#Standard profile minus MITRE ATT&CK Tactics and Record ID.
minimal:
    Timestamp: "%Timestamp%"
    Computer: "%Computer%"
    Channel: "%Channel%"
    EventID: "%EventID%"
    Level: "%Level%"
    RuleTitle: "%RuleTitle%"
    Details: "%Details%"

standard:
    Timestamp: "%Timestamp%"
    Computer: "%Computer%"
    Channel: "%Channel%"
    EventID: "%EventID%"
    Level: "%Level%"
    RecordID: "%RecordID%"
    RuleTitle: "%RuleTitle%"
    Details: "%Details%"

#Standard profile plus MitreTags(MITRE techniques, software and groups), rule filename and EVTX filename.
verbose:
    Timestamp: "%Timestamp%"
    Computer: "%Computer%"
    Channel: "%Channel%"
    EventID: "%EventID%"
    Level: "%Level%"
    MitreTactics: "%MitreTactics%"
    MitreTags: "%MitreTags%"
    OtherTags: "%OtherTags%"
    RecordID: "%RecordID%"
    RuleTitle: "%RuleTitle%"
    Details: "%Details%"
    RuleFile: "%RuleFile%"
    EvtxFile: "%EvtxFile%"

#Verbose profile with all field information instead of the minimal fields defined in the Details field.
all-field-info:
    Timestamp: "%Timestamp%"
    Computer: "%Computer%"
    Channel: "%Channel%"
    EventID: "%EventID%"
    Level: "%Level%"
    RecordID: "%RecordID%"
    RuleTitle: "%RuleTitle%"
    AllFieldInfo: "%RecordInformation%"
    RuleFile: "%RuleFile%"
    EvtxFile: "%EvtxFile%"

#Verbose profile with all field information and tags.
all-field-info-verbose:
    Timestamp: "%Timestamp%"
    Computer: "%Computer%"
    Channel: "%Channel%"
    EventID: "%EventID%"
    Level: "%Level%"
    MitreTactics: "%MitreTactics%"
    MitreTags: "%MitreTags%"
    OtherTags: "%OtherTags%"
    RecordID: "%RecordID%"
    RuleTitle: "%RuleTitle%"
    AllFieldInfo: "%RecordInformation%"
    RuleFile: "%RuleFile%"
    EvtxFile: "%EvtxFile%"

#Verbose profile plus all field information. (Warning: this will more than double the output file size!)
super-verbose:
    Timestamp: "%Timestamp%"
    Computer: "%Computer%"
    Channel: "%Channel%"
    EventID: "%EventID%"
    Level: "%Level%"
    MitreTactics: "%MitreTactics%"
    MitreTags: "%MitreTags%"
    OtherTags: "%OtherTags%"
    RecordID: "%RecordID%"
    RuleTitle: "%RuleTitle%"
    Details: "%Details%"
    RuleFile: "%RuleFile%"
    EvtxFile: "%EvtxFile%"
    AllFieldInfo: "%RecordInformation%"

#Output that is compatible to import the CSV into Timesketch
timesketch-minimal:
    datetime: "%Timestamp%"
    timestamp_desc: "hayabusa"
    message: "%RuleTitle%"
    Computer: "%Computer%"
    Channel: "%Channel%"
    EventID: "%EventID%"
    Level: "%Level%"
    MitreTactics: "%MitreTactics%"
    MitreTags: "%MitreTags%"
    OtherTags: "%OtherTags%"
    RecordID: "%RecordID%"
    Details: "%Details%"
    RuleFile: "%RuleFile%"
    EvtxFile: "%EvtxFile%"

#Output that is compatible to import the CSV into Timesketch
timesketch-verbose:
    datetime: "%Timestamp%"
    timestamp_desc: "hayabusa"
    message: "%RuleTitle%"
    Computer: "%Computer%"
    Channel: "%Channel%"
    EventID: "%EventID%"
    Level: "%Level%"
    MitreTactics: "%MitreTactics%"
    MitreTags: "%MitreTags%"
    OtherTags: "%OtherTags%"
    RecordID: "%RecordID%"
    Details: "%Details%"
    RuleFile: "%RuleFile%"
    EvtxFile: "%EvtxFile%"
    AllFieldInfo: "%RecordInformation%"