From f2361de43dda6beb56c3b39e8565627c93446abe Mon Sep 17 00:00:00 2001
From: Kevin Ledesma <kevinledesmam95@gmail.com>
Date: Wed, 23 Oct 2024 09:46:17 -0300
Subject: [PATCH] Fix template-settings fields (#490)

* Update vulnerabilities template-settings fields

* Update ecs templates definitions
---
 ecs/alerts/fields/custom/agent.yml                   | 12 ++++++++++++
 ecs/states-vulnerabilities/fields/custom/agent.yml   | 12 ++++++++++++
 .../fields/template-settings-legacy.json             |  4 ++--
 .../fields/template-settings.json                    |  2 +-
 4 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 ecs/alerts/fields/custom/agent.yml
 create mode 100644 ecs/states-vulnerabilities/fields/custom/agent.yml

diff --git a/ecs/alerts/fields/custom/agent.yml b/ecs/alerts/fields/custom/agent.yml
new file mode 100644
index 0000000000000..3482123af637a
--- /dev/null
+++ b/ecs/alerts/fields/custom/agent.yml
@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.
diff --git a/ecs/states-vulnerabilities/fields/custom/agent.yml b/ecs/states-vulnerabilities/fields/custom/agent.yml
new file mode 100644
index 0000000000000..3482123af637a
--- /dev/null
+++ b/ecs/states-vulnerabilities/fields/custom/agent.yml
@@ -0,0 +1,12 @@
+---
+- name: agent
+  title: Wazuh Agents
+  short: Wazuh Inc. custom fields.
+  type: group
+  group: 2
+  fields:
+    - name: groups
+      type: keyword
+      level: custom
+      description: >
+        The groups the agent belongs to.
diff --git a/ecs/states-vulnerabilities/fields/template-settings-legacy.json b/ecs/states-vulnerabilities/fields/template-settings-legacy.json
index 10c79768a99ea..17a7bd4f6c785 100644
--- a/ecs/states-vulnerabilities/fields/template-settings-legacy.json
+++ b/ecs/states-vulnerabilities/fields/template-settings-legacy.json
@@ -8,7 +8,7 @@
       "refresh_interval": "5s",
       "query.default_field": [
         "agent.id",
-        "agent.group",
+        "agent.groups",
         "host.os.full",
         "host.os.version",
         "package.name",
@@ -20,4 +20,4 @@
       ]
     }
   }
-}
\ No newline at end of file
+}
diff --git a/ecs/states-vulnerabilities/fields/template-settings.json b/ecs/states-vulnerabilities/fields/template-settings.json
index 66db0f6ad7377..901003b59b17f 100644
--- a/ecs/states-vulnerabilities/fields/template-settings.json
+++ b/ecs/states-vulnerabilities/fields/template-settings.json
@@ -9,7 +9,7 @@
         "refresh_interval": "5s",
         "query.default_field": [
           "agent.id",
-          "agent.group",
+          "agent.groups",
           "host.os.full",
           "host.os.version",
           "package.name",