CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

add mapping for metadata.kafka.timestamp

Browse Source
This commit is contained in:
reyesj2
2025-04-14 14:30:40 -05:00
parent 395b81ffc6
commit 58df566c79
4 changed files with 111 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/elasticsearch/defaults.yaml
View File

@@ -162,6 +162,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -316,6 +317,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -427,6 +429,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -534,6 +537,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -697,6 +701,7 @@ elasticsearch:
- client-mappings - client-mappings
- device-mappings - device-mappings
- network-mappings - network-mappings
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
data_stream: data_stream:
@@ -768,6 +773,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -878,6 +884,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -998,6 +1005,7 @@ elasticsearch:
index_template: index_template:
composed_of: composed_of:
- so-data-streams-mappings - so-data-streams-mappings
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
- so-logs-mappings - so-logs-mappings
@@ -2832,6 +2840,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -3062,6 +3071,7 @@ elasticsearch:
- event-mappings - event-mappings
- logs-system.syslog@package - logs-system.syslog@package
- logs-system.syslog@custom - logs-system.syslog@custom
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
- so-system-mappings - so-system-mappings
@@ -3421,6 +3431,7 @@ elasticsearch:
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- logstash-mappings - logstash-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -3505,6 +3516,7 @@ elasticsearch:
composed_of: composed_of:
- metrics-endpoint.metadata@package - metrics-endpoint.metadata@package
- metrics-endpoint.metadata@custom - metrics-endpoint.metadata@custom
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
data_stream: data_stream:
@@ -3551,6 +3563,7 @@ elasticsearch:
composed_of: composed_of:
- metrics-endpoint.metrics@package - metrics-endpoint.metrics@package
- metrics-endpoint.metrics@custom - metrics-endpoint.metrics@custom
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
data_stream: data_stream:
@@ -3597,6 +3610,7 @@ elasticsearch:
composed_of: composed_of:
- metrics-endpoint.policy@package - metrics-endpoint.policy@package
- metrics-endpoint.policy@custom - metrics-endpoint.policy@custom
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
data_stream: data_stream:
@@ -3645,6 +3659,7 @@ elasticsearch:
- metrics-fleet_server.agent_status@package - metrics-fleet_server.agent_status@package
- metrics-fleet_server.agent_status@custom - metrics-fleet_server.agent_status@custom
- ecs@mappings - ecs@mappings
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
data_stream: data_stream:
@@ -3668,6 +3683,7 @@ elasticsearch:
- metrics-fleet_server.agent_versions@package - metrics-fleet_server.agent_versions@package
- metrics-fleet_server.agent_versions@custom - metrics-fleet_server.agent_versions@custom
- ecs@mappings - ecs@mappings
- so-fleet_integrations.ip_mappings-1
- so-fleet_globals-1 - so-fleet_globals-1
- so-fleet_agent_id_verification-1 - so-fleet_agent_id_verification-1
data_stream: data_stream:
@@ -3715,6 +3731,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -3827,6 +3844,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -3939,6 +3957,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -4051,6 +4070,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -4163,6 +4183,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings
@@ -4276,6 +4297,7 @@ elasticsearch:
- http-mappings - http-mappings
- dtc-http-mappings - dtc-http-mappings
- log-mappings - log-mappings
- metadata-mappings
- network-mappings - network-mappings
- dtc-network-mappings - dtc-network-mappings
- observer-mappings - observer-mappings

26
salt/elasticsearch/templates/component/ecs/metadata.json Normal file
View File

@@ -0,0 +1,26 @@
{
"template": {
"mappings": {
"dynamic_templates": [],
"properties": {
"metadata": {
"properties": {
"kafka": {
"properties": {
"timestamp": {
"type": "date"
}
}
}
}
}
}
}
},
"_meta": {
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-log.html",
"ecs_version": "1.12.2"
}
}
}

15
salt/elasticsearch/templates/component/elastic-agent/so-fleet_globals-1.json
View File

@@ -5,6 +5,7 @@
"managed_by": "security_onion", "managed_by": "security_onion",
"managed": true "managed": true
}, },
"date_detection": false,
"dynamic_templates": [ "dynamic_templates": [
{ {
"strings_as_keyword": { "strings_as_keyword": {
@@ -16,7 +17,19 @@
} }
} }
], ],
"date_detection": false "properties": {
"metadata": {
"properties": {
"kafka": {
"properties": {
"timestamp": {
"type": "date"
}
}
}
}
}
}
} }
}, },
"_meta": { "_meta": {

32
salt/elasticsearch/templates/component/elastic-agent/so-fleet_integrations.ip_mappings-1.json
View File

@@ -3,28 +3,41 @@
"mappings": { "mappings": {
"properties": { "properties": {
"host": { "host": {
"properties":{ "properties": {
"ip": { "ip": {
"type": "ip" "type": "ip"
} }
} }
}, },
"related": { "related": {
"properties":{ "properties": {
"ip": { "ip": {
"type": "ip" "type": "ip"
} }
} }
}, },
"destination": { "destination": {
"properties":{ "properties": {
"ip": { "ip": {
"type": "ip" "type": "ip"
} }
} }
}, },
"source": { "source": {
"properties":{ "properties": {
"ip": {
"type": "ip"
}
}
},
"metadata": {
"properties": {
"input": {
"properties": {
"beats": {
"properties": {
"host": {
"properties": {
"ip": { "ip": {
"type": "ip" "type": "ip"
} }
@@ -34,4 +47,13 @@
} }
} }
} }
}
}
}
}
},
"_meta": {
"managed_by": "security_onion",
"managed": true
}
}