CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Add additional .text subfield mappings"

Browse Source 
This reverts commit 61dadc6249.
This commit is contained in:
Wes Lambert
2022-03-01 18:43:24 +00:00
parent adf3dc0cf6
commit 2a9caccc7c
7 changed files with 52 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
salt/elasticsearch/templates/component/ecs/aws.json
View File

@@ -13,7 +13,8 @@
"additional_eventdata": { "additional_eventdata": {
"fields": { "fields": {
"text": { "text": {
"type": "match_only_text" "norms": false,
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -227,7 +228,8 @@
"request_parameters": { "request_parameters": {
"fields": { "fields": {
"text": { "text": {
"type": "match_only_text" "norms": false,
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -267,7 +269,8 @@
"response_elements": { "response_elements": {
"fields": { "fields": {
"text": { "text": {
"type": "match_only_text" "norms": false,
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -276,7 +279,8 @@
"service_event_details": { "service_event_details": {
"fields": { "fields": {
"text": { "text": {
"type": "match_only_text" "norms": false,
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -402,12 +406,7 @@
"properties": { "properties": {
"message": { "message": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },

7
salt/elasticsearch/templates/component/ecs/base.json
View File

@@ -13,12 +13,7 @@
"type": "object" "type": "object"
}, },
"message": { "message": {
"type": "match_only_text", "type": "match_only_text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tags": { "tags": {
"ignore_above": 1024, "ignore_above": 1024,

7
salt/elasticsearch/templates/component/ecs/cyberark.json
View File

@@ -534,12 +534,7 @@
}, },
"reason": { "reason": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rfc5424": { "rfc5424": {
"type": "boolean" "type": "boolean"

12
salt/elasticsearch/templates/component/ecs/logstash.json
View File

@@ -45,7 +45,8 @@
"thread": { "thread": {
"fields": { "fields": {
"text": { "text": {
"type": "match_only_text" "norms": false,
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -58,7 +59,8 @@
"event": { "event": {
"fields": { "fields": {
"text": { "text": {
"type": "match_only_text" "norms": false,
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -85,7 +87,8 @@
"plugin_params": { "plugin_params": {
"fields": { "fields": {
"text": { "text": {
"type": "match_only_text" "norms": false,
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -106,7 +109,8 @@
"thread": { "thread": {
"fields": { "fields": {
"text": { "text": {
"type": "match_only_text" "norms": false,
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,

210
salt/elasticsearch/templates/component/ecs/misp.json
View File

@@ -12,12 +12,7 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -52,21 +47,11 @@
"properties": { "properties": {
"aliases": { "aliases": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"first_seen": { "first_seen": {
"type": "date" "type": "date"
@@ -107,12 +92,7 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -138,21 +118,11 @@
"properties": { "properties": {
"contact_information": { "contact_information": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -205,33 +175,18 @@
"properties": { "properties": {
"aliases": { "aliases": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"first_seen": { "first_seen": {
"type": "date" "type": "date"
}, },
"goals": { "goals": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -256,30 +211,15 @@
}, },
"primary_motivation": { "primary_motivation": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resource_level": { "resource_level": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"secondary_motivations": { "secondary_motivations": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -287,12 +227,7 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -345,12 +280,7 @@
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -416,12 +346,7 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -452,12 +377,7 @@
}, },
"object_refs": { "object_refs": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"published": { "published": {
"type": "date" "type": "date"
@@ -468,30 +388,15 @@
"properties": { "properties": {
"aliases": { "aliases": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"goals": { "goals": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -522,57 +427,27 @@
}, },
"personal_motivations": { "personal_motivations": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"primary_motivation": { "primary_motivation": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resource_level": { "resource_level": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"roles": { "roles": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"secondary_motivations": { "secondary_motivations": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sophistication": { "sophistication": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -616,21 +491,11 @@
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"feed": { "feed": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -737,12 +602,7 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -755,12 +615,7 @@
}, },
"kill_chain_phases": { "kill_chain_phases": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"labels": { "labels": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -795,12 +650,7 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,

7
salt/elasticsearch/templates/component/ecs/o365.json
View File

@@ -165,12 +165,7 @@
}, },
"Comments": { "Comments": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"CommunicationType": { "CommunicationType": {
"ignore_above": 1024, "ignore_above": 1024,

14
salt/elasticsearch/templates/component/ecs/zeek.json
View File

@@ -1333,12 +1333,7 @@
}, },
"email_body_sections": { "email_body_sections": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email_delay_tokens": { "email_delay_tokens": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -1458,12 +1453,7 @@
}, },
"peer_descr": { "peer_descr": {
"norms": false, "norms": false,
"type": "text", "type": "text"
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"peer_name": { "peer_name": {
"ignore_above": 1024, "ignore_above": 1024,