mirror of
https://github.com/wazuh/wazuh-indexer-plugins.git
synced 2025-12-11 02:29:20 -06:00
f04d6fcd90
* Migrate code and documentation from wazuh-indexer * Migrate operational--integrations_maintenance_request.md * Add ECS folder and workflow * Add ECS workflow badge * Adapt ECS workflow generator * Trigger workflow * Update ECS templates for modified modules: agent alerts command states-fim states-inventory-hardware states-inventory-hotfixes states-inventory-networks states-inventory-packages states-inventory-ports states-inventory-processes states-inventory-system states-vulnerabilities * Remove unused code * Update ECS templates for modified modules: agent alerts command states-fim states-inventory-hardware states-inventory-hotfixes states-inventory-networks states-inventory-packages states-inventory-ports states-inventory-processes states-inventory-system states-vulnerabilities * Clean-up --------- Co-authored-by: Wazuh Indexer Bot <github_devel_xdrsiem_indexer@wazuh.com>
1.4 KiB
1.4 KiB
wazuh-states-inventory-hotfixes index data model
Fields summary
The fields are based on https://github.com/wazuh/wazuh-indexer/issues/282#issuecomment-2189837612
Based on ECS:
| Field name | Data type | Description | Example | |
|---|---|---|---|---|
agent.* |
object | All the agent fields. | ` | |
@timestamp |
date | Timestamp of the scan | 2016-05-23T08:05:34.853Z |
|
| * | package.hotfix.name |
keyword | Name of the hotfix |
* Custom fields
ECS mapping
---
name: wazuh-states-inventory-hotfixes
fields:
base:
fields:
tags: []
"@timestamp": {}
agent:
fields:
groups: {}
id: {}
name: {}
type: {}
version: {}
host:
fields: "*"
package:
fields:
hotfix:
fields:
name: {}
Index settings
{
"index_patterns": [
"wazuh-states-inventory-hotfixes*"
],
"priority": 1,
"template": {
"settings": {
"index": {
"number_of_shards": "1",
"number_of_replicas": "0",
"refresh_interval": "5s",
"query.default_field": [
"package.hotfix.name"
]
}
}
}
}