diff --git a/salt/elasticsearch/templates/component/ecs/agent.json b/salt/elasticsearch/templates/component/ecs/agent.json index 4ee85974b..4c7f8738e 100644 --- a/salt/elasticsearch/templates/component/ecs/agent.json +++ b/salt/elasticsearch/templates/component/ecs/agent.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "agent": { @@ -52,69 +12,33 @@ "properties": { "original": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "ephemeral_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/aws.json b/salt/elasticsearch/templates/component/ecs/aws.json index b9c9a5ffb..295ad761c 100644 --- a/salt/elasticsearch/templates/component/ecs/aws.json +++ b/salt/elasticsearch/templates/component/ecs/aws.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "aws": { @@ -51,24 +11,12 @@ "cloudtrail": { "properties": { "additional_eventdata": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "api_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "console_login": { "properties": { @@ -76,13 +24,7 @@ "properties": { "login_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mfa_used": { "type": "boolean" @@ -110,63 +52,27 @@ }, "previous_hash_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "previous_s3_bucket": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_fingerprint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "s3_bucket": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "s3_object": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "start_time": { "type": "date" @@ -175,53 +81,23 @@ }, "error_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "error_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "flattened": { "properties": { @@ -244,51 +120,21 @@ }, "management_event": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "read_only": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "recipient_account_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request_parameters": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -296,97 +142,43 @@ "properties": { "account_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "response_elements": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "service_event_details": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "shared_event_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_identity": { "properties": { "access_key_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "invoked_by": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_context": { "properties": { @@ -395,55 +187,25 @@ }, "mfa_authenticated": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_issuer": { "properties": { "account_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "principal_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -451,25 +213,13 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "vpc_endpoint_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -477,13 +227,7 @@ "properties": { "message": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" } } }, @@ -491,13 +235,7 @@ "properties": { "ip_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -505,13 +243,7 @@ "properties": { "action_executed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "backend": { "properties": { @@ -521,13 +253,7 @@ "properties": { "status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -535,23 +261,11 @@ }, "ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "port": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -566,45 +280,21 @@ "properties": { "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "serial": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "classification_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connection_time": { "properties": { @@ -617,75 +307,33 @@ "properties": { "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "incoming_tls_alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "listener": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "matched_rule_priority": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "redirect_url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request_processing_time": { "properties": { @@ -703,57 +351,27 @@ }, "ssl_cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssl_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target_group": { "properties": { "arn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "target_port": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target_status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tls_handshake_time": { "properties": { @@ -764,33 +382,15 @@ }, "tls_named_group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "trace_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -798,165 +398,75 @@ "properties": { "authentication_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "bucket": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "bucket_owner": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "bytes_sent": { "type": "long" }, "cipher_suite": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "error_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "host_header": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "host_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_status": { "type": "long" }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "object_size": { "type": "long" }, "operation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "referrer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "remote_ip": { "type": "ip" }, "request_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request_uri": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "requester": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tls_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "total_time": { "type": "long" @@ -966,23 +476,11 @@ }, "user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -990,53 +488,23 @@ "properties": { "account_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "instance_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "interface_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "log_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "pkt_dstaddr": { "type": "ip" @@ -1046,63 +514,27 @@ }, "subnet_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tcp_flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tcp_flags_array": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vpc_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1111,4 +543,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/azure.json b/salt/elasticsearch/templates/component/ecs/azure.json index 09259598b..fc1f570fa 100644 --- a/salt/elasticsearch/templates/component/ecs/azure.json +++ b/salt/elasticsearch/templates/component/ecs/azure.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "azure": { @@ -52,23 +12,11 @@ "properties": { "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identity": { "properties": { @@ -76,87 +24,39 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "evidence": { "properties": { "principal_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "principal_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "role_assignment_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "role_assignment_scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "role_definition_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -171,53 +71,23 @@ "properties": { "fullname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "givenname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "schema": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "surname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -225,36 +95,18 @@ }, "operation_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "properties": { "type": "flattened" }, "result_signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -262,43 +114,19 @@ "properties": { "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "properties": { "properties": { @@ -307,43 +135,19 @@ }, "activity_display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "correlation_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "initiated_by": { "properties": { @@ -351,43 +155,19 @@ "properties": { "appId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "displayName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "servicePrincipalId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "servicePrincipalName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -395,43 +175,19 @@ "properties": { "displayName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ipAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "userPrincipalName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -439,43 +195,19 @@ }, "logged_by_service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target_resources": { "properties": { @@ -483,33 +215,15 @@ "properties": { "display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ip_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "modified_properties": { "properties": { @@ -517,33 +231,15 @@ "properties": { "display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -551,23 +247,11 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_principal_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -577,58 +261,28 @@ }, "result_signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "consumer_group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "correlation_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "enqueued_time": { "type": "date" }, "eventhub": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "offset": { "type": "long" @@ -640,136 +294,58 @@ "properties": { "ActivityId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Caller": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Cloud": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Environment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "EventTimeString": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ScaleUnit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ccpNamespace": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "properties": { "type": "flattened" }, "result_signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -777,63 +353,27 @@ "properties": { "authorization_rule": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "namespace": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -844,186 +384,84 @@ "properties": { "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "properties": { "properties": { "app_display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authentication_processing_details": { "type": "flattened" }, "authentication_requirement": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authentication_requirement_policies": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "autonomous_system_number": { "type": "long" }, "client_app_used": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "conditional_access_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "correlation_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "created_at": { "type": "date" }, "cross_tenant_access_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "device_detail": { "properties": { "browser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "device_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operating_system": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "trust_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1032,23 +470,11 @@ }, "home_tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "is_interactive": { "type": "boolean" @@ -1058,136 +484,58 @@ }, "original_request_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "processing_time_ms": { "type": "float" }, "resource_display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resource_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resource_tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "risk_detail": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "risk_event_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "risk_event_types_v2": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "risk_level_aggregated": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "risk_level_during_signin": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "risk_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "service_principal_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "service_principal_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sso_extension_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "properties": { @@ -1198,131 +546,59 @@ }, "token_issuer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "token_issuer_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_principal_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "result_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result_signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "subscription_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/base.json b/salt/elasticsearch/templates/component/ecs/base.json index a56e6090a..f409ed95a 100644 --- a/salt/elasticsearch/templates/component/ecs/base.json +++ b/salt/elasticsearch/templates/component/ecs/base.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "@timestamp": { @@ -57,15 +17,9 @@ }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/cef.json b/salt/elasticsearch/templates/component/ecs/cef.json index 5481ecb41..e9a2ba650 100644 --- a/salt/elasticsearch/templates/component/ecs/cef.json +++ b/salt/elasticsearch/templates/component/ecs/cef.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "cef": { @@ -52,43 +12,19 @@ "properties": { "event_class_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -96,152 +32,68 @@ "properties": { "Reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentAddress": { "type": "ip" }, "agentDnsDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentHostName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentMacAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentNtDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentReceiptTime": { "type": "date" }, "agentTimeZone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentTranslatedAddress": { "type": "ip" }, "agentTranslatedZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentTranslatedZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agentZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "applicationProtocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "baseEventCount": { "type": "long" @@ -254,126 +106,54 @@ }, "categoryBehavior": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "categoryDeviceGroup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "categoryDeviceType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "categoryObject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "categoryOutcome": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "categorySignificance": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "categoryTechnique": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cp_app_risk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cp_severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "customerExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "customerURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationAddress": { "type": "ip" }, "destinationDnsDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationGeoLatitude": { "type": "double" @@ -383,33 +163,15 @@ }, "destinationHostName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationMacAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationNtDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationPort": { "type": "long" @@ -419,23 +181,11 @@ }, "destinationProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationServiceName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationTranslatedAddress": { "type": "ip" @@ -445,83 +195,35 @@ }, "destinationTranslatedZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationTranslatedZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationUserName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationUserPrivileges": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destinationZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceAction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceAddress": { "type": "ip" @@ -531,487 +233,229 @@ }, "deviceCustomDate1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomDate2": { "type": "date" }, "deviceCustomDate2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomFloatingPoint1": { "type": "double" }, "deviceCustomFloatingPoint1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomFloatingPoint2": { "type": "double" }, "deviceCustomFloatingPoint2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomFloatingPoint3": { "type": "double" }, "deviceCustomFloatingPoint3Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomFloatingPoint4": { "type": "double" }, "deviceCustomFloatingPoint4Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomIPv6Address1": { "type": "ip" }, "deviceCustomIPv6Address1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomIPv6Address2": { "type": "ip" }, "deviceCustomIPv6Address2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomIPv6Address3": { "type": "ip" }, "deviceCustomIPv6Address3Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomIPv6Address4": { "type": "ip" }, "deviceCustomIPv6Address4Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomNumber1": { "type": "long" }, "deviceCustomNumber1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomNumber2": { "type": "long" }, "deviceCustomNumber2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomNumber3": { "type": "long" }, "deviceCustomNumber3Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString2": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString3": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString3Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString4": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString4Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString5Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString6": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceCustomString6Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceDirection": { "type": "long" }, "deviceDnsDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceEventCategory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceExternalId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceFacility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceFlexNumber1": { "type": "long" }, "deviceFlexNumber1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceFlexNumber2": { "type": "long" }, "deviceFlexNumber2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceHostName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceInboundInterface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceMacAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceNtDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceOutboundInterface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "devicePayloadId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceProcessId": { "type": "long" }, "deviceProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceReceiptTime": { "type": "date" }, "deviceTimeZone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceTranslatedAddress": { "type": "ip" }, "deviceTranslatedZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceTranslatedZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "endTime": { "type": "date" @@ -1021,480 +465,210 @@ }, "eventOutcome": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "externalId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fileCreateTime": { "type": "date" }, "fileHash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fileId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fileModificationTime": { "type": "date" }, "filePath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filePermission": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fileSize": { "type": "long" }, "fileType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "flexDate1": { "type": "date" }, "flexDate1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "flexString1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "flexString1Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "flexString2": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "flexString2Label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ifname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "inzone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "layer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "layer_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "logid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "loguid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "managerReceiptTime": { "type": "date" }, "match_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat_addtnl_rulenum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat_rulenum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldFileCreateTime": { "type": "date" }, "oldFileHash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldFileId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldFileModificationTime": { "type": "date" }, "oldFileName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldFilePath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldFilePermission": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldFileSize": { "type": "long" }, "oldFileType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "origin": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "originsicname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "outzone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "parent_rule": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rawEvent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "requestClientApplication": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "requestContext": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "requestCookies": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "requestMethod": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "requestUrl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rule_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rule_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sequencenum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "service_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceAddress": { "type": "ip" }, "sourceDnsDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceGeoLatitude": { "type": "double" @@ -1504,33 +678,15 @@ }, "sourceHostName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceMacAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceNtDomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourcePort": { "type": "long" @@ -1540,23 +696,11 @@ }, "sourceProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceServiceName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceTranslatedAddress": { "type": "ip" @@ -1566,135 +710,63 @@ }, "sourceTranslatedZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceTranslatedZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceUserName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceUserPrivileges": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceZoneExternalID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceZoneURI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "startTime": { "type": "date" }, "transportProtocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "type": "long" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/checkpoint.json b/salt/elasticsearch/templates/component/ecs/checkpoint.json index 0fda74ee3..26b80f727 100644 --- a/salt/elasticsearch/templates/component/ecs/checkpoint.json +++ b/salt/elasticsearch/templates/component/ecs/checkpoint.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "checkpoint": { @@ -53,636 +13,276 @@ }, "action_reason_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "additional_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "additional_ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "additional_rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "allocated_ports": { "type": "long" }, "analyzed_on": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "answer_rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "anti_virus_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_id": { "type": "long" }, "app_package": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_properties": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_repackaged": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_risk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_sid_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_sig_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "appi_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "arrival_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attachments_num": { "type": "long" }, "attack_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "audit_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "auth_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authority_rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authorization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "bcc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "blade_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "broker_publisher": { "type": "ip" }, "browse_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "c_bytes": { "type": "long" }, "calc_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "capacity": { "type": "long" }, "capture_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "certificate_resource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "certificate_validation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cgnet": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "chunk_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_type_os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cluster_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "community": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "confidence_level": { "type": "long" }, "connection_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connectivity_level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connectivity_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "conns_amount": { "type": "long" }, "content_disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "content_length": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "content_risk": { "type": "long" }, "content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "context_num": { "type": "long" }, "cookie": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cookieI": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cookieR": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cp_message": { "type": "long" }, "cvpn_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cvpn_resource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "data_type_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dce-rpc_interface_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "delivery_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destination_object": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "detected_on": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "developer_certificate_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "diameter_app_ID": { "type": "long" @@ -692,126 +292,54 @@ }, "diameter_msg_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_action_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_additional_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_categories": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_data_type_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_data_type_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_fingerprint_files_number": { "type": "long" }, "dlp_fingerprint_long_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_fingerprint_short_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_incident_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_recipients": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_related_incident_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_relevant_data_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_repository_directories_number": { "type": "long" @@ -821,13 +349,7 @@ }, "dlp_repository_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_repository_not_scanned_directories_percentage": { "type": "long" @@ -837,13 +359,7 @@ }, "dlp_repository_root_path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_repository_scan_progress": { "type": "long" @@ -868,133 +384,55 @@ }, "dlp_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_template_score": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_transint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_violation_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_watermark_profile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dlp_word_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dns_query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "drop_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dropped_file_hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dropped_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dropped_file_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dropped_file_verdict": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dropped_incoming": { "type": "long" @@ -1010,492 +448,204 @@ }, "dst_country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_phone_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstkeyid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "duplicate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "duration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "elapsed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_content": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_control": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_control_analysis": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_headers": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_queue_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_queue_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_recipients_num": { "type": "long" }, "email_session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_spam_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_spool_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email_subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "emulated_on": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "encryption_failure": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "end_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "end_user_firewall_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "esod_access_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "esod_associated_policies": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "esod_noncompliance_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "esod_rule_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "esod_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "esod_rule_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "esod_scan_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_count": { "type": "long" }, "expire_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extension_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extracted_file_hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extracted_file_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extracted_file_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extracted_file_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extracted_file_verdict": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "failure_impact": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "failure_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "files_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "first_hit_time": { "type": "long" }, "frequency": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fs-proto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ftp_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fw_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fw_subproduct": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hide_ip": { "type": "ip" @@ -1505,119 +655,53 @@ }, "host_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_location": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "https_inspection_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "https_inspection_rule_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "https_inspection_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "https_validation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icap_more_info": { "type": "long" }, "icap_server_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icap_server_service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icap_service_id": { "type": "long" }, "icmp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp_code": { "type": "long" @@ -1630,163 +714,67 @@ }, "identity_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ike": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ike_ids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "impacted_files": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incident_extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "indicator_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "indicator_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "indicator_reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "indicator_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "information": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "inspection_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "inspection_item": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "inspection_profile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "inspection_settings_log": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "installed_products": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "int_end": { "type": "long" @@ -1796,33 +784,15 @@ }, "integrity_av_invoke_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "interface_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "internal_error": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "invalid_file_size": { "type": "long" @@ -1832,46 +802,22 @@ }, "isp_link": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_hit_time": { "type": "long" }, "last_rematch_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "layer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "layer_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "limit_applied": { "type": "long" @@ -1881,13 +827,7 @@ }, "link_probing_status_update": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "links_num": { "type": "long" @@ -1900,43 +840,19 @@ }, "logid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "long_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "machine": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "malware_family": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "match_fk": { "type": "long" @@ -1946,13 +862,7 @@ }, "matched_file": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "matched_file_percentage": { "type": "long" @@ -1962,259 +872,109 @@ }, "media_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message_size": { "type": "long" }, "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "methods": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mime_from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mime_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mirror_and_decrypt_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_collection": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_command_and_control": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_credential_access": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_defense_evasion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_discovery": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_execution": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_exfiltration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_impact": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_initial_access": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_lateral_movement": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_persistence": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_privilege_escalation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "monitor_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "msgid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat46": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat_addtnl_rulenum": { "type": "long" }, "nat_exhausted_pool": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat_rulenum": { "type": "long" @@ -2224,179 +984,77 @@ }, "next_hop_ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "next_scheduled_scan_date": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "number_of_errors": { "type": "long" }, "objecttable": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "objecttype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "observable_comment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "observable_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "observable_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "origin_sic_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original_queue_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "outgoing_url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "packet_amount": { "type": "long" }, "packet_capture_unique_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "parent_file_hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "parent_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "parent_file_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "parent_process_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "parent_rule": { "type": "long" @@ -2406,129 +1064,57 @@ }, "peer_ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "peer_ip_probing_status_update": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "performance_impact": { "type": "long" }, "policy_mgmt": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ports_usage": { "type": "long" }, "ppp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "precise_error": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "process_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "properties": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protection_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protection_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "proxy_machine_name": { "type": "long" @@ -2538,136 +1124,58 @@ }, "proxy_user_dn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "proxy_user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "question_rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "referrer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "referrer_parent_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "referrer_self_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registered_ip-phones": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reject_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reject_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rematch_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "remediated_files": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reply_status": { "type": "long" }, "risk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rpc_prog": { "type": "long" @@ -2677,26 +1185,14 @@ }, "rule_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rulebase_id": { "type": "long" }, "scan_direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scan_hosts_day": { "type": "long" @@ -2709,442 +1205,184 @@ }, "scan_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scan_mail": { "type": "long" }, "scan_result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scan_results": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scheme": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scrub_activity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scrub_download_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scrub_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scrub_total_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scrubbed_content": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sctp_association_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sctp_error": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scv_message_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scv_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "securexl_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sensor_mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "short_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sig_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "similar_communication": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "similar_hashes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "similar_strings": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "similiar_iocs": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sip_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "site_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_object": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "special_properties": { "type": "long" }, "specific_data_type_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "speed": { "type": "long" }, "spyware_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "spyware_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "spyware_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_phone_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_user_dn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srckeyid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status_update": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sub_policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sub_policy_uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subs_exp": { "type": "date" @@ -3154,149 +1392,65 @@ }, "summary": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "suppressed_logs": { "type": "long" }, "sync": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sys_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tcp_end_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tcp_flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tcp_packet_out_of_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tcp_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "te_verdict_determined_by": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "termination_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ticket_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tls_server_host_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_archive_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "total_attachments": { "type": "long" }, "triggered_by": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "trusted_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "unique_detected_day": { "type": "long" @@ -3309,259 +1463,109 @@ }, "update_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vendor_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "verdict": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "via": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virus_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_attach_action_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_attach_sz": { "type": "long" }, "voip_call_dir": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_call_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_call_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_call_term_time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_config": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_duration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_est_codec": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_exp": { "type": "long" }, "voip_from_user_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_log_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_media_codec": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_media_ipp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_media_port": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_reason_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_reg_int": { "type": "long" @@ -3577,77 +1581,35 @@ }, "voip_reg_user_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_reject_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "voip_to_user_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vpn_feature_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "watermark": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "web_server_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "word_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/cisco.json b/salt/elasticsearch/templates/component/ecs/cisco.json index b64427beb..0f3efa264 100644 --- a/salt/elasticsearch/templates/component/ecs/cisco.json +++ b/salt/elasticsearch/templates/component/ecs/cisco.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "cisco": { @@ -57,23 +17,11 @@ "properties": { "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "short_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -81,13 +29,7 @@ "properties": { "arguments": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -98,13 +40,7 @@ }, "connector_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "external_ip": { "type": "ip" @@ -116,67 +52,31 @@ }, "connector_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "detection": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "detection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "error": { "properties": { "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "error_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "event_type_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file": { "properties": { @@ -184,45 +84,21 @@ "properties": { "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identity": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -232,70 +108,34 @@ "properties": { "application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attacked_module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "base_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "indicators": { "type": "flattened" }, "suspicious_files": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "parent": { "properties": { "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -303,57 +143,27 @@ }, "group_guids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_tactics": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_techniques": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "network_info": { "properties": { "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nfm": { "properties": { "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -361,25 +171,13 @@ "properties": { "disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identify": { "properties": { "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -387,23 +185,11 @@ "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -415,23 +201,11 @@ "properties": { "cve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -442,13 +216,7 @@ }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "malicious_detections": { "type": "long" @@ -477,76 +245,34 @@ }, "incident_hunt_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incident_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incident_remediation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incident_report_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incident_start_time": { "type": "date" }, "incident_summary": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incident_title": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tactics": { "type": "flattened" @@ -573,135 +299,57 @@ "properties": { "avg_rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "configured_avg_rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "configured_rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cumulative_count": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "current_rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "object": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "command_line_arguments": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connection_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dap_records": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destination_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destination_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp_code": { "type": "short" @@ -711,13 +359,7 @@ }, "mapped_destination_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mapped_destination_ip": { "type": "ip" @@ -727,13 +369,7 @@ }, "mapped_source_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mapped_source_ip": { "type": "ip" @@ -743,149 +379,65 @@ }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "privilege": { "properties": { "new": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "old": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "suffix": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "termination_initiator": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "termination_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threat_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threat_level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tunnel_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "webvpn": { "properties": { "group_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -895,53 +447,23 @@ "properties": { "connection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connection_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dap_records": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destination_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destination_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp_code": { "type": "short" @@ -951,13 +473,7 @@ }, "mapped_destination_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mapped_destination_ip": { "type": "ip" @@ -967,13 +483,7 @@ }, "mapped_source_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mapped_source_ip": { "type": "ip" @@ -983,108 +493,48 @@ }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "security": { "type": "object" }, "source_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "suffix": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "termination_initiator": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "termination_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threat_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threat_level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "webvpn": { "properties": { "group_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1094,23 +544,11 @@ "properties": { "access_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "facility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1118,143 +556,59 @@ "properties": { "amp_disposition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "amp_malware_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "amp_score": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "av_detections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "blocked_categories": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "categories": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "datacenter": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identities": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identity_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "origin_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "policy_identity_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "puas": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha_sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1263,4 +617,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/client.json b/salt/elasticsearch/templates/component/ecs/client.json index 72f80f6ae..9e7a36260 100644 --- a/salt/elasticsearch/templates/component/ecs/client.json +++ b/salt/elasticsearch/templates/component/ecs/client.json @@ -4,59 +4,13 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "client": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "as": { "properties": { @@ -66,12 +20,6 @@ "organization": { "properties": { "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -84,118 +32,52 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -204,13 +86,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat": { "properties": { @@ -230,63 +106,27 @@ }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -294,75 +134,33 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -371,4 +169,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/cloud.json b/salt/elasticsearch/templates/component/ecs/cloud.json index cebdadfed..f41ab4a8f 100644 --- a/salt/elasticsearch/templates/component/ecs/cloud.json +++ b/salt/elasticsearch/templates/component/ecs/cloud.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "cloud": { @@ -52,57 +12,27 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "availability_zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "instance": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -110,13 +40,7 @@ "properties": { "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -124,57 +48,27 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "service": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -183,4 +77,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/container.json b/salt/elasticsearch/templates/component/ecs/container.json index 2541c11ad..bd5ce8113 100644 --- a/salt/elasticsearch/templates/component/ecs/container.json +++ b/salt/elasticsearch/templates/component/ecs/container.json @@ -4,81 +4,23 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "container": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "image": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -87,27 +29,15 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "runtime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/cyberark.json b/salt/elasticsearch/templates/component/ecs/cyberark.json index a1a109fcf..4254e0f20 100644 --- a/salt/elasticsearch/templates/component/ecs/cyberark.json +++ b/salt/elasticsearch/templates/component/ecs/cyberark.