CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add additional .text subfield mappings

Browse Source
This commit is contained in:
Wes Lambert
2022-02-25 16:27:37 +00:00
parent be80f0530c
commit 61dadc6249
7 changed files with 224 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
salt/elasticsearch/templates/component/ecs/aws.json
View File

@@ -13,8 +13,7 @@
"additional_eventdata": { "additional_eventdata": {
"fields": { "fields": {
"text": { "text": {
"norms": false, "type": "match_only_text"
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -228,8 +227,7 @@
"request_parameters": { "request_parameters": {
"fields": { "fields": {
"text": { "text": {
"norms": false, "type": "match_only_text"
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -269,8 +267,7 @@
"response_elements": { "response_elements": {
"fields": { "fields": {
"text": { "text": {
"norms": false, "type": "match_only_text"
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -279,8 +276,7 @@
"service_event_details": { "service_event_details": {
"fields": { "fields": {
"text": { "text": {
"norms": false, "type": "match_only_text"
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -406,7 +402,12 @@
"properties": { "properties": {
"message": { "message": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },

7
salt/elasticsearch/templates/component/ecs/base.json
View File

@@ -13,7 +13,12 @@
"type": "object" "type": "object"
}, },
"message": { "message": {
"type": "match_only_text" "type": "match_only_text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tags": { "tags": {
"ignore_above": 1024, "ignore_above": 1024,

7
salt/elasticsearch/templates/component/ecs/cyberark.json
View File

@@ -534,7 +534,12 @@
}, },
"reason": { "reason": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rfc5424": { "rfc5424": {
"type": "boolean" "type": "boolean"

12
salt/elasticsearch/templates/component/ecs/logstash.json
View File

@@ -45,8 +45,7 @@
"thread": { "thread": {
"fields": { "fields": {
"text": { "text": {
"norms": false, "type": "match_only_text"
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -59,8 +58,7 @@
"event": { "event": {
"fields": { "fields": {
"text": { "text": {
"norms": false, "type": "match_only_text"
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -87,8 +85,7 @@
"plugin_params": { "plugin_params": {
"fields": { "fields": {
"text": { "text": {
"norms": false, "type": "match_only_text"
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,
@@ -109,8 +106,7 @@
"thread": { "thread": {
"fields": { "fields": {
"text": { "text": {
"norms": false, "type": "match_only_text"
"type": "text"
} }
}, },
"ignore_above": 1024, "ignore_above": 1024,

210
salt/elasticsearch/templates/component/ecs/misp.json
View File

@@ -12,7 +12,12 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -47,11 +52,21 @@
"properties": { "properties": {
"aliases": { "aliases": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"first_seen": { "first_seen": {
"type": "date" "type": "date"
@@ -92,7 +107,12 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -118,11 +138,21 @@
"properties": { "properties": {
"contact_information": { "contact_information": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -175,18 +205,33 @@
"properties": { "properties": {
"aliases": { "aliases": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"first_seen": { "first_seen": {
"type": "date" "type": "date"
}, },
"goals": { "goals": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -211,15 +256,30 @@
}, },
"primary_motivation": { "primary_motivation": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resource_level": { "resource_level": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"secondary_motivations": { "secondary_motivations": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -227,7 +287,12 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -280,7 +345,12 @@
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -346,7 +416,12 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -377,7 +452,12 @@
}, },
"object_refs": { "object_refs": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"published": { "published": {
"type": "date" "type": "date"
@@ -388,15 +468,30 @@
"properties": { "properties": {
"aliases": { "aliases": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"goals": { "goals": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -427,27 +522,57 @@
}, },
"personal_motivations": { "personal_motivations": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"primary_motivation": { "primary_motivation": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resource_level": { "resource_level": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"roles": { "roles": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"secondary_motivations": { "secondary_motivations": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sophistication": { "sophistication": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -491,11 +616,21 @@
}, },
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"feed": { "feed": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -602,7 +737,12 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -615,7 +755,12 @@
}, },
"kill_chain_phases": { "kill_chain_phases": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"labels": { "labels": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -650,7 +795,12 @@
"properties": { "properties": {
"description": { "description": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,

7
salt/elasticsearch/templates/component/ecs/o365.json
View File

@@ -165,7 +165,12 @@
}, },
"Comments": { "Comments": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"CommunicationType": { "CommunicationType": {
"ignore_above": 1024, "ignore_above": 1024,

14
salt/elasticsearch/templates/component/ecs/zeek.json
View File

@@ -1333,7 +1333,12 @@
}, },
"email_body_sections": { "email_body_sections": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email_delay_tokens": { "email_delay_tokens": {
"ignore_above": 1024, "ignore_above": 1024,
@@ -1453,7 +1458,12 @@
}, },
"peer_descr": { "peer_descr": {
"norms": false, "norms": false,
"type": "text" "type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"peer_name": { "peer_name": {
"ignore_above": 1024, "ignore_above": 1024,