add ti_opencti integration support

2025-12-11 19:52:51 +01:00 · 2024-12-18 11:33:49 -06:00
parent 8183dcf363
commit 157185c370
4 changed files with 84 additions and 0 deletions
--- a/salt/elasticsearch/templates/component/elastic-agent/logs-ti_opencti.indicator@custom.json
+++ b/salt/elasticsearch/templates/component/elastic-agent/logs-ti_opencti.indicator@custom.json
@@ -0,0 +1,36 @@
+{
+  "template": {
+    "mappings": {
+      "properties": {
+        "host": {
+	  "properties":{
+            "ip": {
+              "type": "ip"
+            }
+	  }
+	},
+	"related": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        },
+	"destination": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        },
+	"source": {
+          "properties":{
+            "ip": {
+              "type": "ip"
+            }
+          }
+        }
+      }
+    }
+  }
+}