CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-26 10:53:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ecc5d64584e5f895adf36428c30be04e8564aedf
securityonion/salt/elasticsearch/templates/component/ecs/misp.json
Wes a59eda319e Remove security subfield
2023-07-18 19:00:50 +00:00

425 lines
12 KiB
JSON
Raw Blame History

{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"misp": {
"properties": {
"attack_pattern": {
"properties": {
"description": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"kill_chain_phases": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"campaign": {
"properties": {
"aliases": {
"norms": false,
"type": "text"
},
"description": {
"norms": false,
"type": "text"
},
"first_seen": {
"type": "date"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"last_seen": {
"type": "date"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"objective": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"course_of_action": {
"properties": {
"description": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"identity": {
"properties": {
"contact_information": {
"norms": false,
"type": "text"
},
"description": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"identity_class": {
"ignore_above": 1024,
"type": "keyword"
},
"labels": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"sectors": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"intrusion_set": {
"properties": {
"aliases": {
"norms": false,
"type": "text"
},
"description": {
"norms": false,
"type": "text"
},
"first_seen": {
"type": "date"
},
"goals": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"last_seen": {
"type": "date"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"primary_motivation": {
"norms": false,
"type": "text"
},
"resource_level": {
"norms": false,
"type": "text"
},
"secondary_motivations": {
"norms": false,
"type": "text"
}
}
},
"malware": {
"properties": {
"description": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"kill_chain_phases": {
"ignore_above": 1024,
"type": "keyword"
},
"labels": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"note": {
"properties": {
"authors": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"object_refs": {
"ignore_above": 1024,
"type": "keyword"
},
"summary": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"observed_data": {
"properties": {
"first_observed": {
"type": "date"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"last_observed": {
"type": "date"
},
"number_observed": {
"type": "long"
},
"objects": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"report": {
"properties": {
"description": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"labels": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"object_refs": {
"norms": false,
"type": "text"
},
"published": {
"type": "date"
}
}
},
"threat_actor": {
"properties": {
"aliases": {
"norms": false,
"type": "text"
},
"description": {
"norms": false,
"type": "text"
},
"goals": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"labels": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"personal_motivations": {
"norms": false,
"type": "text"
},
"primary_motivation": {
"norms": false,
"type": "text"
},
"resource_level": {
"norms": false,
"type": "text"
},
"roles": {
"norms": false,
"type": "text"
},
"secondary_motivations": {
"norms": false,
"type": "text"
},
"sophistication": {
"norms": false,
"type": "text"
}
}
},
"threat_indicator": {
"properties": {
"attack_pattern": {
"ignore_above": 1024,
"type": "keyword"
},
"attack_pattern_kql": {
"ignore_above": 1024,
"type": "keyword"
},
"campaign": {
"ignore_above": 1024,
"type": "keyword"
},
"confidence": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"norms": false,
"type": "text"
},
"feed": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"intrusion_set": {
"ignore_above": 1024,
"type": "keyword"
},
"kill_chain_phases": {
"ignore_above": 1024,
"type": "keyword"
},
"labels": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_tactic": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_technique": {
"ignore_above": 1024,
"type": "keyword"
},
"negate": {
"type": "boolean"
},
"severity": {
"ignore_above": 1024,
"type": "keyword"
},
"threat_actor": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"valid_from": {
"type": "date"
},
"valid_until": {
"type": "date"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"tool": {
"properties": {
"description": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"kill_chain_phases": {
"norms": false,
"type": "text"
},
"labels": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"tool_version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"vulnerability": {
"properties": {
"description": {
"norms": false,
"type": "text"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink