diff --git a/salt/elasticsearch/templates/component/so/endgame-mappings.json b/salt/elasticsearch/templates/component/so/endgame-mappings.json new file mode 100644 index 000000000..d32fb962d --- /dev/null +++ b/salt/elasticsearch/templates/component/so/endgame-mappings.json @@ -0,0 +1,53 @@ + { + "template": { + "mappings": { + "properties": { + "endgame": { + "dynamic": false, + "properties": { + "data": { + "properties": { + "malware_classification": { + "properties": { + "identifier": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "quarantine_result": { + "properties": { + "local_msg": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "event_subtype_full": { + "ignore_above": 1024, + "type": "keyword" + }, + "event_type_full": { + "ignore_above": 1024, + "type": "keyword" + }, + "metadata": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + }, + "type": "object" + } + } + } + }, + "_meta": { + "ecs_version": "1.12.2" + } +} diff --git a/salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja b/salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja index 055f4628e..6c8c86757 100644 --- a/salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja +++ b/salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja @@ -6,7 +6,7 @@ {%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-endgame:field_limit', 3000) %} { "index_patterns": [ - "so-endgame*" + "endgame*" ], "template": { "mappings": { @@ -55,7 +55,8 @@ "dtc-dns-mappings", "ecs-mappings", "dtc-ecs-mappings", - "error-mappings", + "endgame-mappings", + "error-mappings", "event-mappings", "dtc-event-mappings", "dtc-file-mappings",