CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6780 from Security-Onion-Solutions/feature/datatype_compliance

Browse Source 
Initial commit for data type compliance
This commit is contained in:
weslambert
2022-01-06 16:38:17 -05:00
committed by GitHub
parent ca4aaae47c b60837e71a
commit a7e7566532
1 changed files with 350 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

369
salt/elasticsearch/templates/so/so-common-template.json.jinja
View File

@@ -165,9 +165,56 @@
} }
} }
}, },
"agent":{ "agent": {
"type":"object", "type":"object",
"dynamic": true "dynamic": true,
"properties": {
"ephemeral_id": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"id": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"name": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"version": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}, },
"as":{ "as":{
"type":"object", "type":"object",
@@ -225,17 +272,155 @@
"type":"object", "type":"object",
"dynamic": true "dynamic": true
}, },
"ecs":{ "ecs": {
"type":"object", "properties": {
"dynamic": true "version": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}, },
"error":{ "error":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true
}, },
"event":{ "event": {
"type":"object", "properties": {
"dynamic": true "action": {
"ignore_above": 1024,
"type": "keyword"
},
"category": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"code": {
"ignore_above": 1024,
"type": "keyword"
},
"created": {
"type": "date",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"dataset": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"duration": {
"type": "long"
},
"end": {
"type": "date"
},
"hash": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"ingested": {
"type": "date",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"kind": {
"ignore_above": 1024,
"type": "keyword"
},
"module": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"original": {
"doc_values": false,
"ignore_above": 1024,
"index": false,
"type": "keyword"
},
"outcome": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"provider": {
"ignore_above": 1024,
"type": "keyword"
},
"reference": {
"ignore_above": 1024,
"type": "keyword"
},
"risk_score": {
"type": "float"
},
"risk_score_norm": {
"type": "float"
},
"sequence": {
"type": "long"
},
"severity": {
"type": "long"
},
"start": {
"type": "date"
},
"timezone": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"url": {
"ignore_above": 1024,
"type": "keyword"
}
}
}, },
"event_data":{ "event_data":{
"type":"object", "type":"object",
@@ -267,11 +452,97 @@
}, },
"host":{ "host":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true,
"properties": {
"name": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}, },
"http":{ "http":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true,
"properties": {
"request": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
},
"content": {
"fields": {
"text": {
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
},
"bytes": {
"type": "long"
},
"method": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"referrer": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
},
"response": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
},
"content": {
"fields": {
"text": {
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
},
"bytes": {
"type": "long"
},
"status_code": {
"type": "long"
}
}
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
}, },
"import":{ "import":{
"type":"object", "type":"object",
@@ -318,7 +589,18 @@
}, },
"log":{ "log":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true,
"properties": {
"level": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}, },
"logscan": { "logscan": {
"type": "object", "type": "object",
@@ -436,7 +718,27 @@
}, },
"service":{ "service":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true,
"properties": {
"type": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"name": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}, },
"sip":{ "sip":{
"type":"object", "type":"object",
@@ -462,9 +764,20 @@
"type":"object", "type":"object",
"dynamic": true "dynamic": true
}, },
"source":{ "source":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true,
"properties" : {
"address": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
}, },
"ssh":{ "ssh":{
"type":"object", "type":"object",
@@ -478,11 +791,12 @@
"type":"object", "type":"object",
"dynamic": true "dynamic": true
}, },
"tags":{ "tags": {
"type":"text", "ignore_above": 1024,
"fields":{ "type": "keyword",
"keyword":{ "fields": {
"type":"keyword" "keyword": {
"type": "keyword"
} }
} }
}, },
@@ -508,7 +822,22 @@
}, },
"user_agent":{ "user_agent":{
"type":"object", "type":"object",
"dynamic": true "dynamic": true,
"properties": {
"original": {
"fields": {
"keyword": {
"type": "keyword"
},
"text": {
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
}, },
"version":{ "version":{
"type":"object", "type":"object",