From 08097fe9ec2fcb7563be4f97438fd8e7eeb4b074 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Fri, 25 Feb 2022 17:58:51 +0000 Subject: [PATCH 1/2] Add Playbook override mappings --- salt/elasticsearch/defaults.yaml | 98 +++++++++++++++++++ .../pb-override-destination-mappings.json | 30 ++++++ .../pb-override-source-mappings.json | 31 ++++++ 3 files changed, 159 insertions(+) create mode 100644 salt/elasticsearch/pb-override-destination-mappings.json create mode 100644 salt/elasticsearch/pb-override-source-mappings.json diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index d3b915a15..b9986d051 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -102,6 +102,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -135,6 +136,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -184,6 +186,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -217,6 +220,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -265,6 +269,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -298,6 +303,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -346,6 +352,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -379,6 +386,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -428,6 +436,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -461,6 +470,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -536,6 +546,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -569,6 +580,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -615,6 +627,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -648,6 +661,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -694,6 +708,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -727,6 +742,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -775,6 +791,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -808,6 +825,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -855,6 +873,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -888,6 +907,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -933,6 +953,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -966,6 +987,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1011,6 +1033,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1045,6 +1068,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1090,6 +1114,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1124,6 +1149,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1170,6 +1196,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1203,6 +1230,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1248,6 +1276,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1281,6 +1310,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1326,6 +1356,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1359,6 +1390,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1404,6 +1436,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1438,6 +1471,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1483,6 +1517,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1517,6 +1552,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1562,6 +1598,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1596,6 +1633,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1642,6 +1680,7 @@ elasticsearch: - client-mappings - container-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1673,6 +1712,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - url-mappings @@ -1716,6 +1756,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1749,6 +1790,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - suricata-mappings - threat-mappings - tls-mappings @@ -1795,6 +1837,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1828,6 +1871,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1873,6 +1917,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1906,6 +1951,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -1952,6 +1998,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -1985,6 +2032,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2031,6 +2079,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2065,6 +2114,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2110,6 +2160,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2144,6 +2195,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2190,6 +2242,7 @@ elasticsearch: - client-mappings - container-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2221,6 +2274,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - url-mappings @@ -2264,6 +2318,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2298,6 +2353,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2343,6 +2399,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2377,6 +2434,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2422,6 +2480,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2456,6 +2515,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2501,6 +2561,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2535,6 +2596,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2580,6 +2642,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2613,6 +2676,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2658,6 +2722,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2692,6 +2757,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2737,6 +2803,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2771,6 +2838,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2816,6 +2884,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2849,6 +2918,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2895,6 +2965,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -2928,6 +2999,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -2974,6 +3046,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3007,6 +3080,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3052,6 +3126,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3085,6 +3160,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3130,6 +3206,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3164,6 +3241,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3209,6 +3287,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3242,6 +3321,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3287,6 +3367,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3321,6 +3402,7 @@ elasticsearch: - dtc-service-mappings - snyk-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3366,6 +3448,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3399,6 +3482,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3444,6 +3528,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3478,6 +3563,7 @@ elasticsearch: - dtc-service-mappings - sophos-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3523,6 +3609,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3556,6 +3643,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3601,6 +3689,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3636,6 +3725,7 @@ elasticsearch: - dtc-service-mappings - so-scan-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3681,6 +3771,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3714,6 +3805,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - syslog-mappings - threat-mappings - tls-mappings @@ -3760,6 +3852,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3793,6 +3886,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3838,6 +3932,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3871,6 +3966,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings @@ -3917,6 +4013,7 @@ elasticsearch: - container-mappings - data_stream-mappings - destination-mappings + - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings @@ -3950,6 +4047,7 @@ elasticsearch: - service-mappings - dtc-service-mappings - source-mappings + - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings diff --git a/salt/elasticsearch/pb-override-destination-mappings.json b/salt/elasticsearch/pb-override-destination-mappings.json new file mode 100644 index 000000000..6314f5e2d --- /dev/null +++ b/salt/elasticsearch/pb-override-destination-mappings.json @@ -0,0 +1,30 @@ +{ + "_meta": { + "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-destination.html", + "ecs_version": "1.12.2" + }, + "template": { + "mappings": { + "properties": { + "destination": { + "ip": { + "type": "ip", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "port": { + "type": "long", + "fields": { + "keyword": { + "type": "keyword" + } + } + } + } + } + } + } +} diff --git a/salt/elasticsearch/pb-override-source-mappings.json b/salt/elasticsearch/pb-override-source-mappings.json new file mode 100644 index 000000000..e7c4fbc62 --- /dev/null +++ b/salt/elasticsearch/pb-override-source-mappings.json @@ -0,0 +1,31 @@ +{ + "_meta": { + "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-source.html", + "ecs_version": "1.12.2" + }, + "template": { + "mappings": { + "properties": { + "source": { + "ip": { + "type": "ip", + "fields": { + "keyword": { + "type": "keyword" + } + } + }, + "port": { + "type": "long", + "fields": { + "keyword": { + "type": "keyword" + } + } + } + } + } + } + } +} + From a8bdff89ae1477ae94ab08ebeea9ff0efcca0d32 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Fri, 25 Feb 2022 18:00:16 +0000 Subject: [PATCH 2/2] Move files into SO component template directory --- .../component/so}/pb-override-destination-mappings.json | 0 .../{ => templates/component/so}/pb-override-source-mappings.json | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename salt/elasticsearch/{ => templates/component/so}/pb-override-destination-mappings.json (100%) rename salt/elasticsearch/{ => templates/component/so}/pb-override-source-mappings.json (100%) diff --git a/salt/elasticsearch/pb-override-destination-mappings.json b/salt/elasticsearch/templates/component/so/pb-override-destination-mappings.json similarity index 100% rename from salt/elasticsearch/pb-override-destination-mappings.json rename to salt/elasticsearch/templates/component/so/pb-override-destination-mappings.json diff --git a/salt/elasticsearch/pb-override-source-mappings.json b/salt/elasticsearch/templates/component/so/pb-override-source-mappings.json similarity index 100% rename from salt/elasticsearch/pb-override-source-mappings.json rename to salt/elasticsearch/templates/component/so/pb-override-source-mappings.json