CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 10:12:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7255 from Security-Onion-Solutions/fix/remove_old_templates

Browse Source 
Remove old index templates
This commit is contained in:
weslambert
2022-02-18 15:23:07 -05:00
committed by GitHub
parent 380f0ef93a 4d1533537b
commit 3124f2bd12
48 changed files with 0 additions and 4972 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
salt/elasticsearch/templates/index/so/so-aws-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-aws:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-aws:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-aws:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-aws:field_limit', 3000) %}
{
"index_patterns": [
"so-aws*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"aws-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-azure-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-azure:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-azure:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-azure:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-azure:field_limit', 3000) %}
{
"index_patterns": [
"so-azure*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"azure-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-barracuda-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-barracuda:field_limit', 3000) %}
{
"index_patterns": [
"so-barracuda*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-beats-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-beats:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-beats:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-beats:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-beats:field_limit', 3000) %}
{
"index_patterns": [
"so-beats*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings",
"winlog-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-bluecoat-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-bluecoat:field_limit', 3000) %}
{
"index_patterns": [
"so-bluecoat*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

53
salt/elasticsearch/templates/index/so/so-case-template.json.jinja
View File

@@ -1,53 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-case:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-case:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-case:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-case:field_limit', 2000) %}
{
"index_patterns": [
"so-case*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"case-mappings",
"case-settings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes Cases fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-cef-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cef:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cef:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-cef:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-cef:field_limit', 3000) %}
{
"index_patterns": [
"so-cef*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"cef-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-checkpoint-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-checkpoint:field_limit', 3000) %}
{
"index_patterns": [
"so-checkpoint*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"checkpoint-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

106
salt/elasticsearch/templates/index/so/so-cisco-template.json.jinja
View File

@@ -1,106 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cisco:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cisco:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-cisco:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-cisco:field_limit', 3000) %}
{
"index_templates": [
{
"so-cisco*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"cisco-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-common-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-common:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-common:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-common:priority', 1) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-common:field_limit', 3000) %}
{
"index_patterns": [
"so-*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"sort.field": "@timestamp",
"sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"so-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-cyberark-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-cyberark:field_limit', 3000) %}
{
"index_patterns": [
"so-cyberark*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"cyberark-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-cylance-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-cylance:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-cylance:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-cylance:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-cylance:field_limit', 3000) %}
{
"index_patterns": [
"so-cylance*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-elasticsearch-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-elasticsearch:field_limit', 3000) %}
{
"index_patterns": [
"so-elasticsearch*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"elasticsearch-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-endgame:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-endgame:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-endgame:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-endgame:field_limit', 3000) %}
{
"index_patterns": [
"endgame*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"endgame-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-f5-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-f5:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-f5:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-f5:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-f5:field_limit', 3000) %}
{
"index_patterns": [
"so-f5*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-firewall-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-firewall:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-firewall:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-firewall:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-firewall:field_limit', 3000) %}
{
"index_patterns": [
"so-firewall*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-flow-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-flow:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-flow:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-flow:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-flow:field_limit', 3000) %}
{
"index_patterns": [
"so-flow*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-fortinet-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-fortinet:field_limit', 3000) %}
{
"index_patterns": [
"so-fortinet*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"fortinet-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-gcp-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-gcp:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-gcp:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-gcp:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-gcp:field_limit', 3000) %}
{
"index_patterns": [
"so-gcp*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"gcp-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-google_workspace-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-google_workspace:field_limit', 3000) %}
{
"index_patterns": [
"so-google_workspace*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"google_workspace-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-ids-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-ids:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-ids:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-ids:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-ids:field_limit', 3000) %}
{
"index_patterns": [
"so-ids*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"suricata-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-imperva-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-imperva:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-imperva:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-imperva:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-imperva:field_limit', 3000) %}
{
"index_patterns": [
"so-imperva*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-import-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-import:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-import:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-import:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-import:field_limit', 3000) %}
{
"index_patterns": [
"so-import*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-infoblox-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-infoblox:field_limit', 3000) %}
{
"index_patterns": [
"so-infoblox*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-juniper-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-juniper:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-juniper:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-juniper:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-juniper:field_limit', 3000) %}
{
"index_patterns": [
"so-juniper*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"juniper-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-kibana-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-kibana:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-kibana:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-kibana:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-kibana:field_limit', 3000) %}
{
"index_patterns": [
"so-kibana*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"kibana-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-logstash-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-logstash:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-logstash:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-logstash:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-logstash:field_limit', 3000) %}
{
"index_patterns": [
"so-logstash*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"logstash-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-microsoft-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-microsoft:field_limit', 3000) %}
{
"index_patterns": [
"so-microsoft*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"microsoft-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-misp-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-misp:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-misp:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-misp:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-misp:field_limit', 3000) %}
{
"index_patterns": [
"so-misp*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"misp-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-netflow-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-netflow:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-netflow:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-netflow:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-netflow:field_limit', 3000) %}
{
"index_patterns": [
"so-netflow*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"netflow-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-netscout-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-netscout:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-netscout:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-netscout:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-netscout:field_limit', 3000) %}
{
"index_patterns": [
"so-netscout*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-o365-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-o365:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-o365:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-o365:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-o365:field_limit', 3000) %}
{
"index_patterns": [
"so-o365*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"o365-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-okta-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-okta:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-okta:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-okta:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-okta:field_limit', 3000) %}
{
"index_patterns": [
"so-okta*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"okta-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-osquery-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-osquery:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-osquery:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-osquery:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-osquery:field_limit', 3000) %}
{
"index_patterns": [
"so-osquery*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings",
"winlog-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-ossec-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-ossec:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-ossec:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-ossec:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-ossec:field_limit', 3000) %}
{
"index_patterns": [
"so-ossec*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings",
"winlog-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-proofpoint-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-proofpoint:field_limit', 3000) %}
{
"index_patterns": [
"so-proofpoint*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-radware-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-radware:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-radware:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-radware:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-radware:field_limit', 3000) %}
{
"index_patterns": [
"so-radware*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-redis-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-redis:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-redis:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-redis:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-redis:field_limit', 3000) %}
{
"index_patterns": [
"so-redis*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"redis-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-snort-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-snort:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-snort:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-snort:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-snort:field_limit', 3000) %}
{
"index_patterns": [
"so-snort*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-snyk-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-snyk:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-snyk:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-snyk:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-snyk:field_limit', 3000) %}
{
"index_patterns": [
"so-snyk*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"snyk-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-sonicwall-template.json.jinja
View File

