Add states-inventory-packages index template definition (#399)

* Add stateless index template definition Event generator is pending * Update to 8.11.0 * Adding template mappings and settings for states-inventory-packages index * Fix indentation issue in subset.yml * Remove event generators * Remove duplicated code con ECS generator * Add custom fields for states-inventory-packages * Remove hidden flag on index template --------- Co-authored-by: Álex Ruiz <[email protected]>
wazuh · Sep 12, 2024 · eb56fa8 · eb56fa8
1 parent 4f14474
commit eb56fa8
Show file tree

Hide file tree

Showing 5 changed files with 77 additions and 0 deletions.
diff --git a/ecs/states-inventory-packages/fields/custom/agent.yml b/ecs/states-inventory-packages/fields/custom/agent.yml
@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.
diff --git a/ecs/states-inventory-packages/fields/mapping-settings.json b/ecs/states-inventory-packages/fields/mapping-settings.json
@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}
diff --git a/ecs/states-inventory-packages/fields/subset.yml b/ecs/states-inventory-packages/fields/subset.yml
@@ -0,0 +1,21 @@
+---
+name: wazuh-states-inventory-packages
+fields:
+  base:
+    fields:
+      "@timestamp": {}
+      tags: []
+  agent:
+    fields:
+      id: {}
+      groups: {}
+  package:
+    fields:
+      architecture: ""
+      description: ""
+      installed: {}
+      name: ""
+      path: ""
+      size: {}
+      type: ""
+      version: ""
diff --git a/ecs/states-inventory-packages/fields/template-settings-legacy.json b/ecs/states-inventory-packages/fields/template-settings-legacy.json
@@ -0,0 +1,19 @@
+{
+  "index_patterns": ["wazuh-states-inventory-packages*"],
+  "order": 1,
+  "settings": {
+    "index": {
+      "number_of_shards": "1",
+      "number_of_replicas": "0",
+      "refresh_interval": "5s",
+      "query.default_field": [
+        "agent.id",
+        "agent.groups",
+        "package.architecture",
+        "package.name",
+        "package.version",
+        "package.type"
+      ]
+    }
+  }
+}
diff --git a/ecs/states-inventory-packages/fields/template-settings.json b/ecs/states-inventory-packages/fields/template-settings.json
@@ -0,0 +1,21 @@
+{
+  "index_patterns": ["wazuh-states-inventory-packages*"],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "agent.id",
+          "agent.groups",
+          "package.architecture",
+          "package.name",
+          "package.version",
+          "package.type"
+        ]
+      }
+    }
+  }
+}