CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-01 22:03:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
26cb8d43e13fc05cb0d2178e8cc82ce4f5338564
securityonion/salt/elasticsearch/templates/component/ecs/cisco.json
Wes a59eda319e Remove security subfield
2023-07-18 19:00:50 +00:00

620 lines
20 KiB
JSON
Raw Blame History

{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"cisco": {
"properties": {
"amp": {
"properties": {
"bp_data": {
"type": "flattened"
},
"cloud_ioc": {
"properties": {
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"short_description": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"command_line": {
"properties": {
"arguments": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"computer": {
"properties": {
"active": {
"type": "boolean"
},
"connector_guid": {
"ignore_above": 1024,
"type": "keyword"
},
"external_ip": {
"type": "ip"
},
"network_addresses": {
"type": "flattened"
}
}
},
"connector_guid": {
"ignore_above": 1024,
"type": "keyword"
},
"detection": {
"ignore_above": 1024,
"type": "keyword"
},
"detection_id": {
"ignore_above": 1024,
"type": "keyword"
},
"error": {
"properties": {
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"error_code": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"event_type_id": {
"ignore_above": 1024,
"type": "keyword"
},
"file": {
"properties": {
"archived_file": {
"properties": {
"disposition": {
"ignore_above": 1024,
"type": "keyword"
},
"identity": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
},
"sha256": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"attack_details": {
"properties": {
"application": {
"ignore_above": 1024,
"type": "keyword"
},
"attacked_module": {
"ignore_above": 1024,
"type": "keyword"
},
"base_address": {
"ignore_above": 1024,
"type": "keyword"
},
"indicators": {
"type": "flattened"
},
"suspicious_files": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"disposition": {
"ignore_above": 1024,
"type": "keyword"
},
"parent": {
"properties": {
"disposition": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"group_guids": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_tactics": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_techniques": {
"ignore_above": 1024,
"type": "keyword"
},
"network_info": {
"properties": {
"disposition": {
"ignore_above": 1024,
"type": "keyword"
},
"nfm": {
"properties": {
"direction": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"parent": {
"properties": {
"disposition": {
"ignore_above": 1024,
"type": "keyword"
},
"identify": {
"properties": {
"sha256": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"identity": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
},
"related": {
"properties": {
"cve": {
"ignore_above": 1024,
"type": "keyword"
},
"mac": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"scan": {
"properties": {
"clean": {
"type": "boolean"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"malicious_detections": {
"type": "long"
},
"scanned_files": {
"type": "long"
},
"scanned_paths": {
"type": "long"
},
"scanned_processes": {
"type": "long"
}
}
},
"tactics": {
"type": "flattened"
},
"techniques": {
"type": "flattened"
},
"threat_hunting": {
"properties": {
"incident_end_time": {
"type": "date"
},
"incident_hunt_guid": {
"ignore_above": 1024,
"type": "keyword"
},
"incident_id": {
"ignore_above": 1024,
"type": "keyword"
},
"incident_remediation": {
"ignore_above": 1024,
"type": "keyword"
},
"incident_report_guid": {
"ignore_above": 1024,
"type": "keyword"
},
"incident_start_time": {
"type": "date"
},
"incident_summary": {
"ignore_above": 1024,
"type": "keyword"
},
"incident_title": {
"ignore_above": 1024,
"type": "keyword"
},
"severity": {
"ignore_above": 1024,
"type": "keyword"
},
"tactics": {
"type": "flattened"
},
"techniques": {
"type": "flattened"
}
}
},
"timestamp_nanoseconds": {
"type": "date"
},
"vulnerabilities": {
"type": "flattened"
}
}
},
"asa": {
"properties": {
"assigned_ip": {
"type": "ip"
},
"burst": {
"properties": {
"avg_rate": {
"ignore_above": 1024,
"type": "keyword"
},
"configured_avg_rate": {
"ignore_above": 1024,
"type": "keyword"
},
"configured_rate": {
"ignore_above": 1024,
"type": "keyword"
},
"cumulative_count": {
"ignore_above": 1024,
"type": "keyword"
},
