|
10 | 10 | "Carbon Black Endpoint Standard": { |
11 | 11 | "dontMapEventToLabels": true, |
12 | 12 | "internalMapping": { |
13 | | - "Alert Category": { |
14 | | - "complex": null, |
15 | | - "simple": "category" |
16 | | - }, |
17 | 13 | "Alert ID": { |
18 | | - "complex": null, |
19 | 14 | "simple": "id" |
20 | 15 | }, |
21 | 16 | "Carbon Black ES Alert Severity": { |
22 | | - "complex": null, |
23 | 17 | "simple": "severity" |
24 | 18 | }, |
25 | 19 | "Carbon Black ES First Event Time": { |
26 | | - "complex": null, |
27 | | - "simple": "first_event_time" |
| 20 | + "simple": "first_event_timestamp" |
28 | 21 | }, |
29 | 22 | "Carbon Black ES IOC Hit": { |
30 | | - "complex": null, |
31 | 23 | "simple": "ioc_hit" |
32 | 24 | }, |
33 | 25 | "Carbon Black ES IOC Id": { |
34 | | - "complex": null, |
35 | 26 | "simple": "ioc_id" |
36 | 27 | }, |
37 | 28 | "Carbon Black ES Last Event Time": { |
38 | | - "complex": null, |
39 | | - "simple": "last_event_time" |
| 29 | + "simple": "last_event_timestamp" |
40 | 30 | }, |
41 | 31 | "Carbon Black ES Process Id": { |
42 | | - "complex": null, |
43 | 32 | "simple": "process_guid" |
44 | 33 | }, |
45 | 34 | "Carbon Black ES Process Name": { |
46 | | - "complex": null, |
47 | 35 | "simple": "process_name" |
48 | 36 | }, |
49 | 37 | "Carbon Black ES Report Name": { |
50 | | - "complex": null, |
51 | 38 | "simple": "report_name" |
52 | 39 | }, |
53 | 40 | "Carbon Black ES Reputation": { |
54 | | - "complex": null, |
55 | | - "simple": "threat_cause_reputation" |
| 41 | + "simple": "process_reputation" |
56 | 42 | }, |
57 | 43 | "Carbon Black ES Target Value": { |
58 | | - "complex": null, |
59 | | - "simple": "target_value" |
60 | | - }, |
61 | | - "Carbon Black ES Threat Category": { |
62 | | - "complex": null, |
63 | | - "simple": "threat_cause_threat_category" |
| 44 | + "simple": "device_target_value" |
64 | 45 | }, |
65 | 46 | "Carbon Black ES Threat Id": { |
66 | | - "complex": null, |
67 | 47 | "simple": "threat_id" |
68 | 48 | }, |
69 | | - "Carbon Black ES Vector": { |
70 | | - "complex": null, |
71 | | - "simple": "threat_cause_vector" |
72 | | - }, |
73 | 49 | "Changed": { |
74 | | - "complex": null, |
75 | 50 | "simple": "workflow.changed_by" |
76 | 51 | }, |
77 | 52 | "Description": { |
78 | | - "complex": null, |
79 | 53 | "simple": "reason" |
80 | 54 | }, |
81 | 55 | "Device Id": { |
82 | | - "complex": null, |
83 | 56 | "simple": "device_id" |
84 | 57 | }, |
85 | 58 | "Device Name": { |
86 | | - "complex": null, |
87 | 59 | "simple": "device_name" |
88 | 60 | }, |
89 | 61 | "Device Username": { |
90 | | - "complex": null, |
91 | 62 | "simple": "device_username" |
92 | 63 | }, |
93 | 64 | "Last Update Time": { |
94 | | - "complex": null, |
95 | | - "simple": "last_update_time" |
| 65 | + "simple": "backend_update_timestamp" |
96 | 66 | }, |
97 | 67 | "OS": { |
98 | | - "complex": null, |
99 | 68 | "simple": "device_os" |
100 | 69 | }, |
101 | 70 | "OS Version": { |
102 | | - "complex": null, |
103 | 71 | "simple": "device_os_version" |
104 | 72 | }, |
105 | 73 | "Policy ID": { |
106 | | - "complex": null, |
107 | | - "simple": "policy_id" |
| 74 | + "simple": "device_policy_id" |
108 | 75 | }, |
109 | 76 | "Carbon Black ES Report ID": { |
110 | | - "complex": null, |
111 | 77 | "simple": "report_id" |
112 | 78 | }, |
113 | 79 | "SHA256": { |
114 | | - "complex": null, |
115 | | - "simple": "threat_cause_actor_sha256" |
| 80 | + "simple": "process_sha256" |
116 | 81 | }, |
117 | 82 | "State": { |
118 | | - "complex": null, |
119 | | - "simple": "workflow.state" |
| 83 | + "simple": "workflow.status" |
120 | 84 | }, |
121 | 85 | "Tags": { |
122 | | - "complex": null, |
123 | 86 | "simple": "tags" |
124 | 87 | } |
125 | 88 | } |
|
0 commit comments