logstash-output-elasticsearch 11.1.0-java → 11.2.3-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/lib/logstash/outputs/elasticsearch/http_client/pool.rb +48 -2
  4. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json +3695 -0
  5. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +3690 -0
  6. data/logstash-output-elasticsearch.gemspec +2 -1
  7. data/spec/unit/outputs/elasticsearch/http_client/pool_spec.rb +158 -9
  8. data/spec/unit/outputs/elasticsearch_spec.rb +1 -1
  9. metadata +18 -2
data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json ADDED
@@ -0,0 +1,3695 @@
1
+ {
2
+ "index_patterns": [
3
+ "ecs-logstash-*"
4
+ ],
5
+ "mappings": {
6
+ "_doc": {
7
+ "_meta": {
8
+ "version": "1.10.0"
9
+ },
10
+ "date_detection": false,
11
+ "dynamic_templates": [
12
+ {
13
+ "strings_as_keyword": {
14
+ "mapping": {
15
+ "ignore_above": 1024,
16
+ "type": "keyword"
17
+ },
18
+ "match_mapping_type": "string"
19
+ }
20
+ }
21
+ ],
22
+ "properties": {
23
+ "@timestamp": {
24
+ "type": "date"
25
+ },
26
+ "agent": {
27
+ "properties": {
28
+ "build": {
29
+ "properties": {
30
+ "original": {
31
+ "ignore_above": 1024,
32
+ "type": "keyword"
33
+ }
34
+ }
35
+ },
36
+ "ephemeral_id": {
37
+ "ignore_above": 1024,
38
+ "type": "keyword"
39
+ },
40
+ "id": {
41
+ "ignore_above": 1024,
42
+ "type": "keyword"
43
+ },
44
+ "name": {
45
+ "ignore_above": 1024,
46
+ "type": "keyword"
47
+ },
48
+ "type": {
49
+ "ignore_above": 1024,
50
+ "type": "keyword"
51
+ },
52
+ "version": {
53
+ "ignore_above": 1024,
54
+ "type": "keyword"
55
+ }
56
+ }
57
+ },
58
+ "client": {
59
+ "properties": {
60
+ "address": {
61
+ "ignore_above": 1024,
62
+ "type": "keyword"
63
+ },
64
+ "as": {
65
+ "properties": {
66
+ "number": {
67
+ "type": "long"
68
+ },
69
+ "organization": {
70
+ "properties": {
71
+ "name": {
72
+ "fields": {
73
+ "text": {
74
+ "norms": false,
75
+ "type": "text"
76
+ }
77
+ },
78
+ "ignore_above": 1024,
79
+ "type": "keyword"
80
+ }
81
+ }
82
+ }
83
+ }
84
+ },
85
+ "bytes": {
86
+ "type": "long"
87
+ },
88
+ "domain": {
89
+ "ignore_above": 1024,
90
+ "type": "keyword"
91
+ },
92
+ "geo": {
93
+ "properties": {
94
+ "city_name": {
95
+ "ignore_above": 1024,
96
+ "type": "keyword"
97
+ },
98
+ "continent_code": {
99
+ "ignore_above": 1024,
100
+ "type": "keyword"
101
+ },
102
+ "continent_name": {
103
+ "ignore_above": 1024,
104
+ "type": "keyword"
105
+ },
106
+ "country_iso_code": {
107
+ "ignore_above": 1024,
108
+ "type": "keyword"
109
+ },
110
+ "country_name": {
111
+ "ignore_above": 1024,
112
+ "type": "keyword"
113
+ },
114
+ "location": {
115
+ "type": "geo_point"
116
+ },
117
+ "name": {
118
+ "ignore_above": 1024,
119
+ "type": "keyword"
120
+ },
121
+ "postal_code": {
122
+ "ignore_above": 1024,
123
+ "type": "keyword"
124
+ },
125
+ "region_iso_code": {
126
+ "ignore_above": 1024,
127
+ "type": "keyword"
128
+ },
129
+ "region_name": {
130
+ "ignore_above": 1024,
131
+ "type": "keyword"
132
+ },
133
+ "timezone": {
134
+ "ignore_above": 1024,
135
+ "type": "keyword"
136
+ }
137
+ }
138
+ },
139
+ "ip": {
140
+ "type": "ip"
141
+ },
142
+ "mac": {
143
+ "ignore_above": 1024,
144
+ "type": "keyword"
145
+ },
146
+ "nat": {
147
+ "properties": {
148
+ "ip": {
149
+ "type": "ip"
150
+ },
151
+ "port": {
152
+ "type": "long"
153
+ }
154
+ }
155
+ },
156
+ "packets": {
157
+ "type": "long"
158
+ },
159
+ "port": {
160
+ "type": "long"
161
+ },
162
+ "registered_domain": {
163
+ "ignore_above": 1024,
164
+ "type": "keyword"
165
+ },
166
+ "subdomain": {
167
+ "ignore_above": 1024,
168
+ "type": "keyword"
169
+ },
170
+ "top_level_domain": {
171
+ "ignore_above": 1024,
172
+ "type": "keyword"
173
+ },
174
+ "user": {
175
+ "properties": {
176
+ "domain": {
177
+ "ignore_above": 1024,
178
+ "type": "keyword"
179
+ },
180
+ "email": {
181
+ "ignore_above": 1024,
182
+ "type": "keyword"
183
+ },
184
+ "full_name": {
185
+ "fields": {
186
+ "text": {
187
+ "norms": false,
188
+ "type": "text"
189
+ }
190
+ },
191
+ "ignore_above": 1024,
192
+ "type": "keyword"
193
+ },
194
+ "group": {
195
+ "properties": {
196
+ "domain": {
197
+ "ignore_above": 1024,
198
+ "type": "keyword"
199
+ },
200
+ "id": {
201
+ "ignore_above": 1024,
202
+ "type": "keyword"
203
+ },
204
+ "name": {
205
+ "ignore_above": 1024,
206
+ "type": "keyword"
207
+ }
208
+ }
209
+ },
210
+ "hash": {
211
+ "ignore_above": 1024,
212
+ "type": "keyword"
213
+ },
214
+ "id": {
215
+ "ignore_above": 1024,
216
+ "type": "keyword"
217
+ },
218
+ "name": {
219
+ "fields": {
220
+ "text": {
221
+ "norms": false,
222
+ "type": "text"
223
+ }
224
+ },
225
+ "ignore_above": 1024,
226
+ "type": "keyword"
227
+ },
228
+ "roles": {
229
+ "ignore_above": 1024,
230
+ "type": "keyword"
231
+ }
232
+ }
233
+ }
234
+ }
235
+ },
236
+ "cloud": {
237
+ "properties": {
238
+ "account": {
239
+ "properties": {
240
+ "id": {
241
+ "ignore_above": 1024,
242
+ "type": "keyword"
243
+ },
244
+ "name": {
245
+ "ignore_above": 1024,
246
+ "type": "keyword"
247
+ }
248
+ }
249
+ },
250
+ "availability_zone": {
251
+ "ignore_above": 1024,
252
+ "type": "keyword"
253
+ },
254
+ "instance": {
255
+ "properties": {
256
+ "id": {
257
+ "ignore_above": 1024,
258
+ "type": "keyword"
259
+ },
260
+ "name": {
261
+ "ignore_above": 1024,
262
+ "type": "keyword"
263
+ }
264
+ }
265
+ },
266
+ "machine": {
267
+ "properties": {
268
+ "type": {
269
+ "ignore_above": 1024,
270
+ "type": "keyword"
271
+ }
272
+ }
273
+ },
274
+ "project": {
275
+ "properties": {
276
+ "id": {
277
+ "ignore_above": 1024,
278
+ "type": "keyword"
279
+ },
280
+ "name": {
281
+ "ignore_above": 1024,
282
+ "type": "keyword"
283
+ }
284
+ }
285
+ },
286
+ "provider": {
287
+ "ignore_above": 1024,
288
+ "type": "keyword"
289
+ },
290
+ "region": {
291
+ "ignore_above": 1024,
292
+ "type": "keyword"
293
+ },
294
+ "service": {
295
+ "properties": {
296
+ "name": {
297
+ "ignore_above": 1024,
298
+ "type": "keyword"
299
+ }
300
+ }
301
+ }
302
+ }
303
+ },
304
+ "container": {
305
+ "properties": {
306
+ "id": {
307
+ "ignore_above": 1024,
308
+ "type": "keyword"
309
+ },
310
+ "image": {
311
+ "properties": {
312
+ "name": {
313
+ "ignore_above": 1024,
314
+ "type": "keyword"
315
+ },
316
+ "tag": {
317
+ "ignore_above": 1024,
318
+ "type": "keyword"
319
+ }
320
+ }
321
+ },
322
+ "labels": {
323
+ "type": "object"
324
+ },
325
+ "name": {
326
+ "ignore_above": 1024,
327
+ "type": "keyword"
328
+ },
329
+ "runtime": {
330
+ "ignore_above": 1024,
331
+ "type": "keyword"
332
+ }
333
+ }
334
+ },
335
+ "data_stream": {
336
+ "properties": {
337
+ "dataset": {
338
+ "ignore_above": 1024,
339
+ "type": "keyword"
340
+ },
341
+ "namespace": {
342
+ "ignore_above": 1024,
343
+ "type": "keyword"
344
+ },
345
+ "type": {
346
+ "ignore_above": 1024,
347
+ "type": "keyword"
348
+ }
349
+ }
350
+ },
351
+ "destination": {
352
+ "properties": {
353
+ "address": {
354
+ "ignore_above": 1024,
355
+ "type": "keyword"
356
+ },
357
+ "as": {
358
+ "properties": {
359
+ "number": {
360
+ "type": "long"
361
+ },
362
+ "organization": {
363
+ "properties": {
364
+ "name": {
365
+ "fields": {
366
+ "text": {
367
+ "norms": false,
368
+ "type": "text"
369
+ }
370
+ },
371
+ "ignore_above": 1024,
372
+ "type": "keyword"
373
+ }
374
+ }
375
+ }
376
+ }
377
+ },
378
+ "bytes": {
379
+ "type": "long"
380
+ },
381
+ "domain": {
382
+ "ignore_above": 1024,
383
+ "type": "keyword"
384
+ },
385
+ "geo": {
386
+ "properties": {
387
+ "city_name": {
388
+ "ignore_above": 1024,
389
+ "type": "keyword"
390
+ },
391
+ "continent_code": {
392
+ "ignore_above": 1024,
393
+ "type": "keyword"
394
+ },
395
+ "continent_name": {
396
+ "ignore_above": 1024,
397
+ "type": "keyword"
398
+ },
399
+ "country_iso_code": {
400
+ "ignore_above": 1024,
401
+ "type": "keyword"
402
+ },
403
+ "country_name": {
404
+ "ignore_above": 1024,
405
+ "type": "keyword"
406
+ },
407
+ "location": {
408
+ "type": "geo_point"
409
+ },
410
+ "name": {
411
+ "ignore_above": 1024,
412
+ "type": "keyword"
413
+ },
414
+ "postal_code": {
415
+ "ignore_above": 1024,
416
+ "type": "keyword"
417
+ },
418
+ "region_iso_code": {
419
+ "ignore_above": 1024,
420
+ "type": "keyword"
421
+ },
422
+ "region_name": {
423
+ "ignore_above": 1024,
424
+ "type": "keyword"
425
+ },
426
+ "timezone": {
427
+ "ignore_above": 1024,
428
+ "type": "keyword"
429
+ }
430
+ }
431
+ },
432
+ "ip": {
433
+ "type": "ip"
434
+ },
435
+ "mac": {
436
+ "ignore_above": 1024,
437
+ "type": "keyword"
438
+ },
439
+ "nat": {
440
+ "properties": {
441
+ "ip": {
442
+ "type": "ip"
443
+ },
444
+ "port": {
445
+ "type": "long"
446
+ }
447
+ }
448
+ },
449
+ "packets": {
450
+ "type": "long"
451
+ },
452
+ "port": {
453
+ "type": "long"
454
+ },
455
+ "registered_domain": {
456
+ "ignore_above": 1024,
457
+ "type": "keyword"
458
+ },
459
+ "subdomain": {
460
+ "ignore_above": 1024,
461
+ "type": "keyword"
462
+ },
463
