less alert field mappings

John Uhlmann · John Uhlmann · commit eac91f1f0505 · 2025-01-13T09:03:39.000+08:00
diff --git a/custom_subsets/elastic_endpoint/alerts/rule_detection_event.yaml b/custom_subsets/elastic_endpoint/alerts/rule_detection_event.yaml
@@ -30,13 +30,7 @@ fields:
               name: {}
               summary: {}
               behaviors: {}
-              metadata:
-                fields: "*"
-              parameters:
-                fields: "*"
           created_suspended: {}
-          memory_region:
-            fields: "*"
           token:
             fields:
               integrity_level_name: {}
@@ -58,18 +52,6 @@ fields:
           id: {}
           Ext:
             fields:
-              call_stack:
-                enabled: false
-                fields:
-                  module_path: {}
-                  instruction_pointer: {}
-                  allocation_private_bytes: {}
-                  callsite_leading_bytes: {}
-                  callsite_trailing_bytes: {}
-                  protection: {}
-                  protection_provenance: {}
-                  symbol_info: {}
-              call_stack_contains_unbacked: {}
               call_stack_final_hook_module:
                 fields:
                   path: {}
@@ -86,18 +68,12 @@ fields:
                 fields:
                   name: {}
                   path: {}
-                  allocation_private_bytes: {}
-                  protection: {}
-                  protection_provenance: {}
-                  protection_provenance_path: {}
-                  reason: {}
                   code_signature:
                     fields:
                       exists: {}
                       status: {}
                       subject_name: {}
                       trusted: {}
-                      valid: {}
                   hash:
                     fields:
                       sha256: {}
