| { |
| "template": "snort_index*", |
| "mappings": { |
| "snort_doc": { |
| "_timestamp": { |
| "enabled": true |
| }, |
| "dynamic_templates": [ |
| { |
| "geo_location_point": { |
| "match": "enrichments:geo:*:location_point", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "geo_point" |
| } |
| } |
| }, |
| { |
| "geo_country": { |
| "match": "enrichments:geo:*:country", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "string", |
| "index": "not_analyzed" |
| } |
| } |
| }, |
| { |
| "geo_city": { |
| "match": "enrichments:geo:*:city", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "string", |
| "index": "not_analyzed" |
| } |
| } |
| }, |
| { |
| "geo_location_id": { |
| "match": "enrichments:geo:*:locID", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "string", |
| "index": "not_analyzed" |
| } |
| } |
| }, |
| { |
| "geo_dma_code": { |
| "match": "enrichments:geo:*:dmaCode", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "string", |
| "index": "not_analyzed" |
| } |
| } |
| }, |
| { |
| "geo_postal_code": { |
| "match": "enrichments:geo:*:postalCode", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "string", |
| "index": "not_analyzed" |
| } |
| } |
| }, |
| { |
| "geo_latitude": { |
| "match": "enrichments:geo:*:latitude", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "float" |
| } |
| } |
| }, |
| { |
| "geo_longitude": { |
| "match": "enrichments:geo:*:longitude", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "float" |
| } |
| } |
| }, |
| { |
| "timestamps": { |
| "match": "*:ts", |
| "match_mapping_type": "*", |
| "mapping": { |
| "type": "date", |
| "format": "epoch_millis" |
| } |
| } |
| } |
| ], |
| "properties": { |
| "timestamp": { |
| "type": "date", |
| "format": "epoch_millis" |
| }, |
| "source:type": { |
| "type": "string", |
| "index": "not_analyzed" |
| }, |
| "ip_dst_addr": { |
| "type": "ip" |
| }, |
| "ip_dst_port": { |
| "type": "integer" |
| }, |
| "ip_src_addr": { |
| "type": "ip" |
| }, |
| "ip_src_port": { |
| "type": "integer" |
| }, |
| "dgmlen": { |
| "type": "integer" |
| }, |
| "ethdst": { |
| "type": "string", |
| "index": "not_analyzed" |
| }, |
| "ethlen": { |
| "type": "string", |
| "index": "not_analyzed" |
| }, |
| "ethsrc": { |
| "type": "string", |
| "index": "not_analyzed" |
| }, |
| "id": { |
| "type": "integer" |
| }, |
| "iplen": { |
| "type": "integer" |
| }, |
| "is_alert": { |
| "type": "boolean" |
| }, |
| "msg": { |
| "type": "string" |
| }, |
| "protocol": { |
| "type": "string", |
| "index": "not_analyzed" |
| }, |
| "sig_generator": { |
| "type": "string", |
| "index": "not_analyzed" |
| }, |
| "sig_id": { |
| "type": "integer" |
| }, |
| "sig_rev": { |
| "type": "string" |
| }, |
| "tcpack": { |
| "type": "string" |
| }, |
| "tcpflags": { |
| "type": "string" |
| }, |
| "tcpseq": { |
| "type": "string" |
| }, |
| "tcpwindow": { |
| "type": "string" |
| }, |
| "threat:triage:level": { |
| "type": "double" |
| }, |
| "tos": { |
| "type": "integer" |
| }, |
| "ttl": { |
| "type": "integer" |
| } |
| } |
| } |
| } |
| } |
