Splunk UDI Connector -Upgrade (#1479)

opencybersecurityalliance · Jun 26, 2023 · 9e3df37 · 9e3df37
1 parent 3005df5
commit 9e3df37
Show file tree

Hide file tree

Showing 22 changed files with 5,206 additions and 1,649 deletions.
diff --git a/stix_shifter_modules/splunk/README.md b/stix_shifter_modules/splunk/README.md
diff --git a/stix_shifter_modules/splunk/splunk_supported_stix.md b/stix_shifter_modules/splunk/splunk_supported_stix.md
diff --git a/stix_shifter_modules/splunk/stix_translation/json/from_stix_map.json b/stix_shifter_modules/splunk/stix_translation/json/from_stix_map.json
diff --git a/stix_shifter_modules/splunk/stix_translation/json/select_fields.json b/stix_shifter_modules/splunk/stix_translation/json/select_fields.json
@@ -3,27 +3,16 @@
     "src_ip",
     "src_port",
     "src_mac",
-    "src_ipv6",
     "dest_ip",
     "dest_port",
     "dest_mac",
-    "dest_ipv6",
     "file_hash",
     "user",
     "url",
     "protocol",
     "host",
     "source",
-    "DeviceType",
-    "Direction",
     "severity",
-    "EventID",
-    "EventName",
-    "ss_name",
-    "TacticId",
-    "Tactic",
-    "TechniqueId",
-    "Technique",
     "process",
     "process_id",
     "process_name",
@@ -36,10 +25,95 @@
     "parent_process_name",
     "parent_process_exec",
     "description",
-    "result",
     "signature",
     "signature_id",
     "query",
-    "answer"
+    "answer",
+    "transport",
+    "bytes_in",
+    "bytes_out",
+    "packets_in",
+    "packets_out",
+    "direction",
+    "name",
+    "message_type",
+    "query_count",
+    "query_type",
+    "record_type",
+    "reply_code",
+    "reply_code_id",
+    "vendor_product",
+    "duration",
+    "transaction_id",
+    "action",
+    "file_access_time",
+    "file_acl",
+    "registry_hive",
+    "registry_path",
+    "registry_key_name",
+    "registry_value_data",
+    "registry_value_name",
+    "registry_value_text",
+    "registry_value_type",
+    "status",
+    "ssl_version",
+    "ssl_serial",
+    "ssl_issuer",
+    "ssl_subject",
+    "ssl_signature_algorithm",
+    "ssl_publickey_algorithm",
+    "ssl_start_time",
+    "ssl_end_time",
+    "ssl_is_valid",
+    "ssl_issuer_common_name",
+    "ssl_subject_common_name",
+    "ssl_name",
+    "ssl_publickey",
+    "ssl_issuer_email",
+    "ssl_subject_email",
+    "ssl_issuer_email_domain",
+    "ssl_subject_email_domain",
+    "ssl_issuer_organization",
+    "ssl_subject_organization",
+    "recipient",
+    "subject",
+    "file_hash",
+    "file_name",
+    "file_size",
+    "recipient_domain",
+    "src_user_domain",
+    "internal_message_id",
+    "message_id",
+    "message_info",
+    "app",
+    "authentication_method",
+    "authentication_service",
+    "dest",
+    "src",
+    "src_user",
+    "user_name",
+    "user_id",
+    "user_type",
+    "user_agent",
+    "http_method",
+    "http_referrer",
+    "http_user_agent",
+    "uri_path",
+    "uri_query",
+    "os",
+    "dvc",
+    "id",
+    "msft",
+    "cve",
+    "cvss",
+    "mskb",
+    "type",
+    "eventtype",
+    "event_id",
+    "mitre_technique_id",
+    "mem_used",
+    "original_file_name",
+    "file_create_time",
+    "file_modify_time"
   ]
 }