From 317f6471d8d00b3575fadd35d8fdf411458f3621 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Fri, 4 Feb 2022 19:05:09 +0000 Subject: [PATCH] Add additional scan and rule filset mappings --- .../component/so/so-rule-mappings.json | 19 ++++++++++++ .../component/so/so-scan-mappings.json | 31 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 salt/elasticsearch/templates/component/so/so-rule-mappings.json create mode 100644 salt/elasticsearch/templates/component/so/so-scan-mappings.json diff --git a/salt/elasticsearch/templates/component/so/so-rule-mappings.json b/salt/elasticsearch/templates/component/so/so-rule-mappings.json new file mode 100644 index 000000000..00cea1bfe --- /dev/null +++ b/salt/elasticsearch/templates/component/so/so-rule-mappings.json @@ -0,0 +1,19 @@ +{ + "_meta": { + "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-file.html", + "ecs_version": "1.12.2" + }, + "template": { + "mappings": { + "properties": { + "rule":{ + "properties":{ + "score":{ + "type":"long" + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/templates/component/so/so-scan-mappings.json b/salt/elasticsearch/templates/component/so/so-scan-mappings.json new file mode 100644 index 000000000..00d10f73b --- /dev/null +++ b/salt/elasticsearch/templates/component/so/so-scan-mappings.json @@ -0,0 +1,31 @@ +{ + "_meta": { + "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-file.html", + "ecs_version": "1.12.2" + }, + "template": { + "mappings": { + "properties": { + "scan":{ + "type":"object", + "properties":{ + "exiftool":{ + "type":"text" + }, + "pe":{ + "properties":{ + "sections":{ + "properties":{ + "entropy":{ + "type": "float" + } + } + } + } + } + } + } + } + } + } +}