Merge pull request #12909 from Security-Onion-Solutions/fix/detection_mappings

Update mappings for detection fields
2026-01-31 12:23:55 +01:00 · 2024-05-01 16:15:40 -04:00
parent 72b2503b49 3285ae9366
commit 956ae7a7ae
1 changed files with 19 additions and 4 deletions
--- a/salt/elasticsearch/templates/component/so/detection-mappings.json
+++ b/salt/elasticsearch/templates/component/so/detection-mappings.json
@@ -20,10 +20,12 @@
        "so_detection": {
          "properties": {
            "publicId": {
-              "type": "text"
+              "ignore_above": 1024,
+	      "type": "keyword"
            },
            "title": {
-              "type": "text"
+	      "ignore_above": 1024,
+              "type": "keyword"
            },
            "severity": {
              "ignore_above": 1024,
@@ -36,6 +38,18 @@
            "description": {
              "type": "text"
            },
+	    "category": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+	    "product": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
+	    "service": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
            "content": {
              "type": "text"
            },
@@ -49,7 +63,8 @@
              "type": "boolean"
            },
            "tags": {
-              "type": "text"
+              "ignore_above": 1024,
+	      "type": "keyword"
            },
            "ruleset": {
              "ignore_above": 1024,
@@ -136,4 +151,4 @@
  "_meta": {
    "ecs_version": "1.12.2"
  }
-}
+}