From 699371a4d78bcb11277dec37890cef30c2b30d29 Mon Sep 17 00:00:00 2001
From: Dustin Lee <dlee35@gmail.com>
Date: Fri, 11 Oct 2019 08:36:44 -0400
Subject: [PATCH 1/3] logstash: add beats template used in latest SO

---
 salt/logstash/etc/beats-template.json | 42 ++++++++++++---------------
 1 file changed, 19 insertions(+), 23 deletions(-)

diff --git a/salt/logstash/etc/beats-template.json b/salt/logstash/etc/beats-template.json
index 0dc51f81e..0e831aa52 100644
--- a/salt/logstash/etc/beats-template.json
+++ b/salt/logstash/etc/beats-template.json
@@ -27,24 +27,6 @@
             "path_match": "docker.container.labels.*"
           }
         },
-        {
-          "event_data": {
-            "mapping": {
-              "type": "keyword"
-            },
-            "match_mapping_type": "string",
-            "path_match": "event_data.*"
-          }
-        },
-        {
-          "user_data": {
-            "mapping": {
-              "type": "keyword"
-            },
-            "match_mapping_type": "string",
-            "path_match": "user_data.*"
-          }
-        },
         {
           "strings_as_keyword": {
             "mapping": {
@@ -59,7 +41,15 @@
         "@timestamp": {
           "type": "date"
         },
-        "activity_id": {
+        "event_data": {
+          "type":"object",
+          "dynamic": true	
+	},
+        "beat_host": {
+          "type":"object",
+          "dynamic": true	
+	},
+	"activity_id": {
           "ignore_above": 1024,
           "type": "keyword"
         },
@@ -83,6 +73,14 @@
             }
           }
         },
+	"username":{
+          "type":"text",
+          "fields": {
+            "keyword":{
+              "type":"keyword"
+            }
+          }
+        },
         "computer_name": {
           "type": "text",
           "fields":{
@@ -129,9 +127,6 @@
             }
           }
         },
-        "event_data": {
-          "type": "object"
-        },
         "event_id": {
           "type": "long"
         },
@@ -283,7 +278,8 @@
           }
         },
         "user_data": {
-          "type": "object"
+          "type": "object",
+          "dynamic": "true"
         },
         "version": {
           "type": "keyword"

From 96ec2863dc9ef050c24b2d5f2f9f5e7dfde393d0 Mon Sep 17 00:00:00 2001
From: Dustin Lee <dlee35@gmail.com>
Date: Fri, 11 Oct 2019 08:37:09 -0400
Subject: [PATCH 2/3] fleet-launcher: rm container after run

---
 salt/fleet/so-fleet-setup.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/salt/fleet/so-fleet-setup.sh b/salt/fleet/so-fleet-setup.sh
index 817ffaf99..7691b1eb2 100644
--- a/salt/fleet/so-fleet-setup.sh
+++ b/salt/fleet/so-fleet-setup.sh
@@ -24,7 +24,9 @@ cat /etc/pki/fleet.crt /etc/pki/ca.crt > /etc/pki/launcher.crt
 #Create the output directory
 mkdir /opt/so/conf/fleet/packages
 
+#At some point we should version launcher `latest` to avoid hard pinning here
 docker run \
+  --rm \
   --mount type=bind,source=/opt/so/conf/fleet/packages,target=/output \
   --mount type=bind,source=/etc/pki/launcher.crt,target=/var/launcher/launcher.crt \
   soshybridhunter/so-fleet-launcher:HH1.1.0 "$esecret" "$1":8080

From 564da2e581031a8284c451af24f26ddda23ba855 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Fri, 11 Oct 2019 09:26:21 -0400
Subject: [PATCH 3/3] Readme Update - Fix spelling error

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5ff646e00..c13c1741c 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ Distributed:
 - Minimum 4 CPU cores per VM
 - Minimum 2 NICs for forward nodes
 
-### Prerequisites for Netowrk Based Install
+### Prerequisites for Network Based Install
 
 Install git if using a Centos 7 Minimal install: