CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add Playbook override mappings

Browse Source
This commit is contained in:
Wes Lambert
2022-02-25 17:58:51 +00:00
parent ce4c859f3a
commit 08097fe9ec
3 changed files with 159 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
salt/elasticsearch/defaults.yaml
View File

@@ -102,6 +102,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -135,6 +136,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -184,6 +186,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -217,6 +220,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -265,6 +269,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -298,6 +303,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -346,6 +352,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -379,6 +386,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -428,6 +436,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -461,6 +470,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -536,6 +546,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -569,6 +580,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -615,6 +627,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -648,6 +661,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -694,6 +708,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -727,6 +742,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -775,6 +791,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -808,6 +825,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -855,6 +873,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -888,6 +907,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -933,6 +953,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -966,6 +987,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1011,6 +1033,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1045,6 +1068,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1090,6 +1114,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1124,6 +1149,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1170,6 +1196,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1203,6 +1230,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1248,6 +1276,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1281,6 +1310,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1326,6 +1356,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1359,6 +1390,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1404,6 +1436,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1438,6 +1471,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1483,6 +1517,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1517,6 +1552,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1562,6 +1598,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1596,6 +1633,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1642,6 +1680,7 @@ elasticsearch:
- client-mappings
- container-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1673,6 +1712,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- url-mappings
@@ -1716,6 +1756,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1749,6 +1790,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- suricata-mappings
- threat-mappings
- tls-mappings
@@ -1795,6 +1837,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1828,6 +1871,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1873,6 +1917,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1906,6 +1951,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -1952,6 +1998,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -1985,6 +2032,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2031,6 +2079,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2065,6 +2114,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2110,6 +2160,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2144,6 +2195,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2190,6 +2242,7 @@ elasticsearch:
- client-mappings
- container-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2221,6 +2274,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- url-mappings
@@ -2264,6 +2318,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2298,6 +2353,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2343,6 +2399,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2377,6 +2434,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2422,6 +2480,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2456,6 +2515,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2501,6 +2561,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2535,6 +2596,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2580,6 +2642,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2613,6 +2676,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2658,6 +2722,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2692,6 +2757,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2737,6 +2803,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2771,6 +2838,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2816,6 +2884,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2849,6 +2918,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2895,6 +2965,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -2928,6 +2999,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -2974,6 +3046,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3007,6 +3080,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3052,6 +3126,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3085,6 +3160,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3130,6 +3206,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3164,6 +3241,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3209,6 +3287,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3242,6 +3321,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3287,6 +3367,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3321,6 +3402,7 @@ elasticsearch:
- dtc-service-mappings
- snyk-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3366,6 +3448,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3399,6 +3482,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3444,6 +3528,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3478,6 +3563,7 @@ elasticsearch:
- dtc-service-mappings
- sophos-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3523,6 +3609,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3556,6 +3643,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3601,6 +3689,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3636,6 +3725,7 @@ elasticsearch:
- dtc-service-mappings
- so-scan-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3681,6 +3771,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3714,6 +3805,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- syslog-mappings
- threat-mappings
- tls-mappings
@@ -3760,6 +3852,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3793,6 +3886,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3838,6 +3932,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3871,6 +3966,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings
@@ -3917,6 +4013,7 @@ elasticsearch:
- container-mappings
- data_stream-mappings
- destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
@@ -3950,6 +4047,7 @@ elasticsearch:
- service-mappings
- dtc-service-mappings
- source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- tracing-mappings

30
salt/elasticsearch/pb-override-destination-mappings.json Normal file
View File

@@ -0,0 +1,30 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-destination.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"destination": {
"ip": {
"type": "ip",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"port": {
"type": "long",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}

31
salt/elasticsearch/pb-override-source-mappings.json Normal file
View File

@@ -0,0 +1,31 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-source.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"source": {
"ip": {
"type": "ip",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"port": {
"type": "long",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}