Merge pull request #12250 from Security-Onion-Solutions/fix/scan_pe_flags

Fix PE Flags

salt/elasticsearch/files/ingest/strelka.file

@@ -67,6 +67,7 @@
     { "set":         { "if": "ctx.scan?.pe?.image_version == '0'",   "field": "scan.pe.image_version", "value": "0.0", "override": true }  },
     { "set":         { "field": "observer.name",        "value": "{{agent.name}}" }},
     { "convert" :    { "field" : "scan.exiftool","type": "string", "ignore_missing":true }},
+    { "convert" :    { "field" : "scan.pe.flags","type": "string", "ignore_missing":true }},
     { "remove":      { "field": ["host", "path", "message", "exiftool", "scan.yara.meta"],                                         "ignore_missing": true  } },
     { "pipeline":    { "name": "common"                                                                                   } }
   ]

salt/elasticsearch/templates/component/so/so-scan-mappings.json

@@ -14,15 +14,18 @@
             },
             "pe": {
               "properties": {
+                "flags": {
+                  "type": "text"
+                },
+		"image_version": {
+                  "type": "float"
+                },
 		"sections": {
                   "properties": {
                     "entropy": {
                       "type": "float"
                     }
                   }
-                },
-		"image_version": {
-	          "type": "float"
                 }
               }
             },