logstash-output-elasticsearch 11.0.5-java → 11.1.0-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/lib/logstash/outputs/elasticsearch/http_client.rb +15 -0
  4. data/logstash-output-elasticsearch.gemspec +2 -1
  5. data/spec/es_spec_helper.rb +10 -1
  6. data/spec/unit/outputs/elasticsearch/http_client_spec.rb +69 -0
  7. metadata +16 -5
  8. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json +0 -2950
  9. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +0 -2948
  10. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-8x.json +0 -1
data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json DELETED
@@ -1,2950 +0,0 @@
1
- {
2
- "index_patterns": [
3
- "ecs-logstash-*"
4
- ],
5
- "mappings": {
6
- "_doc": {
7
- "_meta": {
8
- "version": "1.5.0"
9
- },
10
- "date_detection": false,
11
- "dynamic_templates": [
12
- {
13
- "strings_as_keyword": {
14
- "mapping": {
15
- "ignore_above": 1024,
16
- "type": "keyword"
17
- },
18
- "match_mapping_type": "string"
19
- }
20
- }
21
- ],
22
- "properties": {
23
- "@timestamp": {
24
- "type": "date"
25
- },
26
- "agent": {
27
- "properties": {
28
- "ephemeral_id": {
29
- "ignore_above": 1024,
30
- "type": "keyword"
31
- },
32
- "id": {
33
- "ignore_above": 1024,
34
- "type": "keyword"
35
- },
36
- "name": {
37
- "ignore_above": 1024,
38
- "type": "keyword"
39
- },
40
- "type": {
41
- "ignore_above": 1024,
42
- "type": "keyword"
43
- },
44
- "version": {
45
- "ignore_above": 1024,
46
- "type": "keyword"
47
- }
48
- }
49
- },
50
- "as": {
51
- "properties": {
52
- "number": {
53
- "type": "long"
54
- },
55
- "organization": {
56
- "properties": {
57
- "name": {
58
- "fields": {
59
- "text": {
60
- "norms": false,
61
- "type": "text"
62
- }
63
- },
64
- "ignore_above": 1024,
65
- "type": "keyword"
66
- }
67
- }
68
- }
69
- }
70
- },
71
- "client": {
72
- "properties": {
73
- "address": {
74
- "ignore_above": 1024,
75
- "type": "keyword"
76
- },
77
- "as": {
78
- "properties": {
79
- "number": {
80
- "type": "long"
81
- },
82
- "organization": {
83
- "properties": {
84
- "name": {
85
- "fields": {
86
- "text": {
87
- "norms": false,
88
- "type": "text"
89
- }
90
- },
91
- "ignore_above": 1024,
92
- "type": "keyword"
93
- }
94
- }
95
- }
96
- }
97
- },
98
- "bytes": {
99
- "type": "long"
100
- },
101
- "domain": {
102
- "ignore_above": 1024,
103
- "type": "keyword"
104
- },
105
- "geo": {
106
- "properties": {
107
- "city_name": {
108
- "ignore_above": 1024,
109
- "type": "keyword"
110
- },
111
- "continent_name": {
112
- "ignore_above": 1024,
113
- "type": "keyword"
114
- },
115
- "country_iso_code": {
116
- "ignore_above": 1024,
117
- "type": "keyword"
118
- },
119
- "country_name": {
120
- "ignore_above": 1024,
121
- "type": "keyword"
122
- },
123
- "location": {
124
- "type": "geo_point"
125
- },
126
- "name": {
127
- "ignore_above": 1024,
128
- "type": "keyword"
129
- },
130
- "region_iso_code": {
131
- "ignore_above": 1024,
132
- "type": "keyword"
133
- },
134
- "region_name": {
135
- "ignore_above": 1024,
136
- "type": "keyword"
137
- }
138
- }
139
- },
140
- "ip": {
141
- "type": "ip"
142
- },
143
- "mac": {
144
- "ignore_above": 1024,
145
- "type": "keyword"
146
- },
147
- "nat": {
148
- "properties": {
149
- "ip": {
150
- "type": "ip"
151
- },
152
- "port": {
153
- "type": "long"
154
- }
155
- }
156
- },
157
- "packets": {
158
- "type": "long"
159
- },
160
- "port": {
161
- "type": "long"
162
- },
163
- "registered_domain": {
164
- "ignore_above": 1024,
165
- "type": "keyword"
166
- },
167
- "top_level_domain": {
168
- "ignore_above": 1024,
169
- "type": "keyword"
170
- },
171
- "user": {
172
- "properties": {
173
- "domain": {
174
- "ignore_above": 1024,
175
- "type": "keyword"
176
- },
177
- "email": {
178
- "ignore_above": 1024,
179
- "type": "keyword"
180
- },
181
- "full_name": {
182
- "fields": {
183
- "text": {
184
- "norms": false,
185
- "type": "text"
186
- }
187
- },
188
- "ignore_above": 1024,
189
- "type": "keyword"
190
- },
191
- "group": {
192
- "properties": {
193
- "domain": {
194
- "ignore_above": 1024,
195
- "type": "keyword"
196
- },
197
- "id": {
198
- "ignore_above": 1024,
199
- "type": "keyword"
200
- },
201
- "name": {
202
- "ignore_above": 1024,
203
- "type": "keyword"
204
- }
205
- }
206
- },
207
- "hash": {
208
- "ignore_above": 1024,
209
- "type": "keyword"
210
- },
211
- "id": {
212
- "ignore_above": 1024,
213
- "type": "keyword"
214
- },
215
- "name": {
216
- "fields": {
217
- "text": {
218
- "norms": false,
219
- "type": "text"
220
- }
221
- },
222
- "ignore_above": 1024,
223
- "type": "keyword"
224
- }
225
- }
226
- }
227
- }
228
- },
229
- "cloud": {
230
- "properties": {
231
- "account": {
232
- "properties": {
233
- "id": {
234
- "ignore_above": 1024,
235
- "type": "keyword"
236
- }
237
- }
238
- },
239
- "availability_zone": {
240
- "ignore_above": 1024,
241
- "type": "keyword"
242
- },
243
- "instance": {
244
- "properties": {
245
- "id": {
246
- "ignore_above": 1024,
247
- "type": "keyword"
248
- },
249
- "name": {
250
- "ignore_above": 1024,
251
- "type": "keyword"
252
- }
253
- }
254
- },
255
- "machine": {
256
- "properties": {
257
- "type": {
258
- "ignore_above": 1024,
259
- "type": "keyword"
260
- }
261
- }
262
- },
263
- "provider": {
264
- "ignore_above": 1024,
265
- "type": "keyword"
266
- },
267
- "region": {
268
- "ignore_above": 1024,
269
- "type": "keyword"
270
- }
271
- }
272
- },
273
- "code_signature": {
274
- "properties": {
275
- "exists": {
276
- "type": "boolean"
277
- },
278
- "status": {
279
- "ignore_above": 1024,
280
- "type": "keyword"
281
- },
282
- "subject_name": {
283
- "ignore_above": 1024,
284
- "type": "keyword"
285
- },
286
- "trusted": {
287
- "type": "boolean"
288
- },
289
- "valid": {
290
- "type": "boolean"
291
- }
292
- }
293
- },
294
- "container": {
295
- "properties": {
296
- "id": {
297
- "ignore_above": 1024,
298
- "type": "keyword"
299
- },
300
- "image": {
301
- "properties": {
302
- "name": {
303
- "ignore_above": 1024,
304
- "type": "keyword"
305
- },
306
- "tag": {
307
- "ignore_above": 1024,
308
- "type": "keyword"
309
- }
310
- }
311
- },
312
- "labels": {
313
- "type": "object"
314
- },
315
- "name": {
316
- "ignore_above": 1024,
317
- "type": "keyword"
318
- },
319
- "runtime": {
320
- "ignore_above": 1024,
321
- "type": "keyword"
322
- }
323
- }
324
- },
325
- "destination": {
326
- "properties": {
327
- "address": {
328
- "ignore_above": 1024,
329
- "type": "keyword"
330
- },
331
- "as": {
332
- "properties": {
333
- "number": {
334
- "type": "long"
335
- },
336
- "organization": {
337
- "properties": {
338
- "name": {
339
- "fields": {
340
- "text": {
341
- "norms": false,
342
- "type": "text"
343
- }
344
- },
345
- "ignore_above": 1024,
346
- "type": "keyword"
347
- }
348
- }
349
- }
350
- }
351
- },
352
- "bytes": {
353
- "type": "long"
354
- },
355
- "domain": {
356
- "ignore_above": 1024,
357
- "type": "keyword"
358
- },
359
- "geo": {
360
- "properties": {
361
- "city_name": {
362
- "ignore_above": 1024,
