CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-16 14:02:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into issue/6810

Browse Source
This commit is contained in:
m0duspwnens
2022-01-19 15:35:28 -05:00
parent 67e34b2402 e984b0b9c4
commit fc65f7bb84
4 changed files with 14 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
salt/elasticsearch/templates/so/so-case-template.json.jinja
View File

@@ -36,11 +36,11 @@
"@timestamp": {
"type": "date"
},
"kind": {
"so_kind": {
"type": "keyword",
"ignore_above": 1024
},
"operation": {
"so_operation": {
"type": "keyword",
"ignore_above": 1024
},
@@ -48,7 +48,7 @@
"type": "keyword",
"ignore_above": 1024
},
"artifact": {
"so_artifact": {
"properties": {
"artifactType": {
"type": "keyword",
@@ -121,7 +121,7 @@
}
}
},
"artifactstream": {
"so_artifactstream": {
"properties": {
"content": {
"type": "text"
@@ -135,7 +135,7 @@
}
}
},
"case": {
"so_case": {
"properties": {
"assigneeId": {
"type": "keyword",
@@ -193,7 +193,7 @@
}
}
},
"comment": {
"so_comment": {
"properties": {
"caseId": {
"type": "keyword",
@@ -211,7 +211,7 @@
}
}
},
"related": {
"so_related": {
"properties": {
"caseId": {
"type": "keyword",
@@ -220,56 +220,6 @@
"createTime": {
"type": "date"
},
"fields": {
"properties": {
"@timestamp": {
"type": "date"
},
"event": {
"properties": {
"dataset": {
"type": "keyword",
"ignore_above": 1024
},
"module": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"message": {
"type": "text"
},
"scan":{
"type":"object",
"dynamic": true,
"properties":{
"exiftool":{
"type":"text"
},
"pe":{
"properties":{
"sections":{
"properties":{
"entropy":{
"type": "float"
}
}
}
}
}
}
},
"tags": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"userId": {
"type": "keyword",
"ignore_above": 1024