CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Switch from .security to match_only_text

Browse Source
This commit is contained in:
Wes Lambert
2022-02-22 20:33:49 +00:00
parent 5b46d19b13
commit f7862af934
62 changed files with 19298 additions and 3289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
salt/elasticsearch/templates/component/ecs/agent.json
View File

@@ -12,29 +12,59 @@
"properties": { "properties": {
"original": { "original": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"ephemeral_id": { "ephemeral_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

581
salt/elasticsearch/templates/component/ecs/aws.json
View File

@@ -22,7 +22,12 @@
}, },
"api_version": { "api_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"console_login": { "console_login": {
"properties": { "properties": {
@@ -30,7 +35,12 @@
"properties": { "properties": {
"login_to": { "login_to": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mfa_used": { "mfa_used": {
"type": "boolean" "type": "boolean"
@@ -58,27 +68,57 @@
}, },
"previous_hash_algorithm": { "previous_hash_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"previous_s3_bucket": { "previous_s3_bucket": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"public_key_fingerprint": { "public_key_fingerprint": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"s3_bucket": { "s3_bucket": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"s3_object": { "s3_object": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"signature_algorithm": { "signature_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"start_time": { "start_time": {
"type": "date" "type": "date"
@@ -87,23 +127,48 @@
}, },
"error_code": { "error_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"error_message": { "error_message": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_category": { "event_category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_type": { "event_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_version": { "event_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"flattened": { "flattened": {
"properties": { "properties": {
@@ -126,19 +191,39 @@
}, },
"management_event": { "management_event": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"read_only": { "read_only": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"recipient_account_id": { "recipient_account_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"request_id": { "request_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"request_parameters": { "request_parameters": {
"fields": { "fields": {
@@ -154,15 +239,30 @@
"properties": { "properties": {
"account_id": { "account_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"arn": { "arn": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -188,21 +288,41 @@
}, },
"shared_event_id": { "shared_event_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"user_identity": { "user_identity": {
"properties": { "properties": {
"access_key_id": { "access_key_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"arn": { "arn": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"invoked_by": { "invoked_by": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"session_context": { "session_context": {
"properties": { "properties": {
@@ -211,25 +331,50 @@
}, },
"mfa_authenticated": { "mfa_authenticated": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"session_issuer": { "session_issuer": {
"properties": { "properties": {
"account_id": { "account_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"arn": { "arn": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"principal_id": { "principal_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -237,13 +382,23 @@
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"vpc_endpoint_id": { "vpc_endpoint_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -259,7 +414,12 @@
"properties": { "properties": {
"ip_address": { "ip_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -267,7 +427,12 @@
"properties": { "properties": {
"action_executed": { "action_executed": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"backend": { "backend": {
"properties": { "properties": {
@@ -277,7 +442,12 @@
"properties": { "properties": {
"status_code": { "status_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -285,11 +455,21 @@
}, },
"ip": { "ip": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"port": { "port": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -304,21 +484,41 @@
"properties": { "properties": {
"arn": { "arn": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"serial": { "serial": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"classification": { "classification": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"classification_reason": { "classification_reason": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"connection_time": { "connection_time": {
"properties": { "properties": {
@@ -331,33 +531,68 @@
"properties": { "properties": {
"reason": { "reason": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"incoming_tls_alert": { "incoming_tls_alert": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"listener": { "listener": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"matched_rule_priority": { "matched_rule_priority": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"protocol": { "protocol": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"redirect_url": { "redirect_url": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"request_processing_time": { "request_processing_time": {
"properties": { "properties": {
@@ -375,27 +610,52 @@
}, },
"ssl_cipher": { "ssl_cipher": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ssl_protocol": { "ssl_protocol": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"target_group": { "target_group": {
"properties": { "properties": {
"arn": { "arn": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"target_port": { "target_port": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"target_status_code": { "target_status_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tls_handshake_time": { "tls_handshake_time": {
"properties": { "properties": {
@@ -406,15 +666,30 @@
}, },
"tls_named_group": { "tls_named_group": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"trace_id": { "trace_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -422,75 +697,150 @@
"properties": { "properties": {
"authentication_type": { "authentication_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"bucket": { "bucket": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"bucket_owner": { "bucket_owner": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"bytes_sent": { "bytes_sent": {
"type": "long" "type": "long"
}, },
"cipher_suite": { "cipher_suite": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"error_code": { "error_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"host_header": { "host_header": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"host_id": { "host_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"http_status": { "http_status": {
"type": "long" "type": "long"
}, },
"key": { "key": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"object_size": { "object_size": {
"type": "long" "type": "long"
}, },
"operation": { "operation": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"referrer": { "referrer": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"remote_ip": { "remote_ip": {
"type": "ip" "type": "ip"
}, },
"request_id": { "request_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"request_uri": { "request_uri": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"requester": { "requester": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"signature_version": { "signature_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tls_version": { "tls_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"total_time": { "total_time": {
"type": "long" "type": "long"
@@ -500,11 +850,21 @@
}, },
"user_agent": { "user_agent": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version_id": { "version_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -512,23 +872,48 @@
"properties": { "properties": {
"account_id": { "account_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"action": { "action": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"instance_id": { "instance_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"interface_id": { "interface_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"log_status": { "log_status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"pkt_dstaddr": { "pkt_dstaddr": {
"type": "ip" "type": "ip"
@@ -538,27 +923,57 @@
}, },
"subnet_id": { "subnet_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tcp_flags": { "tcp_flags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tcp_flags_array": { "tcp_flags_array": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"vpc_id": { "vpc_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

798
salt/elasticsearch/templates/component/ecs/azure.json
View File

File diff suppressed because it is too large Load Diff

7
salt/elasticsearch/templates/component/ecs/base.json
View File

@@ -17,7 +17,12 @@
}, },
"tags": { "tags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

1036
salt/elasticsearch/templates/component/ecs/cef.json
View File

File diff suppressed because it is too large Load Diff

2331
salt/elasticsearch/templates/component/ecs/checkpoint.json
View File

File diff suppressed because it is too large Load Diff

707
salt/elasticsearch/templates/component/ecs/cisco.json
View File

File diff suppressed because it is too large Load Diff

168
salt/elasticsearch/templates/component/ecs/client.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"address": { "address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"as": { "as": {
"properties": { "properties": {
@@ -37,52 +42,107 @@
}, },
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"geo": { "geo": {
"properties": { "properties": {
"city_name": { "city_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_code": { "continent_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_name": { "continent_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_iso_code": { "country_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_name": { "country_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"location": { "location": {
"type": "geo_point" "type": "geo_point"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"postal_code": { "postal_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_iso_code": { "region_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_name": { "region_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timezone": { "timezone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -91,7 +151,12 @@
}, },
"mac": { "mac": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"nat": { "nat": {
"properties": { "properties": {
@@ -111,25 +176,50 @@
}, },
"registered_domain": { "registered_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subdomain": { "subdomain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"top_level_domain": { "top_level_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"user": { "user": {
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -144,25 +234,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -175,7 +290,12 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

77
salt/elasticsearch/templates/component/ecs/cloud.json
View File

@@ -12,27 +12,52 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"availability_zone": { "availability_zone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"instance": { "instance": {
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -40,7 +65,12 @@
"properties": { "properties": {
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -48,27 +78,52 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"provider": { "provider": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region": { "region": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"service": { "service": {
"properties": { "properties": {
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

35
salt/elasticsearch/templates/component/ecs/container.json
View File

@@ -10,17 +10,32 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"image": { "image": {
"properties": { "properties": {
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tag": { "tag": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -29,11 +44,21 @@
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"runtime": { "runtime": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

