Sign in Subscribe
By Austin Songer in Elastic

Wazuh: No ElasticSearch Template

Wazuh: No ElasticSearch Template

Failed to connect to localhost port 9200

austin@wazuh2:~$ sudo curl https://raw.githubusercontent.com/wazuh/wazuh/v3.10.2/extensions/elasticsearch/7.x/wazuh-template.json | curl -X PUT "http://localhost:9200/_template/wazuh" -H 'Content-Type: application/json' -d @-
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 46821  100 46821    0     0   357k      0 --:--:-- --:--:-- --:--:--  357k
curl: (7) Failed to connect to localhost port 9200: Connection refused

elasticsearch.yml

# ---------------------------------- Network -------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 1.1.1.1 
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#

You should change `network.host` to 0.0.0.0

Restart ElasticSearch

austin@wazuh2:~$ sudo systemctl restart elasticsearch
austin@wazuh2:~$ sudo service elasticsearch status
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendo
   Active: active (running) since Mon 2019-11-04 21:59:05 EST; 10s ago
     Docs: http://www.elastic.co
 Main PID: 27514 (java)
    Tasks: 90 (limit: 4915)
   CGroup: /system.slice/elasticsearch.service
           ├─27514 /usr/share/elasticsearch/jdk/bin/java -Xms1g -Xmx1g -XX:+UseC
           └─27610 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86

Nov 04 21:58:35 wazuh2 systemd[1]: Starting Elasticsearch...
Nov 04 21:58:40 wazuh2 elasticsearch[27514]: OpenJDK 64-Bit Server VM warning: O
Nov 04 21:59:05 wazuh2 systemd[1]: Started Elasticsearch.

