Fix EG template and mappings

salt/elasticsearch/templates/component/so/endgame-mappings.json

@@ -0,0 +1,53 @@
+    {
+        "template": {
+          "mappings": {
+            "properties": {
+              "endgame": {
+        	"dynamic": false,
+                "properties": {
+                  "data": {
+                    "properties": {
+              	      "malware_classification": {
+                        "properties": {
+                  	  "identifier": {
+                    	    "ignore_above": 1024,
+                    	    "type": "keyword"
+                          }
+                        }
+              	      },
+                      "quarantine_result": {
+                        "properties": {
+                          "local_msg": {
+                            "ignore_above": 1024,
+                            "type": "keyword"
+                  	  }
+                        }
+                      }
+            	    }
+          	  },
+          	  "event_subtype_full": {
+            	    "ignore_above": 1024,
+            	    "type": "keyword"
+          	  },
+          	  "event_type_full": {
+            	    "ignore_above": 1024,
+            	    "type": "keyword"
+          	  },
+          	  "metadata": {
+            	    "properties": {
+              	      "type": {
+                        "ignore_above": 1024,
+                	"type": "keyword"
+              	      }
+                    }
+          	  }
+        	},
+        	"type": "object"
+              }
+            }
+          }
+        },
+        "_meta": {
+          "ecs_version": "1.12.2"
+        }
+}