434
salt/elasticsearch/templates/component/ecs/cyberark.json
View File

@@ -12,241 +12,511 @@
"properties": { "properties": {
"action": { "action": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ca_properties": { "ca_properties": {
"properties": { "properties": {
"address": { "address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cpm_disabled": { "cpm_disabled": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cpm_error_details": { "cpm_error_details": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cpm_status": { "cpm_status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"creation_method": { "creation_method": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"customer": { "customer": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"database": { "database": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"device_type": { "device_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"dual_account_status": { "dual_account_status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"group_name": { "group_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"in_process": { "in_process": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"index": { "index": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"last_fail_date": { "last_fail_date": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"last_success_change": { "last_success_change": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"last_success_reconciliation": { "last_success_reconciliation": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"last_success_verification": { "last_success_verification": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"last_task": { "last_task": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"logon_domain": { "logon_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"other": { "other": {
"type": "flattened" "type": "flattened"
}, },
"policy_id": { "policy_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"port": { "port": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"privcloud": { "privcloud": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"reset_immediately": { "reset_immediately": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"retries_count": { "retries_count": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sequence_id": { "sequence_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tags": { "tags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"user_dn": { "user_dn": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"user_name": { "user_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"virtual_username": { "virtual_username": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"category": { "category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"desc": { "desc": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"extra_details": { "extra_details": {
"properties": { "properties": {
"ad_process_id": { "ad_process_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ad_process_name": { "ad_process_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_type": { "application_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"command": { "command": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"connection_component_id": { "connection_component_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"dst_host": { "dst_host": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"logon_account": { "logon_account": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"managed_account": { "managed_account": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"other": { "other": {
"type": "flattened" "type": "flattened"
}, },
"process_id": { "process_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"process_name": { "process_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"protocol": { "protocol": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"psmid": { "psmid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"session_duration": { "session_duration": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"session_id": { "session_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"src_host": { "src_host": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"username": { "username": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"file": { "file": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"gateway_station": { "gateway_station": {
"type": "ip" "type": "ip"
}, },
"hostname": { "hostname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"iso_timestamp": { "iso_timestamp": {
"type": "date" "type": "date"
}, },
"issuer": { "issuer": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"location": { "location": {
"doc_values": false, "doc_values": false,
"ignore_above": 4096, "ignore_above": 4096,
"index": false, "index": false,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"message": { "message": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"message_id": { "message_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"product": { "product": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"pvwa_details": { "pvwa_details": {
"type": "flattened" "type": "flattened"
@@ -255,7 +525,12 @@
"doc_values": false, "doc_values": false,
"ignore_above": 4096, "ignore_above": 4096,
"index": false, "index": false,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"reason": { "reason": {
"norms": false, "norms": false,
@@ -266,34 +541,69 @@
}, },
"safe": { "safe": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"severity": { "severity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"source_user": { "source_user": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"station": { "station": {
"type": "ip" "type": "ip"
}, },
"target_user": { "target_user": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timestamp": { "timestamp": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"vendor": { "vendor": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

168
salt/elasticsearch/templates/component/ecs/destination.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"address": { "address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"as": { "as": {
"properties": { "properties": {
@@ -37,52 +42,107 @@
}, },
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"geo": { "geo": {
"properties": { "properties": {
"city_name": { "city_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_code": { "continent_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_name": { "continent_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_iso_code": { "country_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_name": { "country_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"location": { "location": {
"type": "geo_point" "type": "geo_point"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"postal_code": { "postal_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_iso_code": { "region_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_name": { "region_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timezone": { "timezone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -91,7 +151,12 @@
}, },
"mac": { "mac": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"nat": { "nat": {
"properties": { "properties": {
@@ -111,25 +176,50 @@
}, },
"registered_domain": { "registered_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subdomain": { "subdomain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"top_level_domain": { "top_level_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"user": { "user": {
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -144,25 +234,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -175,7 +290,12 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

133
salt/elasticsearch/templates/component/ecs/dll.json
View File

@@ -12,26 +12,51 @@
"properties": { "properties": {
"digest_algorithm": { "digest_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"exists": { "exists": {
"type": "boolean" "type": "boolean"
}, },
"signing_id": { "signing_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject_name": { "subject_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"team_id": { "team_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timestamp": { "timestamp": {
"type": "date" "type": "date"
@@ -48,63 +73,133 @@
"properties": { "properties": {
"md5": { "md5": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha1": { "sha1": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha256": { "sha256": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha512": { "sha512": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ssdeep": { "ssdeep": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"path": { "path": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"pe": { "pe": {
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"company": { "company": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"file_version": { "file_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"imphash": { "imphash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"original_file_name": { "original_file_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"product": { "product": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

105
salt/elasticsearch/templates/component/ecs/dns.json
View File

@@ -12,63 +12,128 @@
"properties": { "properties": {
"class": { "class": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"data": { "data": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ttl": { "ttl": {
"type": "long" "type": "long"
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
}, },
"type": "object" "type": "object"
}, },
"header_flags": { "header_flags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"op_code": { "op_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"question": { "question": {
"properties": { "properties": {
"class": { "class": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"registered_domain": { "registered_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subdomain": { "subdomain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"top_level_domain": { "top_level_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -77,11 +142,21 @@
}, },
"response_code": { "response_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

7
salt/elasticsearch/templates/component/ecs/ecs.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

7
salt/elasticsearch/templates/component/ecs/elasticsearch.json
View File

@@ -17,7 +17,12 @@
}, },
"tags": { "tags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

21
salt/elasticsearch/templates/component/ecs/error.json
View File

@@ -10,11 +10,21 @@
"properties": { "properties": {
"code": { "code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"message": { "message": {
"type": "match_only_text" "type": "match_only_text"
@@ -29,7 +39,12 @@
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

119
salt/elasticsearch/templates/component/ecs/event.json
View File

@@ -10,26 +10,51 @@
"properties": { "properties": {
"action": { "action": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"agent_id_status": { "agent_id_status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"category": { "category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"code": { "code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"created": { "created": {
"type": "date" "type": "date"
}, },
"dataset": { "dataset": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"duration": { "duration": {
"type": "long" "type": "long"
@@ -39,43 +64,88 @@
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ingested": { "ingested": {
"type": "date" "type": "date"
}, },
"kind": { "kind": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"module": { "module": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"original": { "original": {
"doc_values": false, "doc_values": false,
"index": false, "index": false,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"outcome": { "outcome": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"provider": { "provider": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"reason": { "reason": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"reference": { "reference": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"risk_score": { "risk_score": {
"type": "float" "type": "float"
@@ -94,15 +164,30 @@
}, },
"timezone": { "timezone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"url": { "url": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

490
salt/elasticsearch/templates/component/ecs/file.json
View File

@@ -13,32 +13,62 @@
}, },
"attributes": { "attributes": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"code_signature": { "code_signature": {
"properties": { "properties": {
"digest_algorithm": { "digest_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"exists": { "exists": {
"type": "boolean" "type": "boolean"
}, },
"signing_id": { "signing_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject_name": { "subject_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"team_id": { "team_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timestamp": { "timestamp": {
"type": "date" "type": "date"
@@ -59,29 +89,59 @@
}, },
"device": { "device": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"directory": { "directory": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"drive_letter": { "drive_letter": {
"ignore_above": 1, "ignore_above": 1,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"elf": { "elf": {
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"byte_order": { "byte_order": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cpu_type": { "cpu_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"creation_date": { "creation_date": {
"type": "date" "type": "date"
@@ -93,34 +153,69 @@
"properties": { "properties": {
"abi_version": { "abi_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"class": { "class": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"data": { "data": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"entrypoint": { "entrypoint": {
"type": "long" "type": "long"
}, },
"object_version": { "object_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"os_abi": { "os_abi": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -137,22 +232,42 @@
}, },
"flags": { "flags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"physical_offset": { "physical_offset": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"physical_size": { "physical_size": {
"type": "long" "type": "long"
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"virtual_address": { "virtual_address": {
"type": "long" "type": "long"
@@ -167,87 +282,177 @@
"properties": { "properties": {
"sections": { "sections": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
}, },
"type": "nested" "type": "nested"
}, },
"shared_libraries": { "shared_libraries": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"telfhash": { "telfhash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"extension": { "extension": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"fork_name": { "fork_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"gid": { "gid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"group": { "group": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"hash": { "hash": {
"properties": { "properties": {
"md5": { "md5": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha1": { "sha1": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha256": { "sha256": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha512": { "sha512": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ssdeep": { "ssdeep": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"inode": { "inode": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mime_type": { "mime_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mode": { "mode": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mtime": { "mtime": {
"type": "date" "type": "date"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"owner": { "owner": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"path": { "path": {
"fields": { "fields": {
@@ -262,31 +467,66 @@
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"company": { "company": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"file_version": { "file_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"imphash": { "imphash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"original_file_name": { "original_file_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"product": { "product": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -304,47 +544,97 @@
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"uid": { "uid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"x509": { "x509": {
"properties": { "properties": {
"alternative_names": { "alternative_names": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"issuer": { "issuer": {
"properties": { "properties": {
"common_name": { "common_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country": { "country": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"distinguished_name": { "distinguished_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"locality": { "locality": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organization": { "organization": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organizational_unit": { "organizational_unit": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state_or_province": { "state_or_province": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -356,11 +646,21 @@
}, },
"public_key_algorithm": { "public_key_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"public_key_curve": { "public_key_curve": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"public_key_exponent": { "public_key_exponent": {
"doc_values": false, "doc_values": false,
@@ -372,47 +672,97 @@
}, },
"serial_number": { "serial_number": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"signature_algorithm": { "signature_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject": { "subject": {
"properties": { "properties": {
"common_name": { "common_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country": { "country": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"distinguished_name": { "distinguished_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"locality": { "locality": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organization": { "organization": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organizational_unit": { "organizational_unit": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state_or_province": { "state_or_province": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"version_number": { "version_number": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

