From af9daa4d716838668a785c781483c2016c1a192e Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Thu, 15 Oct 2020 12:42:33 +0000
Subject: [PATCH] Intel mapping enforcement and winlog.verion

---
 .../templates/so/so-common-template.json        | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json
index cc4c4595b..7db65f62c 100644
--- a/salt/elasticsearch/templates/so/so-common-template.json
+++ b/salt/elasticsearch/templates/so/so-common-template.json
@@ -253,6 +253,20 @@
           "type":"object",
           "dynamic": true
         },
+        "intel":{
+          "type":"object",
+          "dynamic": true,
+          "properties":{
+            "indicator":{
+              "type":"text",
+              "fields":{
+                "keyword":{
+                  "type":"keyword"
+                }
+              }
+            }
+          } 
+        },
         "interface":{
           "type":"object",
           "dynamic": true
@@ -474,6 +488,9 @@
             },
             "event_data":{
               "type":"object"
+            },
+            "version":{
+              "type":"long"
             }
         }
       },