First upload

helper_files/LLM_mapping.csv

@@ -0,0 +1,138 @@
+Key,Map
+SRC&DST,User 
+SRC&DST,Address 
+SRC&DST,System 
+SRC&DST,Host 
+SRC&DST,Hostname
+SRC&DST,system
+SRC&DST,component
+SRC&DST,service
+SRC&DST,application
+SRC&DST,origin
+SRC&DST,module
+SRC&DST,subsystem
+SRC&DST,application
+SRC&DST,node
+SRC&DST,agent
+SRC&DST,instance
+SRC&DST,Device
+SRC&DST,Machine
+SRC&DST,Endpoint
+SRC&DST,Workstation
+SRC&DST,Process
+SRC&DST,Server
+SRC&DST,Router
+SRC&DST,Gateway
+SRC&DST,Switch
+SRC&DST,Interface
+SRC&DST,Session
+SRC&DST,Task
+SRC&DST,Thread
+SRC&DST,Container
+SRC&DST,Zone
+SRC&DST,Domain
+SRC&DST,Instance
+SRC&DST,VM 
+SRC&DST,Virtual Machine
+SRC&DST,Pod
+SRC&DST,Function
+SRC&DST,Role
+SRC&DST,App
+SRC&DST,application
+SRC&DST,Tenant
+SRC&DST,Subscriber
+SRC&DST,Segment
+SRC&DST,Queue
+SRC&DST,Channel
+SRC&DST,Broker
+SRC&DST,Listener
+SRC&DST,Adapter
+SRC&DST,Cache
+SRC&DST,Pool
+SRC&DST,Node
+SRC&DST,Blade
+SRC&DST,Cluster
+SRC&DST,Core
+SRC&DST,Socket
+SRC&DST,Partition
+SRC&DST,Drive
+SRC&DST,Volume
+SRC&DST,Path
+SRC&DST,Link
+SRC&DST,Resource
+SRC&DST,rsrc
+SRC&DST,Object
+SRC&DST,obj
+SRC&DST,acc
+SRC&DST,Account
+SRC&DST,Credential
+SRC&DST,Alias
+SRC&DST,Partition
+SRC,Source
+SRC,Source name
+DST,Destination 
+DST,Destination name 
+NAME,Message 
+NAME,Alert 
+NAME,name 
+NAME,type 
+NAME,category 
+NAME,warning 
+NAME,level 
+NAME,Description 
+NAME,Desc
+NAME,msg
+NAME,Context 
+NAME,Change 
+NAME,Reason 
+NAME,Analytic 
+NAME,Event
+NAME,Detail
+NAME,Log
+NAME,Note
+NAME,Entry
+NAME,Incident
+NAME,Record
+NAME,Notification
+NAME,Signal
+NAME,Report
+NAME,Annotation
+NAME,Update
+NAME,Item
+NAME,Flash
+NAME,Call
+NAME,Broadcast
+NAME,Flag
+NAME,Detail
+NAME,Signal
+NAME,Communication
+NAME,Dispatch
+NAME,Bulletin
+NAME,Feed
+NAME,Report
+NAME,Statement
+NAME,Summary
+NAME,Post
+NAME,Brief
+NAME,Notice
+NAME,Disclosure
+NAME,Output
+NAME,Declaration
+NAME,Prompt
+NAME,Advisory
+NAME,Hint
+NAME,Critical 
+NAME,info
+NAME,warning
+NAME,Update
+NAME,Excerpt
+NAME,Synopsis
+NAME,Memo
+NAME,Journal
+NAME,Extract
+NAME,Remark
+NAME,Cue
+NAME,Highlight
+NAME,Snippet
+NAME,Summary
+NAME,Title