+ "top_level_domain": {
464
+ "ignore_above": 1024,
465
+ "type": "keyword"
466
+ },
467
+ "user": {
468
+ "properties": {
469
+ "domain": {
470
+ "ignore_above": 1024,
471
+ "type": "keyword"
472
+ },
473
+ "email": {
474
+ "ignore_above": 1024,
475
+ "type": "keyword"
476
+ },
477
+ "full_name": {
478
+ "fields": {
479
+ "text": {
480
+ "norms": false,
481
+ "type": "text"
482
+ }
483
+ },
484
+ "ignore_above": 1024,
485
+ "type": "keyword"
486
+ },
487
+ "group": {
488
+ "properties": {
489
+ "domain": {
490
+ "ignore_above": 1024,
491
+ "type": "keyword"
492
+ },
493
+ "id": {
494
+ "ignore_above": 1024,
495
+ "type": "keyword"
496
+ },
497
+ "name": {
498
+ "ignore_above": 1024,
499
+ "type": "keyword"
500
+ }
501
+ }
502
+ },
503
+ "hash": {
504
+ "ignore_above": 1024,
505
+ "type": "keyword"
506
+ },
507
+ "id": {
508
+ "ignore_above": 1024,
509
+ "type": "keyword"
510
+ },
511
+ "name": {
512
+ "fields": {
513
+ "text": {
514
+ "norms": false,
515
+ "type": "text"
516
+ }
517
+ },
518
+ "ignore_above": 1024,
519
+ "type": "keyword"
520
+ },
521
+ "roles": {
522
+ "ignore_above": 1024,
523
+ "type": "keyword"
524
+ }
525
+ }
526
+ }
527
+ }
528
+ },
529
+ "dll": {
530
+ "properties": {
531
+ "code_signature": {
532
+ "properties": {
533
+ "exists": {
534
+ "type": "boolean"
535
+ },
536
+ "signing_id": {
537
+ "ignore_above": 1024,
538
+ "type": "keyword"
539
+ },
540
+ "status": {
541
+ "ignore_above": 1024,
542
+ "type": "keyword"
543
+ },
544
+ "subject_name": {
545
+ "ignore_above": 1024,
546
+ "type": "keyword"
547
+ },
548
+ "team_id": {
549
+ "ignore_above": 1024,
550
+ "type": "keyword"
551
+ },
552
+ "trusted": {
553
+ "type": "boolean"
554
+ },
555
+ "valid": {
556
+ "type": "boolean"
557
+ }
558
+ }
559
+ },
560
+ "hash": {
561
+ "properties": {
562
+ "md5": {
563
+ "ignore_above": 1024,
564
+ "type": "keyword"
565
+ },
566
+ "sha1": {
567
+ "ignore_above": 1024,
568
+ "type": "keyword"
569
+ },
570
+ "sha256": {
571
+ "ignore_above": 1024,
572
+ "type": "keyword"
573
+ },
574
+ "sha512": {
575
+ "ignore_above": 1024,
576
+ "type": "keyword"
577
+ },
578
+ "ssdeep": {
579
+ "ignore_above": 1024,
580
+ "type": "keyword"
581
+ }
582
+ }
583
+ },
584
+ "name": {
585
+ "ignore_above": 1024,
586
+ "type": "keyword"
587
+ },
588
+ "path": {
589
+ "ignore_above": 1024,
590
+ "type": "keyword"
591
+ },
592
+ "pe": {
593
+ "properties": {
594
+ "architecture": {
595
+ "ignore_above": 1024,
596
+ "type": "keyword"
597
+ },
598
+ "company": {
599
+ "ignore_above": 1024,
600
+ "type": "keyword"
601
+ },
602
+ "description": {
603
+ "ignore_above": 1024,
604
+ "type": "keyword"
605
+ },
606
+ "file_version": {
607
+ "ignore_above": 1024,
608
+ "type": "keyword"
609
+ },
610
+ "imphash": {
611
+ "ignore_above": 1024,
612
+ "type": "keyword"
613
+ },
614
+ "original_file_name": {
615
+ "ignore_above": 1024,
616
+ "type": "keyword"
617
+ },
618
+ "product": {
619
+ "ignore_above": 1024,
620
+ "type": "keyword"
621
+ }
622
+ }
623
+ }
624
+ }
625
+ },
626
+ "dns": {
627
+ "properties": {
628
+ "answers": {
629
+ "properties": {
630
+ "class": {
631
+ "ignore_above": 1024,
632
+ "type": "keyword"
633
+ },
634
+ "data": {
635
+ "ignore_above": 1024,
636
+ "type": "keyword"
637
+ },
638
+ "name": {
639
+ "ignore_above": 1024,
640
+ "type": "keyword"
641
+ },
642
+ "ttl": {
643
+ "type": "long"
644
+ },
645
+ "type": {
646
+ "ignore_above": 1024,
647
+ "type": "keyword"
648
+ }
649
+ },
650
+ "type": "object"
651
+ },
652
+ "header_flags": {
653
+ "ignore_above": 1024,
654
+ "type": "keyword"
655
+ },
656
+ "id": {
657
+ "ignore_above": 1024,
658
+ "type": "keyword"
659
+ },
660
+ "op_code": {
661
+ "ignore_above": 1024,
662
+ "type": "keyword"
663
+ },
664
+ "question": {
665
+ "properties": {
666
+ "class": {
667
+ "ignore_above": 1024,
668
+ "type": "keyword"
669
+ },
670
+ "name": {
671
+ "ignore_above": 1024,
672
+ "type": "keyword"
673
+ },
674
+ "registered_domain": {
675
+ "ignore_above": 1024,
676
+ "type": "keyword"
677
+ },
678
+ "subdomain": {
679
+ "ignore_above": 1024,
680
+ "type": "keyword"
681
+ },
682
+ "top_level_domain": {
683
+ "ignore_above": 1024,
684
+ "type": "keyword"
685
+ },
686
+ "type": {
687
+ "ignore_above": 1024,
688
+ "type": "keyword"
689
+ }
690
+ }
691
+ },
692
+ "resolved_ip": {
693
+ "type": "ip"
694
+ },
695
+ "response_code": {
696
+ "ignore_above": 1024,
697
+ "type": "keyword"
698
+ },
699
+ "type": {
700
+ "ignore_above": 1024,
701
+ "type": "keyword"
702
+ }
703
+ }
704
+ },
705
+ "ecs": {
706
+ "properties": {
707
+ "version": {
708
+ "ignore_above": 1024,
709
+ "type": "keyword"
710
+ }
711
+ }
712
+ },
713
+ "error": {
714
+ "properties": {
715
+ "code": {
716
+ "ignore_above": 1024,
717
+ "type": "keyword"
718
+ },
719
+ "id": {
720
+ "ignore_above": 1024,
721
+ "type": "keyword"
722
+ },
723
+ "message": {
724
+ "norms": false,
725
+ "type": "text"
726
+ },
727
+ "stack_trace": {
728
+ "doc_values": false,
729
+ "fields": {
730
+ "text": {
731
+ "norms": false,
732
+ "type": "text"
733
+ }
734
+ },
735
+ "ignore_above": 1024,
736
+ "index": false,
737
+ "type": "keyword"
738
+ },
739
+ "type": {
740
+ "ignore_above": 1024,
741
+ "type": "keyword"
742
+ }
743
+ }
744
+ },
745
+ "event": {
746
+ "properties": {
747
+ "action": {
748
+ "ignore_above": 1024,
749
+ "type": "keyword"
750
+ },
751
+ "category": {
752
+ "ignore_above": 1024,
753
+ "type": "keyword"
754
+ },
755
+ "code": {
756
+ "ignore_above": 1024,
757
+ "type": "keyword"
758
+ },
759
+ "created": {
760
+ "type": "date"
761
+ },
762
+ "dataset": {
763
+ "ignore_above": 1024,
764
+ "type": "keyword"
765
+ },
766
+ "duration": {
767
+ "type": "long"
768
+ },
769
+ "end": {
770
+ "type": "date"
771
+ },
772
+ "hash": {
773
+ "ignore_above": 1024,
774
+ "type": "keyword"
775
+ },
776
+ "id": {
777
+ "ignore_above": 1024,
778
+ "type": "keyword"
779
+ },
780
+ "ingested": {
781
+ "type": "date"
782
+ },
783
+ "kind": {
784
+ "ignore_above": 1024,
785
+ "type": "keyword"
786
+ },
787
+ "module": {
788
+ "ignore_above": 1024,
789
+ "type": "keyword"
790
+ },
791
+ "original": {
792
+ "doc_values": false,
793
+ "ignore_above": 1024,
794
+ "index": false,
795
+ "type": "keyword"
796
+ },
797
+ "outcome": {
798
+ "ignore_above": 1024,
799
+ "type": "keyword"
800
+ },
801
+ "provider": {
802
+ "ignore_above": 1024,
803
+ "type": "keyword"
804
+ },
805
+ "reason": {
806
+ "ignore_above": 1024,
807
+ "type": "keyword"
808
+ },
809
+ "reference": {
810
+ "ignore_above": 1024,
811
+ "type": "keyword"
812
+ },
813
+ "risk_score": {
814
+ "type": "float"
815
+ },
816
+ "risk_score_norm": {
817
+ "type": "float"
818
+ },
819
+ "sequence": {
820
+ "type": "long"
821
+ },
822
+ "severity": {
823
+ "type": "long"
824
+ },
825
+ "start": {
826
+ "type": "date"
827
+ },
828
+ "timezone": {
829
+ "ignore_above": 1024,
830
+ "type": "keyword"
831
+ },
832
+ "type": {
833
+ "ignore_above": 1024,
834
+ "type": "keyword"
835
+ },
836
+ "url": {
837
+ "ignore_above": 1024,
838
+ "type": "keyword"
839
+ }
840
+ }
841
+ },
842
+ "file": {
843
+ "properties": {
844
+ "accessed": {
845
+ "type": "date"
846
+ },
847
+ "attributes": {
848
+ "ignore_above": 1024,
849
+ "type": "keyword"
850
+ },
851
+ "code_signature": {
852
+ "properties": {
853
+ "exists": {
854
+ "type": "boolean"
855
+ },
856
+ "signing_id": {
857
+ "ignore_above": 1024,
858
+ "type": "keyword"
859
+ },
860
+ "status": {
861
+ "ignore_above": 1024,
862
+ "type": "keyword"
863
+ },
864
+ "subject_name": {
865
+ "ignore_above": 1024,
866
+ "type": "keyword"
867
+ },
868
+ "team_id": {
869
+ "ignore_above": 1024,
870
+ "type": "keyword"
871
+ },
872
+ "trusted": {
873
+ "type": "boolean"
874
+ },
875
+ "valid": {
876
+ "type": "boolean"
877
+ }
878
+ }
879
+ },
880
+ "created": {
881
+ "type": "date"
882
+ },
883
+ "ctime": {
884
+ "type": "date"
885
+ },
886
+ "device": {
887
+ "ignore_above": 1024,
888
+ "type": "keyword"
889
+ },
890
+ "directory": {
891
+ "ignore_above": 1024,
892
+ "type": "keyword"
893
+ },
894
+ "drive_letter": {
895
+ "ignore_above": 1,
896
+ "type": "keyword"
897
+ },
898
+ "extension": {
899
+ "ignore_above": 1024,
900
+ "type": "keyword"
901
+ },
902
+ "gid": {
903
+ "ignore_above": 1024,
904
+ "type": "keyword"
905
+ },
906
+ "group": {
907
+ "ignore_above": 1024,
908
+ "type": "keyword"
909
+ },
910
+ "hash": {
911
+ "properties": {
912
+ "md5": {
913
+ "ignore_above": 1024,
914
+ "type": "keyword"
915
+ },
916
+ "sha1": {
917
+ "ignore_above": 1024,
918
+ "type": "keyword"
919
+ },
920
+ "sha256": {
921
+ "ignore_above": 1024,
922
+ "type": "keyword"
923
+ },
924
+ "sha512": {
925
+ "ignore_above": 1024,
926
+ "type": "keyword"
927
+ },
928
+ "ssdeep": {
929
+ "ignore_above": 1024,
930
+ "type": "keyword"
931
+ }
932
+ }
933
+ },
934
+ "inode": {
935
+ "ignore_above": 1024,
936
+ "type": "keyword"
937
+ },
938
+ "mime_type": {
939
+ "ignore_above": 1024,
940
