github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

Field mappings (partial)

Browse source
This commit is contained in:
Madison Caldwell 2021-07-14 09:17:03 -04:00
parent a8c0b4e681
commit e25b32b28b
2 changed files with 128 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

125
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/alerts.ts Normal file
View file

@ -0,0 +1,125 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export const alertsFieldMap = {
'kibana.alert.consumer': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.space_ids': {
type: 'keyword',
array: true,
required: true,
},
'kibana.alert._meta_version': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.depth': {
type: 'long',
array: false,
required: true,
},
'kibana.alert.original_time': {
type: 'date',
array: false,
required: true,
},
'kibana.alert.duration': {
type: 'long',
array: false,
required: true,
},
'kibana.alert.workflow_status': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.workflow_user': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.workflow_reason': {
type: 'text',
array: false,
required: true,
},
'kibana.alert.system_status': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.severity': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.risk_score': {
type: 'long',
array: false,
required: true,
},
'kibana.alert.ancestors.depth': {
type: 'long',
array: false,
required: true,
},
'kibana.alert.ancestors': {
type: 'object',
array: true,
required: true,
},
'kibana.alert.ancestors.id': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.ancestors.index': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.ancestors.type': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.original_event.action': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.original_event.category': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.original_event.dataset': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.original_event.kind': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.original_event.module': {
type: 'keyword',
array: false,
required: true,
},
'kibana.alert.original_event.type': {
type: 'keyword',
array: false,
required: true,
},
// TODO: rule fields
};

4
x-pack/plugins/security_solution/server/plugin.ts
View file

@ -93,6 +93,8 @@ import { licenseService } from './lib/license';
import { PolicyWatcher } from './endpoint/lib/policy/license_watch';
import { parseExperimentalConfigValue } from '../common/experimental_features';
import { migrateArtifactsToFleet } from './endpoint/lib/artifacts/migrate_artifacts_to_fleet';
import { mappingFromFieldMap } from '../../rule_registry/common/mapping_from_field_map';
import { alertsFieldMap } from './lib/detection_engine/rule_types/field_maps/alerts';
export interface SetupPlugins {
alerting: AlertingSetup;
@ -215,7 +217,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
settings: {
number_of_shards: 1,
},
mappings: {}, // TODO: Add mappings here via `mappingFromFieldMap()`
mappings: mappingFromFieldMap(alertsFieldMap),
},
},
});