Reaqta name change (#1514)

opencybersecurityalliance · Jun 23, 2023 · dc72086 · dc72086
1 parent f376d59
commit dc72086
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 25 deletions.
diff --git a/CONNECTORS.md b/CONNECTORS.md
@@ -35,7 +35,7 @@ List updated: April 18, 2023
 |   27  |       [Palo Alto Cortex XDR](stix_shifter_modules/paloalto)                        | paloalto              | Default    | IBM Security | Yes         | Yes          | Released     |
 |   28  |       [SentinelOne](stix_shifter_modules/sentinelone)                        | sentinelone              | Default    | IBM Security | Yes         | Yes          | Released     |
 |   29  |       [Darktrace](stix_shifter_modules/darktrace)                           | darktrace              | Default    | IBM Security | Yes         | Yes          | Released     |
-|   30  |       [IBM Security ReaQta](stix_shifter_modules/reaqta)                           | reaqta             | Default    | IBM Security | Yes         | Yes          | Released     |
+|   30  |       [IBM Security QRadar EDR](stix_shifter_modules/reaqta)                           | reaqta             | Default    | IBM Security | Yes         | Yes          | Released     |
 |   31  |       [IBM Security Verify](stix_shifter_modules/ibm_security_verify)                           | ibm_security_verify             | Default    | IBM Security | Yes         | Yes          | Released     |
 |   32  |       [Red Hat Advanced Cluster Security for Kubernetes (StackRox)](stix_shifter_modules/rhacs)                           | rhacs             | Default    | IBM Security | Yes         | Yes          | Released     |
 |   33  |      [GCP Chronicle](stix_shifter_modules/gcp_chronicle)                   | gcp_chronicle              | Default    | IBM Security | Yes         | Yes          | Released     |

diff --git a/adapter-guide/connectors/reaqta_supported_stix.md b/adapter-guide/connectors/reaqta_supported_stix.md
@@ -1,5 +1,5 @@
 ##### Updated on 03/08/23
-## IBM Security ReaQta
+## IBM Security QRadar EDR
 ### Supported STIX Operators
 *Comparison AND/OR operators are inside the observation while observation AND/OR operators are between observations (square brackets).*
 

diff --git a/adapter-guide/supported-mappings.md b/adapter-guide/supported-mappings.md
@@ -37,7 +37,7 @@ Stix-shifter currently offers connector support for the following cybersecurity
 - [Cybereason](../stix_shifter_modules/cybereason/cybereason_supported_stix.md)
 - [PaloAlto Cortex XDR](../stix_shifter_modules/paloalto/paloalto_supported_stix.md)
 - [SentinelOne](../stix_shifter_modules/sentinelone/sentinelone_supported_stix.md)
-- [IBM Security ReaQta](../stix_shifter_modules/reaqta/reaqta_supported_stix.md)
+- [IBM Security QRadar EDR](../stix_shifter_modules/reaqta/reaqta_supported_stix.md)
 - [Darktrace](../stix_shifter_modules/darktrace/darktrace_supported_stix.md)
 - [Red Hat Advanced Cluster Security for Kubernetes (StackRox)](../stix_shifter_modules/rhacs/rhacs_supported_stix.md)
 - [IBM Security Verify](../stix_shifter_modules/ibm_security_verify/ibm_security_verify_supported_stix.md)

diff --git a/stix_shifter/scripts/supported_property_exporter.py b/stix_shifter/scripts/supported_property_exporter.py
@@ -41,7 +41,7 @@
     "cybereason": "Cybereason",
     "paloalto": "PaloAlto Cortex XDR",
     "sentinelone": "SentinelOne",
-    "reaqta": "IBM Security ReaQta",
+    "reaqta": "IBM Security QRadar EDR",
     "darktrace": "Darktrace",
     "rhacs": "Red Hat Advanced Cluster Security for Kubernetes (StackRox)",
     "ibm_security_verify": "IBM Security Verify",

diff --git a/stix_shifter_modules/reaqta/README.md b/stix_shifter_modules/reaqta/README.md
@@ -1,16 +1,12 @@
-#  ReaQta
+#  IBM Security QRadar EDR Connector
 
-Reaqta is an AI-powered, automated endpoint security platform. ReaQta Connector can be used to search security events and alerts generated in ReaQta platform.
-
-## Supported STIX Mappings
-
-See the [table of mappings](reaqta_supported_stix.md) for the STIX objects and operators supported by this connector.
+IBM Security® QRadar® EDR, formerly ReaQta, is an AI-powered, automated endpoint security platform. This connector can be used to search security events and alerts generated in the IBM Security® QRadar® EDR platform.
 
 ## API and Query Language
 
-Connector uses Reaqta Hunt API. Endpoint Path: `/1/events/hunt`
+The connector uses the Hunt API. Endpoint Path: `/1/events/hunt`
 
-For search, the connector uses HunQ: The ReaQta-Hive Hunt Query Language. The query is similar to the WHERE clause of a SQL query.
+For search, the connector uses HunQ: The Hive Hunt Query Language. The query is similar to the WHERE clause of a SQL query.
 