Confirm the changes went through

austin@wazuh2:~$ sudo curl https://raw.githubusercontent.com/wazuh/wazuh/v3.10.2/extensions/elasticsearch/7.x/wazuh-template.json | curl -X PUT "http://localhost:9200/_template/wazuh" -H 'Content-Type: application/json' -d @-
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 46821  100 46821    0     0   774k      0 --:--:-- --:--:-- --:--:--  788k
{"acknowledged":true}austin@wazuh2:~$ sudo curl localhost:9200/_cat/templates/wazuh
wazuh [wazuh-alerts-3.x-*, wazuh-archives-3.x-*] 0 1
austin@wazuh2:~$ sudo curl localhost:9200/_template/wazuh
{"wazuh":{"order":0,"version":1,"index_patterns":["wazuh-alerts-3.x-*","wazuh-archives-3.x-*"],"settings":{"index":{"mapping":{"total_fields":{"limit":"10000"}},"refresh_interval":"5s","number_of_shards":"3","auto_expand_replicas":"0-1","number_of_replicas":"0","query":{"default_field":["GeoLocation.city_name","GeoLocation.continent_code","GeoLocation.country_code2","GeoLocation.country_code3","GeoLocation.country_name","GeoLocation.ip","GeoLocation.postal_code","GeoLocation.real_region_name","GeoLocation.region_name","GeoLocation.timezone","agent.id","agent.ip","agent.name","cluster.name","cluster.node","command","data","data.action","data.audit","data.audit.acct","data.audit.arch","data.audit.auid","data.audit.command","data.audit.cwd","data.audit.dev","data.audit.directory.inode","data.audit.directory.mode","data.audit.directory.name","data.audit.egid","data.audit.enforcing","data.audit.euid","data.audit.exe","data.audit.execve.a0","data.audit.execve.a1","data.audit.execve.a2","data.audit.execve.a3","data.audit.exit","data.audit.file.inode","data.audit.file.mode","data.audit.file.name","data.audit.fsgid","data.audit.fsuid","data.audit.gid","data.audit.id","data.audit.key","data.audit.list","data.audit.old-auid","data.audit.old-ses","data.audit.old_enforcing","data.audit.old_prom","data.audit.op","data.audit.pid","data.audit.ppid","data.audit.prom","data.audit.res","data.audit.session","data.audit.sgid","data.audit.srcip","data.audit.subj","data.audit.success","data.audit.suid","data.audit.syscall","data.audit.tty","data.audit.uid","data.aws.accountId","data.aws.account_id","data.aws.action","data.aws.actor","data.aws.aws_account_id","data.aws.description","data.aws.dstport","data.aws.errorCode","data.aws.errorMessage","data.aws.eventID","data.aws.eventName","data.aws.eventSource","data.aws.eventType","data.aws.id","data.aws.name","data.aws.requestParameters.accessKeyId","data.aws.requestParameters.bucketName","data.aws.requestParameters.gatewayId","data.aws.requestParameters.groupDescription","data.aws.requestParameters.groupId","data.aws.requestParameters.groupName","data.aws.requestParameters.host","data.aws.requestParameters.hostedZoneId","data.aws.requestParameters.instanceId","data.aws.requestParameters.instanceProfileName","data.aws.requestParameters.loadBalancerName","data.aws.requestParameters.loadBalancerPorts","data.aws.requestParameters.masterUserPassword","data.aws.requestParameters.masterUsername","data.aws.requestParameters.name","data.aws.requestParameters.natGatewayId","data.aws.requestParameters.networkAclId","data.aws.requestParameters.path","data.aws.requestParameters.policyName","data.aws.requestParameters.port","data.aws.requestParameters.stackId","data.aws.requestParameters.stackName","data.aws.requestParameters.subnetId","data.aws.requestParameters.subnetIds","data.aws.requestParameters.volumeId","data.aws.requestParameters.vpcId","data.aws.resource.accessKeyDetails.accessKeyId","data.aws.resource.accessKeyDetails.principalId","data.aws.resource.accessKeyDetails.userName","data.aws.resource.instanceDetails.instanceId","data.aws.resource.instanceDetails.instanceState","data.aws.resource.instanceDetails.networkInterfaces.privateDnsName","data.aws.resource.instanceDetails.networkInterfaces.publicDnsName","data.aws.resource.instanceDetails.networkInterfaces.subnetId","data.aws.resource.instanceDetails.networkInterfaces.vpcId","data.aws.resource.instanceDetails.tags.value","data.aws.responseElements.AssociateVpcCidrBlockResponse.vpcId","data.aws.responseElements.description","data.aws.responseElements.instanceId","data.aws.responseElements.instances.instanceId","data.aws.responseElements.instancesSet.items.instanceId","data.aws.responseElements.listeners.port","data.aws.responseElements.loadBalancerName","data.aws.responseElements.loadBalancers.vpcId","data.aws.responseElements.loginProfile.userName","data.aws.responseElements.networkAcl.vpcId","data.aws.responseElements.ownerId","data.aws.responseElements.publicIp","data.aws.responseElements.user.userId","data.aws.responseElements.user.userName","data.aws.responseElements.volumeId","data.aws.service.serviceName","data.aws.severity","data.aws.source","data.aws.sourceIPAddress","data.aws.srcport","data.aws.userIdentity.accessKeyId","data.aws.userIdentity.accountId","data.aws.userIdentity.userName","data.aws.vpcEndpointId","data.command","data.data","data.docker.Actor.Attributes.container","data.docker.Actor.Attributes.image","data.docker.Actor.Attributes.name","data.docker.Actor.ID","data.docker.id","data.docker.message","data.docker.status","data.dstip","data.dstport","data.dstuser","data.hardware.serial","data.id","data.integration","data.netinfo.iface.adapter","data.netinfo.iface.ipv4.address","data.netinfo.iface.ipv6.address","data.netinfo.iface.mac","data.netinfo.iface.name","data.os.architecture","data.os.build","data.os.codename","data.os.hostname","data.os.major","data.os.minor","data.os.name","data.os.platform","data.os.release","data.os.release_version","data.os.sysname","data.os.version","data.oscap.check.description","data.oscap.check.id","data.oscap.check.identifiers","data.oscap.check.oval.id","data.oscap.check.rationale","data.oscap.check.references","data.oscap.check.result","data.oscap.check.severity","data.oscap.check.title","data.oscap.scan.benchmark.id","data.oscap.scan.content","data.oscap.scan.id","data.oscap.scan.profile.id","data.oscap.scan.profile.title","data.osquery.columns.address","data.osquery.columns.command","data.osquery.columns.description","data.osquery.columns.dst_ip","data.osquery.columns.gid","data.osquery.columns.hostname","data.osquery.columns.md5","data.osquery.columns.path","data.osquery.columns.sha1","data.osquery.columns.sha256","data.osquery.columns.src_ip","data.osquery.columns.user","data.osquery.columns.username","data.osquery.name","data.osquery.pack","data.port.process","data.port.protocol","data.port.state","data.process.args","data.process.cmd","data.process.egroup","data.process.euser","data.process.fgroup","data.process.name","data.process.rgroup","data.process.ruser","data.process.sgroup","data.process.state","data.process.suser","data.program.architecture","data.program.description","data.program.format","data.program.location","data.program.multiarch","data.program.name","data.program.priority","data.program.section","data.program.source","data.program.vendor","data.program.version","data.protocol","data.pwd","data.sca","data.sca.check.compliance.cis","data.sca.check.compliance.cis_csc","data.sca.check.compliance.pci_dss","data.sca.check.compliance.hipaa","data.sca.check.compliance.nist_800_53","data.sca.check.description","data.sca.check.directory","data.sca.check.file","data.sca.check.id","data.sca.check.previous_result","data.sca.check.process","data.sca.check.rationale","data.sca.check.reason","data.sca.check.references","data.sca.check.registry","data.sca.check.remediation","data.sca.check.result","data.sca.check.status","data.sca.check.title","data.sca.description","data.sca.file","data.sca.invalid","data.sca.name","data.sca.policy","data.sca.policy_id","data.sca.scan_id","data.sca.total_checks","data.script","data.src_ip","data.src_port","data.srcip","data.srcport","data.srcuser","data.status","data.system_name","data.title","data.tty","data.uid","data.url","data.virustotal.description","data.virustotal.error","data.virustotal.found","data.virustotal.permalink","data.virustotal.scan_date","data.virustotal.sha1","data.virustotal.source.alert_id","data.virustotal.source.file","data.virustotal.source.md5","data.virustotal.source.sha1","data.vulnerability.advisories","data.vulnerability.bugzilla_reference","data.vulnerability.cve","data.vulnerability.cwe_reference","data.vulnerability.package.condition","data.vulnerability.package.name","data.vulnerability.package.version","data.vulnerability.reference","data.vulnerability.severity","data.vulnerability.state","data.vulnerability.title","data.win.eventdata.auditPolicyChanges","data.win.eventdata.auditPolicyChangesId","data.win.eventdata.binary","data.win.eventdata.category","data.win.eventdata.categoryId","data.win.eventdata.data","data.win.eventdata.image","data.win.eventdata.ipAddress","data.win.eventdata.ipPort","data.win.eventdata.keyName","data.win.eventdata.logonGuid","data.win.eventdata.logonProcessName","data.win.eventdata.operation","data.win.eventdata.parentImage","data.win.eventdata.processId","data.win.eventdata.processName","data.win.eventdata.providerName","data.win.eventdata.returnCode","data.win.eventdata.service","data.win.eventdata.status","data.win.eventdata.subcategory","data.win.eventdata.subcategoryGuid","data.win.eventdata.subcategoryId","data.win.eventdata.subjectDomainName","data.win.eventdata.subjectLogonId","data.win.eventdata.subjectUserName","data.win.eventdata.subjectUserSid","data.win.eventdata.targetDomainName","data.win.eventdata.targetLinkedLogonId","data.win.eventdata.targetLogonId","data.win.eventdata.targetUserName","data.win.eventdata.targetUserSid","data.win.eventdata.workstationName","data.win.system.channel","data.win.system.computer","data.win.system.eventID","data.win.system.eventRecordID","data.win.system.eventSourceName","data.win.system.keywords","data.win.system.level","data.win.system.message","data.win.system.opcode","data.win.system.processID","data.win.system.providerGuid","data.win.system.providerName","data.win.system.securityUserID","data.win.system.severityValue","data.win.system.userID","decoder.ftscomment","decoder.name","decoder.parent","full_log","host","id","input","location","manager.name","message","offset","predecoder.hostname","predecoder.program_name","previous_log","previous_output","program_name","rule.cis","rule.cve","rule.description","rule.gdpr","rule.gpg13","rule.groups","rule.id","rule.info","rule.pci_dss","syscheck.audit.effective_user.id","syscheck.audit.effective_user.name","syscheck.audit.group.id","syscheck.audit.group.name","syscheck.audit.login_user.id","syscheck.audit.login_user.name","syscheck.audit.process.id","syscheck.audit.process.name","syscheck.audit.process.ppid","syscheck.audit.user.id","syscheck.audit.user.name","syscheck.diff","syscheck.event","syscheck.gid_after","syscheck.gid_before","syscheck.gname_after","syscheck.gname_before","syscheck.inode_after","syscheck.inode_before","syscheck.md5_after","syscheck.md5_before","syscheck.path","syscheck.perm_after","syscheck.perm_before","syscheck.sha1_after","syscheck.sha1_before","syscheck.sha256_after","syscheck.sha256_before","syscheck.tags","syscheck.uid_after","syscheck.uid_before","syscheck.uname_after","syscheck.uname_before","title","type"]}}},"mappings":{"dynamic_templates":[{"string_as_keyword":{"mapping":{"type":"keyword"},"match_mapping_type":"string"}}],"date_detection":false,"properties":{"cluster":{"properties":{"node":{"type":"keyword"},"name":{"type":"keyword"}}},"syscheck":{"properties":{"size_before":{"type":"long"},"mtime_after":{"format":"date_optional_time","type":"date"},"uname_after":{"type":"keyword"},"size_after":{"type":"long"},"sha256_before":{"type":"keyword"},"uid_before":{"type":"keyword"},"path":{"type":"keyword"},"gname_after":{"type":"keyword"},"audit":{"properties":{"process":{"properties":{"name":{"type":"keyword"},"id":{"type":"keyword"},"ppid":{"type":"keyword"}}},"login_user":{"properties":{"name":{"type":"keyword"},"id":{"type":"keyword"}}},"effective_user":{"properties":{"name":{"type":"keyword"},"id":{"type":"keyword"}}},"user":{"properties":{"name":{"type":"keyword"},"id":{"type":"keyword"}}},"group":{"properties":{"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"uid_after":{"type":"keyword"},"gname_before":{"type":"keyword"},"perm_after":{"type":"keyword"},"event":{"type":"keyword"},"gid_before":{"type":"keyword"},"perm_before":{"type":"keyword"},"inode_before":{"type":"keyword"},"gid_after":{"type":"keyword"},"md5_before":{"type":"keyword"},"diff":{"type":"keyword"},"mtime_before":{"format":"date_optional_time","type":"date"},"tags":{"type":"keyword"},"sha1_after":{"type":"keyword"},"uname_before":{"type":"keyword"},"sha1_before":{"type":"keyword"},"md5_after":{"type":"keyword"},"sha256_after":{"type":"keyword"},"inode_after":{"type":"keyword"}}},"agent":{"properties":{"ip":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"data":{"properties":{"srcip":{"type":"keyword"},"data":{"type":"keyword"},"dstport":{"type":"keyword"},"program":{"properties":{"install_time":{"type":"keyword"},"format":{"type":"keyword"},"description":{"type":"keyword"},"section":{"type":"keyword"},"source":{"type":"keyword"},"priority":{"type":"keyword"},"version":{"type":"keyword"},"size":{"type":"long"},"vendor":{"type":"keyword"},"name":{"type":"keyword"},"multiarch":{"type":"keyword"},"location":{"type":"keyword"},"architecture":{"type":"keyword"}}},"type":{"type":"keyword"},"title":{"type":"keyword"},"sca":{"properties":{"total_checks":{"type":"keyword"},"policy_id":{"type":"keyword"},"description":{"type":"keyword"},"failed":{"type":"integer"},"check":{"properties":{"registry":{"type":"keyword"},"reason":{"type":"keyword"},"process":{"type":"keyword"},"previous_result":{"type":"keyword"},"references":{"type":"keyword"},"description":{"type":"keyword"},"title":{"type":"keyword"},"rationale":{"type":"keyword"},"directory":{"type":"keyword"},"result":{"type":"keyword"},"remediation":{"type":"keyword"},"file":{"type":"keyword"},"compliance":{"properties":{"pci_dss":{"type":"keyword"},"hipaa":{"type":"keyword"},"cis_csc":{"type":"keyword"},"cis":{"type":"keyword"},"nist_800_53":{"type":"keyword"}}},"id":{"type":"keyword"},"status":{"type":"keyword"}}},"type":{"type":"keyword"},"score":{"type":"long"},"file":{"type":"keyword"},"name":{"type":"keyword"},"invalid":{"type":"keyword"},"scan_id":{"type":"keyword"},"passed":{"type":"integer"},"policy":{"type":"keyword"}}},"netinfo":{"properties":{"iface":{"properties":{"tx_packets":{"type":"long"},"adapter":{"type":"keyword"},"rx_dropped":{"type":"long"},"type":{"type":"keyword"},"mac":{"type":"keyword"},"mtu":{"type":"long"},"rx_errors":{"type":"long"},"rx_packets":{"type":"long"},"tx_errors":{"type":"long"},"ipv4":{"properties":{"broadcast":{"type":"keyword"},"address":{"type":"keyword"},"netmask":{"type":"keyword"},"metric":{"type":"long"},"gateway":{"type":"keyword"},"dhcp":{"type":"keyword"}}},"tx_dropped":{"type":"long"},"ipv6":{"properties":{"broadcast":{"type":"keyword"},"address":{"type":"keyword"},"netmask":{"type":"keyword"},"metric":{"type":"long"},"gateway":{"type":"keyword"},"dhcp":{"type":"keyword"}}},"name":{"type":"keyword"},"rx_bytes":{"type":"long"},"state":{"type":"keyword"},"tx_bytes":{"type":"long"}}}}},"uid":{"type":"keyword"},"protocol":{"type":"keyword"},"audit":{"properties":{"syscall":{"type":"keyword"},"srcip":{"type":"keyword"},"gid":{"type":"keyword"},"enforcing":{"type":"keyword"},"fsgid":{"type":"keyword"},"session":{"type":"keyword"},"pid":{"type":"keyword"},"suid":{"type":"keyword"},"type":{"type":"keyword"},"directory":{"properties":{"inode":{"type":"keyword"},"mode":{"type":"keyword"},"name":{"type":"keyword"}}},"old-ses":{"type":"keyword"},"uid":{"type":"keyword"},"egid":{"type":"keyword"},"exe":{"type":"keyword"},"file":{"properties":{"inode":{"type":"keyword"},"mode":{"type":"keyword"},"name":{"type":"keyword"}}},"dev":{"type":"keyword"},"prom":{"type":"keyword"},"sgid":{"type":"keyword"},"id":{"type":"keyword"},"subj":{"type":"keyword"},"key":{"type":"keyword"},"op":{"type":"keyword"},"res":{"type":"keyword"},"auid":{"type":"keyword"},"execve":{"properties":{"a1":{"type":"keyword"},"a2":{"type":"keyword"},"a3":{"type":"keyword"},"a0":{"type":"keyword"}}},"euid":{"type":"keyword"},"old-auid":{"type":"keyword"},"list":{"type":"keyword"},"command":{"type":"keyword"},"old_prom":{"type":"keyword"},"ppid":{"type":"keyword"},"fsuid":{"type":"keyword"},"cwd":{"type":"keyword"},"exit":{"type":"keyword"},"old_enforcing":{"type":"keyword"},"success":{"type":"keyword"},"tty":{"type":"keyword"},"arch":{"type":"keyword"},"acct":{"type":"keyword"}}},"dstuser":{"type":"keyword"},"action":{"type":"keyword"},"virustotal":{"properties":{"sha1":{"type":"keyword"},"malicious":{"type":"keyword"},"total":{"type":"keyword"},"found":{"type":"keyword"},"description":{"type":"keyword"},"positives":{"type":"keyword"},"source":{"properties":{"sha1":{"type":"keyword"},"file":{"type":"keyword"},"alert_id":{"type":"keyword"},"md5":{"type":"keyword"}}},"error":{"type":"keyword"},"permalink":{"type":"keyword"},"scan_date":{"type":"keyword"}}},"dstip":{"type":"keyword"},"id":{"type":"keyword"},"hardware":{"properties":{"ram_free":{"type":"long"},"cpu_name":{"type":"keyword"},"serial":{"type":"keyword"},"ram_usage":{"type":"long"},"ram_total":{"type":"long"},"cpu_cores":{"type":"long"},"cpu_mhz":{"type":"double"}}},"timestamp":{"type":"date"},"process":{"properties":{"ruser":{"type":"keyword"},"egroup":{"type":"keyword"},"pgrp":{"type":"long"},"session":{"type":"long"},"pid":{"type":"long"},"stime":{"type":"long"},"vm_size":{"type":"long"},"share":{"type":"long"},"state":{"type":"keyword"},"resident":{"type":"long"},"rgroup":{"type":"keyword"},"nlwp":{"type":"long"},"utime":{"type":"long"},"priority":{"type":"long"},"processor":{"type":"long"},"nice":{"type":"long"},"ppid":{"type":"long"},"args":{"type":"keyword"},"start_time":{"type":"long"},"sgroup":{"type":"keyword"},"size":{"type":"long"},"suser":{"type":"keyword"},"euser":{"type":"keyword"},"fgroup":{"type":"keyword"},"name":{"type":"keyword"},"tgid":{"type":"long"},"tty":{"type":"long"},"cmd":{"type":"keyword"}}},"os":{"properties":{"hostname":{"type":"keyword"},"major":{"type":"keyword"},"minor":{"type":"keyword"},"build":{"type":"keyword"},"release":{"type":"keyword"},"codename":{"type":"keyword"},"sysname":{"type":"keyword"},"name":{"type":"keyword"},"release_version":{"type":"keyword"},"version":{"type":"keyword"},"platform":{"type":"keyword"},"architecture":{"type":"keyword"}}},"system_name":{"type":"keyword"},"vulnerability":{"properties":{"advisories":{"type":"keyword"},"reference":{"type":"keyword"},"severity":{"type":"keyword"},"cve":{"type":"keyword"},"package":{"properties":{"condition":{"type":"keyword"},"name":{"type":"keyword"},"version":{"type":"keyword"}}},"bugzilla_reference":{"type":"keyword"},"cwe_reference":{"type":"keyword"},"published":{"type":"date"},"state":{"type":"keyword"},"title":{"type":"keyword"},"cvss":{"properties":{"cvss_score":{"type":"keyword"},"cvss_scoring_vector":{"type":"keyword"},"cvss3_score":{"type":"keyword"}}}}},"url":{"type":"keyword"},"command":{"type":"keyword"},"srcuser":{"type":"keyword"},"port":{"properties":{"local_ip":{"type":"ip"},"inode":{"type":"long"},"protocol":{"type":"keyword"},"process":{"type":"keyword"},"remote_ip":{"type":"ip"},"rx_queue":{"type":"long"},"local_port":{"type":"long"},"remote_port":{"type":"long"},"tx_queue":{"type":"long"},"pid":{"type":"long"},"state":{"type":"keyword"}}},"integration":{"type":"keyword"},"srcport":{"type":"keyword"},"aws":{"properties":{"srcaddr":{"type":"ip"},"source_ip_address":{"type":"ip"},"createdAt":{"type":"date"},"resource.instanceDetails":{"properties":{"launchTime":{"type":"date"},"networkInterfaces":{"properties":{"publicIp":{"type":"ip"},"privateIpAddress":{"type":"ip"}}}}},"bytes":{"type":"long"},"service":{"properties":{"eventFirstSeen":{"type":"date"},"eventLastSeen":{"type":"date"},"count":{"type":"long"},"action.networkConnectionAction.remoteIpDetails":{"properties":{"geoLocation":{"type":"geo_point"},"ipAddressV4":{"type":"ip"}}}}},"start":{"type":"date"},"dstaddr":{"type":"ip"},"end":{"type":"date"},"updatedAt":{"type":"date"}}},"status":{"type":"keyword"},"oscap":{"properties":{"scan":{"properties":{"score":{"type":"double"},"profile":{"properties":{"id":{"type":"keyword"},"title":{"type":"keyword"}}},"id":{"type":"keyword"},"return_code":{"type":"long"},"benchmark":{"properties":{"id":{"type":"keyword"}}},"content":{"type":"keyword"}}},"check":{"properties":{"result":{"type":"keyword"},"severity":{"type":"keyword"},"references":{"type":"text"},"identifiers":{"type":"text"},"oval":{"properties":{"id":{"type":"keyword"}}},"description":{"type":"text"},"id":{"type":"keyword"},"title":{"type":"keyword"},"rationale":{"type":"text"}}}}}}},"program_name":{"type":"keyword"},"rule":{"properties":{"mail":{"type":"boolean"},"level":{"type":"long"},"pci_dss":{"type":"keyword"},"hipaa":{"type":"keyword"},"description":{"type":"keyword"},"groups":{"type":"keyword"},"cis":{"type":"keyword"},"nist_800_53":{"type":"keyword"},"frequency":{"type":"long"},"gdpr":{"type":"keyword"},"firedtimes":{"type":"long"},"cve":{"type":"keyword"},"id":{"type":"keyword"},"info":{"type":"keyword"},"gpg13":{"type":"keyword"}}},"type":{"type":"text"},"title":{"type":"keyword"},"full_log":{"type":"text"},"previous_log":{"type":"text"},"@version":{"type":"text"},"host":{"type":"keyword"},"id":{"type":"keyword"},"timestamp":{"format":"date_optional_time||epoch_millis","type":"date"},"predecoder":{"properties":{"hostname":{"type":"keyword"},"program_name":{"type":"keyword"},"timestamp":{"type":"keyword"}}},"previous_output":{"type":"keyword"},"manager":{"properties":{"name":{"type":"keyword"}}},"offset":{"type":"keyword"},"decoder":{"properties":{"parent":{"type":"keyword"},"fts":{"type":"long"},"name":{"type":"keyword"},"ftscomment":{"type":"keyword"},"accumulate":{"type":"long"}}},"message":{"type":"text"},"command":{"type":"keyword"},"input":{"properties":{"type":{"type":"keyword"}}},"@timestamp":{"type":"date"},"location":{"type":"keyword"},"GeoLocation":{"properties":{"timezone":{"type":"text"},"area_code":{"type":"long"},"ip":{"type":"keyword"},"latitude":{"type":"double"},"coordinates":{"type":"double"},"continent_code":{"type":"text"},"city_name":{"type":"keyword"},"country_code2":{"type":"text"},"country_name":{"type":"keyword"},"dma_code":{"type":"long"},"country_code3":{"type":"text"},"location":{"type":"geo_point"},"region_name":{"type":"keyword"},"real_region_name":{"type":"keyword"},"postal_code":{"type":"keyword"},"longitude":{"type":"double"}}}}},"aliases":{}}}

Previous

United States Court of Appeals for the Federal Circuit Podcast

 Next

How To Add a User and Grant Root Privileges on Ubuntu

You might also like...