Skip to content

Commit

Permalink
Update ECS templates for modified modules: states-inventory-hardware …
Browse files Browse the repository at this point in the history 
…states-inventory-hotfixes states-vulnerabilities
  • Loading branch information
@wazuh-devel-xdrsiem-indexer
wazuh-devel-xdrsiem-indexer committed Jan 23, 2025
1 parent b7680cc commit 5d55dbe
Show file tree
Hide file tree
Showing 4 changed files with 1,201 additions and 0 deletions.
326 changes: 326 additions & 0 deletions ecs-templates/index-template-hardware.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,326 @@
{
"index_patterns": [
"wazuh-states-inventory-hardware*"
],
"mappings": {
"date_detection": false,
"dynamic": "strict",
"properties": {
"@timestamp": {
"type": "date"
},
"agent": {
"properties": {
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"host": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"boot": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"cpu": {
"properties": {
"cores": {
"type": "long"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"speed": {
"type": "long"
},
"usage": {
"type": "float"
}
},
"type": "object"
},
"disk": {
"properties": {
"read": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"write": {
"properties": {
"bytes": {
"type": "long"
}
}
}
}
},
"domain": {
"ignore_above": 1024,
"type": "keyword"
},
"geo": {
"properties": {
"city_name": {
"ignore_above": 1024,
"type": "keyword"
},
"continent_code": {
"ignore_above": 1024,
"type": "keyword"
},
"continent_name": {
"ignore_above": 1024,
"type": "keyword"
},
"country_iso_code": {
"ignore_above": 1024,
"type": "keyword"
},
"country_name": {
"ignore_above": 1024,
"type": "keyword"
},
"location": {
"type": "geo_point"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"postal_code": {
"ignore_above": 1024,
"type": "keyword"
},
"region_iso_code": {
"ignore_above": 1024,
"type": "keyword"
},
"region_name": {
"ignore_above": 1024,
"type": "keyword"
},
"timezone": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"ip": {
"type": "ip"
},
"mac": {
"ignore_above": 1024,
"type": "keyword"
},
"memory": {
"properties": {
"free": {
"type": "long"
},
"total": {
"type": "long"
},
"used": {
"properties": {
"percentage": {
"type": "long"
}
},
"type": "object"
}
},
"type": "object"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"network": {
"properties": {
"egress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
},
"ingress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
}
}
},
"os": {
"properties": {
"family": {
"ignore_above": 1024,
"type": "keyword"
},
"full": {
"ignore_above": 1024,
"type": "keyword"
},
"kernel": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"pid_ns_ino": {
"ignore_above": 1024,
"type": "keyword"
},
"risk": {
"properties": {
"calculated_level": {
"ignore_above": 1024,
"type": "keyword"
},
"calculated_score": {
"type": "float"
},
"calculated_score_norm": {
"type": "float"
},
"static_level": {
"ignore_above": 1024,
"type": "keyword"
},
"static_score": {
"type": "float"
},
"static_score_norm": {
"type": "float"
}
}
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"uptime": {
"type": "long"
}
}
},
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"host": {
"properties": {
"cpu": {
"properties": {
"cores": {
"type": "long"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"speed": {
"type": "long"
},
"usage": {
"type": "float"
}
},
"type": "object"
},
"memory": {
"properties": {
"free": {
"type": "long"
},
"total": {
"type": "long"
},
"used": {
"properties": {
"percentage": {
"type": "long"
}
},
"type": "object"
}
},
"type": "object"
}
}
},
"observer": {
"properties": {
"serial_number": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"observer.board_serial"
],
"refresh_interval": "5s"
}
}
}
Loading

0 comments on commit 5d55dbe

Please sign in to comment.