CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 18:52:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update field mappings based on Wes' feedback

Browse Source
This commit is contained in:
Jason Ertel
2022-01-07 13:28:36 -05:00
parent 9ef83da23f
commit 391db568b0
1 changed files with 83 additions and 350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

433
salt/elasticsearch/templates/so/so-case-template.json.jinja
View File

@@ -36,149 +36,86 @@
"@timestamp": {
"type": "date"
},
"kind": {
"type": "keyword",
"ignore_above": 1024
},
"operation": {
"type": "keyword",
"ignore_above": 1024
},
"so_audit_doc_id": {
"type": "keyword",
"ignore_above": 1024
},
"artifact": {
"properties": {
"artifactType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"caseId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"createTime": {
"type": "date"
},
"description": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "text"
},
"groupId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"groupType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"ioc": {
"type": "boolean"
},
"kind": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"md5": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"mimeType": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"streamId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"streamLength": {
"type": "long"
},
"tags": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"tlp": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"userId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
"ignore_above": 1024
}
}
}
@@ -187,65 +124,26 @@
"artifactstream": {
"properties": {
"content": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "text"
},
"createTime": {
"type": "date"
},
"kind": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"stream": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"userId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
}
}
},
"case": {
"properties": {
"assigneeId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"completeTime": {
"type": "date"
@@ -254,272 +152,107 @@
"type": "date"
},
"description": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "text"
},
"pap": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"priority": {
"type": "long"
},
"severity": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"startTime": {
"type": "date"
},
"status": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"tags": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"template": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"title": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "text"
},
"tlp": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"userId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
}
}
},
"comment": {
"properties": {
"caseId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"createTime": {
"type": "date"
},
"description": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"kind": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "text"
},
"userId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"kind": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"operation": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
"ignore_above": 1024
}
}
},
"related": {
"properties": {
"caseId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "keyword",
"ignore_above": 1024
},
"createTime": {
"type": "date"
},
"fields": {
"properties": {
"@timestamp": {
"type": "date"
},
"event": {
"properties": {
"dataset": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"index": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
"ignore_above": 1024
},
"module": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"soc_id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"soc_score": {
"type": "long"
},
"soc_source": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"soc_timestamp": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
"type": "text"
},
"tags": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"timestamp": {
"type": "date"
}
}
},
"kind": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
"ignore_above": 1024
}
}
},
"userId": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"so_audit_doc_id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
"ignore_above": 1024
}
}
}