CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix EG template and mappings

Browse Source
This commit is contained in:
Wes Lambert
2022-02-04 16:00:16 +00:00
parent 1af63edc6b
commit f3902cf77d
2 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
salt/elasticsearch/templates/component/so/endgame-mappings.json Normal file
View File

@@ -0,0 +1,53 @@
{
"template": {
"mappings": {
"properties": {
"endgame": {
"dynamic": false,
"properties": {
"data": {
"properties": {
"malware_classification": {
"properties": {
"identifier": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"quarantine_result": {
"properties": {
"local_msg": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"event_subtype_full": {
"ignore_above": 1024,
"type": "keyword"
},
"event_type_full": {
"ignore_above": 1024,
"type": "keyword"
},
"metadata": {
"properties": {
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
},
"type": "object"
}
}
}
},
"_meta": {
"ecs_version": "1.12.2"
}
}

5
salt/elasticsearch/templates/index/so/so-endgame-template.json.jinja
View File

@@ -6,7 +6,7 @@
{%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-endgame:field_limit', 3000) %} {%- set FIELD_LIMIT = salt['pillar.get']('elasticsearch:index_settings:so-endgame:field_limit', 3000) %}
{ {
"index_patterns": [ "index_patterns": [
"so-endgame*" "endgame*"
], ],
"template": { "template": {
"mappings": { "mappings": {
@@ -55,7 +55,8 @@
"dtc-dns-mappings", "dtc-dns-mappings",
"ecs-mappings", "ecs-mappings",
"dtc-ecs-mappings", "dtc-ecs-mappings",
"error-mappings", "endgame-mappings",
"error-mappings",
"event-mappings", "event-mappings",
"dtc-event-mappings", "dtc-event-mappings",
"dtc-file-mappings", "dtc-file-mappings",