From a90bc9dba9befbceb1d371f3c97e6f5c11b183d5 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 14 Jan 2022 16:58:53 -0500 Subject: [PATCH 1/2] Add mapping for scan.pe.sections.entropy --- .../templates/so/so-common-template.json.jinja | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/salt/elasticsearch/templates/so/so-common-template.json.jinja b/salt/elasticsearch/templates/so/so-common-template.json.jinja index b61f3764d..b5f196243 100644 --- a/salt/elasticsearch/templates/so/so-common-template.json.jinja +++ b/salt/elasticsearch/templates/so/so-common-template.json.jinja @@ -734,7 +734,18 @@ "properties":{ "exiftool":{ "type":"text" - } + }, + "pe":{ + "properties":{ + "sections":{ + "properties":{ + "entropy":{ + "type": "float" + } + } + } + } + } } }, "server":{ From c512351dd6cdbde6239141de16adebe3d90d1155 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 14 Jan 2022 17:01:13 -0500 Subject: [PATCH 2/2] Add mapping for scan.exiftool and scan.pe.sections.entropy --- .../templates/so/so-case-template.json.jinja | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/salt/elasticsearch/templates/so/so-case-template.json.jinja b/salt/elasticsearch/templates/so/so-case-template.json.jinja index e85367113..d05cc9852 100644 --- a/salt/elasticsearch/templates/so/so-case-template.json.jinja +++ b/salt/elasticsearch/templates/so/so-case-template.json.jinja @@ -244,6 +244,26 @@ "message": { "type": "text" }, + "scan":{ + "type":"object", + "dynamic": true, + "properties":{ + "exiftool":{ + "type":"text" + }, + "pe":{ + "properties":{ + "sections":{ + "properties":{ + "entropy":{ + "type": "float" + } + } + } + } + } + } + }, "tags": { "type": "keyword", "ignore_above": 1024