Update `wazuh-states-vulnerabilities` index template

wazuh / wazuh-indexer

Wazuh indexer, the Wazuh search engine

https://opensearch.org/docs/latest/opensearch/index/

Apache License 2.0

11 stars 17 forks source link

Update `wazuh-states-vulnerabilities` index template #190

Closed AlexRuiz7 closed 6 months ago

AlexRuiz7 commented 6 months ago

Description

We have been asked to update the index template and mappings for the wazuh-states-vulnerabilities index with the following changes.

Add 2 new fields to track the publication (published_at) and detection dates (detected_at) of the vulnerabilities.
Remove the @timestamp field

As always, we need to update the mappings, update the events' generator, test the new index template and open a pull request in wazuh/wazuh to update the template.

AlexRuiz7 commented 6 months ago

We need to re-work this issues, as the fields detected_at and published_at should be inside the vulnerability class, not inside wazuh.

AlexRuiz7 commented 6 months ago