From be84ada9ad5d16ea76478886b8badb9da9583b4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lex=20Ruiz?= <alejandro.ruiz.becerra@wazuh.com>
Date: Tue, 23 Jan 2024 13:25:23 +0100
Subject: [PATCH] Add new custom field to the vulnerability detector index

---
 .gitignore                                              | 3 +++
 ecs/generate.sh                                         | 1 +
 ecs/vulnerability-detector/fields/custom/wazuh.yml      | 7 ++++++-
 ecs/vulnerability-detector/fields/mapping-settings.json | 4 ++++
 4 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 ecs/vulnerability-detector/fields/mapping-settings.json

diff --git a/.gitignore b/.gitignore
index 13c0ba149b575..b0d5249dd325f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,9 @@
 # build files
 artifacts/
 
+.java
+.m2
+
 # intellij files
 .idea/
 *.iml
diff --git a/ecs/generate.sh b/ecs/generate.sh
index 14c691d517cf8..c819c72a8ca76 100755
--- a/ecs/generate.sh
+++ b/ecs/generate.sh
@@ -27,6 +27,7 @@ generate_mappings() {
     --subset "$IN_FILES_DIR/subset.yml" \
     --template-settings "$IN_FILES_DIR/template-settings.json" \
     --template-settings-legacy "$IN_FILES_DIR/template-settings-legacy.json" \
+    --mapping-settings "$IN_FILES_DIR/mapping-settings.json" \
     --out "$OUT_DIR" || exit 1
 
   # Replace "match_only_text" type (not supported by OpenSearch) with "text"
diff --git a/ecs/vulnerability-detector/fields/custom/wazuh.yml b/ecs/vulnerability-detector/fields/custom/wazuh.yml
index 6975a19690e6b..4f8b0c6f21173 100644
--- a/ecs/vulnerability-detector/fields/custom/wazuh.yml
+++ b/ecs/vulnerability-detector/fields/custom/wazuh.yml
@@ -8,4 +8,9 @@
       type: keyword
       level: custom
       description: >
-        Wazuh cluster name.
\ No newline at end of file
+        Wazuh cluster name.
+    - name: cluster.node
+      type: keyword
+      level: custom
+      description: >
+        Wazuh cluster node name.
\ No newline at end of file
diff --git a/ecs/vulnerability-detector/fields/mapping-settings.json b/ecs/vulnerability-detector/fields/mapping-settings.json
new file mode 100644
index 0000000000000..0ad2b48fcc1be
--- /dev/null
+++ b/ecs/vulnerability-detector/fields/mapping-settings.json
@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}
\ No newline at end of file