"current_rate": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"object": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"command_line_arguments": {
"ignore_above": 1024,
"type": "keyword"
},
"connection_id": {
"ignore_above": 1024,
"type": "keyword"
},
"connection_type": {
"ignore_above": 1024,
"type": "keyword"
},
"dap_records": {
"ignore_above": 1024,
"type": "keyword"
},
"destination_interface": {
"ignore_above": 1024,
"type": "keyword"
},
"destination_username": {
"ignore_above": 1024,
"type": "keyword"
},
"icmp_code": {
"type": "short"
},
"icmp_type": {
"type": "short"
},
"mapped_destination_host": {
"ignore_above": 1024,
"type": "keyword"
},
"mapped_destination_ip": {
"type": "ip"
},
"mapped_destination_port": {
"type": "long"
},
"mapped_source_host": {
"ignore_above": 1024,
"type": "keyword"
},
"mapped_source_ip": {
"type": "ip"
},
"mapped_source_port": {
"type": "long"
},
"message_id": {
"ignore_above": 1024,
"type": "keyword"
},
"privilege": {
"properties": {
"new": {
"ignore_above": 1024,
"type": "keyword"
},
"old": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"rule_name": {
"ignore_above": 1024,
"type": "keyword"
},
"session_type": {
"ignore_above": 1024,
"type": "keyword"
},
"source_interface": {
"ignore_above": 1024,
"type": "keyword"
},
"source_username": {
"ignore_above": 1024,
"type": "keyword"
},
"suffix": {
"ignore_above": 1024,
"type": "keyword"
},
"termination_initiator": {
"ignore_above": 1024,
"type": "keyword"
},
"termination_user": {
"ignore_above": 1024,
"type": "keyword"
},
"threat_category": {
"ignore_above": 1024,
"type": "keyword"
},
"threat_level": {
"ignore_above": 1024,
"type": "keyword"
},
"tunnel_type": {
"ignore_above": 1024,
"type": "keyword"
},
"webvpn": {
"properties": {
"group_name": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"ftd": {
"properties": {
"connection_id": {
"ignore_above": 1024,
"type": "keyword"
},
"connection_type": {
"ignore_above": 1024,
"type": "keyword"
},
"dap_records": {
"ignore_above": 1024,
"type": "keyword"
},
"destination_interface": {
"ignore_above": 1024,
"type": "keyword"
},
"destination_username": {
"ignore_above": 1024,
"type": "keyword"
},
"icmp_code": {
"type": "short"
},
"icmp_type": {
"type": "short"
},
"mapped_destination_host": {
"ignore_above": 1024,
"type": "keyword"
},
"mapped_destination_ip": {
"type": "ip"
},
"mapped_destination_port": {
"type": "long"
},
"mapped_source_host": {
"ignore_above": 1024,
"type": "keyword"
},
"mapped_source_ip": {
"type": "ip"
},
"mapped_source_port": {
"type": "long"
},
"message_id": {
"ignore_above": 1024,
"type": "keyword"
},
"rule_name": {
"ignore_above": 1024,
"type": "keyword"
},
"security": {
"type": "object"
},
"source_interface": {
"ignore_above": 1024,
"type": "keyword"
},
"source_username": {
"ignore_above": 1024,
"type": "keyword"
},
"suffix": {
"ignore_above": 1024,
"type": "keyword"
},
"termination_initiator": {
"ignore_above": 1024,
"type": "keyword"
},
"termination_user": {
"ignore_above": 1024,
"type": "keyword"
},
"threat_category": {
"ignore_above": 1024,
"type": "keyword"
},
"threat_level": {
"ignore_above": 1024,
"type": "keyword"
},
"webvpn": {
"properties": {
"group_name": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"ios": {
"properties": {
"access_list": {
"ignore_above": 1024,
"type": "keyword"
},
"facility": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"umbrella": {
"properties": {
"amp_disposition": {
"ignore_above": 1024,
"type": "keyword"
},
"amp_malware_name": {
"ignore_above": 1024,
"type": "keyword"
},
"amp_score": {
"ignore_above": 1024,
"type": "keyword"
},
"av_detections": {
"ignore_above": 1024,
"type": "keyword"
},
"blocked_categories": {
"ignore_above": 1024,
"type": "keyword"
},
"categories": {
"ignore_above": 1024,
"type": "keyword"
},
"content_type": {
"ignore_above": 1024,
"type": "keyword"
},
"datacenter": {
"ignore_above": 1024,
"type": "keyword"
},
"identities": {
"ignore_above": 1024,
"type": "keyword"
},
"identity_types": {
"ignore_above": 1024,
"type": "keyword"
},
"origin_id": {
"ignore_above": 1024,
"type": "keyword"
},
"policy_identity_type": {
"ignore_above": 1024,
"type": "keyword"
},
"puas": {
"ignore_above": 1024,
"type": "keyword"
},
"sha_sha256": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink