MozDef/cron/defaultMappingTemplate.json

{
    "order" : 0,
    "template" : "*",
    "settings" : { },
    "mappings" : {
      "_default_" : {
        "dynamic_templates" : [ {
          "string_fields" : {
            "mapping" : {
              "type" : "keyword"
            },
            "match" : "*",
            "match_mapping_type" : "string"
          }
        }, {
          "float_fields" : {
            "mapping" : {
              "type" : "keyword"
            },
            "match" : "*",
            "match_mapping_type" : "float"
          }
        }, {
          "double_fields" : {
            "mapping" : {
              "type" : "keyword"
            },
            "match" : "*",
            "match_mapping_type" : "double"
          }
        }, {
          "byte_fields" : {
            "mapping" : {
              "type" : "keyword"
            },
            "match" : "*",
            "match_mapping_type" : "byte"
          }
        }, {
          "short_fields" : {
            "mapping" : {
              "type" : "keyword"
            },
            "match" : "*",
            "match_mapping_type" : "short"
          }
        }, {
          "integer_fields" : {
            "mapping" : {
              "type" : "keyword"
            },
            "match" : "*",
            "match_mapping_type" : "integer"
          }
        }, {
          "long_fields" : {
            "mapping" : {
              "type" : "keyword"
            },
            "match" : "*",
            "match_mapping_type" : "long"
          }
        } ],
        "properties" : {
          "category" : {
            "type" : "keyword"
          },
          "hostname" : {
            "type" : "keyword"
          },
          "processid" : {
            "type" : "keyword"
          },
          "processname": {
            "type" : "keyword"
          },
          "severity" : {
            "type" : "keyword"
          },
          "source" : {
            "type" : "keyword"
          },
          "summary" : {
            "type" : "text"
          },
          "details" : {
            "properties" : {
              "destinationport" : {
                "index" : "not_analyzed",
                "type" : "long"
              },
              "hostname" : {
                "type" : "keyword"
              },
              "sourceipaddress" : {
                "type" : "ip"
              },
              "srcip" : {
                "type" : "ip"
              },
              "sourceipv4address" : {
                "type" : "keyword"
              },
              "destinationipaddress" : {
                "type" : "ip"
              },
              "success" : {
                "type" : "boolean"
              },
              "sourceport" : {
                "index" : "not_analyzed",
                "type" : "long"
              },
              "apiversion" : {
                "properties" : {
                  "raw_value": {
                    "type" : "keyword"
                  }
                }
              },
              "requestparameters" : {
                "properties" : {
                  "logStreamName": {
                    "properties": {
                      "raw_value": {
                        "type" : "keyword"
                      }
                    }
                  }
                }
              }
            }
          },
          "receivedtimestamp" : {
            "format" : "dateOptionalTime",
            "type" : "date"
          },
          "utctimestamp" : {
            "format" : "dateOptionalTime",
            "type" : "date"
          },
          "version" : {
            "type" : "keyword"
          }
        },
        "_all" : {
          "enabled" : true
        }
      }
    },
    "aliases" : { }
}
Setup codebase for merge of two repos 2017-06-15 22:56:47 +03:00			`{`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"order" : 0,`
			`"template" : "*",`
			`"settings" : { },`
			`"mappings" : {`
			`"_default_" : {`
			`"dynamic_templates" : [ {`
			`"string_fields" : {`
			`"mapping" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
adding new default mapping template. 2016-10-31 22:13:55 +03:00			`},`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"match" : "*",`
			`"match_mapping_type" : "string"`
			`}`
			`}, {`
			`"float_fields" : {`
			`"mapping" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
adding new default mapping template. 2016-10-31 22:13:55 +03:00			`},`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"match" : "*",`
			`"match_mapping_type" : "float"`
			`}`
			`}, {`
			`"double_fields" : {`
			`"mapping" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
adding new default mapping template. 2016-10-31 22:13:55 +03:00			`},`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"match" : "*",`
			`"match_mapping_type" : "double"`
			`}`
			`}, {`
			`"byte_fields" : {`
			`"mapping" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
adding new default mapping template. 2016-10-31 22:13:55 +03:00			`},`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"match" : "*",`
			`"match_mapping_type" : "byte"`
			`}`
			`}, {`
			`"short_fields" : {`
			`"mapping" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
adding new default mapping template. 2016-10-31 22:13:55 +03:00			`},`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"match" : "*",`
			`"match_mapping_type" : "short"`
			`}`
			`}, {`
			`"integer_fields" : {`
			`"mapping" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
adding new default mapping template. 2016-10-31 22:13:55 +03:00			`},`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"match" : "*",`
			`"match_mapping_type" : "integer"`
			`}`
			`}, {`
			`"long_fields" : {`
			`"mapping" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc. 2018-02-28 23:52:35 +03:00			`},`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"match" : "*",`
			`"match_mapping_type" : "long"`
			`}`
			`} ],`
			`"properties" : {`
			`"category" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"hostname" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"processid" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"processname": {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"severity" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"source" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"summary" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "text"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"details" : {`
			`"properties" : {`
			`"destinationport" : {`
			`"index" : "not_analyzed",`
			`"type" : "long"`
			`},`
			`"hostname" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"sourceipaddress" : {`
			`"type" : "ip"`
			`},`
			`"srcip" : {`
			`"type" : "ip"`
			`},`
			`"sourceipv4address" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"destinationipaddress" : {`
			`"type" : "ip"`
			`},`
			`"success" : {`
			`"type" : "boolean"`
			`},`
			`"sourceport" : {`
			`"index" : "not_analyzed",`
			`"type" : "long"`
Add cloudtrail fields to default mapping 2018-11-06 20:54:45 +03:00			`},`
			`"apiversion" : {`
			`"properties" : {`
			`"raw_value": {`
			`"type" : "keyword"`
			`}`
			`}`
			`},`
			`"requestparameters" : {`
			`"properties" : {`
			`"logStreamName": {`
			`"properties": {`
			`"raw_value": {`
			`"type" : "keyword"`
			`}`
			`}`
			`}`
			`}`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`}`
Setup codebase for merge of two repos 2017-06-15 22:56:47 +03:00			`}`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"receivedtimestamp" : {`
			`"format" : "dateOptionalTime",`
			`"type" : "date"`
			`},`
			`"utctimestamp" : {`
			`"format" : "dateOptionalTime",`
			`"type" : "date"`
			`},`
			`"version" : {`
Update ES default mapping for version 5 2018-03-08 01:22:01 +03:00			`"type" : "keyword"`
adding new default mapping template. 2016-10-31 22:13:55 +03:00			`}`
			`},`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`"_all" : {`
			`"enabled" : true`
Setup codebase for merge of two repos 2017-06-15 22:56:47 +03:00			`}`
			`}`
Revert "update default mapping to facilitate singe event type, be stingy about doc_value/norms/etc." This reverts commit 98d560f7aa2426ecccb9b71ccd836578d74d256f. 2018-03-02 21:14:07 +03:00			`},`
			`"aliases" : { }`
			`}`