helper_files/column_regex.json

@@ -0,0 +1,162 @@
+{
+  "SRC&DST": {
+    "prefix": [
+      "ID",
+      "IP"
+    ],
+    "body": [
+      "Address",
+      "System",
+      "Host",
+      "Hostname",
+      "system",
+      "component",
+      "service",
+      "application",
+      "origin",
+      "module",
+      "subsystem",
+      "service",
+      "application",
+      "node",
+      "agent",
+      "instance",
+      "Device",
+      "Machine",
+      "Endpoint",
+      "Workstation",
+      "Process",
+      "Server",
+      "Router",
+      "Gateway",
+      "Switch",
+      "Interface",
+      "Session",
+      "Task",
+      "Thread",
+      "Container",
+      "Zone",
+      "Domain",
+      "Instance",
+      "VM",
+      "Virtual Machine",
+      "Pod",
+      "Function",
+      "Role",
+      "App",
+      "application",
+      "Service",
+      "Tenant",
+      "Subscriber",
+      "Segment",
+      "Queue",
+      "Channel",
+      "Broker",
+      "Listener",
+      "Adapter",
+      "Cache",
+      "Pool",
+      "Node",
+      "Blade",
+      "Cluster",
+      "Core",
+      "Socket",
+      "Partition",
+      "Drive",
+      "Volume",
+      "Path",
+      "Link",
+      "Resource",
+      "rsrc",
+      "Object",
+      "obj",
+      "acc",
+      "Account",
+      "Credential",
+      "Alias",
+      "Partition"
+    ],
+    "suffix": [
+      "ID",
+      "IP",
+      "name"
+    ]
+  }, 
+    "NAME": {
+    "prefix": [
+      "Event",
+      "Alert",
+      "incident",
+      "Log",
+      "error" 
+    ],
+    "body": [
+        "Alert",
+        "Message",
+        "Name",
+        "Type",
+        "Category",
+        "Warning",
+        "Level",
+        "Description",
+        "Desc",
+        "Msg",
+        "Context",
+        "Change",
+        "Reason",
+        "Analytic",
+        "Event",
+        "Detail",
+        "Log",
+        "Note",
+        "Entry",
+        "Incident",
+        "Record",
+        "Notification",
+        "Signal",
+        "Report",
+        "Annotation",
+        "Update",
+        "Item",
+        "Flash",
+        "Call",
+        "Broadcast",
+        "Flag",
+        "Communication",
+        "Dispatch",
+        "Bulletin",
+        "Feed",
+        "Statement",
+        "Summary",
+        "Post",
+        "Brief",
+        "Notice",
+        "Disclosure",
+        "Output",
+        "Declaration",
+        "Prompt",
+        "Advisory",
+        "Hint",
+        "Critical",
+        "Info",
+        "Warning",
+        "Update",
+        "Excerpt",
+        "Synopsis",
+        "Memo",
+        "Journal",
+        "Extract",
+        "Remark",
+        "Cue",
+        "Highlight",
+        "Snippet",
+        "Summary"
+      ],
+    "suffix": [
+      "Title",
+      "Report",
+      "Brief"
+    ]
+  }
+
+}

helper_files/table_regex.json

@@ -0,0 +1,50 @@
+[
+    {
+      "name": "windows_file_paths",
+      "pattern": "^([a-zA-Z]:)?(\\\\[^\\\\\\/:*?\"<>|]+)+(\\\\)?([^\\\\\\/:*?\"<>|]+)?$"
+    },
+    {
+      "name": "unix_file_paths",
+      "pattern": "^(\\/[^\\/\\s]*)+\\/?([^\\/\\s]+)?$"
+    },
+    {
+      "name": "files",
+      "pattern": "^[^\\x00-\\x1F\\\\/:*?\"<>|]+\\.[A-Za-z]+$"
+    },
+    {
+      "name": "ipv4",
+      "pattern": "\\b((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\\b"
+    },
+    {
+      "name": "ipv4",
+      "pattern": "\\b((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\\-){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\\b"
+    },
+    {
+      "name": "ipv4",
+      "pattern": "^ip-(\\d{1,3}-\\d{1,3}-\\d{1,3}-\\d{1,3})\\.([a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$"
+    },
+    {
+      "name": "ipv6",
+      "pattern": "\\b(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\\b"
+    },
+    {
+      "name": "urls",
+      "pattern": "\\b(?:https?|ftp|file):\\/\\/[-A-Za-z0-9+&@#\\/%?=~_|!:,.;]*[-A-Za-z0-9+&@#\\/%=~_|]"
+    },
+    {
+      "name": "mac_address",
+      "pattern": "^([0-9A-Fa-f]{2}([-:])){5}[0-9A-Fa-f]{2}$|^[0-9A-Fa-f]{4}\\.[0-9A-Fa-f]{4}\\.[0-9A-Fa-f]{4}$"
+    },
+    {
+      "name": "time",
+      "pattern": "^\\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])\\s([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$"
+    },
+    {
+      "name": "time",
+      "pattern": "^(0[1-9]|1[0-2])/(0[1-9]|[12][0-9]|3[01])/\\d{4}\\s(0[1-9]|1[0-2]):([0-5][0-9]):([0-5][0-9])\\s([APap][Mm])$"
+    },
+    {
+      "name": "time",
+      "pattern": "^\\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])(\\.\\d+)?(Z|([+-][01][0-9]:[0-5][0-9]))?$"
+    }
+    ]