custom_subsets/elastic_endpoint/policy/policy.yaml

--- name: policy fields: base: fields: "@timestamp": {} message: {} agent: fields: version: {} type: {} id: {} build: fields: original: {} data_stream: fields: "*" ecs: fields: version: {} Endpoint: fields: policy: fields: applied: fields: "*" configuration: fields: isolation: {} state: fields: isolation: {} event: fields: action: {} category: {} created: {} code: {} dataset: {} hash: {} id: {} ingested: {} kind: {} module: {} outcome: {} provider: {} sequence: {} severity: {} type: {} host: fields: id: {} ip: {} hostname: {} name: {} mac: {} architecture: {} os: fields: name: {} platform: {} family: {} kernel: {} full: {} version: {} type: {} Ext: fields: variant: {}

custom_subsets/elastic_endpoint/policy/policy.yaml (69 lines of code) (raw):