diff --git a/plugins/wazuh-indexer-setup/src/main/java/org/wazuh/setup/index/WazuhIndices.java b/plugins/wazuh-indexer-setup/src/main/java/org/wazuh/setup/index/WazuhIndices.java index cba2acd..a52ea0f 100644 --- a/plugins/wazuh-indexer-setup/src/main/java/org/wazuh/setup/index/WazuhIndices.java +++ b/plugins/wazuh-indexer-setup/src/main/java/org/wazuh/setup/index/WazuhIndices.java @@ -51,6 +51,7 @@ public WazuhIndices(Client client, ClusterService clusterService) { // Create Index Templates - Indices map this.indexTemplates.put("index-template-agent", ".agents"); this.indexTemplates.put("index-template-alerts", "wazuh-alerts-5.x-0001"); + this.indexTemplates.put("index-template-fim", "wazuh-states-fim"); this.indexTemplates.put("index-template-vulnerabilities", "wazuh-states-vulnerabilities"); this.indexTemplates.put("index-template-system", "wazuh-states-inventory-system"); this.indexTemplates.put("index-template-processes", "wazuh-states-inventory-processes"); diff --git a/plugins/wazuh-indexer-setup/src/main/resources/index-template-fim.json b/plugins/wazuh-indexer-setup/src/main/resources/index-template-fim.json new file mode 100644 index 0000000..7400513 --- /dev/null +++ b/plugins/wazuh-indexer-setup/src/main/resources/index-template-fim.json @@ -0,0 +1,133 @@ +{ + "index_patterns": [ + "wazuh-states-fim*" + ], + "mappings": { + "date_detection": false, + "dynamic": "strict", + "properties": { + "agent": { + "properties": { + "groups": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "file": { + "properties": { + "attributes": { + "ignore_above": 1024, + "type": "keyword" + }, + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "ignore_above": 1024, + "type": "keyword" + }, + "hash": { + "properties": { + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "inode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mtime": { + "type": "date" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "owner": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "fields": { + "text": { + "type": "match_only_text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "size": { + "type": "long" + }, + "target_path": { + "fields": { + "text": { + "type": "match_only_text" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "registry": { + "properties": { + "key": { + "ignore_above": 1024, + "type": "keyword" + }, + "value": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "order": 1, + "settings": { + "index": { + "number_of_replicas": "0", + "number_of_shards": "1", + "query.default_field": [ + "agent.id", + "agent.groups", + "file.name", + "file.path", + "file.target_path", + "file.group", + "file.uid", + "file.gid" + ], + "refresh_interval": "5s" + } + } +}