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "cyberarkpas": { @@ -52,565 +12,241 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ca_properties": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpm_disabled": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpm_error_details": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpm_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "creation_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "customer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "database": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "device_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dual_account_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "group_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "in_process": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "index": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_fail_date": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_success_change": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_success_reconciliation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_success_verification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_task": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "logon_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "other": { "type": "flattened" }, "policy_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "port": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "privcloud": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reset_immediately": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "retries_count": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sequence_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_dn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virtual_username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extra_details": { "properties": { "ad_process_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ad_process_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connection_component_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "logon_account": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "managed_account": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "other": { "type": "flattened" }, "process_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "process_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "psmid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_duration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "file": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "gateway_station": { "type": "ip" }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "iso_timestamp": { "type": "date" }, "issuer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "doc_values": false, "ignore_above": 4096, "index": false, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "pvwa_details": { "type": "flattened" @@ -619,99 +255,45 @@ "doc_values": false, "ignore_above": 4096, "index": false, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reason": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "rfc5424": { "type": "boolean" }, "safe": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "station": { "type": "ip" }, "target_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -720,4 +302,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/data_stream.json b/salt/elasticsearch/templates/component/ecs/data_stream.json index 3ee5c9e13..dfbfe3f51 100644 --- a/salt/elasticsearch/templates/component/ecs/data_stream.json +++ b/salt/elasticsearch/templates/component/ecs/data_stream.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "data_stream": { @@ -62,4 +22,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/destination.json b/salt/elasticsearch/templates/component/ecs/destination.json index 151ccc2cb..3555b25fc 100644 --- a/salt/elasticsearch/templates/component/ecs/destination.json +++ b/salt/elasticsearch/templates/component/ecs/destination.json @@ -4,59 +4,13 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "destination": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "as": { "properties": { @@ -66,12 +20,6 @@ "organization": { "properties": { "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -84,118 +32,52 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -204,13 +86,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat": { "properties": { @@ -230,63 +106,27 @@ }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -294,75 +134,33 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -371,4 +169,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/dll.json b/salt/elasticsearch/templates/component/ecs/dll.json index f4db40815..84667a6b9 100644 --- a/salt/elasticsearch/templates/component/ecs/dll.json +++ b/salt/elasticsearch/templates/component/ecs/dll.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "dll": { @@ -52,56 +12,26 @@ "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -118,147 +48,63 @@ "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "pe": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -267,4 +113,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/dns.json b/salt/elasticsearch/templates/component/ecs/dns.json index d3963d2dd..321a061f5 100644 --- a/salt/elasticsearch/templates/component/ecs/dns.json +++ b/salt/elasticsearch/templates/component/ecs/dns.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "dns": { @@ -52,141 +12,63 @@ "properties": { "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ttl": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "object" }, "header_flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "op_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "question": { "properties": { "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -195,27 +77,15 @@ }, "response_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/ecs.json b/salt/elasticsearch/templates/component/ecs/ecs.json index d7a5683b2..9abfcf61c 100644 --- a/salt/elasticsearch/templates/component/ecs/ecs.json +++ b/salt/elasticsearch/templates/component/ecs/ecs.json @@ -4,63 +4,17 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "ecs": { "properties": { "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/elasticsearch.json b/salt/elasticsearch/templates/component/ecs/elasticsearch.json index a56e6090a..f409ed95a 100644 --- a/salt/elasticsearch/templates/component/ecs/elasticsearch.json +++ b/salt/elasticsearch/templates/component/ecs/elasticsearch.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "@timestamp": { @@ -57,15 +17,9 @@ }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/error.json b/salt/elasticsearch/templates/component/ecs/error.json index 12a3c8587..c33f580ab 100644 --- a/salt/elasticsearch/templates/component/ecs/error.json +++ b/salt/elasticsearch/templates/component/ecs/error.json @@ -4,79 +4,23 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "error": { "properties": { "code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message": { "type": "match_only_text" }, "stack_trace": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -85,17 +29,11 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/event.json b/salt/elasticsearch/templates/component/ecs/event.json index b6932c390..0d43760a2 100644 --- a/salt/elasticsearch/templates/component/ecs/event.json +++ b/salt/elasticsearch/templates/component/ecs/event.json @@ -4,102 +4,32 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "event": { "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "agent_id_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "created": { "type": "date" }, "dataset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "duration": { "type": "long" @@ -109,97 +39,43 @@ }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ingested": { "type": "date" }, "kind": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original": { "doc_values": false, "index": false, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "outcome": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "risk_score": { "type": "float" @@ -218,37 +94,19 @@ }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/file.json b/salt/elasticsearch/templates/component/ecs/file.json index a328d8a08..3da5ee86a 100644 --- a/salt/elasticsearch/templates/component/ecs/file.json +++ b/salt/elasticsearch/templates/component/ecs/file.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "file": { @@ -53,68 +13,32 @@ }, "attributes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "code_signature": { "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -135,65 +59,29 @@ }, "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "directory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "drive_letter": { "ignore_above": 1, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "elf": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -205,76 +93,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -291,46 +137,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -345,203 +167,89 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "gid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "inode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mtime": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "owner": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -549,73 +257,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -623,118 +289,52 @@ "type": "long" }, "target_path": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -746,23 +346,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -774,107 +362,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -883,4 +411,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/fortinet.json b/salt/elasticsearch/templates/component/ecs/fortinet.json index 6762102c0..0fef31200 100644 --- a/salt/elasticsearch/templates/component/ecs/fortinet.json +++ b/salt/elasticsearch/templates/component/ecs/fortinet.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "fortinet": { @@ -54,13 +14,7 @@ "properties": { "crc32": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -70,235 +24,103 @@ "properties": { "acct_stat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "acktime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "act": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "activity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "addr": { "type": "ip" }, "addr_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "addrgrp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "adgroup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "admin": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "age": { "type": "long" }, "agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "alarmid": { "type": "long" }, "alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "analyticscksum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "analyticssubmit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ap": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app-type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "appact": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "appid": { "type": "long" }, "applist": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "apprisk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "apscan": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "apsn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "apstatus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "aptype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "assigned": { "type": "ip" @@ -308,43 +130,19 @@ }, "attachment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attack": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attackcontext": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attackcontextid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attackid": { "type": "long" @@ -354,245 +152,107 @@ }, "auditscore": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "audittime": { "type": "long" }, "authgrp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authproto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authserver": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "bandwidth": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "banned_rule": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "banned_src": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "banword": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "botnetdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "botnetip": { "type": "ip" }, "bssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "call_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "carrier_ep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cat": { "type": "long" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cdrcontent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "centralnatid": { "type": "long" }, "cert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cert-type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "certhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cfgattr": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cfgobj": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cfgpath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cfgtid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cfgtxpower": { "type": "long" @@ -602,169 +262,73 @@ }, "channeltype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "chassisid": { "type": "long" }, "checksum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "chgheaders": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cldobjid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_addr": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cloudaction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "clouduser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "column": { "type": "long" }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "community": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "configcountry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connection_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "conserve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "constraint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "contentdisarmed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "contenttype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cookies": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "count": { "type": "long" @@ -816,172 +380,76 @@ }, "crl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "crlevel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "crscore": { "type": "long" }, "cveid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "daemon": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "datarange": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "date": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ddnsserver": { "type": "ip" }, "desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "detectionmethod": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "devcategory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "devintfname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "devtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dhcp_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dintf": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "disk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "disklograte": { "type": "long" }, "dlpextra": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "docsource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "domainctrlauthstate": { "type": "long" @@ -991,324 +459,144 @@ }, "domainctrldomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "domainctrlip": { "type": "ip" }, "domainctrlname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "domainctrlprotocoltype": { "type": "long" }, "domainctrlusername": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "domainfilteridx": { "type": "long" }, "domainfilterlist": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ds": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_int": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstcountry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstdevcategory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstdevtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstfamily": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dsthwvendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dsthwversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstinetsvc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstintfrole": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstosname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstosversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstserver": { "type": "long" }, "dstssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstswversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstunauthusersource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstuuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "duid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "eapolcnt": { "type": "long" }, "eapoltype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "encrypt": { "type": "long" }, "encryption": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "epoch": { "type": "long" }, "espauth": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "esptransform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "eventtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exch": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exchange": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "expectedsignature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "expiry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fams_pause": { "type": "long" @@ -1318,175 +606,79 @@ }, "fctemssn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fctuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "field": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filefilter": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filehashsrc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filtercat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filteridx": { "type": "long" }, "filtername": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filtertype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fortiguardresp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "forwardedfor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fqdn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "frametype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "freediskstorage": { "type": "long" }, "from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "from_vcluster": { "type": "long" }, "fsaverdict": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fwserver_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "gateway": { "type": "ip" }, "green": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "groupid": { "type": "long" @@ -1496,119 +688,53 @@ }, "ha_group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ha_role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "handshake": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hbdn_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "highcount": { "type": "long" }, "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "iaid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmpcode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmpid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmptype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identifier": { "type": "long" }, "in_spi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incidentserialno": { "type": "long" @@ -1621,96 +747,42 @@ }, "informationsource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "init": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "initiator": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "intf": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "invalidmac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ip": { "type": "ip" }, "iptype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "keyword": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "kind": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "lanin": { "type": "long" @@ -1723,26 +795,14 @@ }, "license_limit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "limit": { "type": "long" }, "line": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "live": { "type": "long" @@ -1752,79 +812,37 @@ }, "log": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "login": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "lowcount": { "type": "long" }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "malform_data": { "type": "long" }, "malform_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "manuf": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "masterdstmac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mastersrcmac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mediumcount": { "type": "long" @@ -1834,149 +852,65 @@ }, "meshmode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mgmtcnt": { "type": "long" }, "mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "monitor-name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "monitor-type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mpsk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "msgproto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mtu": { "type": "long" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "netid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "new_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "newchannel": { "type": "long" @@ -1992,36 +926,18 @@ }, "nf_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "noise": { "type": "long" }, "old_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldchannel": { "type": "long" @@ -2034,172 +950,76 @@ }, "oldsn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldwprof": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "onwire": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "opercountry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "opertxpower": { "type": "long" }, "osname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "osversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "out_spi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "outintf": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "passedcount": { "type": "long" }, "passwd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "peer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "peer_notif": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "phase2_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "phone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "pid": { "type": "long" }, "policytype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "poolname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "port": { "type": "long" @@ -2212,115 +1032,55 @@ }, "probeproto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "process": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "processtime": { "type": "long" }, "profile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "profile_vd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "profilegroup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "profiletype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "qtypeval": { "type": "long" }, "quarskip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "quotaexceeded": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "quotamax": { "type": "long" }, "quotatype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "quotaused": { "type": "long" }, "radioband": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "radioid": { "type": "long" @@ -2333,182 +1093,80 @@ }, "rate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rawdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rawdataid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rcvddelta": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "received": { "type": "long" }, "receivedsignature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "red": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "referralurl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "remote": { "type": "ip" }, "remotewtptime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reporttype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reqtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rssi": { "type": "long" }, "rsso_key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ruledata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ruletype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scanned": { "type": "long" @@ -2518,103 +1176,43 @@ }, "scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "security": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sensitivity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sensor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sentdelta": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "seq": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "serial": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "serialno": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sessionid": { "type": "long" @@ -2624,13 +1222,7 @@ }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "shaperdroprcvdbyte": { "type": "long" @@ -2643,33 +1235,15 @@ }, "shaperperipname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "shaperrcvdname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "shapersentname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "shapingpolicyid": { "type": "long" @@ -2685,392 +1259,164 @@ }, "sn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "snclosest": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sndetected": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "snmeshparent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "spi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_int": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srccountry": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srcfamily": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srchwvendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srchwversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srcinetsvc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srcintfrole": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srcname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srcserver": { "type": "long" }, "srcssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srcswversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srcuuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sscname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sslaction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssllocal": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sslremote": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "stacount": { "type": "long" }, "stage": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "stamac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "stitch": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "submodule": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subservice": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "suspicious": { "type": "long" }, "switchproto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sync_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sync_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sysuptime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tamac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threattype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "time": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "to_vcluster": { "type": "long" @@ -3083,46 +1429,22 @@ }, "trace_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "trandisp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "transid": { "type": "long" }, "translationid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "trigger": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "trueclntip": { "type": "ip" @@ -3135,43 +1457,19 @@ }, "tunneltype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ui": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "unauthusersource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "unit": { "type": "long" @@ -3181,33 +1479,15 @@ }, "urlfilterlist": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "urlsource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "urltype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "used": { "type": "long" @@ -3217,43 +1497,19 @@ }, "utmaction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "utmref": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vap": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vapmode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vcluster": { "type": "long" @@ -3263,165 +1519,75 @@ }, "vcluster_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vdname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vendorurl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virusid": { "type": "long" }, "voip_proto": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vpn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vpntunnel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vpntype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vrf": { "type": "long" }, "vulncat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vulnid": { "type": "long" }, "vulnname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vwlid": { "type": "long" }, "vwlquality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vwlservice": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vwpvlanid": { "type": "long" @@ -3431,46 +1597,22 @@ }, "wanoptapptype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "wanout": { "type": "long" }, "weakwepiv": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "xauthgroup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "xauthuser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "xid": { "type": "long" @@ -3482,4 +1624,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/gcp.json b/salt/elasticsearch/templates/component/ecs/gcp.json index 444ab6f91..b996a8816 100644 --- a/salt/elasticsearch/templates/component/ecs/gcp.json +++ b/salt/elasticsearch/templates/component/ecs/gcp.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "gcp": { @@ -54,35 +14,17 @@ "properties": { "authority_selector": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "principal_email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "method_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "num_response_items": { "type": "long" @@ -91,43 +33,19 @@ "properties": { "filter": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "proto_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resource_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -138,13 +56,7 @@ }, "caller_supplied_user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -152,25 +64,13 @@ "properties": { "current_locations": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "resource_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "response": { "properties": { @@ -178,77 +78,35 @@ "properties": { "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "kind": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "proto_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "service_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "properties": { @@ -257,25 +115,13 @@ }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -285,33 +131,15 @@ "properties": { "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -319,33 +147,15 @@ "properties": { "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subnetwork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vpc_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -357,96 +167,42 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destination_range": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "priority": { "type": "long" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_range": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_service_account": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target_service_account": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target_tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -458,33 +214,15 @@ "properties": { "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -492,33 +230,15 @@ "properties": { "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subnetwork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vpc_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -528,13 +248,7 @@ "properties": { "reporter": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rtt": { "properties": { @@ -550,4 +264,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/google_workspace.json b/salt/elasticsearch/templates/component/ecs/google_workspace.json index abb0e3591..dad2b8ba3 100644 --- a/salt/elasticsearch/templates/component/ecs/google_workspace.json +++ b/salt/elasticsearch/templates/component/ecs/google_workspace.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "google_workspace": { @@ -52,23 +12,11 @@ "properties": { "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -78,13 +26,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -94,25 +36,13 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "scopes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -120,83 +50,35 @@ "properties": { "asp_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "edition": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "enabled": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "licences_order_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "licences_purchased": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "package_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -214,23 +96,11 @@ "properties": { "allowed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "enabled": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -238,13 +108,7 @@ "properties": { "session_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -252,43 +116,19 @@ "properties": { "command_details": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -298,23 +138,11 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -324,33 +152,15 @@ "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "secondary_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -363,13 +173,7 @@ }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "recipient": { "properties": { @@ -378,13 +182,7 @@ }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -395,13 +193,7 @@ }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -412,13 +204,7 @@ }, "quarantine_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -429,23 +215,11 @@ }, "package_content": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -453,55 +227,25 @@ "properties": { "dest_email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "level": { "properties": { "chat": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "draft": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incoming": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "outgoing": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -509,25 +253,13 @@ }, "field": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "gateway": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -535,77 +267,35 @@ "properties": { "allowed_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "priorities": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "info_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "managed_configuration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mdm": { "properties": { "token": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -615,23 +305,11 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -639,13 +317,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -656,23 +328,11 @@ }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "non_featured_services_selection": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oauth2": { "properties": { @@ -680,33 +340,15 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -714,13 +356,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -728,35 +364,17 @@ }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "org_unit": { "properties": { "full": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -764,13 +382,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -778,13 +390,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -792,13 +398,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -806,23 +406,11 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sku": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -830,13 +418,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -844,13 +426,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -858,23 +434,11 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -882,13 +446,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -896,13 +454,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -910,23 +462,11 @@ "properties": { "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -934,13 +474,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -951,23 +485,11 @@ }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nickname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -975,25 +497,13 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "verification_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1001,60 +511,30 @@ "properties": { "added_role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "billable": { "type": "boolean" }, "destination_folder_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destination_folder_title": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "owner": { "properties": { "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "is_shared_drive": { "type": "boolean" @@ -1063,168 +543,72 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "membership_change_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "old_visibility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "originating_app_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "primary_event": { "type": "boolean" }, "removed_role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "shared_drive_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "shared_drive_settings_change_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sheets_import_range_recipient_doc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_folder_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_folder_title": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "visibility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "visibility_change": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1232,13 +616,7 @@ "properties": { "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1246,45 +624,21 @@ "properties": { "acl_permission": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "member": { "properties": { "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1292,119 +646,53 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "moderation_action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "new_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "old_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "setting": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "kind": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "login": { "properties": { "affected_email_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "challenge_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "failure_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "is_second_factor": { "type": "boolean" @@ -1414,13 +702,7 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1428,13 +710,7 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1442,63 +718,27 @@ "properties": { "application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "failure_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "initiated_by": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "orgunit_path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "second_level_status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1507,4 +747,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/group.json b/salt/elasticsearch/templates/component/ecs/group.json index a28670064..ed40b4d9f 100644 --- a/salt/elasticsearch/templates/component/ecs/group.json +++ b/salt/elasticsearch/templates/component/ecs/group.json @@ -4,83 +4,25 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "group": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/host.json b/salt/elasticsearch/templates/component/ecs/host.json index d2f8dc301..20473f4ae 100644 --- a/salt/elasticsearch/templates/component/ecs/host.json +++ b/salt/elasticsearch/templates/component/ecs/host.json @@ -4,59 +4,13 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "host": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpu": { "properties": { @@ -86,163 +40,73 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ip": { "type": "ip" }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "network": { "properties": { @@ -272,85 +136,37 @@ "properties": { "family": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "kernel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "platform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uptime": { "type": "long" @@ -359,31 +175,13 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -391,75 +189,33 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -468,4 +224,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/http.json b/salt/elasticsearch/templates/component/ecs/http.json index a5c0c4e70..d6164a191 100644 --- a/salt/elasticsearch/templates/component/ecs/http.json +++ b/salt/elasticsearch/templates/component/ecs/http.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "http": { @@ -57,10 +17,6 @@ }, "content": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -74,43 +30,19 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "referrer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -123,10 +55,6 @@ }, "content": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -140,13 +68,7 @@ }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status_code": { "type": "long" @@ -155,17 +77,11 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/juniper.json b/salt/elasticsearch/templates/component/ecs/juniper.json index 50a2dd287..4cec1ee22 100644 --- a/salt/elasticsearch/templates/component/ecs/juniper.json +++ b/salt/elasticsearch/templates/component/ecs/juniper.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "juniper": { @@ -52,113 +12,47 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "action_detail": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "apbr_rule_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_characteristics": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_sub_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attack_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_ip": { "type": "ip" @@ -168,181 +62,85 @@ }, "connection_tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "context_hit_rate": { "type": "long" }, "context_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "context_value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "context_value_hit_rate": { "type": "long" }, "ddos_application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dscp_value": { "type": "long" }, "dst_nat_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_nat_rule_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_vrf_grp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "elapsed_time": { "type": "date" }, "encrypted": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "epoch_time": { "type": "date" }, "error_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "error_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "export_id": { "type": "long" }, "feed_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_hash_lookup": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp_type": { "type": "long" @@ -355,93 +153,39 @@ }, "index": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "logical_system_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "malware_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat_connection_tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nested_application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "obj": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "occur_count": { "type": "long" @@ -463,13 +207,7 @@ }, "peer_session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "peer_source_address": { "type": "ip" @@ -479,286 +217,118 @@ }, "policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "process": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "profile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "profile_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocol_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocol_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "repeat_count": { "type": "long" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "routing_instance": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ruleebase_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sample_sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "secure_web_proxy_session_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "service_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_id_32": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_nat_rule_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_nat_rule_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_vrf_grp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sub_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "temporary_filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tenant_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "th": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threat_severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "time_count": { "type": "long" @@ -768,26 +338,14 @@ }, "time_scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uplink_rx_bytes": { "type": "long" @@ -797,36 +355,18 @@ }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "verdict_number": { "type": "long" }, "verdict_source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -835,4 +375,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/kibana.json b/salt/elasticsearch/templates/component/ecs/kibana.json index 6e13a835a..caa09d1ac 100644 --- a/salt/elasticsearch/templates/component/ecs/kibana.json +++ b/salt/elasticsearch/templates/component/ecs/kibana.json @@ -4,99 +4,29 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "kibana": { "properties": { "add_to_spaces": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authentication_provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authentication_realm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authentication_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "delete_from_spaces": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "log": { "properties": { @@ -105,83 +35,41 @@ }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "lookup_realm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "saved_object": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "space_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/log.json b/salt/elasticsearch/templates/component/ecs/log.json index c98030aad..e79661b5e 100644 --- a/salt/elasticsearch/templates/component/ecs/log.json +++ b/salt/elasticsearch/templates/component/ecs/log.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "log": { @@ -52,35 +12,17 @@ "properties": { "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "logger": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "origin": { "properties": { @@ -91,38 +33,20 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "function": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "original": { "doc_values": false, "index": false, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "syslog": { "properties": { @@ -133,13 +57,7 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -153,13 +71,7 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -171,4 +83,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/logstash.json b/salt/elasticsearch/templates/component/ecs/logstash.json index 9b463f3ae..43918a37a 100644 --- a/salt/elasticsearch/templates/component/ecs/logstash.json +++ b/salt/elasticsearch/templates/component/ecs/logstash.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "logstash": { @@ -54,44 +14,20 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "object" }, "module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "pipeline_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "thread": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -100,42 +36,18 @@ "slowlog": { "properties": { "event": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "module": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "plugin_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "plugin_params": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -144,21 +56,9 @@ }, "plugin_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "thread": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -172,4 +72,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/microsoft.json b/salt/elasticsearch/templates/component/ecs/microsoft.json index bb9f04a5c..151599805 100644 --- a/salt/elasticsearch/templates/component/ecs/microsoft.json +++ b/salt/elasticsearch/templates/component/ecs/microsoft.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "microsoft": { @@ -52,156 +12,72 @@ "properties": { "assignedTo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "determination": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "evidence": { "properties": { "aadUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "accountName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "domainName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "entityType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ipAddress": { "type": "ip" }, "userPrincipalName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "incidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "investigationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "investigationState": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "lastUpdateTime": { "type": "date" }, "rbacGroupName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resolvedTime": { "type": "date" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threatFamilyName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -211,56 +87,26 @@ "properties": { "actorName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "assignedTo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "creationTime": { "type": "date" }, "detectionSource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "determination": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "devices": { "type": "flattened" @@ -269,343 +115,145 @@ "properties": { "accountName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "clusterBy": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deliveryAction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deviceId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "entityType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ipAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mailboxAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mailboxDisplayName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "recipient": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registryHive": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registryKey": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registryValueType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "securityGroupId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "securityGroupName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sender": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "incidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "investigationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "investigationState": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "lastUpdatedTime": { "type": "date" }, "mitreTechniques": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resolvedTime": { "type": "date" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threatFamilyName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "userSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "assignedTo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "determination": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "incidentName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "investigationState": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "redirectIncidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -614,4 +262,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/misp.json b/salt/elasticsearch/templates/component/ecs/misp.json index c3600de69..0a6356272 100644 --- a/salt/elasticsearch/templates/component/ecs/misp.json +++ b/salt/elasticsearch/templates/component/ecs/misp.