diff --git a/salt/elasticsearch/templates/component/so/dtc-process-mappings.json b/salt/elasticsearch/templates/component/so/dtc-process-mappings.json index 2b8d8abfb..d3d22139a 100644 --- a/salt/elasticsearch/templates/component/so/dtc-process-mappings.json +++ b/salt/elasticsearch/templates/component/so/dtc-process-mappings.json @@ -60,6 +60,32 @@ }, "type": "wildcard" }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, + "executable": { + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, "name": { "fields": { "keyword": { @@ -73,6 +99,133 @@ "ignore_above": 1024, "type": "keyword" }, + "parent": { + "properties": { + "command_line": { + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "text": { + "type": "match_only_text" + }, + "keyword": { + "type": "keyword" + } + }, + "type": "wildcard" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, + "executable": { + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "pe": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, + "company": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, + "description": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, + "file_version": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, + "original_file_name": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + }, + "product": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + } + } + } + }, "pid": { "type": "long", "fields": { @@ -88,6 +241,19 @@ "type": "keyword" } } + }, + "working_directory": { + "fields": { + "security": { + "type": "text", + "analyzer": "es_security_analyzer" + }, + "keyword": { + "type": "keyword" + } + }, + "ignore_above": 1024, + "type": "keyword" } } }