363
- "type": "keyword"
364
- },
365
- "continent_name": {
366
- "ignore_above": 1024,
367
- "type": "keyword"
368
- },
369
- "country_iso_code": {
370
- "ignore_above": 1024,
371
- "type": "keyword"
372
- },
373
- "country_name": {
374
- "ignore_above": 1024,
375
- "type": "keyword"
376
- },
377
- "location": {
378
- "type": "geo_point"
379
- },
380
- "name": {
381
- "ignore_above": 1024,
382
- "type": "keyword"
383
- },
384
- "region_iso_code": {
385
- "ignore_above": 1024,
386
- "type": "keyword"
387
- },
388
- "region_name": {
389
- "ignore_above": 1024,
390
- "type": "keyword"
391
- }
392
- }
393
- },
394
- "ip": {
395
- "type": "ip"
396
- },
397
- "mac": {
398
- "ignore_above": 1024,
399
- "type": "keyword"
400
- },
401
- "nat": {
402
- "properties": {
403
- "ip": {
404
- "type": "ip"
405
- },
406
- "port": {
407
- "type": "long"
408
- }
409
- }
410
- },
411
- "packets": {
412
- "type": "long"
413
- },
414
- "port": {
415
- "type": "long"
416
- },
417
- "registered_domain": {
418
- "ignore_above": 1024,
419
- "type": "keyword"
420
- },
421
- "top_level_domain": {
422
- "ignore_above": 1024,
423
- "type": "keyword"
424
- },
425
- "user": {
426
- "properties": {
427
- "domain": {
428
- "ignore_above": 1024,
429
- "type": "keyword"
430
- },
431
- "email": {
432
- "ignore_above": 1024,
433
- "type": "keyword"
434
- },
435
- "full_name": {
436
- "fields": {
437
- "text": {
438
- "norms": false,
439
- "type": "text"
440
- }
441
- },
442
- "ignore_above": 1024,
443
- "type": "keyword"
444
- },
445
- "group": {
446
- "properties": {
447
- "domain": {
448
- "ignore_above": 1024,
449
- "type": "keyword"
450
- },
451
- "id": {
452
- "ignore_above": 1024,
453
- "type": "keyword"
454
- },
455
- "name": {
456
- "ignore_above": 1024,
457
- "type": "keyword"
458
- }
459
- }
460
- },
461
- "hash": {
462
- "ignore_above": 1024,
463
- "type": "keyword"
464
- },
465
- "id": {
466
- "ignore_above": 1024,
467
- "type": "keyword"
468
- },
469
- "name": {
470
- "fields": {
471
- "text": {
472
- "norms": false,
473
- "type": "text"
474
- }
475
- },
476
- "ignore_above": 1024,
477
- "type": "keyword"
478
- }
479
- }
480
- }
481
- }
482
- },
483
- "dll": {
484
- "properties": {
485
- "code_signature": {
486
- "properties": {
487
- "exists": {
488
- "type": "boolean"
489
- },
490
- "status": {
491
- "ignore_above": 1024,
492
- "type": "keyword"
493
- },
494
- "subject_name": {
495
- "ignore_above": 1024,
496
- "type": "keyword"
497
- },
498
- "trusted": {
499
- "type": "boolean"
500
- },
501
- "valid": {
502
- "type": "boolean"
503
- }
504
- }
505
- },
506
- "hash": {
507
- "properties": {
508
- "md5": {
509
- "ignore_above": 1024,
510
- "type": "keyword"
511
- },
512
- "sha1": {
513
- "ignore_above": 1024,
514
- "type": "keyword"
515
- },
516
- "sha256": {
517
- "ignore_above": 1024,
518
- "type": "keyword"
519
- },
520
- "sha512": {
521
- "ignore_above": 1024,
522
- "type": "keyword"
523
- }
524
- }
525
- },
526
- "name": {
527
- "ignore_above": 1024,
528
- "type": "keyword"
529
- },
530
- "path": {
531
- "ignore_above": 1024,
532
- "type": "keyword"
533
- },
534
- "pe": {
535
- "properties": {
536
- "company": {
537
- "ignore_above": 1024,
538
- "type": "keyword"
539
- },
540
- "description": {
541
- "ignore_above": 1024,
542
- "type": "keyword"
543
- },
544
- "file_version": {
545
- "ignore_above": 1024,
546
- "type": "keyword"
547
- },
548
- "original_file_name": {
549
- "ignore_above": 1024,
550
- "type": "keyword"
551
- },
552
- "product": {
553
- "ignore_above": 1024,
554
- "type": "keyword"
555
- }
556
- }
557
- }
558
- }
559
- },
560
- "dns": {
561
- "properties": {
562
- "answers": {
563
- "properties": {
564
- "class": {
565
- "ignore_above": 1024,
566
- "type": "keyword"
567
- },
568
- "data": {
569
- "ignore_above": 1024,
570
- "type": "keyword"
571
- },
572
- "name": {
573
- "ignore_above": 1024,
574
- "type": "keyword"
575
- },
576
- "ttl": {
577
- "type": "long"
578
- },
579
- "type": {
580
- "ignore_above": 1024,
581
- "type": "keyword"
582
- }
583
- },
584
- "type": "object"
585
- },
586
- "header_flags": {
587
- "ignore_above": 1024,
588
- "type": "keyword"
589
- },
590
- "id": {
591
- "ignore_above": 1024,
592
- "type": "keyword"
593
- },
594
- "op_code": {
595
- "ignore_above": 1024,
596
- "type": "keyword"
597
- },
598
- "question": {
599
- "properties": {
600
- "class": {
601
- "ignore_above": 1024,
602
- "type": "keyword"
603
- },
604
- "name": {
605
- "ignore_above": 1024,
606
- "type": "keyword"
607
- },
608
- "registered_domain": {
609
- "ignore_above": 1024,
610
- "type": "keyword"
611
- },
612
- "subdomain": {
613
- "ignore_above": 1024,
614
- "type": "keyword"
615
- },
616
- "top_level_domain": {
617
- "ignore_above": 1024,
618
- "type": "keyword"
619
- },
620
- "type": {
621
- "ignore_above": 1024,
622
- "type": "keyword"
623
- }
624
- }
625
- },
626
- "resolved_ip": {
627
- "type": "ip"
628
- },
629
- "response_code": {
630
- "ignore_above": 1024,
631
- "type": "keyword"
632
- },
633
- "type": {
634
- "ignore_above": 1024,
635
- "type": "keyword"
636
- }
637
- }
638
- },
639
- "ecs": {
640
- "properties": {
641
- "version": {
642
- "ignore_above": 1024,
643
- "type": "keyword"
644
- }
645
- }
646
- },
647
- "error": {
648
- "properties": {
649
- "code": {
650
- "ignore_above": 1024,
651
- "type": "keyword"
652
- },
653
- "id": {
654
- "ignore_above": 1024,
655
- "type": "keyword"
656
- },
657
- "message": {
658
- "norms": false,
659
- "type": "text"
660
- },
661
- "stack_trace": {
662
- "doc_values": false,
663
- "fields": {
664
- "text": {
665
- "norms": false,
666
- "type": "text"
667
- }
668
- },
669
- "ignore_above": 1024,
670
- "index": false,
671
- "type": "keyword"
672
- },
673
- "type": {
674
- "ignore_above": 1024,
675
- "type": "keyword"
676
- }
677
- }
678
- },
679
- "event": {
680
- "properties": {
681
- "action": {
682
- "ignore_above": 1024,
683
- "type": "keyword"
684
- },
685
- "category": {
686
- "ignore_above": 1024,
687
- "type": "keyword"
688
- },
689
- "code": {
690
- "ignore_above": 1024,
691
- "type": "keyword"
692
- },
693
- "created": {
694
- "type": "date"
695
- },
696
- "dataset": {
697
- "ignore_above": 1024,
698
- "type": "keyword"
699
- },
700
- "duration": {
701
- "type": "long"
702
- },
703
- "end": {
704
- "type": "date"
705
- },
706
- "hash": {
707
- "ignore_above": 1024,
708
- "type": "keyword"
709
- },
710
- "id": {
711
- "ignore_above": 1024,
712
- "type": "keyword"
713
- },
714
- "ingested": {
715
- "type": "date"
716
- },
717
- "kind": {
718
- "ignore_above": 1024,
719
- "type": "keyword"
720
- },
721
- "module": {
722
- "ignore_above": 1024,
723
- "type": "keyword"
724
- },
725
- "original": {
726
- "doc_values": false,
727
- "ignore_above": 1024,
728
- "index": false,
729
- "type": "keyword"
730
- },
731
- "outcome": {
732
- "ignore_above": 1024,
733
- "type": "keyword"
734
- },
735
- "provider": {
736
- "ignore_above": 1024,
737
- "type": "keyword"
738
- },
739
- "reference": {
740
- "ignore_above": 1024,
741
- "type": "keyword"
742
- },
743
- "risk_score": {
744
- "type": "float"
745
- },
746
- "risk_score_norm": {
747
- "type": "float"
748
- },
749
- "sequence": {
750
- "type": "long"
751
- },
752
- "severity": {
753
- "type": "long"
754
- },
755
- "start": {
756
- "type": "date"
757
- },
758
- "timezone": {
759
- "ignore_above": 1024,
760
- "type": "keyword"
761
- },
762
- "type": {
763
- "ignore_above": 1024,
764
- "type": "keyword"
765
- },
766
- "url": {
767
- "ignore_above": 1024,
768
- "type": "keyword"
769
- }
770
- }
771
- },
772
- "file": {
773
- "properties": {
774
- "accessed": {
775
- "type": "date"
776
- },
777
- "attributes": {
778
- "ignore_above": 1024,
779
- "type": "keyword"
780
- },
781
- "code_signature": {
782
- "properties": {
783
- "exists": {
784
- "type": "boolean"
785
- },
786
- "status": {
787
- "ignore_above": 1024,
788
- "type": "keyword"
789
- },
790
- "subject_name": {
791
- "ignore_above": 1024,
792
- "type": "keyword"
793
- },
794
- "trusted": {
795
- "type": "boolean"
796
- },
797
- "valid": {
798
- "type": "boolean"
799
- }
800
- }
801
- },
802
- "created": {
803
- "type": "date"
804
- },
805
- "ctime": {
806
- "type": "date"
807
- },
808
- "device": {
809
- "ignore_above": 1024,
810
- "type": "keyword"
811
- },
812
- "directory": {
813
- "ignore_above": 1024,
814
- "type": "keyword"
815
- },
816
- "drive_letter": {
817
- "ignore_above": 1,
818
- "type": "keyword"
819
- },
820
- "extension": {
821
- "ignore_above": 1024,
822
- "type": "keyword"
823
- },
824
- "gid": {
825
- "ignore_above": 1024,
826
- "type": "keyword"
827
- },
828
- "group": {
829
- "ignore_above": 1024,
830
- "type": "keyword"
831
- },
832
- "hash": {
833
- "properties": {
834
- "md5": {
835
- "ignore_above": 1024,
836
- "type": "keyword"
837
- },
838
- "sha1": {
839
- "ignore_above": 1024,
840
- "type": "keyword"
841
- },
842
- "sha256": {
843
- "ignore_above": 1024,
844
- "type": "keyword"
845
- },
846
- "sha512": {
847
- "ignore_above": 1024,
848
- "type": "keyword"
849
- }
850
- }
851
- },
852
- "inode": {
853
- "ignore_above": 1024,
854
- "type": "keyword"
855
- },
856
- "mime_type": {
857
- "ignore_above": 1024,
858
- "type": "keyword"
859
- },
860
- "mode": {
861
- "ignore_above": 1024,
862
- "type": "keyword"
863
- },
864
- "mtime": {
865
- "type": "date"
866
- },
867
- "name": {
868
- "ignore_above": 1024,
869
- "type": "keyword"
870
- },
871
- "owner": {
872
- "ignore_above": 1024,
873
- "type": "keyword"
874
- },
875
- "path": {
876
- "fields": {
877
- "text": {
878
- "norms": false,
879
- "type": "text"
880
- }
881
- },
882
- "ignore_above": 1024,
883
- "type": "keyword"
884
- },
885
- "pe": {
886
- "properties": {
887
- "company": {
888
- "ignore_above": 1024,
889
- "type": "keyword"
890
- },
891
- "description": {
892
- "ignore_above": 1024,
893
- "type": "keyword"
894
- },
895
- "file_version": {
896
- "ignore_above": 1024,
897
- "type": "keyword"
898
- },
899
- "original_file_name": {
900
- "ignore_above": 1024,
901
- "type": "keyword"
902
- },
903
- "product": {
904
- "ignore_above": 1024,
905
- "type": "keyword"
906
- }
907
- }
908
- },
909
- "size": {
910
- "type": "long"
911
- },
912
- "target_path": {
913
- "fields": {
914
- "text": {
915
- "norms": false,
916
- "type": "text"
917
- }
918
- },
919
- "ignore_above": 1024,
920
- "type": "keyword"
921
- },
922
- "type": {
923
- "ignore_above": 1024,
924
- "type": "keyword"
925
- },
926
- "uid": {
927
- "ignore_above": 1024,
928
- "type": "keyword"
929
- }
930
- }
931
- },
932
- "geo": {
933
- "properties": {
934
- "city_name": {
935
- "ignore_above": 1024,
936
- "type": "keyword"
937
- },
938
- "continent_name": {
939
- "ignore_above": 1024,
940
- "type": "keyword"
941
- },
942
- "country_iso_code": {
943
- "ignore_above": 1024,
944
- "type": "keyword"
945
- },
946
- "country_name": {
947
- "ignore_above": 1024,
948
- "type": "keyword"
949
- },
950
- "location": {
951
- "type": "geo_point"
952
- },
953
- "name": {
954
- "ignore_above": 1024,
955
- "type": "keyword"
956
- },
957
- "region_iso_code": {
958
- "ignore_above": 1024,
959
- "type": "keyword"
960
- },
961
- "region_name": {
962
- "ignore_above": 1024,
963
- "type": "keyword"
964
- }
965
- }
966
- },
967
- "group": {
968
- "properties": {
969
- "domain": {
970
- "ignore_above": 1024,
971
- "type": "keyword"
972
- },
973
- "id": {
974
- "ignore_above": 1024,
975
- "type": "keyword"
976
- },
977
- "name": {
978
- "ignore_above": 1024,
979
- "type": "keyword"
980
- }
981
- }
982
- },
983
- "hash": {
984
- "properties": {
985
- "md5": {
986
- "ignore_above": 1024,
987
- "type": "keyword"
988
- },
989
- "sha1": {
990
- "ignore_above": 1024,
991
- "type": "keyword"
992
- },
993
- "sha256": {
994
- "ignore_above": 1024,
995
- "type": "keyword"
996
- },
997
- "sha512": {
998
- "ignore_above": 1024,
999
- "type": "keyword"
1000
- }
1001
- }
1002
- },
1003
- "host": {
1004
- "properties": {
1005
- "architecture": {
1006
- "ignore_above": 1024,
1007
- "type": "keyword"
1008
- },
1009
- "domain": {
1010
- "ignore_above": 1024,
1011
- "type": "keyword"
1012
- },
1013
- "geo": {
1014
- "properties": {
1015
- "city_name": {
1016
- "ignore_above": 1024,
1017
- "type": "keyword"
1018
- },
1019
- "continent_name": {
1020
- "ignore_above": 1024,
1021
- "type": "keyword"
1022
- },
1023
- "country_iso_code": {
1024
- "ignore_above": 1024,
1025
- "type": "keyword"
1026
- },
1027
- "country_name": {
1028
- "ignore_above": 1024,
1029
- "type": "keyword"
1030
- },
1031
- "location": {
1032
- "type": "geo_point"
1033
- },
1034
- "name": {
1035
- "ignore_above": 1024,
1036
- "type": "keyword"
1037
- },
1038
- "region_iso_code": {
1039
- "ignore_above": 1024,
1040
- "type": "keyword"
1041
- },
1042
- "region_name": {
1043
- "ignore_above": 1024,
1044
- "type": "keyword"
1045
- }
1046
- }
1047
- },
1048
- "hostname": {
1049
- "ignore_above": 1024,
1050
- "type": "keyword"
1051
- },
1052
- "id": {
1053
- "ignore_above": 1024,
1054
- "type": "keyword"
1055
- },
1056
- "ip": {
1057
- "type": "ip"
1058
- },
1059
- "mac": {
1060
- "ignore_above": 1024,
1061
- "type": "keyword"
1062
- },
1063
- "name": {
1064
- "ignore_above": 1024,
1065
- "type": "keyword"
1066
- },
1067
- "os": {
1068
- "properties": {
1069
- "family": {
1070
- "ignore_above": 1024,
1071
- "type": "keyword"
1072
- },
1073
- "full": {
1074
- "fields": {
1075
- "text": {
1076
- "norms": false,
1077
- "type": "text"
1078
- }
1079
- },
1080
- "ignore_above": 1024,
1081
- "type": "keyword"
1082
- },
1083
- "kernel": {
1084
- "ignore_above": 1024,
1085
- "type": "keyword"
1086
- },
1087
- "name": {
1088
- "fields": {
1089
- "text": {
1090
- "norms": false,
1091
- "type": "text"
1092
- }
1093
- },
1094
- "ignore_above": 1024,
1095
- "type": "keyword"
1096
- },
1097
- "platform": {
1098
- "ignore_above": 1024,
1099
- "type": "keyword"
1100
- },
1101
- "version": {
1102
- "ignore_above": 1024,
1103
- "type": "keyword"
1104
- }
1105
- }
1106
- },
1107
- "type": {
1108
- "ignore_above": 1024,
1109
- "type": "keyword"
1110
- },
1111
- "uptime": {
1112
- "type": "long"
1113
- },
1114
- "user": {
1115
- "properties": {
1116
- "domain": {
1117
- "ignore_above": 1024,
1118
- "type": "keyword"
1119
- },
1120
- "email": {
1121
- "ignore_above": 1024,
1122
- "type": "keyword"
1123
- },
1124
- "full_name": {
1125
- "fields": {
1126
- "text": {
1127
- "norms": false,
1128
- "type": "text"
1129
- }
1130
- },
1131
- "ignore_above": 1024,
1132
- "type": "keyword"
1133
- },
1134
- "group": {
1135
- "properties": {
1136
- "domain": {
1137
- "ignore_above": 1024,
1138
- "type": "keyword"
1139
- },
1140
- "id": {
1141
- "ignore_above": 1024,
1142
- "type": "keyword"
1143
- },
1144
- "name": {
1145
- "ignore_above": 1024,
1146
- "type": "keyword"
1147
- }
1148
- }
1149
- },
1150
- "hash": {
1151
- "ignore_above": 1024,
1152
- "type": "keyword"
1153
- },
1154
- "id": {
1155
- "ignore_above": 1024,
1156
- "type": "keyword"
1157
- },
1158
- "name": {
1159
- "fields": {
1160
- "text": {
1161
- "norms": false,
1162
- "type": "text"
1163
- }
1164
- },
1165
- "ignore_above": 1024,
1166
- "type": "keyword"
1167
- }
1168
- }
1169
- }
1170
- }
1171
- },
1172
- "http": {
1173
- "properties": {
1174
- "request": {
1175
- "properties": {
1176
- "body": {
1177
- "properties": {
1178
- "bytes": {
1179
- "type": "long"
1180
- },
1181
- "content": {
1182
- "fields": {
1183
- "text": {
1184
- "norms": false,
1185
- "type": "text"
1186
- }
1187
- },
1188
- "ignore_above": 1024,
1189
- "type": "keyword"
1190
- }
1191
- }
1192
- },
1193
- "bytes": {
1194
- "type": "long"
1195
- },
1196
- "method": {
1197
- "ignore_above": 1024,
1198
- "type": "keyword"
1199
- },
1200
- "referrer": {
1201
- "ignore_above": 1024,
1202
- "type": "keyword"
1203
- }
1204
- }
1205
- },
1206
- "response": {
1207
- "properties": {
1208
- "body": {
1209
- "properties": {
1210
- "bytes": {
1211
- "type": "long"
1212
- },
1213
- "content": {
1214
- "fields": {
1215
- "text": {
1216
- "norms": false,
1217
- "type": "text"
1218
- }
1219
- },
1220
- "ignore_above": 1024,
1221
- "type": "keyword"
1222
- }
1223
- }
1224
- },
1225
- "bytes": {
1226
- "type": "long"
1227
- },
1228
- "status_code": {
1229
- "type": "long"
1230
- }
1231
- }
1232
- },
1233
- "version": {
1234
- "ignore_above": 1024,
1235
- "type": "keyword"
1236
- }
1237
- }
1238
- },
1239
- "interface": {
1240
- "properties": {
1241
- "alias": {
1242
- "ignore_above": 1024,
1243
- "type": "keyword"
1244
- },
1245
- "id": {
1246
- "ignore_above": 1024,
1247
- "type": "keyword"
1248
- },
1249
- "name": {
1250
- "ignore_above": 1024,
1251
- "type": "keyword"
1252
- }
1253
- }
1254
- },
1255
- "labels": {
1256
- "type": "object"
1257
- },
1258
- "log": {
1259
- "properties": {
1260
- "level": {
1261
- "ignore_above": 1024,
1262
- "type": "keyword"
1263
- },
1264
- "logger": {
1265
- "ignore_above": 1024,
1266
- "type": "keyword"
1267
- },
1268
- "origin": {
1269
- "properties": {
1270
- "file": {
1271
- "properties": {
1272
- "line": {
1273
- "type": "integer"
1274
- },
1275
- "name": {
1276
- "ignore_above": 1024,
1277
- "type": "keyword"
1278
- }
1279
- }
1280
- },
1281
- "function": {
1282
- "ignore_above": 1024,
1283
- "type": "keyword"
1284
- }
1285
- }
1286
- },
1287
- "original": {
1288
- "doc_values": false,
1289
- "ignore_above": 1024,
1290
- "index": false,
1291
- "type": "keyword"
1292
- },
1293
- "syslog": {
1294
- "properties": {
1295
- "facility": {
1296
- "properties": {
1297
- "code": {
1298
- "type": "long"
1299
- },
1300
- "name": {
1301
- "ignore_above": 1024,
1302
- "type": "keyword"
1303
- }
1304
- }
1305
- },
1306
- "priority": {
1307
- "type": "long"
1308
- },
1309
- "severity": {
1310
- "properties": {
1311
- "code": {
1312
- "type": "long"
1313
- },
1314
- "name": {
1315
- "ignore_above": 1024,
1316
- "type": "keyword"
1317
- }
1318
- }
1319
- }
1320
- },
1321
- "type": "object"
1322
- }
1323
- }
1324
- },
1325
- "message": {
1326
- "norms": false,
1327
- "type": "text"
1328
- },
1329
- "network": {
1330
- "properties": {
1331
- "application": {
1332
- "ignore_above": 1024,
1333
- "type": "keyword"
1334
- },
1335
- "bytes": {
1336
- "type": "long"
1337
- },
1338
- "community_id": {
1339
- "ignore_above": 1024,
1340
- "type": "keyword"
1341
- },
1342
- "direction": {
1343
- "ignore_above": 1024,
1344
- "type": "keyword"
1345
- },
1346
- "forwarded_ip": {
1347
- "type": "ip"
1348
- },
1349
- "iana_number": {
1350
- "ignore_above": 1024,
1351
- "type": "keyword"
1352
- },
1353
- "inner": {
1354
- "properties": {
1355
- "vlan": {
1356
- "properties": {
1357
- "id": {
1358
- "ignore_above": 1024,
1359
- "type": "keyword"
1360
- },
1361
- "name": {
1362
- "ignore_above": 1024,
1363
- "type": "keyword"
1364
- }
1365
- }
1366
- }
1367
- },
1368
- "type": "object"
1369
- },
1370
- "name": {
1371
- "ignore_above": 1024,
1372
- "type": "keyword"
1373
- },
1374
- "packets": {
1375
- "type": "long"
1376
- },
1377
- "protocol": {
1378
- "ignore_above": 1024,
1379
- "type": "keyword"
1380
- },
1381
- "transport": {
1382
- "ignore_above": 1024,
1383
- "type": "keyword"
1384
- },
1385
- "type": {
1386
- "ignore_above": 1024,
1387
- "type": "keyword"
1388
- },
1389
- "vlan": {
1390
- "properties": {
1391
- "id": {
1392
- "ignore_above": 1024,
1393
- "type": "keyword"
1394
- },
1395
- "name": {
1396
- "ignore_above": 1024,
1397
- "type": "keyword"
1398
- }
1399
- }
1400
- }
1401
- }
1402
- },
1403
- "observer": {
1404
- "properties": {
1405
- "egress": {
1406
- "properties": {
1407
- "interface": {
1408
- "properties": {
1409
- "alias": {
1410
- "ignore_above": 1024,
1411
- "type": "keyword"
1412
- },
1413
- "id": {
1414
- "ignore_above": 1024,
1415
- "type": "keyword"
1416
- },
1417
- "name": {
1418
- "ignore_above": 1024,
1419
- "type": "keyword"
1420
- }
1421
- }
1422
- },
1423
- "vlan": {
1424
- "properties": {
1425
- "id": {
1426
- "ignore_above": 1024,
1427
- "type": "keyword"
1428
- },
1429
- "name": {
1430
- "ignore_above": 1024,
1431
- "type": "keyword"
1432
- }
1433
- }
1434
- },
1435
- "zone": {
1436
- "ignore_above": 1024,
1437
- "type": "keyword"
1438
- }
1439
- },
1440
- "type": "object"
1441
- },
1442
- "geo": {
1443
- "properties": {
1444
- "city_name": {
1445
- "ignore_above": 1024,
1446
- "type": "keyword"
1447
- },
1448
- "continent_name": {
1449
- "ignore_above": 1024,
1450
- "type": "keyword"
1451
- },
1452
- "country_iso_code": {
1453
- "ignore_above": 1024,
1454
- "type": "keyword"
1455
- },
1456
- "country_name": {
1457
- "ignore_above": 1024,
1458
- "type": "keyword"
1459
- },
1460
- "location": {
1461
- "type": "geo_point"
1462
- },
1463
- "name": {
1464
- "ignore_above": 1024,
1465
- "type": "keyword"
1466
- },
1467
- "region_iso_code": {
1468
- "ignore_above": 1024,
1469
- "type": "keyword"
1470
- },
1471
- "region_name": {
1472
- "ignore_above": 1024,
1473
- "type": "keyword"
1474
- }
1475
- }
1476
- },
1477
- "hostname": {
1478
- "ignore_above": 1024,
1479
- "type": "keyword"
1480
- },
1481
- "ingress": {
1482
- "properties": {
1483
- "interface": {
1484
- "properties": {
1485
- "alias": {
1486
- "ignore_above": 1024,
1487
- "type": "keyword"
1488
- },
1489
- "id": {
1490
- "ignore_above": 1024,
1491
- "type": "keyword"
1492
- },
1493
- "name": {
1494
- "ignore_above": 1024,
1495
- "type": "keyword"
1496
- }
1497
- }
1498
- },
1499
- "vlan": {
1500
- "properties": {
1501
- "id": {
1502
- "ignore_above": 1024,
1503
- "type": "keyword"
1504
- },
1505
- "name": {
1506
- "ignore_above": 1024,
1507
- "type": "keyword"
1508
- }
1509
- }
1510
- },
1511
- "zone": {
1512
- "ignore_above": 1024,
1513
- "type": "keyword"
1514
- }
1515
- },
1516
- "type": "object"
1517
- },
1518
- "ip": {
1519
- "type": "ip"
1520
- },
1521
- "mac": {
1522
- "ignore_above": 1024,
1523
- "type": "keyword"
1524
- },
1525
- "name": {
1526
- "ignore_above": 1024,
1527
- "type": "keyword"
1528
- },
1529
- "os": {
1530
- "properties": {
1531
- "family": {
1532
- "ignore_above": 1024,
1533
- "type": "keyword"
1534
- },
1535
- "full": {
1536
- "fields": {
1537
- "text": {
1538
- "norms": false,
1539
- "type": "text"
1540
- }
1541
- },
1542
- "ignore_above": 1024,
1543
- "type": "keyword"
1544
- },
1545
- "kernel": {
1546
- "ignore_above": 1024,
1547
- "type": "keyword"
1548
- },
1549
- "name": {
1550
- "fields": {
1551
- "text": {
1552
- "norms": false,
1553
- "type": "text"
1554
- }
1555
- },
1556
- "ignore_above": 1024,
1557
- "type": "keyword"
1558
- },
1559
- "platform": {
1560
- "ignore_above": 1024,
1561
- "type": "keyword"
1562
- },
1563
- "version": {
1564
- "ignore_above": 1024,
1565
- "type": "keyword"
1566
- }
1567
- }
1568
- },
1569
- "product": {
1570
- "ignore_above": 1024,
1571
- "type": "keyword"
1572
- },
1573
- "serial_number": {
1574
- "ignore_above": 1024,
1575
- "type": "keyword"
1576
- },
1577
- "type": {
1578
- "ignore_above": 1024,
1579
- "type": "keyword"
1580
- },
1581
- "vendor": {
1582
- "ignore_above": 1024,
1583
- "type": "keyword"
1584
- },
1585
- "version": {
1586
- "ignore_above": 1024,
1587
- "type": "keyword"
1588
- }
1589
- }
1590
- },
1591
- "organization": {
1592
- "properties": {
1593
- "id": {
1594
- "ignore_above": 1024,
1595
- "type": "keyword"
1596
- },
1597
- "name": {
1598
- "fields": {
1599
- "text": {
1600
- "norms": false,
1601
- "type": "text"
1602
- }
1603
- },
1604
- "ignore_above": 1024,
1605
- "type": "keyword"
1606
- }
1607
- }
1608
- },
1609
- "os": {
1610
- "properties": {
1611
- "family": {
1612
- "ignore_above": 1024,
1613
- "type": "keyword"
1614
- },
1615
- "full": {
1616
- "fields": {
1617
- "text": {
1618
- "norms": false,
1619
- "type": "text"
1620
- }
1621
- },
1622
- "ignore_above": 1024,
1623
- "type": "keyword"
1624
- },
1625
- "kernel": {
1626
- "ignore_above": 1024,
1627
- "type": "keyword"
1628
- },
1629
- "name": {
1630
- "fields": {
1631
- "text": {
1632
- "norms": false,
1633
- "type": "text"
1634
- }
1635
- },
1636
- "ignore_above": 1024,
1637
- "type": "keyword"
1638
- },
1639
- "platform": {
1640
- "ignore_above": 1024,
1641
- "type": "keyword"
1642
- },
1643
- "version": {
1644
- "ignore_above": 1024,
1645
- "type": "keyword"
1646
- }
1647
- }
1648
- },
1649
- "package": {
1650
- "properties": {
1651
- "architecture": {
1652
- "ignore_above": 1024,
1653
- "type": "keyword"
1654
- },
1655
- "build_version": {
1656
- "ignore_above": 1024,
1657
- "type": "keyword"
1658
- },
1659
- "checksum": {
1660
- "ignore_above": 1024,
1661
- "type": "keyword"
1662
- },
1663
- "description": {
1664
- "ignore_above": 1024,
1665
- "type": "keyword"
1666
- },
1667
- "install_scope": {
1668
- "ignore_above": 1024,
1669
- "type": "keyword"
1670
- },
1671
- "installed": {
1672
- "type": "date"
1673
- },
1674
- "license": {
1675
- "ignore_above": 1024,
1676
- "type": "keyword"
1677
- },
1678
- "name": {
1679
- "ignore_above": 1024,
1680
- "type": "keyword"
1681
- },
1682
- "path": {
1683
- "ignore_above": 1024,
1684
- "type": "keyword"
1685
- },
1686
- "reference": {
1687
- "ignore_above": 1024,
1688
- "type": "keyword"
1689
- },
1690
- "size": {
1691
- "type": "long"
1692
- },
1693
- "type": {
1694
- "ignore_above": 1024,
1695
- "type": "keyword"
1696
- },
1697
- "version": {
1698
- "ignore_above": 1024,
1699
- "type": "keyword"
1700
- }
1701
- }
1702
- },
1703
- "pe": {
1704
- "properties": {
1705
- "company": {
1706
- "ignore_above": 1024,
1707
- "type": "keyword"
1708
- },
1709
- "description": {
1710
- "ignore_above": 1024,
1711
- "type": "keyword"
1712
- },
1713
- "file_version": {
1714
- "ignore_above": 1024,
1715
- "type": "keyword"
1716
- },
1717
- "original_file_name": {
1718
- "ignore_above": 1024,
1719
- "type": "keyword"
1720
- },
1721
- "product": {
1722
- "ignore_above": 1024,
1723
- "type": "keyword"
1724
- }
1725
- }
1726
- },
1727
- "process": {
1728
- "properties": {
1729
- "args": {
1730
- "ignore_above": 1024,
1731
- "type": "keyword"
1732
- },
1733
- "args_count": {
1734
- "type": "long"
1735
- },
1736
- "code_signature": {
1737
- "properties": {
1738
- "exists": {
1739
- "type": "boolean"
1740
- },
1741
- "status": {
1742
- "ignore_above": 1024,
1743
- "type": "keyword"
1744
- },
1745
- "subject_name": {
1746
- "ignore_above": 1024,
1747
- "type": "keyword"
1748
- },
1749
- "trusted": {
1750
- "type": "boolean"
1751
- },
1752
- "valid": {
1753
- "type": "boolean"
1754
- }
1755
- }
1756
- },
1757
- "command_line": {
1758
- "fields": {
1759
- "text": {
1760
- "norms": false,
1761
- "type": "text"
1762
- }
1763
- },
1764
- "ignore_above": 1024,
1765
- "type": "keyword"
1766
- },
1767
- "entity_id": {
1768
- "ignore_above": 1024,
1769
- "type": "keyword"
1770
- },
1771
- "executable": {
1772
- "fields": {
1773
- "text": {
1774
- "norms": false,
1775
- "type": "text"
1776
- }
1777
- },
1778
- "ignore_above": 1024,
1779
- "type": "keyword"
1780
- },
1781
- "exit_code": {
1782
- "type": "long"
1783
- },
1784
- "hash": {
1785
- "properties": {
1786
- "md5": {
1787
- "ignore_above": 1024,
1788
- "type": "keyword"
1789
- },
1790
- "sha1": {
1791
- "ignore_above": 1024,
1792
- "type": "keyword"
1793
- },
1794
- "sha256": {
1795
- "ignore_above": 1024,
1796
- "type": "keyword"
1797
- },
1798
- "sha512": {
1799
- "ignore_above": 1024,
1800
- "type": "keyword"
1801
- }
1802
- }
1803
- },
1804
- "name": {
1805
- "fields": {
1806
- "text": {
1807
- "norms": false,
1808
- "type": "text"
1809
- }
1810
- },
1811
- "ignore_above": 1024,
1812
- "type": "keyword"
1813
- },
1814
- "parent": {
1815
- "properties": {
1816
- "args": {
1817
- "ignore_above": 1024,
1818
- "type": "keyword"
1819
- },
1820
- "args_count": {
1821
- "type": "long"
1822
- },
1823
- "code_signature": {
1824
- "properties": {
1825
- "exists": {
1826
- "type": "boolean"
1827
- },
1828
- "status": {
1829
- "ignore_above": 1024,
1830
- "type": "keyword"
1831
- },
1832
- "subject_name": {
1833
- "ignore_above": 1024,
1834
- "type": "keyword"
1835
- },
1836
- "trusted": {
1837
- "type": "boolean"
1838
- },
1839
- "valid": {
1840
- "type": "boolean"
1841
- }
1842
- }
1843
- },
1844
- "command_line": {
1845
- "fields": {
1846
- "text": {
1847
- "norms": false,
1848
- "type": "text"
1849
- }
1850
- },
1851
- "ignore_above": 1024,
1852
- "type": "keyword"
1853
- },
1854
- "entity_id": {
1855
- "ignore_above": 1024,
1856
- "type": "keyword"
1857
- },
1858
- "executable": {
1859
- "fields": {
1860
- "text": {
1861
- "norms": false,
1862
- "type": "text"
1863
- }
1864
- },
1865
- "ignore_above": 1024,
1866
- "type": "keyword"
1867
- },
1868
- "exit_code": {
1869
- "type": "long"
1870
- },
1871
- "hash": {
1872
- "properties": {
1873
- "md5": {
1874
- "ignore_above": 1024,
1875
- "type": "keyword"
1876
- },
1877
- "sha1": {
1878
- "ignore_above": 1024,
1879
- "type": "keyword"
1880
- },
1881
- "sha256": {
1882
- "ignore_above": 1024,
1883
- "type": "keyword"
1884
- },
1885
- "sha512": {
1886
- "ignore_above": 1024,
1887
- "type": "keyword"
1888
- }
1889
- }
1890
- },
1891
- "name": {
1892
- "fields": {
1893
- "text": {
1894
- "norms": false,
1895
- "type": "text"
1896
- }
1897
- },
1898
- "ignore_above": 1024,
1899
- "type": "keyword"
1900
- },
1901
- "pgid": {
1902
- "type": "long"
1903
- },
1904
- "pid": {
1905
- "type": "long"
1906
- },
1907
- "ppid": {
1908
- "type": "long"
1909
- },
1910
- "start": {
1911
- "type": "date"
1912
- },
1913
- "thread": {
1914
- "properties": {
1915
- "id": {
1916
- "type": "long"
1917
- },
1918
- "name": {
1919
- "ignore_above": 1024,
1920
- "type": "keyword"
1921
- }
1922
- }
1923
- },
1924
- "title": {
1925
- "fields": {
1926
- "text": {
1927
- "norms": false,
1928
- "type": "text"
1929
- }
1930
- },
1931
- "ignore_above": 1024,
1932
- "type": "keyword"
1933
- },
1934
- "uptime": {
1935
- "type": "long"
1936
- },
1937
- "working_directory": {
1938
- "fields": {
1939
- "text": {
1940
- "norms": false,
1941
- "type": "text"
1942
- }
1943
- },
1944
- "ignore_above": 1024,
1945
- "type": "keyword"
1946
- }
1947
- }
1948
- },
1949
- "pe": {
1950
- "properties": {
1951
- "company": {
1952
- "ignore_above": 1024,
1953
- "type": "keyword"
1954
- },
1955
- "description": {
1956
- "ignore_above": 1024,
1957
- "type": "keyword"
1958
- },
1959
- "file_version": {
1960
- "ignore_above": 1024,
1961
- "type": "keyword"
1962
- },
1963
- "original_file_name": {
1964
- "ignore_above": 1024,
1965
- "type": "keyword"
1966
- },
1967
- "product": {
1968
- "ignore_above": 1024,
1969
- "type": "keyword"
1970
- }
1971
- }
1972
- },
1973
- "pgid": {
1974
- "type": "long"
1975
- },
1976
- "pid": {
1977
- "type": "long"
1978
- },
1979
- "ppid": {
1980
- "type": "long"
1981
- },
1982
- "start": {
1983
- "type": "date"
1984
- },
1985
- "thread": {
1986
- "properties": {
1987
- "id": {
1988
- "type": "long"
1989
- },
1990
- "name": {
1991
- "ignore_above": 1024,
1992
- "type": "keyword"
1993
- }
1994
- }
1995
- },
1996
- "title": {
1997
- "fields": {
1998
- "text": {
1999
- "norms": false,
2000
- "type": "text"
2001
- }
2002
- },
2003
- "ignore_above": 1024,
2004
- "type": "keyword"
2005
- },
2006
- "uptime": {
2007
- "type": "long"
2008
- },
2009
- "working_directory": {
2010
- "fields": {
2011
- "text": {
2012
- "norms": false,
2013
- "type": "text"
2014
- }
2015
- },
2016
- "ignore_above": 1024,
2017
- "type": "keyword"
2018
- }
2019
- }
2020
- },
2021
- "registry": {
2022
- "properties": {
2023
- "data": {
2024
- "properties": {
2025
- "bytes": {
2026
- "ignore_above": 1024,
2027
- "type": "keyword"
2028
- },
2029
- "strings": {
2030
- "ignore_above": 1024,
2031
- "type": "keyword"
2032
- },
2033
- "type": {
2034
- "ignore_above": 1024,
2035
- "type": "keyword"
2036
- }
2037
- }
2038
- },
2039
- "hive": {
2040
- "ignore_above": 1024,
2041
- "type": "keyword"
2042
- },
2043
- "key": {
2044
- "ignore_above": 1024,
2045
- "type": "keyword"
2046
- },
2047
- "path": {
2048
- "ignore_above": 1024,
2049
- "type": "keyword"
2050
- },
2051
- "value": {
2052
- "ignore_above": 1024,
2053
- "type": "keyword"
2054
- }
2055
- }
2056
- },
2057
- "related": {
2058
- "properties": {
2059
- "hash": {
2060
- "ignore_above": 1024,
2061
- "type": "keyword"
2062
- },
2063
- "ip": {
2064
- "type": "ip"
2065
- },
2066
- "user": {
2067
- "ignore_above": 1024,
2068
- "type": "keyword"
2069
- }
2070
- }
2071
- },
2072
- "rule": {
2073
- "properties": {
2074
- "author": {
2075
- "ignore_above": 1024,
2076
- "type": "keyword"
2077
- },
2078
- "category": {
2079
- "ignore_above": 1024,
2080
- "type": "keyword"
2081
- },
2082
- "description": {
2083
- "ignore_above": 1024,
2084
- "type": "keyword"
2085
- },
2086
- "id": {
2087
- "ignore_above": 1024,
2088
- "type": "keyword"
2089
- },
2090
- "license": {
2091
- "ignore_above": 1024,
2092
- "type": "keyword"
2093
- },
2094
- "name": {
2095
- "ignore_above": 1024,
2096
- "type": "keyword"
2097
- },
2098
- "reference": {
2099
- "ignore_above": 1024,
2100
- "type": "keyword"
2101
- },
2102
- "ruleset": {
2103
- "ignore_above": 1024,
2104
- "type": "keyword"
2105
- },
2106
- "uuid": {
2107
- "ignore_above": 1024,
2108
- "type": "keyword"
2109
- },
2110
- "version": {
2111
- "ignore_above": 1024,
2112
- "type": "keyword"
2113
- }
2114
- }
2115
- },
2116
- "server": {
2117
- "properties": {
2118
- "address": {
2119
- "ignore_above": 1024,
2120
- "type": "keyword"
2121
- },
2122
- "as": {
2123
- "properties": {
2124
- "number": {
2125
- "type": "long"
2126
- },
2127
- "organization": {
2128
- "properties": {
2129
- "name": {
2130
- "fields": {
2131
- "text": {
2132
- "norms": false,
2133
- "type": "text"
2134
- }
2135
- },
2136
- "ignore_above": 1024,
2137
- "type": "keyword"
2138
- }
2139
- }
2140
- }
2141
- }
2142
- },
2143
- "bytes": {
2144
- "type": "long"
2145
- },
2146
- "domain": {
2147
- "ignore_above": 1024,
2148
- "type": "keyword"
2149
- },
2150
- "geo": {
2151
- "properties": {
2152
- "city_name": {
2153
- "ignore_above": 1024,
2154
- "type": "keyword"
2155
- },
2156
- "continent_name": {
2157
- "ignore_above": 1024,
2158
- "type": "keyword"
2159
- },
2160
- "country_iso_code": {
2161
- "ignore_above": 1024,
2162
- "type": "keyword"
2163
- },
2164
- "country_name": {
2165
- "ignore_above": 1024,
2166
- "type": "keyword"
2167
- },
2168
- "location": {
2169
- "type": "geo_point"
2170
- },
2171
- "name": {
2172
- "ignore_above": 1024,
2173
- "type": "keyword"
2174
- },
2175
- "region_iso_code": {
2176
- "ignore_above": 1024,
2177
- "type": "keyword"
2178
- },
2179
- "region_name": {
2180
- "ignore_above": 1024,
2181
- "type": "keyword"
2182
- }
2183
- }
2184
- },
2185
- "ip": {
2186
- "type": "ip"
2187
- },
2188
- "mac": {
2189
- "ignore_above": 1024,
2190
- "type": "keyword"
2191
- },
2192
- "nat": {
2193
- "properties": {
2194
- "ip": {
2195
- "type": "ip"
2196
- },
2197
- "port": {
2198
- "type": "long"
2199
- }
2200
- }
2201
- },
2202
- "packets": {
2203
- "type": "long"
2204
- },
2205
- "port": {
2206
- "type": "long"
2207
- },
2208
- "registered_domain": {
2209
- "ignore_above": 1024,
2210
- "type": "keyword"
2211
- },
2212
- "top_level_domain": {
2213
- "ignore_above": 1024,
2214
- "type": "keyword"
2215
- },
2216
- "user": {
