WIP: Updated Detection Mappings, Changed Engine to Language

Detection mappings updated to include the removal of Note and the addition of Tags, Ruleset, and Language. SOC defaults updated to use language based queries rather than engine and show the language column instead of the engine column in results.
2025-12-07 17:52:46 +01:00 · 2024-02-08 09:44:56 -07:00
parent 81a3e95914
commit 29174566f3
2 changed files with 18 additions and 10 deletions
--- a/salt/elasticsearch/templates/component/so/detection-mappings.json
+++ b/salt/elasticsearch/templates/component/so/detection-mappings.json
@@ -47,13 +47,21 @@
            "isCommunity": {
              "type": "boolean"
            },
-            "note": {
+            "tags": {
              "type": "text"
            },
+            "ruleset": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
            "engine": {
              "ignore_above": 1024,
              "type": "keyword"
            },
+            "language": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
            "overrides": {
              "properties": {
                "type": {