afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update wazuh-elasticsearch.json template

Browse Source
This commit is contained in:
Jose M 2020-01-22 13:31:08 +01:00
parent d79a14de05
commit 125af8cff3
1 changed files with 132 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
View File

@ -162,6 +162,7 @@
"data.dstip", "data.dstip",
"data.dstport", "data.dstport",
"data.dstuser", "data.dstuser",
"data.extra_data",
"data.hardware.serial", "data.hardware.serial",
"data.id", "data.id",
"data.integration", "data.integration",
@ -291,10 +292,37 @@
"data.vulnerability.advisories", "data.vulnerability.advisories",
"data.vulnerability.bugzilla_reference", "data.vulnerability.bugzilla_reference",
"data.vulnerability.cve", "data.vulnerability.cve",
"data.vulnerability.cvss.cvss2.base_score",
"data.vulnerability.cvss.cvss2.exploitability_score",
"data.vulnerability.cvss.cvss2.impact_score",
"data.vulnerability.cvss.cvss2.vector.access_complexity",
"data.vulnerability.cvss.cvss2.vector.attack_vector",
"data.vulnerability.cvss.cvss2.vector.authentication",
"data.vulnerability.cvss.cvss2.vector.availability",
"data.vulnerability.cvss.cvss2.vector.confidentiality_impact",
"data.vulnerability.cvss.cvss2.vector.integrity_impact",
"data.vulnerability.cvss.cvss2.vector.privileges_required",
"data.vulnerability.cvss.cvss2.vector.scope",
"data.vulnerability.cvss.cvss2.vector.user_interaction",
"data.vulnerability.cvss.cvss3.base_score",
"data.vulnerability.cvss.cvss3.exploitability_score",
"data.vulnerability.cvss.cvss3.impact_score",
"data.vulnerability.cvss.cvss3.vector.access_complexity",
"data.vulnerability.cvss.cvss3.vector.attack_vector",
"data.vulnerability.cvss.cvss3.vector.authentication",
"data.vulnerability.cvss.cvss3.vector.availability",
"data.vulnerability.cvss.cvss3.vector.confidentiality_impact",
"data.vulnerability.cvss.cvss3.vector.integrity_impact",
"data.vulnerability.cvss.cvss3.vector.privileges_required",
"data.vulnerability.cvss.cvss3.vector.scope",
"data.vulnerability.cvss.cvss3.vector.user_interaction",
"data.vulnerability.cwe_reference", "data.vulnerability.cwe_reference",
"data.vulnerability.package.architecture",
"data.vulnerability.package.condition", "data.vulnerability.package.condition",
"data.vulnerability.package.generated_cpe",
"data.vulnerability.package.name", "data.vulnerability.package.name",
"data.vulnerability.package.version", "data.vulnerability.package.version",
"data.vulnerability.rationale",
"data.vulnerability.reference", "data.vulnerability.reference",
"data.vulnerability.severity", "data.vulnerability.severity",
"data.vulnerability.state", "data.vulnerability.state",
@ -372,6 +400,8 @@
"rule.id", "rule.id",
"rule.info", "rule.info",
"rule.pci_dss", "rule.pci_dss",
"rule.hipaa",
"rule.nist_800_53",
"syscheck.audit.effective_user.id", "syscheck.audit.effective_user.id",
"syscheck.audit.effective_user.name", "syscheck.audit.effective_user.name",
"syscheck.audit.group.id", "syscheck.audit.group.id",
@ -943,6 +973,9 @@
"data": { "data": {
"type": "keyword" "type": "keyword"
}, },
"extra_data": {
"type": "keyword"
},
"system_name": { "system_name": {
"type": "keyword" "type": "keyword"
}, },
@ -1531,14 +1564,93 @@
}, },
"cvss": { "cvss": {
"properties": { "properties": {
"cvss3_score": { "cvss2": {
"type": "keyword" "properties": {
"base_score": {
"type": "keyword"
},
"exploitability_score": {
"type": "keyword"
},
"impact_score": {
"type": "keyword"
},
"vector": {
"properties": {
"access_complexity": {
"type": "keyword"
},
"attack_vector": {
"type": "keyword"
},
"authentication": {
"type": "keyword"
},
"availability": {
"type": "keyword"
},
"confidentiality_impact": {
"type": "keyword"
},
"integrity_impact": {
"type": "keyword"
},
"privileges_required": {
"type": "keyword"
},
"scope": {
"type": "keyword"
},
"user_interaction": {
"type": "keyword"
}
}
}
}
}, },
"cvss_score": { "cvss3": {
"type": "keyword" "properties": {
}, "base_score": {
"cvss_scoring_vector": { "type": "keyword"
"type": "keyword" },
"exploitability_score": {
"type": "keyword"
},
"impact_score": {
"type": "keyword"
},
"vector": {
"properties": {
"access_complexity": {
"type": "keyword"
},
"attack_vector": {
"type": "keyword"
},
"authentication": {
"type": "keyword"
},
"availability": {
"type": "keyword"
},
"confidentiality_impact": {
"type": "keyword"
},
"integrity_impact": {
"type": "keyword"
},
"privileges_required": {
"type": "keyword"
},
"scope": {
"type": "keyword"
},
"user_interaction": {
"type": "keyword"
}
}
}
}
} }
} }
}, },
@ -1547,9 +1659,15 @@
}, },
"package": { "package": {
"properties": { "properties": {
"architecture": {
"type": "keyword"
},
"condition": { "condition": {
"type": "keyword" "type": "keyword"
}, },
"generated_cpe": {
"type": "keyword"
},
"name": { "name": {
"type": "keyword" "type": "keyword"
}, },
@ -1561,6 +1679,12 @@
"published": { "published": {
"type": "date" "type": "date"
}, },
"updated": {
"type": "date"
},
"rationale": {
"type": "keyword"
},
"reference": { "reference": {
"type": "keyword" "type": "keyword"
}, },
@ -1673,4 +1797,4 @@
} }
}, },
"version": 1 "version": 1
} }