2217
- "properties": {
2218
- "domain": {
2219
- "ignore_above": 1024,
2220
- "type": "keyword"
2221
- },
2222
- "email": {
2223
- "ignore_above": 1024,
2224
- "type": "keyword"
2225
- },
2226
- "full_name": {
2227
- "fields": {
2228
- "text": {
2229
- "norms": false,
2230
- "type": "text"
2231
- }
2232
- },
2233
- "ignore_above": 1024,
2234
- "type": "keyword"
2235
- },
2236
- "group": {
2237
- "properties": {
2238
- "domain": {
2239
- "ignore_above": 1024,
2240
- "type": "keyword"
2241
- },
2242
- "id": {
2243
- "ignore_above": 1024,
2244
- "type": "keyword"
2245
- },
2246
- "name": {
2247
- "ignore_above": 1024,
2248
- "type": "keyword"
2249
- }
2250
- }
2251
- },
2252
- "hash": {
2253
- "ignore_above": 1024,
2254
- "type": "keyword"
2255
- },
2256
- "id": {
2257
- "ignore_above": 1024,
2258
- "type": "keyword"
2259
- },
2260
- "name": {
2261
- "fields": {
2262
- "text": {
2263
- "norms": false,
2264
- "type": "text"
2265
- }
2266
- },
2267
- "ignore_above": 1024,
2268
- "type": "keyword"
2269
- }
2270
- }
2271
- }
2272
- }
2273
- },
2274
- "service": {
2275
- "properties": {
2276
- "ephemeral_id": {
2277
- "ignore_above": 1024,
2278
- "type": "keyword"
2279
- },
2280
- "id": {
2281
- "ignore_above": 1024,
2282
- "type": "keyword"
2283
- },
2284
- "name": {
2285
- "ignore_above": 1024,
2286
- "type": "keyword"
2287
- },
2288
- "node": {
2289
- "properties": {
2290
- "name": {
2291
- "ignore_above": 1024,
2292
- "type": "keyword"
2293
- }
2294
- }
2295
- },
2296
- "state": {
2297
- "ignore_above": 1024,
2298
- "type": "keyword"
2299
- },
2300
- "type": {
2301
- "ignore_above": 1024,
2302
- "type": "keyword"
2303
- },
2304
- "version": {
2305
- "ignore_above": 1024,
2306
- "type": "keyword"
2307
- }
2308
- }
2309
- },
2310
- "source": {
2311
- "properties": {
2312
- "address": {
2313
- "ignore_above": 1024,
2314
- "type": "keyword"
2315
- },
2316
- "as": {
2317
- "properties": {
2318
- "number": {
2319
- "type": "long"
2320
- },
2321
- "organization": {
2322
- "properties": {
2323
- "name": {
2324
- "fields": {
2325
- "text": {
2326
- "norms": false,
2327
- "type": "text"
2328
- }
2329
- },
2330
- "ignore_above": 1024,
2331
- "type": "keyword"
2332
- }
2333
- }
2334
- }
2335
- }
2336
- },
2337
- "bytes": {
2338
- "type": "long"
2339
- },
2340
- "domain": {
2341
- "ignore_above": 1024,
2342
- "type": "keyword"
2343
- },
2344
- "geo": {
2345
- "properties": {
2346
- "city_name": {
2347
- "ignore_above": 1024,
2348
- "type": "keyword"
2349
- },
2350
- "continent_name": {
2351
- "ignore_above": 1024,
2352
- "type": "keyword"
2353
- },
2354
- "country_iso_code": {
2355
- "ignore_above": 1024,
2356
- "type": "keyword"
2357
- },
2358
- "country_name": {
2359
- "ignore_above": 1024,
2360
- "type": "keyword"
2361
- },
2362
- "location": {
2363
- "type": "geo_point"
2364
- },
2365
- "name": {
2366
- "ignore_above": 1024,
2367
- "type": "keyword"
2368
- },
2369
- "region_iso_code": {
2370
- "ignore_above": 1024,
2371
- "type": "keyword"
2372
- },
2373
- "region_name": {
2374
- "ignore_above": 1024,
2375
- "type": "keyword"
2376
- }
2377
- }
2378
- },
2379
- "ip": {
2380
- "type": "ip"
2381
- },
2382
- "mac": {
2383
- "ignore_above": 1024,
2384
- "type": "keyword"
2385
- },
2386
- "nat": {
2387
- "properties": {
2388
- "ip": {
2389
- "type": "ip"
2390
- },
2391
- "port": {
2392
- "type": "long"
2393
- }
2394
- }
2395
- },
2396
- "packets": {
2397
- "type": "long"
2398
- },
2399
- "port": {
2400
- "type": "long"
2401
- },
2402
- "registered_domain": {
2403
- "ignore_above": 1024,
2404
- "type": "keyword"
2405
- },
2406
- "top_level_domain": {
2407
- "ignore_above": 1024,
2408
- "type": "keyword"
2409
- },
2410
- "user": {
2411
- "properties": {
2412
- "domain": {
2413
- "ignore_above": 1024,
2414
- "type": "keyword"
2415
- },
2416
- "email": {
2417
- "ignore_above": 1024,
2418
- "type": "keyword"
2419
- },
2420
- "full_name": {
2421
- "fields": {
2422
- "text": {
2423
- "norms": false,
2424
- "type": "text"
2425
- }
2426
- },
2427
- "ignore_above": 1024,
2428
- "type": "keyword"
2429
- },
2430
- "group": {
2431
- "properties": {
2432
- "domain": {
2433
- "ignore_above": 1024,
2434
- "type": "keyword"
2435
- },
2436
- "id": {
2437
- "ignore_above": 1024,
2438
- "type": "keyword"
2439
- },
2440
- "name": {
2441
- "ignore_above": 1024,
2442
- "type": "keyword"
2443
- }
2444
- }
2445
- },
2446
- "hash": {
2447
- "ignore_above": 1024,
2448
- "type": "keyword"
2449
- },
2450
- "id": {
2451
- "ignore_above": 1024,
2452
- "type": "keyword"
2453
- },
2454
- "name": {
2455
- "fields": {
2456
- "text": {
2457
- "norms": false,
2458
- "type": "text"
2459
- }
2460
- },
2461
- "ignore_above": 1024,
2462
- "type": "keyword"
2463
- }
2464
- }
2465
- }
2466
- }
2467
- },
2468
- "tags": {
2469
- "ignore_above": 1024,
2470
- "type": "keyword"
2471
- },
2472
- "threat": {
2473
- "properties": {
2474
- "framework": {
2475
- "ignore_above": 1024,
2476
- "type": "keyword"
2477
- },
2478
- "tactic": {
2479
- "properties": {
2480
- "id": {
2481
- "ignore_above": 1024,
2482
- "type": "keyword"
2483
- },
2484
- "name": {
2485
- "ignore_above": 1024,
2486
- "type": "keyword"
2487
- },
2488
- "reference": {
2489
- "ignore_above": 1024,
2490
- "type": "keyword"
2491
- }
2492
- }
2493
- },
2494
- "technique": {
2495
- "properties": {
2496
- "id": {
2497
- "ignore_above": 1024,
2498
- "type": "keyword"
2499
- },
2500
- "name": {
2501
- "fields": {
2502
- "text": {
2503
- "norms": false,
2504
- "type": "text"
2505
- }
2506
- },
2507
- "ignore_above": 1024,
2508
- "type": "keyword"
2509
- },
2510
- "reference": {
2511
- "ignore_above": 1024,
2512
- "type": "keyword"
2513
- }
2514
- }
2515
- }
2516
- }
2517
- },
2518
- "tls": {
2519
- "properties": {
2520
- "cipher": {
2521
- "ignore_above": 1024,
2522
- "type": "keyword"
2523
- },
2524
- "client": {
2525
- "properties": {
2526
- "certificate": {
2527
- "ignore_above": 1024,
2528
- "type": "keyword"
2529
- },
2530
- "certificate_chain": {
2531
- "ignore_above": 1024,
2532
- "type": "keyword"
2533
- },
2534
- "hash": {
2535
- "properties": {
2536
- "md5": {
2537
- "ignore_above": 1024,
2538
- "type": "keyword"
2539
- },
2540
- "sha1": {
2541
- "ignore_above": 1024,
2542
- "type": "keyword"
2543
- },
2544
- "sha256": {
2545
- "ignore_above": 1024,
2546
- "type": "keyword"
2547
- }
2548
- }
2549
- },
2550
- "issuer": {
2551
- "ignore_above": 1024,
2552
- "type": "keyword"
2553
- },
2554
- "ja3": {
2555
- "ignore_above": 1024,
2556
- "type": "keyword"
2557
- },
2558
- "not_after": {
2559
- "type": "date"
2560
- },
2561
- "not_before": {
2562
- "type": "date"
2563
- },
2564
- "server_name": {
2565
- "ignore_above": 1024,
2566
- "type": "keyword"
2567
- },
2568
- "subject": {
2569
- "ignore_above": 1024,
2570
- "type": "keyword"
2571
- },
2572
- "supported_ciphers": {
2573
- "ignore_above": 1024,
2574
- "type": "keyword"
2575
- }
2576
- }
2577
- },
2578
- "curve": {
2579
- "ignore_above": 1024,
2580
- "type": "keyword"
2581
- },
2582
- "established": {
2583
- "type": "boolean"
2584
- },
2585
- "next_protocol": {
2586
- "ignore_above": 1024,
2587
- "type": "keyword"
2588
- },
2589
- "resumed": {
2590
- "type": "boolean"
2591
- },
2592
- "server": {
2593
- "properties": {
2594
- "certificate": {
2595
- "ignore_above": 1024,
2596
- "type": "keyword"
2597
- },
2598
- "certificate_chain": {
2599
- "ignore_above": 1024,
2600
- "type": "keyword"
2601
- },
2602
- "hash": {
2603
- "properties": {
2604
- "md5": {
2605
- "ignore_above": 1024,
2606
- "type": "keyword"
2607
- },
2608
- "sha1": {
2609
- "ignore_above": 1024,
2610
- "type": "keyword"
2611
- },
2612
- "sha256": {
2613
- "ignore_above": 1024,
2614
- "type": "keyword"
2615
- }
2616
- }
2617
- },
2618
- "issuer": {
2619
- "ignore_above": 1024,
2620
- "type": "keyword"
2621
- },
2622
- "ja3s": {
2623
- "ignore_above": 1024,
2624
- "type": "keyword"
2625
- },
2626
- "not_after": {
2627
- "type": "date"
2628
- },
2629
- "not_before": {
2630
- "type": "date"
2631
- },
2632
- "subject": {
2633
- "ignore_above": 1024,
2634
- "type": "keyword"
2635
- }
2636
- }
2637
- },
2638
- "version": {
2639
- "ignore_above": 1024,
2640
- "type": "keyword"
2641
- },
2642
- "version_protocol": {
2643
- "ignore_above": 1024,
2644
- "type": "keyword"
2645
- }
2646
- }
2647
- },
2648
- "trace": {
2649
- "properties": {
2650
- "id": {
2651
- "ignore_above": 1024,
2652
- "type": "keyword"
2653
- }
2654
- }
2655
- },
2656
- "transaction": {
2657
- "properties": {
2658
- "id": {
2659
- "ignore_above": 1024,
2660
- "type": "keyword"
2661
- }
2662
- }
2663
- },
2664
- "url": {
2665
- "properties": {
2666
- "domain": {
2667
- "ignore_above": 1024,
2668
- "type": "keyword"
2669
- },
2670
- "extension": {
2671
- "ignore_above": 1024,
2672
- "type": "keyword"
2673
- },
2674
- "fragment": {
2675
- "ignore_above": 1024,
2676
- "type": "keyword"
2677
- },
2678
- "full": {
2679
- "fields": {
2680
- "text": {
2681
- "norms": false,
2682
- "type": "text"
2683
- }
2684
- },
2685
- "ignore_above": 1024,
2686
- "type": "keyword"
2687
- },
2688
- "original": {
2689
- "fields": {
2690
- "text": {
2691
- "norms": false,
2692
- "type": "text"
2693
- }
2694
- },
2695
- "ignore_above": 1024,
2696
- "type": "keyword"
2697
- },
2698
- "password": {
2699
- "ignore_above": 1024,
2700
- "type": "keyword"
2701
- },
2702
- "path": {
2703
- "ignore_above": 1024,
2704
- "type": "keyword"
2705
- },
2706
- "port": {
2707
- "type": "long"
2708
- },
2709
- "query": {
2710
- "ignore_above": 1024,
2711
- "type": "keyword"
2712
- },
2713
- "registered_domain": {
2714
- "ignore_above": 1024,
2715
- "type": "keyword"
2716
- },
2717
- "scheme": {
2718
- "ignore_above": 1024,
2719
- "type": "keyword"
2720
- },
2721
- "top_level_domain": {
2722
- "ignore_above": 1024,
2723
- "type": "keyword"
2724
- },
2725
- "username": {
2726
- "ignore_above": 1024,
2727
- "type": "keyword"
2728
- }
2729
- }
2730
- },
2731
- "user": {
2732
- "properties": {
2733
- "domain": {
2734
- "ignore_above": 1024,
2735
- "type": "keyword"
2736
- },
2737
- "email": {
2738
- "ignore_above": 1024,
2739
- "type": "keyword"
2740
- },
2741
- "full_name": {
2742
- "fields": {
2743
- "text": {
2744
- "norms": false,
2745
- "type": "text"
2746
- }
2747
- },
2748
- "ignore_above": 1024,
2749
- "type": "keyword"
2750
- },
2751
- "group": {
2752
- "properties": {
2753
- "domain": {
2754
- "ignore_above": 1024,
2755
- "type": "keyword"
2756
- },
2757
- "id": {
2758
- "ignore_above": 1024,
2759
- "type": "keyword"
2760
- },
2761
- "name": {
2762
- "ignore_above": 1024,
2763
- "type": "keyword"
2764
- }
2765
- }
2766
- },
2767
- "hash": {
2768
- "ignore_above": 1024,
2769
- "type": "keyword"
2770
- },
2771
- "id": {
2772
- "ignore_above": 1024,
2773
- "type": "keyword"
2774
- },
2775
- "name": {
2776
- "fields": {
2777
- "text": {
2778
- "norms": false,
2779
- "type": "text"
2780
- }
2781
- },
2782
- "ignore_above": 1024,
2783
- "type": "keyword"
2784
- }
2785
- }
2786
- },
2787
- "user_agent": {
2788
- "properties": {
2789
- "device": {
2790
- "properties": {
2791
- "name": {
2792
- "ignore_above": 1024,
2793
- "type": "keyword"
2794
- }
2795
- }
2796
- },
2797
- "name": {
2798
- "ignore_above": 1024,
2799
- "type": "keyword"
2800
- },
2801
- "original": {
2802
- "fields": {
2803
- "text": {
2804
- "norms": false,
2805
- "type": "text"
2806
- }
2807
- },
2808
- "ignore_above": 1024,
2809
- "type": "keyword"
2810
- },
2811
- "os": {
2812
- "properties": {
2813
- "family": {
2814
- "ignore_above": 1024,
2815
- "type": "keyword"
2816
- },
2817
- "full": {
2818
- "fields": {
2819
- "text": {
2820
- "norms": false,
2821
- "type": "text"
2822
- }
2823
- },
2824
- "ignore_above": 1024,
2825
- "type": "keyword"
2826
- },
2827
- "kernel": {
2828
- "ignore_above": 1024,
2829
- "type": "keyword"
2830
- },
2831
- "name": {
2832
- "fields": {
2833
- "text": {
2834
- "norms": false,
2835
- "type": "text"
2836
- }
2837
- },
2838
- "ignore_above": 1024,
2839
- "type": "keyword"
2840
- },
2841
- "platform": {
2842
- "ignore_above": 1024,
2843
- "type": "keyword"
2844
- },
2845
- "version": {
2846
- "ignore_above": 1024,
2847
- "type": "keyword"
2848
- }
2849
- }
2850
- },
2851
- "version": {
2852
- "ignore_above": 1024,
2853
- "type": "keyword"
2854
- }
2855
- }
2856
- },
2857
- "vlan": {
2858
- "properties": {
2859
- "id": {
2860
- "ignore_above": 1024,
2861
- "type": "keyword"
2862
- },
2863
- "name": {
2864
- "ignore_above": 1024,
2865
- "type": "keyword"
2866
- }
2867
- }
2868
- },
2869
- "vulnerability": {
2870
- "properties": {
2871
- "category": {
2872
- "ignore_above": 1024,
2873
- "type": "keyword"
2874
- },
2875
- "classification": {
2876
- "ignore_above": 1024,
2877
- "type": "keyword"
2878
- },
2879
- "description": {
2880
- "fields": {
2881
- "text": {
2882
- "norms": false,
2883
- "type": "text"
2884
- }
2885
- },
2886
- "ignore_above": 1024,
2887
- "type": "keyword"
2888
- },
2889
- "enumeration": {
2890
- "ignore_above": 1024,
2891
- "type": "keyword"
2892
- },
2893
- "id": {
2894
- "ignore_above": 1024,
2895
- "type": "keyword"
2896
- },
2897
- "reference": {
2898
- "ignore_above": 1024,
2899
- "type": "keyword"
2900
- },
2901
- "report_id": {
2902
- "ignore_above": 1024,
2903
- "type": "keyword"
2904
- },
2905
- "scanner": {
2906
- "properties": {
2907
- "vendor": {
2908
- "ignore_above": 1024,
2909
- "type": "keyword"
2910
- }
2911
- }
2912
- },
2913
- "score": {
2914
- "properties": {
2915
- "base": {
2916
- "type": "float"
2917
- },
2918
- "environmental": {
2919
- "type": "float"
2920
- },
2921
- "temporal": {
2922
- "type": "float"
2923
- },
2924
- "version": {
2925
- "ignore_above": 1024,
2926
- "type": "keyword"
2927
- }
2928
- }
2929
- },
2930
- "severity": {
2931
- "ignore_above": 1024,
2932
- "type": "keyword"
2933
- }
2934
- }
2935
- }
2936
- }
2937
- }
2938
- },
2939
- "order": 1,
2940
- "settings": {
2941
- "index": {
2942
- "mapping": {
2943
- "total_fields": {
2944
- "limit": 10000
2945
- }
2946
- },
2947
- "refresh_interval": "5s"
2948
- }
2949
- }
2950
- }