diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index f2245c020..c9f771a91 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -858,6 +858,8 @@ elasticsearch: composed_of: - agent-mappings - dtc-agent-mappings + - event-mappings + - file-mappings - host-mappings - dtc-host-mappings - http-mappings diff --git a/salt/elasticsearch/files/ingest/kratos b/salt/elasticsearch/files/ingest/kratos index d59f45587..b3410d9fd 100644 --- a/salt/elasticsearch/files/ingest/kratos +++ b/salt/elasticsearch/files/ingest/kratos @@ -81,6 +81,14 @@ "ignore_missing": true } }, + { + "rename": { + "field": "file", + "target_field": "file.path", + "ignore_failure": true, + "ignore_missing": true + } + }, { "pipeline": { "name": "common" diff --git a/salt/elasticsearch/templates/component/ecs/dns.json b/salt/elasticsearch/templates/component/ecs/dns.json index 321a061f5..9cafac072 100644 --- a/salt/elasticsearch/templates/component/ecs/dns.json +++ b/salt/elasticsearch/templates/component/ecs/dns.json @@ -1,91 +1,103 @@ { - "_meta": { - "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-dns.html", - "ecs_version": "1.12.2" - }, - "template": { - "mappings": { - "properties": { - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" + "_meta": { + "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-dns.html", + "ecs_version": "1.12.2" + }, + "template": { + "mappings": { + "properties": { + "dns": { + "properties": { + "answers": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "data": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "ttl": { + "type": "long" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + }, + "type": "object" + }, + "header_flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "op_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "question": { + "properties": { + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "registered_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "subdomain": { + "ignore_above": 1024, + "type": "keyword" + }, + "top_level_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "query": { + "properties" :{ + "type":{ + "ignore_above": 1024, + "type": "keyword" + }, + "type_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "resolved_ip": { + "type": "ip" + }, + "response_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } } - }, - "type": "object" - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" } - } } - } } - } } \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/file.json b/salt/elasticsearch/templates/component/ecs/file.json index 3da5ee86a..dfd96c2b5 100644 --- a/salt/elasticsearch/templates/component/ecs/file.json +++ b/salt/elasticsearch/templates/component/ecs/file.json @@ -15,6 +15,13 @@ "ignore_above": 1024, "type": "keyword" }, + "bytes": { + "properties": { + "missing": { + "type": "long" + } + } + }, "code_signature": { "properties": { "digest_algorithm": {