CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7115 from Security-Onion-Solutions/feature/additional_dtc_mappings

Browse Source 
Additional DTC mapping changes
This commit is contained in:
weslambert
2022-02-04 10:46:47 -05:00
committed by GitHub
parent 1edc1dd842 a3031b2b5c
commit 1af63edc6b
63 changed files with 1050 additions and 1475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
salt/elasticsearch/templates/component/so/dtc-agent-mappings.json
View File

@@ -8,21 +8,23 @@
"properties": {
"agent": {
"properties": {
"build": {
"properties": {
"original": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"ephemeral_id": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"id": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"name": {
"ignore_above": 1024,
@@ -35,10 +37,18 @@
},
"type": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"version": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
@@ -47,3 +57,5 @@
}
}
}
}
}

29
salt/elasticsearch/templates/component/so/dtc-base-mappings.json Normal file
View File

@@ -0,0 +1,29 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"message": {
"type": "match_only_text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"tags": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}

29
salt/elasticsearch/templates/component/so/dtc-dns-mappings.json Normal file
View File

@@ -0,0 +1,29 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-dns.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"dns": {
"properties": {
"answers": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}
}
}
}

25
salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json Normal file
View File

@@ -0,0 +1,25 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-agent.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"ecs": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}
}

86
salt/elasticsearch/templates/component/so/dtc-event-mappings.json Normal file
View File

@@ -0,0 +1,86 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-event.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"event": {
"properties": {
"category": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"created": {
"type": "date",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"dataset": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"ingested": {
"type": "date",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"module": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"outcome": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"timezone": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}
}

400
salt/elasticsearch/templates/component/so/dtc-file-mappings.json
View File

@@ -8,228 +8,6 @@
"properties": {
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"ignore_above": 1024,
"type": "keyword"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"exists": {
"type": "boolean"
},
"signing_id": {
"ignore_above": 1024,
"type": "keyword"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"subject_name": {
"ignore_above": 1024,
"type": "keyword"
},
"team_id": {
"ignore_above": 1024,
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"ignore_above": 1024,
"type": "keyword"
},
"directory": {
"ignore_above": 1024,
"type": "keyword"
},
"drive_letter": {
"ignore_above": 1,
"type": "keyword"
},
"elf": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"byte_order": {
"ignore_above": 1024,
"type": "keyword"
},
"cpu_type": {
"ignore_above": 1024,
"type": "keyword"
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"ignore_above": 1024,
"type": "keyword"
},
"class": {
"ignore_above": 1024,
"type": "keyword"
},
"data": {
"ignore_above": 1024,
"type": "keyword"
},
"entrypoint": {
"type": "long"
},
"object_version": {
"ignore_above": 1024,
"type": "keyword"
},
"os_abi": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_offset": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_size": {
"type": "long"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
},
"type": "nested"
},
"segments": {
"properties": {
"sections": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
},
"type": "nested"
},
"shared_libraries": {
"ignore_above": 1024,
"type": "keyword"
},
"telfhash": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"extension": {
"ignore_above": 1024,
"type": "keyword"
},
"fork_name": {
"ignore_above": 1024,
"type": "keyword"
},
"gid": {
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"ignore_above": 1024,
"type": "keyword"
},
"hash": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
},
"sha256": {
"ignore_above": 1024,
"type": "keyword"
},
"sha512": {
"ignore_above": 1024,
"type": "keyword"
},
"ssdeep": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"inode": {
"ignore_above": 1024,
"type": "keyword"
},
"mime_type": {
"ignore_above": 1024,
"type": "keyword",
@@ -239,13 +17,6 @@
}
}
},
"mode": {
"ignore_above": 1024,
"type": "keyword"
},
"mtime": {
"type": "date"
},
"name": {
"ignore_above": 1024,
"type": "keyword",
@@ -254,177 +25,6 @@
"type": "keyword"
}
}
},
"owner": {
"ignore_above": 1024,
"type": "keyword"
},
"path": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"pe": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"company": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"file_version": {
"ignore_above": 1024,
"type": "keyword"
},
"imphash": {
"ignore_above": 1024,
"type": "keyword"
},
"original_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"product": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"size": {
"type": "long"
},
"target_path": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"uid": {
"ignore_above": 1024,
"type": "keyword"
},
"x509": {
"properties": {
"alternative_names": {
"ignore_above": 1024,
"type": "keyword"
},
"issuer": {
"properties": {
"common_name": {
"ignore_above": 1024,
"type": "keyword"
},
"country": {
"ignore_above": 1024,
"type": "keyword"
},
"distinguished_name": {
"ignore_above": 1024,
"type": "keyword"
},
"locality": {
"ignore_above": 1024,
"type": "keyword"
},
"organization": {
"ignore_above": 1024,
"type": "keyword"
},
"organizational_unit": {
"ignore_above": 1024,
"type": "keyword"
},
"state_or_province": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"public_key_curve": {
"ignore_above": 1024,
"type": "keyword"
},
"public_key_exponent": {
"doc_values": false,
"index": false,
"type": "long"
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"ignore_above": 1024,
"type": "keyword"
},
"signature_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"subject": {
"properties": {
"common_name": {
"ignore_above": 1024,
"type": "keyword"
},
"country": {
"ignore_above": 1024,
"type": "keyword"
},
"distinguished_name": {
"ignore_above": 1024,
"type": "keyword"
},
"locality": {
"ignore_above": 1024,
"type": "keyword"
},
"organization": {
"ignore_above": 1024,
"type": "keyword"
},
"organizational_unit": {
"ignore_above": 1024,
"type": "keyword"
},
"state_or_province": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"version_number": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}