2121
salt/elasticsearch/templates/component/ecs/fortinet.json
View File

File diff suppressed because it is too large Load Diff

287
salt/elasticsearch/templates/component/ecs/gcp.json
View File

@@ -14,17 +14,32 @@
"properties": { "properties": {
"authority_selector": { "authority_selector": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"principal_email": { "principal_email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"method_name": { "method_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"num_response_items": { "num_response_items": {
"type": "long" "type": "long"
@@ -33,19 +48,39 @@
"properties": { "properties": {
"filter": { "filter": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"proto_name": { "proto_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resource_name": { "resource_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -56,7 +91,12 @@
}, },
"caller_supplied_user_agent": { "caller_supplied_user_agent": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -64,13 +104,23 @@
"properties": { "properties": {
"current_locations": { "current_locations": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"resource_name": { "resource_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"response": { "response": {
"properties": { "properties": {
@@ -78,35 +128,70 @@
"properties": { "properties": {
"group": { "group": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"kind": { "kind": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"uid": { "uid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"proto_name": { "proto_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"service_name": { "service_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"properties": { "properties": {
@@ -115,13 +200,23 @@
}, },
"message": { "message": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -131,15 +226,30 @@
"properties": { "properties": {
"project_id": { "project_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region": { "region": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"zone": { "zone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -147,15 +257,30 @@
"properties": { "properties": {
"project_id": { "project_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subnetwork_name": { "subnetwork_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"vpc_name": { "vpc_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -167,42 +292,87 @@
"properties": { "properties": {
"action": { "action": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"destination_range": { "destination_range": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"direction": { "direction": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"priority": { "priority": {
"type": "long" "type": "long"
}, },
"reference": { "reference": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"source_range": { "source_range": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"source_service_account": { "source_service_account": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"source_tag": { "source_tag": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"target_service_account": { "target_service_account": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"target_tag": { "target_tag": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -214,15 +384,30 @@
"properties": { "properties": {
"project_id": { "project_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region": { "region": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"zone": { "zone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -230,15 +415,30 @@
"properties": { "properties": {
"project_id": { "project_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subnetwork_name": { "subnetwork_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"vpc_name": { "vpc_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -248,7 +448,12 @@
"properties": { "properties": {
"reporter": { "reporter": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rtt": { "rtt": {
"properties": { "properties": {

840
salt/elasticsearch/templates/component/ecs/google_workspace.json
View File

File diff suppressed because it is too large Load Diff

21
salt/elasticsearch/templates/component/ecs/group.json
View File

@@ -10,15 +10,30 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

210
salt/elasticsearch/templates/component/ecs/host.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cpu": { "cpu": {
"properties": { "properties": {
@@ -40,73 +45,148 @@
}, },
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"geo": { "geo": {
"properties": { "properties": {
"city_name": { "city_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_code": { "continent_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_name": { "continent_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_iso_code": { "country_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_name": { "country_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"location": { "location": {
"type": "geo_point" "type": "geo_point"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"postal_code": { "postal_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_iso_code": { "region_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_name": { "region_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timezone": { "timezone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hostname": { "hostname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ip": { "ip": {
"type": "ip" "type": "ip"
}, },
"mac": { "mac": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"network": { "network": {
"properties": { "properties": {
@@ -136,7 +216,12 @@
"properties": { "properties": {
"family": { "family": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full": { "full": {
"fields": { "fields": {
@@ -149,7 +234,12 @@
}, },
"kernel": { "kernel": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -162,21 +252,41 @@
}, },
"platform": { "platform": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"uptime": { "uptime": {
"type": "long" "type": "long"
@@ -185,11 +295,21 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -204,25 +324,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -235,7 +380,12 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

42
salt/elasticsearch/templates/component/ecs/http.json
View File

@@ -30,19 +30,39 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"method": { "method": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mime_type": { "mime_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"referrer": { "referrer": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -68,7 +88,12 @@
}, },
"mime_type": { "mime_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status_code": { "status_code": {
"type": "long" "type": "long"
@@ -77,7 +102,12 @@
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

490
salt/elasticsearch/templates/component/ecs/juniper.json
View File

@@ -12,47 +12,102 @@
"properties": { "properties": {
"action": { "action": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"action_detail": { "action_detail": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"alert": { "alert": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"apbr_rule_type": { "apbr_rule_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application": { "application": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_category": { "application_category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_characteristics": { "application_characteristics": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_name": { "application_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_sub_category": { "application_sub_category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"attack_name": { "attack_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"category": { "category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"client_ip": { "client_ip": {
"type": "ip" "type": "ip"
@@ -62,85 +117,165 @@
}, },
"connection_tag": { "connection_tag": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"context_hit_rate": { "context_hit_rate": {
"type": "long" "type": "long"
}, },
"context_name": { "context_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"context_value": { "context_value": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"context_value_hit_rate": { "context_value_hit_rate": {
"type": "long" "type": "long"
}, },
"ddos_application_name": { "ddos_application_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"dscp_value": { "dscp_value": {
"type": "long" "type": "long"
}, },
"dst_nat_rule_name": { "dst_nat_rule_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"dst_nat_rule_type": { "dst_nat_rule_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"dst_vrf_grp": { "dst_vrf_grp": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"elapsed_time": { "elapsed_time": {
"type": "date" "type": "date"
}, },
"encrypted": { "encrypted": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"epoch_time": { "epoch_time": {
"type": "date" "type": "date"
}, },
"error_code": { "error_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"error_message": { "error_message": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"export_id": { "export_id": {
"type": "long" "type": "long"
}, },
"feed_name": { "feed_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"file_category": { "file_category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"file_hash_lookup": { "file_hash_lookup": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"file_name": { "file_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"filename": { "filename": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"hostname": { "hostname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"icmp_type": { "icmp_type": {
"type": "long" "type": "long"
@@ -153,39 +288,84 @@
}, },
"index": { "index": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"logical_system_name": { "logical_system_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"malware_info": { "malware_info": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"message": { "message": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"message_type": { "message_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"nat_connection_tag": { "nat_connection_tag": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"nested_application": { "nested_application": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"obj": { "obj": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"occur_count": { "occur_count": {
"type": "long" "type": "long"
@@ -207,7 +387,12 @@
}, },
"peer_session_id": { "peer_session_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"peer_source_address": { "peer_source_address": {
"type": "ip" "type": "ip"
@@ -217,118 +402,258 @@
}, },
"policy_name": { "policy_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"process": { "process": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"profile": { "profile": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"profile_name": { "profile_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"protocol": { "protocol": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"protocol_id": { "protocol_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"protocol_name": { "protocol_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"reason": { "reason": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"repeat_count": { "repeat_count": {
"type": "long" "type": "long"
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"routing_instance": { "routing_instance": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rule_name": { "rule_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ruleebase_name": { "ruleebase_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sample_sha256": { "sample_sha256": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"secure_web_proxy_session_type": { "secure_web_proxy_session_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"service_name": { "service_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"session_id": { "session_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"session_id_32": { "session_id_32": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"src_nat_rule_name": { "src_nat_rule_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"src_nat_rule_type": { "src_nat_rule_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"src_vrf_grp": { "src_vrf_grp": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state": { "state": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sub_category": { "sub_category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tag": { "tag": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"temporary_filename": { "temporary_filename": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tenant_id": { "tenant_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"th": { "th": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"threat_severity": { "threat_severity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"time_count": { "time_count": {
"type": "long" "type": "long"
@@ -338,14 +663,24 @@
}, },
"time_scope": { "time_scope": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timestamp": { "timestamp": {
"type": "date" "type": "date"
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"uplink_rx_bytes": { "uplink_rx_bytes": {
"type": "long" "type": "long"
@@ -355,18 +690,33 @@
}, },
"url": { "url": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"username": { "username": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"verdict_number": { "verdict_number": {
"type": "long" "type": "long"
}, },
"verdict_source": { "verdict_source": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

84
salt/elasticsearch/templates/component/ecs/kibana.json
View File

@@ -10,23 +10,48 @@
"properties": { "properties": {
"add_to_spaces": { "add_to_spaces": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"authentication_provider": { "authentication_provider": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"authentication_realm": { "authentication_realm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"authentication_type": { "authentication_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"delete_from_spaces": { "delete_from_spaces": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"log": { "log": {
"properties": { "properties": {
@@ -35,37 +60,72 @@
}, },
"state": { "state": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tags": { "tags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"lookup_realm": { "lookup_realm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"saved_object": { "saved_object": {
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"session_id": { "session_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"space_id": { "space_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

