CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add additional .text subfield mappings

Browse Source
This commit is contained in:
Wes Lambert
2022-02-25 16:27:37 +00:00
parent be80f0530c
commit 61dadc6249
7 changed files with 224 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
salt/elasticsearch/templates/component/ecs/aws.json
View File

@@ -13,8 +13,7 @@
"additional_eventdata": {
"fields": {
"text": {
"norms": false,
"type": "text"
"type": "match_only_text"
}
},
"ignore_above": 1024,
@@ -228,8 +227,7 @@
"request_parameters": {
"fields": {
"text": {
"norms": false,
"type": "text"
"type": "match_only_text"
}
},
"ignore_above": 1024,
@@ -269,8 +267,7 @@
"response_elements": {
"fields": {
"text": {
"norms": false,
"type": "text"
"type": "match_only_text"
}
},
"ignore_above": 1024,
@@ -279,8 +276,7 @@
"service_event_details": {
"fields": {
"text": {
"norms": false,
"type": "text"
"type": "match_only_text"
}
},
"ignore_above": 1024,
@@ -406,7 +402,12 @@
"properties": {
"message": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},

5
salt/elasticsearch/templates/component/ecs/base.json
View File

@@ -13,7 +13,12 @@
"type": "object"
},
"message": {
"type": "match_only_text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"tags": {
"ignore_above": 1024,

7
salt/elasticsearch/templates/component/ecs/cyberark.json
View File

@@ -534,7 +534,12 @@
},
"reason": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"rfc5424": {
"type": "boolean"

12
salt/elasticsearch/templates/component/ecs/logstash.json
View File

@@ -45,8 +45,7 @@
"thread": {
"fields": {
"text": {
"norms": false,
"type": "text"
"type": "match_only_text"
}
},
"ignore_above": 1024,
@@ -59,8 +58,7 @@
"event": {
"fields": {
"text": {
"norms": false,
"type": "text"
"type": "match_only_text"
}
},
"ignore_above": 1024,
@@ -87,8 +85,7 @@
"plugin_params": {
"fields": {
"text": {
"norms": false,
"type": "text"
"type": "match_only_text"
}
},
"ignore_above": 1024,
@@ -109,8 +106,7 @@
"thread": {
"fields": {
"text": {
"norms": false,
"type": "text"
"type": "match_only_text"
}
},
"ignore_above": 1024,

210
salt/elasticsearch/templates/component/ecs/misp.json
View File

@@ -12,7 +12,12 @@
"properties": {
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -47,11 +52,21 @@
"properties": {
"aliases": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"first_seen": {
"type": "date"
@@ -92,7 +107,12 @@
"properties": {
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -118,11 +138,21 @@
"properties": {
"contact_information": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -175,18 +205,33 @@
"properties": {
"aliases": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"first_seen": {
"type": "date"
},
"goals": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -211,15 +256,30 @@
},
"primary_motivation": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"resource_level": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"secondary_motivations": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
@@ -227,7 +287,12 @@
"properties": {
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -280,7 +345,12 @@
},
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -346,7 +416,12 @@
"properties": {
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -377,7 +452,12 @@
},
"object_refs": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"published": {
"type": "date"
@@ -388,15 +468,30 @@
"properties": {
"aliases": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"goals": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -427,27 +522,57 @@
},
"personal_motivations": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"primary_motivation": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"resource_level": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"secondary_motivations": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"sophistication": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
@@ -491,11 +616,21 @@
},
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"feed": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -602,7 +737,12 @@
"properties": {
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,
@@ -615,7 +755,12 @@
},
"kill_chain_phases": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"labels": {
"ignore_above": 1024,
@@ -650,7 +795,12 @@
"properties": {
"description": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"id": {
"ignore_above": 1024,

7
salt/elasticsearch/templates/component/ecs/o365.json
View File

@@ -165,7 +165,12 @@
},
"Comments": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"CommunicationType": {
"ignore_above": 1024,

14
salt/elasticsearch/templates/component/ecs/zeek.json
View File

@@ -1333,7 +1333,12 @@
},
"email_body_sections": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"email_delay_tokens": {
"ignore_above": 1024,
@@ -1453,7 +1458,12 @@
},
"peer_descr": {
"norms": false,
"type": "text"
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"peer_name": {
"ignore_above": 1024,