Mapping updates

elastic · Jul 30, 2021 · 44d0a2a · 44d0a2a
1 parent 8d19387
commit 44d0a2a
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 2 deletions.
diff --git a/x-pack/plugins/rule_registry/common/assets/field_maps/ecs_field_map.ts b/x-pack/plugins/rule_registry/common/assets/field_maps/ecs_field_map.ts
@@ -660,6 +660,11 @@ export const ecsFieldMap = {
     array: false,
     required: false,
   },
+  'event.agent_id_status': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   'event.category': {
     type: 'keyword',
     array: true,

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/alerts.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/alerts.ts
@@ -51,13 +51,18 @@ export const alertsFieldMap: FieldMap = {
   'kibana.alert.original_event.agent_id_status': {
     type: 'keyword',
     array: false,
-    required: true,
+    required: false,
   },
   'kibana.alert.original_event.category': {
     type: 'keyword',
     array: true,
     required: true,
   },
+  'kibana.alert.original_event.code': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   'kibana.alert.original_event.created': {
     type: 'date',
     array: false,
@@ -73,6 +78,16 @@ export const alertsFieldMap: FieldMap = {
     array: false,
     required: false,
   },
+  'kibana.alert.original_event.end': {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  'kibana.alert.original_event.hash': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   'kibana.alert.original_event.id': {
     type: 'keyword',
     array: false,
@@ -94,7 +109,7 @@ export const alertsFieldMap: FieldMap = {
     required: true,
   },
   'kibana.alert.original_event.original': {
-    type: 'text',
+    type: 'keyword',
     array: false,
     required: true,
   },
@@ -103,16 +118,56 @@ export const alertsFieldMap: FieldMap = {
     array: false,
     required: true,
   },
+  'kibana.alert.original_event.provider': {
+    type: 'keyword',
+    array: false,
+    required: true,
+  },
+  'kibana.alert.original_event.reason': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'kibana.alert.original_event.reference': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
+  'kibana.alert.original_event.risk_score': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
+  'kibana.alert.original_event.risk_score_norm': {
+    type: 'float',
+    array: false,
+    required: false,
+  },
   'kibana.alert.original_event.sequence': {
     type: 'long',
     array: false,
     required: true,
   },
+  'kibana.alert.original_event.start': {
+    type: 'date',
+    array: false,
+    required: false,
+  },
+  'kibana.alert.original_event.timezone': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   'kibana.alert.original_event.type': {
     type: 'keyword',
     array: true,
     required: true,
   },
+  'kibana.alert.original_event.url': {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   'kibana.alert.original_time': {
     type: 'date',
     array: false,