mirror of
https://github.com/iSharkFly-Docs/opensearch-docs-cn
synced 2025-03-09 14:38:01 +00:00
605edd5ac3
* fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * Delete admin-api.md * Delete api-index.md * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics (#1901) Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
150 lines
2.4 KiB
Markdown
150 lines
2.4 KiB
Markdown
---
|
|
layout: default
|
|
title: Mappings APIs
|
|
parent: API tools
|
|
nav_order: 45
|
|
---
|
|
|
|
# Mappings APIs
|
|
|
|
The following APIs can be used for a number of tasks related to mappings, from creating to getting and updating mappings.
|
|
|
|
## Get Mappings View
|
|
|
|
### Sample request
|
|
|
|
```json
|
|
GET /_plugins/_security_analytics/mappings/view
|
|
|
|
{
|
|
"index_name": "windows",
|
|
"rule_topic": "windows"
|
|
}
|
|
```
|
|
|
|
### Sample response
|
|
|
|
```json
|
|
{
|
|
"properties": {
|
|
"windows-event_data-CommandLine": {
|
|
"path": "CommandLine",
|
|
"type": "alias"
|
|
},
|
|
"event_uid": {
|
|
"path": "EventID",
|
|
"type": "alias"
|
|
}
|
|
},
|
|
"unmapped_index_fields": [
|
|
"windows-event_data-CommandLine",
|
|
"unmapped_HiveName",
|
|
"src_ip",
|
|
"sha1",
|
|
"processPath",
|
|
"CallerProcessName",
|
|
"CallTrace",
|
|
"AuthenticationPackageName",
|
|
"AuditSourceName",
|
|
"AuditPolicyChanges",
|
|
"AttributeValue",
|
|
"AttributeLDAPDisplayName",
|
|
"ApplicationPath",
|
|
"Application",
|
|
"AllowedToDelegateTo",
|
|
"Address",
|
|
"Action",
|
|
"AccountType",
|
|
"AccountName",
|
|
"Accesses",
|
|
"AccessMask",
|
|
"AccessList"
|
|
]
|
|
}
|
|
```
|
|
|
|
---
|
|
## Create Mappings
|
|
|
|
### Sample request
|
|
|
|
```json
|
|
POST /_plugins/_security_analytics/mappings
|
|
|
|
{
|
|
"index_name": "windows",
|
|
"rule_topic": "windows",
|
|
"partial": true,
|
|
"alias_mappings": {
|
|
"properties": {
|
|
"event_uid": {
|
|
"type": "alias",
|
|
"path": "EventID"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
### Sample response
|
|
|
|
```json
|
|
{
|
|
"acknowledged": true
|
|
}
|
|
```
|
|
|
|
---
|
|
## Get Mappings
|
|
|
|
### Sample request
|
|
|
|
```json
|
|
GET /_plugins/_security_analytics/mappings
|
|
```
|
|
|
|
### Sample response
|
|
|
|
```json
|
|
{
|
|
"windows": {
|
|
"mappings": {
|
|
"properties": {
|
|
"windows-event_data-CommandLine": {
|
|
"type": "alias",
|
|
"path": "CommandLine"
|
|
},
|
|
"event_uid": {
|
|
"type": "alias",
|
|
"path": "EventID"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
---
|
|
## Update Mappings
|
|
|
|
### Sample request
|
|
|
|
```json
|
|
PUT /_plugins/_security_analytics/mappings
|
|
|
|
{
|
|
"index_name": "windows",
|
|
"field": "CommandLine",
|
|
"alias": "windows-event_data-CommandLine"
|
|
}
|
|
```
|
|
|
|
### Sample response
|
|
|
|
```json
|
|
{
|
|
"acknowledged": true
|
|
}
|
|
```
|
|
|