CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-28 11:53:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9d4668f4d32205ffabd7fc0d96708decdea6ff21
securityonion/salt/elasticsearch/templates/component/ecs/microsoft.json
Wes a59eda319e Remove security subfield
2023-07-18 19:00:50 +00:00

265 lines
8.7 KiB
JSON
Raw Blame History

{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"microsoft": {
"properties": {
"defender_atp": {
"properties": {
"assignedTo": {
"ignore_above": 1024,
"type": "keyword"
},
"classification": {
"ignore_above": 1024,
"type": "keyword"
},
"determination": {
"ignore_above": 1024,
"type": "keyword"
},
"evidence": {
"properties": {
"aadUserId": {
"ignore_above": 1024,
"type": "keyword"
},
"accountName": {
"ignore_above": 1024,
"type": "keyword"
},
"domainName": {
"ignore_above": 1024,
"type": "keyword"
},
"entityType": {
"ignore_above": 1024,
"type": "keyword"
},
"ipAddress": {
"type": "ip"
},
"userPrincipalName": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"incidentId": {
"ignore_above": 1024,
"type": "keyword"
},
"investigationId": {
"ignore_above": 1024,
"type": "keyword"
},
"investigationState": {
"ignore_above": 1024,
"type": "keyword"
},
"lastUpdateTime": {
"type": "date"
},
"rbacGroupName": {
"ignore_above": 1024,
"type": "keyword"
},
"resolvedTime": {
"type": "date"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"threatFamilyName": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"m365_defender": {
"properties": {
"alerts": {
"properties": {
"actorName": {
"ignore_above": 1024,
"type": "keyword"
},
"assignedTo": {
"ignore_above": 1024,
"type": "keyword"
},
"classification": {
"ignore_above": 1024,
"type": "keyword"
},
"creationTime": {
"type": "date"
},
"detectionSource": {
"ignore_above": 1024,
"type": "keyword"
},
"determination": {
"ignore_above": 1024,
"type": "keyword"
},
"devices": {
"type": "flattened"
},
"entities": {
"properties": {
"accountName": {
"ignore_above": 1024,
"type": "keyword"
},
"clusterBy": {
"ignore_above": 1024,
"type": "keyword"
},
"deliveryAction": {
"ignore_above": 1024,
"type": "keyword"
},
"deviceId": {
"ignore_above": 1024,
"type": "keyword"
},
"entityType": {
"ignore_above": 1024,
"type": "keyword"
},
"ipAddress": {
"ignore_above": 1024,
"type": "keyword"
},
"mailboxAddress": {
"ignore_above": 1024,
"type": "keyword"
},
"mailboxDisplayName": {
"ignore_above": 1024,
"type": "keyword"
},
"recipient": {
"ignore_above": 1024,
"type": "keyword"
},
"registryHive": {
"ignore_above": 1024,
"type": "keyword"
},
"registryKey": {
"ignore_above": 1024,
"type": "keyword"
},
"registryValueType": {
"ignore_above": 1024,
"type": "keyword"
},
"securityGroupId": {
"ignore_above": 1024,
"type": "keyword"
},
"securityGroupName": {
"ignore_above": 1024,
"type": "keyword"
},
"sender": {
"ignore_above": 1024,
"type": "keyword"
},
"subject": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"incidentId": {
"ignore_above": 1024,
"type": "keyword"
},
"investigationId": {
"ignore_above": 1024,
"type": "keyword"
},
"investigationState": {
"ignore_above": 1024,
"type": "keyword"
},
"lastUpdatedTime": {
"type": "date"
},
"mitreTechniques": {
"ignore_above": 1024,
"type": "keyword"
},
"resolvedTime": {
"type": "date"
},
"severity": {
"ignore_above": 1024,
"type": "keyword"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"threatFamilyName": {
"ignore_above": 1024,
"type": "keyword"
},
"userSid": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"assignedTo": {
"ignore_above": 1024,
"type": "keyword"
},
"classification": {
"ignore_above": 1024,
"type": "keyword"
},
"determination": {
"ignore_above": 1024,
"type": "keyword"
},
"incidentId": {
"ignore_above": 1024,
"type": "keyword"
},
"incidentName": {
"ignore_above": 1024,
"type": "keyword"
},
"investigationState": {
"ignore_above": 1024,
"type": "keyword"
},
"redirectIncidentId": {
"ignore_above": 1024,
"type": "keyword"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink