mirror of
https://github.com/wazuh/wazuh-indexer-plugins.git
synced 2025-12-15 21:20:12 -06:00
d7b49f8421
* Add state.modified_at to stateful indexes * Apply changes from code review * Update CHANGELOG.md
wazuh-states-inventory-protocols index data model
Fields summary
The fields are based on:
- Global Queries (included in 4.13.0).
- States Persistence (included in 5.0.0)
Based on ECS:
The detail of the fields can be found in csv file States inventory protocols Fields.
Transition table
| Field Name | Type | Description | Destination Field | Custom |
|---|---|---|---|---|
| agent_id | string | Unique ID of the agent. | agent.id | FALSE |
| agent_ip | string | IP address of the agent. | agent.host.ip | TRUE |
| agent_name | string | Name of the agent. | agent.name | FALSE |
| agent_version | string | Agent version. | agent.version | FALSE |
| iface | string | Interface name. | interface.name | FALSE |
| type | string | Protocol type (e.g., static, dynamic). | network.type | FALSE |
| gateway | string | Default gateway address. | network.gateway | TRUE |
| dhcp | bool | Indicates if DHCP is used (yes/no). | network.dhcp | TRUE |
| metric | string | Routing metric value. | network.metric | TRUE |
| cluster_name | string | Wazuh cluster name | wazuh.cluster.name | TRUE |
| cluster_node | string | Wazuh cluster node | wazuh.cluster.node | TRUE |
| schema_version | string | Wazuh schema version | wazuh.schema.version | TRUE |
| checksum | keyword | SHA1 hash used as checksum of the data collected by the agent. | checksum.hash.sha1 | TRUE |
| scan_time | date | Date/time when the state was last modified. | state.modified_at | TRUE |