+ "type": "keyword"
941
+ },
942
+ "mode": {
943
+ "ignore_above": 1024,
944
+ "type": "keyword"
945
+ },
946
+ "mtime": {
947
+ "type": "date"
948
+ },
949
+ "name": {
950
+ "ignore_above": 1024,
951
+ "type": "keyword"
952
+ },
953
+ "owner": {
954
+ "ignore_above": 1024,
955
+ "type": "keyword"
956
+ },
957
+ "path": {
958
+ "fields": {
959
+ "text": {
960
+ "norms": false,
961
+ "type": "text"
962
+ }
963
+ },
964
+ "ignore_above": 1024,
965
+ "type": "keyword"
966
+ },
967
+ "pe": {
968
+ "properties": {
969
+ "architecture": {
970
+ "ignore_above": 1024,
971
+ "type": "keyword"
972
+ },
973
+ "company": {
974
+ "ignore_above": 1024,
975
+ "type": "keyword"
976
+ },
977
+ "description": {
978
+ "ignore_above": 1024,
979
+ "type": "keyword"
980
+ },
981
+ "file_version": {
982
+ "ignore_above": 1024,
983
+ "type": "keyword"
984
+ },
985
+ "imphash": {
986
+ "ignore_above": 1024,
987
+ "type": "keyword"
988
+ },
989
+ "original_file_name": {
990
+ "ignore_above": 1024,
991
+ "type": "keyword"
992
+ },
993
+ "product": {
994
+ "ignore_above": 1024,
995
+ "type": "keyword"
996
+ }
997
+ }
998
+ },
999
+ "size": {
1000
+ "type": "long"
1001
+ },
1002
+ "target_path": {
1003
+ "fields": {
1004
+ "text": {
1005
+ "norms": false,
1006
+ "type": "text"
1007
+ }
1008
+ },
1009
+ "ignore_above": 1024,
1010
+ "type": "keyword"
1011
+ },
1012
+ "type": {
1013
+ "ignore_above": 1024,
1014
+ "type": "keyword"
1015
+ },
1016
+ "uid": {
1017
+ "ignore_above": 1024,
1018
+ "type": "keyword"
1019
+ },
1020
+ "x509": {
1021
+ "properties": {
1022
+ "alternative_names": {
1023
+ "ignore_above": 1024,
1024
+ "type": "keyword"
1025
+ },
1026
+ "issuer": {
1027
+ "properties": {
1028
+ "common_name": {
1029
+ "ignore_above": 1024,
1030
+ "type": "keyword"
1031
+ },
1032
+ "country": {
1033
+ "ignore_above": 1024,
1034
+ "type": "keyword"
1035
+ },
1036
+ "distinguished_name": {
1037
+ "ignore_above": 1024,
1038
+ "type": "keyword"
1039
+ },
1040
+ "locality": {
1041
+ "ignore_above": 1024,
1042
+ "type": "keyword"
1043
+ },
1044
+ "organization": {
1045
+ "ignore_above": 1024,
1046
+ "type": "keyword"
1047
+ },
1048
+ "organizational_unit": {
1049
+ "ignore_above": 1024,
1050
+ "type": "keyword"
1051
+ },
1052
+ "state_or_province": {
1053
+ "ignore_above": 1024,
1054
+ "type": "keyword"
1055
+ }
1056
+ }
1057
+ },
1058
+ "not_after": {
1059
+ "type": "date"
1060
+ },
1061
+ "not_before": {
1062
+ "type": "date"
1063
+ },
1064
+ "public_key_algorithm": {
1065
+ "ignore_above": 1024,
1066
+ "type": "keyword"
1067
+ },
1068
+ "public_key_curve": {
1069
+ "ignore_above": 1024,
1070
+ "type": "keyword"
1071
+ },
1072
+ "public_key_exponent": {
1073
+ "doc_values": false,
1074
+ "index": false,
1075
+ "type": "long"
1076
+ },
1077
+ "public_key_size": {
1078
+ "type": "long"
1079
+ },
1080
+ "serial_number": {
1081
+ "ignore_above": 1024,
1082
+ "type": "keyword"
1083
+ },
1084
+ "signature_algorithm": {
1085
+ "ignore_above": 1024,
1086
+ "type": "keyword"
1087
+ },
1088
+ "subject": {
1089
+ "properties": {
1090
+ "common_name": {
1091
+ "ignore_above": 1024,
1092
+ "type": "keyword"
1093
+ },
1094
+ "country": {
1095
+ "ignore_above": 1024,
1096
+ "type": "keyword"
1097
+ },
1098
+ "distinguished_name": {
1099
+ "ignore_above": 1024,
1100
+ "type": "keyword"
1101
+ },
1102
+ "locality": {
1103
+ "ignore_above": 1024,
1104
+ "type": "keyword"
1105
+ },
1106
+ "organization": {
1107
+ "ignore_above": 1024,
1108
+ "type": "keyword"
1109
+ },
1110
+ "organizational_unit": {
1111
+ "ignore_above": 1024,
1112
+ "type": "keyword"
1113
+ },
1114
+ "state_or_province": {
1115
+ "ignore_above": 1024,
1116
+ "type": "keyword"
1117
+ }
1118
+ }
1119
+ },
1120
+ "version_number": {
1121
+ "ignore_above": 1024,
1122
+ "type": "keyword"
1123
+ }
1124
+ }
1125
+ }
1126
+ }
1127
+ },
1128
+ "group": {
1129
+ "properties": {
1130
+ "domain": {
1131
+ "ignore_above": 1024,
1132
+ "type": "keyword"
1133
+ },
1134
+ "id": {
1135
+ "ignore_above": 1024,
1136
+ "type": "keyword"
1137
+ },
1138
+ "name": {
1139
+ "ignore_above": 1024,
1140
+ "type": "keyword"
1141
+ }
1142
+ }
1143
+ },
1144
+ "host": {
1145
+ "properties": {
1146
+ "architecture": {
1147
+ "ignore_above": 1024,
1148
+ "type": "keyword"
1149
+ },
1150
+ "cpu": {
1151
+ "properties": {
1152
+ "usage": {
1153
+ "scaling_factor": 1000,
1154
+ "type": "scaled_float"
1155
+ }
1156
+ }
1157
+ },
1158
+ "disk": {
1159
+ "properties": {
1160
+ "read": {
1161
+ "properties": {
1162
+ "bytes": {
1163
+ "type": "long"
1164
+ }
1165
+ }
1166
+ },
1167
+ "write": {
1168
+ "properties": {
1169
+ "bytes": {
1170
+ "type": "long"
1171
+ }
1172
+ }
1173
+ }
1174
+ }
1175
+ },
1176
+ "domain": {
1177
+ "ignore_above": 1024,
1178
+ "type": "keyword"
1179
+ },
1180
+ "geo": {
1181
+ "properties": {
1182
+ "city_name": {
1183
+ "ignore_above": 1024,
1184
+ "type": "keyword"
1185
+ },
1186
+ "continent_code": {
1187
+ "ignore_above": 1024,
1188
+ "type": "keyword"
1189
+ },
1190
+ "continent_name": {
1191
+ "ignore_above": 1024,
1192
+ "type": "keyword"
1193
+ },
1194
+ "country_iso_code": {
1195
+ "ignore_above": 1024,
1196
+ "type": "keyword"
1197
+ },
1198
+ "country_name": {
1199
+ "ignore_above": 1024,
1200
+ "type": "keyword"
1201
+ },
1202
+ "location": {
1203
+ "type": "geo_point"
1204
+ },
1205
+ "name": {
1206
+ "ignore_above": 1024,
1207
+ "type": "keyword"
1208
+ },
1209
+ "postal_code": {
1210
+ "ignore_above": 1024,
1211
+ "type": "keyword"
1212
+ },
1213
+ "region_iso_code": {
1214
+ "ignore_above": 1024,
1215
+ "type": "keyword"
1216
+ },
1217
+ "region_name": {
1218
+ "ignore_above": 1024,
1219
+ "type": "keyword"
1220
+ },
1221
+ "timezone": {
1222
+ "ignore_above": 1024,
1223
+ "type": "keyword"
1224
+ }
1225
+ }
1226
+ },
1227
+ "hostname": {
1228
+ "ignore_above": 1024,
1229
+ "type": "keyword"
1230
+ },
1231
+ "id": {
1232
+ "ignore_above": 1024,
1233
+ "type": "keyword"
1234
+ },
1235
+ "ip": {
1236
+ "type": "ip"
1237
+ },
1238
+ "mac": {
1239
+ "ignore_above": 1024,
1240
+ "type": "keyword"
1241
+ },
1242
+ "name": {
1243
+ "ignore_above": 1024,
1244
+ "type": "keyword"
1245
+ },
1246
+ "network": {
1247
+ "properties": {
1248
+ "egress": {
1249
+ "properties": {
1250
+ "bytes": {
1251
+ "type": "long"
1252
+ },
1253
+ "packets": {
1254
+ "type": "long"
1255
+ }
1256
+ }
1257
+ },
1258
+ "ingress": {
1259
+ "properties": {
1260
+ "bytes": {
1261
+ "type": "long"
1262
+ },
1263
+ "packets": {
1264
+ "type": "long"
1265
+ }
1266
+ }
1267
+ }
1268
+ }
1269
+ },
1270
+ "os": {
1271
+ "properties": {
1272
+ "family": {
1273
+ "ignore_above": 1024,
1274
+ "type": "keyword"
1275
+ },
1276
+ "full": {
1277
+ "fields": {
1278
+ "text": {
1279
+ "norms": false,
1280
+ "type": "text"
1281
+ }
1282
+ },
1283
+ "ignore_above": 1024,
1284
+ "type": "keyword"
1285
+ },
1286
+ "kernel": {
1287
+ "ignore_above": 1024,
1288
+ "type": "keyword"
1289
+ },
1290
+ "name": {
1291
+ "fields": {
1292
+ "text": {
1293
+ "norms": false,
1294
+ "type": "text"
1295
+ }
1296
+ },
1297
+ "ignore_above": 1024,
1298
+ "type": "keyword"
1299
+ },
1300
+ "platform": {
1301
+ "ignore_above": 1024,
1302
+ "type": "keyword"
1303
+ },
1304
+ "type": {
1305
+ "ignore_above": 1024,
1306
+ "type": "keyword"
1307
+ },
1308
+ "version": {
1309
+ "ignore_above": 1024,
1310
+ "type": "keyword"
1311
+ }
1312
+ }
1313
+ },
1314
+ "type": {
1315
+ "ignore_above": 1024,
1316
+ "type": "keyword"
1317
+ },
1318
+ "uptime": {
1319
+ "type": "long"
1320
+ },
1321
+ "user": {
1322
+ "properties": {
1323
+ "domain": {
1324
+ "ignore_above": 1024,
1325
+ "type": "keyword"
1326
+ },
1327
+ "email": {
1328
+ "ignore_above": 1024,
1329
+ "type": "keyword"
1330
+ },
1331
+ "full_name": {
1332
+ "fields": {
1333
+ "text": {
1334
+ "norms": false,
1335
+ "type": "text"
1336
+ }
1337
+ },
1338
+ "ignore_above": 1024,
1339
+ "type": "keyword"
1340
+ },
1341
+ "group": {
1342
+ "properties": {
1343
+ "domain": {
1344
+ "ignore_above": 1024,
1345
+ "type": "keyword"
1346
+ },
1347
+ "id": {
1348
+ "ignore_above": 1024,
1349
+ "type": "keyword"
1350
+ },
1351
+ "name": {
1352
+ "ignore_above": 1024,
1353
+ "type": "keyword"
1354
+ }
1355
+ }
1356
+ },
1357
+ "hash": {
1358
+ "ignore_above": 1024,
1359
+ "type": "keyword"
1360
+ },
1361
+ "id": {
1362
+ "ignore_above": 1024,
1363
+ "type": "keyword"
1364
+ },
1365
+ "name": {
1366
+ "fields": {
1367
+ "text": {
1368
+ "norms": false,
1369
+ "type": "text"
1370
+ }
1371
+ },
1372
+ "ignore_above": 1024,
1373
+ "type": "keyword"
1374
+ },
1375
+ "roles": {
1376
+ "ignore_above": 1024,
1377
+ "type": "keyword"
1378
+ }
1379
+ }
1380
+ }
1381
+ }
1382
+ },
1383
+ "http": {
1384
+ "properties": {
1385
+ "request": {
1386
+ "properties": {
1387
+ "body": {
1388
+ "properties": {
1389
+ "bytes": {
1390
+ "type": "long"
1391
+ },
1392
+ "content": {
1393
+ "fields": {
1394
+ "text": {
1395
+ "norms": false,
1396
+ "type": "text"
1397
+ }
