From 7fb3fdef861c0dc645f6d85c8527b86544fc8800 Mon Sep 17 00:00:00 2001
From: Xiaokui Shu <subbyte@gmail.com>
Date: Thu, 5 Oct 2023 14:51:42 -0400
Subject: [PATCH] add from stix mapping of OS in ECS (#1597)

---
 .../elastic_ecs/stix_translation/json/from_stix_map.json        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stix_shifter_modules/elastic_ecs/stix_translation/json/from_stix_map.json b/stix_shifter_modules/elastic_ecs/stix_translation/json/from_stix_map.json
index 01e2ce1f0..9b988627e 100644
--- a/stix_shifter_modules/elastic_ecs/stix_translation/json/from_stix_map.json
+++ b/stix_shifter_modules/elastic_ecs/stix_translation/json/from_stix_map.json
@@ -272,7 +272,7 @@
       "egress.interface.id": ["observer.egress.interface.id"],
       "egress.interface.name": ["observer.egress.interface.name"],
       "uptime": ["host.uptime"],
-      "os_ref.name": ["host.os.name", "observer.os.name", "observer.product"],
+      "os_ref.name": ["host.os.name", "os.name", "os.type", "observer.os.name", "observer.product"],
       "os_ref.vendor": ["host.os.platform", "observer.os.platform", "observer.vendor"],
       "os_ref.version": ["host.os.version", "observer.os.version", "observer.version"],
       "container.id": ["container.id"],