From bd114eb1c479ebf1c47c8fb2ac590788173d4538 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Tue, 3 Jan 2023 16:01:35 +0000
Subject: [PATCH] Update RITA beacon parsing

---
 salt/elasticsearch/files/ingest/rita.beacon | 107 +++++++-------------
 1 file changed, 36 insertions(+), 71 deletions(-)

diff --git a/salt/elasticsearch/files/ingest/rita.beacon b/salt/elasticsearch/files/ingest/rita.beacon
index ab53be763..2c6138262 100644
--- a/salt/elasticsearch/files/ingest/rita.beacon
+++ b/salt/elasticsearch/files/ingest/rita.beacon
@@ -17,98 +17,63 @@
           "destination.ip",
           "network.connections",
           "network.average_bytes",
-          "beacon.interval.range",
-          "beacon.size.range",
-          "beacon.interval.top",
-          "beacon.size.top",
-          "beacon.interval.top_count",
-          "beacon.size.top_count",
-          "beacon.interval.skew",
-          "beacon.size.skew",
-          "beacon.interval.dispersion",
-          "beacon.size.dispersion",
-          "network.bytes"
+          "network.bytes",
+          "beacon.ts_score",
+          "beacon.ds_score",
+          "beacon.duration_score",
+          "beacon.historical_score",
+          "beacon.interval.top"
         ]
       }
     },
+    {
+      "convert": {
+        "field": "beacon.ds_score",
+        "type": "float"
+      }
+    },
+    {
+      "convert": {
+        "field": "beacon.duration_score",
+        "type": "float"
+      }
+    },
+    {
+      "convert": {
+        "field": "beacon.historical_score",
+        "type": "float"
+      }
+    },
     {
       "convert": {
         "field": "beacon.score",
         "type": "float"
       }
     },
+    {
+      "convert": {
+        "field": "beacon.ts_score",
+        "type": "float"
+      }
+    },
+    {
+      "convert": {
+        "field": "network.average_bytes",
+        "type": "float"
+      }
+    },
     {
       "convert": {
         "field": "network.connections",
         "type": "integer"
       }
     },
-    {
-      "convert": {
-        "field": "network.average_bytes",
-        "type": "integer"
-      }
-    },
-    {
-      "convert": {
-        "field": "beacon.interval.range",
-        "type": "integer"
-      }
-    },
-    {
-      "convert": {
-        "field": "beacon.size.range",
-        "type": "integer"
-      }
-    },
     {
       "convert": {
         "field": "beacon.interval.top",
         "type": "integer"
       }
     },
-    {
-      "convert": {
-        "field": "beacon.size.top",
-        "type": "integer"
-      }
-    },
-    {
-      "convert": {
-        "field": "beacon.interval.top_count",
-        "type": "integer"
-      }
-    },
-    {
-      "convert": {
-        "field": "beacon.size.top_count",
-        "type": "integer"
-      }
-    },
-    {
-      "convert": {
-        "field": "beacon.interval.skew",
-        "type": "float"
-      }
-    },
-    {
-      "convert": {
-        "field": "beacon.size.skew",
-        "type": "float"
-      }
-    },
-    {
-      "convert": {
-        "field": "beacon.interval.dispersion",
-        "type": "integer"
-      }
-    },
-    {
-      "convert": {
-        "field": "beacon.size.dispersion",
-        "type": "integer"
-      }
-    },
     {
       "convert": {
         "field": "network.bytes",