CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Add additional .text subfield mappings"

Browse Source 
This reverts commit 61dadc6249.
This commit is contained in:
Wes Lambert
2022-03-01 18:43:24 +00:00
parent adf3dc0cf6
commit 2a9caccc7c
7 changed files with 52 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
salt/elasticsearch/templates/component/ecs/aws.json
View File

@@ -13,7 +13,8 @@
"additional_eventdata": {
"fields": {
"text": {
"type": "match_only_text"
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
@@ -227,7 +228,8 @@
"request_parameters": {
"fields": {
"text": {
"type": "match_only_text"
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
@@ -267,7 +269,8 @@
"response_elements": {
"fields": {
"text": {
"type": "match_only_text"
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
@@ -276,7 +279,8 @@
"service_event_details": {
"fields": {
"text": {
"type": "match_only_text"
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
@@ -402,12 +406,7 @@
"properties": {
"message": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
}
}
},

7
salt/elasticsearch/templates/component/ecs/base.json
View File

@@ -13,12 +13,7 @@
"type": "object"
},
"message": {
"type": "match_only_text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "match_only_text"
},
"tags": {
"ignore_above": 1024,

7
salt/elasticsearch/templates/component/ecs/cyberark.json
View File

@@ -534,12 +534,7 @@
},
"reason": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"rfc5424": {
"type": "boolean"

12
salt/elasticsearch/templates/component/ecs/logstash.json
View File

@@ -45,7 +45,8 @@
"thread": {
"fields": {
"text": {
"type": "match_only_text"
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
@@ -58,7 +59,8 @@
"event": {
"fields": {
"text": {
"type": "match_only_text"
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
@@ -85,7 +87,8 @@
"plugin_params": {
"fields": {
"text": {
"type": "match_only_text"
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
@@ -106,7 +109,8 @@
"thread": {
"fields": {
"text": {
"type": "match_only_text"
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,

210
salt/elasticsearch/templates/component/ecs/misp.json
View File

@@ -12,12 +12,7 @@
"properties": {
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -52,21 +47,11 @@
"properties": {
"aliases": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"first_seen": {
"type": "date"
@@ -107,12 +92,7 @@
"properties": {
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -138,21 +118,11 @@
"properties": {
"contact_information": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -205,33 +175,18 @@
"properties": {
"aliases": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"first_seen": {
"type": "date"
},
"goals": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -256,30 +211,15 @@
},
"primary_motivation": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"resource_level": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"secondary_motivations": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
}
}
},
@@ -287,12 +227,7 @@
"properties": {
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -345,12 +280,7 @@
},
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -416,12 +346,7 @@
"properties": {
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -452,12 +377,7 @@
},
"object_refs": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"published": {
"type": "date"
@@ -468,30 +388,15 @@
"properties": {
"aliases": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"goals": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -522,57 +427,27 @@
},
"personal_motivations": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"primary_motivation": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"resource_level": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"roles": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"secondary_motivations": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"sophistication": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
}
}
},
@@ -616,21 +491,11 @@
},
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"feed": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -737,12 +602,7 @@
"properties": {
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,
@@ -755,12 +615,7 @@
},
"kill_chain_phases": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"labels": {
"ignore_above": 1024,
@@ -795,12 +650,7 @@
"properties": {
"description": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"id": {
"ignore_above": 1024,

7
salt/elasticsearch/templates/component/ecs/o365.json
View File

@@ -165,12 +165,7 @@
},
"Comments": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"CommunicationType": {
"ignore_above": 1024,

14
salt/elasticsearch/templates/component/ecs/zeek.json
View File

@@ -1333,12 +1333,7 @@
},
"email_body_sections": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"email_delay_tokens": {
"ignore_above": 1024,
@@ -1458,12 +1453,7 @@
},
"peer_descr": {
"norms": false,
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
"type": "text"
},
"peer_name": {
"ignore_above": 1024,