56
salt/elasticsearch/templates/component/ecs/log.json
View File

@@ -12,17 +12,32 @@
"properties": { "properties": {
"path": { "path": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"level": { "level": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"logger": { "logger": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"origin": { "origin": {
"properties": { "properties": {
@@ -33,20 +48,35 @@
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"function": { "function": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"original": { "original": {
"doc_values": false, "doc_values": false,
"index": false, "index": false,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"syslog": { "syslog": {
"properties": { "properties": {
@@ -57,7 +87,12 @@
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -71,7 +106,12 @@
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

42
salt/elasticsearch/templates/component/ecs/logstash.json
View File

@@ -14,18 +14,33 @@
"properties": { "properties": {
"action": { "action": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
}, },
"type": "object" "type": "object"
}, },
"module": { "module": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"pipeline_id": { "pipeline_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"thread": { "thread": {
"fields": { "fields": {
@@ -53,11 +68,21 @@
}, },
"module": { "module": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"plugin_name": { "plugin_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"plugin_params": { "plugin_params": {
"fields": { "fields": {
@@ -74,7 +99,12 @@
}, },
"plugin_type": { "plugin_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"thread": { "thread": {
"fields": { "fields": {

364
salt/elasticsearch/templates/component/ecs/microsoft.json
View File

@@ -12,72 +12,142 @@
"properties": { "properties": {
"assignedTo": { "assignedTo": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"classification": { "classification": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"determination": { "determination": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"evidence": { "evidence": {
"properties": { "properties": {
"aadUserId": { "aadUserId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"accountName": { "accountName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"domainName": { "domainName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"entityType": { "entityType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ipAddress": { "ipAddress": {
"type": "ip" "type": "ip"
}, },
"userPrincipalName": { "userPrincipalName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"incidentId": { "incidentId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"investigationId": { "investigationId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"investigationState": { "investigationState": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"lastUpdateTime": { "lastUpdateTime": {
"type": "date" "type": "date"
}, },
"rbacGroupName": { "rbacGroupName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resolvedTime": { "resolvedTime": {
"type": "date" "type": "date"
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"threatFamilyName": { "threatFamilyName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -87,26 +157,51 @@
"properties": { "properties": {
"actorName": { "actorName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"assignedTo": { "assignedTo": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"classification": { "classification": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"creationTime": { "creationTime": {
"type": "date" "type": "date"
}, },
"detectionSource": { "detectionSource": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"determination": { "determination": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"devices": { "devices": {
"type": "flattened" "type": "flattened"
@@ -115,145 +210,310 @@
"properties": { "properties": {
"accountName": { "accountName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"clusterBy": { "clusterBy": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"deliveryAction": { "deliveryAction": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"deviceId": { "deviceId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"entityType": { "entityType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ipAddress": { "ipAddress": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mailboxAddress": { "mailboxAddress": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mailboxDisplayName": { "mailboxDisplayName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"recipient": { "recipient": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"registryHive": { "registryHive": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"registryKey": { "registryKey": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"registryValueType": { "registryValueType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"securityGroupId": { "securityGroupId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"securityGroupName": { "securityGroupName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sender": { "sender": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject": { "subject": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"incidentId": { "incidentId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"investigationId": { "investigationId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"investigationState": { "investigationState": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"lastUpdatedTime": { "lastUpdatedTime": {
"type": "date" "type": "date"
}, },
"mitreTechniques": { "mitreTechniques": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resolvedTime": { "resolvedTime": {
"type": "date" "type": "date"
}, },
"severity": { "severity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"threatFamilyName": { "threatFamilyName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"userSid": { "userSid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"assignedTo": { "assignedTo": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"classification": { "classification": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"determination": { "determination": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"incidentId": { "incidentId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"incidentName": { "incidentName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"investigationState": { "investigationState": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"redirectIncidentId": { "redirectIncidentId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tags": { "tags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

357
salt/elasticsearch/templates/component/ecs/misp.json
View File

@@ -16,15 +16,30 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"kill_chain_phases": { "kill_chain_phases": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -43,18 +58,33 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"last_seen": { "last_seen": {
"type": "date" "type": "date"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"objective": { "objective": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -66,11 +96,21 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -86,23 +126,48 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"identity_class": { "identity_class": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"labels": { "labels": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sectors": { "sectors": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -125,14 +190,24 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"last_seen": { "last_seen": {
"type": "date" "type": "date"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"primary_motivation": { "primary_motivation": {
"norms": false, "norms": false,
@@ -156,19 +231,39 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"kill_chain_phases": { "kill_chain_phases": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"labels": { "labels": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -176,7 +271,12 @@
"properties": { "properties": {
"authors": { "authors": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
@@ -184,15 +284,30 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"object_refs": { "object_refs": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"summary": { "summary": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -203,7 +318,12 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"last_observed": { "last_observed": {
"type": "date" "type": "date"
@@ -213,7 +333,12 @@
}, },
"objects": { "objects": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -225,15 +350,30 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"labels": { "labels": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"object_refs": { "object_refs": {
"norms": false, "norms": false,
@@ -260,15 +400,30 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"labels": { "labels": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"personal_motivations": { "personal_motivations": {
"norms": false, "norms": false,
@@ -300,19 +455,39 @@
"properties": { "properties": {
"attack_pattern": { "attack_pattern": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"attack_pattern_kql": { "attack_pattern_kql": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"campaign": { "campaign": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"confidence": { "confidence": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"norms": false, "norms": false,
@@ -324,42 +499,87 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"intrusion_set": { "intrusion_set": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"kill_chain_phases": { "kill_chain_phases": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"labels": { "labels": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mitre_tactic": { "mitre_tactic": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mitre_technique": { "mitre_technique": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"negate": { "negate": {
"type": "boolean" "type": "boolean"
}, },
"severity": { "severity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"threat_actor": { "threat_actor": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"valid_from": { "valid_from": {
"type": "date" "type": "date"
@@ -369,7 +589,12 @@
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -381,7 +606,12 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"kill_chain_phases": { "kill_chain_phases": {
"norms": false, "norms": false,
@@ -389,15 +619,30 @@
}, },
"labels": { "labels": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tool_version": { "tool_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -409,11 +654,21 @@
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

