Add states-vulnerabilities index template definition (#405)

* Add stateless index template definition Event generator is pending * Update to 8.11.0 * Adding template mappings and settings for states-inventory-vulnerabilities index * Remove event generator script * Remove hidden flag * Fix subset.yml indentation * Recycle ecs/vulnerability-detector * Add yaml header --------- Co-authored-by: Álex Ruiz <[email protected]>
wazuh · Sep 13, 2024 · 33fd3db · 33fd3db
1 parent c8a1c2b
commit 33fd3db
Show file tree

Hide file tree

Showing 8 changed files with 37 additions and 26 deletions.
diff --git a/...tector/event-generator/event_generator.py → ...lities/event-generator/event_generator.py b/...tector/event-generator/event_generator.py → ...lities/event-generator/event_generator.py
diff --git a/...-detector/fields/custom/vulnerability.yml → ...abilities/fields/custom/vulnerability.yml b/...-detector/fields/custom/vulnerability.yml → ...abilities/fields/custom/vulnerability.yml
@@ -1,3 +1,4 @@
+---
 - name: vulnerability
   title: Vulnerability
   group: 2
@@ -16,4 +17,14 @@
       type: date
       level: custom
       description: >
-        Vulnerability's publication date.
+        Vulnerability's publication date.
+    - name: under_evaluation
+      type: boolean
+      level: custom
+      description: >
+        Indicates if the vulnerability is awaiting analysis by the NVD.
+    - name: scanner.source
+      type: keyword
+      level: custom
+      description: >
+        The origin of the decision of the scanner (AKA feed used to detect the vulnerability).
diff --git a/...rability-detector/fields/custom/wazuh.yml → ...s-vulnerabilities/fields/custom/wazuh.yml b/...rability-detector/fields/custom/wazuh.yml → ...s-vulnerabilities/fields/custom/wazuh.yml
@@ -14,13 +14,8 @@
       level: custom
       description: >
         Wazuh cluster node name.
-    - name: manager.name
-      type: keyword
-      level: custom
-      description: >
-        Wazuh manager name. Used by dashboards to filter results on single node deployments.
     - name: schema.version
       type: keyword
       level: custom
       description: >
-        Wazuh schema version.
+        Wazuh schema version.
diff --git a/...ity-detector/fields/mapping-settings.json → ...nerabilities/fields/mapping-settings.json b/...ity-detector/fields/mapping-settings.json → ...nerabilities/fields/mapping-settings.json
diff --git a/ecs/states-vulnerabilities/fields/subset.yml b/ecs/states-vulnerabilities/fields/subset.yml
@@ -0,0 +1,24 @@
+---
+name: wazuh-inventory-vulnerabilities
+fields:
+  base:
+    fields:
+      tags: []
+  agent:
+    fields: "*"
+  package:
+    fields: "*"
+  host:
+    fields:
+      os:
+        fields:
+          full: ""
+          kernel: ""
+          name: ""
+          platform: ""
+          type: ""
+          version: ""
+  vulnerability:
+    fields: "*"
+  wazuh:
+    fields: "*"
diff --git a/...ctor/fields/template-settings-legacy.json → ...ties/fields/template-settings-legacy.json b/...ctor/fields/template-settings-legacy.json → ...ties/fields/template-settings-legacy.json
diff --git a/...ty-detector/fields/template-settings.json → ...erabilities/fields/template-settings.json b/...ty-detector/fields/template-settings.json → ...erabilities/fields/template-settings.json
diff --git a/ecs/vulnerability-detector/fields/subset.yml b/ecs/vulnerability-detector/fields/subset.yml