Merge pull request #7119 from Security-Onion-Solutions/feature/dtc_additional

Add additional scan and rule fileset mappings
2025-12-07 17:52:46 +01:00 · 2022-02-04 14:14:20 -05:00
parent 08c7181f1a 317f6471d8
commit d0b54a3a34
2 changed files with 50 additions and 0 deletions
--- a/salt/elasticsearch/templates/component/so/so-rule-mappings.json
+++ b/salt/elasticsearch/templates/component/so/so-rule-mappings.json
@@ -0,0 +1,19 @@
+{
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-file.html",
+    "ecs_version": "1.12.2"
+  },
+  "template": {
+    "mappings": {
+      "properties": {
+        "rule":{
+  	  "properties":{
+    	    "score":{
+      	      "type":"long"
+    	    }
+  	  }
+	}
+      }
+    }
+  }
+}
--- a/salt/elasticsearch/templates/component/so/so-scan-mappings.json
+++ b/salt/elasticsearch/templates/component/so/so-scan-mappings.json
@@ -0,0 +1,31 @@
+{
+  "_meta": {
+    "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-file.html",
+    "ecs_version": "1.12.2"
+  },
+  "template": {
+    "mappings": {
+      "properties": {
+        "scan":{
+  	  "type":"object",
+  	  "properties":{
+    	    "exiftool":{
+      	      "type":"text"
+    	    },
+    	    "pe":{
+              "properties":{
+                "sections":{
+                  "properties":{
+                    "entropy":{
+                      "type": "float"
+            	    }
+          	  }
+        	}
+      	      }
+    	    }
+  	  }
+	}
+      }
+    }
+  }
+}