329
salt/elasticsearch/templates/component/ecs/netflow.json
View File

@@ -34,26 +34,51 @@
}, },
"application_category_name": { "application_category_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_description": { "application_description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_group_name": { "application_group_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_id": { "application_id": {
"type": "short" "type": "short"
}, },
"application_name": { "application_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"application_sub_category_name": { "application_sub_category_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"bgp_destination_as_number": { "bgp_destination_as_number": {
"type": "long" "type": "long"
@@ -84,7 +109,12 @@
}, },
"class_name": { "class_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"classification_engine_id": { "classification_engine_id": {
"type": "short" "type": "short"
@@ -151,7 +181,12 @@
}, },
"destination_mac_address": { "destination_mac_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"destination_transport_port": { "destination_transport_port": {
"type": "long" "type": "long"
@@ -182,14 +217,24 @@
}, },
"dot1q_customer_destination_mac_address": { "dot1q_customer_destination_mac_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"dot1q_customer_priority": { "dot1q_customer_priority": {
"type": "short" "type": "short"
}, },
"dot1q_customer_source_mac_address": { "dot1q_customer_source_mac_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"dot1q_customer_vlan_id": { "dot1q_customer_vlan_id": {
"type": "long" "type": "long"
@@ -253,7 +298,12 @@
}, },
"encrypted_technology": { "encrypted_technology": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"engine_id": { "engine_id": {
"type": "short" "type": "short"
@@ -298,7 +348,12 @@
"properties": { "properties": {
"address": { "address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"source_id": { "source_id": {
"type": "long" "type": "long"
@@ -466,34 +521,69 @@
}, },
"http_content_type": { "http_content_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"http_message_version": { "http_message_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"http_reason_phrase": { "http_reason_phrase": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"http_request_host": { "http_request_host": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"http_request_method": { "http_request_method": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"http_request_target": { "http_request_target": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"http_status_code": { "http_status_code": {
"type": "long" "type": "long"
}, },
"http_user_agent": { "http_user_agent": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"icmp_code_ipv4": { "icmp_code_ipv4": {
"type": "short" "type": "short"
@@ -536,7 +626,12 @@
}, },
"information_element_description": { "information_element_description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"information_element_id": { "information_element_id": {
"type": "long" "type": "long"
@@ -546,7 +641,12 @@
}, },
"information_element_name": { "information_element_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"information_element_range_begin": { "information_element_range_begin": {
"type": "long" "type": "long"
@@ -589,11 +689,21 @@
}, },
"interface_description": { "interface_description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"interface_name": { "interface_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"intermediate_process_id": { "intermediate_process_id": {
"type": "long" "type": "long"
@@ -741,7 +851,12 @@
}, },
"metro_evc_id": { "metro_evc_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"metro_evc_type": { "metro_evc_type": {
"type": "short" "type": "short"
@@ -754,29 +869,54 @@
}, },
"mib_context_name": { "mib_context_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mib_index_indicator": { "mib_index_indicator": {
"type": "long" "type": "long"
}, },
"mib_module_name": { "mib_module_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mib_object_description": { "mib_object_description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mib_object_identifier": { "mib_object_identifier": {
"type": "short" "type": "short"
}, },
"mib_object_name": { "mib_object_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mib_object_syntax": { "mib_object_syntax": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mib_object_value_bits": { "mib_object_value_bits": {
"type": "short" "type": "short"
@@ -834,11 +974,21 @@
}, },
"mobile_imsi": { "mobile_imsi": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mobile_msisdn": { "mobile_msisdn": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"monitoring_interval_end_milli_seconds": { "monitoring_interval_end_milli_seconds": {
"type": "date" "type": "date"
@@ -929,7 +1079,12 @@
}, },
"nat_pool_name": { "nat_pool_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"nat_quota_exceeded_event": { "nat_quota_exceeded_event": {
"type": "long" "type": "long"
@@ -963,7 +1118,12 @@
}, },
"observation_domain_name": { "observation_domain_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"observation_point_id": { "observation_point_id": {
"type": "long" "type": "long"
@@ -1021,7 +1181,12 @@
}, },
"p2p_technology": { "p2p_technology": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"packet_delta_count": { "packet_delta_count": {
"type": "long" "type": "long"
@@ -1052,7 +1217,12 @@
}, },
"post_destination_mac_address": { "post_destination_mac_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"post_dot1q_customer_vlan_id": { "post_dot1q_customer_vlan_id": {
"type": "long" "type": "long"
@@ -1128,7 +1298,12 @@
}, },
"post_source_mac_address": { "post_source_mac_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"post_vlan_id": { "post_vlan_id": {
"type": "long" "type": "long"
@@ -1180,7 +1355,12 @@
}, },
"sampler_name": { "sampler_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sampler_random_interval": { "sampler_random_interval": {
"type": "long" "type": "long"
@@ -1247,7 +1427,12 @@
}, },
"selector_name": { "selector_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"session_scope": { "session_scope": {
"type": "short" "type": "short"
@@ -1272,7 +1457,12 @@
}, },
"source_mac_address": { "source_mac_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"source_transport_port": { "source_transport_port": {
"type": "long" "type": "long"
@@ -1288,7 +1478,12 @@
}, },
"sta_mac_address": { "sta_mac_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"system_init_time_milliseconds": { "system_init_time_milliseconds": {
"type": "date" "type": "date"
@@ -1355,11 +1550,21 @@
}, },
"tunnel_technology": { "tunnel_technology": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"udp_destination_port": { "udp_destination_port": {
"type": "long" "type": "long"
@@ -1375,7 +1580,12 @@
}, },
"user_name": { "user_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"value_distribution_method": { "value_distribution_method": {
"type": "short" "type": "short"
@@ -1385,11 +1595,21 @@
}, },
"virtual_station_interface_name": { "virtual_station_interface_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"virtual_station_name": { "virtual_station_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"virtual_station_uuid": { "virtual_station_uuid": {
"type": "short" "type": "short"
@@ -1402,18 +1622,33 @@
}, },
"vr_fname": { "vr_fname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"wlan_channel_id": { "wlan_channel_id": {
"type": "short" "type": "short"
}, },
"wlan_ssid": { "wlan_ssid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"wtp_mac_address": { "wtp_mac_address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

84
salt/elasticsearch/templates/component/ecs/network.json
View File

@@ -10,25 +10,45 @@
"properties": { "properties": {
"application": { "application": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"bytes": { "bytes": {
"type": "long" "type": "long"
}, },
"community_id": { "community_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"direction": { "direction": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"forwarded_ip": { "forwarded_ip": {
"type": "ip" "type": "ip"
}, },
"iana_number": { "iana_number": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"inner": { "inner": {
"properties": { "properties": {
@@ -36,11 +56,21 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -49,32 +79,62 @@
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"packets": { "packets": {
"type": "long" "type": "long"
}, },
"protocol": { "protocol": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"transport": { "transport": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"vlan": { "vlan": {
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

602
salt/elasticsearch/templates/component/ecs/o365.json
View File

@@ -12,71 +12,156 @@
"properties": { "properties": {
"AADGroupId": { "AADGroupId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ActorContextId": { "ActorContextId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ActorIpAddress": { "ActorIpAddress": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ActorUserId": { "ActorUserId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ActorYammerUserId": { "ActorYammerUserId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"AlertEntityId": { "AlertEntityId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"AlertId": { "AlertId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"AlertType": { "AlertType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"AppId": { "AppId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ApplicationDisplayName": { "ApplicationDisplayName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ApplicationId": { "ApplicationId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"AzureActiveDirectoryEventType": { "AzureActiveDirectoryEventType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Category": { "Category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ClientAppId": { "ClientAppId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ClientIP": { "ClientIP": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ClientIPAddress": { "ClientIPAddress": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ClientInfoString": { "ClientInfoString": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Comments": { "Comments": {
"norms": false, "norms": false,
@@ -84,46 +169,96 @@
}, },
"CommunicationType": { "CommunicationType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"CorrelationId": { "CorrelationId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"CreationTime": { "CreationTime": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"CustomUniqueId": { "CustomUniqueId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Data": { "Data": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"DataType": { "DataType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"DoNotDistributeEvent": { "DoNotDistributeEvent": {
"type": "boolean" "type": "boolean"
}, },
"EntityType": { "EntityType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ErrorNumber": { "ErrorNumber": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"EventData": { "EventData": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"EventSource": { "EventSource": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ExceptionInfo": { "ExceptionInfo": {
"properties": { "properties": {
@@ -148,38 +283,78 @@
}, },
"ExternalAccess": { "ExternalAccess": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"FromApp": { "FromApp": {
"type": "boolean" "type": "boolean"
}, },
"GroupName": { "GroupName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Id": { "Id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ImplicitShare": { "ImplicitShare": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"IncidentId": { "IncidentId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"InterSystemsId": { "InterSystemsId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"InternalLogonType": { "InternalLogonType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"IntraSystemId": { "IntraSystemId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"IsDocLib": { "IsDocLib": {
"type": "boolean" "type": "boolean"
@@ -201,67 +376,147 @@
}, },
"ItemName": { "ItemName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ItemType": { "ItemType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ListBaseTemplateType": { "ListBaseTemplateType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ListBaseType": { "ListBaseType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ListColor": { "ListColor": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ListIcon": { "ListIcon": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ListId": { "ListId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ListItemUniqueId": { "ListItemUniqueId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ListTitle": { "ListTitle": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"LogonError": { "LogonError": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"LogonType": { "LogonType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"LogonUserSid": { "LogonUserSid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"MailboxGuid": { "MailboxGuid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"MailboxOwnerMasterAccountSid": { "MailboxOwnerMasterAccountSid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"MailboxOwnerSid": { "MailboxOwnerSid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"MailboxOwnerUPN": { "MailboxOwnerUPN": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Members": { "Members": {
"properties": { "properties": {
@@ -283,27 +538,57 @@
}, },
"Name": { "Name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ObjectId": { "ObjectId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Operation": { "Operation": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"OrganizationId": { "OrganizationId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"OrganizationName": { "OrganizationName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"OriginatingServer": { "OriginatingServer": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Parameters": { "Parameters": {
"properties": { "properties": {
@@ -314,27 +599,57 @@
}, },
"PolicyId": { "PolicyId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"RecordType": { "RecordType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ResultStatus": { "ResultStatus": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"SensitiveInfoDetectionIsIncluded": { "SensitiveInfoDetectionIsIncluded": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"SessionId": { "SessionId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Severity": { "Severity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"SharePointMetaData": { "SharePointMetaData": {
"properties": { "properties": {
@@ -345,95 +660,210 @@
}, },
"Site": { "Site": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"SiteUrl": { "SiteUrl": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Source": { "Source": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"SourceFileExtension": { "SourceFileExtension": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"SourceFileName": { "SourceFileName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"SourceRelativeUrl": { "SourceRelativeUrl": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Status": { "Status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"SupportTicketId": { "SupportTicketId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"TargetContextId": { "TargetContextId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"TargetUserOrGroupName": { "TargetUserOrGroupName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"TargetUserOrGroupType": { "TargetUserOrGroupType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"TeamGuid": { "TeamGuid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"TeamName": { "TeamName": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"TemplateTypeId": { "TemplateTypeId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"UniqueSharingId": { "UniqueSharingId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"UserAgent": { "UserAgent": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"UserId": { "UserId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"UserKey": { "UserKey": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"UserType": { "UserType": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Version": { "Version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"WebId": { "WebId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"Workload": { "Workload": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"YammerNetworkId": { "YammerNetworkId": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

