Adding in geo fields to fix maps page (#87)

Author: jonathan-buttner

custom_subsets/elastic_endpoint/alerts/malware_event.yaml

@@ -17,6 +17,15 @@ fields:
  exceptionable: true
  version:
  exceptionable: true
+ # these fields are needed in the mapping so the maps page of the security app does not throw a bunch of errors
+ source:
+ fields:
+ geo:
+ fields: "*"
+ destination:
+ fields:
+ geo:
+ fields: "*"
  dll:
  fields:
  name: {}

custom_subsets/elastic_endpoint/file/file.yaml

@@ -10,6 +10,15 @@ fields:
  ecs:
  fields:
  version: {}
+ # these fields are needed in the mapping so the maps page of the security app does not throw a bunch of errors
+ source:
+ fields:
+ geo:
+ fields: "*"
+ destination:
+ fields:
+ geo:
+ fields: "*"
  host:
  fields:
  name: {}

custom_subsets/elastic_endpoint/file/unquarantine.yaml

@@ -9,6 +9,15 @@ fields:
  ecs:
  fields:
  version: {}
+ # these fields are needed in the mapping so the maps page of the security app does not throw a bunch of errors
+ source:
+ fields:
+ geo:
+ fields: "*"
+ destination:
+ fields:
+ geo:
+ fields: "*"
  host:
  fields:
  name: {}

custom_subsets/elastic_endpoint/library/library.yaml

@@ -10,6 +10,15 @@ fields:
  ecs:
  fields:
  version: {}
+ # these fields are needed in the mapping so the maps page of the security app does not throw a bunch of errors
+ source:
+ fields:
+ geo:
+ fields: "*"
+ destination:
+ fields:
+ geo:
+ fields: "*"
  host:
  fields:
  name: {}

custom_subsets/elastic_endpoint/process/process.yaml

@@ -10,6 +10,15 @@ fields:
  ecs:
  fields:
  version: {}
+ # these fields are needed in the mapping so the maps page of the security app does not throw a bunch of errors
+ source:
+ fields:
+ geo:
+ fields: "*"
+ destination:
+ fields:
+ geo:
+ fields: "*"
  host:
  fields:
  name: {}

custom_subsets/elastic_endpoint/registry/registry.yaml

@@ -10,6 +10,15 @@ fields:
  ecs:
  fields:
  version: {}
+ # these fields are needed in the mapping so the maps page of the security app does not throw a bunch of errors
+ source:
+ fields:
+ geo:
+ fields: "*"
+ destination:
+ fields:
+ geo:
+ fields: "*"
  host:
  fields:
  name: {}

custom_subsets/elastic_endpoint/security/security.yaml

@@ -10,6 +10,15 @@ fields:
  ecs:
  fields:
  version: {}
+ # these fields are needed in the mapping so the maps page of the security app does not throw a bunch of errors
+ source:
+ fields:
+ geo:
+ fields: "*"
+ destination:
+ fields:
+ geo:
+ fields: "*"
  host:
  fields:
  name: {}

