mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #6921 from Security-Onion-Solutions/kilo
remove unused fields object from related case schema
This commit is contained in:
Jason Ertel
GitHub
@@ -36,11 +36,11 @@
|
|||||||
"@timestamp": {
|
"@timestamp": {
|
||||||
"type": "date"
|
"type": "date"
|
||||||
},
|
},
|
||||||
"kind": {
|
"so_kind": {
|
||||||
"type": "keyword",
|
"type": "keyword",
|
||||||
"ignore_above": 1024
|
"ignore_above": 1024
|
||||||
},
|
},
|
||||||
"operation": {
|
"so_operation": {
|
||||||
"type": "keyword",
|
"type": "keyword",
|
||||||
"ignore_above": 1024
|
"ignore_above": 1024
|
||||||
},
|
},
|
||||||
@@ -48,7 +48,7 @@
|
|||||||
"type": "keyword",
|
"type": "keyword",
|
||||||
"ignore_above": 1024
|
"ignore_above": 1024
|
||||||
},
|
},
|
||||||
"artifact": {
|
"so_artifact": {
|
||||||
"properties": {
|
"properties": {
|
||||||
"artifactType": {
|
"artifactType": {
|
||||||
"type": "keyword",
|
"type": "keyword",
|
||||||
@@ -121,7 +121,7 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"artifactstream": {
|
"so_artifactstream": {
|
||||||
"properties": {
|
"properties": {
|
||||||
"content": {
|
"content": {
|
||||||
"type": "text"
|
"type": "text"
|
||||||
@@ -135,7 +135,7 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"case": {
|
"so_case": {
|
||||||
"properties": {
|
"properties": {
|
||||||
"assigneeId": {
|
"assigneeId": {
|
||||||
"type": "keyword",
|
"type": "keyword",
|
||||||
@@ -193,7 +193,7 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"comment": {
|
"so_comment": {
|
||||||
"properties": {
|
"properties": {
|
||||||
"caseId": {
|
"caseId": {
|
||||||
"type": "keyword",
|
"type": "keyword",
|
||||||
@@ -211,7 +211,7 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"related": {
|
"so_related": {
|
||||||
"properties": {
|
"properties": {
|
||||||
"caseId": {
|
"caseId": {
|
||||||
"type": "keyword",
|
"type": "keyword",
|
||||||
@@ -220,56 +220,6 @@
|
|||||||
"createTime": {
|
"createTime": {
|
||||||
"type": "date"
|
"type": "date"
|
||||||
},
|
},
|
||||||
"fields": {
|
|
||||||
"properties": {
|
|
||||||
"@timestamp": {
|
|
||||||
"type": "date"
|
|
||||||
},
|
|
||||||
"event": {
|
|
||||||
"properties": {
|
|
||||||
"dataset": {
|
|
||||||
"type": "keyword",
|
|
||||||
"ignore_above": 1024
|
|
||||||
},
|
|
||||||
"module": {
|
|
||||||
"type": "keyword",
|
|
||||||
"ignore_above": 1024
|
|
||||||
},
|
|
||||||
"category": {
|
|
||||||
"type": "keyword",
|
|
||||||
"ignore_above": 1024
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"message": {
|
|
||||||
"type": "text"
|
|
||||||
},
|
|
||||||
"scan":{
|
|
||||||
"type":"object",
|
|
||||||
"dynamic": true,
|
|
||||||
"properties":{
|
|
||||||
"exiftool":{
|
|
||||||
"type":"text"
|
|
||||||
},
|
|
||||||
"pe":{
|
|
||||||
"properties":{
|
|
||||||
"sections":{
|
|
||||||
"properties":{
|
|
||||||
"entropy":{
|
|
||||||
"type": "float"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"tags": {
|
|
||||||
"type": "keyword",
|
|
||||||
"ignore_above": 1024
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"userId": {
|
"userId": {
|
||||||
"type": "keyword",
|
"type": "keyword",
|
||||||
"ignore_above": 1024
|
"ignore_above": 1024
|
||||||
|
|||||||
@@ -1,3 +1,3 @@
|
|||||||
{
|
{
|
||||||
"default": ["soc_timestamp", "case.title", "case.status", "case.severity", "case.createTime"]
|
"default": ["soc_timestamp", "so_case.title", "so_case.status", "so_case.severity", "so_case.createTime"]
|
||||||
}
|
}
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
[
|
[
|
||||||
{ "name": "Open Cases", "query": "NOT case.status:closed AND NOT case.category:template" },
|
{ "name": "Open Cases", "query": "NOT so_case.status:closed AND NOT so_case.category:template" },
|
||||||
{ "name": "Closed Cases", "query": "case.status:closed AND NOT case.category:template" },
|
{ "name": "Closed Cases", "query": "so_case.status:closed AND NOT so_case.category:template" },
|
||||||
{ "name": "My Open Cases", "query": "NOT case.status:closed AND NOT case.category:template AND case.assigneeId:{myId}" },
|
{ "name": "My Open Cases", "query": "NOT so_case.status:closed AND NOT so_case.category:template AND so_case.assigneeId:{myId}" },
|
||||||
{ "name": "My Closed Cases", "query": "case.status:closed AND NOT case.category:template AND case.assigneeId:{myId}" },
|
{ "name": "My Closed Cases", "query": "so_case.status:closed AND NOT so_case.category:template AND so_case.assigneeId:{myId}" },
|
||||||
{ "name": "Templates", "query": "case.category:template" }
|
{ "name": "Templates", "query": "so_case.category:template" }
|
||||||
]
|
]
|
||||||
@@ -211,7 +211,7 @@
|
|||||||
"viewEnabled": true,
|
"viewEnabled": true,
|
||||||
"createLink": "/case/create",
|
"createLink": "/case/create",
|
||||||
"eventFields": {{ cases_eventfields | json }},
|
"eventFields": {{ cases_eventfields | json }},
|
||||||
"queryBaseFilter": "_index:\"*:so-case\" AND kind:case",
|
"queryBaseFilter": "_index:\"*:so-case\" AND so_kind:case",
|
||||||
"queryToggleFilters": [
|
"queryToggleFilters": [
|
||||||
],
|
],
|
||||||
"queries": {{ cases_queries | json }},
|
"queries": {{ cases_queries | json }},
|
||||||
|
|||||||
Reference in New Issue
Block a user