From 2a9caccc7cabe6616c58c11c24a80bfbffb535ec Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 1 Mar 2022 18:43:24 +0000 Subject: [PATCH 1/2] Revert "Add additional .text subfield mappings" This reverts commit 61dadc62497779b7aea72818e06951c7b8cbca8e. --- .../templates/component/ecs/aws.json | 19 +- .../templates/component/ecs/base.json | 7 +- .../templates/component/ecs/cyberark.json | 7 +- .../templates/component/ecs/logstash.json | 12 +- .../templates/component/ecs/misp.json | 210 +++--------------- .../templates/component/ecs/o365.json | 7 +- .../templates/component/ecs/zeek.json | 14 +- 7 files changed, 52 insertions(+), 224 deletions(-) diff --git a/salt/elasticsearch/templates/component/ecs/aws.json b/salt/elasticsearch/templates/component/ecs/aws.json index 689b74ac2..10c7dd45b 100644 --- a/salt/elasticsearch/templates/component/ecs/aws.json +++ b/salt/elasticsearch/templates/component/ecs/aws.json @@ -13,7 +13,8 @@ "additional_eventdata": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -227,7 +228,8 @@ "request_parameters": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -267,7 +269,8 @@ "response_elements": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -276,7 +279,8 @@ "service_event_details": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -402,12 +406,7 @@ "properties": { "message": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" } } }, diff --git a/salt/elasticsearch/templates/component/ecs/base.json b/salt/elasticsearch/templates/component/ecs/base.json index 7bba4285c..77594f68d 100644 --- a/salt/elasticsearch/templates/component/ecs/base.json +++ b/salt/elasticsearch/templates/component/ecs/base.json @@ -13,12 +13,7 @@ "type": "object" }, "message": { - "type": "match_only_text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "match_only_text" }, "tags": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/cyberark.json b/salt/elasticsearch/templates/component/ecs/cyberark.json index b0277fa0b..4ed88aa6f 100644 --- a/salt/elasticsearch/templates/component/ecs/cyberark.json +++ b/salt/elasticsearch/templates/component/ecs/cyberark.json @@ -534,12 +534,7 @@ }, "reason": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "rfc5424": { "type": "boolean" diff --git a/salt/elasticsearch/templates/component/ecs/logstash.json b/salt/elasticsearch/templates/component/ecs/logstash.json index 0db82492e..2120a0902 100644 --- a/salt/elasticsearch/templates/component/ecs/logstash.json +++ b/salt/elasticsearch/templates/component/ecs/logstash.json @@ -45,7 +45,8 @@ "thread": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -58,7 +59,8 @@ "event": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -85,7 +87,8 @@ "plugin_params": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, @@ -106,7 +109,8 @@ "thread": { "fields": { "text": { - "type": "match_only_text" + "norms": false, + "type": "text" } }, "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/misp.json b/salt/elasticsearch/templates/component/ecs/misp.json index 1d186db3a..d0c7aa519 100644 --- a/salt/elasticsearch/templates/component/ecs/misp.json +++ b/salt/elasticsearch/templates/component/ecs/misp.json @@ -12,12 +12,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -52,21 +47,11 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "first_seen": { "type": "date" @@ -107,12 +92,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -138,21 +118,11 @@ "properties": { "contact_information": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -205,33 +175,18 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "first_seen": { "type": "date" }, "goals": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -256,30 +211,15 @@ }, "primary_motivation": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "resource_level": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "secondary_motivations": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" } } }, @@ -287,12 +227,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -345,12 +280,7 @@ }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -416,12 +346,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -452,12 +377,7 @@ }, "object_refs": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "published": { "type": "date" @@ -468,30 +388,15 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "goals": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -522,57 +427,27 @@ }, "personal_motivations": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "primary_motivation": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "resource_level": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "roles": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "secondary_motivations": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "sophistication": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" } } }, @@ -616,21 +491,11 @@ }, "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "feed": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -737,12 +602,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, @@ -755,12 +615,7 @@ }, "kill_chain_phases": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "labels": { "ignore_above": 1024, @@ -795,12 +650,7 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "id": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/o365.json b/salt/elasticsearch/templates/component/ecs/o365.json index 6c093534d..a7df16b97 100644 --- a/salt/elasticsearch/templates/component/ecs/o365.json +++ b/salt/elasticsearch/templates/component/ecs/o365.json @@ -165,12 +165,7 @@ }, "Comments": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "CommunicationType": { "ignore_above": 1024, diff --git a/salt/elasticsearch/templates/component/ecs/zeek.json b/salt/elasticsearch/templates/component/ecs/zeek.json index c79a9efdf..d9dd7aa32 100644 --- a/salt/elasticsearch/templates/component/ecs/zeek.json +++ b/salt/elasticsearch/templates/component/ecs/zeek.json @@ -1333,12 +1333,7 @@ }, "email_body_sections": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "email_delay_tokens": { "ignore_above": 1024, @@ -1458,12 +1453,7 @@ }, "peer_descr": { "norms": false, - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "text" }, "peer_name": { "ignore_above": 1024, From 5489b8559d046f60e3aa919a719837715f335e1d Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 1 Mar 2022 18:44:00 +0000 Subject: [PATCH 2/2] Revert "Switch from .security to match_only_text" This reverts commit f7862af934f3fbde4031edc2fa3d4297c80b1132. --- .../templates/component/ecs/agent.json | 44 +- .../templates/component/ecs/aws.json | 581 +--- .../templates/component/ecs/azure.json | 798 +----- .../templates/component/ecs/base.json | 9 +- .../templates/component/ecs/cef.json | 1036 ++------ .../templates/component/ecs/checkpoint.json | 2331 +++-------------- .../templates/component/ecs/cisco.json | 707 +---- .../templates/component/ecs/client.json | 170 +- .../templates/component/ecs/cloud.json | 79 +- .../templates/component/ecs/container.json | 37 +- .../templates/component/ecs/cyberark.json | 434 +-- .../templates/component/ecs/data_stream.json | 2 +- .../templates/component/ecs/destination.json | 170 +- .../templates/component/ecs/dll.json | 135 +- .../templates/component/ecs/dns.json | 107 +- .../templates/component/ecs/ecs.json | 9 +- .../component/ecs/elasticsearch.json | 9 +- .../templates/component/ecs/error.json | 23 +- .../templates/component/ecs/event.json | 121 +- .../templates/component/ecs/file.json | 492 +--- .../templates/component/ecs/fortinet.json | 2121 +++------------ .../templates/component/ecs/gcp.json | 287 +- .../component/ecs/google_workspace.json | 840 +----- .../templates/component/ecs/group.json | 23 +- .../templates/component/ecs/host.json | 212 +- .../templates/component/ecs/http.json | 44 +- .../templates/component/ecs/juniper.json | 490 +--- .../templates/component/ecs/kibana.json | 84 +- .../templates/component/ecs/log.json | 58 +- .../templates/component/ecs/logstash.json | 42 +- .../templates/component/ecs/microsoft.json | 364 +-- .../templates/component/ecs/misp.json | 357 +-- .../templates/component/ecs/netflow.json | 329 +-- .../templates/component/ecs/network.json | 86 +- .../templates/component/ecs/o365.json | 602 +---- .../templates/component/ecs/observer.json | 247 +- .../templates/component/ecs/okta.json | 322 +-- .../templates/component/ecs/orchestrator.json | 65 +- .../templates/component/ecs/organization.json | 9 +- .../templates/component/ecs/package.json | 79 +- .../templates/component/ecs/process.json | 534 +--- .../templates/component/ecs/redis.json | 28 +- .../templates/component/ecs/registry.json | 44 +- .../templates/component/ecs/related.json | 23 +- .../templates/component/ecs/rule.json | 72 +- .../templates/component/ecs/server.json | 170 +- .../templates/component/ecs/service.json | 65 +- .../templates/component/ecs/snyk.json | 126 +- .../templates/component/ecs/sophos.json | 966 +------ .../templates/component/ecs/source.json | 170 +- .../templates/component/ecs/suricata.json | 476 +--- .../templates/component/ecs/syslog.json | 14 +- .../templates/component/ecs/threat.json | 1885 ++----------- .../templates/component/ecs/tls.json | 443 +--- .../templates/component/ecs/tracing.json | 23 +- .../templates/component/ecs/url.json | 72 +- .../templates/component/ecs/user.json | 226 +- .../templates/component/ecs/user_agent.json | 58 +- .../component/ecs/vulnerability.json | 65 +- .../templates/component/ecs/winlog.json | 938 +------ .../templates/component/ecs/zeek.json | 2135 +++------------ .../component/so/common-dynamic-mappings.json | 99 +- 62 files changed, 3289 insertions(+), 19298 deletions(-) diff --git a/salt/elasticsearch/templates/component/ecs/agent.json b/salt/elasticsearch/templates/component/ecs/agent.json index 656237f47..4c7f8738e 100644 --- a/salt/elasticsearch/templates/component/ecs/agent.json +++ b/salt/elasticsearch/templates/component/ecs/agent.json @@ -12,63 +12,33 @@ "properties": { "original": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "ephemeral_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/aws.json b/salt/elasticsearch/templates/component/ecs/aws.json index 10c7dd45b..ccea31e27 100644 --- a/salt/elasticsearch/templates/component/ecs/aws.json +++ b/salt/elasticsearch/templates/component/ecs/aws.json @@ -22,12 +22,7 @@ }, "api_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "console_login": { "properties": { @@ -35,12 +30,7 @@ "properties": { "login_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mfa_used": { "type": "boolean" @@ -68,57 +58,27 @@ }, "previous_hash_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "previous_s3_bucket": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_fingerprint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "s3_bucket": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "s3_object": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "start_time": { "type": "date" @@ -127,48 +87,23 @@ }, "error_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "error_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "flattened": { "properties": { @@ -191,39 +126,19 @@ }, "management_event": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "read_only": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "recipient_account_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request_parameters": { "fields": { @@ -239,30 +154,15 @@ "properties": { "account_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -288,41 +188,21 @@ }, "shared_event_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_identity": { "properties": { "access_key_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "invoked_by": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_context": { "properties": { @@ -331,50 +211,25 @@ }, "mfa_authenticated": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_issuer": { "properties": { "account_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "principal_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -382,23 +237,13 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "vpc_endpoint_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -414,12 +259,7 @@ "properties": { "ip_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -427,12 +267,7 @@ "properties": { "action_executed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "backend": { "properties": { @@ -442,12 +277,7 @@ "properties": { "status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -455,21 +285,11 @@ }, "ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "port": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -484,41 +304,21 @@ "properties": { "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "serial": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "classification_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connection_time": { "properties": { @@ -531,68 +331,33 @@ "properties": { "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "incoming_tls_alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "listener": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "matched_rule_priority": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "redirect_url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request_processing_time": { "properties": { @@ -610,52 +375,27 @@ }, "ssl_cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssl_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target_group": { "properties": { "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "target_port": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target_status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tls_handshake_time": { "properties": { @@ -666,30 +406,15 @@ }, "tls_named_group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "trace_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -697,150 +422,75 @@ "properties": { "authentication_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "bucket": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "bucket_owner": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "bytes_sent": { "type": "long" }, "cipher_suite": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "error_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "host_header": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "host_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_status": { "type": "long" }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "object_size": { "type": "long" }, "operation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "referrer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "remote_ip": { "type": "ip" }, "request_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request_uri": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "requester": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tls_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "total_time": { "type": "long" @@ -850,21 +500,11 @@ }, "user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -872,48 +512,23 @@ "properties": { "account_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "instance_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "interface_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "log_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "pkt_dstaddr": { "type": "ip" @@ -923,57 +538,27 @@ }, "subnet_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tcp_flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tcp_flags_array": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vpc_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/azure.json b/salt/elasticsearch/templates/component/ecs/azure.json index d9a3adc70..5e1acaae5 100644 --- a/salt/elasticsearch/templates/component/ecs/azure.json +++ b/salt/elasticsearch/templates/component/ecs/azure.json @@ -12,21 +12,11 @@ "properties": { "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identity": { "properties": { @@ -34,79 +24,39 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "evidence": { "properties": { "principal_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "principal_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "role_assignment_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "role_assignment_scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "role_definition_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -121,48 +71,23 @@ "properties": { "fullname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "givenname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "schema": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "surname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -170,33 +95,18 @@ }, "operation_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "properties": { "type": "flattened" }, "result_signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -204,39 +114,19 @@ "properties": { "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "properties": { "properties": { @@ -245,39 +135,19 @@ }, "activity_display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "correlation_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "initiated_by": { "properties": { @@ -285,39 +155,19 @@ "properties": { "appId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "displayName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "servicePrincipalId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "servicePrincipalName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -325,39 +175,19 @@ "properties": { "displayName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ipAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "userPrincipalName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -365,39 +195,19 @@ }, "logged_by_service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target_resources": { "properties": { @@ -405,30 +215,15 @@ "properties": { "display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ip_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "modified_properties": { "properties": { @@ -436,30 +231,15 @@ "properties": { "display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -467,21 +247,11 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_principal_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -491,53 +261,28 @@ }, "result_signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "consumer_group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "correlation_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "enqueued_time": { "type": "date" }, "eventhub": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "offset": { "type": "long" @@ -549,123 +294,58 @@ "properties": { "ActivityId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Caller": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Cloud": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Environment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "EventTimeString": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ScaleUnit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ccpNamespace": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "properties": { "type": "flattened" }, "result_signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -673,57 +353,27 @@ "properties": { "authorization_rule": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "namespace": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -734,169 +384,84 @@ "properties": { "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "properties": { "properties": { "app_display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authentication_processing_details": { "type": "flattened" }, "authentication_requirement": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authentication_requirement_policies": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "autonomous_system_number": { "type": "long" }, "client_app_used": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "conditional_access_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "correlation_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "created_at": { "type": "date" }, "cross_tenant_access_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "device_detail": { "properties": { "browser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "device_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operating_system": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "trust_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -905,21 +470,11 @@ }, "home_tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "is_interactive": { "type": "boolean" @@ -929,123 +484,58 @@ }, "original_request_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "processing_time_ms": { "type": "float" }, "resource_display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resource_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resource_tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "risk_detail": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "risk_event_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "risk_event_types_v2": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "risk_level_aggregated": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "risk_level_during_signin": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "risk_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "service_principal_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "service_principal_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sso_extension_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "properties": { @@ -1056,115 +546,55 @@ }, "token_issuer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "token_issuer_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_principal_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "result_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result_signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "subscription_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/base.json b/salt/elasticsearch/templates/component/ecs/base.json index 77594f68d..f409ed95a 100644 --- a/salt/elasticsearch/templates/component/ecs/base.json +++ b/salt/elasticsearch/templates/component/ecs/base.json @@ -17,14 +17,9 @@ }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/cef.json b/salt/elasticsearch/templates/component/ecs/cef.json index 40911af50..376fbf26a 100644 --- a/salt/elasticsearch/templates/component/ecs/cef.json +++ b/salt/elasticsearch/templates/component/ecs/cef.json @@ -12,39 +12,19 @@ "properties": { "event_class_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -52,138 +32,68 @@ "properties": { "Reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentAddress": { "type": "ip" }, "agentDnsDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentHostName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentMacAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentNtDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentReceiptTime": { "type": "date" }, "agentTimeZone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentTranslatedAddress": { "type": "ip" }, "agentTranslatedZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentTranslatedZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agentZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "applicationProtocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "baseEventCount": { "type": "long" @@ -196,114 +106,54 @@ }, "categoryBehavior": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "categoryDeviceGroup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "categoryDeviceType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "categoryObject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "categoryOutcome": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "categorySignificance": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "categoryTechnique": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cp_app_risk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cp_severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "customerExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "customerURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationAddress": { "type": "ip" }, "destinationDnsDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationGeoLatitude": { "type": "double" @@ -313,30 +163,15 @@ }, "destinationHostName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationMacAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationNtDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationPort": { "type": "long" @@ -346,21 +181,11 @@ }, "destinationProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationServiceName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationTranslatedAddress": { "type": "ip" @@ -370,75 +195,35 @@ }, "destinationTranslatedZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationTranslatedZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationUserName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationUserPrivileges": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destinationZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceAction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceAddress": { "type": "ip" @@ -448,444 +233,229 @@ }, "deviceCustomDate1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomDate2": { "type": "date" }, "deviceCustomDate2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomFloatingPoint1": { "type": "double" }, "deviceCustomFloatingPoint1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomFloatingPoint2": { "type": "double" }, "deviceCustomFloatingPoint2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomFloatingPoint3": { "type": "double" }, "deviceCustomFloatingPoint3Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomFloatingPoint4": { "type": "double" }, "deviceCustomFloatingPoint4Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomIPv6Address1": { "type": "ip" }, "deviceCustomIPv6Address1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomIPv6Address2": { "type": "ip" }, "deviceCustomIPv6Address2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomIPv6Address3": { "type": "ip" }, "deviceCustomIPv6Address3Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomIPv6Address4": { "type": "ip" }, "deviceCustomIPv6Address4Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomNumber1": { "type": "long" }, "deviceCustomNumber1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomNumber2": { "type": "long" }, "deviceCustomNumber2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomNumber3": { "type": "long" }, "deviceCustomNumber3Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString2": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString3": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString3Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString4": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString4Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString5Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString6": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceCustomString6Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceDirection": { "type": "long" }, "deviceDnsDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceEventCategory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceExternalId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceFacility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceFlexNumber1": { "type": "long" }, "deviceFlexNumber1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceFlexNumber2": { "type": "long" }, "deviceFlexNumber2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceHostName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceInboundInterface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceMacAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceNtDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceOutboundInterface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "devicePayloadId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceProcessId": { "type": "long" }, "deviceProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceReceiptTime": { "type": "date" }, "deviceTimeZone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceTranslatedAddress": { "type": "ip" }, "deviceTranslatedZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceTranslatedZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "endTime": { "type": "date" @@ -895,435 +465,210 @@ }, "eventOutcome": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "externalId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fileCreateTime": { "type": "date" }, "fileHash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fileId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fileModificationTime": { "type": "date" }, "filePath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filePermission": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fileSize": { "type": "long" }, "fileType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "flexDate1": { "type": "date" }, "flexDate1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "flexString1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "flexString1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "flexString2": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "flexString2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ifname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "inzone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "layer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "layer_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "logid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "loguid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "managerReceiptTime": { "type": "date" }, "match_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat_addtnl_rulenum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat_rulenum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldFileCreateTime": { "type": "date" }, "oldFileHash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldFileId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldFileModificationTime": { "type": "date" }, "oldFileName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldFilePath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldFilePermission": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldFileSize": { "type": "long" }, "oldFileType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "origin": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "originsicname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "outzone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "parent_rule": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rawEvent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "requestClientApplication": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "requestContext": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "requestCookies": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "requestMethod": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "requestUrl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rule_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rule_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sequencenum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "service_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceAddress": { "type": "ip" }, "sourceDnsDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceGeoLatitude": { "type": "double" @@ -1333,30 +678,15 @@ }, "sourceHostName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceMacAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceNtDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourcePort": { "type": "long" @@ -1366,21 +696,11 @@ }, "sourceProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceServiceName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceTranslatedAddress": { "type": "ip" @@ -1390,119 +710,59 @@ }, "sourceTranslatedZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceTranslatedZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceUserName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceUserPrivileges": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "startTime": { "type": "date" }, "transportProtocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "type": "long" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/checkpoint.json b/salt/elasticsearch/templates/component/ecs/checkpoint.json index 52a8c0e4c..bb2f8f6de 100644 --- a/salt/elasticsearch/templates/component/ecs/checkpoint.json +++ b/salt/elasticsearch/templates/component/ecs/checkpoint.json @@ -13,576 +13,276 @@ }, "action_reason_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "additional_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "additional_ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "additional_rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "allocated_ports": { "type": "long" }, "analyzed_on": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "answer_rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "anti_virus_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_id": { "type": "long" }, "app_package": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_properties": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_repackaged": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_risk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_sid_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_sig_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "appi_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "arrival_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attachments_num": { "type": "long" }, "attack_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "audit_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "auth_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authority_rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authorization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "bcc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "blade_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "broker_publisher": { "type": "ip" }, "browse_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "c_bytes": { "type": "long" }, "calc_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "capacity": { "type": "long" }, "capture_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "certificate_resource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "certificate_validation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cgnet": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "chunk_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_type_os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cluster_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "community": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "confidence_level": { "type": "long" }, "connection_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connectivity_level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connectivity_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "conns_amount": { "type": "long" }, "content_disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "content_length": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "content_risk": { "type": "long" }, "content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "context_num": { "type": "long" }, "cookie": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cookieI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cookieR": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cp_message": { "type": "long" }, "cvpn_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cvpn_resource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "data_type_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dce-rpc_interface_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "delivery_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destination_object": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "detected_on": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "developer_certificate_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "diameter_app_ID": { "type": "long" @@ -592,114 +292,54 @@ }, "diameter_msg_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_action_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_additional_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_categories": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_data_type_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_data_type_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_fingerprint_files_number": { "type": "long" }, "dlp_fingerprint_long_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_fingerprint_short_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_incident_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_recipients": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_related_incident_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_relevant_data_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_repository_directories_number": { "type": "long" @@ -709,12 +349,7 @@ }, "dlp_repository_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_repository_not_scanned_directories_percentage": { "type": "long" @@ -724,12 +359,7 @@ }, "dlp_repository_root_path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_repository_scan_progress": { "type": "long" @@ -754,120 +384,55 @@ }, "dlp_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_template_score": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_transint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_violation_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_watermark_profile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dlp_word_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dns_query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "drop_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dropped_file_hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dropped_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dropped_file_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dropped_file_verdict": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dropped_incoming": { "type": "long" @@ -883,444 +448,204 @@ }, "dst_country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_phone_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstkeyid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "duplicate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "duration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "elapsed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_content": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_control": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_control_analysis": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_headers": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_queue_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_queue_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_recipients_num": { "type": "long" }, "email_session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_spam_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_spool_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email_subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "emulated_on": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "encryption_failure": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "end_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "end_user_firewall_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "esod_access_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "esod_associated_policies": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "esod_noncompliance_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "esod_rule_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "esod_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "esod_rule_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "esod_scan_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_count": { "type": "long" }, "expire_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extension_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extracted_file_hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extracted_file_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extracted_file_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extracted_file_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extracted_file_verdict": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "failure_impact": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "failure_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "files_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "first_hit_time": { "type": "long" }, "frequency": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fs-proto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ftp_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fw_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fw_subproduct": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hide_ip": { "type": "ip" @@ -1330,108 +655,53 @@ }, "host_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_location": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "https_inspection_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "https_inspection_rule_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "https_inspection_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "https_validation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icap_more_info": { "type": "long" }, "icap_server_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icap_server_service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icap_service_id": { "type": "long" }, "icmp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp_code": { "type": "long" @@ -1444,147 +714,67 @@ }, "identity_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ike": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ike_ids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "impacted_files": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incident_extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "indicator_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "indicator_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "indicator_reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "indicator_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "information": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "inspection_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "inspection_item": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "inspection_profile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "inspection_settings_log": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "installed_products": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "int_end": { "type": "long" @@ -1594,30 +784,15 @@ }, "integrity_av_invoke_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "interface_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "internal_error": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "invalid_file_size": { "type": "long" @@ -1627,42 +802,22 @@ }, "isp_link": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_hit_time": { "type": "long" }, "last_rematch_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "layer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "layer_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "limit_applied": { "type": "long" @@ -1672,12 +827,7 @@ }, "link_probing_status_update": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "links_num": { "type": "long" @@ -1690,39 +840,19 @@ }, "logid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "long_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "machine": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "malware_family": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "match_fk": { "type": "long" @@ -1732,12 +862,7 @@ }, "matched_file": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "matched_file_percentage": { "type": "long" @@ -1747,234 +872,109 @@ }, "media_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message_size": { "type": "long" }, "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "methods": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mime_from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mime_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mirror_and_decrypt_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_collection": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_command_and_control": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_credential_access": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_defense_evasion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_discovery": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_execution": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_exfiltration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_impact": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_initial_access": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_lateral_movement": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_persistence": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_privilege_escalation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "monitor_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "msgid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat46": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat_addtnl_rulenum": { "type": "long" }, "nat_exhausted_pool": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat_rulenum": { "type": "long" @@ -1984,162 +984,77 @@ }, "next_hop_ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "next_scheduled_scan_date": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "number_of_errors": { "type": "long" }, "objecttable": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "objecttype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "observable_comment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "observable_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "observable_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "origin_sic_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original_queue_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "outgoing_url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "packet_amount": { "type": "long" }, "packet_capture_unique_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "parent_file_hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "parent_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "parent_file_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "parent_process_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "parent_rule": { "type": "long" @@ -2149,117 +1064,57 @@ }, "peer_ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "peer_ip_probing_status_update": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "performance_impact": { "type": "long" }, "policy_mgmt": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ports_usage": { "type": "long" }, "ppp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "precise_error": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "process_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "properties": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protection_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protection_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "proxy_machine_name": { "type": "long" @@ -2269,123 +1124,58 @@ }, "proxy_user_dn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "proxy_user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "question_rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "referrer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "referrer_parent_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "referrer_self_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registered_ip-phones": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reject_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reject_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rematch_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "remediated_files": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reply_status": { "type": "long" }, "risk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rpc_prog": { "type": "long" @@ -2395,24 +1185,14 @@ }, "rule_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rulebase_id": { "type": "long" }, "scan_direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scan_hosts_day": { "type": "long" @@ -2425,399 +1205,184 @@ }, "scan_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scan_mail": { "type": "long" }, "scan_result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scan_results": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scheme": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scrub_activity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scrub_download_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scrub_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scrub_total_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scrubbed_content": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sctp_association_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sctp_error": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scv_message_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scv_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "securexl_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sensor_mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "short_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sig_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "similar_communication": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "similar_hashes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "similar_strings": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "similiar_iocs": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sip_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "site_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_object": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "special_properties": { "type": "long" }, "specific_data_type_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "speed": { "type": "long" }, "spyware_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "spyware_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "spyware_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_phone_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_user_dn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srckeyid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status_update": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sub_policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sub_policy_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subs_exp": { "type": "date" @@ -2827,135 +1392,65 @@ }, "summary": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "suppressed_logs": { "type": "long" }, "sync": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sys_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tcp_end_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tcp_flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tcp_packet_out_of_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tcp_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "te_verdict_determined_by": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "termination_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ticket_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tls_server_host_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_archive_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "total_attachments": { "type": "long" }, "triggered_by": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "trusted_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "unique_detected_day": { "type": "long" @@ -2968,234 +1463,109 @@ }, "update_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vendor_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "verdict": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "via": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virus_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_attach_action_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_attach_sz": { "type": "long" }, "voip_call_dir": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_call_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_call_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_call_term_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_config": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_duration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_est_codec": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_exp": { "type": "long" }, "voip_from_user_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_log_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_media_codec": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_media_ipp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_media_port": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_reason_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_reg_int": { "type": "long" @@ -3211,66 +1581,31 @@ }, "voip_reg_user_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_reject_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "voip_to_user_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vpn_feature_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "watermark": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "web_server_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "word_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/cisco.json b/salt/elasticsearch/templates/component/ecs/cisco.json index fcbd6db6f..3800b79fc 100644 --- a/salt/elasticsearch/templates/component/ecs/cisco.json +++ b/salt/elasticsearch/templates/component/ecs/cisco.json @@ -17,21 +17,11 @@ "properties": { "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "short_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -39,12 +29,7 @@ "properties": { "arguments": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -55,12 +40,7 @@ }, "connector_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "external_ip": { "type": "ip" @@ -72,61 +52,31 @@ }, "connector_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "detection": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "detection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "error": { "properties": { "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "error_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "event_type_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file": { "properties": { @@ -134,41 +84,21 @@ "properties": { "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identity": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -178,64 +108,34 @@ "properties": { "application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attacked_module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "base_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "indicators": { "type": "flattened" }, "suspicious_files": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "parent": { "properties": { "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -243,52 +143,27 @@ }, "group_guids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_tactics": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_techniques": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "network_info": { "properties": { "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nfm": { "properties": { "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -296,23 +171,13 @@ "properties": { "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identify": { "properties": { "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -320,21 +185,11 @@ "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -346,21 +201,11 @@ "properties": { "cve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -371,12 +216,7 @@ }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "malicious_detections": { "type": "long" @@ -405,69 +245,34 @@ }, "incident_hunt_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incident_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incident_remediation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incident_report_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incident_start_time": { "type": "date" }, "incident_summary": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incident_title": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tactics": { "type": "flattened" @@ -494,122 +299,57 @@ "properties": { "avg_rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "configured_avg_rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "configured_rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cumulative_count": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "current_rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "object": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "command_line_arguments": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connection_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dap_records": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destination_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destination_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp_code": { "type": "short" @@ -619,12 +359,7 @@ }, "mapped_destination_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mapped_destination_ip": { "type": "ip" @@ -634,12 +369,7 @@ }, "mapped_source_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mapped_source_ip": { "type": "ip" @@ -649,135 +379,65 @@ }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "privilege": { "properties": { "new": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "old": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "suffix": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "termination_initiator": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "termination_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threat_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threat_level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tunnel_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "webvpn": { "properties": { "group_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -787,48 +447,23 @@ "properties": { "connection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connection_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dap_records": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destination_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destination_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp_code": { "type": "short" @@ -838,12 +473,7 @@ }, "mapped_destination_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mapped_destination_ip": { "type": "ip" @@ -853,12 +483,7 @@ }, "mapped_source_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mapped_source_ip": { "type": "ip" @@ -868,98 +493,48 @@ }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "security": { "type": "object" }, "source_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "suffix": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "termination_initiator": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "termination_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threat_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threat_level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "webvpn": { "properties": { "group_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -969,21 +544,11 @@ "properties": { "access_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "facility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -991,129 +556,59 @@ "properties": { "amp_disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "amp_malware_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "amp_score": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "av_detections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "blocked_categories": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "categories": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "datacenter": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identities": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identity_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "origin_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "policy_identity_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "puas": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha_sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/client.json b/salt/elasticsearch/templates/component/ecs/client.json index acac41413..7f5a2169e 100644 --- a/salt/elasticsearch/templates/component/ecs/client.json +++ b/salt/elasticsearch/templates/component/ecs/client.json @@ -10,12 +10,7 @@ "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "as": { "properties": { @@ -42,107 +37,52 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -151,12 +91,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat": { "properties": { @@ -176,50 +111,25 @@ }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -234,50 +144,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -290,12 +175,7 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -304,4 +184,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/cloud.json b/salt/elasticsearch/templates/component/ecs/cloud.json index 1f6bdea8f..f41ab4a8f 100644 --- a/salt/elasticsearch/templates/component/ecs/cloud.json +++ b/salt/elasticsearch/templates/component/ecs/cloud.json @@ -12,52 +12,27 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "availability_zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "instance": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -65,12 +40,7 @@ "properties": { "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -78,52 +48,27 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "service": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -132,4 +77,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/container.json b/salt/elasticsearch/templates/component/ecs/container.json index 0421ac6ed..bd5ce8113 100644 --- a/salt/elasticsearch/templates/component/ecs/container.json +++ b/salt/elasticsearch/templates/component/ecs/container.json @@ -10,32 +10,17 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "image": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -44,25 +29,15 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "runtime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/cyberark.json b/salt/elasticsearch/templates/component/ecs/cyberark.json index 4ed88aa6f..20e90f6ea 100644 --- a/salt/elasticsearch/templates/component/ecs/cyberark.json +++ b/salt/elasticsearch/templates/component/ecs/cyberark.json @@ -12,511 +12,241 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ca_properties": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpm_disabled": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpm_error_details": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpm_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "creation_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "customer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "database": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "device_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dual_account_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "group_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "in_process": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "index": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_fail_date": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_success_change": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_success_reconciliation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_success_verification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_task": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "logon_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "other": { "type": "flattened" }, "policy_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "port": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "privcloud": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reset_immediately": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "retries_count": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sequence_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_dn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virtual_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extra_details": { "properties": { "ad_process_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ad_process_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connection_component_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "logon_account": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "managed_account": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "other": { "type": "flattened" }, "process_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "process_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "psmid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_duration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "file": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "gateway_station": { "type": "ip" }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "iso_timestamp": { "type": "date" }, "issuer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "doc_values": false, "ignore_above": 4096, "index": false, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "pvwa_details": { "type": "flattened" @@ -525,12 +255,7 @@ "doc_values": false, "ignore_above": 4096, "index": false, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reason": { "norms": false, @@ -541,69 +266,34 @@ }, "safe": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "station": { "type": "ip" }, "target_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/data_stream.json b/salt/elasticsearch/templates/component/ecs/data_stream.json index fdbb58044..dfbfe3f51 100644 --- a/salt/elasticsearch/templates/component/ecs/data_stream.json +++ b/salt/elasticsearch/templates/component/ecs/data_stream.json @@ -22,4 +22,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/destination.json b/salt/elasticsearch/templates/component/ecs/destination.json index 6f5d7f024..4fac31200 100644 --- a/salt/elasticsearch/templates/component/ecs/destination.json +++ b/salt/elasticsearch/templates/component/ecs/destination.json @@ -10,12 +10,7 @@ "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "as": { "properties": { @@ -42,107 +37,52 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -151,12 +91,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat": { "properties": { @@ -176,50 +111,25 @@ }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -234,50 +144,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -290,12 +175,7 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -304,4 +184,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/dll.json b/salt/elasticsearch/templates/component/ecs/dll.json index a48de33c3..84667a6b9 100644 --- a/salt/elasticsearch/templates/component/ecs/dll.json +++ b/salt/elasticsearch/templates/component/ecs/dll.json @@ -12,51 +12,26 @@ "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -73,133 +48,63 @@ "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "pe": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -208,4 +113,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/dns.json b/salt/elasticsearch/templates/component/ecs/dns.json index d7cb39afc..321a061f5 100644 --- a/salt/elasticsearch/templates/component/ecs/dns.json +++ b/salt/elasticsearch/templates/component/ecs/dns.json @@ -12,128 +12,63 @@ "properties": { "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ttl": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "object" }, "header_flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "op_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "question": { "properties": { "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -142,25 +77,15 @@ }, "response_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/ecs.json b/salt/elasticsearch/templates/component/ecs/ecs.json index 1dcbe7c7c..9abfcf61c 100644 --- a/salt/elasticsearch/templates/component/ecs/ecs.json +++ b/salt/elasticsearch/templates/component/ecs/ecs.json @@ -10,16 +10,11 @@ "properties": { "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/elasticsearch.json b/salt/elasticsearch/templates/component/ecs/elasticsearch.json index 77594f68d..f409ed95a 100644 --- a/salt/elasticsearch/templates/component/ecs/elasticsearch.json +++ b/salt/elasticsearch/templates/component/ecs/elasticsearch.json @@ -17,14 +17,9 @@ }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/error.json b/salt/elasticsearch/templates/component/ecs/error.json index 077cbe9c9..c33f580ab 100644 --- a/salt/elasticsearch/templates/component/ecs/error.json +++ b/salt/elasticsearch/templates/component/ecs/error.json @@ -10,21 +10,11 @@ "properties": { "code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message": { "type": "match_only_text" @@ -39,16 +29,11 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/event.json b/salt/elasticsearch/templates/component/ecs/event.json index ea9c74cc9..0d43760a2 100644 --- a/salt/elasticsearch/templates/component/ecs/event.json +++ b/salt/elasticsearch/templates/component/ecs/event.json @@ -10,51 +10,26 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "agent_id_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "created": { "type": "date" }, "dataset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "duration": { "type": "long" @@ -64,88 +39,43 @@ }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ingested": { "type": "date" }, "kind": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original": { "doc_values": false, "index": false, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "outcome": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "risk_score": { "type": "float" @@ -164,34 +94,19 @@ }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/file.json b/salt/elasticsearch/templates/component/ecs/file.json index 38b32aefe..6242cc324 100644 --- a/salt/elasticsearch/templates/component/ecs/file.json +++ b/salt/elasticsearch/templates/component/ecs/file.json @@ -13,62 +13,32 @@ }, "attributes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "code_signature": { "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -89,59 +59,29 @@ }, "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "directory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "drive_letter": { "ignore_above": 1, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "elf": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -153,69 +93,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -232,42 +137,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -282,177 +167,87 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "gid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "inode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mtime": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "owner": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "fields": { @@ -467,66 +262,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -544,97 +304,47 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -646,21 +356,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -672,97 +372,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -771,4 +421,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/fortinet.json b/salt/elasticsearch/templates/component/ecs/fortinet.json index 48d12654e..1f9b7496d 100644 --- a/salt/elasticsearch/templates/component/ecs/fortinet.json +++ b/salt/elasticsearch/templates/component/ecs/fortinet.json @@ -14,12 +14,7 @@ "properties": { "crc32": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -29,213 +24,103 @@ "properties": { "acct_stat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "acktime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "act": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "activity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "addr": { "type": "ip" }, "addr_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "addrgrp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "adgroup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "admin": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "age": { "type": "long" }, "agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "alarmid": { "type": "long" }, "alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "analyticscksum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "analyticssubmit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ap": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app-type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "appact": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "appid": { "type": "long" }, "applist": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "apprisk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "apscan": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "apsn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "apstatus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "aptype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "assigned": { "type": "ip" @@ -245,39 +130,19 @@ }, "attachment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attack": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attackcontext": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attackcontextid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attackid": { "type": "long" @@ -287,222 +152,107 @@ }, "auditscore": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "audittime": { "type": "long" }, "authgrp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authproto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authserver": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "bandwidth": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "banned_rule": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "banned_src": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "banword": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "botnetdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "botnetip": { "type": "ip" }, "bssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "call_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "carrier_ep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cat": { "type": "long" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cdrcontent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "centralnatid": { "type": "long" }, "cert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cert-type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "certhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cfgattr": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cfgobj": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cfgpath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cfgtid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cfgtxpower": { "type": "long" @@ -512,153 +262,73 @@ }, "channeltype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "chassisid": { "type": "long" }, "checksum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "chgheaders": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cldobjid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_addr": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cloudaction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "clouduser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "column": { "type": "long" }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "community": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "configcountry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connection_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "conserve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "constraint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "contentdisarmed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "contenttype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cookies": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "count": { "type": "long" @@ -710,156 +380,76 @@ }, "crl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "crlevel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "crscore": { "type": "long" }, "cveid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "daemon": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "datarange": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "date": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ddnsserver": { "type": "ip" }, "desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "detectionmethod": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "devcategory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "devintfname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "devtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dhcp_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dintf": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "disk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "disklograte": { "type": "long" }, "dlpextra": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "docsource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "domainctrlauthstate": { "type": "long" @@ -869,294 +459,144 @@ }, "domainctrldomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "domainctrlip": { "type": "ip" }, "domainctrlname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "domainctrlprotocoltype": { "type": "long" }, "domainctrlusername": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "domainfilteridx": { "type": "long" }, "domainfilterlist": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ds": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_int": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstcountry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstdevcategory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstdevtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstfamily": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dsthwvendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dsthwversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstinetsvc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstintfrole": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstosname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstosversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstserver": { "type": "long" }, "dstssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstswversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstunauthusersource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstuuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "duid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "eapolcnt": { "type": "long" }, "eapoltype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "encrypt": { "type": "long" }, "encryption": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "epoch": { "type": "long" }, "espauth": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "esptransform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "eventtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exch": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exchange": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "expectedsignature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "expiry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fams_pause": { "type": "long" @@ -1166,159 +606,79 @@ }, "fctemssn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fctuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "field": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filefilter": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filehashsrc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filtercat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filteridx": { "type": "long" }, "filtername": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filtertype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fortiguardresp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "forwardedfor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fqdn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "frametype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "freediskstorage": { "type": "long" }, "from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "from_vcluster": { "type": "long" }, "fsaverdict": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fwserver_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "gateway": { "type": "ip" }, "green": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "groupid": { "type": "long" @@ -1328,108 +688,53 @@ }, "ha_group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ha_role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "handshake": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hbdn_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "highcount": { "type": "long" }, "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "iaid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmpcode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmpid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmptype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identifier": { "type": "long" }, "in_spi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incidentserialno": { "type": "long" @@ -1442,87 +747,42 @@ }, "informationsource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "init": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "initiator": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "intf": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "invalidmac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ip": { "type": "ip" }, "iptype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "keyword": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "kind": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "lanin": { "type": "long" @@ -1535,24 +795,14 @@ }, "license_limit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "limit": { "type": "long" }, "line": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "live": { "type": "long" @@ -1562,72 +812,37 @@ }, "log": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "login": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "lowcount": { "type": "long" }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "malform_data": { "type": "long" }, "malform_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "manuf": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "masterdstmac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mastersrcmac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mediumcount": { "type": "long" @@ -1637,135 +852,65 @@ }, "meshmode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mgmtcnt": { "type": "long" }, "mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "monitor-name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "monitor-type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mpsk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "msgproto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mtu": { "type": "long" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "netid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "new_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "newchannel": { "type": "long" @@ -1781,33 +926,18 @@ }, "nf_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "noise": { "type": "long" }, "old_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldchannel": { "type": "long" @@ -1820,156 +950,76 @@ }, "oldsn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldwprof": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "onwire": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "opercountry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "opertxpower": { "type": "long" }, "osname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "osversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "out_spi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "outintf": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "passedcount": { "type": "long" }, "passwd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "peer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "peer_notif": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "phase2_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "phone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "pid": { "type": "long" }, "policytype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "poolname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "port": { "type": "long" @@ -1982,105 +1032,55 @@ }, "probeproto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "process": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "processtime": { "type": "long" }, "profile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "profile_vd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "profilegroup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "profiletype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "qtypeval": { "type": "long" }, "quarskip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "quotaexceeded": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "quotamax": { "type": "long" }, "quotatype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "quotaused": { "type": "long" }, "radioband": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "radioid": { "type": "long" @@ -2093,165 +1093,80 @@ }, "rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rawdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rawdataid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rcvddelta": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "received": { "type": "long" }, "receivedsignature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "red": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "referralurl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "remote": { "type": "ip" }, "remotewtptime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reporttype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reqtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rssi": { "type": "long" }, "rsso_key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ruledata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ruletype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scanned": { "type": "long" @@ -2261,93 +1176,43 @@ }, "scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "security": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sensitivity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sensor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sentdelta": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "seq": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "serial": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "serialno": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sessionid": { "type": "long" @@ -2357,12 +1222,7 @@ }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "shaperdroprcvdbyte": { "type": "long" @@ -2375,30 +1235,15 @@ }, "shaperperipname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "shaperrcvdname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "shapersentname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "shapingpolicyid": { "type": "long" @@ -2414,354 +1259,164 @@ }, "sn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "snclosest": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sndetected": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "snmeshparent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "spi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_int": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srccountry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srcfamily": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srchwvendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srchwversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srcinetsvc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srcintfrole": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srcname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srcserver": { "type": "long" }, "srcssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srcswversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srcuuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sscname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sslaction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssllocal": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sslremote": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "stacount": { "type": "long" }, "stage": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "stamac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "stitch": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "submodule": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subservice": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "suspicious": { "type": "long" }, "switchproto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sync_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sync_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sysuptime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tamac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threattype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "to_vcluster": { "type": "long" @@ -2774,42 +1429,22 @@ }, "trace_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "trandisp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "transid": { "type": "long" }, "translationid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "trigger": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "trueclntip": { "type": "ip" @@ -2822,39 +1457,19 @@ }, "tunneltype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ui": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "unauthusersource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "unit": { "type": "long" @@ -2864,30 +1479,15 @@ }, "urlfilterlist": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "urlsource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "urltype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "used": { "type": "long" @@ -2897,39 +1497,19 @@ }, "utmaction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "utmref": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vap": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vapmode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vcluster": { "type": "long" @@ -2939,150 +1519,75 @@ }, "vcluster_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vdname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vendorurl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virusid": { "type": "long" }, "voip_proto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vpn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vpntunnel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vpntype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vrf": { "type": "long" }, "vulncat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vulnid": { "type": "long" }, "vulnname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vwlid": { "type": "long" }, "vwlquality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vwlservice": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vwpvlanid": { "type": "long" @@ -3092,42 +1597,22 @@ }, "wanoptapptype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "wanout": { "type": "long" }, "weakwepiv": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "xauthgroup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "xauthuser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "xid": { "type": "long" diff --git a/salt/elasticsearch/templates/component/ecs/gcp.json b/salt/elasticsearch/templates/component/ecs/gcp.json index 1ebc9210b..5ac9dcbe4 100644 --- a/salt/elasticsearch/templates/component/ecs/gcp.json +++ b/salt/elasticsearch/templates/component/ecs/gcp.json @@ -14,32 +14,17 @@ "properties": { "authority_selector": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "principal_email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "method_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "num_response_items": { "type": "long" @@ -48,39 +33,19 @@ "properties": { "filter": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "proto_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resource_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -91,12 +56,7 @@ }, "caller_supplied_user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -104,23 +64,13 @@ "properties": { "current_locations": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "resource_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "response": { "properties": { @@ -128,70 +78,35 @@ "properties": { "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "kind": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "proto_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "service_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "properties": { @@ -200,23 +115,13 @@ }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -226,30 +131,15 @@ "properties": { "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -257,30 +147,15 @@ "properties": { "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subnetwork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vpc_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -292,87 +167,42 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destination_range": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "priority": { "type": "long" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_range": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_service_account": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target_service_account": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target_tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -384,30 +214,15 @@ "properties": { "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -415,30 +230,15 @@ "properties": { "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subnetwork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vpc_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -448,12 +248,7 @@ "properties": { "reporter": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rtt": { "properties": { diff --git a/salt/elasticsearch/templates/component/ecs/google_workspace.json b/salt/elasticsearch/templates/component/ecs/google_workspace.json index a15f9d33c..526bd9bb5 100644 --- a/salt/elasticsearch/templates/component/ecs/google_workspace.json +++ b/salt/elasticsearch/templates/component/ecs/google_workspace.json @@ -12,21 +12,11 @@ "properties": { "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -36,12 +26,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -51,23 +36,13 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "scopes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -75,75 +50,35 @@ "properties": { "asp_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "edition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "enabled": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "licences_order_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "licences_purchased": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "package_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -161,21 +96,11 @@ "properties": { "allowed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "enabled": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -183,12 +108,7 @@ "properties": { "session_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -196,39 +116,19 @@ "properties": { "command_details": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -238,21 +138,11 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -262,30 +152,15 @@ "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "secondary_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -298,12 +173,7 @@ }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "recipient": { "properties": { @@ -312,12 +182,7 @@ }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -328,12 +193,7 @@ }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -344,12 +204,7 @@ }, "quarantine_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -360,21 +215,11 @@ }, "package_content": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -382,50 +227,25 @@ "properties": { "dest_email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "level": { "properties": { "chat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "draft": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incoming": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "outgoing": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -433,23 +253,13 @@ }, "field": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "gateway": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -457,70 +267,35 @@ "properties": { "allowed_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "priorities": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "info_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "managed_configuration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mdm": { "properties": { "token": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -530,21 +305,11 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -552,12 +317,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -568,21 +328,11 @@ }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "non_featured_services_selection": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oauth2": { "properties": { @@ -590,30 +340,15 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -621,12 +356,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -634,32 +364,17 @@ }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "org_unit": { "properties": { "full": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -667,12 +382,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -680,12 +390,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -693,12 +398,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -706,21 +406,11 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sku": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -728,12 +418,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -741,12 +426,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -754,21 +434,11 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -776,12 +446,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -789,12 +454,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -802,21 +462,11 @@ "properties": { "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -824,12 +474,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -840,21 +485,11 @@ }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nickname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -862,23 +497,13 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "verification_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -886,55 +511,30 @@ "properties": { "added_role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "billable": { "type": "boolean" }, "destination_folder_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destination_folder_title": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "owner": { "properties": { "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "is_shared_drive": { "type": "boolean" @@ -943,152 +543,72 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "membership_change_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "old_visibility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "originating_app_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "primary_event": { "type": "boolean" }, "removed_role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "shared_drive_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "shared_drive_settings_change_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sheets_import_range_recipient_doc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_folder_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_folder_title": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "visibility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "visibility_change": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1096,12 +616,7 @@ "properties": { "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1109,41 +624,21 @@ "properties": { "acl_permission": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "member": { "properties": { "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1151,108 +646,53 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "moderation_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "setting": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "kind": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "login": { "properties": { "affected_email_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "challenge_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "failure_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "is_second_factor": { "type": "boolean" @@ -1262,12 +702,7 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1275,12 +710,7 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1288,57 +718,27 @@ "properties": { "application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "failure_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "initiated_by": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "orgunit_path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "second_level_status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/group.json b/salt/elasticsearch/templates/component/ecs/group.json index 7c7888228..ed40b4d9f 100644 --- a/salt/elasticsearch/templates/component/ecs/group.json +++ b/salt/elasticsearch/templates/component/ecs/group.json @@ -10,34 +10,19 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/host.json b/salt/elasticsearch/templates/component/ecs/host.json index b7d5c49f7..cf69aad56 100644 --- a/salt/elasticsearch/templates/component/ecs/host.json +++ b/salt/elasticsearch/templates/component/ecs/host.json @@ -10,12 +10,7 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpu": { "properties": { @@ -45,148 +40,73 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ip": { "type": "ip" }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "network": { "properties": { @@ -216,12 +136,7 @@ "properties": { "family": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full": { "fields": { @@ -234,12 +149,7 @@ }, "kernel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -252,41 +162,21 @@ }, "platform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uptime": { "type": "long" @@ -295,21 +185,11 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -324,50 +204,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -380,12 +235,7 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -394,4 +244,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/http.json b/salt/elasticsearch/templates/component/ecs/http.json index fc05e9cb9..d6164a191 100644 --- a/salt/elasticsearch/templates/component/ecs/http.json +++ b/salt/elasticsearch/templates/component/ecs/http.json @@ -30,39 +30,19 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "referrer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -88,12 +68,7 @@ }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status_code": { "type": "long" @@ -102,16 +77,11 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/juniper.json b/salt/elasticsearch/templates/component/ecs/juniper.json index 406a792d4..33a5f61d6 100644 --- a/salt/elasticsearch/templates/component/ecs/juniper.json +++ b/salt/elasticsearch/templates/component/ecs/juniper.json @@ -12,102 +12,47 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "action_detail": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "apbr_rule_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_characteristics": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_sub_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attack_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_ip": { "type": "ip" @@ -117,165 +62,85 @@ }, "connection_tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "context_hit_rate": { "type": "long" }, "context_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "context_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "context_value_hit_rate": { "type": "long" }, "ddos_application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dscp_value": { "type": "long" }, "dst_nat_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_nat_rule_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_vrf_grp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "elapsed_time": { "type": "date" }, "encrypted": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "epoch_time": { "type": "date" }, "error_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "error_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "export_id": { "type": "long" }, "feed_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_hash_lookup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp_type": { "type": "long" @@ -288,84 +153,39 @@ }, "index": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "logical_system_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "malware_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat_connection_tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nested_application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "obj": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "occur_count": { "type": "long" @@ -387,12 +207,7 @@ }, "peer_session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "peer_source_address": { "type": "ip" @@ -402,258 +217,118 @@ }, "policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "process": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "profile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "profile_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocol_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocol_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "repeat_count": { "type": "long" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "routing_instance": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ruleebase_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sample_sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "secure_web_proxy_session_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "service_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_id_32": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_nat_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_nat_rule_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_vrf_grp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sub_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "temporary_filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "th": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threat_severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "time_count": { "type": "long" @@ -663,24 +338,14 @@ }, "time_scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uplink_rx_bytes": { "type": "long" @@ -690,33 +355,18 @@ }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "verdict_number": { "type": "long" }, "verdict_source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/kibana.json b/salt/elasticsearch/templates/component/ecs/kibana.json index 2c2193501..d1ea67de7 100644 --- a/salt/elasticsearch/templates/component/ecs/kibana.json +++ b/salt/elasticsearch/templates/component/ecs/kibana.json @@ -10,48 +10,23 @@ "properties": { "add_to_spaces": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authentication_provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authentication_realm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authentication_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "delete_from_spaces": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "log": { "properties": { @@ -60,72 +35,37 @@ }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "lookup_realm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "saved_object": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "space_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/log.json b/salt/elasticsearch/templates/component/ecs/log.json index 1479c5fc7..e79661b5e 100644 --- a/salt/elasticsearch/templates/component/ecs/log.json +++ b/salt/elasticsearch/templates/component/ecs/log.json @@ -12,32 +12,17 @@ "properties": { "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "logger": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "origin": { "properties": { @@ -48,35 +33,20 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "function": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "original": { "doc_values": false, "index": false, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "syslog": { "properties": { @@ -87,12 +57,7 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -106,12 +71,7 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -123,4 +83,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/logstash.json b/salt/elasticsearch/templates/component/ecs/logstash.json index 2120a0902..ecfb17551 100644 --- a/salt/elasticsearch/templates/component/ecs/logstash.json +++ b/salt/elasticsearch/templates/component/ecs/logstash.json @@ -14,33 +14,18 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "object" }, "module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "pipeline_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "thread": { "fields": { @@ -68,21 +53,11 @@ }, "module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "plugin_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "plugin_params": { "fields": { @@ -99,12 +74,7 @@ }, "plugin_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "thread": { "fields": { diff --git a/salt/elasticsearch/templates/component/ecs/microsoft.json b/salt/elasticsearch/templates/component/ecs/microsoft.json index d7431fbe8..512b99c79 100644 --- a/salt/elasticsearch/templates/component/ecs/microsoft.json +++ b/salt/elasticsearch/templates/component/ecs/microsoft.json @@ -12,142 +12,72 @@ "properties": { "assignedTo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "determination": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "evidence": { "properties": { "aadUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "accountName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "domainName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "entityType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ipAddress": { "type": "ip" }, "userPrincipalName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "incidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "investigationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "investigationState": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "lastUpdateTime": { "type": "date" }, "rbacGroupName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resolvedTime": { "type": "date" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threatFamilyName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -157,51 +87,26 @@ "properties": { "actorName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "assignedTo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "creationTime": { "type": "date" }, "detectionSource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "determination": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "devices": { "type": "flattened" @@ -210,310 +115,145 @@ "properties": { "accountName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "clusterBy": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deliveryAction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deviceId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "entityType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ipAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mailboxAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mailboxDisplayName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "recipient": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registryHive": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registryKey": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registryValueType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "securityGroupId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "securityGroupName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sender": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "incidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "investigationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "investigationState": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "lastUpdatedTime": { "type": "date" }, "mitreTechniques": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resolvedTime": { "type": "date" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threatFamilyName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "userSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "assignedTo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "determination": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "incidentName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "investigationState": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "redirectIncidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/misp.json b/salt/elasticsearch/templates/component/ecs/misp.json index d0c7aa519..8150371ec 100644 --- a/salt/elasticsearch/templates/component/ecs/misp.json +++ b/salt/elasticsearch/templates/component/ecs/misp.json @@ -16,30 +16,15 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "kill_chain_phases": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -58,33 +43,18 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_seen": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "objective": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -96,21 +66,11 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -126,48 +86,23 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identity_class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sectors": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -190,24 +125,14 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_seen": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "primary_motivation": { "norms": false, @@ -231,39 +156,19 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "kill_chain_phases": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -271,12 +176,7 @@ "properties": { "authors": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "norms": false, @@ -284,30 +184,15 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "object_refs": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "summary": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -318,12 +203,7 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "last_observed": { "type": "date" @@ -333,12 +213,7 @@ }, "objects": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -350,30 +225,15 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "object_refs": { "norms": false, @@ -400,30 +260,15 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "personal_motivations": { "norms": false, @@ -455,39 +300,19 @@ "properties": { "attack_pattern": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attack_pattern_kql": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "campaign": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "confidence": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "norms": false, @@ -499,87 +324,42 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "intrusion_set": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "kill_chain_phases": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_tactic": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mitre_technique": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "negate": { "type": "boolean" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threat_actor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "valid_from": { "type": "date" @@ -589,12 +369,7 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -606,12 +381,7 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "kill_chain_phases": { "norms": false, @@ -619,30 +389,15 @@ }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tool_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -654,21 +409,11 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/netflow.json b/salt/elasticsearch/templates/component/ecs/netflow.json index 0e96c0cd6..10f34c3d4 100644 --- a/salt/elasticsearch/templates/component/ecs/netflow.json +++ b/salt/elasticsearch/templates/component/ecs/netflow.json @@ -34,51 +34,26 @@ }, "application_category_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_group_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_id": { "type": "short" }, "application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_sub_category_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "bgp_destination_as_number": { "type": "long" @@ -109,12 +84,7 @@ }, "class_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "classification_engine_id": { "type": "short" @@ -181,12 +151,7 @@ }, "destination_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "destination_transport_port": { "type": "long" @@ -217,24 +182,14 @@ }, "dot1q_customer_destination_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dot1q_customer_priority": { "type": "short" }, "dot1q_customer_source_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dot1q_customer_vlan_id": { "type": "long" @@ -298,12 +253,7 @@ }, "encrypted_technology": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "engine_id": { "type": "short" @@ -348,12 +298,7 @@ "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_id": { "type": "long" @@ -521,69 +466,34 @@ }, "http_content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_message_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_reason_phrase": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_request_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_request_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_request_target": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http_status_code": { "type": "long" }, "http_user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp_code_ipv4": { "type": "short" @@ -626,12 +536,7 @@ }, "information_element_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "information_element_id": { "type": "long" @@ -641,12 +546,7 @@ }, "information_element_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "information_element_range_begin": { "type": "long" @@ -689,21 +589,11 @@ }, "interface_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "interface_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "intermediate_process_id": { "type": "long" @@ -851,12 +741,7 @@ }, "metro_evc_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "metro_evc_type": { "type": "short" @@ -869,54 +754,29 @@ }, "mib_context_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mib_index_indicator": { "type": "long" }, "mib_module_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mib_object_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mib_object_identifier": { "type": "short" }, "mib_object_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mib_object_syntax": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mib_object_value_bits": { "type": "short" @@ -974,21 +834,11 @@ }, "mobile_imsi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mobile_msisdn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "monitoring_interval_end_milli_seconds": { "type": "date" @@ -1079,12 +929,7 @@ }, "nat_pool_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat_quota_exceeded_event": { "type": "long" @@ -1118,12 +963,7 @@ }, "observation_domain_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "observation_point_id": { "type": "long" @@ -1181,12 +1021,7 @@ }, "p2p_technology": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "packet_delta_count": { "type": "long" @@ -1217,12 +1052,7 @@ }, "post_destination_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "post_dot1q_customer_vlan_id": { "type": "long" @@ -1298,12 +1128,7 @@ }, "post_source_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "post_vlan_id": { "type": "long" @@ -1355,12 +1180,7 @@ }, "sampler_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sampler_random_interval": { "type": "long" @@ -1427,12 +1247,7 @@ }, "selector_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_scope": { "type": "short" @@ -1457,12 +1272,7 @@ }, "source_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source_transport_port": { "type": "long" @@ -1478,12 +1288,7 @@ }, "sta_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "system_init_time_milliseconds": { "type": "date" @@ -1550,21 +1355,11 @@ }, "tunnel_technology": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "udp_destination_port": { "type": "long" @@ -1580,12 +1375,7 @@ }, "user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "value_distribution_method": { "type": "short" @@ -1595,21 +1385,11 @@ }, "virtual_station_interface_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virtual_station_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virtual_station_uuid": { "type": "short" @@ -1622,33 +1402,18 @@ }, "vr_fname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "wlan_channel_id": { "type": "short" }, "wlan_ssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "wtp_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/network.json b/salt/elasticsearch/templates/component/ecs/network.json index 3388e9651..c2e35efd0 100644 --- a/salt/elasticsearch/templates/component/ecs/network.json +++ b/salt/elasticsearch/templates/component/ecs/network.json @@ -10,45 +10,25 @@ "properties": { "application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "bytes": { "type": "long" }, "community_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "forwarded_ip": { "type": "ip" }, "iana_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "inner": { "properties": { @@ -56,21 +36,11 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -79,62 +49,32 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "packets": { "type": "long" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "transport": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vlan": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -143,4 +83,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/o365.json b/salt/elasticsearch/templates/component/ecs/o365.json index a7df16b97..d1bdb29b1 100644 --- a/salt/elasticsearch/templates/component/ecs/o365.json +++ b/salt/elasticsearch/templates/component/ecs/o365.json @@ -12,156 +12,71 @@ "properties": { "AADGroupId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ActorContextId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ActorIpAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ActorUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ActorYammerUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "AlertEntityId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "AlertId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "AlertType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "AppId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ApplicationDisplayName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ApplicationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "AzureActiveDirectoryEventType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ClientAppId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ClientIP": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ClientIPAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ClientInfoString": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Comments": { "norms": false, @@ -169,96 +84,46 @@ }, "CommunicationType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "CorrelationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "CreationTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "CustomUniqueId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DataType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DoNotDistributeEvent": { "type": "boolean" }, "EntityType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ErrorNumber": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "EventData": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "EventSource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ExceptionInfo": { "properties": { @@ -283,78 +148,38 @@ }, "ExternalAccess": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "FromApp": { "type": "boolean" }, "GroupName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ImplicitShare": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "IncidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "InterSystemsId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "InternalLogonType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "IntraSystemId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "IsDocLib": { "type": "boolean" @@ -376,147 +201,67 @@ }, "ItemName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ItemType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ListBaseTemplateType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ListBaseType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ListColor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ListIcon": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ListId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ListItemUniqueId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ListTitle": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LogonError": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LogonType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LogonUserSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MailboxGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MailboxOwnerMasterAccountSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MailboxOwnerSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MailboxOwnerUPN": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Members": { "properties": { @@ -538,57 +283,27 @@ }, "Name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ObjectId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Operation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "OrganizationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "OrganizationName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "OriginatingServer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Parameters": { "properties": { @@ -599,57 +314,27 @@ }, "PolicyId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "RecordType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ResultStatus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SensitiveInfoDetectionIsIncluded": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SessionId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SharePointMetaData": { "properties": { @@ -660,210 +345,95 @@ }, "Site": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SiteUrl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SourceFileExtension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SourceFileName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SourceRelativeUrl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SupportTicketId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetContextId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetUserOrGroupName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetUserOrGroupType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TeamGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TeamName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TemplateTypeId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "UniqueSharingId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "UserAgent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "UserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "UserKey": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "UserType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "WebId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Workload": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "YammerNetworkId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/observer.json b/salt/elasticsearch/templates/component/ecs/observer.json index d760e5210..ecd3b1155 100644 --- a/salt/elasticsearch/templates/component/ecs/observer.json +++ b/salt/elasticsearch/templates/component/ecs/observer.json @@ -14,30 +14,15 @@ "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -45,32 +30,17 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "object" @@ -79,107 +49,52 @@ "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ingress": { "properties": { @@ -187,30 +102,15 @@ "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -218,32 +118,17 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "object" @@ -253,32 +138,17 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os": { "properties": { "family": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full": { "fields": { @@ -291,12 +161,7 @@ }, "kernel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -309,81 +174,41 @@ }, "platform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/okta.json b/salt/elasticsearch/templates/component/ecs/okta.json index 22239efc5..dcfaab1c2 100644 --- a/salt/elasticsearch/templates/component/ecs/okta.json +++ b/salt/elasticsearch/templates/component/ecs/okta.json @@ -12,39 +12,19 @@ "properties": { "alternate_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -52,51 +32,26 @@ "properties": { "authentication_provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "authentication_step": { "type": "long" }, "credential_provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "credential_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "external_session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -104,21 +59,11 @@ "properties": { "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ip": { "type": "ip" @@ -127,41 +72,21 @@ "properties": { "browser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "raw_user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -171,68 +96,33 @@ "properties": { "device_fingerprint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request_uri": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "suspicious_activity": { "properties": { "browser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_city": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_ip": { "type": "ip" @@ -245,39 +135,19 @@ }, "event_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_transaction_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -286,21 +156,11 @@ }, "threat_suspected": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -308,41 +168,21 @@ }, "display_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "outcome": { "properties": { "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -354,42 +194,22 @@ "properties": { "city": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "geolocation": { "type": "geo_point" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -398,21 +218,11 @@ }, "source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -429,12 +239,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -442,35 +247,20 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "is_proxy": { "type": "boolean" }, "isp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target": { "type": "flattened" @@ -479,41 +269,21 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/orchestrator.json b/salt/elasticsearch/templates/component/ecs/orchestrator.json index b7df8e5c4..87f2af201 100644 --- a/salt/elasticsearch/templates/component/ecs/orchestrator.json +++ b/salt/elasticsearch/templates/component/ecs/orchestrator.json @@ -10,96 +10,51 @@ "properties": { "api_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cluster": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "namespace": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resource": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/organization.json b/salt/elasticsearch/templates/component/ecs/organization.json index 1e656a893..b0ea050fa 100644 --- a/salt/elasticsearch/templates/component/ecs/organization.json +++ b/salt/elasticsearch/templates/component/ecs/organization.json @@ -10,12 +10,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -31,4 +26,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/package.json b/salt/elasticsearch/templates/component/ecs/package.json index 6ca0bf6c1..b726f8f7f 100644 --- a/salt/elasticsearch/templates/component/ecs/package.json +++ b/salt/elasticsearch/templates/component/ecs/package.json @@ -10,112 +10,57 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "build_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "checksum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "install_scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "installed": { "type": "date" }, "license": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/process.json b/salt/elasticsearch/templates/component/ecs/process.json index ffb038c59..a95fe6bba 100644 --- a/salt/elasticsearch/templates/component/ecs/process.json +++ b/salt/elasticsearch/templates/component/ecs/process.json @@ -10,12 +10,7 @@ "properties": { "args": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "args_count": { "type": "long" @@ -24,51 +19,26 @@ "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -93,30 +63,15 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -128,69 +83,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -207,42 +127,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -257,42 +157,22 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -301,12 +181,7 @@ }, "entity_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "executable": { "fields": { @@ -324,48 +199,23 @@ "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -382,12 +232,7 @@ "properties": { "args": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "args_count": { "type": "long" @@ -396,51 +241,26 @@ "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -465,30 +285,15 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -500,69 +305,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -579,42 +349,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -629,42 +379,22 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -673,12 +403,7 @@ }, "entity_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "executable": { "fields": { @@ -696,48 +421,23 @@ "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -754,66 +454,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -836,12 +501,7 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -872,66 +532,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -954,12 +579,7 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -989,4 +609,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/redis.json b/salt/elasticsearch/templates/component/ecs/redis.json index 52d1b2cd3..925f55c62 100644 --- a/salt/elasticsearch/templates/component/ecs/redis.json +++ b/salt/elasticsearch/templates/component/ecs/redis.json @@ -12,12 +12,7 @@ "properties": { "role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -25,21 +20,11 @@ "properties": { "args": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cmd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "duration": { "properties": { @@ -53,12 +38,7 @@ }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/registry.json b/salt/elasticsearch/templates/component/ecs/registry.json index 999f0afba..7cfa34ad6 100644 --- a/salt/elasticsearch/templates/component/ecs/registry.json +++ b/salt/elasticsearch/templates/component/ecs/registry.json @@ -12,66 +12,36 @@ "properties": { "bytes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "strings": { "type": "wildcard" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hive": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/related.json b/salt/elasticsearch/templates/component/ecs/related.json index d20d80252..1af1593c8 100644 --- a/salt/elasticsearch/templates/component/ecs/related.json +++ b/salt/elasticsearch/templates/component/ecs/related.json @@ -10,37 +10,22 @@ "properties": { "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hosts": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ip": { "type": "ip" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/rule.json b/salt/elasticsearch/templates/component/ecs/rule.json index 57c7007f7..400c64f6d 100644 --- a/salt/elasticsearch/templates/component/ecs/rule.json +++ b/salt/elasticsearch/templates/component/ecs/rule.json @@ -10,97 +10,47 @@ "properties": { "author": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "license": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ruleset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/server.json b/salt/elasticsearch/templates/component/ecs/server.json index 2255de092..a7587e954 100644 --- a/salt/elasticsearch/templates/component/ecs/server.json +++ b/salt/elasticsearch/templates/component/ecs/server.json @@ -10,12 +10,7 @@ "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "as": { "properties": { @@ -42,107 +37,52 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -151,12 +91,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat": { "properties": { @@ -176,50 +111,25 @@ }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -234,50 +144,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -290,12 +175,7 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -304,4 +184,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/service.json b/salt/elasticsearch/templates/component/ecs/service.json index 5dfabc475..2fbdad6d4 100644 --- a/salt/elasticsearch/templates/component/ecs/service.json +++ b/salt/elasticsearch/templates/component/ecs/service.json @@ -10,92 +10,47 @@ "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "environment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ephemeral_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "node": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/snyk.json b/salt/elasticsearch/templates/component/ecs/snyk.json index 1b4842547..c0c583e5f 100644 --- a/salt/elasticsearch/templates/component/ecs/snyk.json +++ b/salt/elasticsearch/templates/component/ecs/snyk.json @@ -15,21 +15,11 @@ }, "org_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -40,12 +30,7 @@ "properties": { "projects": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -53,62 +38,32 @@ "properties": { "credit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cvss3": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "disclosure_time": { "type": "date" }, "exploit_maturity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identifiers": { "properties": { "alternative": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cwe": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -135,42 +90,22 @@ }, "jira_issue_url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "language": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original_severity": { "type": "long" }, "package": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "package_manager": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "patches": { "type": "flattened" @@ -183,51 +118,26 @@ }, "reachability": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "semver": { "type": "flattened" }, "title": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "unique_severities_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/sophos.json b/salt/elasticsearch/templates/component/ecs/sophos.json index a4b4882ce..a5606f962 100644 --- a/salt/elasticsearch/templates/component/ecs/sophos.json +++ b/salt/elasticsearch/templates/component/ecs/sophos.json @@ -15,21 +15,11 @@ }, "Mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "PHPSESSID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Reports": { "type": "float" @@ -39,210 +29,100 @@ }, "SysLog_SERVER_NAME": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Temp": { "type": "float" }, "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "activityname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ap": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_is_cloud": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "appfilter_policy_id": { "type": "long" }, "application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_filter_policy": { "type": "long" }, "application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_risk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "application_technology": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "appresolvedby": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "auth_client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "auth_mechanism": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "av_policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "backup_mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "branch_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_host_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_physical_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "clients_conn_ssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "collisions": { "type": "long" @@ -255,84 +135,39 @@ }, "connectionname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connectiontype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connevent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "contenttype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "context_match": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "context_prefix": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "context_suffix": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cookie": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "date": { "type": "date" @@ -342,102 +177,47 @@ }, "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "device_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "device_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dictionary_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dir_disp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "domainname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "download_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "download_file_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_country_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_domainname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dst_ip": { "type": "ip" @@ -447,138 +227,68 @@ }, "dstdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstzone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dstzonetype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "duration": { "type": "long" }, "email_subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ep_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "eventid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "eventtime": { "type": "date" }, "eventtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exceptions": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "execution_path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extra": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_size": { "type": "long" }, "filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filepath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "filesize": { "type": "long" @@ -588,90 +298,45 @@ }, "from_email_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ftp_direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ftp_url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ftpcommand": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fw_rule_id": { "type": "long" }, "hb_health": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "httpresponsecode": { "type": "long" }, "iap": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "idle_cpu": { "type": "float" @@ -681,270 +346,125 @@ }, "idp_policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "in_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ipaddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ips_policy_id": { "type": "long" }, "localgateway": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "localnetwork": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "log_component": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "log_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "log_subtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "log_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "login_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mailid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mailsize": { "type": "long" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "newversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "oldversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "out_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "override_authorizer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "override_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "override_token": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "platform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "policy_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "priority": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "quarantine": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "quarantine_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "querystring": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "raw_data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "received_pkts": { "type": "long" @@ -954,12 +474,7 @@ }, "receivederrors": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "receivedkbits": { "type": "long" @@ -969,45 +484,25 @@ }, "red_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "referer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "remote_ip": { "type": "ip" }, "remotenetwork": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "responsetime": { "type": "long" }, "rule_priority": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sent_bytes": { "type": "long" @@ -1017,147 +512,72 @@ }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sessionid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1sum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "site_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sourceip": { "type": "ip" }, "spamaction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sqli": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_country_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_domainname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_ip": { "type": "ip" }, "src_mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "src_port": { "type": "long" }, "srczone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "srczonetype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "start_time": { "type": "date" @@ -1167,72 +587,37 @@ }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "system_cpu": { "type": "float" }, "target": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "threatname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "to_email_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "total_memory": { "type": "long" @@ -1251,156 +636,81 @@ }, "transaction_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "transactionid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "transmitteddrops": { "type": "long" }, "transmittederrors": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "transmittedkbits": { "type": "long" }, "unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "updatedip": { "type": "ip" }, "upload_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "upload_file_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "used": { "type": "long" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_cpu": { "type": "float" }, "user_gp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "users": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vconn_id": { "type": "long" }, "virus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "website": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "xss": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/source.json b/salt/elasticsearch/templates/component/ecs/source.json index b2713b9b7..9408e0133 100644 --- a/salt/elasticsearch/templates/component/ecs/source.json +++ b/salt/elasticsearch/templates/component/ecs/source.json @@ -10,12 +10,7 @@ "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "as": { "properties": { @@ -42,107 +37,52 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -151,12 +91,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nat": { "properties": { @@ -176,50 +111,25 @@ }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -234,50 +144,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -290,12 +175,7 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -304,4 +184,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/suricata.json b/salt/elasticsearch/templates/component/ecs/suricata.json index 6c56d13eb..d824294e9 100644 --- a/salt/elasticsearch/templates/component/ecs/suricata.json +++ b/salt/elasticsearch/templates/component/ecs/suricata.json @@ -14,243 +14,118 @@ "properties": { "affected_product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "attack_target": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "capec_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "classtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "created_at": { "type": "date" }, "cve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cvss_v2_base": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cvss_v2_temporal": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cvss_v3_base": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cvss_v3_temporal": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cwe_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "deployment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "former_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "gid": { "type": "long" }, "hostile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "infected": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "malware": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "metadata": { "type": "flattened" }, "mitre_tool_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "performance_impact": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "priority": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocols": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rev": { "type": "long" }, "rule_source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_id": { "type": "long" }, "signature_severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "updated_at": { "type": "date" @@ -259,39 +134,19 @@ }, "app_proto_expected": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_proto_orig": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_proto_tc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "app_proto_ts": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dns": { "properties": { @@ -300,39 +155,19 @@ }, "rcode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rrname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rrtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ttl": { "type": "long" @@ -342,12 +177,7 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -355,23 +185,13 @@ "properties": { "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "event_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fileinfo": { "properties": { @@ -380,39 +200,19 @@ }, "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "stored": { "type": "boolean" @@ -432,61 +232,31 @@ }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "flow_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "http": { "properties": { "http_content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "redirect": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -498,12 +268,7 @@ }, "in_iface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "pcap_cnt": { "type": "long" @@ -512,30 +277,15 @@ "properties": { "helo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mail_from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rcpt_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -545,21 +295,11 @@ "properties": { "proto_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "software_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -567,21 +307,11 @@ "properties": { "proto_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "software_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -1027,42 +757,22 @@ }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "syn": { "type": "boolean" }, "tcp_flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tcp_flags_tc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tcp_flags_ts": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1070,41 +780,21 @@ "properties": { "fingerprint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuerdn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ja3": { "properties": { "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "string": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1112,21 +802,11 @@ "properties": { "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "string": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1138,42 +818,22 @@ }, "serial": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "session_resumed": { "type": "boolean" }, "sni": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, diff --git a/salt/elasticsearch/templates/component/ecs/syslog.json b/salt/elasticsearch/templates/component/ecs/syslog.json index c4f78bab8..c886589e9 100644 --- a/salt/elasticsearch/templates/component/ecs/syslog.json +++ b/salt/elasticsearch/templates/component/ecs/syslog.json @@ -13,24 +13,14 @@ }, "facility_label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "priority": { "type": "long" }, "severity_label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/ecs/threat.json b/salt/elasticsearch/templates/component/ecs/threat.json index 924981a54..4bed345e1 100644 --- a/salt/elasticsearch/templates/component/ecs/threat.json +++ b/salt/elasticsearch/templates/component/ecs/threat.json @@ -34,32 +34,17 @@ }, "confidence": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -70,62 +55,32 @@ }, "attributes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "code_signature": { "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -146,59 +101,29 @@ }, "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "directory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "drive_letter": { "ignore_above": 1, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "elf": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -210,69 +135,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -289,42 +179,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -339,177 +209,87 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "gid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "inode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mtime": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "owner": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "fields": { @@ -524,66 +304,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -601,97 +346,47 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -703,21 +398,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -729,97 +414,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -832,96 +467,46 @@ "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -935,12 +520,7 @@ "properties": { "tlp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -952,21 +532,11 @@ }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registry": { "properties": { @@ -974,62 +544,32 @@ "properties": { "bytes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "strings": { "type": "wildcard" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hive": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1041,41 +581,21 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "url": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fragment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full": { "fields": { @@ -1095,12 +615,7 @@ }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "type": "wildcard" @@ -1110,57 +625,27 @@ }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scheme": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1168,77 +653,37 @@ "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1250,21 +695,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -1276,97 +711,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -1377,48 +762,23 @@ "properties": { "atomic": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "field": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "index": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -1427,50 +787,25 @@ }, "framework": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "group": { "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1498,32 +833,17 @@ }, "confidence": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1534,62 +854,32 @@ }, "attributes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "code_signature": { "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -1610,59 +900,29 @@ }, "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "directory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "drive_letter": { "ignore_above": 1, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "elf": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -1674,69 +934,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1753,42 +978,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -1803,177 +1008,87 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "gid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "inode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mtime": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "owner": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "fields": { @@ -1988,66 +1103,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2065,97 +1145,47 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2167,21 +1197,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -2193,97 +1213,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -2296,96 +1266,46 @@ "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2399,12 +1319,7 @@ "properties": { "tlp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2416,21 +1331,11 @@ }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registry": { "properties": { @@ -2438,62 +1343,32 @@ "properties": { "bytes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "strings": { "type": "wildcard" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hive": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2505,41 +1380,21 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "url": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fragment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full": { "fields": { @@ -2559,12 +1414,7 @@ }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "type": "wildcard" @@ -2574,57 +1424,27 @@ }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scheme": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2632,77 +1452,37 @@ "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2714,21 +1494,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -2740,97 +1510,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -2840,57 +1560,27 @@ "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "platforms": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2898,30 +1588,15 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2929,12 +1604,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -2947,23 +1617,13 @@ }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subtechnique": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -2976,12 +1636,7 @@ }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -2992,4 +1647,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/tls.json b/salt/elasticsearch/templates/component/ecs/tls.json index 23d31be30..413f217ad 100644 --- a/salt/elasticsearch/templates/component/ecs/tls.json +++ b/salt/elasticsearch/templates/component/ecs/tls.json @@ -10,81 +10,41 @@ "properties": { "cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client": { "properties": { "certificate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "certificate_chain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "issuer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ja3": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "not_after": { "type": "date" @@ -94,106 +54,51 @@ }, "server_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "supported_ciphers": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -205,21 +110,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -231,97 +126,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -329,24 +174,14 @@ }, "curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "established": { "type": "boolean" }, "next_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resumed": { "type": "boolean" @@ -355,70 +190,35 @@ "properties": { "certificate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "certificate_chain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "issuer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ja3s": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "not_after": { "type": "date" @@ -428,88 +228,43 @@ }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -521,21 +276,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -547,97 +292,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -645,25 +340,15 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/tracing.json b/salt/elasticsearch/templates/component/ecs/tracing.json index 2dce6b804..7db45e4a2 100644 --- a/salt/elasticsearch/templates/component/ecs/tracing.json +++ b/salt/elasticsearch/templates/component/ecs/tracing.json @@ -10,12 +10,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -23,12 +18,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -36,16 +26,11 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/url.json b/salt/elasticsearch/templates/component/ecs/url.json index 4bb114c31..efdaed1fb 100644 --- a/salt/elasticsearch/templates/component/ecs/url.json +++ b/salt/elasticsearch/templates/component/ecs/url.json @@ -10,30 +10,15 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fragment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full": { "fields": { @@ -53,12 +38,7 @@ }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "type": "wildcard" @@ -68,61 +48,31 @@ }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scheme": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/user.json b/salt/elasticsearch/templates/component/ecs/user.json index 6f3215c0b..1ad4bac67 100644 --- a/salt/elasticsearch/templates/component/ecs/user.json +++ b/salt/elasticsearch/templates/component/ecs/user.json @@ -12,21 +12,11 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -41,50 +31,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -97,43 +62,23 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "effective": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -148,50 +93,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -204,23 +124,13 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -235,50 +145,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -291,32 +176,17 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "target": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full_name": { "fields": { @@ -331,50 +201,25 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -387,12 +232,7 @@ }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -401,4 +241,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/user_agent.json b/salt/elasticsearch/templates/component/ecs/user_agent.json index 26885d0a9..9a0517e6d 100644 --- a/salt/elasticsearch/templates/component/ecs/user_agent.json +++ b/salt/elasticsearch/templates/component/ecs/user_agent.json @@ -12,23 +12,13 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "original": { "fields": { @@ -43,12 +33,7 @@ "properties": { "family": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "full": { "fields": { @@ -61,12 +46,7 @@ }, "kernel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "fields": { @@ -79,45 +59,25 @@ }, "platform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/vulnerability.json b/salt/elasticsearch/templates/component/ecs/vulnerability.json index b10870f84..d7d8db4d6 100644 --- a/salt/elasticsearch/templates/component/ecs/vulnerability.json +++ b/salt/elasticsearch/templates/component/ecs/vulnerability.json @@ -10,21 +10,11 @@ "properties": { "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "description": { "fields": { @@ -37,50 +27,25 @@ }, "enumeration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "report_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "scanner": { "properties": { "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -97,27 +62,17 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/winlog.json b/salt/elasticsearch/templates/component/ecs/winlog.json index 6802a2176..a724eefb1 100644 --- a/salt/elasticsearch/templates/component/ecs/winlog.json +++ b/salt/elasticsearch/templates/component/ecs/winlog.json @@ -9,12 +9,7 @@ { "winlog.event_data": { "mapping": { - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "match_mapping_type": "string", "path_match": "winlog.event_data.*" @@ -23,12 +18,7 @@ { "winlog.user_data": { "mapping": { - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "match_mapping_type": "string", "path_match": "winlog.user_data.*" @@ -40,1060 +30,475 @@ "properties": { "activity_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "api": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "channel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "computer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "event_data": { "properties": { "AuthenticationPackageName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Binary": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "BitlockerUserInputTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "BootMode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "BootType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "BuildVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "CorruptionActionState": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "CreationUtcTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Detail": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DeviceName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DeviceNameLength": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DeviceTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DeviceVersionMajor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DeviceVersionMinor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DriveName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DriverName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DriverNameLength": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "DwordVal": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "EntryCount": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ExtraInfo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "FailureName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "FailureNameLength": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "FileVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "FinalStatus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "IdleImplementation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "IdleStateCount": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ImpersonationLevel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "IntegrityLevel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "IpAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "IpPort": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "KeyLength": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LastBootGood": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LastShutdownGood": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LmPackageName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LogonGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LogonId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LogonProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "LogonType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MajorVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MaximumPerformancePercent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MemberName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MemberSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MinimumPerformancePercent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MinimumThrottlePercent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "MinorVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "NewProcessId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "NewProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "NewSchemeGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "NewTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "NominalFrequency": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "OldSchemeGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "OldTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "OriginalFileName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "PerformanceImplementation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "PreviousCreationUtcTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "PreviousTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "PrivilegeList": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ProcessId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ProcessPath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ProcessPid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "PuaCount": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "PuaPolicyId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "QfeVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SchemaVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ScriptBlockText": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ServiceName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ServiceVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ShutdownActionType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ShutdownEventCode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ShutdownReason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SignatureStatus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Signed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "StartTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "State": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "StopTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SubjectDomainName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SubjectLogonId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SubjectUserName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "SubjectUserSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TSId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetDomainName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetInfo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetLogonGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetLogonId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetServerName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetUserName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TargetUserSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TerminalSessionId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TokenElevationType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "TransmittedServices": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "UserSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "Workstation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "param1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "param2": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "param3": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "param4": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "param5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "param6": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "param7": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "param8": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "event_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "keywords": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "logon": { "properties": { @@ -1101,61 +506,31 @@ "properties": { "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sub_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "opcode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "process": { "properties": { @@ -1173,48 +548,23 @@ }, "provider_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "provider_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "record_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "related_activity_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "task": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "time_created": { "type": "date" @@ -1223,39 +573,19 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identifier": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, diff --git a/salt/elasticsearch/templates/component/ecs/zeek.json b/salt/elasticsearch/templates/component/ecs/zeek.json index d9dd7aa32..720199001 100644 --- a/salt/elasticsearch/templates/component/ecs/zeek.json +++ b/salt/elasticsearch/templates/component/ecs/zeek.json @@ -18,12 +18,7 @@ }, "peer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "percent_lost": { "type": "double" @@ -37,12 +32,7 @@ "properties": { "history": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp": { "properties": { @@ -68,21 +58,11 @@ }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "vlan": { "type": "long" @@ -93,30 +73,15 @@ "properties": { "endpoint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "named_pipe": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "operation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rtt": { "type": "long" @@ -135,12 +100,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "requested": { "type": "ip" @@ -152,62 +112,32 @@ }, "client_fqdn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "duration": { "type": "double" }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "id": { "properties": { "circuit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "remote_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subscriber": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -218,33 +148,18 @@ "properties": { "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "origin": { "type": "ip" }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -252,21 +167,11 @@ "properties": { "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -278,21 +183,11 @@ "properties": { "reply": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -320,57 +215,32 @@ }, "answers": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "qclass": { "type": "long" }, "qclass_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "qtype": { "type": "long" }, "qtype_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rcode": { "type": "long" }, "rcode_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rejected": { "type": "boolean" @@ -392,12 +262,7 @@ }, "trans_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -405,30 +270,15 @@ "properties": { "analyzer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "failure_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "packet_segment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -436,12 +286,7 @@ "properties": { "analyzers": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "depth": { "type": "long" @@ -454,12 +299,7 @@ }, "extracted": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "extracted_cutoff": { "type": "boolean" @@ -469,21 +309,11 @@ }, "filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "is_orig": { "type": "boolean" @@ -493,21 +323,11 @@ }, "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "missing_bytes": { "type": "long" @@ -517,12 +337,7 @@ }, "parent_fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rx_host": { "type": "ip" @@ -532,39 +347,19 @@ }, "session_ids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "timedout": { "type": "boolean" @@ -581,12 +376,7 @@ "properties": { "arg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "capture_password": { "type": "boolean" @@ -595,21 +385,11 @@ "properties": { "arg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cmd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "seq": { "type": "long" @@ -618,21 +398,11 @@ }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cwd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "data_channel": { "properties": { @@ -654,21 +424,11 @@ "properties": { "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "size": { "type": "long" @@ -677,24 +437,14 @@ }, "last_auth_requested": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "passive": { "type": "boolean" }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "pending_commands": { "type": "long" @@ -706,23 +456,13 @@ }, "msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -733,132 +473,67 @@ }, "client_header_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "info_code": { "type": "long" }, "info_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "orig_filenames": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "orig_fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "orig_mime_depth": { "type": "long" }, "orig_mime_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "proxied": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "range_request": { "type": "boolean" }, "resp_filenames": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resp_fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resp_mime_depth": { "type": "long" }, "resp_mime_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "server_header_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "trans_depth": { "type": "long" @@ -869,127 +544,62 @@ "properties": { "file_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file_mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "matched": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "seen": { "properties": { "conn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "f": { "type": "object" }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "indicator": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "indicator_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "node": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "where": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "sources": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -997,21 +607,11 @@ "properties": { "addl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dcc": { "properties": { @@ -1019,12 +619,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "size": { "type": "long" @@ -1033,50 +628,25 @@ }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "nick": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1088,30 +658,15 @@ "properties": { "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1119,30 +674,15 @@ "properties": { "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -1150,21 +690,11 @@ }, "cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "error": { "properties": { @@ -1173,12 +703,7 @@ }, "msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1190,21 +715,11 @@ }, "request_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "success": { "type": "boolean" @@ -1213,21 +728,11 @@ "properties": { "auth": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "new": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1250,21 +755,11 @@ "properties": { "exception": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "function": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "track_address": { "type": "long" @@ -1275,30 +770,15 @@ "properties": { "arg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cmd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "response": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "rows": { "type": "long" @@ -1312,21 +792,11 @@ "properties": { "actions": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "connection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "dropped": { "type": "boolean" @@ -1337,12 +807,7 @@ }, "email_delay_tokens": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "false": { "type": "long" @@ -1358,24 +823,14 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "is_orig": { "type": "boolean" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "missing_bytes": { "type": "long" @@ -1385,71 +840,36 @@ }, "parent_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "seen_bytes": { "type": "long" }, "source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "icmp_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identifier": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "note": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "peer_descr": { "norms": false, @@ -1457,21 +877,11 @@ }, "peer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sub": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "suppress_for": { "type": "double" @@ -1482,21 +892,11 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "server": { "properties": { @@ -1504,30 +904,15 @@ "properties": { "dns": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "netbios": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tree": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -1538,12 +923,7 @@ }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1569,12 +949,7 @@ }, "ref_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ref_time": { "type": "date" @@ -1600,43 +975,23 @@ "properties": { "file_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "hash": { "properties": { "algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -1646,12 +1001,7 @@ "properties": { "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "time": { "type": "date" @@ -1660,21 +1010,11 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "update": { "properties": { @@ -1692,12 +1032,7 @@ "properties": { "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "compile_time": { "type": "date" @@ -1716,12 +1051,7 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "is_64bit": { "type": "boolean" @@ -1731,39 +1061,19 @@ }, "machine": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "section_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subsystem": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uses_aslr": { "type": "boolean" @@ -1783,12 +1093,7 @@ "properties": { "connect_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "framed_addr": { "type": "ip" @@ -1798,45 +1103,25 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "remote_ip": { "type": "ip" }, "reply_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ttl": { "type": "long" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1852,12 +1137,7 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -1865,52 +1145,27 @@ "properties": { "build": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "product_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "cookie": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "desktop": { "properties": { "color_depth": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "height": { "type": "long" @@ -1927,50 +1182,25 @@ "properties": { "level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "keyboard_layout": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "security_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ssl": { "type": "boolean" @@ -1983,12 +1213,7 @@ "properties": { "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "success": { "type": "boolean" @@ -1997,12 +1222,7 @@ }, "desktop_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "height": { "type": "long" @@ -2016,21 +1236,11 @@ "properties": { "major": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "minor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2038,21 +1248,11 @@ "properties": { "major": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "minor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -2065,56 +1265,31 @@ }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature": { "properties": { "event_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "host_count": { "type": "long" }, "note": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sig_count": { "type": "long" }, "sig_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sub_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2122,39 +1297,19 @@ "properties": { "call_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "date": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reply_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request": { "properties": { @@ -2163,30 +1318,15 @@ }, "from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2197,30 +1337,15 @@ }, "from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2228,21 +1353,11 @@ "properties": { "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2253,53 +1368,28 @@ }, "msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "transaction_depth": { "type": "long" }, "uri": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "warning": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2307,32 +1397,17 @@ "properties": { "argument": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "file": { "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "host": { "properties": { @@ -2346,21 +1421,11 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2369,69 +1434,34 @@ }, "smb1_offered_dialects": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "smb2_offered_dialects": { "type": "long" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "sub_command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tree": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tree_service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2439,42 +1469,22 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fid": { "type": "long" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "previous_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "size": { "type": "long" @@ -2497,12 +1507,7 @@ }, "uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2510,39 +1515,19 @@ "properties": { "native_file_system": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "share_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2550,93 +1535,48 @@ "properties": { "cc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "date": { "type": "date" }, "first_received": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "has_client_activity": { "type": "boolean" }, "helo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "in_reply_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "is_webmail": { "type": "boolean" }, "last_reply": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mail_from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "msg_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "path": { "type": "ip" @@ -2646,72 +1586,37 @@ }, "rcpt_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reply_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "second_received": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "tls": { "type": "boolean" }, "to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "transaction_depth": { "type": "long" }, "user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "x_originating_ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2719,21 +1624,11 @@ "properties": { "community": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "display_string": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "duration": { "type": "double" @@ -2763,12 +1658,7 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2778,12 +1668,7 @@ "properties": { "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "port": { "type": "long" @@ -2795,23 +1680,13 @@ }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "request": { "properties": { "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "port": { "type": "long" @@ -2820,21 +1695,11 @@ }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "type": "long" @@ -2847,48 +1712,23 @@ "properties": { "cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "compression": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "host_key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "key_exchange": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -2904,39 +1744,19 @@ }, "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "host_key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "version": { "type": "long" @@ -2947,88 +1767,43 @@ "properties": { "cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "client": { "properties": { "cert_chain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cert_chain_fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -3036,57 +1811,27 @@ "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -3094,33 +1839,18 @@ }, "curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "established": { "type": "boolean" }, "last_alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "next_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "resumed": { "type": "boolean" @@ -3129,144 +1859,69 @@ "properties": { "cert_chain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "cert_chain_fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } @@ -3276,32 +1931,17 @@ "properties": { "code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -3396,12 +2036,7 @@ }, "peer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "reassembly_size": { "properties": { @@ -3438,30 +2073,15 @@ "properties": { "facility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -3469,21 +2089,11 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -3491,42 +2101,22 @@ "properties": { "additional_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "identifier": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "notice": { "type": "boolean" }, "peer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -3546,86 +2136,41 @@ "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "exponent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -3633,100 +2178,50 @@ "properties": { "algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "length": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, "serial": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } }, @@ -3747,12 +2242,7 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "log_cert": { "type": "boolean" @@ -3761,21 +2251,11 @@ "properties": { "dns": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" }, "ip": { "type": "ip" @@ -3785,12 +2265,7 @@ }, "uri": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "match_only_text" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/so/common-dynamic-mappings.json b/salt/elasticsearch/templates/component/so/common-dynamic-mappings.json index 2b9e4978a..7ae4ae86c 100644 --- a/salt/elasticsearch/templates/component/so/common-dynamic-mappings.json +++ b/salt/elasticsearch/templates/component/so/common-dynamic-mappings.json @@ -1,55 +1,56 @@ { - "template": { - "mappings": { - "dynamic_templates": [ - { - "ip_address": { - "path_match": "*.ip", - "mapping": { - "type": "ip", - "fields": { - "keyword": { - "ignore_above": 45, - "type": "keyword" + "template": { + "mappings": { + "dynamic_templates": [ + { + "ip_address": { + "path_match": "*.ip", + "mapping": { + "type": "ip", + "fields": { + "keyword": { + "ignore_above": 45, + "type": "keyword" + } + } + }, + "match_mapping_type": "string" + } + }, + { + "port": { + "path_match": "*.port", + "path_unmatch": "*.data.port", + "mapping": { + "type": "integer", + "fields": { + "keyword": { + "ignore_above": 6, + "type": "keyword" + } + } + } + } + }, + { + "strings": { + "mapping": { + "type": "text", + "fields": { + "security": { + "analyzer": "es_security_analyzer", + "type": "text" + }, + "keyword": { + "ignore_above": 32765, + "type": "keyword" + } + } + }, + "match_mapping_type": "string" } } - }, - "match_mapping_type": "string" - } - }, - { - "port": { - "path_match": "*.port", - "path_unmatch": "*.data.port", - "mapping": { - "type": "integer", - "fields": { - "keyword": { - "ignore_above": 6, - "type": "keyword" - } - } - } - } - }, - { - "strings": { - "mapping": { - "type": "text", - "fields": { - "text": { - "type": "match_only_text" - }, - "keyword": { - "ignore_above": 32765, - "type": "keyword" - } - } - }, - "match_mapping_type": "string" + ] } } - ] - } - } }