From 27c8eaa630326d8d3827b84c79f1fc4ea84a68dc Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 2 Mar 2022 14:39:23 +0000 Subject: [PATCH] Update all other mappings for .security where applicable --- .../component/so/dtc-http-mappings.json | 8 +- .../component/so/dtc-network-mappings.json | 10 +- .../component/so/dtc-observer-mappings | 219 ------------------ .../component/so/dtc-observer-mappings.json | 5 +- .../component/so/dtc-process-mappings.json | 5 +- .../component/so/dtc-rule-mappings.json | 10 +- .../component/so/dtc-service-mappings.json | 10 +- .../component/so/dtc-user-mappings.json | 5 +- .../component/so/dtc-user_agent-mappings.json | 5 +- 9 files changed, 35 insertions(+), 242 deletions(-) delete mode 100644 salt/elasticsearch/templates/component/so/dtc-observer-mappings diff --git a/salt/elasticsearch/templates/component/so/dtc-http-mappings.json b/salt/elasticsearch/templates/component/so/dtc-http-mappings.json index d51ebe195..8e705c260 100644 --- a/salt/elasticsearch/templates/component/so/dtc-http-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-http-mappings.json @@ -14,8 +14,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -27,7 +28,8 @@ "type": "keyword", "fields": { "text": { - "type": "match_only_text" + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-network-mappings.json b/salt/elasticsearch/templates/component/so/dtc-network-mappings.json index f8adccf28..755426356 100644 --- a/salt/elasticsearch/templates/component/so/dtc-network-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-network-mappings.json @@ -12,8 +12,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -24,8 +25,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-observer-mappings b/salt/elasticsearch/templates/component/so/dtc-observer-mappings deleted file mode 100644 index 1168cd100..000000000 --- a/salt/elasticsearch/templates/component/so/dtc-observer-mappings +++ /dev/null @@ -1,219 +0,0 @@ -{ - "_meta": { - "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-observer.html", - "ecs_version": "1.12.2" - }, - "template": { - "mappings": { - "properties": { - "observer": { - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } -} diff --git a/salt/elasticsearch/templates/component/so/dtc-observer-mappings.json b/salt/elasticsearch/templates/component/so/dtc-observer-mappings.json index 181496fe4..1b6219cc7 100644 --- a/salt/elasticsearch/templates/component/so/dtc-observer-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-observer-mappings.json @@ -12,8 +12,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-process-mappings.json b/salt/elasticsearch/templates/component/so/dtc-process-mappings.json index f0bf6c70b..8160f70c3 100644 --- a/salt/elasticsearch/templates/component/so/dtc-process-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-process-mappings.json @@ -10,8 +10,9 @@ "properties": { "command_line": { "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-rule-mappings.json b/salt/elasticsearch/templates/component/so/dtc-rule-mappings.json index 0d0bd8bd8..2e9b4de16 100644 --- a/salt/elasticsearch/templates/component/so/dtc-rule-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-rule-mappings.json @@ -12,8 +12,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -24,8 +25,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-service-mappings.json b/salt/elasticsearch/templates/component/so/dtc-service-mappings.json index 7c76cc2db..d5f30f602 100644 --- a/salt/elasticsearch/templates/component/so/dtc-service-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-service-mappings.json @@ -12,8 +12,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" @@ -24,8 +25,9 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-user-mappings.json b/salt/elasticsearch/templates/component/so/dtc-user-mappings.json index 92ef1e0df..1e51822ee 100644 --- a/salt/elasticsearch/templates/component/so/dtc-user-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-user-mappings.json @@ -10,8 +10,9 @@ "properties": { "name": { "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword" diff --git a/salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json b/salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json index 07f980203..a7d9c610e 100644 --- a/salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json @@ -10,8 +10,9 @@ "properties": { "original": { "fields": { - "text": { - "type": "match_only_text" + "security": { + "type": "text", + "analyzer": "es_security_analyzer" }, "keyword": { "type": "keyword"