generated/alerts/ecs/ecs_flat.yml

@@ -2072,6 +2072,107 @@ data_stream.type:
  normalize: []
  short: Data stream type.
  type: constant_keyword
+destination.geo.city_name:
+ dashed_name: destination-geo-city-name
+ description: City name.
+ example: Montreal
+ flat_name: destination.geo.city_name
+ ignore_above: 1024
+ level: core
+ name: city_name
+ normalize: []
+ original_fieldset: geo
+ short: City name.
+ type: keyword
+destination.geo.continent_name:
+ dashed_name: destination-geo-continent-name
+ description: Name of the continent.
+ example: North America
+ flat_name: destination.geo.continent_name
+ ignore_above: 1024
+ level: core
+ name: continent_name
+ normalize: []
+ original_fieldset: geo
+ short: Name of the continent.
+ type: keyword
+destination.geo.country_iso_code:
+ dashed_name: destination-geo-country-iso-code
+ description: Country ISO code.
+ example: CA
+ flat_name: destination.geo.country_iso_code
+ ignore_above: 1024
+ level: core
+ name: country_iso_code
+ normalize: []
+ original_fieldset: geo
+ short: Country ISO code.
+ type: keyword
+destination.geo.country_name:
+ dashed_name: destination-geo-country-name
+ description: Country name.
+ example: Canada
+ flat_name: destination.geo.country_name
+ ignore_above: 1024
+ level: core
+ name: country_name
+ normalize: []
+ original_fieldset: geo
+ short: Country name.
+ type: keyword
+destination.geo.location:
+ dashed_name: destination-geo-location
+ description: Longitude and latitude.
+ example: '{ "lon": -73.614830, "lat": 45.505918 }'
+ flat_name: destination.geo.location
+ level: core
+ name: location
+ normalize: []
+ original_fieldset: geo
+ short: Longitude and latitude.
+ type: geo_point
+destination.geo.name:
+ dashed_name: destination-geo-name
+ description: 'User-defined description of a location, at the level of granularity
+ they care about.
+
+ Could be the name of their data centers, the floor number, if this describes a
+ local physical entity, city names.
+
+ Not typically used in automated geolocation.'
+ example: boston-dc
+ flat_name: destination.geo.name
+ ignore_above: 1024
+ level: extended
+ name: name
+ normalize: []
+ original_fieldset: geo
+ short: User-defined description of a location.
+ type: keyword
+destination.geo.region_iso_code:
+ dashed_name: destination-geo-region-iso-code
+ description: Region ISO code.
+ example: CA-QC
+ flat_name: destination.geo.region_iso_code
+ ignore_above: 1024
+ level: core
+ name: region_iso_code
+ normalize: []
+ original_fieldset: geo
+ short: Region ISO code.
+ type: keyword
+destination.geo.region_name:
+ dashed_name: destination-geo-region-name
+ description: Region name.
+ example: Quebec
+ flat_name: destination.geo.region_name
+ ignore_above: 1024
+ level: core
+ name: region_name
+ normalize: []
+ original_fieldset: geo
+ short: Region name.
+ type: keyword
 dll.Ext:
  dashed_name: dll-Ext
  description: Object for all custom defined fields to live in.
@@ -6094,6 +6195,107 @@ rule.version:
  normalize: []
  short: Rule version
  type: keyword
+source.geo.city_name:
+ dashed_name: source-geo-city-name
+ description: City name.
+ example: Montreal
+ flat_name: source.geo.city_name
+ ignore_above: 1024
+ level: core
+ name: city_name
+ normalize: []
+ original_fieldset: geo
+ short: City name.
+ type: keyword
+source.geo.continent_name:
+ dashed_name: source-geo-continent-name
+ description: Name of the continent.
+ example: North America
+ flat_name: source.geo.continent_name
+ ignore_above: 1024
+ level: core
+ name: continent_name
+ normalize: []
+ original_fieldset: geo
+ short: Name of the continent.
+ type: keyword
+source.geo.country_iso_code:
+ dashed_name: source-geo-country-iso-code
+ description: Country ISO code.
+ example: CA
+ flat_name: source.geo.country_iso_code
+ ignore_above: 1024
+ level: core
+ name: country_iso_code
+ normalize: []
+ original_fieldset: geo
+ short: Country ISO code.
+ type: keyword
+source.geo.country_name:
+ dashed_name: source-geo-country-name
+ description: Country name.
+ example: Canada
+ flat_name: source.geo.country_name
+ ignore_above: 1024
+ level: core
+ name: country_name
+ normalize: []
+ original_fieldset: geo
+ short: Country name.
+ type: keyword
+source.geo.location:
+ dashed_name: source-geo-location
+ description: Longitude and latitude.
+ example: '{ "lon": -73.614830, "lat": 45.505918 }'
+ flat_name: source.geo.location
+ level: core
+ name: location
+ normalize: []
+ original_fieldset: geo
+ short: Longitude and latitude.
+ type: geo_point
+source.geo.name:
+ dashed_name: source-geo-name
+ description: 'User-defined description of a location, at the level of granularity
+ they care about.
+
+ Could be the name of their data centers, the floor number, if this describes a
+ local physical entity, city names.
+
+ Not typically used in automated geolocation.'
+ example: boston-dc
+ flat_name: source.geo.name
+ ignore_above: 1024
+ level: extended
+ name: name
+ normalize: []
+ original_fieldset: geo
+ short: User-defined description of a location.
+ type: keyword
+source.geo.region_iso_code:
+ dashed_name: source-geo-region-iso-code
+ description: Region ISO code.
+ example: CA-QC
+ flat_name: source.geo.region_iso_code
+ ignore_above: 1024
+ level: core
+ name: region_iso_code
+ normalize: []
+ original_fieldset: geo
+ short: Region ISO code.
+ type: keyword
+source.geo.region_name:
+ dashed_name: source-geo-region-name
+ description: Region name.
+ example: Quebec
+ flat_name: source.geo.region_name
+ ignore_above: 1024
+ level: core
+ name: region_name
+ normalize: []
+ original_fieldset: geo
+ short: Region name.
+ type: keyword
 threat.framework:
  dashed_name: threat-framework
  description: Name of the threat framework used to further categorize and classify