From 0e87351a9cc11d16782c7ecfb6a4e3e5ceaaab54 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Wed, 8 Jan 2025 16:18:53 -0600
Subject: [PATCH] add zeek.quic mappings

Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
---
 .../templates/component/ecs/zeek.json         | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/salt/elasticsearch/templates/component/ecs/zeek.json b/salt/elasticsearch/templates/component/ecs/zeek.json
index 0f8fb2cfa..0b2d7dc37 100644
--- a/salt/elasticsearch/templates/component/ecs/zeek.json
+++ b/salt/elasticsearch/templates/component/ecs/zeek.json
@@ -1172,6 +1172,32 @@
                 }
               }
             },
+            "quic": {
+              "type": "object",
+              "properties": {
+                "server_name": {
+                  "type": "keyword"
+                },
+                "version": {
+                  "type": "short"
+                },
+                "client_initial_dcid": {
+                  "type": "keyword"
+                },
+                "client_scid": {
+                  "type": "keyword"
+                },
+                "server_scid": {
+                  "type": "keyword"
+                },
+                "client_protocol": {
+                  "type": "keyword"
+                },
+                "history": {
+                  "type": "keyword"
+                }
+              }
+            },
             "radius": {
               "properties": {
                 "connect_info": {