Merge pull request #1421 from Security-Onion-Solutions/fix/ip_type

Ensure IPs are typed as IP and ports as integer
2025-12-06 09:12:45 +01:00 · 2020-09-29 14:21:25 -04:00
parent ebe00822f8 36019727b3
commit 401764437f
2 changed files with 40 additions and 22 deletions
--- a/salt/elasticsearch/templates/so/so-common-template.json
+++ b/salt/elasticsearch/templates/so/so-common-template.json
@@ -7,6 +7,7 @@
    "number_of_shards":1,
    "index.refresh_interval":"30s",
    "index.routing.allocation.require.box_type":"hot",
+    "index.mapping.total_fields.limit": "1500",
    "analysis": {
      "analyzer": {
        "es_security_analyzer": {
@@ -41,7 +42,25 @@
       "dynamic":false,
       "date_detection":false,
       "dynamic_templates": [
-        {
+       {
+          "ip_address": {
+            "match_mapping_type": "string",
+            "path_match": "*.ip",
+            "mapping": {
+              "type": "ip"
+            }
+          }
+       },
+       {
+          "port": {
+            "match_mapping_type": "string",
+            "path_match": "*.port",
+            "mapping": {
+              "type": "integer"
+            }
+          }
+       },
+       {
          "strings": {
            "match_mapping_type": "string",
            "mapping": {
@@ -52,15 +71,14 @@
               },
               "security": {
                 "type": "text",
-                 "analyzer": "es_security_analyzer", 
-                 "search_analyzer": "es_security_search_analyzer", 
-                 "search_quote_analyzer": "es_security_search_quote_analyzer" 
+                 "analyzer": "es_security_analyzer",
+                 "search_analyzer": "es_security_search_analyzer",
+                 "search_quote_analyzer": "es_security_search_quote_analyzer"
               }
             }
            }
          }
-        }
-      ],
+       }],
       "properties":{
        "@timestamp":{
          "type":"date"
--- a/salt/kibana/files/saved_objects.ndjson
+++ b/salt/kibana/files/saved_objects.ndjson