Skip to content

Commit

Permalink
Implement the creation of the FIM index template and index (#58)
Browse files Browse the repository at this point in the history
* Add index template to plugin

* Create index template on plugin load

* Remove hidden flag

* Update states-fim index template

---------

Signed-off-by: Álex Ruiz <[email protected]>
Co-authored-by: Álex Ruiz <[email protected]>
  • Loading branch information
f-galland and AlexRuiz7 authored Sep 13, 2024
1 parent 4497b99 commit 0871b4b
Show file tree
Hide file tree
Showing 2 changed files with 134 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ public WazuhIndices(Client client, ClusterService clusterService) {
// Create Index Templates - Indices map
this.indexTemplates.put("index-template-agent", ".agents");
this.indexTemplates.put("index-template-alerts", "wazuh-alerts-5.x-0001");
this.indexTemplates.put("index-template-fim", "wazuh-states-fim");
this.indexTemplates.put("index-template-vulnerabilities", "wazuh-states-vulnerabilities");
this.indexTemplates.put("index-template-system", "wazuh-states-inventory-system");
this.indexTemplates.put("index-template-processes", "wazuh-states-inventory-processes");
Expand Down
133 changes: 133 additions & 0 deletions plugins/wazuh-indexer-setup/src/main/resources/index-template-fim.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
{
"index_patterns": [
"wazuh-states-fim*"
],
"mappings": {
"date_detection": false,
"dynamic": "strict",
"properties": {
"agent": {
"properties": {
"groups": {
"ignore_above": 1024,
"type": "keyword"
},
"id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"file": {
"properties": {
"attributes": {
"ignore_above": 1024,
"type": "keyword"
},
"gid": {
"ignore_above": 1024,
"type": "keyword"
},
"group": {
"ignore_above": 1024,
"type": "keyword"
},
"hash": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
},
"sha256": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"inode": {
"ignore_above": 1024,
"type": "keyword"
},
"mode": {
"ignore_above": 1024,
"type": "keyword"
},
"mtime": {
"type": "date"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"owner": {
"ignore_above": 1024,
"type": "keyword"
},
"path": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"size": {
"type": "long"
},
"target_path": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"uid": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"registry": {
"properties": {
"key": {
"ignore_above": 1024,
"type": "keyword"
},
"value": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"order": 1,
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "1",
"query.default_field": [
"agent.id",
"agent.groups",
"file.name",
"file.path",
"file.target_path",
"file.group",
"file.uid",
"file.gid"
],
"refresh_interval": "5s"
}
}
}

0 comments on commit 0871b4b

Please sign in to comment.