elasticsearch: config: node: name: {{ grains.host }} attr: box_type: hot cluster: name: {{ grains.host }} routing: allocation: disk: threshold_enabled: true watermark: low: 95% high: 98% flood_stage: 98% network: host: 0.0.0.0 path: logs: /var/log/elasticsearch action: destructive_requires_name: true transport: bind_host: 0.0.0.0 publish_host: {{ grains.host }} publish_port: 9300 xpack: ml: enabled: false security: enabled: true authc: anonymous: authz_exception: true roles: [] username: _anonymous transport: ssl: enabled: true verification_mode: none key: /usr/share/elasticsearch/config/elasticsearch.key certificate: /usr/share/elasticsearch/config/elasticsearch.crt certificate_authorities: - /usr/share/elasticsearch/config/ca.crt http: ssl: enabled: true client_authentication: none key: /usr/share/elasticsearch/config/elasticsearch.key certificate: /usr/share/elasticsearch/config/elasticsearch.crt certificate_authorities: - /usr/share/elasticsearch/config/ca.crt script: max_compilations_rate: 20000/1m indices: id_field_data: enabled: false ingest: geoip: downloader: enabled: false logger: org: elasticsearch: deprecation: ERROR index_settings: so-aws: warm: 7 close: 30 delete: 365 index_sorting: False index_template: index_patterns: - so-aws-* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - aws-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-azure: warm: 7 close: 30 delete: 365 index_sorting: False index_template: index_patterns: - so-azure-* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - azure-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-barracuda: warm: 7 close: 30 delete: 365 index_sorting: False index_template: index_patterns: - so-barracuda-* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-beats: warm: 7 close: 30 delete: 365 index_sorting: False index_template: index_patterns: - so-beats-* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings - winlog-mappings - dtc-winlog-mappings priority: 500 so-bluecoat: warm: 7 close: 30 delete: 365 index_sorting: False index_template: index_patterns: - so-bluecoat-* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-case: index_sorting: False index_template: index_patterns: - so-case* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 1500 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - case-mappings - case-settings priority: 500 so-cef: index_sorting: False index_template: index_patterns: - so-cef* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - cef-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-checkpoint: index_sorting: False index_template: index_patterns: - so-checkpoint* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - checkpoint-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-cisco: index_sorting: False index_template: index_patterns: - so-cisco* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - cisco-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-common: warm: 7 close: 30 delete: 365 index_sorting: False index_template: index_patterns: - so-* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - syslog-mappings - dtc-syslog-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings - winlog-mappings priority: 1 so-cyberark: index_sorting: False index_template: index_patterns: - so-cyberark* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - cyberark-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-cylance: index_sorting: False index_template: index_patterns: - so-cylance* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-elasticsearch: index_sorting: False index_template: index_patterns: - so-elasticsearch* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - elasticsearch-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-endgame: index_sorting: False index_template: index_patterns: - endgame* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - endgame-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings - winlog-mappings priority: 500 so-f5: index_sorting: False index_template: index_patterns: - so-f5* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-firewall: index_sorting: False index_template: index_patterns: - so-firewall* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - syslog-mappings - dtc-syslog-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-flow: index_sorting: False index_template: index_patterns: - so-flow* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-fortinet: index_sorting: False index_template: index_patterns: - so-fortinet* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - fortinet-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-gcp: index_sorting: False index_template: index_patterns: - so-gcp* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - gcp-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-google_workspace: index_sorting: False index_template: index_patterns: - so-google_workspace* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - google_workspace-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-idh: warm: 7 close: 30 delete: 365 index_sorting: False index_template: index_patterns: - so-idh-* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - container-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - common-settings - common-dynamic-mappings priority: 500 so-ids: index_sorting: False index_template: index_patterns: - so-ids* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - suricata-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-imperva: index_sorting: False index_template: index_patterns: - so-imperva* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-import: index_sorting: False index_template: index_patterns: - so-import* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings - winlog-mappings priority: 500 so-infoblox: index_sorting: False index_template: index_patterns: - so-infoblox* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings - winlog-mappings priority: 