224
salt/elasticsearch/templates/component/so/dtc-host-mappings.json
View File

@@ -8,102 +8,6 @@
"properties": {
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"cpu": {
"properties": {
"usage": {
"scaling_factor": 1000,
"type": "scaled_float"
}
}
},
"disk": {
"properties": {
"read": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"write": {
"properties": {
"bytes": {
"type": "long"
}
}
}
}
},
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"geo": {
"properties": {
"city_name": {
"ignore_above": 1024,
"type": "keyword"
},
"continent_code": {
"ignore_above": 1024,
"type": "keyword"
},
"continent_name": {
"ignore_above": 1024,
"type": "keyword"
},
"country_iso_code": {
"ignore_above": 1024,
"type": "keyword"
},
"country_name": {
"ignore_above": 1024,
"type": "keyword"
},
"location": {
"type": "geo_point"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"postal_code": {
"ignore_above": 1024,
"type": "keyword"
},
"region_iso_code": {
"ignore_above": 1024,
"type": "keyword"
},
"region_name": {
"ignore_above": 1024,
"type": "keyword"
},
"timezone": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"mac": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword",
@@ -113,133 +17,11 @@
}
}
},
"network": {
"properties": {
"egress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
},
"ingress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
}
}
},
"os": {
"properties": {
"family": {
"mac": {
"ignore_above": 1024,
"type": "keyword"
},
"full": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"kernel": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"uptime": {
"type": "long"
},
"user": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
},
"full_name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"hash": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"roles": {
"ignore_above": 1024,
"keyword": {
"type": "keyword"
}
}

38
salt/elasticsearch/templates/component/so/dtc-http-mappings.json Normal file
View File

@@ -0,0 +1,38 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-http.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"http": {
"properties": {
"request": {
"properties": {
"method": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"referrer": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}
}
}
}

34
salt/elasticsearch/templates/component/so/dtc-network-mappings.json Normal file
View File

@@ -0,0 +1,34 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-network.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"network": {
"properties": {
"protocol": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"transport": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}
}

25
salt/elasticsearch/templates/component/so/dtc-observer-mappings.json Normal file
View File

@@ -0,0 +1,25 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-observer.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"observer": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}
}

588
salt/elasticsearch/templates/component/so/dtc-process-mappings.json
View File

@@ -8,49 +8,6 @@
"properties": {
"process": {
"properties": {
"args": {
"ignore_above": 1024,
"type": "keyword"
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"exists": {
"type": "boolean"
},
"signing_id": {
"ignore_above": 1024,
"type": "keyword"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"subject_name": {
"ignore_above": 1024,
"type": "keyword"
},
"team_id": {
"ignore_above": 1024,
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"fields": {
"text": {
@@ -61,551 +18,6 @@
}
},
"type": "wildcard"
},
"elf": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"byte_order": {
"ignore_above": 1024,
"type": "keyword"
},
"cpu_type": {
"ignore_above": 1024,
"type": "keyword"
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"ignore_above": 1024,
"type": "keyword"
},
"class": {
"ignore_above": 1024,
"type": "keyword"
},
"data": {
"ignore_above": 1024,
"type": "keyword"
},
"entrypoint": {
"type": "long"
},
"object_version": {
"ignore_above": 1024,
"type": "keyword"
},
"os_abi": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_offset": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_size": {
"type": "long"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
},
"type": "nested"
},
"segments": {
"properties": {
"sections": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
},
"type": "nested"
},
"shared_libraries": {
"ignore_above": 1024,
"type": "keyword"
},
"telfhash": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"end": {
"type": "date"
},
"entity_id": {
"ignore_above": 1024,
"type": "keyword"
},
"executable": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
},
"sha256": {
"ignore_above": 1024,
"type": "keyword"
},
"sha512": {
"ignore_above": 1024,
"type": "keyword"
},
"ssdeep": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"parent": {
"properties": {
"args": {
"ignore_above": 1024,
"type": "keyword"
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"exists": {
"type": "boolean"
},
"signing_id": {
"ignore_above": 1024,
"type": "keyword"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"subject_name": {
"ignore_above": 1024,
"type": "keyword"
},
"team_id": {
"ignore_above": 1024,
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"type": "wildcard"
},
"elf": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"byte_order": {
"ignore_above": 1024,
"type": "keyword"
},
"cpu_type": {
"ignore_above": 1024,
"type": "keyword"
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"ignore_above": 1024,
"type": "keyword"
},
"class": {
"ignore_above": 1024,
"type": "keyword"
},
"data": {
"ignore_above": 1024,
"type": "keyword"
},
"entrypoint": {
"type": "long"
},
"object_version": {
"ignore_above": 1024,
"type": "keyword"
},
"os_abi": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_offset": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_size": {
"type": "long"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
},
"type": "nested"
},
"segments": {
"properties": {
"sections": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
},
"type": "nested"
},
"shared_libraries": {
"ignore_above": 1024,
"type": "keyword"
},
"telfhash": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"end": {
"type": "date"
},
"entity_id": {
"ignore_above": 1024,
"type": "keyword"
},
"executable": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
},
"sha256": {
"ignore_above": 1024,
"type": "keyword"
},
"sha512": {
"ignore_above": 1024,
"type": "keyword"
},
"ssdeep": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"pe": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"company": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"file_version": {
"ignore_above": 1024,
"type": "keyword"
},
"imphash": {
"ignore_above": 1024,
"type": "keyword"
},
"original_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"product": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"title": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"uptime": {
"type": "long"
},
"working_directory": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
},
"pe": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"company": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"file_version": {
"ignore_above": 1024,
"type": "keyword"
},
"imphash": {
"ignore_above": 1024,
"type": "keyword"
},
"original_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"product": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"title": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"uptime": {
"type": "long"
},
"working_directory": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
}

