complete LdapSearch mapping

mapping-examples/security-datasets/GoldenSAML/GoldenSAML_Microsoft365DefenderEvents.yaml

@@ -21,6 +21,10 @@ process:
     cmd_line: ProcessCommandLine
     pid: ProcessId
     uid: ProcessId
+    hash:
+        md5: MD5
+        sha1: SHA1
+        sha256: SHA256
 
 
 actor:
@@ -29,18 +33,29 @@ actor:
         cmd_line: InitiatingProcessCommandLine
         pid: InitiatingProcessId
         uid: InitiatingProcessId
+        parent_process:
+            endpoint: *endpoint
+            pid: InitiatingProcessParentId
+            uid: InitiatingProcessParentId
+            file:
+                name: InitiatingProcessParentFileName
         file:
             name: InitiatingProcessFileName
             path: InitiatingProcessFolderPath
+            hash:
+                md5: InitiatingProcessMD5
+                sha1: InitiatingProcessSHA1
+                sha256: InitiatingProcessSHA256
             parent_folder:
                 native_field: InitiatingProcessFolderPath
                 native_op: LIKE
                 native_value: winpath_startswith
                 ocsf_value: dirname
     user:
         endpoint: *endpoint
-        name: InitiatingProcessAccountUpn
         uid: InitiatingProcessAccountSid
+        name: InitiatingProcessAccountName
+        domain: InitiatingProcessAccountDomain
 
 
 # src_endpoint: see https://schema.ocsf.io/1.1.0/objects/endpoint