500 so-juniper: index_sorting: False index_template: index_patterns: - so-juniper* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - juniper-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-kibana: index_sorting: False index_template: index_patterns: - so-kibana* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - kibana-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-kratos: warm: 7 close: 30 delete: 365 index_sorting: False index_template: index_patterns: - so-kratos-* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - container-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - common-settings - common-dynamic-mappings priority: 500 so-logstash: index_sorting: False index_template: index_patterns: - so-logstash* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - logstash-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-microsoft: index_sorting: False index_template: index_patterns: - so-microsoft* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - microsoft-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-misp: index_sorting: False index_template: index_patterns: - so-misp* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - misp-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-netflow: index_sorting: False index_template: index_patterns: - so-netflow* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - netflow-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-netscout: index_sorting: False index_template: index_patterns: - so-netscout* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-o365: index_sorting: False index_template: index_patterns: - so-o365* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - o365-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-okta: index_sorting: False index_template: index_patterns: - so-okta* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - okta-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-osquery: index_sorting: False index_template: index_patterns: - so-osquery* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings - winlog-mappings priority: 500 so-ossec: index_sorting: False index_template: index_patterns: - so-ossec* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings - winlog-mappings priority: 500 so-proofpoint: index_sorting: False index_template: index_patterns: - so-proofpoint* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-radware: index_sorting: False index_template: index_patterns: - so-radware* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-redis: index_sorting: False index_template: index_patterns: - so-redis* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - redis-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-snort: index_sorting: False index_template: index_patterns: - so-snort* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-snyk: index_sorting: False index_template: index_patterns: - so-snyk* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - snyk-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-sonicwall: index_sorting: False index_template: index_patterns: - so-sonicwall* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-sophos: index_sorting: False index_template: index_patterns: - so-sophos* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - sophos-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-squid: index_sorting: False index_template: index_patterns: - so-squid* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-strelka: index_sorting: False index_template: index_patterns: - so-strelka* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - so-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - so-scan-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-syslog: index_sorting: False index_template: index_patterns: - so-syslog* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - syslog-mappings - dtc-syslog-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-tomcat: index_sorting: False index_template: index_patterns: - so-tomcat* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500 so-zeek: index_sorting: False index_template: index_patterns: - so-zeek* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 2 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - syslog-mappings - dtc-syslog-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - zeek-mappings - common-settings - common-dynamic-mappings priority: 500 so-zscaler: index_sorting: False index_template: index_patterns: - so-zscaler* template: mappings: dynamic_templates: - strings_as_keyword: mapping: ignore_above: 1024 type: keyword match_mapping_type: string date_detection: false settings: index: mapping: total_fields: limit: 5000 sort: field: "@timestamp" order: desc refresh_interval: 30s number_of_shards: 1 number_of_replicas: 0 composed_of: - agent-mappings - dtc-agent-mappings - base-mappings - dtc-base-mappings - client-mappings - dtc-client-mappings - cloud-mappings - container-mappings - data_stream-mappings - destination-mappings - dtc-destination-mappings - pb-override-destination-mappings - dll-mappings - dns-mappings - dtc-dns-mappings - ecs-mappings - dtc-ecs-mappings - error-mappings - event-mappings - dtc-event-mappings - file-mappings - dtc-file-mappings - group-mappings - host-mappings - dtc-host-mappings - http-mappings - dtc-http-mappings - log-mappings - network-mappings - dtc-network-mappings - observer-mappings - dtc-observer-mappings - orchestrator-mappings - organization-mappings - package-mappings - process-mappings - dtc-process-mappings - registry-mappings - related-mappings - rule-mappings - dtc-rule-mappings - server-mappings - service-mappings - dtc-service-mappings - source-mappings - dtc-source-mappings - pb-override-source-mappings - threat-mappings - tls-mappings - tracing-mappings - url-mappings - user_agent-mappings - dtc-user_agent-mappings - vulnerability-mappings - common-settings - common-dynamic-mappings priority: 500