Skip to content

Commit

Permalink
Implement the creation of the Processes index template and index (#60)
Browse files Browse the repository at this point in the history
* Add wazuh-states-inventory-processes template

* Create wazuh-states-inventory-processes index template

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
  • Loading branch information
f-galland and AlexRuiz7 authored Sep 13, 2024
1 parent de31ddf commit fc3ce29
Show file tree
Hide file tree
Showing 2 changed files with 135 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ public WazuhIndices(Client client, ClusterService clusterService) {
// Create Index Templates - Indices map
this.indexTemplates.put("index-template-agent", ".agents");
this.indexTemplates.put("index-template-alerts", "wazuh-alerts-5.x-0001");
this.indexTemplates.put("index-template-processes", "wazuh-states-inventory-processes");
this.indexTemplates.put("index-template-packages", "wazuh-states-inventory-packages");
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
{
"index_patterns": [
"wazuh-states-inventory-processes*"
],
"mappings": {
"date_detection": false,
"dynamic": "strict",
"properties": {
"@timestamp": {
"type": "date"
},
"agent": {
"properties": {
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"process": {
"properties": {
"args": {
"ignore_above": 1024,
"type": "keyword"
},
"command_line": {
"fields": {
"text": {
"type": "text"
}
},
"type": "wildcard"
},
"group": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"name": {
"fields": {
"text": {
"type": "text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"parent": {
"properties": {
"pid": {
"type": "long"
}
}
},
"pid": {
"type": "long"
},
"real_group": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"real_user": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"saved_group": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"saved_user": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
}
}
},
"user": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.id",
"agent.groups",
"process.name",
"process.pid",
"process.command_line"
],
"refresh_interval": "5s"
}
}
}

0 comments on commit fc3ce29

Please sign in to comment.