From 3911b8e0382300782ea8fe246f50d00ee8d3cdff Mon Sep 17 00:00:00 2001 From: Jose M Date: Mon, 16 Sep 2019 18:08:53 +0200 Subject: [PATCH] Remove old Elastic alerts template. --- .../wazuh-elastic6-template-alerts.json.j2 | 621 ------------------ 1 file changed, 621 deletions(-) delete mode 100644 roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 deleted file mode 100644 index 18dda52f..00000000 --- a/roles/elastic-stack/ansible-elasticsearch/templates/wazuh-elastic6-template-alerts.json.j2 +++ /dev/null @@ -1,621 +0,0 @@ -{ - "order": 0, - "template": "wazuh-alerts-3.x-*", - "settings": { - "index.refresh_interval": "5s" - }, - "mappings": { - "wazuh": { - "dynamic_templates": [ - { - "string_as_keyword": { - "match_mapping_type": "string", - "mapping": { - "type": "keyword", - "doc_values": "true" - } - } - } - ], - "properties": { - "@timestamp": { - "type": "date", - "format": "dateOptionalTime" - }, - "@version": { - "type": "text" - }, - "agent": { - "properties": { - "ip": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "manager": { - "properties": { - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "cluster": { - "properties": { - "name": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "AlertsFile": { - "type": "keyword", - "doc_values": "true" - }, - "full_log": { - "type": "text" - }, - "previous_log": { - "type": "text" - }, - "GeoLocation": { - "properties": { - "area_code": { - "type": "long" - }, - "city_name": { - "type": "keyword", - "doc_values": "true" - }, - "continent_code": { - "type": "text" - }, - "coordinates": { - "type": "double" - }, - "country_code2": { - "type": "text" - }, - "country_code3": { - "type": "text" - }, - "country_name": { - "type": "keyword", - "doc_values": "true" - }, - "dma_code": { - "type": "long" - }, - "ip": { - "type": "keyword", - "doc_values": "true" - }, - "latitude": { - "type": "double" - }, - "location": { - "type": "geo_point" - }, - "longitude": { - "type": "double" - }, - "postal_code": { - "type": "keyword" - }, - "real_region_name": { - "type": "keyword", - "doc_values": "true" - }, - "region_name": { - "type": "keyword", - "doc_values": "true" - }, - "timezone": { - "type": "text" - } - } - }, - "host": { - "type": "keyword", - "doc_values": "true" - }, - "syscheck": { - "properties": { - "path": { - "type": "keyword", - "doc_values": "true" - }, - "sha1_before": { - "type": "keyword", - "doc_values": "true" - }, - "sha1_after": { - "type": "keyword", - "doc_values": "true" - }, - "uid_before": { - "type": "keyword", - "doc_values": "true" - }, - "uid_after": { - "type": "keyword", - "doc_values": "true" - }, - "gid_before": { - "type": "keyword", - "doc_values": "true" - }, - "gid_after": { - "type": "keyword", - "doc_values": "true" - }, - "perm_before": { - "type": "keyword", - "doc_values": "true" - }, - "perm_after": { - "type": "keyword", - "doc_values": "true" - }, - "md5_after": { - "type": "keyword", - "doc_values": "true" - }, - "md5_before": { - "type": "keyword", - "doc_values": "true" - }, - "gname_after": { - "type": "keyword", - "doc_values": "true" - }, - "gname_before": { - "type": "keyword", - "doc_values": "true" - }, - "inode_after": { - "type": "keyword", - "doc_values": "true" - }, - "inode_before": { - "type": "keyword", - "doc_values": "true" - }, - "mtime_after": { - "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" - }, - "mtime_before": { - "type": "date", - "format": "dateOptionalTime", - "doc_values": "true" - }, - "uname_after": { - "type": "keyword", - "doc_values": "true" - }, - "uname_before": { - "type": "keyword", - "doc_values": "true" - }, - "size_before": { - "type": "long", - "doc_values": "true" - }, - "size_after": { - "type": "long", - "doc_values": "true" - }, - "diff": { - "type": "keyword", - "doc_values": "true" - }, - "event": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "location": { - "type": "keyword", - "doc_values": "true" - }, - "message": { - "type": "text" - }, - "offset": { - "type": "keyword" - }, - "rule": { - "properties": { - "description": { - "type": "keyword", - "doc_values": "true" - }, - "groups": { - "type": "keyword", - "doc_values": "true" - }, - "level": { - "type": "long", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "cve": { - "type": "keyword", - "doc_values": "true" - }, - "info": { - "type": "keyword", - "doc_values": "true" - }, - "frequency": { - "type": "long", - "doc_values": "true" - }, - "firedtimes": { - "type": "long", - "doc_values": "true" - }, - "cis": { - "type": "keyword", - "doc_values": "true" - }, - "pci_dss": { - "type": "keyword", - "doc_values": "true" - }, - "gdpr": { - "type": "keyword", - "doc_values": "true" - }, - "gpg13": { - "type": "keyword", - "doc_values": "true" - } - } - }, - "decoder": { - "properties": { - "parent": { - "type": "keyword", - "doc_values": "true" - }, - "name": { - "type": "keyword", - "doc_values": "true" - }, - "ftscomment": { - "type": "keyword", - "doc_values": "true" - }, - "fts": { - "type": "long", - "doc_values": "true" - }, - "accumulate": { - "type": "long", - "doc_values": "true" - } - } - }, - "data": { - "properties": { - "protocol": { - "type": "keyword", - "doc_values": "true" - }, - "action": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "dstip": { - "type": "keyword", - "doc_values": "true" - }, - "srcport": { - "type": "keyword", - "doc_values": "true" - }, - "dstport": { - "type": "keyword", - "doc_values": "true" - }, - "srcuser": { - "type": "keyword", - "doc_values": "true" - }, - "dstuser": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "status": { - "type": "keyword", - "doc_values": "true" - }, - "data": { - "type": "keyword", - "doc_values": "true" - }, - "system_name": { - "type": "keyword", - "doc_values": "true" - }, - "url": { - "type": "keyword", - "doc_values": "true" - }, - "oscap": { - "properties": { - "check.title": { - "type": "keyword", - "doc_values": "true" - }, - "check.id": { - "type": "keyword", - "doc_values": "true" - }, - "check.result": { - "type": "keyword", - "doc_values": "true" - }, - "check.severity": { - "type": "keyword", - "doc_values": "true" - }, - "check.description": { - "type": "text" - }, - "check.rationale": { - "type": "text" - }, - "check.references": { - "type": "text" - }, - "check.identifiers": { - "type": "text" - }, - "check.oval.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.content": { - "type": "keyword", - "doc_values": "true" - }, - "scan.benchmark.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.title": { - "type": "keyword", - "doc_values": "true" - }, - "scan.profile.id": { - "type": "keyword", - "doc_values": "true" - }, - "scan.score": { - "type": "double", - "doc_values": "true" - }, - "scan.return_code": { - "type": "long", - "doc_values": "true" - } - } - }, - "audit": { - "properties": { - "type": { - "type": "keyword", - "doc_values": "true" - }, - "id": { - "type": "keyword", - "doc_values": "true" - }, - "syscall": { - "type": "keyword", - "doc_values": "true" - }, - "exit": { - "type": "keyword", - "doc_values": "true" - }, - "ppid": { - "type": "keyword", - "doc_values": "true" - }, - "pid": { - "type": "keyword", - "doc_values": "true" - }, - "auid": { - "type": "keyword", - "doc_values": "true" - }, - "uid": { - "type": "keyword", - "doc_values": "true" - }, - "gid": { - "type": "keyword", - "doc_values": "true" - }, - "euid": { - "type": "keyword", - "doc_values": "true" - }, - "suid": { - "type": "keyword", - "doc_values": "true" - }, - "fsuid": { - "type": "keyword", - "doc_values": "true" - }, - "egid": { - "type": "keyword", - "doc_values": "true" - }, - "sgid": { - "type": "keyword", - "doc_values": "true" - }, - "fsgid": { - "type": "keyword", - "doc_values": "true" - }, - "tty": { - "type": "keyword", - "doc_values": "true" - }, - "session": { - "type": "keyword", - "doc_values": "true" - }, - "command": { - "type": "keyword", - "doc_values": "true" - }, - "exe": { - "type": "keyword", - "doc_values": "true" - }, - "key": { - "type": "keyword", - "doc_values": "true" - }, - "cwd": { - "type": "keyword", - "doc_values": "true" - }, - "directory.name": { - "type": "keyword", - "doc_values": "true" - }, - "directory.inode": { - "type": "keyword", - "doc_values": "true" - }, - "directory.mode": { - "type": "keyword", - "doc_values": "true" - }, - "file.name": { - "type": "keyword", - "doc_values": "true" - }, - "file.inode": { - "type": "keyword", - "doc_values": "true" - }, - "file.mode": { - "type": "keyword", - "doc_values": "true" - }, - "acct": { - "type": "keyword", - "doc_values": "true" - }, - "dev": { - "type": "keyword", - "doc_values": "true" - }, - "enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "list": { - "type": "keyword", - "doc_values": "true" - }, - "old-auid": { - "type": "keyword", - "doc_values": "true" - }, - "old-ses": { - "type": "keyword", - "doc_values": "true" - }, - "old_enforcing": { - "type": "keyword", - "doc_values": "true" - }, - "old_prom": { - "type": "keyword", - "doc_values": "true" - }, - "op": { - "type": "keyword", - "doc_values": "true" - }, - "prom": { - "type": "keyword", - "doc_values": "true" - }, - "res": { - "type": "keyword", - "doc_values": "true" - }, - "srcip": { - "type": "keyword", - "doc_values": "true" - }, - "subj": { - "type": "keyword", - "doc_values": "true" - }, - "success": { - "type": "keyword", - "doc_values": "true" - } - } - } - } - }, - "program_name": { - "type": "keyword", - "doc_values": "true" - }, - "command": { - "type": "keyword", - "doc_values": "true" - }, - "type": { - "type": "text" - }, - "title": { - "type": "keyword", - "doc_values": "true" - } - } - } - } -}