mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
139 lines
3.3 KiB
JSON
139 lines
3.3 KiB
JSON
{
|
|
"template": {
|
|
"mappings": {
|
|
"properties": {
|
|
"so_audit_doc_id": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"@timestamp": {
|
|
"type": "date"
|
|
},
|
|
"so_kind": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"so_operation": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"so_detection": {
|
|
"properties": {
|
|
"publicId": {
|
|
"type": "text"
|
|
},
|
|
"title": {
|
|
"type": "text"
|
|
},
|
|
"severity": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"author": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"description": {
|
|
"type": "text"
|
|
},
|
|
"content": {
|
|
"type": "text"
|
|
},
|
|
"isEnabled": {
|
|
"type": "boolean"
|
|
},
|
|
"isReporting": {
|
|
"type": "boolean"
|
|
},
|
|
"isCommunity": {
|
|
"type": "boolean"
|
|
},
|
|
"tags": {
|
|
"type": "text"
|
|
},
|
|
"ruleset": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"engine": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"language": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"license": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"overrides": {
|
|
"properties": {
|
|
"type": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"isEnabled": {
|
|
"type": "boolean"
|
|
},
|
|
"createdAt": {
|
|
"type": "date"
|
|
},
|
|
"updatedAt": {
|
|
"type": "date"
|
|
},
|
|
"regex": {
|
|
"type": "text"
|
|
},
|
|
"value": {
|
|
"type": "text"
|
|
},
|
|
"thresholdType": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"track": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"ip": {
|
|
"type": "text"
|
|
},
|
|
"count": {
|
|
"type": "long"
|
|
},
|
|
"seconds": {
|
|
"type": "long"
|
|
},
|
|
"customFilter": {
|
|
"type": "text"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"so_detectioncomment": {
|
|
"properties": {
|
|
"createTime": {
|
|
"type": "date"
|
|
},
|
|
"detectionId": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
},
|
|
"value": {
|
|
"type": "text"
|
|
},
|
|
"userId": {
|
|
"ignore_above": 1024,
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"_meta": {
|
|
"ecs_version": "1.12.2"
|
|
}
|
|
} |