Add custom fields to index templates

wazuh · Nov 12, 2024 · 2cd512e · 2cd512e
1 parent c357c76
commit 2cd512e
Show file tree

Hide file tree

Showing 19 changed files with 54 additions and 71 deletions.
diff --git a/ecs/agent/fields/custom/agent.yml b/ecs/agent/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/alerts/fields/custom/agent.yml b/ecs/alerts/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/states-fim/fields/subset.yml b/ecs/states-fim/fields/subset.yml
@@ -8,6 +8,8 @@ fields:
     fields:
       id: {}
       groups: {}
+      host:
+        fields: "*"
   file:
     fields:
       attributes: {}

diff --git a/ecs/states-inventory-hardware/fields/custom/agent.yml b/ecs/states-inventory-hardware/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/states-inventory-hardware/fields/custom/host.yml b/ecs/states-inventory-hardware/fields/custom/host.yml
@@ -1,6 +1,6 @@
 ---
 - name: host
   reusable:
-    top_level: false
+    top_level: true
     expected:
-      - agent
+      - { at: agent, as: host }
diff --git a/ecs/states-inventory-hardware/fields/subset.yml b/ecs/states-inventory-hardware/fields/subset.yml
@@ -9,20 +9,23 @@ fields:
     fields:
       id: {}
       groups: {}
+      host:
+        fields: "*"
   observer:
     fields:
       serial_number: {}
   host:
-    fields:
-      memory:
-        fields:
-          total: {}
-          free: {}
-          used:
-            fields:
-              percentage: {}
-      cpu:
-        fields:
-          name: {}
-          cores: {}
-          speed: {}
+    fields: "*"
+#    fields:
+#      memory:
+#        fields:
+#          total: {}
+#          free: {}
+#          used:
+#            fields:
+#              percentage: {}
+#      cpu:
+#        fields:
+#          name: {}
+#          cores: {}
+#          speed: {}
diff --git a/ecs/states-inventory-hotfixes/fields/custom/agent.yml b/ecs/states-inventory-hotfixes/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/states-inventory-hotfixes/fields/subset.yml b/ecs/states-inventory-hotfixes/fields/subset.yml
@@ -9,8 +9,10 @@ fields:
     fields:
       id: {}
       groups: {}
+      host:
+        fields: "*"
   package:
     fields:
       hotfix:
         fields:
-          name: {}
+          name: {}
diff --git a/ecs/states-inventory-networks/fields/custom/agent.yml b/ecs/states-inventory-networks/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/states-inventory-networks/fields/subset.yml b/ecs/states-inventory-networks/fields/subset.yml
@@ -9,6 +9,8 @@ fields:
     fields:
       id: {}
       groups: {}
+      host:
+        fields: "*"
   host:
     fields:
       ip: {}

diff --git a/ecs/states-inventory-packages/fields/custom/agent.yml b/ecs/states-inventory-packages/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/states-inventory-packages/fields/subset.yml b/ecs/states-inventory-packages/fields/subset.yml
@@ -9,6 +9,8 @@ fields:
     fields:
       id: {}
       groups: {}
+      host:
+        fields: "*"
   package:
     fields:
       architecture: ""

diff --git a/ecs/states-inventory-ports/fields/custom/agent.yml b/ecs/states-inventory-ports/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/states-inventory-ports/fields/subset.yml b/ecs/states-inventory-ports/fields/subset.yml
@@ -9,6 +9,8 @@ fields:
     fields:
       id: {}
       groups: {}
+      host:
+        fields: "*"
   destination:
     fields:
       ip: {}

diff --git a/ecs/states-inventory-processes/fields/custom/agent.yml b/ecs/states-inventory-processes/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/states-inventory-processes/fields/subset.yml b/ecs/states-inventory-processes/fields/subset.yml
@@ -8,7 +8,9 @@ fields:
   agent:
     fields:
       id: {}
-      groups: {}
+      groups: {} 
+      host:
+        fields: "*"
   process:
     fields:
       pid: {}

diff --git a/ecs/states-inventory-system/fields/custom/agent.yml b/ecs/states-inventory-system/fields/custom/agent.yml
@@ -19,15 +19,9 @@
       type: date
       level: custom
       description: >
-<<<<<<< HEAD:ecs/agent/fields/custom/wazuh-agent.yml
         The agent's last login.
     - name: status
       type: keyword
-=======
-        The last time the agent logged in.
-    - name: is_connected
-      type: boolean
->>>>>>> master:ecs/agent/fields/custom/agent.yml
       level: custom
       description: >
         Agents' interpreted connection status depending on `agent.last_login`.

diff --git a/ecs/states-inventory-system/fields/subset.yml b/ecs/states-inventory-system/fields/subset.yml
@@ -9,6 +9,8 @@ fields:
     fields:
       id: {}
       groups: {}
+      host:
+        fields: "*"
   host:
     fields:
       architecture: {}

diff --git a/ecs/states-vulnerabilities/fields/custom/agent.yml b/ecs/states-vulnerabilities/fields/custom/agent.yml
@@ -10,3 +10,23 @@
       level: custom
       description: >
         List of groups the agent belong to.
+    - name: key
+      type: keyword
+      level: custom
+      description: >
+        The registration key of the agent.
+    - name: last_login
+      type: date
+      level: custom
+      description: >
+        The agent's last login.
+    - name: status
+      type: keyword
+      level: custom
+      description: >
+        Agents' interpreted connection status depending on `agent.last_login`.
+      allowed_values:
+        - name: active
+          description: Active agent status
+        - name: disconnected
+          description: Disconnected agent status
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,6 +8,8 @@ fields: @@
         fields:
           id: {}
           groups: {}
+          host:
+            fields: "*"
       file:
         fields:
           attributes: {}
@@ Expand Down @@