 
 ### Format for making STIX translation calls via the CLI
@@ -89,7 +85,7 @@ python main.py transmit reaqta '{"host":"<reaqta_host>"}' '{ "auth": { "app_id":
         }
 ```
 
-##  ReaQta response results to STIX objects
+##  Response results to STIX objects
 
 ### Translate command
 ``` 

diff --git a/stix_shifter_modules/reaqta/configuration/config.json b/stix_shifter_modules/reaqta/configuration/config.json
@@ -1,7 +1,7 @@
 {
     "connection": {
         "type": {
-            "displayName": "IBM Security ReaQta",
+            "displayName": "IBM Security QRadar EDR",
             "group": "reaqta"
         },
         "host": {

diff --git a/stix_shifter_modules/reaqta/configuration/lang_en.json b/stix_shifter_modules/reaqta/configuration/lang_en.json
@@ -14,19 +14,19 @@
             "description": "More details on the data source setting can be found in the specified link"
         },
         "selfSignedCert": {
-            "label": "ReaQta certificate",
+            "label": "Self-signed certificate",
             "placeholder": "Paste your certificate"
         }
     },
     "configuration": {
         "auth": {
             "app_id": {
-                "label": "Reaqta app ID",
-                "description": "Reaqta App ID with access to the Hunt API"
+                "label": "App ID",
+                "description": "App ID with access to the Hunt API"
             },
             "secret_key": {
                 "label": "Secret key",
-                "description": "Reaqta App Secret Key with access to the Hunt API"
+                "description": "App Secret Key with access to the Hunt API"
             }
         }
     }

diff --git a/stix_shifter_modules/reaqta/reaqta_supported_stix.md b/stix_shifter_modules/reaqta/reaqta_supported_stix.md
@@ -1,5 +1,5 @@
-##### Updated on 05/15/23
-## IBM Security ReaQta
+##### Updated on 06/21/23
+## IBM Security QRadar EDR
 ### Results STIX Domain Objects
 * Identity
 * Observed Data
@@ -61,6 +61,10 @@
 | **x-ibm-finding**:finding_type | antimalware.threatType |
 | **x-ibm-finding**:name | antimalware.objectStatus |
 | **x-ibm-finding**:src_ip_ref.value | ip |
+| **x-ibm-finding**:ttp_tagging_refs | mitre.tactic, mitre.technique |
+| **x-ibm-ttp-tagging**:name | mitre.technique |
+| **x-ibm-ttp-tagging**:extensions.'mitre-attack-ext'.tactic_name | mitre.tactic |
+| **x-ibm-ttp-tagging**:extensions.'mitre-attack-ext'.technique_name | mitre.technique |
 | **x-oca-asset**:extensions.'x-reaqta-consumer'.command_line_template_tokens | consumer.cmdline |
 | **x-oca-asset**:extensions.'x-reaqta-consumer'.consumer_name | wmi.consumerName |
 | **x-oca-asset**:extensions.'x-reaqta-consumer'.consumer_type | wmi.consumerType |
@@ -88,7 +92,6 @@
 | **x-oca-event**:network_ref.src_ref.value | ip |
 | **x-oca-event**:parent_process_ref.pid | service.ppid |
 | **x-oca-event**:process_ref.pid | wmi.clientPid |
-| **x-oca-event**:user_ref.user_id |  |
 | **x-reaqta-amsi**:content_name | antimalware.contentName |
 | **x-reaqta-amsi**:scan_result | antimalware.scanResult |
 | **x-reaqta-avdetection**:av_scan_reason | antimalware.scanReason |
@@ -182,10 +185,8 @@
 | **x-reaqta-event**:service_name | service.name |
 | **x-reaqta-event**:service_type | service.type |
 | **x-reaqta-event**:start_type | service.startType |
-| **x-reaqta-event**:tactics | mitre.tactic |
 | **x-reaqta-event**:tags | eventdata.tag |
 | **x-reaqta-event**:task_name | task.name |
-| **x-reaqta-event**:technique | mitre.technique |
 | **x-reaqta-event**:version | eventdata.version |
 | **x-reaqta-network**:outbound | isOutbound |
 | **x-reaqta-process**:logon_id | accessor.login.id, allocator.login.id, engine.login.id, login.id, service.login.id |
@@ -289,6 +290,12 @@
 | x-ibm-finding | src_ip_ref | localAddrV6 |
 | x-ibm-finding | dst_ip_ref | remoteAddrV4 |
 | x-ibm-finding | dst_ip_ref | remoteAddrV6 |
+| x-ibm-finding | ttp_tagging_refs | tactics |
+| x-ibm-finding | ttp_tagging_refs | technique |
+| <br> | | |
+| x-ibm-ttp-tagging | extensions.'mitre-attack-ext'.tactic_name | tactics |
+| x-ibm-ttp-tagging | extensions.'mitre-attack-ext'.technique_name | technique |
+| x-ibm-ttp-tagging | extensions.name | technique |
 | <br> | | |
 | x-oca-asset | host_id | endpointId |
 | x-oca-asset | hostname | clientMachine |
@@ -416,10 +423,8 @@
 | x-reaqta-event | service_name | serviceName |
 | x-reaqta-event | service_type | serviceType |
 | x-reaqta-event | start_type | startType |
-| x-reaqta-event | tactics | tactics |
 | x-reaqta-event | tags | tags |
 | x-reaqta-event | task_name | taskName |
-| x-reaqta-event | technique | technique |
 | x-reaqta-event | version | version |
 | <br> | | |
 | x509-certificate | extensions.x-reaqta-cert.expired | expired |