From e11c562022978513ac96afbe5d1577160402e41e Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Fri, 4 Oct 2024 14:22:27 -0600
Subject: [PATCH 1/3] Added Note to ES Mappings

---
 .../templates/component/so/detection-mappings.json             | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/elasticsearch/templates/component/so/detection-mappings.json b/salt/elasticsearch/templates/component/so/detection-mappings.json
index 5e51b872ba..51e13c829a 100644
--- a/salt/elasticsearch/templates/component/so/detection-mappings.json
+++ b/salt/elasticsearch/templates/component/so/detection-mappings.json
@@ -142,6 +142,9 @@
             "userId": {
               "ignore_above": 1024,
               "type": "keyword"
+            },
+            "note": {
+              "type": "text"
             }
           }
         }

From 1aa9d87c5db266bb89d79e2256d621047195e7d9 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 8 Oct 2024 09:57:52 -0600
Subject: [PATCH 2/3] Corrected

Put the note on the right model this time.
---
 .../templates/component/so/detection-mappings.json          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/elasticsearch/templates/component/so/detection-mappings.json b/salt/elasticsearch/templates/component/so/detection-mappings.json
index 51e13c829a..9f992f9715 100644
--- a/salt/elasticsearch/templates/component/so/detection-mappings.json
+++ b/salt/elasticsearch/templates/component/so/detection-mappings.json
@@ -97,6 +97,9 @@
                 "updatedAt": {
                   "type": "date"
                 },
+                "note": {
+                  "type": "text"
+                },
                 "regex": {
                   "type": "text"
                 },
@@ -143,9 +146,6 @@
               "ignore_above": 1024,
               "type": "keyword"
             },
-            "note": {
-              "type": "text"
-            }
           }
         }
       }

From 640f53d0857dfffb66db0e8d243e014347c32c4b Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 8 Oct 2024 10:15:29 -0600
Subject: [PATCH 3/3] Cleanup

Fix indentation and trailing comma.
---
 .../templates/component/so/detection-mappings.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/salt/elasticsearch/templates/component/so/detection-mappings.json b/salt/elasticsearch/templates/component/so/detection-mappings.json
index 9f992f9715..2e405912d5 100644
--- a/salt/elasticsearch/templates/component/so/detection-mappings.json
+++ b/salt/elasticsearch/templates/component/so/detection-mappings.json
@@ -21,10 +21,10 @@
           "properties": {
             "publicId": {
               "ignore_above": 1024,
-	      "type": "keyword"
+              "type": "keyword"
             },
             "title": {
-	      "ignore_above": 1024,
+              "ignore_above": 1024,
               "type": "keyword"
             },
             "severity": {
@@ -38,15 +38,15 @@
             "description": {
               "type": "text"
             },
-	    "category": {
+            "category": {
               "ignore_above": 1024,
               "type": "keyword"
             },
-	    "product": {
+            "product": {
               "ignore_above": 1024,
               "type": "keyword"
             },
-	    "service": {
+            "service": {
               "ignore_above": 1024,
               "type": "keyword"
             },
@@ -64,7 +64,7 @@
             },
             "tags": {
               "ignore_above": 1024,
-	      "type": "keyword"
+        "type": "keyword"
             },
             "ruleset": {
               "ignore_above": 1024,
@@ -145,7 +145,7 @@
             "userId": {
               "ignore_above": 1024,
               "type": "keyword"
-            },
+            }
           }
         }
       }