update: extend new fields in sigmahq_taxonomy.json (#54)

swachchhanda000 · web-flow · commit 0d30ef9fc811 · 2025-11-10T19:33:20.000+01:00
* update: extend new proxy fields in sigmahq_taxonomy.json

* add more fields

* update sigmahq_data.py to incorprate all the changes
diff --git a/sigma/validators/sigmahq/sigmahq_data.py b/sigma/validators/sigmahq/sigmahq_data.py
@@ -870,7 +870,7 @@
     ): "zeek_",
 }
 
-taxonomy_version: str = "20250825"
+taxonomy_version: str = "20251103"
 ref_sigmahq_fieldsname: Dict[SigmaLogSource, List[str]] = {
     SigmaLogSource(
         category=None,
@@ -1598,6 +1598,7 @@
         "cs-uri",
         "cs-uri-port",
         "cs-uri-scheme",
+        "cs-uri-stem",
         "cs-user-agent",
         "cs-version",
         "dst_ip",
@@ -2131,7 +2132,16 @@
         definition=None,
         source=None,
         custom_attributes=None,
-    ): ["Channel", "Computer", "EventID", "Provider_Name", "Security_UserID", "subjectName"],
+    ): [
+        "Channel",
+        "Computer",
+        "EventID",
+        "Flags",
+        "HasFullTrust",
+        "Provider_Name",
+        "Security_UserID",
+        "subjectName",
+    ],
     SigmaLogSource(
         category=None,
         product="windows",
diff --git a/tools/sigmahq_taxonomy.json b/tools/sigmahq_taxonomy.json
@@ -1,6 +1,6 @@
 {
     "title": "Sigma taxonomy",
-    "version": "20250825",
+    "version": "20251103",
     "taxonomy": {
         "aws_none_cloudtrail": {
             "logsource": {
@@ -1025,10 +1025,10 @@
             "description": null,
             "field": {
                 "native": [
-                    "c-uri",
                     "c-uri-extension",
                     "c-uri-query",
                     "c-uri-stem",
+                    "c-uri",
                     "c-useragent",
                     "cs-bytes",
                     "cs-content-type",
@@ -1039,6 +1039,7 @@
                     "cs-referrer",
                     "cs-uri-port",
                     "cs-uri-scheme",
+                    "cs-uri-stem",
                     "cs-uri",
                     "cs-user-agent",
                     "cs-version",
@@ -1769,7 +1770,9 @@
                     "EventID",
                     "Provider_Name",
                     "Security_UserID",
-                    "subjectName"
+                    "subjectName",
+                    "Flags",
+                    "HasFullTrust"
                 ],
                 "custom": [],
                 "redundant": []
