mirror of
https://github.com/wazuh/wazuh-indexer-plugins.git
synced 2025-12-11 02:29:20 -06:00
9de219fd97
* Add ECS source files sanitizer script * Simplify sanitizer and improve logging * Update schema_sanitizer to handle specific fields removal * Update the ecs generator Dockerfile to use the sanitizer * Improve sanitizer filtering * Remove --ref flag from ECS generator to force the tool to use local source * Update the Wazuh Common Schema * Fix multi-fields deletion on sanitizer script * Update the Wazuh Common Schema * Fix nested fields sanitization and remove multi-fields specific fields list * Update the Wazuh Common Schema * Update documentation from README and scripts Remove commented-out code Improve methods docstrings Add new script to README * Restore WCS mappings modification * Rename constants and fix styling * Update CHANGELOG * Revert changes on cloud-services-azure module * Re-build WCS mappings using sanitized ECS definitions (#636) * Re-build all the WCS index templates using the sanitized ECS * Do not remove @timestamp on stateless modules --------- Co-authored-by: Alex Ruiz <alejandro.ruiz.becerra@wazuh.com> * Replace leftovers from ecs folder restructuring Replace occurences of 'stateless-' with 'stateless/' --------- Co-authored-by: Wazuh Indexer Bot <github_devel_xdrsiem_indexer@wazuh.com> Co-authored-by: Alex Ruiz <alejandro.ruiz.becerra@wazuh.com>
wazuh-states-inventory-packages index data model
Fields summary
The fields are based on:
- Global Queries (included in 4.13.0).
- States Persistence (included in 5.0.0)
Based on ECS:
The detail of the fields can be found in csv file States inventory packages Fields.
Transition table
| Field Name | Type | Description | Destination Field | Custom |
|---|---|---|---|---|
| agent_id | string | Unique ID of the agent. | agent.id | FALSE |
| agent_ip | string | IP address of the agent. | agent.host.ip | TRUE |
| agent_name | string | Name of the agent. | agent.name | FALSE |
| agent_version | string | Agent version. | agent.version | FALSE |
| architecture | string | Package architecture. | package.architecture | FALSE |
| description | string | Description of the package. | package.description | FALSE |
| groups | string | Package category or group. | package.category | TRUE |
| install_time | string | Installation timestamp. | package.installed | FALSE |
| name | string | Package name. | package.name | FALSE |
| location | string | Path where the package is installed. | package.path | FALSE |
| vendor | string | Vendor or maintainer of the package. | package.vendor | TRUE |
| version | string | Package version. | package.version | FALSE |
| string | Whether the package is built for a foreign arch | package.multiarch | TRUE | |
| string | Package priority | package.priority | TRUE | |
| string | Package size | package.size | FALSE | |
| string | Package source | package.source | TRUE | |
| string | Package type | package.type | FALSE | |
| cluster_name | string | Wazuh cluster name | wazuh.cluster.name | TRUE |
| cluster_node | string | Wazuh cluster node | wazuh.cluster.node | TRUE |
| schema_version | string | Wazuh schema version | wazuh.schema.version | TRUE |
| checksum | keyword | SHA1 hash used as checksum of the data collected by the agent. | checksum.hash.sha1 | TRUE |