1398
+ },
1399
+ "ignore_above": 1024,
1400
+ "type": "keyword"
1401
+ }
1402
+ }
1403
+ },
1404
+ "bytes": {
1405
+ "type": "long"
1406
+ },
1407
+ "id": {
1408
+ "ignore_above": 1024,
1409
+ "type": "keyword"
1410
+ },
1411
+ "method": {
1412
+ "ignore_above": 1024,
1413
+ "type": "keyword"
1414
+ },
1415
+ "mime_type": {
1416
+ "ignore_above": 1024,
1417
+ "type": "keyword"
1418
+ },
1419
+ "referrer": {
1420
+ "ignore_above": 1024,
1421
+ "type": "keyword"
1422
+ }
1423
+ }
1424
+ },
1425
+ "response": {
1426
+ "properties": {
1427
+ "body": {
1428
+ "properties": {
1429
+ "bytes": {
1430
+ "type": "long"
1431
+ },
1432
+ "content": {
1433
+ "fields": {
1434
+ "text": {
1435
+ "norms": false,
1436
+ "type": "text"
1437
+ }
1438
+ },
1439
+ "ignore_above": 1024,
1440
+ "type": "keyword"
1441
+ }
1442
+ }
1443
+ },
1444
+ "bytes": {
1445
+ "type": "long"
1446
+ },
1447
+ "mime_type": {
1448
+ "ignore_above": 1024,
1449
+ "type": "keyword"
1450
+ },
1451
+ "status_code": {
1452
+ "type": "long"
1453
+ }
1454
+ }
1455
+ },
1456
+ "version": {
1457
+ "ignore_above": 1024,
1458
+ "type": "keyword"
1459
+ }
1460
+ }
1461
+ },
1462
+ "labels": {
1463
+ "type": "object"
1464
+ },
1465
+ "log": {
1466
+ "properties": {
1467
+ "file": {
1468
+ "properties": {
1469
+ "path": {
1470
+ "ignore_above": 1024,
1471
+ "type": "keyword"
1472
+ }
1473
+ }
1474
+ },
1475
+ "level": {
1476
+ "ignore_above": 1024,
1477
+ "type": "keyword"
1478
+ },
1479
+ "logger": {
1480
+ "ignore_above": 1024,
1481
+ "type": "keyword"
1482
+ },
1483
+ "origin": {
1484
+ "properties": {
1485
+ "file": {
1486
+ "properties": {
1487
+ "line": {
1488
+ "type": "integer"
1489
+ },
1490
+ "name": {
1491
+ "ignore_above": 1024,
1492
+ "type": "keyword"
1493
+ }
1494
+ }
1495
+ },
1496
+ "function": {
1497
+ "ignore_above": 1024,
1498
+ "type": "keyword"
1499
+ }
1500
+ }
1501
+ },
1502
+ "original": {
1503
+ "doc_values": false,
1504
+ "ignore_above": 1024,
1505
+ "index": false,
1506
+ "type": "keyword"
1507
+ },
1508
+ "syslog": {
1509
+ "properties": {
1510
+ "facility": {
1511
+ "properties": {
1512
+ "code": {
1513
+ "type": "long"
1514
+ },
1515
+ "name": {
1516
+ "ignore_above": 1024,
1517
+ "type": "keyword"
1518
+ }
1519
+ }
1520
+ },
1521
+ "priority": {
1522
+ "type": "long"
1523
+ },
1524
+ "severity": {
1525
+ "properties": {
1526
+ "code": {
1527
+ "type": "long"
1528
+ },
1529
+ "name": {
1530
+ "ignore_above": 1024,
1531
+ "type": "keyword"
1532
+ }
1533
+ }
1534
+ }
1535
+ },
1536
+ "type": "object"
1537
+ }
1538
+ }
1539
+ },
1540
+ "message": {
1541
+ "norms": false,
1542
+ "type": "text"
1543
+ },
1544
+ "network": {
1545
+ "properties": {
1546
+ "application": {
1547
+ "ignore_above": 1024,
1548
+ "type": "keyword"
1549
+ },
1550
+ "bytes": {
1551
+ "type": "long"
1552
+ },
1553
+ "community_id": {
1554
+ "ignore_above": 1024,
1555
+ "type": "keyword"
1556
+ },
1557
+ "direction": {
1558
+ "ignore_above": 1024,
1559
+ "type": "keyword"
1560
+ },
1561
+ "forwarded_ip": {
1562
+ "type": "ip"
1563
+ },
1564
+ "iana_number": {
1565
+ "ignore_above": 1024,
1566
+ "type": "keyword"
1567
+ },
1568
+ "inner": {
1569
+ "properties": {
1570
+ "vlan": {
1571
+ "properties": {
1572
+ "id": {
1573
+ "ignore_above": 1024,
1574
+ "type": "keyword"
1575
+ },
1576
+ "name": {
1577
+ "ignore_above": 1024,
1578
+ "type": "keyword"
1579
+ }
1580
+ }
1581
+ }
1582
+ },
1583
+ "type": "object"
1584
+ },
1585
+ "name": {
1586
+ "ignore_above": 1024,
1587
+ "type": "keyword"
1588
+ },
1589
+ "packets": {
1590
+ "type": "long"
1591
+ },
1592
+ "protocol": {
1593
+ "ignore_above": 1024,
1594
+ "type": "keyword"
1595
+ },
1596
+ "transport": {
1597
+ "ignore_above": 1024,
1598
+ "type": "keyword"
1599
+ },
1600
+ "type": {
1601
+ "ignore_above": 1024,
1602
+ "type": "keyword"
1603
+ },
1604
+ "vlan": {
1605
+ "properties": {
1606
+ "id": {
1607
+ "ignore_above": 1024,
1608
+ "type": "keyword"
1609
+ },
1610
+ "name": {
1611
+ "ignore_above": 1024,
1612
+ "type": "keyword"
1613
+ }
1614
+ }
1615
+ }
1616
+ }
1617
+ },
1618
+ "observer": {
1619
+ "properties": {
1620
+ "egress": {
1621
+ "properties": {
1622
+ "interface": {
1623
+ "properties": {
1624
+ "alias": {
1625
+ "ignore_above": 1024,
1626
+ "type": "keyword"
1627
+ },
1628
+ "id": {
1629
+ "ignore_above": 1024,
1630
+ "type": "keyword"
1631
+ },
1632
+ "name": {
1633
+ "ignore_above": 1024,
1634
+ "type": "keyword"
1635
+ }
1636
+ }
1637
+ },
1638
+ "vlan": {
1639
+ "properties": {
1640
+ "id": {
1641
+ "ignore_above": 1024,
1642
+ "type": "keyword"
1643
+ },
1644
+ "name": {
1645
+ "ignore_above": 1024,
1646
+ "type": "keyword"
1647
+ }
1648
+ }
1649
+ },
1650
+ "zone": {
1651
+ "ignore_above": 1024,
1652
+ "type": "keyword"
1653
+ }
1654
+ },
1655
+ "type": "object"
1656
+ },
1657
+ "geo": {
1658
+ "properties": {
1659
+ "city_name": {
1660
+ "ignore_above": 1024,
1661
+ "type": "keyword"
1662
+ },
1663
+ "continent_code": {
1664
+ "ignore_above": 1024,
1665
+ "type": "keyword"
1666
+ },
1667
+ "continent_name": {
1668
+ "ignore_above": 1024,
1669
+ "type": "keyword"
1670
+ },
1671
+ "country_iso_code": {
1672
+ "ignore_above": 1024,
1673
+ "type": "keyword"
1674
+ },
1675
+ "country_name": {
1676
+ "ignore_above": 1024,
1677
+ "type": "keyword"
1678
+ },
1679
+ "location": {
1680
+ "type": "geo_point"
1681
+ },
1682
+ "name": {
1683
+ "ignore_above": 1024,
1684
+ "type": "keyword"
1685
+ },
1686
+ "postal_code": {
1687
+ "ignore_above": 1024,
1688
+ "type": "keyword"
1689
+ },
1690
+ "region_iso_code": {
1691
+ "ignore_above": 1024,
1692
+ "type": "keyword"
1693
+ },
1694
+ "region_name": {
1695
+ "ignore_above": 1024,
1696
+ "type": "keyword"
1697
+ },
1698
+ "timezone": {
1699
+ "ignore_above": 1024,
1700
+ "type": "keyword"
1701
+ }
1702
+ }
1703
+ },
1704
+ "hostname": {
1705
+ "ignore_above": 1024,
1706
+ "type": "keyword"
1707
+ },
1708
+ "ingress": {
1709
+ "properties": {
1710
+ "interface": {
1711
+ "properties": {
1712
+ "alias": {
1713
+ "ignore_above": 1024,
1714
+ "type": "keyword"
1715
+ },
1716
+ "id": {
1717
+ "ignore_above": 1024,
1718
+ "type": "keyword"
1719
+ },
1720
+ "name": {
1721
+ "ignore_above": 1024,
1722
+ "type": "keyword"
1723
+ }
1724
+ }
1725
+ },
1726
+ "vlan": {
1727
+ "properties": {
1728
+ "id": {
1729
+ "ignore_above": 1024,
1730
+ "type": "keyword"
1731
+ },
1732
+ "name": {
1733
+ "ignore_above": 1024,
1734
+ "type": "keyword"
1735
+ }
1736
+ }
1737
+ },
1738
+ "zone": {
1739
+ "ignore_above": 1024,
1740
+ "type": "keyword"
1741
+ }
1742
+ },
1743
+ "type": "object"
1744
+ },
1745
+ "ip": {
1746
+ "type": "ip"
1747
+ },
1748
+ "mac": {
1749
+ "ignore_above": 1024,
1750
+ "type": "keyword"
1751
+ },
1752
+ "name": {
1753
+ "ignore_above": 1024,
1754
+ "type": "keyword"
1755
+ },
1756
+ "os": {
1757
+ "properties": {
1758
+ "family": {
1759
+ "ignore_above": 1024,
1760
+ "type": "keyword"
1761
+ },
1762
+ "full": {
1763
+ "fields": {
1764
+ "text": {
1765
+ "norms": false,
1766
+ "type": "text"
1767
+ }
1768
+ },
1769
+ "ignore_above": 1024,
1770
+ "type": "keyword"
1771
+ },
1772
+ "kernel": {
1773
+ "ignore_above": 1024,
1774
+ "type": "keyword"
1775
+ },
1776
+ "name": {
1777
+ "fields": {
1778
+ "text": {
1779
+ "norms": false,
1780
+ "type": "text"
1781
+ }
1782
+ },
1783
+ "ignore_above": 1024,
1784
+ "type": "keyword"
1785
+ },
1786
+ "platform": {
1787
+ "ignore_above": 1024,
1788
+ "type": "keyword"
1789
+ },
1790
+ "type": {
1791
+ "ignore_above": 1024,
1792
+ "type": "keyword"
1793
+ },
1794
+ "version": {
1795
+ "ignore_above": 1024,
1796
+ "type": "keyword"
1797
+ }
1798
+ }
1799
+ },
1800
+ "product": {
1801
+ "ignore_above": 1024,
1802
+ "type": "keyword"
1803
+ },
1804
+ "serial_number": {
1805
+ "ignore_above": 1024,
1806
+ "type": "keyword"
1807
+ },
1808
+ "type": {
1809
+ "ignore_above": 1024,
1810
+ "type": "keyword"
1811
+ },
1812
+ "vendor": {
1813
+ "ignore_above": 1024,
1814
+ "type": "keyword"
1815
+ },
1816
+ "version": {
1817
+ "ignore_above": 1024,
1818
+ "type": "keyword"
1819
+ }
1820
+ }
1821
+ },
1822
+ "orchestrator": {
1823
+ "properties": {
1824
+ "api_version": {
1825
+ "ignore_above": 1024,
1826
+ "type": "keyword"
1827
+ },
1828
+ "cluster": {
1829
+ "properties": {
1830
+ "name": {
1831
+ "ignore_above": 1024,
1832
+ "type": "keyword"
1833
+ },
1834
+ "url": {
1835
+ "ignore_above": 1024,
1836
+ "type": "keyword"
1837
+ },
1838
+ "version": {
1839
+ "ignore_above": 1024,
1840
+ "type": "keyword"
1841
+ }
1842
+ }
1843
+ },
1844
+ "namespace": {
1845
+ "ignore_above": 1024,
1846
+ "type": "keyword"
1847
+ },
1848
+ "organization": {
1849
+ "ignore_above": 1024,
1850
+ "type": "keyword"
1851
+ },
1852
+ "resource": {
1853
+ "properties": {
1854
+ "name": {
1855
+ "ignore_above": 1024,
1856
+ "type": "keyword"
1857
+ },
1858
+ "type": {
1859
+ "ignore_above": 1024,
1860
+ "type": "keyword"
1861
+ }
1862
+ }
1863
+ },
1864
+ "type": {
1865
+ "ignore_above": 1024,
1866
+ "type": "keyword"
1867
+ }
1868
+ }
1869
+ },
1870
+ "organization": {
1871
+ "properties": {
1872
+ "id": {
1873
+ "ignore_above": 1024,
1874
+ "type": "keyword"
1875
+ },
1876
+ "name": {
1877
+ "fields": {
1878
+ "text": {
1879
+ "norms": false,
1880
+ "type": "text"
1881
+ }
1882
+ },
1883
+ "ignore_above": 1024,
1884
+ "type": "keyword"
1885
+ }
1886
+ }
1887
+ },
1888
+ "package": {
1889
+ "properties": {
1890
+ "architecture": {
1891
+ "ignore_above": 1024,
1892
+ "type": "keyword"
1893
+ },
1894
+ "build_version": {
1895
+ "ignore_above": 1024,
1896
+ "type": "keyword"
1897
+ },
1898
+ "checksum": {
1899
+ "ignore_above": 1024,
1900
+ "type": "keyword"
1901
+ },
1902
+ "description": {
1903
+ "ignore_above": 1024,
1904
+ "type": "keyword"
1905
+ },
1906
+ "install_scope": {
1907
+ "ignore_above": 1024,
1908
+ "type": "keyword"
1909
+ },
1910
+ "installed": {
1911
+ "type": "date"
1912
+ },
1913
+ "license": {
1914
+ "ignore_above": 1024,
1915
+ "type": "keyword"
1916
+ },
1917
+ "name": {
1918
+ "ignore_above": 1024,
1919
+ "type": "keyword"
1920
+ },
1921
+ "path": {
1922
+ "ignore_above": 1024,
1923
+ "type": "keyword"
1924
+ },
1925
+ "reference": {
1926
+ "ignore_above": 1024,
1927
+ "type": "keyword"
1928
+ },
1929
+ "size": {
1930
+ "type": "long"
1931
+ },
1932
+ "type": {
1933
+ "ignore_above": 1024,
1934
+ "type": "keyword"
1935
+ },
1936
+ "version": {
1937
+ "ignore_above": 1024,
1938
+ "type": "keyword"
1939
+ }
1940
+ }
1941
+ },
1942
+ "process": {
1943
+ "properties": {
1944
+ "args": {
1945
+ "ignore_above": 1024,
1946
+ "type": "keyword"
1947
+ },
1948
+ "args_count": {
1949
+ "type": "long"
1950
+ },
1951
+ "code_signature": {
1952
+ "properties": {
1953
+ "exists": {
1954
+ "type": "boolean"
1955
+ },
1956
+ "signing_id": {
1957
+ "ignore_above": 1024,
1958
+ "type": "keyword"
1959
+ },
1960
+ "status": {
1961
+ "ignore_above": 1024,
1962
+ "type": "keyword"
1963
+ },
1964
+ "subject_name": {
1965
+ "ignore_above": 1024,
1966
+ "type": "keyword"
1967
+ },
1968
+ "team_id": {
1969
+ "ignore_above": 1024,
1970
+ "type": "keyword"
1971
+ },
1972
+ "trusted": {
1973
+ "type": "boolean"
1974
+ },
1975
+ "valid": {
1976
+ "type": "boolean"
1977
+ }
1978
+ }
1979
+ },
1980
+ "command_line": {
1981
+ "fields": {
1982
+ "text": {
1983
+ "norms": false,
1984
+ "type": "text"
1985
+ }
1986
+ },
1987
+ "ignore_above": 1024,
1988
+ "type": "keyword"
1989
+ },
1990
+ "entity_id": {
1991
+ "ignore_above": 1024,
1992
+ "type": "keyword"
1993
+ },
1994
+ "executable": {
1995
+ "fields": {
1996
+ "text": {
1997
+ "norms": false,
1998
+ "type": "text"
1999
+ }
2000
+ },
2001
+ "ignore_above": 1024,
2002
+ "type": "keyword"
2003
+ },
2004
+ "exit_code": {
2005
+ "type": "long"
2006
+ },
2007
+ "hash": {
2008
+ "properties": {
2009
+ "md5": {
2010
+ "ignore_above": 1024,
2011
+ "type": "keyword"
2012
+ },
2013
+ "sha1": {
2014
+ "ignore_above": 1024,
2015
+ "type": "keyword"
2016
+ },
2017
+ "sha256": {
2018
+ "ignore_above": 1024,
2019
+ "type": "keyword"
2020
+ },
2021
+ "sha512": {
2022
+ "ignore_above": 1024,
2023
+ "type": "keyword"
2024
+ },
2025
+ "ssdeep": {
2026
+ "ignore_above": 1024,
2027
+ "type": "keyword"
2028
+ }
2029
+ }
2030
+ },
2031
+ "name": {
2032
+ "fields": {
2033
+ "text": {
2034
+ "norms": false,
2035
+ "type": "text"
2036
+ }
2037
+ },
2038
+ "ignore_above": 1024,
2039
+ "type": "keyword"
2040
+ },
2041
+ "parent": {
2042
+ "properties": {
2043
+ "args": {
2044
+ "ignore_above": 1024,
2045
+ "type": "keyword"
2046
+ },
2047
+ "args_count": {
2048
+ "type": "long"
2049
+ },
2050
+ "code_signature": {
2051
+ "properties": {
2052
+ "exists": {
2053
+ "type": "boolean"
2054
+ },
2055
+ "signing_id": {
2056
+ "ignore_above": 1024,
2057
+ "type": "keyword"
2058
+ },
2059
+ "status": {
2060
+ "ignore_above": 1024,
2061
+ "type": "keyword"
2062
+ },
2063
+ "subject_name": {
2064
+ "ignore_above": 1024,
2065
+ "type": "keyword"
2066
+ },
2067
+ "team_id": {
2068
+ "ignore_above": 1024,
2069
+ "type": "keyword"
2070
+ },
2071
+ "trusted": {
2072
+ "type": "boolean"
2073
+ },
2074
+ "valid": {
2075
+ "type": "boolean"
2076
+ }
2077
+ }
2078
+ },
2079
+ "command_line": {
2080
+ "fields": {
2081
+ "text": {
2082
+ "norms": false,
2083
+ "type": "text"
2084
+ }
2085
+ },
2086
+ "ignore_above": 1024,
2087
+ "type": "keyword"
2088
+ },
2089
+ "entity_id": {
2090
+ "ignore_above": 1024,
2091
+ "type": "keyword"
2092
+ },
2093
+ "executable": {
2094
+ "fields": {
2095
+ "text": {
2096
+ "norms": false,
2097
+ "type": "text"
2098
+ }
2099
+ },
2100
+ "ignore_above": 1024,
2101
+ "type": "keyword"
2102
+ },
2103
+ "exit_code": {
2104
+ "type": "long"
2105
+ },
2106
+ "hash": {
2107
+ "properties": {
2108
+ "md5": {
2109
+ "ignore_above": 1024,
2110
+ "type": "keyword"
2111
+ },
2112
+ "sha1": {
2113
+ "ignore_above": 1024,
2114
+ "type": "keyword"
2115
+ },
2116
+ "sha256": {
2117
+ "ignore_above": 1024,
2118
+ "type": "keyword"
2119
+ },
2120
+ "sha512": {
2121
+ "ignore_above": 1024,
2122
+ "type": "keyword"
2123
+ },
2124
+ "ssdeep": {
2125
+ "ignore_above": 1024,
2126
+ "type": "keyword"
2127
+ }
2128
+ }
2129
+ },
2130
+ "name": {
2131
+ "fields": {
2132
+ "text": {
2133
+ "norms": false,
2134
+ "type": "text"
2135
+ }
2136
+ },
2137
+ "ignore_above": 1024,
2138
+ "type": "keyword"
2139
+ },
2140
+ "pe": {
2141
+ "properties": {
2142
+ "architecture": {
2143
+ "ignore_above": 1024,
2144
+ "type": "keyword"
2145
+ },
2146
+ "company": {
2147
+ "ignore_above": 1024,
2148
+ "type": "keyword"
2149
+ },
2150
+ "description": {
2151
+ "ignore_above": 1024,
2152
+ "type": "keyword"
2153
+ },
2154
+ "file_version": {
2155
+ "ignore_above": 1024,
2156
+ "type": "keyword"
2157
+ },
2158
+ "imphash": {
2159
+ "ignore_above": 1024,
2160
+ "type": "keyword"
2161
+ },
2162
+ "original_file_name": {
2163
+ "ignore_above": 1024,
2164
+ "type": "keyword"
2165
+ },
2166
+ "product": {
2167
+ "ignore_above": 1024,
2168
+ "type": "keyword"
2169
+ }
2170
+ }
2171
+ },
2172
+ "pgid": {
2173
+ "type": "long"
2174
+ },
2175
+ "pid": {
2176
+ "type": "long"
2177
+ },
2178
+ "ppid": {
2179
+ "type": "long"
2180
+ },
2181
+ "start": {
2182
+ "type": "date"
2183
+ },
2184
+ "thread": {
2185
+ "properties": {
2186
+ "id": {
2187
+ "type": "long"
2188
+ },
2189
+ "name": {
2190
+ "ignore_above": 1024,
2191
+ "type": "keyword"
2192
+ }
2193
+ }
2194
+ },
2195
+ "title": {
2196
+ "fields": {
2197
+ "text": {
2198
+ "norms": false,
2199
+ "type": "text"
2200
+ }
2201
+ },
2202
+ "ignore_above": 1024,
2203
+ "type": "keyword"
2204
+ },
2205
+ "uptime": {
2206
+ "type": "long"
2207
+ },
2208
+ "working_directory": {
2209
+ "fields": {
2210
+ "text": {
2211
+ "norms": false,
2212
+ "type": "text"
2213
+ }
2214
+ },
2215
+ "ignore_above": 1024,
2216
+ "type": "keyword"
2217
+ }
2218
+ }
2219
+ },
2220
+ "pe": {
2221
+ "properties": {
2222
+ "architecture": {
2223
+ "ignore_above": 1024,
2224
+ "type": "keyword"
2225
+ },
2226
+ "company": {
2227
+ "ignore_above": 1024,
2228
+ "type": "keyword"
2229
+ },
2230
+ "description": {
2231
+ "ignore_above": 1024,
2232
+ "type": "keyword"
2233
+ },
2234
+ "file_version": {
2235
+ "ignore_above": 1024,
2236
+ "type": "keyword"
2237
+ },
2238
+ "imphash": {
2239
+ "ignore_above": 1024,
2240
+ "type": "keyword"
2241
+ },
2242
+ "original_file_name": {
2243
+ "ignore_above": 1024,
2244
+ "type": "keyword"
2245
+ },
2246
+ "product": {
2247
+ "ignore_above": 1024,
2248
+ "type": "keyword"
2249
+ }
2250
+ }
2251
+ },
2252
+ "pgid": {
2253
+ "type": "long"
2254
+ },
2255
+ "pid": {
2256
+ "type": "long"
2257
+ },
2258
+ "ppid": {
2259
+ "type": "long"
2260
+ },
2261
+ "start": {
2262
+ "type": "date"
2263
+ },
2264
+ "thread": {
2265
+ "properties": {
2266
+ "id": {
2267
+ "type": "long"
2268
+ },
2269
+ "name": {
2270
+ "ignore_above": 1024,
2271
+ "type": "keyword"
2272
+ }
2273
+ }
2274
+ },
2275
+ "title": {
2276
+ "fields": {
2277
+ "text": {
2278
+ "norms": false,
2279
+ "type": "text"
2280
+ }
2281
+ },
2282
+ "ignore_above": 1024,
2283
+ "type": "keyword"
2284
+ },
2285
+ "uptime": {
2286
+ "type": "long"
2287
+ },
2288
+ "working_directory": {
2289
+ "fields": {
2290
+ "text": {
2291
+ "norms": false,
2292
+ "type": "text"
2293
+ }
2294
+ },
2295
+ "ignore_above": 1024,
2296
+ "type": "keyword"
2297
+ }
2298
+ }
2299
+ },
2300
+ "registry": {
2301
+ "properties": {
2302
+ "data": {
2303
+ "properties": {
2304
+ "bytes": {
2305
+ "ignore_above": 1024,
2306
+ "type": "keyword"
2307
+ },
2308
+ "strings": {
2309
+ "ignore_above": 1024,
2310
+ "type": "keyword"
2311
+ },
2312
+ "type": {
2313
+ "ignore_above": 1024,
2314
+ "type": "keyword"
2315
+ }
2316
+ }
2317
+ },
2318
+ "hive": {
2319
+ "ignore_above": 1024,
2320
+ "type": "keyword"
2321
+ },
2322
+ "key": {
2323
+ "ignore_above": 1024,
2324
+ "type": "keyword"
2325
+ },
2326
+ "path": {
2327
+ "ignore_above": 1024,
2328
+ "type": "keyword"
2329
+ },
2330
+ "value": {
2331
+ "ignore_above": 1024,
2332
+ "type": "keyword"
2333
+ }
2334
+ }
2335
+ },
2336
+ "related": {
2337
+ "properties": {
2338
+ "hash": {
2339
+ "ignore_above": 1024,
2340
+ "type": "keyword"
2341
+ },
2342
+ "hosts": {
2343
+ "ignore_above": 1024,
2344
+ "type": "keyword"
2345
+ },
2346
+ "ip": {
2347
+ "type": "ip"
2348
+ },
2349
+ "user": {
2350
+ "ignore_above": 1024,
2351
+ "type": "keyword"
2352
+ }
2353
+ }
2354
+ },
2355
+ "rule": {
2356
+ "properties": {
2357
+ "author": {
2358
+ "ignore_above": 1024,
2359
+ "type": "keyword"
2360
+ },
2361
+ "category": {
2362
+ "ignore_above": 1024,
2363
+ "type": "keyword"
2364
+ },
2365
+ "description": {
2366
+ "ignore_above": 1024,
2367
+ "type": "keyword"
2368
+ },
2369
+ "id": {
2370
+ "ignore_above": 1024,
2371
+ "type": "keyword"
2372
+ },
2373
+ "license": {
2374
+ "ignore_above": 1024,
2375
+ "type": "keyword"
2376
+ },
2377
+ "name": {
2378
+ "ignore_above": 1024,
2379
+ "type": "keyword"
2380
+ },
2381
+ "reference": {
2382
+ "ignore_above": 1024,
2383
+ "type": "keyword"
2384
+ },
2385
+ "ruleset": {
2386
+ "ignore_above": 1024,
2387
+ "type": "keyword"
2388
+ },
2389
+ "uuid": {
2390
+ "ignore_above": 1024,
2391
+ "type": "keyword"
2392
+ },
2393
+ "version": {
2394
+ "ignore_above": 1024,
2395
+ "type": "keyword"
2396
+ }
2397
+ }
2398
+ },
2399
+ "server": {
2400
+ "properties": {
2401
+ "address": {
2402
+ "ignore_above": 1024,
2403
+ "type": "keyword"
2404
+ },
2405
+ "as": {
2406
+ "properties": {
2407
+ "number": {
2408
+ "type": "long"
2409
+ },
2410
+ "organization": {
2411
+ "properties": {
2412
+ "name": {
2413
+ "fields": {
2414
+ "text": {
2415
+ "norms": false,
2416
+ "type": "text"
2417
+ }
2418
+ },
2419
+ "ignore_above": 1024,
2420
+ "type": "keyword"
2421
+ }
2422
+ }
2423
+ }
2424
+ }
2425
+ },
2426
+ "bytes": {
2427
+ "type": "long"
2428
+ },
2429
+ "domain": {
2430
+ "ignore_above": 1024,
2431
+ "type": "keyword"
2432
+ },
2433
+ "geo": {
2434
+ "properties": {
2435
+ "city_name": {
2436
+ "ignore_above": 1024,
2437
+ "type": "keyword"
2438
+ },
2439
+ "continent_code": {
2440
+ "ignore_above": 1024,
2441
+ "type": "keyword"
2442
+ },
2443
+ "continent_name": {
2444
+ "ignore_above": 1024,
2445
+ "type": "keyword"
2446
+ },
2447
+ "country_iso_code": {
2448
+ "ignore_above": 1024,
2449
+ "type": "keyword"
2450
+ },
2451
+ "country_name": {
2452
+ "ignore_above": 1024,
2453
+ "type": "keyword"
2454
+ },
2455
+ "location": {
2456
+ "type": "geo_point"
2457
+ },
2458
+ "name": {
2459
+ "ignore_above": 1024,
2460
+ "type": "keyword"
2461
+ },
2462
+ "postal_code": {
2463
+ "ignore_above": 1024,
2464
+ "type": "keyword"
2465
+ },
2466
+ "region_iso_code": {
2467
+ "ignore_above": 1024,
2468
+ "type": "keyword"
2469
+ },
2470
+ "region_name": {
2471
+ "ignore_above": 1024,
2472
+ "type": "keyword"
2473
+ },
2474
+ "timezone": {
2475
+ "ignore_above": 1024,
2476
+ "type": "keyword"
2477
+ }
2478
+ }
2479
+ },
2480
+ "ip": {
2481
+ "type": "ip"
2482
+ },
2483
+ "mac": {
2484
+ "ignore_above": 1024,
2485
+ "type": "keyword"
2486
+ },
2487
+ "nat": {
2488
+ "properties": {
2489
+ "ip": {
2490
+ "type": "ip"
2491
+ },
2492
+ "port": {
2493
+ "type": "long"
2494
+ }
2495
+ }
2496
+ },
2497
+ "packets": {
2498
+ "type": "long"
2499
+ },
2500
+ "port": {
2501
+ "type": "long"
2502
+ },
2503
+ "registered_domain": {
2504
+ "ignore_above": 1024,
2505
+ "type": "keyword"
2506
+ },
2507
+ "subdomain": {
2508
+ "ignore_above": 1024,
2509
+ "type": "keyword"
2510
+ },
2511
+ "top_level_domain": {
2512
+ "ignore_above": 1024,
2513
+ "type": "keyword"
2514
+ },
2515
+ "user": {
2516
+ "properties": {
2517
+ "domain": {
2518
+ "ignore_above": 1024,
2519
+ "type": "keyword"
2520
+ },
2521
+ "email": {
2522
+ "ignore_above": 1024,
2523
+ "type": "keyword"
2524
+ },
2525
+ "full_name": {
2526
+ "fields": {
2527
+ "text": {
2528
+ "norms": false,
2529
+ "type": "text"
2530
+ }
2531
+ },
2532
+ "ignore_above": 1024,
2533
+ "type": "keyword"
2534
+ },
2535
+ "group": {
2536
+ "properties": {
2537
+ "domain": {
2538
+ "ignore_above": 1024,
2539
+ "type": "keyword"
2540
+ },
2541
+ "id": {
2542
+ "ignore_above": 1024,
2543
+ "type": "keyword"
2544
+ },
2545
+ "name": {
2546
+ "ignore_above": 1024,
2547
+ "type": "keyword"
2548
+ }
2549
+ }
2550
+ },
2551
+ "hash": {
2552
+ "ignore_above": 1024,
2553
+ "type": "keyword"
2554
+ },
2555
+ "id": {
2556
+ "ignore_above": 1024,
2557
+ "type": "keyword"
2558
+ },
2559
+ "name": {
2560
+ "fields": {
2561
+ "text": {
2562
+ "norms": false,
2563
+ "type": "text"
2564
+ }
2565
+ },
2566
+ "ignore_above": 1024,
2567
+ "type": "keyword"
2568
+ },
2569
+ "roles": {
2570
+ "ignore_above": 1024,
2571
+ "type": "keyword"
2572
+ }
2573
+ }
2574
+ }
2575
+ }
2576
+ },
2577
+ "service": {
2578
+ "properties": {
2579
+ "ephemeral_id": {
2580
+ "ignore_above": 1024,
2581
+ "type": "keyword"
2582
+ },
2583
+ "id": {
2584
+ "ignore_above": 1024,
2585
+ "type": "keyword"
2586
+ },
2587
+ "name": {
2588
+ "ignore_above": 1024,
2589
+ "type": "keyword"
2590
+ },
2591
+ "node": {
2592
+ "properties": {
2593
+ "name": {
2594
+ "ignore_above": 1024,
2595
+ "type": "keyword"
2596
+ }
2597
+ }
2598
+ },
2599
+ "state": {
2600
+ "ignore_above": 1024,
2601
+ "type": "keyword"
2602
+ },
2603
+ "type": {
2604
+ "ignore_above": 1024,
2605
+ "type": "keyword"
2606
+ },
2607
+ "version": {
2608
+ "ignore_above": 1024,
2609
+ "type": "keyword"
2610
+ }
2611
+ }
2612
+ },
2613
+ "source": {
2614
+ "properties": {
2615
+ "address": {
2616
+ "ignore_above": 1024,
2617
+ "type": "keyword"
2618
+ },
2619
+ "as": {
2620
+ "properties": {
2621
+ "number": {
2622
+ "type": "long"
2623
+ },
2624
+ "organization": {
2625
+ "properties": {
2626
+ "name": {
2627
+ "fields": {
2628
+ "text": {
2629
+ "norms": false,
2630
+ "type": "text"
2631
+ }
2632
+ },
2633
+ "ignore_above": 1024,
2634
+ "type": "keyword"
2635
+ }
2636
+ }
2637
+ }
2638
+ }
2639
+ },
2640
+ "bytes": {
2641
+ "type": "long"
2642
+ },
2643
+ "domain": {
2644
+ "ignore_above": 1024,
2645
+ "type": "keyword"
2646
+ },
2647
+ "geo": {
2648
+ "properties": {
2649
+ "city_name": {
2650
+ "ignore_above": 1024,
2651
+ "type": "keyword"
2652
+ },
2653
+ "continent_code": {
2654
+ "ignore_above": 1024,
2655
+ "type": "keyword"
2656
+ },
2657
+ "continent_name": {
2658
+ "ignore_above": 1024,
2659
+ "type": "keyword"
2660
+ },
2661
+ "country_iso_code": {
2662
+ "ignore_above": 1024,
2663
+ "type": "keyword"
2664
+ },
2665
+ "country_name": {
2666
+ "ignore_above": 1024,
2667
+ "type": "keyword"
2668
+ },
2669
+ "location": {
2670
+ "type": "geo_point"
2671
+ },
2672
+ "name": {
2673
+ "ignore_above": 1024,
2674
+ "type": "keyword"
2675
+ },
2676
+ "postal_code": {
2677
+ "ignore_above": 1024,
2678
+ "type": "keyword"
2679
+ },
2680
+ "region_iso_code": {
2681
+ "ignore_above": 1024,
2682
+ "type": "keyword"
2683
+ },
2684
+ "region_name": {
2685
+ "ignore_above": 1024,
2686
+ "type": "keyword"
2687
+ },
2688
+ "timezone": {
2689
+ "ignore_above": 1024,
2690
+ "type": "keyword"
2691
+ }
2692
+ }
2693
+ },
2694
+ "ip": {
2695
+ "type": "ip"
2696
+ },
2697
+ "mac": {
2698
+ "ignore_above": 1024,
2699
+ "type": "keyword"
2700
+ },
2701
+ "nat": {
2702
+ "properties": {
2703
+ "ip": {
2704
+ "type": "ip"
2705
+ },
2706
+ "port": {
2707
+ "type": "long"
2708
+ }
2709
+ }
2710
+ },
2711
+ "packets": {
2712
+ "type": "long"
2713
+ },
2714
+ "port": {
2715
+ "type": "long"
2716
+ },
2717
+ "registered_domain": {
2718
+ "ignore_above": 1024,
2719
+ "type": "keyword"
2720
+ },
2721
+ "subdomain": {
2722
+ "ignore_above": 1024,
2723
+ "type": "keyword"
2724
+ },
2725
+ "top_level_domain": {
2726
+ "ignore_above": 1024,
2727
+ "type": "keyword"
2728
+ },
2729
+ "user": {
2730
+ "properties": {
2731
+ "domain": {
2732
+ "ignore_above": 1024,
2733
+ "type": "keyword"
2734
+ },
2735
+ "email": {
2736
+ "ignore_above": 1024,
2737
+ "type": "keyword"
2738
+ },
2739
+ "full_name": {
2740
+ "fields": {
2741
+ "text": {
2742
+ "norms": false,
2743
+ "type": "text"
2744
+ }
2745
+ },
2746
+ "ignore_above": 1024,
2747
+ "type": "keyword"
2748
+ },
2749
+ "group": {
2750
+ "properties": {
2751
+ "domain": {
2752
+ "ignore_above": 1024,
2753
+ "type": "keyword"
2754
+ },
2755
+ "id": {
2756
+ "ignore_above": 1024,
2757
+ "type": "keyword"
2758
+ },
2759
+ "name": {
2760
+ "ignore_above": 1024,
2761
+ "type": "keyword"
2762
+ }
2763
+ }
2764
+ },
2765
+ "hash": {
2766
+ "ignore_above": 1024,
2767
+ "type": "keyword"
2768
+ },
2769
+ "id": {
2770
+ "ignore_above": 1024,
2771
+ "type": "keyword"
2772
+ },
2773
+ "name": {
2774
+ "fields": {
2775
+ "text": {
2776
+ "norms": false,
2777
+ "type": "text"
2778
+ }
2779
+ },
2780
+ "ignore_above": 1024,
2781
+ "type": "keyword"
2782
+ },
2783
+ "roles": {
2784
+ "ignore_above": 1024,
2785
+ "type": "keyword"
2786
+ }
2787
+ }
2788
+ }
2789
+ }
2790
+ },
2791
+ "span": {
2792
+ "properties": {
2793
+ "id": {
2794
+ "ignore_above": 1024,
2795
+ "type": "keyword"
2796
+ }
2797
+ }
2798
+ },
2799
+ "tags": {
2800
+ "ignore_above": 1024,
2801
+ "type": "keyword"
2802
+ },
2803
+ "threat": {
2804
+ "properties": {
2805
+ "framework": {
2806
+ "ignore_above": 1024,
2807
+ "type": "keyword"
2808
+ },
2809
+ "tactic": {
2810
+ "properties": {
2811
+ "id": {
2812
+ "ignore_above": 1024,
2813
+ "type": "keyword"
2814
+ },
2815
+ "name": {
2816
+ "ignore_above": 1024,
2817
+ "type": "keyword"
2818
+ },
2819
+ "reference": {
2820
+ "ignore_above": 1024,
2821
+ "type": "keyword"
2822
+ }
2823
+ }
2824
+ },
2825
+ "technique": {
2826
+ "properties": {
2827
+ "id": {
2828
+ "ignore_above": 1024,
2829
+ "type": "keyword"
2830
+ },
2831
+ "name": {
2832
+ "fields": {
2833
+ "text": {
2834
+ "norms": false,
2835
+ "type": "text"
2836
+ }
2837
+ },
2838
+ "ignore_above": 1024,
2839
+ "type": "keyword"
2840
+ },
2841
+ "reference": {
2842
+ "ignore_above": 1024,
2843
+ "type": "keyword"
2844
+ },
2845
+ "subtechnique": {
2846
+ "properties": {
2847
+ "id": {
2848
+ "ignore_above": 1024,
2849
+ "type": "keyword"
2850
+ },
2851
+ "name": {
2852
+ "fields": {
2853
+ "text": {
2854
+ "norms": false,
2855
+ "type": "text"
2856
+ }
2857
+ },
2858
+ "ignore_above": 1024,
2859
+ "type": "keyword"
2860
+ },
2861
+ "reference": {
2862
+ "ignore_above": 1024,
2863
+ "type": "keyword"
2864
+ }
2865
+ }
2866
+ }
2867
+ }
2868
+ }
2869
+ }
2870
+ },
2871
+ "tls": {
2872
+ "properties": {
2873
+ "cipher": {
2874
+ "ignore_above": 1024,
2875
+ "type": "keyword"
2876
+ },
2877
+ "client": {
2878
+ "properties": {
2879
+ "certificate": {
2880
+ "ignore_above": 1024,
2881
+ "type": "keyword"
2882
+ },
2883
+ "certificate_chain": {
2884
+ "ignore_above": 1024,
2885
+ "type": "keyword"
2886
+ },
2887
+ "hash": {
2888
+ "properties": {
2889
+ "md5": {
2890
+ "ignore_above": 1024,
2891
+ "type": "keyword"
2892
+ },
2893
+ "sha1": {
2894
+ "ignore_above": 1024,
2895
+ "type": "keyword"
2896
+ },
2897
+ "sha256": {
2898
+ "ignore_above": 1024,
2899
+ "type": "keyword"
2900
+ }
2901
+ }
2902
+ },
2903
+ "issuer": {
2904
+ "ignore_above": 1024,
2905
+ "type": "keyword"
2906
+ },
2907
+ "ja3": {
2908
+ "ignore_above": 1024,
2909
+ "type": "keyword"
2910
+ },
2911
+ "not_after": {
2912
+ "type": "date"
2913
+ },
2914
+ "not_before": {
2915
+ "type": "date"
2916
+ },
2917
+ "server_name": {
2918
+ "ignore_above": 1024,
2919
+ "type": "keyword"
2920
+ },
2921
+ "subject": {
2922
+ "ignore_above": 1024,
2923
+ "type": "keyword"
2924
+ },
2925
+ "supported_ciphers": {
2926
+ "ignore_above": 1024,
2927
+ "type": "keyword"
2928
+ },
2929
+ "x509": {
2930
+ "properties": {
2931
+ "alternative_names": {
2932
+ "ignore_above": 1024,
2933
+ "type": "keyword"
2934
+ },
2935
+ "issuer": {
2936
+ "properties": {
2937
+ "common_name": {
2938
+ "ignore_above": 1024,
2939
+ "type": "keyword"
2940
+ },
2941
+ "country": {
2942
+ "ignore_above": 1024,
2943
+ "type": "keyword"
2944
+ },
2945
+ "distinguished_name": {
2946
+ "ignore_above": 1024,
2947
+ "type": "keyword"
2948
+ },
2949
+ "locality": {
2950
+ "ignore_above": 1024,
2951
+ "type": "keyword"
2952
+ },
2953
+ "organization": {
2954
+ "ignore_above": 1024,
2955
+ "type": "keyword"
2956
+ },
2957
+ "organizational_unit": {
2958
+ "ignore_above": 1024,
2959
+ "type": "keyword"
2960
+ },
2961
+ "state_or_province": {
2962
+ "ignore_above": 1024,
2963
+ "type": "keyword"
2964
+ }
2965
+ }
2966
+ },
2967
+ "not_after": {
2968
+ "type": "date"
2969
+ },
2970
+ "not_before": {
2971
+ "type": "date"
2972
+ },
2973
+ "public_key_algorithm": {
2974
+ "ignore_above": 1024,
2975
+ "type": "keyword"
2976
+ },
2977
+ "public_key_curve": {
2978
+ "ignore_above": 1024,
2979
+ "type": "keyword"
2980
+ },
2981
+ "public_key_exponent": {
2982
+ "doc_values": false,
2983
+ "index": false,
2984
+ "type": "long"
2985
+ },
2986
+ "public_key_size": {
2987
+ "type": "long"
2988
+ },
2989
+ "serial_number": {
2990
+ "ignore_above": 1024,
2991
+ "type": "keyword"
2992
+ },
2993
+ "signature_algorithm": {
2994
+ "ignore_above": 1024,
2995
+ "type": "keyword"
2996
+ },
2997
+ "subject": {
2998
+ "properties": {
2999
+ "common_name": {
3000
+ "ignore_above": 1024,
3001
+ "type": "keyword"
3002
+ },
3003
+ "country": {
3004
+ "ignore_above": 1024,
3005
+ "type": "keyword"
3006
+ },
3007
+ "distinguished_name": {
3008
+ "ignore_above": 1024,
3009
+ "type": "keyword"
3010
+ },
3011
+ "locality": {
3012
+ "ignore_above": 1024,
3013
+ "type": "keyword"
3014
+ },
3015
+ "organization": {
3016
+ "ignore_above": 1024,
3017
+ "type": "keyword"
3018
+ },
3019
+ "organizational_unit": {
3020
+ "ignore_above": 1024,
3021
+ "type": "keyword"
3022
+ },
3023
+ "state_or_province": {
3024
+ "ignore_above": 1024,
3025
+ "type": "keyword"
3026
+ }
3027
+ }
3028
+ },
3029
+ "version_number": {
3030
+ "ignore_above": 1024,
3031
+ "type": "keyword"
3032
+ }
3033
+ }
3034
+ }
3035
+ }
3036
+ },
3037
+ "curve": {
3038
+ "ignore_above": 1024,
3039
+ "type": "keyword"
3040
+ },
3041
+ "established": {
3042
+ "type": "boolean"
3043
+ },
3044
+ "next_protocol": {
3045
+ "ignore_above": 1024,
3046
+ "type": "keyword"
3047
+ },
3048
+ "resumed": {
3049
+ "type": "boolean"
3050
+ },
3051
+ "server": {
3052
+ "properties": {
3053
+ "certificate": {
3054
+ "ignore_above": 1024,
3055
+ "type": "keyword"
3056
+ },
3057
+ "certificate_chain": {
3058
+ "ignore_above": 1024,
3059
+ "type": "keyword"
3060
+ },
3061
+ "hash": {
3062
+ "properties": {
3063
+ "md5": {
3064
+ "ignore_above": 1024,
3065
+ "type": "keyword"
3066
+ },
3067
+ "sha1": {
3068
+ "ignore_above": 1024,
3069
+ "type": "keyword"
3070
+ },
3071
+ "sha256": {
3072
+ "ignore_above": 1024,
3073
+ "type": "keyword"
3074
+ }
3075
+ }
3076
+ },
3077
+ "issuer": {
3078
+ "ignore_above": 1024,
3079
+ "type": "keyword"
3080
+ },
3081
+ "ja3s": {
3082
+ "ignore_above": 1024,
3083
+ "type": "keyword"
3084
+ },
3085
+ "not_after": {
3086
+ "type": "date"
3087
+ },
3088
+ "not_before": {
3089
+ "type": "date"
3090
+ },
3091
+ "subject": {
3092
+ "ignore_above": 1024,
3093
+ "type": "keyword"
3094
+ },
3095
+ "x509": {
3096
+ "properties": {
3097
+ "alternative_names": {
3098
+ "ignore_above": 1024,
3099
+ "type": "keyword"
3100
+ },
3101
+ "issuer": {
3102
+ "properties": {
3103
+ "common_name": {
3104
+ "ignore_above": 1024,
3105
+ "type": "keyword"
3106
+ },
3107
+ "country": {
3108
+ "ignore_above": 1024,
3109
+ "type": "keyword"
3110
+ },
3111
+ "distinguished_name": {
3112
+ "ignore_above": 1024,
3113
+ "type": "keyword"
3114
+ },
3115
+ "locality": {
3116
+ "ignore_above": 1024,
3117
+ "type": "keyword"
3118
+ },
3119
+ "organization": {
3120
+ "ignore_above": 1024,
3121
+ "type": "keyword"
3122
+ },
3123
+ "organizational_unit": {
3124
+ "ignore_above": 1024,
3125
+ "type": "keyword"
3126
+ },
3127
+ "state_or_province": {
3128
+ "ignore_above": 1024,
3129
+ "type": "keyword"
3130
+ }
3131
+ }
3132
+ },
3133
+ "not_after": {
3134
+ "type": "date"
3135
+ },
3136
+ "not_before": {
3137
+ "type": "date"
3138
+ },
3139
+ "public_key_algorithm": {
3140
+ "ignore_above": 1024,
3141
+ "type": "keyword"
3142
+ },
3143
+ "public_key_curve": {
3144
+ "ignore_above": 1024,
3145
+ "type": "keyword"
3146
+ },
3147
+ "public_key_exponent": {
3148
+ "doc_values": false,
3149
+ "index": false,
3150
+ "type": "long"
3151
+ },
3152
+ "public_key_size": {
3153
+ "type": "long"
3154
+ },
3155
+ "serial_number": {
3156
+ "ignore_above": 1024,
3157
+ "type": "keyword"
3158
+ },
3159
+ "signature_algorithm": {
3160
+ "ignore_above": 1024,
3161
+ "type": "keyword"
3162
+ },
3163
+ "subject": {
3164
+ "properties": {
3165
+ "common_name": {
3166
+ "ignore_above": 1024,
3167
+ "type": "keyword"
3168
+ },
3169
+ "country": {
3170
+ "ignore_above": 1024,
3171
+ "type": "keyword"
3172
+ },
3173
+ "distinguished_name": {
3174
+ "ignore_above": 1024,
3175
+ "type": "keyword"
3176
+ },
3177
+ "locality": {
3178
+ "ignore_above": 1024,
3179
+ "type": "keyword"
3180
+ },
3181
+ "organization": {
3182
+ "ignore_above": 1024,
3183
+ "type": "keyword"
3184
+ },
3185
+ "organizational_unit": {
3186
+ "ignore_above": 1024,
3187
+ "type": "keyword"
3188
+ },
3189
+ "state_or_province": {
3190
+ "ignore_above": 1024,
3191
+ "type": "keyword"
3192
+ }
3193
+ }
3194
+ },
3195
+ "version_number": {
3196
+ "ignore_above": 1024,
3197
+ "type": "keyword"
3198
+ }
3199
+ }
3200
+ }
3201
+ }
3202
+ },
3203
+ "version": {
3204
+ "ignore_above": 1024,
3205
+ "type": "keyword"
3206
+ },
3207
+ "version_protocol": {
3208
+ "ignore_above": 1024,
3209
+ "type": "keyword"
3210
+ }
3211
+ }
3212
+ },
3213
+ "trace": {
3214
+ "properties": {
3215
+ "id": {
3216
+ "ignore_above": 1024,
3217
+ "type": "keyword"
3218
+ }
3219
+ }
3220
+ },
3221
+ "transaction": {
3222
+ "properties": {
3223
+ "id": {
3224
+ "ignore_above": 1024,
3225
+ "type": "keyword"
3226
+ }