245
salt/elasticsearch/templates/component/ecs/observer.json
View File

@@ -14,15 +14,30 @@
"properties": { "properties": {
"alias": { "alias": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -30,17 +45,32 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"zone": { "zone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
}, },
"type": "object" "type": "object"
@@ -49,52 +79,107 @@
"properties": { "properties": {
"city_name": { "city_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_code": { "continent_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_name": { "continent_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_iso_code": { "country_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_name": { "country_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"location": { "location": {
"type": "geo_point" "type": "geo_point"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"postal_code": { "postal_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_iso_code": { "region_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_name": { "region_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timezone": { "timezone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hostname": { "hostname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ingress": { "ingress": {
"properties": { "properties": {
@@ -102,15 +187,30 @@
"properties": { "properties": {
"alias": { "alias": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -118,17 +218,32 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"zone": { "zone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
}, },
"type": "object" "type": "object"
@@ -138,17 +253,32 @@
}, },
"mac": { "mac": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"os": { "os": {
"properties": { "properties": {
"family": { "family": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full": { "full": {
"fields": { "fields": {
@@ -161,7 +291,12 @@
}, },
"kernel": { "kernel": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -174,37 +309,77 @@
}, },
"platform": { "platform": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"product": { "product": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"serial_number": { "serial_number": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"vendor": { "vendor": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

322
salt/elasticsearch/templates/component/ecs/okta.json
View File

@@ -12,19 +12,39 @@
"properties": { "properties": {
"alternate_id": { "alternate_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"display_name": { "display_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -32,26 +52,51 @@
"properties": { "properties": {
"authentication_provider": { "authentication_provider": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"authentication_step": { "authentication_step": {
"type": "long" "type": "long"
}, },
"credential_provider": { "credential_provider": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"credential_type": { "credential_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"external_session_id": { "external_session_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"interface": { "interface": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -59,11 +104,21 @@
"properties": { "properties": {
"device": { "device": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ip": { "ip": {
"type": "ip" "type": "ip"
@@ -72,21 +127,41 @@
"properties": { "properties": {
"browser": { "browser": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"os": { "os": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"raw_user_agent": { "raw_user_agent": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"zone": { "zone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -96,33 +171,68 @@
"properties": { "properties": {
"device_fingerprint": { "device_fingerprint": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"request_id": { "request_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"request_uri": { "request_uri": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"suspicious_activity": { "suspicious_activity": {
"properties": { "properties": {
"browser": { "browser": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_city": { "event_city": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_country": { "event_country": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_id": { "event_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_ip": { "event_ip": {
"type": "ip" "type": "ip"
@@ -135,19 +245,39 @@
}, },
"event_state": { "event_state": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_transaction_id": { "event_transaction_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_type": { "event_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"os": { "os": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timestamp": { "timestamp": {
"type": "date" "type": "date"
@@ -156,11 +286,21 @@
}, },
"threat_suspected": { "threat_suspected": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"url": { "url": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -168,21 +308,41 @@
}, },
"display_message": { "display_message": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"event_type": { "event_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"outcome": { "outcome": {
"properties": { "properties": {
"reason": { "reason": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"result": { "result": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -194,22 +354,42 @@
"properties": { "properties": {
"city": { "city": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country": { "country": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"geolocation": { "geolocation": {
"type": "geo_point" "type": "geo_point"
}, },
"postal_code": { "postal_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state": { "state": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -218,11 +398,21 @@
}, },
"source": { "source": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -239,7 +429,12 @@
"properties": { "properties": {
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -247,20 +442,35 @@
}, },
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"is_proxy": { "is_proxy": {
"type": "boolean" "type": "boolean"
}, },
"isp": { "isp": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"severity": { "severity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"target": { "target": {
"type": "flattened" "type": "flattened"
@@ -269,21 +479,41 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"uuid": { "uuid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

63
salt/elasticsearch/templates/component/ecs/orchestrator.json
View File

@@ -10,47 +10,92 @@
"properties": { "properties": {
"api_version": { "api_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cluster": { "cluster": {
"properties": { "properties": {
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"url": { "url": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"namespace": { "namespace": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organization": { "organization": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resource": { "resource": {
"properties": { "properties": {
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

7
salt/elasticsearch/templates/component/ecs/organization.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {

77
salt/elasticsearch/templates/component/ecs/package.json
View File

@@ -10,53 +10,108 @@
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"build_version": { "build_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"checksum": { "checksum": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"install_scope": { "install_scope": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"installed": { "installed": {
"type": "date" "type": "date"
}, },
"license": { "license": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"path": { "path": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"reference": { "reference": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"size": { "size": {
"type": "long" "type": "long"
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

532
salt/elasticsearch/templates/component/ecs/process.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"args": { "args": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"args_count": { "args_count": {
"type": "long" "type": "long"
@@ -19,26 +24,51 @@
"properties": { "properties": {
"digest_algorithm": { "digest_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"exists": { "exists": {
"type": "boolean" "type": "boolean"
}, },
"signing_id": { "signing_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject_name": { "subject_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"team_id": { "team_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timestamp": { "timestamp": {
"type": "date" "type": "date"
@@ -63,15 +93,30 @@
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"byte_order": { "byte_order": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cpu_type": { "cpu_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"creation_date": { "creation_date": {
"type": "date" "type": "date"
@@ -83,34 +128,69 @@
"properties": { "properties": {
"abi_version": { "abi_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"class": { "class": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"data": { "data": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"entrypoint": { "entrypoint": {
"type": "long" "type": "long"
}, },
"object_version": { "object_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"os_abi": { "os_abi": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -127,22 +207,42 @@
}, },
"flags": { "flags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"physical_offset": { "physical_offset": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"physical_size": { "physical_size": {
"type": "long" "type": "long"
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"virtual_address": { "virtual_address": {
"type": "long" "type": "long"
@@ -157,22 +257,42 @@
"properties": { "properties": {
"sections": { "sections": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
}, },
"type": "nested" "type": "nested"
}, },
"shared_libraries": { "shared_libraries": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"telfhash": { "telfhash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -181,7 +301,12 @@
}, },
"entity_id": { "entity_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"executable": { "executable": {
"fields": { "fields": {
@@ -199,23 +324,48 @@
"properties": { "properties": {
"md5": { "md5": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha1": { "sha1": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha256": { "sha256": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha512": { "sha512": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ssdeep": { "ssdeep": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -232,7 +382,12 @@
"properties": { "properties": {
"args": { "args": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"args_count": { "args_count": {
"type": "long" "type": "long"
@@ -241,26 +396,51 @@
"properties": { "properties": {
"digest_algorithm": { "digest_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"exists": { "exists": {
"type": "boolean" "type": "boolean"
}, },
"signing_id": { "signing_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject_name": { "subject_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"team_id": { "team_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timestamp": { "timestamp": {
"type": "date" "type": "date"
@@ -285,15 +465,30 @@
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"byte_order": { "byte_order": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cpu_type": { "cpu_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"creation_date": { "creation_date": {
"type": "date" "type": "date"
@@ -305,34 +500,69 @@
"properties": { "properties": {
"abi_version": { "abi_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"class": { "class": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"data": { "data": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"entrypoint": { "entrypoint": {
"type": "long" "type": "long"
}, },
"object_version": { "object_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"os_abi": { "os_abi": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -349,22 +579,42 @@
}, },
"flags": { "flags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"physical_offset": { "physical_offset": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"physical_size": { "physical_size": {
"type": "long" "type": "long"
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"virtual_address": { "virtual_address": {
"type": "long" "type": "long"
@@ -379,22 +629,42 @@
"properties": { "properties": {
"sections": { "sections": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
}, },
"type": "nested" "type": "nested"
}, },
"shared_libraries": { "shared_libraries": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"telfhash": { "telfhash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -403,7 +673,12 @@
}, },
"entity_id": { "entity_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"executable": { "executable": {
"fields": { "fields": {
@@ -421,23 +696,48 @@
"properties": { "properties": {
"md5": { "md5": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha1": { "sha1": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha256": { "sha256": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha512": { "sha512": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ssdeep": { "ssdeep": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -454,31 +754,66 @@
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"company": { "company": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"file_version": { "file_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"imphash": { "imphash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"original_file_name": { "original_file_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"product": { "product": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -501,7 +836,12 @@
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -532,31 +872,66 @@
"properties": { "properties": {
"architecture": { "architecture": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"company": { "company": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"file_version": { "file_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"imphash": { "imphash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"original_file_name": { "original_file_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"product": { "product": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -579,7 +954,12 @@
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },

28
salt/elasticsearch/templates/component/ecs/redis.json
View File

@@ -12,7 +12,12 @@
"properties": { "properties": {
"role": { "role": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -20,11 +25,21 @@
"properties": { "properties": {
"args": { "args": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cmd": { "cmd": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"duration": { "duration": {
"properties": { "properties": {
@@ -38,7 +53,12 @@
}, },
"key": { "key": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

42
salt/elasticsearch/templates/component/ecs/registry.json
View File

@@ -12,32 +12,62 @@
"properties": { "properties": {
"bytes": { "bytes": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"strings": { "strings": {
"type": "wildcard" "type": "wildcard"
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hive": { "hive": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"key": { "key": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"path": { "path": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"value": { "value": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

21
salt/elasticsearch/templates/component/ecs/related.json
View File

@@ -10,18 +10,33 @@
"properties": { "properties": {
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"hosts": { "hosts": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ip": { "ip": {
"type": "ip" "type": "ip"
}, },
"user": { "user": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

70
salt/elasticsearch/templates/component/ecs/rule.json
View File

@@ -10,43 +10,93 @@
"properties": { "properties": {
"author": { "author": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"category": { "category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"license": { "license": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"reference": { "reference": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ruleset": { "ruleset": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"uuid": { "uuid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

168
salt/elasticsearch/templates/component/ecs/server.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"address": { "address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"as": { "as": {
"properties": { "properties": {
@@ -37,52 +42,107 @@
}, },
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"geo": { "geo": {
"properties": { "properties": {
"city_name": { "city_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_code": { "continent_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_name": { "continent_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_iso_code": { "country_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_name": { "country_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"location": { "location": {
"type": "geo_point" "type": "geo_point"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"postal_code": { "postal_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_iso_code": { "region_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_name": { "region_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timezone": { "timezone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -91,7 +151,12 @@
}, },
"mac": { "mac": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"nat": { "nat": {
"properties": { "properties": {
@@ -111,25 +176,50 @@
}, },
"registered_domain": { "registered_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subdomain": { "subdomain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"top_level_domain": { "top_level_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"user": { "user": {
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -144,25 +234,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -175,7 +290,12 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

63
salt/elasticsearch/templates/component/ecs/service.json
View File

@@ -10,43 +10,88 @@
"properties": { "properties": {
"address": { "address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"environment": { "environment": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ephemeral_id": { "ephemeral_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"node": { "node": {
"properties": { "properties": {
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"state": { "state": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

126
salt/elasticsearch/templates/component/ecs/snyk.json
View File

@@ -15,11 +15,21 @@
}, },
"org_id": { "org_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"project_id": { "project_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -30,7 +40,12 @@
"properties": { "properties": {
"projects": { "projects": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -38,32 +53,62 @@
"properties": { "properties": {
"credit": { "credit": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cvss3": { "cvss3": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"disclosure_time": { "disclosure_time": {
"type": "date" "type": "date"
}, },
"exploit_maturity": { "exploit_maturity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"identifiers": { "identifiers": {
"properties": { "properties": {
"alternative": { "alternative": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cwe": { "cwe": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -90,22 +135,42 @@
}, },
"jira_issue_url": { "jira_issue_url": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"language": { "language": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"original_severity": { "original_severity": {
"type": "long" "type": "long"
}, },
"package": { "package": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"package_manager": { "package_manager": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"patches": { "patches": {
"type": "flattened" "type": "flattened"
@@ -118,26 +183,51 @@
}, },
"reachability": { "reachability": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"semver": { "semver": {
"type": "flattened" "type": "flattened"
}, },
"title": { "title": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"unique_severities_list": { "unique_severities_list": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

966
salt/elasticsearch/templates/component/ecs/sophos.json
View File

File diff suppressed because it is too large Load Diff

168
salt/elasticsearch/templates/component/ecs/source.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"address": { "address": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"as": { "as": {
"properties": { "properties": {
@@ -37,52 +42,107 @@
}, },
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"geo": { "geo": {
"properties": { "properties": {
"city_name": { "city_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_code": { "continent_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"continent_name": { "continent_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_iso_code": { "country_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country_name": { "country_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"location": { "location": {
"type": "geo_point" "type": "geo_point"
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"postal_code": { "postal_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_iso_code": { "region_iso_code": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"region_name": { "region_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"timezone": { "timezone": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -91,7 +151,12 @@
}, },
"mac": { "mac": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"nat": { "nat": {
"properties": { "properties": {
@@ -111,25 +176,50 @@
}, },
"registered_domain": { "registered_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subdomain": { "subdomain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"top_level_domain": { "top_level_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"user": { "user": {
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -144,25 +234,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -175,7 +290,12 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

476
salt/elasticsearch/templates/component/ecs/suricata.json
View File

@@ -14,118 +14,243 @@
"properties": { "properties": {
"affected_product": { "affected_product": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"attack_target": { "attack_target": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"capec_id": { "capec_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"category": { "category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"classtype": { "classtype": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"created_at": { "created_at": {
"type": "date" "type": "date"
}, },
"cve": { "cve": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cvss_v2_base": { "cvss_v2_base": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cvss_v2_temporal": { "cvss_v2_temporal": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cvss_v3_base": { "cvss_v3_base": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cvss_v3_temporal": { "cvss_v3_temporal": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"cwe_id": { "cwe_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"deployment": { "deployment": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"former_category": { "former_category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"gid": { "gid": {
"type": "long" "type": "long"
}, },
"hostile": { "hostile": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"infected": { "infected": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"malware": { "malware": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"metadata": { "metadata": {
"type": "flattened" "type": "flattened"
}, },
"mitre_tool_id": { "mitre_tool_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"performance_impact": { "performance_impact": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"priority": { "priority": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"protocols": { "protocols": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rev": { "rev": {
"type": "long" "type": "long"
}, },
"rule_source": { "rule_source": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sid": { "sid": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"signature": { "signature": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"signature_id": { "signature_id": {
"type": "long" "type": "long"
}, },
"signature_severity": { "signature_severity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tag": { "tag": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"updated_at": { "updated_at": {
"type": "date" "type": "date"
@@ -134,19 +259,39 @@
}, },
"app_proto_expected": { "app_proto_expected": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"app_proto_orig": { "app_proto_orig": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"app_proto_tc": { "app_proto_tc": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"app_proto_ts": { "app_proto_ts": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"dns": { "dns": {
"properties": { "properties": {
@@ -155,19 +300,39 @@
}, },
"rcode": { "rcode": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rdata": { "rdata": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rrname": { "rrname": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rrtype": { "rrtype": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ttl": { "ttl": {
"type": "long" "type": "long"
@@ -177,7 +342,12 @@
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -185,13 +355,23 @@
"properties": { "properties": {
"status": { "status": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"event_type": { "event_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"fileinfo": { "fileinfo": {
"properties": { "properties": {
@@ -200,19 +380,39 @@
}, },
"md5": { "md5": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha1": { "sha1": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha256": { "sha256": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state": { "state": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"stored": { "stored": {
"type": "boolean" "type": "boolean"
@@ -232,31 +432,61 @@
}, },
"reason": { "reason": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state": { "state": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"flow_id": { "flow_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"http": { "http": {
"properties": { "properties": {
"http_content_type": { "http_content_type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"protocol": { "protocol": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"redirect": { "redirect": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -268,7 +498,12 @@
}, },
"in_iface": { "in_iface": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"pcap_cnt": { "pcap_cnt": {
"type": "long" "type": "long"
@@ -277,15 +512,30 @@
"properties": { "properties": {
"helo": { "helo": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"mail_from": { "mail_from": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"rcpt_to": { "rcpt_to": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -295,11 +545,21 @@
"properties": { "properties": {
"proto_version": { "proto_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"software_version": { "software_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -307,11 +567,21 @@
"properties": { "properties": {
"proto_version": { "proto_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"software_version": { "software_version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -757,22 +1027,42 @@
}, },
"state": { "state": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"syn": { "syn": {
"type": "boolean" "type": "boolean"
}, },
"tcp_flags": { "tcp_flags": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tcp_flags_tc": { "tcp_flags_tc": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"tcp_flags_ts": { "tcp_flags_ts": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -780,21 +1070,41 @@
"properties": { "properties": {
"fingerprint": { "fingerprint": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"issuerdn": { "issuerdn": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ja3": { "ja3": {
"properties": { "properties": {
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"string": { "string": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -802,11 +1112,21 @@
"properties": { "properties": {
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"string": { "string": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -818,22 +1138,42 @@
}, },
"serial": { "serial": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"session_resumed": { "session_resumed": {
"type": "boolean" "type": "boolean"
}, },
"sni": { "sni": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject": { "subject": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },

14
salt/elasticsearch/templates/component/ecs/syslog.json
View File

@@ -13,14 +13,24 @@
}, },
"facility_label": { "facility_label": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"priority": { "priority": {
"type": "long" "type": "long"
}, },
"severity_label": { "severity_label": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

1883
salt/elasticsearch/templates/component/ecs/threat.json
View File

File diff suppressed because it is too large Load Diff

441
salt/elasticsearch/templates/component/ecs/tls.json
View File

@@ -10,41 +10,81 @@
"properties": { "properties": {
"cipher": { "cipher": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"client": { "client": {
"properties": { "properties": {
"certificate": { "certificate": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"certificate_chain": { "certificate_chain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"hash": { "hash": {
"properties": { "properties": {
"md5": { "md5": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha1": { "sha1": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha256": { "sha256": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"issuer": { "issuer": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ja3": { "ja3": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"not_after": { "not_after": {
"type": "date" "type": "date"
@@ -54,51 +94,106 @@
}, },
"server_name": { "server_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject": { "subject": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"supported_ciphers": { "supported_ciphers": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"x509": { "x509": {
"properties": { "properties": {
"alternative_names": { "alternative_names": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"issuer": { "issuer": {
"properties": { "properties": {
"common_name": { "common_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country": { "country": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"distinguished_name": { "distinguished_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"locality": { "locality": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organization": { "organization": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organizational_unit": { "organizational_unit": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state_or_province": { "state_or_province": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -110,11 +205,21 @@
}, },
"public_key_algorithm": { "public_key_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"public_key_curve": { "public_key_curve": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"public_key_exponent": { "public_key_exponent": {
"doc_values": false, "doc_values": false,
@@ -126,47 +231,97 @@
}, },
"serial_number": { "serial_number": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"signature_algorithm": { "signature_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject": { "subject": {
"properties": { "properties": {
"common_name": { "common_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country": { "country": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"distinguished_name": { "distinguished_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"locality": { "locality": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organization": { "organization": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organizational_unit": { "organizational_unit": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state_or_province": { "state_or_province": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"version_number": { "version_number": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -174,14 +329,24 @@
}, },
"curve": { "curve": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"established": { "established": {
"type": "boolean" "type": "boolean"
}, },
"next_protocol": { "next_protocol": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"resumed": { "resumed": {
"type": "boolean" "type": "boolean"
@@ -190,35 +355,70 @@
"properties": { "properties": {
"certificate": { "certificate": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"certificate_chain": { "certificate_chain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"hash": { "hash": {
"properties": { "properties": {
"md5": { "md5": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha1": { "sha1": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"sha256": { "sha256": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"issuer": { "issuer": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"ja3s": { "ja3s": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"not_after": { "not_after": {
"type": "date" "type": "date"
@@ -228,43 +428,88 @@
}, },
"subject": { "subject": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"x509": { "x509": {
"properties": { "properties": {
"alternative_names": { "alternative_names": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"issuer": { "issuer": {
"properties": { "properties": {
"common_name": { "common_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country": { "country": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"distinguished_name": { "distinguished_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"locality": { "locality": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organization": { "organization": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organizational_unit": { "organizational_unit": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state_or_province": { "state_or_province": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -276,11 +521,21 @@
}, },
"public_key_algorithm": { "public_key_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"public_key_curve": { "public_key_curve": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"public_key_exponent": { "public_key_exponent": {
"doc_values": false, "doc_values": false,
@@ -292,47 +547,97 @@
}, },
"serial_number": { "serial_number": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"signature_algorithm": { "signature_algorithm": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subject": { "subject": {
"properties": { "properties": {
"common_name": { "common_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"country": { "country": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"distinguished_name": { "distinguished_name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"locality": { "locality": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organization": { "organization": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"organizational_unit": { "organizational_unit": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"state_or_province": { "state_or_province": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"version_number": { "version_number": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }
@@ -340,11 +645,21 @@
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version_protocol": { "version_protocol": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

21
salt/elasticsearch/templates/component/ecs/tracing.json
View File

@@ -10,7 +10,12 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -18,7 +23,12 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -26,7 +36,12 @@
"properties": { "properties": {
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

70
salt/elasticsearch/templates/component/ecs/url.json
View File

@@ -10,15 +10,30 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"extension": { "extension": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"fragment": { "fragment": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full": { "full": {
"fields": { "fields": {
@@ -38,7 +53,12 @@
}, },
"password": { "password": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"path": { "path": {
"type": "wildcard" "type": "wildcard"
@@ -48,27 +68,57 @@
}, },
"query": { "query": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"registered_domain": { "registered_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"scheme": { "scheme": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"subdomain": { "subdomain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"top_level_domain": { "top_level_domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"username": { "username": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

224
salt/elasticsearch/templates/component/ecs/user.json
View File

@@ -12,11 +12,21 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -31,25 +41,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -62,23 +97,43 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"effective": { "effective": {
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -93,25 +148,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -124,13 +204,23 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -145,25 +235,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -176,17 +291,32 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"target": { "target": {
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"email": { "email": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full_name": { "full_name": {
"fields": { "fields": {
@@ -201,25 +331,50 @@
"properties": { "properties": {
"domain": { "domain": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"hash": { "hash": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -232,7 +387,12 @@
}, },
"roles": { "roles": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

56
salt/elasticsearch/templates/component/ecs/user_agent.json
View File

@@ -12,13 +12,23 @@
"properties": { "properties": {
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"name": { "name": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"original": { "original": {
"fields": { "fields": {
@@ -33,7 +43,12 @@
"properties": { "properties": {
"family": { "family": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"full": { "full": {
"fields": { "fields": {
@@ -46,7 +61,12 @@
}, },
"kernel": { "kernel": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"name": { "name": {
"fields": { "fields": {
@@ -59,21 +79,41 @@
}, },
"platform": { "platform": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"type": { "type": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

63
salt/elasticsearch/templates/component/ecs/vulnerability.json
View File

@@ -10,11 +10,21 @@
"properties": { "properties": {
"category": { "category": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"classification": { "classification": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"description": { "description": {
"fields": { "fields": {
@@ -27,25 +37,50 @@
}, },
"enumeration": { "enumeration": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"id": { "id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"reference": { "reference": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"report_id": { "report_id": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}, },
"scanner": { "scanner": {
"properties": { "properties": {
"vendor": { "vendor": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
@@ -62,13 +97,23 @@
}, },
"version": { "version": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
}, },
"severity": { "severity": {
"ignore_above": 1024, "ignore_above": 1024,
"type": "keyword" "type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
} }
} }
} }

938
salt/elasticsearch/templates/component/ecs/winlog.json
View File

File diff suppressed because it is too large Load Diff

2135
salt/elasticsearch/templates/component/ecs/zeek.json
View File

File diff suppressed because it is too large Load Diff

99
salt/elasticsearch/templates/component/so/common-dynamic-mappings.json
View File

@@ -1,56 +1,55 @@
{ {
"template": { "template": {
"mappings": { "mappings": {
"dynamic_templates": [ "dynamic_templates": [
{ {
"ip_address": { "ip_address": {
"path_match": "*.ip", "path_match": "*.ip",
"mapping": { "mapping": {
"type": "ip", "type": "ip",
"fields": { "fields": {
"keyword": { "keyword": {
"ignore_above": 45, "ignore_above": 45,
"type": "keyword" "type": "keyword"
}
}
},
"match_mapping_type": "string"
}
},
{
"port": {
"path_match": "*.port",
"path_unmatch": "*.data.port",
"mapping": {
"type": "integer",
"fields": {
"keyword": {
"ignore_above": 6,
"type": "keyword"
}
}
}
}
},
{
"strings": {
"mapping": {
"type": "text",
"fields": {
"security": {
"analyzer": "es_security_analyzer",
"type": "text"
},
"keyword": {
"ignore_above": 32765,
"type": "keyword"
}
}
},
"match_mapping_type": "string"
} }
} }
] },
"match_mapping_type": "string"
}
},
{
"port": {
"path_match": "*.port",
"path_unmatch": "*.data.port",
"mapping": {
"type": "integer",
"fields": {
"keyword": {
"ignore_above": 6,
"type": "keyword"
}
}
}
}
},
{
"strings": {
"mapping": {
"type": "text",
"fields": {
"text": {
"type": "match_only_text"
},
"keyword": {
"ignore_above": 32765,
"type": "keyword"
}
}
},
"match_mapping_type": "string"
} }
} }
]
}
}
} }