@@ -1,104 +0,0 @@
i%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-sonicwall:field_limit', 3000) %}
{
"index_patterns": [
"so-sonicwall*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-sophos-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-sophos:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-sophos:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-sophos:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-sophos:field_limit', 3000) %}
{
"index_patterns": [
"so-sophos*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"sophos-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-squid-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-squid:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-squid:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-squid:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-squid:field_limit', 3000) %}
{
"index_patterns": [
"so-squid*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-strelka-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-strelka:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-strelka:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-strelka:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-strelka:field_limit', 3000) %}
{
"index_patterns": [
"so-strelka*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"so-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-syslog-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-syslog:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-syslog:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-syslog:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-syslog:field_limit', 3000) %}
{
"index_patterns": [
"so-syslog*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"syslog-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-tomcat-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-tomcat:field_limit', 3000) %}
{
"index_patterns": [
"so-tomcat*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

105
salt/elasticsearch/templates/index/so/so-zeek-template.json.jinja
View File

@@ -1,105 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zeek:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zeek:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-zeek:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-zeek:field_limit', 3000) %}
{
"index_patterns": [
"so-zeek*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"zeek-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}

104
salt/elasticsearch/templates/index/so/so-zscaler-template.json.jinja
View File

@@ -1,104 +0,0 @@
{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', False) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set SHARDS = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:shards', 1) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:refresh', '30s') %}
{%- set PRIORITY = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:priority', 500) %}
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-zscaler:field_limit', 3000) %}
{
"index_patterns": [
"so-zscaler*"
],
"template": {
"mappings": {
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"date_detection": false
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": {{ FIELD_LIMIT }}
}
},
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"refresh_interval": "{{ REFRESH }}",
"number_of_shards": {{ SHARDS }},
"number_of_replicas": {{ REPLICAS }}
}
}
},
"composed_of": [
"agent-mappings",
"dtc-agent-mappings",
"base-mappings",
"dtc-base-mappings",
"client-mappings",
"cloud-mappings",
"container-mappings",
"data_stream-mappings",
"destination-mappings",
"dll-mappings",
"dns-mappings",
"dtc-dns-mappings",
"ecs-mappings",
"dtc-ecs-mappings",
"error-mappings",
"event-mappings",
"dtc-event-mappings",
"file-mappings",
"dtc-file-mappings",
"group-mappings",
"host-mappings",
"dtc-host-mappings",
"http-mappings",
"dtc-http-mappings",
"log-mappings",
"network-mappings",
"dtc-network-mappings",
"observer-mappings",
"dtc-observer-mappings",
"orchestrator-mappings",
"organization-mappings",
"package-mappings",
"process-mappings",
"dtc-process-mappings",
"registry-mappings",
"related-mappings",
"rule-mappings",
"dtc-rule-mappings",
"server-mappings",
"service-mappings",
"dtc-service-mappings",
"source-mappings",
"threat-mappings",
"tls-mappings",
"tracing-mappings",
"url-mappings",
"user_agent-mappings",
"dtc-user_agent-mappings",
"user-mappings",
"dtc-user-mappings",
"vulnerability-mappings",
"common-settings",
"common-dynamic-mappings"
],
"priority": {{ PRIORITY }},
"_meta": {
"description": "Composable template that includes SO base fields",
"ecs_version": "1.12"
}
}
}