Add ECS docs

ecs/states-inventory-networks/fields/custom/agent.yml

@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.

ecs/states-inventory-networks/fields/custom/event.yml

@@ -0,0 +1,13 @@
+---
+- name: event
+  title: Event
+  type: group
+  group: 2
+  description: >
+    Event related data.
+  fields:
+    - name: id
+      type: keyword
+      level: custom
+      description: >
+        Reference to the scan information.

ecs/states-inventory-networks/fields/custom/host.yml

@@ -0,0 +1,56 @@
+---
+- name: host
+  title: Host
+  type: group
+  group: 2
+  description: >
+    Host related data.
+  fields:
+    - name: network
+      type: group
+      group: 2
+      description: >
+        Host related network data.
+      fields:
+        - name: egress
+          type: group
+          group: 2
+          description: >
+            Outgoing network related data.
+          fields:
+            - name: drops
+              type: long
+              level: custom
+              description: >
+                Number of dropped transmitted packets.
+            - name: errors
+              type: long
+              level: custom
+              description: >
+                Number of transmission errors.
+            - name: queue
+              type: long
+              level: custom
+              description: >
+                Transmit queue length.
+        - name: ingress
+          type: group
+          group: 2
+          description: >
+            Incoming network related data.
+          fields:
+            - name: drops
+              type: long
+              level: custom
+              description: >
+                Number of dropped received packets.
+            - name: errors
+              type: long
+              level: custom
+              description: >
+                Number of reception errors.
+            - name: queue
+              type: long
+              level: custom
+              description: >
+                Receive queue length.

ecs/states-inventory-networks/fields/custom/interface.yml

@@ -0,0 +1,23 @@
+---
+- name: interface
+  title: Interface
+  type: group
+  group: 2
+  description: >
+    Network interface related data.
+  fields:
+    - name: mtu
+      type: long
+      level: custom
+      description: >
+        Maximum transmission unit size.
+    - name: state
+      type: keyword
+      level: custom
+      description: >
+        State of the network interface.
+    - name: type
+      type: keyword
+      level: custom
+      description: >
+        Interface type.

ecs/states-inventory-networks/fields/custom/network.yml

@@ -0,0 +1,33 @@
+---
+- name: network
+  title: Network
+  type: group
+  group: 2
+  description: >
+    Network related data.
+  fields:
+    - name: broadcast
+      type: ip
+      level: custom
+      description: >
+        Broadcast address
+    - name: dhcp
+      type: keyword
+      level: custom
+      description: >
+        DHCP status (enabled, disabled, unknown, BOOTP)
+    - name: gateway
+      type: ip
+      level: custom
+      description: >
+        Gateway address
+    - name: metric
+      type: long
+      level: custom
+      description: >
+        Metric of the network protocol
+    - name: netmask
+      type: ip
+      level: custom
+      description: >
+        Network mask

ecs/states-inventory-networks/fields/mapping-settings.json

@@ -0,0 +1,4 @@
+{
+    "dynamic": "strict",
+    "date_detection": false
+}

ecs/states-inventory-networks/fields/subset.yml

@@ -0,0 +1,51 @@
+---
+name: wazuh-states-inventory-networks
+fields:
+  base:
+    fields:
+      tags: []
+      "@timestamp": {}
+  destination:
+    fields:
+      ip: {}
+      port: {}
+  device:
+    fields:
+      id: {}
+  file:
+    fields:
+      inode: {}
+  host:
+    fields:
+      ip: {}
+      mac: {}
+      network:
+        fields:
+          egress:
+            fields:
+              bytes: {}
+              packets: {}
+          ingress:
+            fields:
+              bytes: {}
+              packets: {}
+  network:
+    fields:
+      protocol: {}
+      type: {}
+  observer:
+    fields:
+      ingress:
+        fields:
+          interface:
+            fields:
+              alias: {}
+              name: {}
+  process:
+    fields:
+      name: {}
+      pid: {}
+  source:
+    fields:
+      ip: {}
+      port: {}

ecs/states-inventory-networks/fields/template-settings-legacy.json

@@ -0,0 +1,20 @@
+{
+  "index_patterns": ["wazuh-states-inventory-networks*"],
+  "order": 1,
+  "settings": {
+    "index": {
+      "number_of_shards": "1",
+      "number_of_replicas": "0",
+      "refresh_interval": "5s",
+      "query.default_field": [
+        "agent.id",
+        "agent.groups",
+        "device.id",
+        "host.ip",
+        "observer.ingress.interface.name",
+        "observer.ingress.interface.alias",
+        "process.name"
+      ]
+    }
+  }
+}

ecs/states-inventory-networks/fields/template-settings.json

@@ -0,0 +1,24 @@
+{
+  "index_patterns": [
+    "wazuh-states-inventory-networks*"
+  ],
+  "priority": 1,
+  "template": {
+    "settings": {
+      "index": {
+        "number_of_shards": "1",
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "agent.id",
+          "agent.groups",
+          "device.id",
+          "host.ip",
+          "observer.ingress.interface.name",
+          "observer.ingress.interface.alias",
+          "process.name"
+        ]
+      }
+    }
+  }
+}