diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml
index f0178728e..c8684e775 100644
--- a/salt/elasticsearch/defaults.yaml
+++ b/salt/elasticsearch/defaults.yaml
@@ -599,6 +599,35 @@ elasticsearch:
               set_priority:
                 priority: 50
             min_age: 30d
+    so-ip-mappings:
+      index_sorting: false
+      index_template:
+        composed_of:
+        - so-ip-mappings
+        ignore_missing_component_templates: []
+        index_patterns:
+        - so-ip*
+        priority: 500
+        template:
+          mappings:
+            date_detection: false
+            dynamic_templates:
+            - strings_as_keyword:
+                mapping:
+                  ignore_above: 1024
+                  type: keyword
+                match_mapping_type: string
+          settings:
+            index:
+              mapping:
+                total_fields:
+                  limit: 1500
+              number_of_replicas: 0
+              number_of_shards: 1
+              refresh_interval: 30s
+              sort:
+                field: '@timestamp'
+                order: desc
     so-items:
       index_sorting: false
       index_template:
diff --git a/salt/elasticsearch/templates/component/so/so-ip-mappings.json b/salt/elasticsearch/templates/component/so/so-ip-mappings.json
new file mode 100644
index 000000000..ab80e365c
--- /dev/null
+++ b/salt/elasticsearch/templates/component/so/so-ip-mappings.json
@@ -0,0 +1,22 @@
+{
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-network.html",
+    "ecs_version": "1.12.2"
+  },
+  "template": {
+    "mappings": {
+      "properties": {
+        "so": {
+          "properties": {
+            "ip_address": {
+              "type": "ip"
+            },
+            "description": {
+              "type": "text"
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file