diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts index 7f4d3d36f77127..1c69c7b87214cb 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts @@ -42,30 +42,24 @@ export const getSignalsTemplate = (index: string) => { }, index_patterns: [`${index}-*`], mappings: { - ...ecsMapping.mappings, + dynamic: false, properties: { ...ecsMapping.mappings.properties, - as: otherMapping.as, - code_signature: otherMapping.code_signature, - geo: otherMapping.geo, - hash: otherMapping.hash, - interface: otherMapping.interface, - os: otherMapping.os, - pe: otherMapping.pe, + ...otherMapping.mappings.properties, signal: signalsMapping.mappings.properties.signal, threat: { ...ecsMapping.mappings.properties.threat, properties: { ...ecsMapping.mappings.properties.threat.properties, indicator: { + ...otherMapping.mappings.properties.threat.properties.indicator, properties: { - ...otherMapping.threat.properties.indicator.properties, + ...otherMapping.mappings.properties.threat.properties.indicator.properties, event: ecsMapping.mappings.properties.event, }, }, }, }, - vlan: otherMapping.vlan, }, _meta: { version: SIGNALS_TEMPLATE_VERSION, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/other_mappings.json b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/other_mappings.json index f7f593a414e5d0..43bc1a548a6af2 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/other_mappings.json +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/other_mappings.json @@ -1,333 +1,337 @@ { - "as": { + "mappings": { "properties": { - "number": { - "type": "long" - }, - "organization": { + "as": { "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" } - }, + } + } + } + }, + "code_signature": { + "properties": { + "exists": { + "type": "boolean" + }, + "status": { + "ignore_above": 1024, + "type": "keyword" + }, + "subject_name": { "ignore_above": 1024, "type": "keyword" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" } } - } - } - }, - "code_signature": { - "properties": { - "exists": { - "type": "boolean" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "norms": false, - "type": "text" + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" + } }, - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" + "hash": { + "properties": { + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512": { + "ignore_above": 1024, + "type": "keyword" } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" + } }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" + "interface": { + "properties": { + "alias": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "threat": { - "properties": { - "indicator": { - "type": "nested", + "os": { "properties": { - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "fields": { + "text": { + "norms": false, + "type": "text" } - } + }, + "ignore_above": 1024, + "type": "keyword" }, - "confidence": { + "kernel": { "ignore_above": 1024, "type": "keyword" }, - "dataset": { + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, "ignore_above": 1024, "type": "keyword" }, - "description": { - "type": "wildcard" + "platform": { + "ignore_above": 1024, + "type": "keyword" }, - "domain": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "pe": { + "properties": { + "company": { "ignore_above": 1024, "type": "keyword" }, - "email": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - } - } + "description": { + "ignore_above": 1024, + "type": "keyword" }, - "first_seen": { - "type": "date" + "file_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "original_file_name": { + "ignore_above": 1024, + "type": "keyword" }, - "geo": { + "product": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "threat": { + "properties": { + "indicator": { + "type": "nested", "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "fields": { + "text": { + "norms": false, + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" + } + } + } + } }, - "continent_name": { + "confidence": { "ignore_above": 1024, "type": "keyword" }, - "country_iso_code": { + "dataset": { "ignore_above": 1024, "type": "keyword" }, - "country_name": { + "description": { + "type": "wildcard" + }, + "domain": { "ignore_above": 1024, "type": "keyword" }, - "location": { - "type": "geo_point" + "email": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + } + } }, - "name": { - "ignore_above": 1024, - "type": "keyword" + "first_seen": { + "type": "date" }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "last_seen": { - "type": "date" - }, - "marking": { - "properties": { - "tlp": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "matched": { - "properties": { - "atomic": { + "ip": { + "type": "ip" + }, + "last_seen": { + "type": "date" + }, + "marking": { + "properties": { + "tlp": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "matched": { + "properties": { + "atomic": { + "ignore_above": 1024, + "type": "keyword" + }, + "field": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "module": { "ignore_above": 1024, "type": "keyword" }, - "field": { + "port": { + "type": "long" + }, + "provider": { "ignore_above": 1024, "type": "keyword" }, + "scanner_stats": { + "type": "long" + }, + "sightings": { + "type": "long" + }, "type": { "ignore_above": 1024, "type": "keyword" } } - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "provider": { + } + } + }, + "vlan": { + "properties": { + "id": { "ignore_above": 1024, "type": "keyword" }, - "scanner_stats": { - "type": "long" - }, - "sightings": { - "type": "long" - }, - "type": { + "name": { "ignore_above": 1024, "type": "keyword" } } } } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } } }