finding | dst_ip_ref | dest_ip |
-| x-ibm-finding | src_ip_ref | src_ip |
-| x-ibm-finding | finding_type | finding_type |
-| x-ibm-finding | severity | alert_severity |
-| x-ibm-finding | name | alert_signature |
-| x-ibm-finding | alert_id | alert_id |
-| x-ibm-finding | description | alert_description |
-| x-ibm-finding | ttp_tagging_refs | mitre_technique_id |
-| <br> | | |
-| email-addr | value | src_user |
-| email-addr | value | recipient |
-| email-addr | value | ssl_issuer_email |
-| email-addr | value | ssl_subject_email |
-| email-addr | x_recipient_domain_ref | recipient_domain |
-| email-addr | x_src_user_domain_ref | src_user_domain |
-| <br> | | |
-| email-message | from_ref | src_user |
-| email-message | to_refs | recipient |
-| email-message | subject | subject |
-| email-message | is_multipart | is_multipart |
-| email-message | x_internal_message_id | internal_message_id |
-| email-message | x_message_id | message_id |
-| email-message | x_message_info | message_info |
-| <br> | | |
 | x509-certificate | hashes.SHA-256 | ssl_hash |
 | x509-certificate | version | ssl_version |
 | x509-certificate | serial_number | ssl_serial |
 | x509-certificate | signature_algorithm | ssl_signature_algorithm |
-| x509-certificate | ssl_issuer | issuer |
+| x509-certificate | issuer | ssl_issuer |
 | x509-certificate | subject | ssl_subject |
 | x509-certificate | subject_public_key_algorithm | ssl_publickey_algorithm |
 | x509-certificate | validity_not_before | ssl_start_time |
@@ -368,4 +373,4 @@
 | x509-certificate | x_ssl_subject_organization | ssl_subject_organization |
 | x509-certificate | x_ssl_issuer_email_ref | ssl_issuer_email |
 | x509-certificate | x_ssl_subject_email_ref | ssl_subject_email |
-| <br> | | |
\ No newline at end of file
+| <br> | | |
diff --git a/stix_shifter_modules/sumologic/sumologic_supported_stix.md b/stix_shifter_modules/sumologic/sumologic_supported_stix.md
index 877b34ce7..ad7d31b9f 100644
--- a/stix_shifter_modules/sumologic/sumologic_supported_stix.md
+++ b/stix_shifter_modules/sumologic/sumologic_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Sumo Logic
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | = | = |
 | IN | OR |
 | OR (Observation) | OR |
diff --git a/stix_shifter_modules/trendmicro_vision_one/trendmicro_vision_one_supported_stix.md b/stix_shifter_modules/trendmicro_vision_one/trendmicro_vision_one_supported_stix.md
index 641bfa50f..1cfd44124 100644
--- a/stix_shifter_modules/trendmicro_vision_one/trendmicro_vision_one_supported_stix.md
+++ b/stix_shifter_modules/trendmicro_vision_one/trendmicro_vision_one_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 05/15/23
+##### Updated on 10/25/23
 ## Trend Micro Vision One
 ### Results STIX Domain Objects
 * Identity
@@ -9,8 +9,8 @@
 
 | STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | = | : |
 | != | : |
 | LIKE | : |
diff --git a/stix_shifter_modules/vectra/vectra_supported_stix.md b/stix_shifter_modules/vectra/vectra_supported_stix.md
index 927b7927f..7b239a178 100644
--- a/stix_shifter_modules/vectra/vectra_supported_stix.md
+++ b/stix_shifter_modules/vectra/vectra_supported_stix.md
@@ -1,4 +1,4 @@
-##### Updated on 19/07/23
+##### Updated on 10/25/23
 ## Vectra NDR
 ### Results STIX Domain Objects
 * Identity
@@ -7,19 +7,19 @@
 ### Supported STIX Operators
 *Comparison AND/OR operators are inside the observation while observation AND/OR operators are between observations (square brackets).*
 
-| STIX Operator | Data Vectra Operator |
+| STIX Operator | Data Source Operator |
 |--|--|
-| AND (Comparision) | AND |
-| OR (Comparision) | OR |
-| = | : |
-| != | : |
-| IN | : |
-| MATCHES | :* |
+| AND (Comparison) | AND |
+| OR (Comparison) | OR |
 | > | :> |
-| >= | :>= |
 | < | :< |
+| >= | :>= |
 | <= | :<= |
+| = | : |
 | LIKE | : |
+| IN | : |
+| MATCHES | :* |
+| != | : |
 | OR (Observation) | OR |
 | AND (Observation) | OR |
 | <br> | |
@@ -27,9 +27,9 @@
 | STIX Object and Property | Mapped Data Source Fields |
 |--|--|
 | **ipv4-addr**:value | detection.src_ip, detection.grouped_details.dst_ips, detection.grouped_details.dst_hosts.dst_ip, detection.grouped_details.normal_admin_hosts.ip, detection.grouped_details.dst_hosts.ip, detection.grouped_details.origin_ip, detection.grouped_details.sessions.dst_ip, detection.grouped_details.events.dst_ip, detection.grouped_details.events.dst_ips, detection.grouped_details.events.sessions.dst_ip, detection.grouped_details.connection_events.target_host.ip |
-| **ipv6-addr**:value | detection.src_ip, detection.grouped_details.dst_ips, detection.grouped_details.dst_hosts.dst_ip, detection.grouped_details.normal_admin_hosts.ip, detection.grouped_details.origin_ip, detection.grouped_details.sessions.dst_ip, detection.grouped_details.events.dst_ip, detection.grouped_details.events.dst_ips, detection.grouped_details.events.sessions.dst_ip, detection.grouped_details.connection_events.target_host.ip |
+| **ipv6-addr**:value | detection.src_ip, detection.grouped_details.dst_ips, detection.grouped_details.dst_hosts.dst_ip, detection.grouped_details.normal_admin_hosts.ip, detection.grouped_details.dst_hosts.ip, detection.grouped_details.origin_ip, detection.grouped_details.sessions.dst_ip, detection.grouped_details.events.dst_ip, detection.grouped_details.events.dst_ips, detection.grouped_details.events.sessions.dst_ip, detection.grouped_details.connection_events.target_host.ip |
 | **domain-name**:value | detection.grouped_details.target_domains, detection.grouped_details.origin_domain, detection.grouped_details.events.target_domains, detection.grouped_details.connection_events.target_host.dst_dns |
-| **network-traffic**:dst_port | detection.grouped_details.dst_ports, detection.grouped_details.dst_hosts.dst_port, detection.grouped_details.origin_port, detection.grouped_details.sessions.dst_port, detection.grouped_details.events.dst_port, detection.grouped_details.events.sessions.dst_port, detection.grouped_details.events.target_summary.dst_port, detection.grouped_details.connection_events.dst_port |
+| **network-traffic**:dst_port | detection.grouped_details.dst_ports, detection.grouped_details.dst_hosts.dst_port, detection.grouped_details.origin_port, detection.grouped_details.sessions.dst_port, detection.grouped_details.events.dst_ports, detection.grouped_details.events.sessions.dst_port, detection.grouped_details.events.target_summary.dst_port, detection.grouped_details.connection_events.dst_port |
 | **network-traffic**:src_port | detection.grouped_details.src_port |
 | **network-traffic**:src_ref.value | detection.src_ip |
 | **network-traffic**:dst_ref.value | detection.grouped_details.dst_ips, detection.grouped_details.dst_hosts.dst_ip, detection.grouped_details.sessions.dst_ip, detection.grouped_details.origin_ip, detection.grouped_details.events.sessions.dst_ip, detection.grouped_details.connection_events.target_host.ip |
@@ -46,9 +46,9 @@
 | **network-traffic**:x_tunnel_type | detection.grouped_details.sessions.tunnel_type |
 | **network-traffic**:x_num_sessions | detection.grouped_details.num_sessions |
 | **network-traffic**:x_user_agent | detection.grouped_details.user_agent |
-| **network-traffic**:x_dst_geo_latitude | detection.grouped_details.dst_geo_lat, detection.grouped_details.origin_geo_lat, detection.grouped_details.sessions.dst_geo_lat |
-| **network-traffic**:x_dst_geo_longitude | detection.grouped_details.dst_geo_lon, detection.grouped_details.origin_geo_lon, detection.grouped_details.sessions.dst_geo_lon |
-| **network-traffic**:x_dst_geo | detection.grouped_details.dst_geo, detection.grouped_details.origin_geo, detection.grouped_details.sessions.dst_geo |
+| **network-traffic**:x_dst_geo_latitude | detection.grouped_details.dst_geo_lat, detection.grouped_details.origin_geo_lat |
+| **network-traffic**:x_dst_geo_longitude | detection.grouped_details.dst_geo_lon, detection.grouped_details.origin_geo_lon |
+| **network-traffic**:x_dst_geo | detection.grouped_details.dst_geo, detection.grouped_details.origin_geo |
 | **network-traffic**:x_num_response_objects | detection.grouped_details.num_response_objects |
 | **network-traffic**:x_client_name | detection.grouped_details.client_name |
 | **network-traffic**:x_client_token | detection.grouped_details.client_token |
@@ -56,7 +56,7 @@
 | **network-traffic**:x_rpc_uuid | detection.grouped_details.uuid |
 | **network-traffic**:x_nt_referrer | detection.grouped_details.events.referrer |
 | **network-traffic**:x_num_events | detection.grouped_details.num_events |
-| **network-traffic**:x_time_duration | detection.grouped_details.duration, detection.grouped_details.events.duration, detection.grouped_details.events.sessions.duration, detection.grouped_details.connection_events.duration |
+| **network-traffic**:x_time_duration | detection.grouped_details.duration, detection.grouped_details.events.duration, detection.grouped_details.events.sessions.duration, detection.grouped_details.connection_events.duration_int |
 | **network-traffic**:x_status_code | detection.grouped_details.status_code |
 | **network-traffic**:x_named_pipe | detection.grouped_details.named_pipe |
 | **network-traffic**:x_uri | detection.grouped_details.uri |
@@ -99,7 +99,7 @@
 | **x-ibm-finding**:x_shares | detection.summary.shares |
 | **x-ibm-finding**:x_probable_owner | detection.summary.probable_owner |
 | **x-ibm-finding**:x_matches | detection.summary.matches |
-| **x-ibm-ttp-tagging**:name | detection.detection_category |
+| **x-ibm-ttp-tagging**:name | detection.detection_type |
 | **x-ibm-ttp-tagging**:confidence | detection.certainty |
 | **x-ibm-ttp-tagging**:kill_chain_phases.phase_name | detection.detection_category |
 | **x-oca-asset**:hostname | detection.src_host.name |
@@ -114,7 +114,7 @@
 | **x-grouped-details**:last_seen | detection.grouped_details.last_seen |
 | **x-grouped-details**:detection_source | detection.grouped_details.detection_source |
 | **x-grouped-details**:detection_slug | detection.grouped_details.detection_slug |
-| **x-grouped-details**:account_ref.user_id | detection.grouped_details.src_account.id |
+| **x-grouped-details**:account_ref.user_id | detection.grouped_details.src_account.name |
 | **x-grouped-details**:ja3_hashes | detection.grouped_details.ja3_hashes |
 | **x-grouped-details**:ja3s_hashes | detection.grouped_details.ja3s_hashes |
 | **x-grouped-details**:x_num_sessions | detection.grouped_details.num_sessions |
@@ -150,7 +150,6 @@
 | **x-anomalous-rpc**:start | detection.grouped_details.anomalous_profiles.first_timestamp |
 | **x-anomalous-rpc**:end | detection.grouped_details.anomalous_profiles.last_timestamp |
 | **x-services-requested**:service | detection.grouped_details.services_requested.service |
-| **x-services-requested**:privilege | detection.grouped_details.services_requested.privilege |
 | **x-new-host-info**:artifact | detection.grouped_details.artifact |
 | **x-new-host-info**:via | detection.grouped_details.via |
 | **x-new-host-info**:role | detection.grouped_details.role |
@@ -159,227 +158,202 @@
 ### Supported STIX Objects and Properties for Query Results
 | STIX Object | STIX Property | Data Source Field |
 |--|--|--|
-| ipv4-addr | value | detection.src_ip |
-| ipv4-addr | value | detection.grouped_details.dst_ips |
-| ipv4-addr | value | detection.grouped_details.dst_hosts.dst_ip |
-| ipv4-addr | value | detection.grouped_details.normal_admin_hosts.ip |
-| ipv4-addr | value | detection.grouped_details.dst_hosts.ip |
-| ipv4-addr | value | detection.grouped_details.origin_ip |
-| ipv4-addr | value | detection.grouped_details.sessions.dst_ip |
-| ipv4-addr | value | detection.grouped_details.events.dst_ip |
-| ipv4-addr | value | detection.grouped_details.events.dst_ips |
-| ipv4-addr | value | detection.grouped_details.events.sessions.dst_ip |
-| ipv4-addr | value | detection.grouped_details.connection_events.target_host.ip |
+| domain-name | value | target_domains |
+| domain-name | value | origin_domain |
+| domain-name | resolves_to_refs | origin_ip |
+| domain-name | value | dst_dns |
+| domain-name | resolves_to_refs | dst_dns |
+| <br> | | |
+| ipv4-addr | value | src_ip |
+| ipv4-addr | value | dst_ips |
+| ipv4-addr | value | ip |
+| ipv4-addr | value | origin_ip |
+| ipv4-addr | value | dst_ip |
 | <br> | | |
-| ipv6-addr | value | detection.src_ip |
-| ipv6-addr | value | detection.grouped_details.dst_ips |
-| ipv6-addr | value | detection.grouped_details.dst_hosts.dst_ip |
-| ipv6-addr | value | detection.grouped_details.normal_admin_hosts.ip |
-| ipv6-addr | value | detection.grouped_details.dst_hosts.ip |
-| ipv6-addr | value | detection.grouped_details.origin_ip |
-| ipv6-addr | value | detection.grouped_details.sessions.dst_ip |
-| ipv6-addr | value | detection.grouped_details.events.dst_ip |
-| ipv6-addr | value | detection.grouped_details.events.dst_ips |
-| ipv6-addr | value | detection.grouped_details.events.sessions.dst_ip |
-| ipv6-addr | value | detection.grouped_details.connection_events.target_host.ip |
+| ipv6-addr | value | src_ip |
+| ipv6-addr | value | dst_ips |
+| ipv6-addr | value | ip |
+| ipv6-addr | value | origin_ip |
+| ipv6-addr | value | dst_ip |
 | <br> | | |
-| domain-name | value | detection.grouped_details.target_domains |
-| domain-name | value | detection.grouped_details.origin_domain |
-| domain-name | value | detection.grouped_details.events.target_domains |
-| domain-name | value | detection.grouped_details.connection_events.target_host.dst_dns |
+| network-traffic | protocols | protocol |
+| network-traffic | protocols | app_protocol |
+| network-traffic | protocols | dst_protocol |
+| network-traffic | dst_port | dst_ports |
+| network-traffic | dst_ref | dst_ips |
+| network-traffic | dst_ref | groupdstReference |
+| network-traffic | x_normal_admin_host_refs | groupNormalHostReference |
+| network-traffic | src_port | src_port |
+| network-traffic | dst_byte_count | bytes_received |
+| network-traffic | src_byte_count | bytes_sent |
+| network-traffic | start | first_timestamp |
+| network-traffic | end | last_timestamp |
+| network-traffic | src_ref | last_timestamp |
+| network-traffic | x_time_duration | duration |
+| network-traffic | x_dst_geo | dst_geo |
+| network-traffic | x_dst_geo_latitude | dst_geo_lat |
+| network-traffic | x_dst_geo_longitude | dst_geo_lon |
+| network-traffic | x_reason_message | reason |
+| network-traffic | x_num_attempts | num_attempts |
+| network-traffic | x_num_successes | num_successes |
+| network-traffic | x_user_agent | user_agent |
+| network-traffic | x_status_code | status_code |
+| network-traffic | x_request_uri | uri |
+| network-traffic | x_src_session_uid | orig_sluid |
+| network-traffic | dst_ref | origin_ip |
+| network-traffic | src_ref | origin_ip |
+| network-traffic | dst_port | origin_port |
+| network-traffic | protocols | origin_protocol |
+| network-traffic | x_dst_geo_latitude | origin_geo_lat |
+| network-traffic | x_dst_geo_longitude | origin_geo_lon |
+| network-traffic | x_dst_geo | origin_geo |
+| network-traffic | x_num_accounts | num_accounts |
+| network-traffic | x_num_response_objects | num_response_objects |
+| network-traffic | x_client_name | client_name |
+| network-traffic | x_client_token | client_token |
+| network-traffic | x_rpc_uuid | uuid |
+| network-traffic | x_named_pipe | named_pipe |
+| network-traffic | x_executed_functions | executed_functions |
+| network-traffic | x_normal_user_refs | normal_users |
+| network-traffic | x_num_events | num_events |
+| network-traffic | x_num_sessions | num_sessions |
+| network-traffic | x_period_identified | period_identified |
+| network-traffic | x_smb_share | share |
+| network-traffic | x_account_uid | account_uid |
+| network-traffic | x_anomalous_rpc_refs | groupProfileReference |
+| network-traffic | x_ldap_event_refs | groupEventReference |
+| network-traffic | x_sql_request_info_refs | groupSQLReferences |
+| network-traffic | dst_port | dst_port |
+| network-traffic | dst_ref | dst_ip |
+| network-traffic | x_count | count |
+| network-traffic | x_dst_country | dst_country |
+| network-traffic | x_error_code | error_code |
+| network-traffic | x_event_type | event_type |
+| network-traffic | src_ref | first_timestamp |
+| network-traffic | extensions.http-request-ext.request_method | http_method |
+| network-traffic | x_is_normally_accessed_by_rdp | is_normally_accessed_by_rdp |
+| network-traffic | end | last_seen |
+| network-traffic | x_nt_referrer | referrer |
+| network-traffic | extensions.http-request-ext.request_value | request |
+| network-traffic | extensions.http-request-ext.x_response_code | response_code |
+| network-traffic | x_target_domain_refs | target_domains |
+| network-traffic | x_session_refs | groupSessionReference |
+| network-traffic | extensions.http-request-ext.request_header.User-Agent | user_agent |
+| network-traffic | x_tunnel_type | tunnel_type |
+| network-traffic | x_time_duration | duration_int |
+| network-traffic | x_is_external | is_external |
+| network-traffic | dst_ref | ip |
+| network-traffic | dst_byte_count | total_bytes_rcvd |
+| network-traffic | src_byte_count | total_bytes_sent |
 | <br> | | |
-| network-traffic | dst_port | detection.grouped_details.dst_ports |
-| network-traffic | dst_port | detection.grouped_details.dst_hosts.dst_port |
-| network-traffic | dst_port | detection.grouped_details.origin_port |
-| network-traffic | dst_port | detection.grouped_details.sessions.dst_port |
-| network-traffic | dst_port | detection.grouped_details.events.dst_port |
-| network-traffic | dst_port | detection.grouped_details.events.sessions.dst_port |
-| network-traffic | dst_port | detection.grouped_details.events.target_summary.dst_port |
-| network-traffic | dst_port | detection.grouped_details.connection_events.dst_port |
-| network-traffic | src_port | detection.grouped_details.src_port |
-| network-traffic | src_ref.value | detection.src_ip |
-| network-traffic | dst_ref.value | detection.grouped_details.dst_ips |
-| network-traffic | dst_ref.value | detection.grouped_details.dst_hosts.dst_ip |
-| network-traffic | dst_ref.value | detection.grouped_details.sessions.dst_ip |
-| network-traffic | dst_ref.value | detection.grouped_details.origin_ip |
-| network-traffic | dst_ref.value | detection.grouped_details.events.sessions.dst_ip |
-| network-traffic | dst_ref.value | detection.grouped_details.connection_events.target_host.ip |
-| network-traffic | protocols[*] | detection.grouped_details.protocol |
-| network-traffic | protocols[*] | detection.grouped_details.app_protocol |
-| network-traffic | protocols[*] | detection.grouped_details.dst_protocol |
-| network-traffic | protocols[*] | detection.grouped_details.origin_protocol |
-| network-traffic | protocols[*] | detection.grouped_details.sessions.protocol |
-| network-traffic | protocols[*] | detection.grouped_details.sessions.app_protocol |
-| network-traffic | protocols[*] | detection.grouped_details.events.protocol |
-| network-traffic | protocols[*] | detection.grouped_details.events.sessions.app_protocol |
-| network-traffic | protocols[*] | detection.grouped_details.events.sessions.protocol |
-| network-traffic | protocols[*] | detection.grouped_details.events.target_summary.app_protocol |
-| network-traffic | protocols[*] | detection.grouped_details.events.target_summary.protocol |
-| network-traffic | protocols[*] | detection.grouped_details.connection_events.protocol |
-| network-traffic | src_byte_count | detection.grouped_details.bytes_sent |
-| network-traffic | src_byte_count | detection.grouped_details.sessions.bytes_sent |
-| network-traffic | src_byte_count | detection.grouped_details.events.bytes_sent |
-| network-traffic | src_byte_count | detection.grouped_details.connection_events.total_bytes_sent |
-| network-traffic | dst_byte_count | detection.grouped_details.bytes_received |
-| network-traffic | dst_byte_count | detection.grouped_details.sessions.bytes_received |
-| network-traffic | dst_byte_count | detection.grouped_details.events.bytes_received |
-| network-traffic | dst_byte_count | detection.grouped_details.events.sessions.bytes_received |
-| network-traffic | dst_byte_count | detection.grouped_details.connection_events.total_bytes_rcvd |
-| network-traffic | start | detection.first_timestamp |
-| network-traffic | start | detection.grouped_details.first_timestamp |
-| network-traffic | start | detection.grouped_details.sessions.first_timestamp |
-| network-traffic | start | detection.grouped_details.events.first_timestamp |
-| network-traffic | start | detection.grouped_details.events.sessions.first_timestamp |
-| network-traffic | start | detection.grouped_details.events.target_summary.first_timestamp |
-| network-traffic | start | detection.grouped_details.connection_events.first_timestamp |
-| network-traffic | end | detection.last_timestamp |
-| network-traffic | end | detection.grouped_details.last_timestamp |
-| network-traffic | end | detection.grouped_details.dst_hosts.last_timestamp |
-| network-traffic | end | detection.grouped_details.sessions.last_timestamp |
-| network-traffic | end | detection.grouped_details.events.last_seen |
-| network-traffic | end | detection.grouped_details.events.last_timestamp |
-| network-traffic | end | detection.grouped_details.events.target_summary.last_timestamp |
-| network-traffic | end | detection.grouped_details.connection_events.last_timestamp |
-| network-traffic | x_count | detection.grouped_details.events.count |
-| network-traffic | x_dst_country | detection.grouped_details.events.dst_country |
-| network-traffic | x_num_accounts | detection.grouped_details.num_accounts |
-| network-traffic | x_reason | detection.grouped_details.reason |
-| network-traffic | x_num_attempts | detection.grouped_details.num_attempts |
-| network-traffic | x_tunnel_type | detection.grouped_details.sessions.tunnel_type |
-| network-traffic | x_num_sessions | detection.grouped_details.num_sessions |
-| network-traffic | x_user_agent | detection.grouped_details.user_agent |
-| network-traffic | x_dst_geo_latitude | detection.grouped_details.dst_geo_lat |
-| network-traffic | x_dst_geo_latitude | detection.grouped_details.origin_geo_lat |
-| network-traffic | x_dst_geo_latitude | detection.grouped_details.sessions.dst_geo_lat |
-| network-traffic | x_dst_geo_longitude | detection.grouped_details.dst_geo_lon |
-| network-traffic | x_dst_geo_longitude | detection.grouped_details.origin_geo_lon |
-| network-traffic | x_dst_geo_longitude | detection.grouped_details.sessions.dst_geo_lon |
-| network-traffic | x_dst_geo | detection.grouped_details.dst_geo |
-| network-traffic | x_dst_geo | detection.grouped_details.origin_geo |
-| network-traffic | x_dst_geo | detection.grouped_details.sessions.dst_geo |
-| network-traffic | x_num_response_objects | detection.grouped_details.num_response_objects |
-| network-traffic | x_client_name | detection.grouped_details.client_name |
