CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d1efa71c5763d6f99a331c35203b85fac86b7f86
securityonion/salt/elasticsearch/templates/so/so-case-template.json.jinja

222 lines
5.1 KiB
Django/Jinja
Raw Blame History

{%- set INDEX_SORTING = salt['pillar.get']('elasticsearch:index_sorting', True) %}
{%- set REPLICAS = salt['pillar.get']('elasticsearch:replicas', 0) %}
{%- set REFRESH = salt['pillar.get']('elasticsearch:index_settings:so-common:refresh', '30s') %}
{
"index_patterns": ["so-case*"],
"version":50001,
"order":11,
"settings":{
"number_of_replicas":{{ REPLICAS }},
"number_of_shards":1,
"index.refresh_interval":"{{ REFRESH }}",
"index.routing.allocation.require.box_type":"hot",
{%- if INDEX_SORTING is sameas true %}
"index.sort.field": "@timestamp",
"index.sort.order": "desc",
{%- endif %}
"index.mapping.total_fields.limit": "1500"
},
"mappings": {
"_meta": {
"version": "1.5.0"
},
"dynamic": false,
"date_detection": false,
"properties": {
"@timestamp": {
"type": "date"
},
"so_kind": {
"type": "keyword",
"ignore_above": 1024
},
"so_operation": {
"type": "keyword",
"ignore_above": 1024
},
"so_audit_doc_id": {
"type": "keyword",
"ignore_above": 1024
},
"so_artifact": {
"properties": {
"artifactType": {
"type": "keyword",
"ignore_above": 1024
},
"caseId": {
"type": "keyword",
"ignore_above": 1024
},
"createTime": {
"type": "date"
},
"description": {
"type": "text"
},
"groupId": {
"type": "keyword",
"ignore_above": 1024
},
"groupType": {
"type": "keyword",
"ignore_above": 1024
},
"ioc": {
"type": "boolean"
},
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"mimeType": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"streamId": {
"type": "keyword",
"ignore_above": 1024
},
"streamLength": {
"type": "long"
},
"tags": {
"type": "keyword",
"ignore_above": 1024
},
"tlp": {
"type": "keyword",
"ignore_above": 1024
},
"userId": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"so_artifactstream": {
"properties": {
"content": {
"type": "text"
},
"createTime": {
"type": "date"
},
"userId": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"so_case": {
"properties": {
"assigneeId": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
},
"completeTime": {
"type": "date"
},
"createTime": {
"type": "date"
},
"description": {
"type": "text"
},
"pap": {
"type": "keyword",
"ignore_above": 1024
},
"priority": {
"type": "long"
},
"severity": {
"type": "keyword",
"ignore_above": 1024
},
"startTime": {
"type": "date"
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"tags": {
"type": "keyword",
"ignore_above": 1024
},
"template": {
"type": "keyword",
"ignore_above": 1024
},
"title": {
"type": "text"
},
"tlp": {
"type": "keyword",
"ignore_above": 1024
},
"userId": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"so_comment": {
"properties": {
"caseId": {
"type": "keyword",
"ignore_above": 1024
},
"createTime": {
"type": "date"
},
"description": {
"type": "text"
},
"userId": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"so_related": {
"properties": {
"caseId": {
"type": "keyword",
"ignore_above": 1024
},
"createTime": {
"type": "date"
},
"userId": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink