From 05e2fe549e333939bda8ea1c07c07add52db1f85 Mon Sep 17 00:00:00 2001 From: Guillaume ERETEO Date: Tue, 12 Mar 2024 17:07:12 +0100 Subject: [PATCH] POC to preindex relatinships types --- src/ctia/stores/es/mapping.clj | 39 ++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/src/ctia/stores/es/mapping.clj b/src/ctia/stores/es/mapping.clj index bce3750041..8692482019 100644 --- a/src/ctia/stores/es/mapping.clj +++ b/src/ctia/stores/es/mapping.clj @@ -1,4 +1,5 @@ (ns ctia.stores.es.mapping + (:require [clojure.string :as string]) (:refer-clojure :exclude [identity])) ;; This provides a reasonable default mapping for all of our entities. @@ -260,6 +261,36 @@ {:properties {:type token :text text}}) +(def type-simple-pattern + (->> [:actor + :asset + :asset-mapping + :asset-properties + :attack-pattern + :campaign + :casebook + :coa + :data-table + :event + :feed + :feedback + :identity + :identity-assertion + :incident + :indicator + :investigation + :judgement + :malware + :note + :relationship + :sighting + :target-record + :tool + :vulnerability + :weakness] + (map name) + (string/join "|"))) + (def store-settings {:number_of_replicas 1 :number_of_shards 1 @@ -284,6 +315,10 @@ :english_stemmer {:type "stemmer" :language "english"}} ;; when applying filters, order matters + :tokenizer + {:type_tokenizer + {:type "simple_pattern", + :pattern type-simple-pattern}} :analyzer {:default ;; same as text_analyzer {:type "custom" @@ -298,6 +333,10 @@ :filter ["lowercase" "ctia_stemmer" "english_stemmer"]} + :type_analyzer { + :tokenizer "type_tokenizer" + :filter [ "fingerprint"] + } :search_analyzer {:type "custom" :tokenizer "standard"