32
salt/elasticsearch/templates/component/so/dtc-rule-mappings.json
View File

@@ -8,10 +8,6 @@
"properties": {
"rule": {
"properties": {
"author": {
"ignore_above": 1024,
"type": "keyword"
},
"category": {
"ignore_above": 1024,
"type": "keyword",
@@ -21,18 +17,6 @@
}
}
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"license": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword",
@@ -41,22 +25,6 @@
"type": "keyword"
}
}
},
"reference": {
"ignore_above": 1024,
"type": "keyword"
},
"ruleset": {
"ignore_above": 1024,
"type": "keyword"
},
"uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
}

34
salt/elasticsearch/templates/component/so/dtc-service-mappings.json Normal file
View File

@@ -0,0 +1,34 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-service.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"service": {
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}
}

218
salt/elasticsearch/templates/component/so/dtc-user-mappings.json
View File

@@ -8,229 +8,15 @@
"properties": {
"user": {
"properties": {
"changes": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
},
"full_name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"hash": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"roles": {
"ignore_above": 1024,
"keyword": {
"type": "keyword"
}
}
},
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"effective": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
},
"full_name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"hash": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"roles": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"email": {
"ignore_above": 1024,
"type": "keyword"
},
"full_name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"hash": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"roles": {
"ignore_above": 1024,
"type": "keyword"
},
"target": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
},
"full_name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"properties": {
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"hash": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"roles": {
"ignore_above": 1024,
"type": "keyword"
}
@@ -240,5 +26,3 @@
}
}
}
}
}

28
salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json Normal file
View File

@@ -0,0 +1,28 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-user_agent.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"user_agent": {
"properties": {
"original": {
"fields": {
"text": {
"type": "match_only_text"
},
"keyword": {
"type": "keyword"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
}

29
salt/elasticsearch/templates/component/so/so-file-mappings.json Normal file
View File

@@ -0,0 +1,29 @@
{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-file.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"file": {
"properties": {
"flavors": {
"properties": {
"mime": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}
}
}
}
}
}
}

14
salt/elasticsearch/templates/index/so/so-aws-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-azure-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-barracuda-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-beats-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-bluecoat-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-cef-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-checkpoint-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-cisco-template.json.jinja
View File

@@ -42,8 +42,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -51,31 +53,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

16
salt/elasticsearch/templates/index/so/so-common-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,45 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"so-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-cyberark-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-cylance-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-elasticsearch-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-f5-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-firewall-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-flow-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-fortinet-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-gcp-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-google_workspace-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-ids-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-imperva-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-import-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-infoblox-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-juniper-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-kibana-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-logstash-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-microsoft-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-misp-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-netflow-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-netscout-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-o365-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-okta-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-osquery-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-ossec-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-proofpoint-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-radware-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-redis-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-snort-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-snyk-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-sonicwall-template.json.jinja
View File

@@ -41,8 +41,10 @@ i%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False)
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@ i%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False)
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-sophos-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-squid-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-strelka-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-syslog-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-tomcat-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-zeek-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",

14
salt/elasticsearch/templates/index/so/so-zscaler-template.json.jinja
View File

@@ -41,8 +41,10 @@
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
@@ -50,31 +52,43 @@
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",