Normalize/clean up various mappings files

* Adds a wrapping "mappings.properties" around our extra mappings * Spreads our other mappings similarly to ECS mappings * Moves dynamic: false out of ECS mappings and into our main template * Ensures we include 'threat.properties.indicator', since that's where our 'type: nested' declaration resides
elastic · Apr 20, 2021 · a4ee0dd · a4ee0dd
1 parent cf66c98
commit a4ee0dd
Show file tree

Hide file tree

Showing 2 changed files with 276 additions and 278 deletions.
diff --git a/...lugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts b/...lugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts
@@ -42,30 +42,24 @@ export const getSignalsTemplate = (index: string) => {
     },
     index_patterns: [`${index}-*`],
     mappings: {
-      ...ecsMapping.mappings,
+      dynamic: false,
       properties: {
         ...ecsMapping.mappings.properties,
-        as: otherMapping.as,
-        code_signature: otherMapping.code_signature,
-        geo: otherMapping.geo,
-        hash: otherMapping.hash,
-        interface: otherMapping.interface,
-        os: otherMapping.os,
-        pe: otherMapping.pe,
+        ...otherMapping.mappings.properties,
         signal: signalsMapping.mappings.properties.signal,
         threat: {
           ...ecsMapping.mappings.properties.threat,
           properties: {
             ...ecsMapping.mappings.properties.threat.properties,
             indicator: {
+              ...otherMapping.mappings.properties.threat.properties.indicator,
               properties: {
-                ...otherMapping.threat.properties.indicator.properties,
+                ...otherMapping.mappings.properties.threat.properties.indicator.properties,
                 event: ecsMapping.mappings.properties.event,
               },
             },
           },
         },
-        vlan: otherMapping.vlan,
       },
       _meta: {
         version: SIGNALS_TEMPLATE_VERSION,