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "misp": { @@ -52,43 +12,19 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "kill_chain_phases": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -96,59 +32,29 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "first_seen": { "type": "date" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_seen": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "objective": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -156,33 +62,15 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -190,73 +78,31 @@ "properties": { "contact_information": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identity_class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sectors": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -264,89 +110,41 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "first_seen": { "type": "date" }, "goals": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_seen": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "primary_motivation": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "resource_level": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "secondary_motivations": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" } } }, @@ -354,53 +152,23 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "kill_chain_phases": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -408,53 +176,23 @@ "properties": { "authors": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "object_refs": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "summary": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -465,13 +203,7 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "last_observed": { "type": "date" @@ -481,13 +213,7 @@ }, "objects": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -495,53 +221,23 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "object_refs": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "published": { "type": "date" @@ -552,123 +248,51 @@ "properties": { "aliases": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "goals": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "personal_motivations": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "primary_motivation": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "resource_level": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "roles": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "secondary_motivations": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "sophistication": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" } } }, @@ -676,156 +300,66 @@ "properties": { "attack_pattern": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attack_pattern_kql": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "campaign": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "confidence": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "feed": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "intrusion_set": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "kill_chain_phases": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_tactic": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mitre_technique": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "negate": { "type": "boolean" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threat_actor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "valid_from": { "type": "date" @@ -835,13 +369,7 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -849,63 +377,27 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "kill_chain_phases": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "labels": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tool_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -913,33 +405,15 @@ "properties": { "description": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -948,4 +422,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/netflow.json b/salt/elasticsearch/templates/component/ecs/netflow.json index 4b52708f3..7114af3b2 100644 --- a/salt/elasticsearch/templates/component/ecs/netflow.json +++ b/salt/elasticsearch/templates/component/ecs/netflow.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "netflow": { @@ -74,56 +34,26 @@ }, "application_category_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_group_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_id": { "type": "short" }, "application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_sub_category_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "bgp_destination_as_number": { "type": "long" @@ -154,13 +84,7 @@ }, "class_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "classification_engine_id": { "type": "short" @@ -227,13 +151,7 @@ }, "destination_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "destination_transport_port": { "type": "long" @@ -264,26 +182,14 @@ }, "dot1q_customer_destination_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dot1q_customer_priority": { "type": "short" }, "dot1q_customer_source_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dot1q_customer_vlan_id": { "type": "long" @@ -347,13 +253,7 @@ }, "encrypted_technology": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "engine_id": { "type": "short" @@ -398,13 +298,7 @@ "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_id": { "type": "long" @@ -572,76 +466,34 @@ }, "http_content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_message_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_reason_phrase": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_request_host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_request_method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_request_target": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http_status_code": { "type": "long" }, "http_user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp_code_ipv4": { "type": "short" @@ -684,13 +536,7 @@ }, "information_element_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "information_element_id": { "type": "long" @@ -700,13 +546,7 @@ }, "information_element_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "information_element_range_begin": { "type": "long" @@ -749,23 +589,11 @@ }, "interface_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "interface_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "intermediate_process_id": { "type": "long" @@ -913,13 +741,7 @@ }, "metro_evc_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "metro_evc_type": { "type": "short" @@ -932,59 +754,29 @@ }, "mib_context_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mib_index_indicator": { "type": "long" }, "mib_module_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mib_object_description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mib_object_identifier": { "type": "short" }, "mib_object_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mib_object_syntax": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mib_object_value_bits": { "type": "short" @@ -1042,23 +834,11 @@ }, "mobile_imsi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mobile_msisdn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "monitoring_interval_end_milli_seconds": { "type": "date" @@ -1149,13 +929,7 @@ }, "nat_pool_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat_quota_exceeded_event": { "type": "long" @@ -1189,13 +963,7 @@ }, "observation_domain_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "observation_point_id": { "type": "long" @@ -1253,13 +1021,7 @@ }, "p2p_technology": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "packet_delta_count": { "type": "long" @@ -1290,13 +1052,7 @@ }, "post_destination_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "post_dot1q_customer_vlan_id": { "type": "long" @@ -1372,13 +1128,7 @@ }, "post_source_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "post_vlan_id": { "type": "long" @@ -1430,13 +1180,7 @@ }, "sampler_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sampler_random_interval": { "type": "long" @@ -1503,13 +1247,7 @@ }, "selector_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_scope": { "type": "short" @@ -1534,13 +1272,7 @@ }, "source_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source_transport_port": { "type": "long" @@ -1556,13 +1288,7 @@ }, "sta_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "system_init_time_milliseconds": { "type": "date" @@ -1629,23 +1355,11 @@ }, "tunnel_technology": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "udp_destination_port": { "type": "long" @@ -1661,13 +1375,7 @@ }, "user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "value_distribution_method": { "type": "short" @@ -1677,23 +1385,11 @@ }, "virtual_station_interface_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virtual_station_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virtual_station_uuid": { "type": "short" @@ -1706,40 +1402,22 @@ }, "vr_fname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "wlan_channel_id": { "type": "short" }, "wlan_ssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "wtp_mac_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/network.json b/salt/elasticsearch/templates/component/ecs/network.json index 5a669bd30..c2e35efd0 100644 --- a/salt/elasticsearch/templates/component/ecs/network.json +++ b/salt/elasticsearch/templates/component/ecs/network.json @@ -4,95 +4,31 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "network": { "properties": { "application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "bytes": { "type": "long" }, "community_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "forwarded_ip": { "type": "ip" }, "iana_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "inner": { "properties": { @@ -100,23 +36,11 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -125,68 +49,32 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "packets": { "type": "long" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "transport": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vlan": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -195,4 +83,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/o365.json b/salt/elasticsearch/templates/component/ecs/o365.json index 3739bcde8..6e11dc02a 100644 --- a/salt/elasticsearch/templates/component/ecs/o365.json +++ b/salt/elasticsearch/templates/component/ecs/o365.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "o365": { @@ -52,286 +12,118 @@ "properties": { "AADGroupId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ActorContextId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ActorIpAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ActorUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ActorYammerUserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "AlertEntityId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "AlertId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "AlertType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "AppId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ApplicationDisplayName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ApplicationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "AzureActiveDirectoryEventType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ClientAppId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ClientIP": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ClientIPAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ClientInfoString": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Comments": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "CommunicationType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "CorrelationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "CreationTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "CustomUniqueId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DataType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DoNotDistributeEvent": { "type": "boolean" }, "EntityType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ErrorNumber": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "EventData": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "EventSource": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ExceptionInfo": { "properties": { @@ -356,86 +148,38 @@ }, "ExternalAccess": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "FromApp": { "type": "boolean" }, "GroupName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ImplicitShare": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "IncidentId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "InterSystemsId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "InternalLogonType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "IntraSystemId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "IsDocLib": { "type": "boolean" @@ -457,163 +201,67 @@ }, "ItemName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ItemType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ListBaseTemplateType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ListBaseType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ListColor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ListIcon": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ListId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ListItemUniqueId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ListTitle": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LogonError": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LogonType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LogonUserSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MailboxGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MailboxOwnerMasterAccountSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MailboxOwnerSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MailboxOwnerUPN": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Members": { "properties": { @@ -635,63 +283,27 @@ }, "Name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ObjectId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Operation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "OrganizationId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "OrganizationName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "OriginatingServer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Parameters": { "properties": { @@ -702,63 +314,27 @@ }, "PolicyId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "RecordType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ResultStatus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SensitiveInfoDetectionIsIncluded": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SessionId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SharePointMetaData": { "properties": { @@ -769,233 +345,95 @@ }, "Site": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SiteUrl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SourceFileExtension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SourceFileName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SourceRelativeUrl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SupportTicketId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetContextId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetUserOrGroupName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetUserOrGroupType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TeamGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TeamName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TemplateTypeId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "UniqueSharingId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "UserAgent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "UserId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "UserKey": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "UserType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "WebId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Workload": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "YammerNetworkId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1004,4 +442,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/observer.json b/salt/elasticsearch/templates/component/ecs/observer.json index 4eeb753db..11b0fa467 100644 --- a/salt/elasticsearch/templates/component/ecs/observer.json +++ b/salt/elasticsearch/templates/component/ecs/observer.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "observer": { @@ -54,33 +14,15 @@ "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -88,35 +30,17 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "object" @@ -125,118 +49,52 @@ "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ingress": { "properties": { @@ -244,33 +102,15 @@ "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -278,35 +118,17 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "object" @@ -316,151 +138,67 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os": { "properties": { "family": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "kernel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "platform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/okta.json b/salt/elasticsearch/templates/component/ecs/okta.json index 3604f3bce..fabb58862 100644 --- a/salt/elasticsearch/templates/component/ecs/okta.json +++ b/salt/elasticsearch/templates/component/ecs/okta.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "okta": { @@ -52,43 +12,19 @@ "properties": { "alternate_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "display_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -96,56 +32,26 @@ "properties": { "authentication_provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "authentication_step": { "type": "long" }, "credential_provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "credential_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "external_session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -153,23 +59,11 @@ "properties": { "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ip": { "type": "ip" @@ -178,45 +72,21 @@ "properties": { "browser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "raw_user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "zone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -226,75 +96,33 @@ "properties": { "device_fingerprint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request_uri": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "suspicious_activity": { "properties": { "browser": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_city": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_ip": { "type": "ip" @@ -307,43 +135,19 @@ }, "event_state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_transaction_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -352,23 +156,11 @@ }, "threat_suspected": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -376,45 +168,21 @@ }, "display_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "outcome": { "properties": { "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -426,46 +194,22 @@ "properties": { "city": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "geolocation": { "type": "geo_point" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -474,23 +218,11 @@ }, "source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -507,13 +239,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -521,38 +247,20 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "is_proxy": { "type": "boolean" }, "isp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target": { "type": "flattened" @@ -561,49 +269,25 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/orchestrator.json b/salt/elasticsearch/templates/component/ecs/orchestrator.json index 99d20dc00..87f2af201 100644 --- a/salt/elasticsearch/templates/component/ecs/orchestrator.json +++ b/salt/elasticsearch/templates/component/ecs/orchestrator.json @@ -4,151 +4,57 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "orchestrator": { "properties": { "api_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cluster": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "namespace": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resource": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/organization.json b/salt/elasticsearch/templates/component/ecs/organization.json index 0f782caf9..66b5853ff 100644 --- a/salt/elasticsearch/templates/component/ecs/organization.json +++ b/salt/elasticsearch/templates/component/ecs/organization.json @@ -4,67 +4,15 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "organization": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -73,4 +21,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/package.json b/salt/elasticsearch/templates/component/ecs/package.json index 45aec5986..b726f8f7f 100644 --- a/salt/elasticsearch/templates/component/ecs/package.json +++ b/salt/elasticsearch/templates/component/ecs/package.json @@ -4,169 +4,63 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "package": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "build_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "checksum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "install_scope": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "installed": { "type": "date" }, "license": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/process.json b/salt/elasticsearch/templates/component/ecs/process.json index a6b3cc61e..bbb31f777 100644 --- a/salt/elasticsearch/templates/component/ecs/process.json +++ b/salt/elasticsearch/templates/component/ecs/process.json @@ -4,59 +4,13 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "process": { "properties": { "args": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "args_count": { "type": "long" @@ -65,56 +19,26 @@ "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -129,10 +53,6 @@ }, "command_line": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -143,33 +63,15 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -181,76 +83,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -267,46 +127,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -321,46 +157,22 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -369,21 +181,9 @@ }, "entity_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "executable": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -394,63 +194,27 @@ "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -458,13 +222,7 @@ "properties": { "args": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "args_count": { "type": "long" @@ -473,56 +231,26 @@ "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -537,10 +265,6 @@ }, "command_line": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -551,33 +275,15 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -589,76 +295,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -675,46 +339,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -729,46 +369,22 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -777,21 +393,9 @@ }, "entity_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "executable": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -802,63 +406,27 @@ "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -866,73 +434,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -955,23 +481,11 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "title": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -979,12 +493,6 @@ "type": "long" }, "working_directory": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -994,73 +502,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1083,23 +549,11 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "title": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -1107,12 +561,6 @@ "type": "long" }, "working_directory": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -1121,4 +569,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/redis.json b/salt/elasticsearch/templates/component/ecs/redis.json index ac8f9faf2..f2ee3f5ab 100644 --- a/salt/elasticsearch/templates/component/ecs/redis.json +++ b/salt/elasticsearch/templates/component/ecs/redis.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "redis": { @@ -52,13 +12,7 @@ "properties": { "role": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -66,23 +20,11 @@ "properties": { "args": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cmd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "duration": { "properties": { @@ -96,13 +38,7 @@ }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -111,4 +47,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/registry.json b/salt/elasticsearch/templates/component/ecs/registry.json index 13cdca60e..7cfa34ad6 100644 --- a/salt/elasticsearch/templates/component/ecs/registry.json +++ b/salt/elasticsearch/templates/component/ecs/registry.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "registry": { @@ -52,72 +12,36 @@ "properties": { "bytes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "strings": { "type": "wildcard" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hive": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/related.json b/salt/elasticsearch/templates/component/ecs/related.json index 58a55392c..1af1593c8 100644 --- a/salt/elasticsearch/templates/component/ecs/related.json +++ b/salt/elasticsearch/templates/component/ecs/related.json @@ -4,86 +4,28 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "related": { "properties": { "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hosts": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ip": { "type": "ip" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/rule.json b/salt/elasticsearch/templates/component/ecs/rule.json index b9ea3a615..400c64f6d 100644 --- a/salt/elasticsearch/templates/component/ecs/rule.json +++ b/salt/elasticsearch/templates/component/ecs/rule.json @@ -4,153 +4,53 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "rule": { "properties": { "author": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "license": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ruleset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/server.json b/salt/elasticsearch/templates/component/ecs/server.json index 3c297f09f..445ad581e 100644 --- a/salt/elasticsearch/templates/component/ecs/server.json +++ b/salt/elasticsearch/templates/component/ecs/server.json @@ -4,59 +4,13 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "server": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "as": { "properties": { @@ -66,12 +20,6 @@ "organization": { "properties": { "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -84,118 +32,52 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -204,13 +86,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat": { "properties": { @@ -230,63 +106,27 @@ }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -294,75 +134,33 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -371,4 +169,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/service.json b/salt/elasticsearch/templates/component/ecs/service.json index bfa90c717..2fbdad6d4 100644 --- a/salt/elasticsearch/templates/component/ecs/service.json +++ b/salt/elasticsearch/templates/component/ecs/service.json @@ -4,147 +4,53 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "service": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "environment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ephemeral_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "node": { "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/snyk.json b/salt/elasticsearch/templates/component/ecs/snyk.json index d210b41a0..15f6a2a7f 100644 --- a/salt/elasticsearch/templates/component/ecs/snyk.json +++ b/salt/elasticsearch/templates/component/ecs/snyk.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "snyk": { @@ -55,23 +15,11 @@ }, "org_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "project_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -82,13 +30,7 @@ "properties": { "projects": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -96,68 +38,32 @@ "properties": { "credit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cvss3": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "disclosure_time": { "type": "date" }, "exploit_maturity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identifiers": { "properties": { "alternative": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cwe": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -184,46 +90,22 @@ }, "jira_issue_url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "language": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original_severity": { "type": "long" }, "package": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "package_manager": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "patches": { "type": "flattened" @@ -236,56 +118,26 @@ }, "reachability": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "semver": { "type": "flattened" }, "title": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "unique_severities_list": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -294,4 +146,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/sophos.json b/salt/elasticsearch/templates/component/ecs/sophos.json index 9abba7456..fceaa5049 100644 --- a/salt/elasticsearch/templates/component/ecs/sophos.json +++ b/salt/elasticsearch/templates/component/ecs/sophos.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "sophos": { @@ -55,23 +15,11 @@ }, "Mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "PHPSESSID": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Reports": { "type": "float" @@ -81,232 +29,100 @@ }, "SysLog_SERVER_NAME": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Temp": { "type": "float" }, "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "activityname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ap": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_is_cloud": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "appfilter_policy_id": { "type": "long" }, "application": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_filter_policy": { "type": "long" }, "application_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_risk": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "application_technology": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "appresolvedby": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "auth_client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "auth_mechanism": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "av_policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "backup_mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "branch_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_host_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_physical_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "clients_conn_ssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "collisions": { "type": "long" @@ -319,93 +135,39 @@ }, "connectionname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connectiontype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connevent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "contenttype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "context_match": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "context_prefix": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "context_suffix": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cookie": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "date": { "type": "date" @@ -415,113 +177,47 @@ }, "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "device_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "device_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dictionary_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dir_disp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "domainname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "download_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "download_file_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_country_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_domainname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dst_ip": { "type": "ip" @@ -531,152 +227,68 @@ }, "dstdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstzone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dstzonetype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "duration": { "type": "long" }, "email_subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ep_uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "eventid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "eventtime": { "type": "date" }, "eventtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exceptions": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "execution_path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extra": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_size": { "type": "long" }, "filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filepath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "filesize": { "type": "long" @@ -686,99 +298,45 @@ }, "from_email_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ftp_direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ftp_url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ftpcommand": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fw_rule_id": { "type": "long" }, "hb_health": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "httpresponsecode": { "type": "long" }, "iap": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "idle_cpu": { "type": "float" @@ -788,299 +346,125 @@ }, "idp_policy_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "in_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ipaddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ips_policy_id": { "type": "long" }, "localgateway": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "localnetwork": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "log_component": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "log_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "log_subtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "log_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "login_user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mailid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mailsize": { "type": "long" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "newversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "oldversion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "out_interface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "override_authorizer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "override_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "override_token": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "platform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "policy_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "priority": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "quarantine": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "quarantine_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "querystring": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "raw_data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "received_pkts": { "type": "long" @@ -1090,13 +474,7 @@ }, "receivederrors": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "receivedkbits": { "type": "long" @@ -1106,49 +484,25 @@ }, "red_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "referer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "remote_ip": { "type": "ip" }, "remotenetwork": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "responsetime": { "type": "long" }, "rule_priority": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sent_bytes": { "type": "long" @@ -1158,162 +512,72 @@ }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sessionid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1sum": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "site_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sourceip": { "type": "ip" }, "spamaction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sqli": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_country_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_domainname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_ip": { "type": "ip" }, "src_mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "src_port": { "type": "long" }, "srczone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "srczonetype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "start_time": { "type": "date" @@ -1323,79 +587,37 @@ }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "system_cpu": { "type": "float" }, "target": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "threatname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "to_email_address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "total_memory": { "type": "long" @@ -1414,171 +636,81 @@ }, "transaction_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "transactionid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "transmitteddrops": { "type": "long" }, "transmittederrors": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "transmittedkbits": { "type": "long" }, "unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "updatedip": { "type": "ip" }, "upload_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "upload_file_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "url": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "used": { "type": "long" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_cpu": { "type": "float" }, "user_gp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "users": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vconn_id": { "type": "long" }, "virus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "website": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "xss": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1587,4 +719,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/source.json b/salt/elasticsearch/templates/component/ecs/source.json index e409d4a48..ab5585ada 100644 --- a/salt/elasticsearch/templates/component/ecs/source.json +++ b/salt/elasticsearch/templates/component/ecs/source.json @@ -4,59 +4,13 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "source": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "as": { "properties": { @@ -66,12 +20,6 @@ "organization": { "properties": { "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -84,118 +32,52 @@ }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "geo": { "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -204,13 +86,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nat": { "properties": { @@ -230,63 +106,27 @@ }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -294,75 +134,33 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -371,4 +169,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/suricata.json b/salt/elasticsearch/templates/component/ecs/suricata.json index 116dc96dd..1eb06d266 100644 --- a/salt/elasticsearch/templates/component/ecs/suricata.json +++ b/salt/elasticsearch/templates/component/ecs/suricata.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "suricata": { @@ -54,268 +14,118 @@ "properties": { "affected_product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "attack_target": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "capec_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "classtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "created_at": { "type": "date" }, "cve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cvss_v2_base": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cvss_v2_temporal": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cvss_v3_base": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cvss_v3_temporal": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cwe_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "deployment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "former_category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "gid": { "type": "long" }, "hostile": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "infected": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "malware": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "metadata": { "type": "flattened" }, "mitre_tool_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "performance_impact": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "priority": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocols": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rev": { "type": "long" }, "rule_source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_id": { "type": "long" }, "signature_severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tag": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "updated_at": { "type": "date" @@ -324,43 +134,19 @@ }, "app_proto_expected": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_proto_orig": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_proto_tc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "app_proto_ts": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dns": { "properties": { @@ -369,43 +155,19 @@ }, "rcode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rdata": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rrname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rrtype": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ttl": { "type": "long" @@ -415,13 +177,7 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -429,25 +185,13 @@ "properties": { "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "event_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fileinfo": { "properties": { @@ -456,43 +200,19 @@ }, "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "stored": { "type": "boolean" @@ -512,67 +232,31 @@ }, "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "flow_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "http": { "properties": { "http_content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "redirect": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -584,13 +268,7 @@ }, "in_iface": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "pcap_cnt": { "type": "long" @@ -599,33 +277,15 @@ "properties": { "helo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mail_from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rcpt_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -635,23 +295,11 @@ "properties": { "proto_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "software_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -659,23 +307,11 @@ "properties": { "proto_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "software_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1121,46 +757,22 @@ }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "syn": { "type": "boolean" }, "tcp_flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tcp_flags_tc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tcp_flags_ts": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1168,45 +780,21 @@ "properties": { "fingerprint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuerdn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ja3": { "properties": { "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "string": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1214,23 +802,11 @@ "properties": { "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "string": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1242,46 +818,22 @@ }, "serial": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "session_resumed": { "type": "boolean" }, "sni": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1295,4 +847,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/syslog.json b/salt/elasticsearch/templates/component/ecs/syslog.json index d263519e8..ebf2a099e 100644 --- a/salt/elasticsearch/templates/component/ecs/syslog.json +++ b/salt/elasticsearch/templates/component/ecs/syslog.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "syslog": { @@ -53,30 +13,18 @@ }, "facility_label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "priority": { "type": "long" }, "severity_label": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/threat.json b/salt/elasticsearch/templates/component/ecs/threat.json index 62e71e49a..9409d0bb8 100644 --- a/salt/elasticsearch/templates/component/ecs/threat.json +++ b/salt/elasticsearch/templates/component/ecs/threat.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "threat": { @@ -60,12 +20,6 @@ "organization": { "properties": { "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -75,35 +29,17 @@ }, "confidence": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -114,68 +50,32 @@ }, "attributes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "code_signature": { "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -196,65 +96,29 @@ }, "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "directory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "drive_letter": { "ignore_above": 1, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "elf": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -266,76 +130,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -352,46 +174,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -406,203 +204,89 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "gid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "inode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mtime": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "owner": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -610,73 +294,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -684,118 +326,52 @@ "type": "long" }, "target_path": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -807,23 +383,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -835,107 +399,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -948,106 +452,46 @@ "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1061,13 +505,7 @@ "properties": { "tlp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1079,23 +517,11 @@ }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registry": { "properties": { @@ -1103,68 +529,32 @@ "properties": { "bytes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "strings": { "type": "wildcard" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hive": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1176,52 +566,24 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "url": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fragment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -1230,10 +592,6 @@ }, "original": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -1242,13 +600,7 @@ }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "type": "wildcard" @@ -1258,63 +610,27 @@ }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scheme": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1322,85 +638,37 @@ "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1412,23 +680,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -1440,107 +696,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1551,53 +747,23 @@ "properties": { "atomic": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "field": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "index": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1606,55 +772,25 @@ }, "framework": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "group": { "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1668,12 +804,6 @@ "organization": { "properties": { "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" } @@ -1683,35 +813,17 @@ }, "confidence": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "properties": { "address": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1722,68 +834,32 @@ }, "attributes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "code_signature": { "properties": { "digest_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exists": { "type": "boolean" }, "signing_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "team_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timestamp": { "type": "date" @@ -1804,65 +880,29 @@ }, "device": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "directory": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "drive_letter": { "ignore_above": 1, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "elf": { "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "byte_order": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cpu_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "creation_date": { "type": "date" @@ -1874,76 +914,34 @@ "properties": { "abi_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "class": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "data": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "entrypoint": { "type": "long" }, "object_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os_abi": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1960,46 +958,22 @@ }, "flags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_offset": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "virtual_address": { "type": "long" @@ -2014,203 +988,89 @@ "properties": { "sections": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } }, "type": "nested" }, "shared_libraries": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "telfhash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fork_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "gid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha512": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssdeep": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "inode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mtime": { "type": "date" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "owner": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -2218,73 +1078,31 @@ "properties": { "architecture": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "imphash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original_file_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2292,118 +1110,52 @@ "type": "long" }, "target_path": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2415,23 +1167,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -2443,107 +1183,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -2556,106 +1236,46 @@ "properties": { "city_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "continent_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "location": { "type": "geo_point" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "postal_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "region_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timezone": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2669,13 +1289,7 @@ "properties": { "tlp": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2687,23 +1301,11 @@ }, "provider": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registry": { "properties": { @@ -2711,68 +1313,32 @@ "properties": { "bytes": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "strings": { "type": "wildcard" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hive": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2784,52 +1350,24 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "url": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fragment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -2838,10 +1376,6 @@ }, "original": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -2850,13 +1384,7 @@ }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "type": "wildcard" @@ -2866,63 +1394,27 @@ }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scheme": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2930,85 +1422,37 @@ "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3020,23 +1464,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -3048,107 +1480,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -3158,63 +1530,27 @@ "properties": { "alias": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "platforms": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3222,33 +1558,15 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3256,65 +1574,29 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subtechnique": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -3325,4 +1607,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/tls.json b/salt/elasticsearch/templates/component/ecs/tls.json index 796ffbe7b..413f217ad 100644 --- a/salt/elasticsearch/templates/component/ecs/tls.json +++ b/salt/elasticsearch/templates/component/ecs/tls.json @@ -4,135 +4,47 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "tls": { "properties": { "cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client": { "properties": { "certificate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "certificate_chain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "issuer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ja3": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "not_after": { "type": "date" @@ -142,117 +54,51 @@ }, "server_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "supported_ciphers": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -264,23 +110,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -292,107 +126,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -400,26 +174,14 @@ }, "curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "established": { "type": "boolean" }, "next_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resumed": { "type": "boolean" @@ -428,77 +190,35 @@ "properties": { "certificate": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "certificate_chain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hash": { "properties": { "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "issuer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ja3s": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "not_after": { "type": "date" @@ -508,97 +228,43 @@ }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "x509": { "properties": { "alternative_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -610,23 +276,11 @@ }, "public_key_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "public_key_exponent": { "doc_values": false, @@ -638,107 +292,47 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_or_province": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -746,27 +340,15 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/tracing.json b/salt/elasticsearch/templates/component/ecs/tracing.json index 8f28ee9f8..7db45e4a2 100644 --- a/salt/elasticsearch/templates/component/ecs/tracing.json +++ b/salt/elasticsearch/templates/component/ecs/tracing.json @@ -4,59 +4,13 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "span": { "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -64,13 +18,7 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -78,17 +26,11 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/url.json b/salt/elasticsearch/templates/component/ecs/url.json index 0f52cf583..efdaed1fb 100644 --- a/salt/elasticsearch/templates/component/ecs/url.json +++ b/salt/elasticsearch/templates/component/ecs/url.json @@ -4,86 +4,24 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "url": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extension": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fragment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -92,10 +30,6 @@ }, "original": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" } @@ -104,13 +38,7 @@ }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "type": "wildcard" @@ -120,67 +48,31 @@ }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "registered_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scheme": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subdomain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/user.json b/salt/elasticsearch/templates/component/ecs/user.json index 8cebf9dd6..a768a019f 100644 --- a/salt/elasticsearch/templates/component/ecs/user.json +++ b/salt/elasticsearch/templates/component/ecs/user.json @@ -4,83 +4,25 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "user": { "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "changes": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "changes": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -88,117 +30,51 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "effective": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -206,95 +82,41 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -302,95 +124,41 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "target": { "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full_name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -398,65 +166,29 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "hash": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "roles": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -465,4 +197,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/user_agent.json b/salt/elasticsearch/templates/component/ecs/user_agent.json index 0655b290e..85f8f0b0b 100644 --- a/salt/elasticsearch/templates/component/ecs/user_agent.json +++ b/salt/elasticsearch/templates/component/ecs/user_agent.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "user_agent": { @@ -52,33 +12,15 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "original": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, @@ -86,89 +28,41 @@ "properties": { "family": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "full": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "kernel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "platform": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/vulnerability.json b/salt/elasticsearch/templates/component/ecs/vulnerability.json index b7a239fb5..ea02a36b7 100644 --- a/salt/elasticsearch/templates/component/ecs/vulnerability.json +++ b/salt/elasticsearch/templates/component/ecs/vulnerability.json @@ -4,131 +4,43 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "vulnerability": { "properties": { "category": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "classification": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "description": { - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - }, "ignore_above": 1024, "type": "keyword" }, "enumeration": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reference": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "report_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "scanner": { "properties": { "vendor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -145,29 +57,17 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/ecs/winlog.json b/salt/elasticsearch/templates/component/ecs/winlog.json index 688fe033f..a724eefb1 100644 --- a/salt/elasticsearch/templates/component/ecs/winlog.json +++ b/salt/elasticsearch/templates/component/ecs/winlog.json @@ -4,58 +4,12 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "dynamic_templates": [ { "winlog.event_data": { "mapping": { - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "match_mapping_type": "string", "path_match": "winlog.event_data.*" @@ -64,13 +18,7 @@ { "winlog.user_data": { "mapping": { - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "match_mapping_type": "string", "path_match": "winlog.user_data.*" @@ -82,1177 +30,475 @@ "properties": { "activity_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "api": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "channel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "computer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "event_data": { "properties": { "AuthenticationPackageName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Binary": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "BitlockerUserInputTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "BootMode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "BootType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "BuildVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Company": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "CorruptionActionState": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "CreationUtcTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Description": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Detail": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DeviceName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DeviceNameLength": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DeviceTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DeviceVersionMajor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DeviceVersionMinor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DriveName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DriverName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DriverNameLength": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "DwordVal": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "EntryCount": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ExtraInfo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "FailureName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "FailureNameLength": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "FileVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "FinalStatus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Group": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "IdleImplementation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "IdleStateCount": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ImpersonationLevel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "IntegrityLevel": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "IpAddress": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "IpPort": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "KeyLength": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LastBootGood": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LastShutdownGood": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LmPackageName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LogonGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LogonId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LogonProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "LogonType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MajorVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MaximumPerformancePercent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MemberName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MemberSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MinimumPerformancePercent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MinimumThrottlePercent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "MinorVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "NewProcessId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "NewProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "NewSchemeGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "NewTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "NominalFrequency": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "OldSchemeGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "OldTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "OriginalFileName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "PerformanceImplementation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "PreviousCreationUtcTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "PreviousTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "PrivilegeList": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ProcessId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ProcessName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ProcessPath": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ProcessPid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Product": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "PuaCount": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "PuaPolicyId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "QfeVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SchemaVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ScriptBlockText": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ServiceName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ServiceVersion": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ShutdownActionType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ShutdownEventCode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ShutdownReason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Signature": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SignatureStatus": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Signed": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "StartTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "State": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "StopTime": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SubjectDomainName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SubjectLogonId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SubjectUserName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "SubjectUserSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TSId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetDomainName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetInfo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetLogonGuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetLogonId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetServerName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetUserName": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TargetUserSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TerminalSessionId": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TokenElevationType": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "TransmittedServices": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "UserSid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "Workstation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "param1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "param2": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "param3": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "param4": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "param5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "param6": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "param7": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "param8": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "event_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "keywords": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "logon": { "properties": { @@ -1260,67 +506,31 @@ "properties": { "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sub_status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "opcode": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "process": { "properties": { @@ -1338,53 +548,23 @@ }, "provider_guid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "provider_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "record_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "related_activity_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "task": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "time_created": { "type": "date" @@ -1393,43 +573,19 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identifier": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, diff --git a/salt/elasticsearch/templates/component/ecs/zeek.json b/salt/elasticsearch/templates/component/ecs/zeek.json index 08541b56e..f14349263 100644 --- a/salt/elasticsearch/templates/component/ecs/zeek.json +++ b/salt/elasticsearch/templates/component/ecs/zeek.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "zeek": { @@ -58,13 +18,7 @@ }, "peer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "percent_lost": { "type": "double" @@ -78,13 +32,7 @@ "properties": { "history": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp": { "properties": { @@ -110,23 +58,11 @@ }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state_message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "vlan": { "type": "long" @@ -137,33 +73,15 @@ "properties": { "endpoint": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "named_pipe": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "operation": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rtt": { "type": "long" @@ -182,13 +100,7 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "requested": { "type": "ip" @@ -200,68 +112,32 @@ }, "client_fqdn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "duration": { "type": "double" }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "id": { "properties": { "circuit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "remote_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subscriber": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -272,36 +148,18 @@ "properties": { "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "origin": { "type": "ip" }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -309,23 +167,11 @@ "properties": { "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -337,23 +183,11 @@ "properties": { "reply": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -381,62 +215,32 @@ }, "answers": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "qclass": { "type": "long" }, "qclass_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "qtype": { "type": "long" }, "qtype_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "query": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rcode": { "type": "long" }, "rcode_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rejected": { "type": "boolean" @@ -458,13 +262,7 @@ }, "trans_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -472,33 +270,15 @@ "properties": { "analyzer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "failure_reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "packet_segment": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -506,13 +286,7 @@ "properties": { "analyzers": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "depth": { "type": "long" @@ -525,13 +299,7 @@ }, "extracted": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "extracted_cutoff": { "type": "boolean" @@ -541,23 +309,11 @@ }, "filename": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "is_orig": { "type": "boolean" @@ -567,23 +323,11 @@ }, "md5": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "missing_bytes": { "type": "long" @@ -593,13 +337,7 @@ }, "parent_fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rx_host": { "type": "ip" @@ -609,43 +347,19 @@ }, "session_ids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha1": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sha256": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "timedout": { "type": "boolean" @@ -662,13 +376,7 @@ "properties": { "arg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "capture_password": { "type": "boolean" @@ -677,23 +385,11 @@ "properties": { "arg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cmd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "seq": { "type": "long" @@ -702,23 +398,11 @@ }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cwd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "data_channel": { "properties": { @@ -740,23 +424,11 @@ "properties": { "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "size": { "type": "long" @@ -765,26 +437,14 @@ }, "last_auth_requested": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "passive": { "type": "boolean" }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "pending_commands": { "type": "long" @@ -796,25 +456,13 @@ }, "msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -825,145 +473,67 @@ }, "client_header_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "info_code": { "type": "long" }, "info_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "orig_filenames": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "orig_fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "orig_mime_depth": { "type": "long" }, "orig_mime_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "proxied": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "range_request": { "type": "boolean" }, "resp_filenames": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resp_fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resp_mime_depth": { "type": "long" }, "resp_mime_types": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "server_header_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tags": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "trans_depth": { "type": "long" @@ -974,140 +544,62 @@ "properties": { "file_desc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file_mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "matched": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "seen": { "properties": { "conn": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "f": { "type": "object" }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "indicator": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "indicator_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "node": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "where": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "sources": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1115,23 +607,11 @@ "properties": { "addl": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dcc": { "properties": { @@ -1139,13 +619,7 @@ "properties": { "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "size": { "type": "long" @@ -1154,55 +628,25 @@ }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "nick": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1214,33 +658,15 @@ "properties": { "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1248,33 +674,15 @@ "properties": { "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "value": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1282,23 +690,11 @@ }, "cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "error": { "properties": { @@ -1307,13 +703,7 @@ }, "msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1325,23 +715,11 @@ }, "request_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "success": { "type": "boolean" @@ -1350,23 +728,11 @@ "properties": { "auth": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "new": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1389,23 +755,11 @@ "properties": { "exception": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "function": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "track_address": { "type": "long" @@ -1416,33 +770,15 @@ "properties": { "arg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cmd": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "response": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "rows": { "type": "long" @@ -1456,46 +792,22 @@ "properties": { "actions": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "connection_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "dropped": { "type": "boolean" }, "email_body_sections": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "email_delay_tokens": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "false": { "type": "long" @@ -1511,26 +823,14 @@ "properties": { "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "is_orig": { "type": "boolean" }, "mime_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "missing_bytes": { "type": "long" @@ -1540,108 +840,48 @@ }, "parent_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "seen_bytes": { "type": "long" }, "source": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "fuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "icmp_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identifier": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "note": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "peer_descr": { "norms": false, - "type": "text", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "text" }, "peer_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sub": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "suppress_for": { "type": "double" @@ -1652,23 +892,11 @@ "properties": { "domain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hostname": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "server": { "properties": { @@ -1676,33 +904,15 @@ "properties": { "dns": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "netbios": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tree": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1713,13 +923,7 @@ }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -1745,13 +949,7 @@ }, "ref_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ref_time": { "type": "date" @@ -1777,47 +975,23 @@ "properties": { "file_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "hash": { "properties": { "algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -1827,13 +1001,7 @@ "properties": { "reason": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "time": { "type": "date" @@ -1842,23 +1010,11 @@ }, "serial_number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "update": { "properties": { @@ -1876,13 +1032,7 @@ "properties": { "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "compile_time": { "type": "date" @@ -1901,13 +1051,7 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "is_64bit": { "type": "boolean" @@ -1917,43 +1061,19 @@ }, "machine": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "os": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "section_names": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subsystem": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uses_aslr": { "type": "boolean" @@ -1973,13 +1093,7 @@ "properties": { "connect_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "framed_addr": { "type": "ip" @@ -1989,49 +1103,25 @@ }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "remote_ip": { "type": "ip" }, "reply_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ttl": { "type": "long" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2047,13 +1137,7 @@ }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2061,57 +1145,27 @@ "properties": { "build": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "product_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "cookie": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "desktop": { "properties": { "color_depth": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "height": { "type": "long" @@ -2128,55 +1182,25 @@ "properties": { "level": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "keyboard_layout": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "result": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "security_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ssl": { "type": "boolean" @@ -2189,13 +1213,7 @@ "properties": { "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "success": { "type": "boolean" @@ -2204,13 +1222,7 @@ }, "desktop_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "height": { "type": "long" @@ -2224,23 +1236,11 @@ "properties": { "major": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "minor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2248,23 +1248,11 @@ "properties": { "major": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "minor": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -2277,61 +1265,31 @@ }, "session_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature": { "properties": { "event_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "host_count": { "type": "long" }, "note": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sig_count": { "type": "long" }, "sig_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sub_msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2339,43 +1297,19 @@ "properties": { "call_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "content_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "date": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reply_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request": { "properties": { @@ -2384,33 +1318,15 @@ }, "from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2421,33 +1337,15 @@ }, "from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2455,23 +1353,11 @@ "properties": { "method": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "number": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2482,58 +1368,28 @@ }, "msg": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "transaction_depth": { "type": "long" }, "uri": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "warning": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2541,35 +1397,17 @@ "properties": { "argument": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "file": { "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "host": { "properties": { @@ -2583,23 +1421,11 @@ }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "uid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2608,76 +1434,34 @@ }, "smb1_offered_dialects": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "smb2_offered_dialects": { "type": "long" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "sub_command": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tree": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tree_service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "username": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2685,46 +1469,22 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fid": { "type": "long" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "previous_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "size": { "type": "long" @@ -2747,13 +1507,7 @@ }, "uuid": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2761,43 +1515,19 @@ "properties": { "native_file_system": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "service": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "share_type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2805,102 +1535,48 @@ "properties": { "cc": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "date": { "type": "date" }, "first_received": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "has_client_activity": { "type": "boolean" }, "helo": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "in_reply_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "is_webmail": { "type": "boolean" }, "last_reply": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mail_from": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "msg_id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "path": { "type": "ip" @@ -2910,79 +1586,37 @@ }, "rcpt_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reply_to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "second_received": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "tls": { "type": "boolean" }, "to": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "transaction_depth": { "type": "long" }, "user_agent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "x_originating_ip": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -2990,23 +1624,11 @@ "properties": { "community": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "display_string": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "duration": { "type": "double" @@ -3036,13 +1658,7 @@ }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3052,13 +1668,7 @@ "properties": { "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "port": { "type": "long" @@ -3070,25 +1680,13 @@ }, "password": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "request": { "properties": { "host": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "port": { "type": "long" @@ -3097,23 +1695,11 @@ }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "user": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "type": "long" @@ -3126,53 +1712,23 @@ "properties": { "cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "compression": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "host_key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "key_exchange": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "mac": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3188,43 +1744,19 @@ }, "client": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "direction": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "host_key": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "server": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "version": { "type": "long" @@ -3235,97 +1767,43 @@ "properties": { "cipher": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "client": { "properties": { "cert_chain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cert_chain_fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3333,63 +1811,27 @@ "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -3397,36 +1839,18 @@ }, "curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "established": { "type": "boolean" }, "last_alert": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "next_protocol": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "resumed": { "type": "boolean" @@ -3435,159 +1859,69 @@ "properties": { "cert_chain": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "cert_chain_fuids": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -3597,35 +1931,17 @@ "properties": { "code": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "status": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "version": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3720,13 +2036,7 @@ }, "peer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "reassembly_size": { "properties": { @@ -3763,33 +2073,15 @@ "properties": { "facility": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "message": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "severity": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3797,23 +2089,11 @@ "properties": { "action": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3821,46 +2101,22 @@ "properties": { "additional_info": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "identifier": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "notice": { "type": "boolean" }, "peer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3880,95 +2136,41 @@ "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "curve": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "exponent": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "issuer": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -3976,110 +2178,50 @@ "properties": { "algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "length": { "type": "long" }, "type": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, "serial": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "subject": { "properties": { "common_name": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "country": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "locality": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organization": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "state": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } }, @@ -4100,13 +2242,7 @@ }, "id": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "log_cert": { "type": "boolean" @@ -4115,23 +2251,11 @@ "properties": { "dns": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "email": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" }, "ip": { "type": "ip" @@ -4141,13 +2265,7 @@ }, "uri": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - } - } + "type": "keyword" } } } @@ -4158,4 +2276,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/elastic-agent/so-fleet_agent_id_verification-1.json b/salt/elasticsearch/templates/component/elastic-agent/so-fleet_agent_id_verification-1.json index e2548d539..09796505e 100644 --- a/salt/elasticsearch/templates/component/elastic-agent/so-fleet_agent_id_verification-1.json +++ b/salt/elasticsearch/templates/component/elastic-agent/so-fleet_agent_id_verification-1.json @@ -1,67 +1,24 @@ { - "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } + "template": { + "mappings": { + "properties": { + "event": { + "properties": { + "agent_id_status": { + "ignore_above": 1024, + "type": "keyword" }, - "index": { - "final_pipeline": ".fleet_final_pipeline-1" - } - }, - "mappings": { - "properties": { - "event": { - "properties": { - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", - "type": "date" - } - } - } + "ingested": { + "format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis", + "type": "date" } } - }, - "_meta": { - "managed_by": "fleet", - "managed": true } } + } + }, + "_meta": { + "managed_by": "fleet", + "managed": true + } +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/elastic-agent/so-fleet_globals-1.json b/salt/elasticsearch/templates/component/elastic-agent/so-fleet_globals-1.json index e1529ba82..5df7e7fe9 100644 --- a/salt/elasticsearch/templates/component/elastic-agent/so-fleet_globals-1.json +++ b/salt/elasticsearch/templates/component/elastic-agent/so-fleet_globals-1.json @@ -1,66 +1,26 @@ { - "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, - "mappings": { - "_meta": { - "managed_by": "security_onion", - "managed": true + "template": { + "mappings": { + "_meta": { + "managed_by": "security_onion", + "managed": true + }, + "dynamic_templates": [ + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" }, - "dynamic_templates": [ - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "date_detection": false + "match_mapping_type": "string" } - }, - "_meta": { - "managed_by": "security_onion", - "managed": true } - } + ], + "date_detection": false + } + }, + "_meta": { + "managed_by": "security_onion", + "managed": true + } +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/case-mappings.json b/salt/elasticsearch/templates/component/so/case-mappings.json index 5137b6c3a..4c1fccee8 100644 --- a/salt/elasticsearch/templates/component/so/case-mappings.json +++ b/salt/elasticsearch/templates/component/so/case-mappings.json @@ -1,45 +1,5 @@ { "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "so_audit_doc_id": { @@ -250,4 +210,4 @@ "_meta": { "ecs_version": "1.12.2" } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/case-settings.json b/salt/elasticsearch/templates/component/so/case-settings.json index fd0de349c..6cc6f937e 100644 --- a/salt/elasticsearch/templates/component/so/case-settings.json +++ b/salt/elasticsearch/templates/component/so/case-settings.json @@ -1,58 +1,7 @@ { - "template": { - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": "3000" - } - }, - "refresh_interval": "30s", - "analysis": { - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": "true", - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "char_filter": { - "whitespace_no_way": { - "pattern": "(\\s)+", - "type": "pattern_replace", - "replacement": "$1" - } - }, - "analyzer": { - "es_security_analyzer": { - "filter": [ - "lowercase", - "trim" - ], - "char_filter": [ - "whitespace_no_way" - ], - "type": "custom", - "tokenizer": "keyword" - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "number_of_shards": "1", - "number_of_replicas": "0" - } - } - }, + "template": {}, "version": 1, "_meta": { "description": "default settings for common Security Onion Cases indices" } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/common-dynamic-mappings.json b/salt/elasticsearch/templates/component/so/common-dynamic-mappings.json index a4713ee20..116641d0f 100644 --- a/salt/elasticsearch/templates/component/so/common-dynamic-mappings.json +++ b/salt/elasticsearch/templates/component/so/common-dynamic-mappings.json @@ -1,45 +1,5 @@ { "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "dynamic_templates": [ { @@ -83,4 +43,4 @@ ] } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/common-settings.json b/salt/elasticsearch/templates/component/so/common-settings.json index 34c9e2b18..8de6c98e6 100644 --- a/salt/elasticsearch/templates/component/so/common-settings.json +++ b/salt/elasticsearch/templates/component/so/common-settings.json @@ -1,58 +1,7 @@ { - "template": { - "settings": { - "index": { - "mapping": { - "total_fields": { - "limit": "3000" - } - }, - "refresh_interval": "30s", - "analysis": { - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": "true", - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "char_filter": { - "whitespace_no_way": { - "pattern": "(\\s)+", - "type": "pattern_replace", - "replacement": "$1" - } - }, - "analyzer": { - "es_security_analyzer": { - "filter": [ - "lowercase", - "trim" - ], - "char_filter": [ - "whitespace_no_way" - ], - "type": "custom", - "tokenizer": "keyword" - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - }, - "number_of_shards": "1", - "number_of_replicas": "0" - } - } - }, + "template": {}, "version": 1, "_meta": { "description": "default settings for common Security Onion indices" } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-agent-mappings.json b/salt/elasticsearch/templates/component/so/dtc-agent-mappings.json index 871bdcc05..ec1b5fd70 100644 --- a/salt/elasticsearch/templates/component/so/dtc-agent-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-agent-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "agent": { @@ -52,10 +12,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -65,10 +21,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -78,10 +30,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -91,10 +39,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -104,10 +48,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -118,4 +58,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-base-mappings.json b/salt/elasticsearch/templates/component/so/dtc-base-mappings.json index 0bc940e66..15e6aeb52 100644 --- a/salt/elasticsearch/templates/component/so/dtc-base-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-base-mappings.json @@ -4,55 +4,11 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "message": { "type": "match_only_text", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -62,10 +18,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -74,4 +26,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-client-mappings.json b/salt/elasticsearch/templates/component/so/dtc-client-mappings.json index 23399cc26..8541a452c 100644 --- a/salt/elasticsearch/templates/component/so/dtc-client-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-client-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "client": { @@ -52,18 +12,14 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { - "type": "keyword" - } + "keyword": { + "type": "keyword" + } } - } - } + } + } } } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-destination-mappings.json b/salt/elasticsearch/templates/component/so/dtc-destination-mappings.json index 5691cfb7e..2b9f46789 100644 --- a/salt/elasticsearch/templates/component/so/dtc-destination-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-destination-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "destination": { @@ -54,21 +14,16 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { - "type": "keyword" - } + "keyword": { + "type": "keyword" + } } } } } - } - } + } + } } } } -} - +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-dns-mappings.json b/salt/elasticsearch/templates/component/so/dtc-dns-mappings.json index 56a529bf2..4e27dc117 100644 --- a/salt/elasticsearch/templates/component/so/dtc-dns-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-dns-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "dns": { @@ -54,10 +14,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -70,4 +26,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json b/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json index 549385123..491f8a743 100644 --- a/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-ecs-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "ecs": { @@ -52,10 +12,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -66,4 +22,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-event-mappings.json b/salt/elasticsearch/templates/component/so/dtc-event-mappings.json index 5d647917b..c31f102f8 100644 --- a/salt/elasticsearch/templates/component/so/dtc-event-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-event-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "event": { @@ -52,10 +12,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -65,10 +21,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -77,10 +29,6 @@ "created": { "type": "date", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -90,10 +38,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -102,10 +46,6 @@ "ingested": { "type": "date", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -115,10 +55,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -128,10 +64,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -141,10 +73,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -154,10 +82,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -167,10 +91,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -181,4 +101,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-file-mappings.json b/salt/elasticsearch/templates/component/so/dtc-file-mappings.json index 88152760a..e8f9fa6d1 100644 --- a/salt/elasticsearch/templates/component/so/dtc-file-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-file-mappings.json @@ -4,53 +4,13 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "file": { "properties": { "accessed": { "type": "date", - "fields": { + "fields": { "keyword": { "type": "keyword" } @@ -60,10 +20,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -73,10 +29,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -87,4 +39,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-host-mappings.json b/salt/elasticsearch/templates/component/so/dtc-host-mappings.json index a16c298a5..aeed6c2de 100644 --- a/salt/elasticsearch/templates/component/so/dtc-host-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-host-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "host": { @@ -52,23 +12,15 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } } }, - "name": { + "name": { "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -78,10 +30,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -92,4 +40,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-http-mappings.json b/salt/elasticsearch/templates/component/so/dtc-http-mappings.json index 05c9681ce..8714106a4 100644 --- a/salt/elasticsearch/templates/component/so/dtc-http-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-http-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "http": { @@ -54,10 +14,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -65,16 +21,7 @@ }, "referrer": { "ignore_above": 1024, - "type": "keyword", - "fields": { - "text": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { - "type": "keyword" - } - } + "type": "keyword" } } } diff --git a/salt/elasticsearch/templates/component/so/dtc-network-mappings.json b/salt/elasticsearch/templates/component/so/dtc-network-mappings.json index daa1521c5..3d101bfb9 100644 --- a/salt/elasticsearch/templates/component/so/dtc-network-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-network-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "network": { @@ -52,10 +12,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -65,10 +21,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -79,4 +31,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-observer-mappings.json b/salt/elasticsearch/templates/component/so/dtc-observer-mappings.json index be1c05510..e28edc82c 100644 --- a/salt/elasticsearch/templates/component/so/dtc-observer-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-observer-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "observer": { @@ -52,10 +12,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -66,4 +22,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-process-mappings.json b/salt/elasticsearch/templates/component/so/dtc-process-mappings.json index d3d22139a..9b0258fdb 100644 --- a/salt/elasticsearch/templates/component/so/dtc-process-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-process-mappings.json @@ -4,82 +4,30 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "process": { "properties": { "command_line": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } }, "type": "wildcard" }, - "entity_id": { + "entity_id": { "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } }, "executable": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } }, @@ -90,71 +38,51 @@ "fields": { "keyword": { "type": "keyword" - }, - "security": { - "type": "text", - "analyzer": "es_security_analyzer" } }, "ignore_above": 1024, "type": "keyword" }, - "parent": { + "parent": { "properties": { "command_line": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "text": { "type": "match_only_text" }, - "keyword": { + "keyword": { "type": "keyword" } }, "type": "wildcard" }, - "entity_id": { + "entity_id": { "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } }, "executable": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } }, "ignore_above": 1024, "type": "keyword" } - } + } }, - "pe": { + "pe": { "properties": { "architecture": { "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } @@ -163,11 +91,7 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } @@ -176,11 +100,7 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } @@ -189,24 +109,16 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } }, - "original_file_name": { + "original_file_name": { "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } @@ -215,40 +127,32 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } } - } - }, - "pid": { + } + }, + "pid": { "type": "long", "fields": { "keyword": { "type": "keyword" } - } + } }, - "ppid": { + "ppid": { "type": "long", - "fields": { + "fields": { "keyword": { "type": "keyword" } - } + } }, - "working_directory": { + "working_directory": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } }, @@ -260,4 +164,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-rule-mappings.json b/salt/elasticsearch/templates/component/so/dtc-rule-mappings.json index 797f51a86..1a8f04670 100644 --- a/salt/elasticsearch/templates/component/so/dtc-rule-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-rule-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "rule": { @@ -52,10 +12,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -65,10 +21,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -79,4 +31,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-service-mappings.json b/salt/elasticsearch/templates/component/so/dtc-service-mappings.json index 0e82f6698..da60e5c4b 100644 --- a/salt/elasticsearch/templates/component/so/dtc-service-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-service-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "service": { @@ -52,10 +12,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -65,10 +21,6 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -79,4 +31,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-source-mappings.json b/salt/elasticsearch/templates/component/so/dtc-source-mappings.json index 7f372aec4..897e0bfe8 100644 --- a/salt/elasticsearch/templates/component/so/dtc-source-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-source-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "source": { @@ -54,21 +14,16 @@ "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { - "type": "keyword" - } + "keyword": { + "type": "keyword" + } } } } } - } - } + } + } } } } -} - +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-syslog-mappings.json b/salt/elasticsearch/templates/component/so/dtc-syslog-mappings.json index 332538e0d..b4aac31be 100644 --- a/salt/elasticsearch/templates/component/so/dtc-syslog-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-syslog-mappings.json @@ -4,70 +4,29 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "syslog": { "properties": { - "facility": { + "facility": { "type": "long", - "fields": { - "keyword": { - "type": "keyword" - } - } + "fields": { + "keyword": { + "type": "keyword" + } + } }, - "priority": { + "priority": { "type": "long", - "fields": { + "fields": { "keyword": { "type": "keyword" } } } - } - } + } + } } } } -} - +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-user-mappings.json b/salt/elasticsearch/templates/component/so/dtc-user-mappings.json index f247e943f..31bca8132 100644 --- a/salt/elasticsearch/templates/component/so/dtc-user-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-user-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "user": { @@ -57,4 +17,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json b/salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json index ec5a58e3a..6e0a19f05 100644 --- a/salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-user_agent-mappings.json @@ -4,56 +4,12 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "user_agent": { "properties": { "original": { "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, "keyword": { "type": "keyword" } @@ -66,4 +22,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/dtc-winlog-mappings.json b/salt/elasticsearch/templates/component/so/dtc-winlog-mappings.json index 09c157c1e..3a6b7a90b 100644 --- a/salt/elasticsearch/templates/component/so/dtc-winlog-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-winlog-mappings.json @@ -4,80 +4,31 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "winlog": { "properties": { - "event_id": { + "event_id": { "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } }, - "record_id": { + "record_id": { "ignore_above": 1024, "type": "keyword", "fields": { - "security": { - "type": "text", - "analyzer": "es_security_analyzer" - }, - "keyword": { + "keyword": { "type": "keyword" } } } - } - } + } + } } } } -} - +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/endgame-mappings.json b/salt/elasticsearch/templates/component/so/endgame-mappings.json index 6a8adfa5d..a5236a60c 100644 --- a/salt/elasticsearch/templates/component/so/endgame-mappings.json +++ b/salt/elasticsearch/templates/component/so/endgame-mappings.json @@ -1,45 +1,5 @@ { "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "endgame": { @@ -90,4 +50,4 @@ "_meta": { "ecs_version": "1.12.2" } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/pb-override-destination-mappings.json b/salt/elasticsearch/templates/component/so/pb-override-destination-mappings.json index 68f69500d..a22dbdc2f 100644 --- a/salt/elasticsearch/templates/component/so/pb-override-destination-mappings.json +++ b/salt/elasticsearch/templates/component/so/pb-override-destination-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "destination": { @@ -69,4 +29,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/pb-override-source-mappings.json b/salt/elasticsearch/templates/component/so/pb-override-source-mappings.json index 947daf0b7..15fbc8850 100644 --- a/salt/elasticsearch/templates/component/so/pb-override-source-mappings.json +++ b/salt/elasticsearch/templates/component/so/pb-override-source-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "source": { @@ -69,4 +29,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/so-file-mappings.json b/salt/elasticsearch/templates/component/so/so-file-mappings.json index 3f1188234..3713f085f 100644 --- a/salt/elasticsearch/templates/component/so/so-file-mappings.json +++ b/salt/elasticsearch/templates/component/so/so-file-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "file": { @@ -66,4 +26,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/so-rule-mappings.json b/salt/elasticsearch/templates/component/so/so-rule-mappings.json index 3e792f17b..3e0f7b5d8 100644 --- a/salt/elasticsearch/templates/component/so/so-rule-mappings.json +++ b/salt/elasticsearch/templates/component/so/so-rule-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "rule": { @@ -56,4 +16,4 @@ } } } -} +} \ No newline at end of file diff --git a/salt/elasticsearch/templates/component/so/so-scan-mappings.json b/salt/elasticsearch/templates/component/so/so-scan-mappings.json index 87c959bfc..60dc5b928 100644 --- a/salt/elasticsearch/templates/component/so/so-scan-mappings.json +++ b/salt/elasticsearch/templates/component/so/so-scan-mappings.json @@ -4,46 +4,6 @@ "ecs_version": "1.12.2" }, "template": { - "settings": { - "analysis": { - "analyzer": { - "es_security_analyzer": { - "type": "custom", - "char_filter": [ - "whitespace_no_way" - ], - "filter": [ - "lowercase", - "trim" - ], - "tokenizer": "keyword" - } - }, - "char_filter": { - "whitespace_no_way": { - "type": "pattern_replace", - "pattern": "(\\s)+", - "replacement": "$1" - } - }, - "filter": { - "path_hierarchy_pattern_filter": { - "type": "pattern_capture", - "preserve_original": true, - "patterns": [ - "((?:[^\\\\]*\\\\)*)(.*)", - "((?:[^/]*/)*)(.*)" - ] - } - }, - "tokenizer": { - "path_tokenizer": { - "type": "path_hierarchy", - "delimiter": "\\" - } - } - } - }, "mappings": { "properties": { "scan": { @@ -62,8 +22,8 @@ } } } - }, - "elf": { + }, + "elf": { "properties": { "sections": { "properties": { @@ -73,29 +33,10 @@ } } } - } + } } } } } } -} - - - - - - - - - - - - - - - - - - - +} \ No newline at end of file