-| network-traffic | x_client_token | detection.grouped_details.client_token |
-| network-traffic | x_is_normally_accessed_by_rdp | detection.grouped_details.events.is_normally_accessed_by_rdp |
-| network-traffic | x_rpc_uuid | detection.grouped_details.uuid |
-| network-traffic | x_nt_referrer | detection.grouped_details.events.referrer |
-| network-traffic | x_num_events | detection.grouped_details.num_events |
-| network-traffic | x_time_duration | detection.grouped_details.duration |
-| network-traffic | x_time_duration | detection.grouped_details.events.duration |
-| network-traffic | x_time_duration | detection.grouped_details.events.sessions.duration |
-| network-traffic | x_time_duration | detection.grouped_details.connection_events.duration |
-| network-traffic | x_status_code | detection.grouped_details.status_code |
-| network-traffic | x_named_pipe | detection.grouped_details.named_pipe |
-| network-traffic | x_uri | detection.grouped_details.uri |
-| network-traffic | x_src_session_uid | detection.grouped_details.metadata.orig_sluid |
-| network-traffic | x_executed_functions | detection.grouped_details.executed_functions |
-| network-traffic | x_event_type | detection.grouped_details.events.event_type |
-| network-traffic | x_error_code | detection.grouped_details.events.error_code |
-| network-traffic | x_target_domain_refs[*].value | detection.grouped_details.events.target_domains |
-| network-traffic | x_is_external | detection.grouped_details.connection_events.is_external |
-| network-traffic | x_request_uri | detection.grouped_details.uri |
-| network-traffic | x_period_identified | detection.grouped_details.period_identified |
-| network-traffic | x_smb_share | detection.grouped_details.share |
-| network-traffic | x_account_uid | detection.grouped_details.account_uid |
-| network-traffic | extensions.'http-request-ext'.request_method | detection.grouped_details.events.http_method |
-| network-traffic | extensions.'http-request-ext'.x_response_code | detection.grouped_details.events.response_code |
-| network-traffic | extensions.'http-request-ext'.request_header.'User-Agent' | detection.grouped_details.user_agent |
+| url | value | url |
 | <br> | | |
-| user-account | user_id | detection.grouped_details.dst_accounts.uid |
-| user-account | user_id | detection.grouped_details.src_account.name |
-| user-account | user_id | detection.grouped_details.normal_users |
-| user-account | user_id | detection.summary.accounts |
-| user-account | account_login | detection.grouped_details.src_account.name |
-| user-account | x_privilege_category | detection.grouped_details.src_account.privilege_category |
-| user-account | x_privilege_level | detection.grouped_details.src_account.privilege_level |
+| user-account | user_id | accounts |
+| user-account | user_id | normal_users |
+| user-account | user_id | name |
+| user-account | account_login | name |
+| user-account | x_privilege_category | privilege_category |
+| user-account | x_privilege_level | privilege_level |
+| user-account | user_id | uid |
 | <br> | | |
-| x-ibm-finding | name | detection.detection_type |
-| x-ibm-finding | alert_id | detection.id |
-| x-ibm-finding | description | detection.description |
-| x-ibm-finding | description | detection.summary.description |
-| x-ibm-finding | x_num_sessions | detection.grouped_details.num_sessions |
-| x-ibm-finding | severity | detection.threat |
-| x-ibm-finding | confidence | detection.certainty |
-| x-ibm-finding | start | detection.first_timestamp |
-| x-ibm-finding | end | detection.last_timestamp |
-| x-ibm-finding | time_observed | detection.created_timestamp |
-| x-ibm-finding | event_count | detection.summary.num_sessions |
-| x-ibm-finding | event_count | detection.summary.num_attempts |
-| x-ibm-finding | x_state | detection.state |
-| x-ibm-finding | x_num_successes | detection.summary.num_successes |
-| x-ibm-finding | x_assigned_to | detection.assigned_to |
-| x-ibm-finding | x_assigned_date | detection.assigned_date |
-| x-ibm-finding | x_sensor_name | detection.sensor_name |
-| x-ibm-finding | x_is_triaged | detection.is_triaged |
-| x-ibm-finding | src_ip_ref | detection.src_ip |
-| x-ibm-finding | x_dst_ports | detection.summary.dst_ports |
-| x-ibm-finding | x_account_refs.user_id | detection.summary.accounts |
-| x-ibm-finding | x_shares | detection.summary.shares |
-| x-ibm-finding | x_probable_owner | detection.summary.probable_owner |
-| x-ibm-finding | x_matches | detection.summary.matches |
+| x-anomalous-rpc | function_call | function_call |
+| x-anomalous-rpc | rpc_function_uuid | function_uuid |
+| x-anomalous-rpc | count | count |
+| x-anomalous-rpc | start | first_timestamp |
+| x-anomalous-rpc | end | last_timestamp |
 | <br> | | |
-| x-ibm-ttp-tagging | name | detection.detection_category |
-| x-ibm-ttp-tagging | confidence | detection.certainty |
-| x-ibm-ttp-tagging | kill_chain_phases.phase_name | detection.detection_category |
+| x-grouped-details | first_seen | first_seen |
+| x-grouped-details | last_seen | last_seen |
+| x-grouped-details | detection_source | detection_source |
+| x-grouped-details | detection_slug | detection_slug |
+| x-grouped-details | account_ref | name |
+| x-grouped-details | service_accessed_info_ref | name |
+| x-grouped-details | num_sessions | num_sessions |
+| x-grouped-details | ja3_hashes | ja3_hashes |
+| x-grouped-details | ja3s_hashes | ja3s_hashes |
+| x-grouped-details | start | first_timestamp |
+| x-grouped-details | end | last_timestamp |
+| x-grouped-details | count | count |
+| x-grouped-details | client_name | client_name |
+| x-grouped-details | client_token | client_token |
+| x-grouped-details | dst_byte_count | bytes_received |
+| x-grouped-details | src_byte_count | bytes_sent |
+| x-grouped-details | subnet | subnet |
+| x-grouped-details | rpc_function_uuid | uuid |
+| x-grouped-details | num_services_requested | num_services_requested |
+| x-grouped-details | num_services_high_privilege | num_services_high_privilege |
+| x-grouped-details | service_privilege | service_privilege |
+| x-grouped-details | service_refs | groupServiceReference |
+| x-grouped-details | dst_account_refs | groupServiceReference |
+| x-grouped-details | host_network_refs | group_nt_Reference |
+| x-grouped-details | event_refs | groupEventReference |
+| x-grouped-details | session_refs | groupSessionReference |
+| x-grouped-details | connection_event_refs | groupConEventsReference |
 | <br> | | |
-| x-oca-asset | hostname | detection.src_host.name |
-| x-oca-asset | device_id | detection.src_host.id |
-| x-oca-asset | x_is_key_asset | detection.src_host.is_key_asset |
-| x-oca-asset | ip_refs[*].value | detection.src_ip |
-| x-oca-asset | x_threat | detection.src_host.threat |
-| x-oca-asset | x_certainty | detection.src_host.certainty |
-| x-oca-asset | x_privilege_category | detection.grouped_details.src_host.privilege_category |
-| x-oca-asset | x_privilege_level | detection.grouped_details.src_host.privilege_level |
+| x-ibm-finding | src_ip_ref | src_ip |
+| x-ibm-finding | name | detection_type |
+| x-ibm-finding | finding_type | detection_type |
+| x-ibm-finding | alert_id | id |
+| x-ibm-finding | description | description |
+| x-ibm-finding | event_count | num_sessions |
+| x-ibm-finding | event_count | num_attempts |
+| x-ibm-finding | x_num_successes | num_successes |
+| x-ibm-finding | x_dst_ports | dst_ports |
+| x-ibm-finding | x_account_refs | accounts |
+| x-ibm-finding | x_shares | shares |
+| x-ibm-finding | x_probable_owner | probable_owner |
+| x-ibm-finding | x_matches | matches |
+| x-ibm-finding | severity | threat |
+| x-ibm-finding | confidence | certainty |
+| x-ibm-finding | start | first_timestamp |
+| x-ibm-finding | end | last_timestamp |
+| x-ibm-finding | time_observed | created_timestamp |
+| x-ibm-finding | x_state | state |
+| x-ibm-finding | x_assigned_to | assigned_to |
+| x-ibm-finding | x_assigned_date | assigned_date |
+| x-ibm-finding | ttp_tagging_refs | detection_category |
+| x-ibm-finding | x_sensor_name | sensor_name |
+| x-ibm-finding | x_is_triaged | is_triaged |
+| x-ibm-finding | src_os_user_ref | name |
+| x-ibm-finding | ioc_refs | groupIocReference |
+| x-ibm-finding | ioc_refs | groupIOCReference |
+| x-ibm-finding | x_new_host_info_refs | groupNewHostReferences |
 | <br> | | |
-| x-grouped-details | first_seen | detection.grouped_details.first_seen |
-| x-grouped-details | last_seen | detection.grouped_details.last_seen |
-| x-grouped-details | detection_source | detection.grouped_details.detection_source |
-| x-grouped-details | detection_slug | detection.grouped_details.detection_slug |
-| x-grouped-details | account_ref.user_id | detection.grouped_details.src_account.id |
-| x-grouped-details | ja3_hashes | detection.grouped_details.ja3_hashes |
-| x-grouped-details | ja3s_hashes | detection.grouped_details.ja3s_hashes |
-| x-grouped-details | x_num_sessions | detection.grouped_details.num_sessions |
-| x-grouped-details | start | detection.grouped_details.first_timestamp |
-| x-grouped-details | end | detection.grouped_details.last_timestamp |
-| x-grouped-details | count | detection.grouped_details.count |
-| x-grouped-details | client_name | detection.grouped_details.client_name |
-| x-grouped-details | client_token | detection.grouped_details.client_token |
-| x-grouped-details | dst_byte_count | detection.grouped_details.bytes_received |
-| x-grouped-details | src_byte_count | detection.grouped_details.bytes_sent |
-| x-grouped-details | subnet | detection.grouped_details.subnet |
-| x-grouped-details | rpc_function_uuid | detection.grouped_details.uuid |
-| x-grouped-details | num_services_requested | detection.grouped_details.num_services_requested |
-| x-grouped-details | num_services_high_privilege | detection.grouped_details.num_services_high_privilege |
-| x-grouped-details | service_privilege | detection.grouped_details.service_privilege |
+| x-ibm-ttp-tagging | name | detection_type |
+| x-ibm-ttp-tagging | confidence | certainty |
+| x-ibm-ttp-tagging | kill_chain_phases | detection_category |
 | <br> | | |
-| x-service-accessed-info | name | detection.grouped_details.service_accessed.name |
-| x-service-accessed-info | privilege_category | detection.grouped_details.service_accessed.privilege_category |
-| x-service-accessed-info | privilege_level | detection.grouped_details.service_accessed.privilege_level |
+| x-ldap-event | base_object | base_object |
+| x-ldap-event | request | request |
+| x-ldap-event | response_code | response_code |
+| x-ldap-event | num_response_objects | num_response_objects |
+| x-ldap-event | last_timestamp | last_timestamp |
 | <br> | | |
-| x-ldap-event | base_object | detection.grouped_details.events.base_object |
-| x-ldap-event | request | detection.grouped_details.events.request |
-| x-ldap-event | response_code | detection.grouped_details.events.response_code |
-| x-ldap-event | num_response_objects | detection.grouped_details.events.num_response_objects |
-| x-ldap-event | last_timestamp | detection.grouped_details.events.last_timestamp |
+| x-new-host-info | artifact | artifact |
+| x-new-host-info | via | via |
+| x-new-host-info | role | role |
+| x-new-host-info | end | last_timestamp |
 | <br> | | |
-| x-sql-request-info | http_segment | detection.grouped_details.targets.events.http_segment |
-| x-sql-request-info | user_agent | detection.grouped_details.targets.events.user_agent |
-| x-sql-request-info | sql_fragment | detection.grouped_details.targets.events.sql_fragment |
-| x-sql-request-info | response_code | detection.grouped_details.targets.events.response_code |
-| x-sql-request-info | bytes_received | detection.grouped_details.targets.events.bytes_received |
-| x-sql-request-info | last_seen | detection.grouped_details.targets.events.last_seen |
+| x-oca-asset | ip_refs | src_ip |
+| x-oca-asset | hostname | name |
+| x-oca-asset | device_id | id |
+| x-oca-asset | x_is_key_asset | is_key_asset |
+| x-oca-asset | x_threat | threat |
+| x-oca-asset | x_certainty | certainty |
+| x-oca-asset | x_privilege_category | privilege_category |
+| x-oca-asset | x_privilege_level | privilege_level |
 | <br> | | |
-| x-anomalous-rpc | function_call | detection.grouped_details.anomalous_profiles.function_call |
-| x-anomalous-rpc | rpc_function_uuid | detection.grouped_details.anomalous_profiles.function_uuid |
-| x-anomalous-rpc | count | detection.grouped_details.anomalous_profiles.count |
-| x-anomalous-rpc | start | detection.grouped_details.anomalous_profiles.first_timestamp |
-| x-anomalous-rpc | end | detection.grouped_details.anomalous_profiles.last_timestamp |
+| x-service-accessed-info | name | name |
+| x-service-accessed-info | privilege_category | privilege_category |
+| x-service-accessed-info | privilege_level | privilege_level |
 | <br> | | |
-| x-services-requested | service | detection.grouped_details.services_requested.service |
-| x-services-requested | privilege | detection.grouped_details.services_requested.privilege |
+| x-services-requested | service | service |
+| x-services-requested | privilege | privilege |
 | <br> | | |
-| x-new-host-info | artifact | detection.grouped_details.artifact |
-| x-new-host-info | via | detection.grouped_details.via |
-| x-new-host-info | role | detection.grouped_details.role |
-| x-new-host-info | end | detection.grouped_details.last_timestamp |
+| x-sql-request-info | http_segment | http_segment |
+| x-sql-request-info | user_agent | user_agent |
+| x-sql-request-info | sql_fragment | sql_fragment |
+| x-sql-request-info | response_code | response_code |
+| x-sql-request-info | bytes_received | bytes_received |
+| x-sql-request-info | last_seen | last_seen |
 | <br> | | |