3227
+ }
3228
+ },
3229
+ "url": {
3230
+ "properties": {
3231
+ "domain": {
3232
+ "ignore_above": 1024,
3233
+ "type": "keyword"
3234
+ },
3235
+ "extension": {
3236
+ "ignore_above": 1024,
3237
+ "type": "keyword"
3238
+ },
3239
+ "fragment": {
3240
+ "ignore_above": 1024,
3241
+ "type": "keyword"
3242
+ },
3243
+ "full": {
3244
+ "fields": {
3245
+ "text": {
3246
+ "norms": false,
3247
+ "type": "text"
3248
+ }
3249
+ },
3250
+ "ignore_above": 1024,
3251
+ "type": "keyword"
3252
+ },
3253
+ "original": {
3254
+ "fields": {
3255
+ "text": {
3256
+ "norms": false,
3257
+ "type": "text"
3258
+ }
3259
+ },
3260
+ "ignore_above": 1024,
3261
+ "type": "keyword"
3262
+ },
3263
+ "password": {
3264
+ "ignore_above": 1024,
3265
+ "type": "keyword"
3266
+ },
3267
+ "path": {
3268
+ "ignore_above": 1024,
3269
+ "type": "keyword"
3270
+ },
3271
+ "port": {
3272
+ "type": "long"
3273
+ },
3274
+ "query": {
3275
+ "ignore_above": 1024,
3276
+ "type": "keyword"
3277
+ },
3278
+ "registered_domain": {
3279
+ "ignore_above": 1024,
3280
+ "type": "keyword"
3281
+ },
3282
+ "scheme": {
3283
+ "ignore_above": 1024,
3284
+ "type": "keyword"
3285
+ },
3286
+ "subdomain": {
3287
+ "ignore_above": 1024,
3288
+ "type": "keyword"
3289
+ },
3290
+ "top_level_domain": {
3291
+ "ignore_above": 1024,
3292
+ "type": "keyword"
3293
+ },
3294
+ "username": {
3295
+ "ignore_above": 1024,
3296
+ "type": "keyword"
3297
+ }
3298
+ }
3299
+ },
3300
+ "user": {
3301
+ "properties": {
3302
+ "changes": {
3303
+ "properties": {
3304
+ "domain": {
3305
+ "ignore_above": 1024,
3306
+ "type": "keyword"
3307
+ },
3308
+ "email": {
3309
+ "ignore_above": 1024,
3310
+ "type": "keyword"
3311
+ },
3312
+ "full_name": {
3313
+ "fields": {
3314
+ "text": {
3315
+ "norms": false,
3316
+ "type": "text"
3317
+ }
3318
+ },
3319
+ "ignore_above": 1024,
3320
+ "type": "keyword"
3321
+ },
3322
+ "group": {
3323
+ "properties": {
3324
+ "domain": {
3325
+ "ignore_above": 1024,
3326
+ "type": "keyword"
3327
+ },
3328
+ "id": {
3329
+ "ignore_above": 1024,
3330
+ "type": "keyword"
3331
+ },
3332
+ "name": {
3333
+ "ignore_above": 1024,
3334
+ "type": "keyword"
3335
+ }
3336
+ }
3337
+ },
3338
+ "hash": {
3339
+ "ignore_above": 1024,
3340
+ "type": "keyword"
3341
+ },
3342
+ "id": {
3343
+ "ignore_above": 1024,
3344
+ "type": "keyword"
3345
+ },
3346
+ "name": {
3347
+ "fields": {
3348
+ "text": {
3349
+ "norms": false,
3350
+ "type": "text"
3351
+ }
3352
+ },
3353
+ "ignore_above": 1024,
3354
+ "type": "keyword"
3355
+ },
3356
+ "roles": {
3357
+ "ignore_above": 1024,
3358
+ "type": "keyword"
3359
+ }
3360
+ }
3361
+ },
3362
+ "domain": {
3363
+ "ignore_above": 1024,
3364
+ "type": "keyword"
3365
+ },
3366
+ "effective": {
3367
+ "properties": {
3368
+ "domain": {
3369
+ "ignore_above": 1024,
3370
+ "type": "keyword"
3371
+ },
3372
+ "email": {
3373
+ "ignore_above": 1024,
3374
+ "type": "keyword"
3375
+ },
3376
+ "full_name": {
3377
+ "fields": {
3378
+ "text": {
3379
+ "norms": false,
3380
+ "type": "text"
3381
+ }
3382
+ },
3383
+ "ignore_above": 1024,
3384
+ "type": "keyword"
3385
+ },
3386
+ "group": {
3387
+ "properties": {
3388
+ "domain": {
3389
+ "ignore_above": 1024,
3390
+ "type": "keyword"
3391
+ },
3392
+ "id": {
3393
+ "ignore_above": 1024,
3394
+ "type": "keyword"
3395
+ },
3396
+ "name": {
3397
+ "ignore_above": 1024,
3398
+ "type": "keyword"
3399
+ }
3400
+ }
3401
+ },
3402
+ "hash": {
3403
+ "ignore_above": 1024,
3404
+ "type": "keyword"
3405
+ },
3406
+ "id": {
3407
+ "ignore_above": 1024,
3408
+ "type": "keyword"
3409
+ },
3410
+ "name": {
3411
+ "fields": {
3412
+ "text": {
3413
+ "norms": false,
3414
+ "type": "text"
3415
+ }
3416
+ },
3417
+ "ignore_above": 1024,
3418
+ "type": "keyword"
3419
+ },
3420
+ "roles": {
3421
+ "ignore_above": 1024,
3422
+ "type": "keyword"
3423
+ }
3424
+ }
3425
+ },
3426
+ "email": {
3427
+ "ignore_above": 1024,
3428
+ "type": "keyword"
3429
+ },
3430
+ "full_name": {
3431
+ "fields": {
3432
+ "text": {
3433
+ "norms": false,
3434
+ "type": "text"
3435
+ }
3436
+ },
3437
+ "ignore_above": 1024,
3438
+ "type": "keyword"
3439
+ },
3440
+ "group": {
3441
+ "properties": {
3442
+ "domain": {
3443
+ "ignore_above": 1024,
3444
+ "type": "keyword"
3445
+ },
3446
+ "id": {
3447
+ "ignore_above": 1024,
3448
+ "type": "keyword"
3449
+ },
3450
+ "name": {
3451
+ "ignore_above": 1024,
3452
+ "type": "keyword"
3453
+ }
3454
+ }
3455
+ },
3456
+ "hash": {
3457
+ "ignore_above": 1024,
3458
+ "type": "keyword"
3459
+ },
3460
+ "id": {
3461
+ "ignore_above": 1024,
3462
+ "type": "keyword"
3463
+ },
3464
+ "name": {
3465
+ "fields": {
3466
+ "text": {
3467
+ "norms": false,
3468
+ "type": "text"
3469
+ }
3470
+ },
3471
+ "ignore_above": 1024,
3472
+ "type": "keyword"
3473
+ },
3474
+ "roles": {
3475
+ "ignore_above": 1024,
3476
+ "type": "keyword"
3477
+ },
3478
+ "target": {
3479
+ "properties": {
3480
+ "domain": {
3481
+ "ignore_above": 1024,
3482
+ "type": "keyword"
3483
+ },
3484
+ "email": {
3485
+ "ignore_above": 1024,
3486
+ "type": "keyword"
3487
+ },
3488
+ "full_name": {
3489
+ "fields": {
3490
+ "text": {
3491
+ "norms": false,
3492
+ "type": "text"
3493
+ }
3494
+ },
3495
+ "ignore_above": 1024,
3496
+ "type": "keyword"
3497
+ },
3498
+ "group": {
3499
+ "properties": {
3500
+ "domain": {
3501
+ "ignore_above": 1024,
3502
+ "type": "keyword"
3503
+ },
3504
+ "id": {
3505
+ "ignore_above": 1024,
3506
+ "type": "keyword"
3507
+ },
3508
+ "name": {
3509
+ "ignore_above": 1024,
3510
+ "type": "keyword"
3511
+ }
3512
+ }
3513
+ },
3514
+ "hash": {
3515
+ "ignore_above": 1024,
3516
+ "type": "keyword"
3517
+ },
3518
+ "id": {
3519
+ "ignore_above": 1024,
3520
+ "type": "keyword"
3521
+ },
3522
+ "name": {
3523
+ "fields": {
3524
+ "text": {
3525
+ "norms": false,
3526
+ "type": "text"
3527
+ }
3528
+ },
3529
+ "ignore_above": 1024,
3530
+ "type": "keyword"
3531
+ },
3532
+ "roles": {
3533
+ "ignore_above": 1024,
3534
+ "type": "keyword"
3535
+ }
3536
+ }
3537
+ }
3538
+ }
3539
+ },
3540
+ "user_agent": {
3541
+ "properties": {
3542
+ "device": {
3543
+ "properties": {
3544
+ "name": {
3545
+ "ignore_above": 1024,
3546
+ "type": "keyword"
3547
+ }
3548
+ }
3549
+ },
3550
+ "name": {
3551
+ "ignore_above": 1024,
3552
+ "type": "keyword"
3553
+ },
3554
+ "original": {
3555
+ "fields": {
3556
+ "text": {
3557
+ "norms": false,
3558
+ "type": "text"
3559
+ }
3560
+ },
3561
+ "ignore_above": 1024,
3562
+ "type": "keyword"
3563
+ },
3564
+ "os": {
3565
+ "properties": {
3566
+ "family": {
3567
+ "ignore_above": 1024,
3568
+ "type": "keyword"
3569
+ },
3570
+ "full": {
3571
+ "fields": {
3572
+ "text": {
3573
+ "norms": false,
3574
+ "type": "text"
3575
+ }
3576
+ },
3577
+ "ignore_above": 1024,
3578
+ "type": "keyword"
3579
+ },
3580
+ "kernel": {
3581
+ "ignore_above": 1024,
3582
+ "type": "keyword"
3583
+ },
3584
+ "name": {
3585
+ "fields": {
3586
+ "text": {
3587
+ "norms": false,
3588
+ "type": "text"
3589
+ }
3590
+ },
3591
+ "ignore_above": 1024,
3592
+ "type": "keyword"
3593
+ },
3594
+ "platform": {
3595
+ "ignore_above": 1024,
3596
+ "type": "keyword"
3597
+ },
3598
+ "type": {
3599
+ "ignore_above": 1024,
3600
+ "type": "keyword"
3601
+ },
3602
+ "version": {
3603
+ "ignore_above": 1024,
3604
+ "type": "keyword"
3605
+ }
3606
+ }
3607
+ },
3608
+ "version": {
3609
+ "ignore_above": 1024,
3610
+ "type": "keyword"
3611
+ }
3612
+ }
3613
+ },
3614
+ "vulnerability": {
3615
+ "properties": {
3616
+ "category": {
3617
+ "ignore_above": 1024,
3618
+ "type": "keyword"
3619
+ },
3620
+ "classification": {
3621
+ "ignore_above": 1024,
3622
+ "type": "keyword"
3623
+ },
3624
+ "description": {
3625
+ "fields": {
3626
+ "text": {
3627
+ "norms": false,
3628
+ "type": "text"
3629
+ }
3630
+ },
3631
+ "ignore_above": 1024,
3632
+ "type": "keyword"
3633
+ },
3634
+ "enumeration": {
3635
+ "ignore_above": 1024,
3636
+ "type": "keyword"
3637
+ },
3638
+ "id": {
3639
+ "ignore_above": 1024,
3640
+ "type": "keyword"
3641
+ },
3642
+ "reference": {
3643
+ "ignore_above": 1024,
3644
+ "type": "keyword"
3645
+ },
3646
+ "report_id": {
3647
+ "ignore_above": 1024,
3648
+ "type": "keyword"
3649
+ },
3650
+ "scanner": {
3651
+ "properties": {
3652
+ "vendor": {
3653
+ "ignore_above": 1024,
3654
+ "type": "keyword"
3655
+ }
3656
+ }
3657
+ },
3658
+ "score": {
3659
+ "properties": {
3660
+ "base": {
3661
+ "type": "float"
3662
+ },
3663
+ "environmental": {
3664
+ "type": "float"
3665
+ },
3666
+ "temporal": {
3667
+ "type": "float"
3668
+ },
3669
+ "version": {
3670
+ "ignore_above": 1024,
3671
+ "type": "keyword"
3672
+ }
3673
+ }
3674
+ },
3675
+ "severity": {
3676
+ "ignore_above": 1024,
3677
+ "type": "keyword"
3678
+ }
3679
+ }
3680
+ }
3681
+ }
3682
+ }
3683
+ },
3684
+ "order": 1,
3685
+ "settings": {
3686
+ "index": {
3687
+ "mapping": {
3688
+ "total_fields": {
3689
+ "limit": 10000
3690
+ }
3691
+ },
3692
+ "refresh_interval": "5s"
3693
+ }
3694
+ }
3695
+ }