CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-02 06:14:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
26cb8d43e13fc05cb0d2178e8cc82ce4f5338564
securityonion/salt/elasticsearch/templates/component/so/dtc-process-mappings.json
Wes a59eda319e Remove security subfield
2023-07-18 19:00:50 +00:00

167 lines
4.4 KiB
JSON
Raw Blame History

{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-process.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"process": {
"properties": {
"command_line": {
"fields": {
"keyword": {
"type": "keyword"
}
},
"type": "wildcard"
},
"entity_id": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"executable": {
"fields": {
"keyword": {
"type": "keyword"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"fields": {
"keyword": {
"type": "keyword"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"parent": {
"properties": {
"command_line": {
"fields": {
"text": {
"type": "match_only_text"
},
"keyword": {
"type": "keyword"
}
},
"type": "wildcard"
},
"entity_id": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"executable": {
"fields": {
"keyword": {
"type": "keyword"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
},
"pe": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"company": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"description": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"file_version": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"original_file_name": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"product": {
"ignore_above": 1024,
"type": "keyword",
"fields": {
"keyword": {
"type": "keyword"
}
}
}
}
},
"pid": {
"type": "long",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"ppid": {
"type": "long",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"working_directory": {
"fields": {
"keyword": {
"type": "keyword"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink