Revert "remove security analytics mappings for network logs due to them breaking Query Workbench (see cisagov#746)"; instead I'm going to keep them in there, just without the field mappings.

mmguero · mmguero · commit 83469485c54d · 2025-08-21T19:57:20.000Z
This reverts commit 457d39c.
diff --git a/dashboards/security_analytics_mappings/network.json b/dashboards/security_analytics_mappings/network.json
@@ -0,0 +1,37 @@
+{
+  "index_name": "MALCOLM_NETWORK_INDEX_ALIAS_REPLACER",
+  "rule_topic": "network",
+  "partial": true,
+  "alias_mappings": {
+    "properties": {
+      "zeek.x509.certificate.serial": {
+        "type": "alias",
+        "path": "zeek.x509.certificate_serial"
+      },
+      "service": {
+        "type": "alias",
+        "path": "network.protocol"
+      },
+      "rejected": {
+        "type": "alias",
+        "path": "zeek.dns.rejected"
+      },
+      "id.resp_p": {
+        "type": "alias",
+        "path": "destination.port"
+      },
+      "id.resp_h": {
+        "type": "alias",
+        "path": "destination.ip"
+      },
+      "id.orig_h": {
+        "type": "alias",
+        "path": "source.ip"
+      },
+      "Z-flag": {
+        "type": "alias",
+        "path": "zeek.dns.Z"
+      }
+    }
+  }
+}
