logstash-output-elasticsearch 11.1.0-java → 11.2.3-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/lib/logstash/outputs/elasticsearch/http_client/pool.rb +48 -2
  4. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json +3695 -0
  5. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +3690 -0
  6. data/logstash-output-elasticsearch.gemspec +2 -1
  7. data/spec/unit/outputs/elasticsearch/http_client/pool_spec.rb +158 -9
  8. data/spec/unit/outputs/elasticsearch_spec.rb +1 -1
  9. metadata +18 -2
data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json ADDED
@@ -0,0 +1,3690 @@
1
+ {
2
+ "index_patterns": [
3
+ "ecs-logstash-*"
4
+ ],
5
+ "mappings": {
6
+ "_meta": {
7
+ "version": "1.10.0"
8
+ },
9
+ "date_detection": false,
10
+ "dynamic_templates": [
11
+ {
12
+ "strings_as_keyword": {
13
+ "mapping": {
14
+ "ignore_above": 1024,
15
+ "type": "keyword"
16
+ },
17
+ "match_mapping_type": "string"
18
+ }
19
+ }
20
+ ],
21
+ "properties": {
22
+ "@timestamp": {
23
+ "type": "date"
24
+ },
25
+ "agent": {
26
+ "properties": {
27
+ "build": {
28
+ "properties": {
29
+ "original": {
30
+ "ignore_above": 1024,
31
+ "type": "keyword"
32
+ }
33
+ }
34
+ },
35
+ "ephemeral_id": {
36
+ "ignore_above": 1024,
37
+ "type": "keyword"
38
+ },
39
+ "id": {
40
+ "ignore_above": 1024,
41
+ "type": "keyword"
42
+ },
43
+ "name": {
44
+ "ignore_above": 1024,
45
+ "type": "keyword"
46
+ },
47
+ "type": {
48
+ "ignore_above": 1024,
49
+ "type": "keyword"
50
+ },
51
+ "version": {
52
+ "ignore_above": 1024,
53
+ "type": "keyword"
54
+ }
55
+ }
56
+ },
57
+ "client": {
58
+ "properties": {
59
+ "address": {
60
+ "ignore_above": 1024,
61
+ "type": "keyword"
62
+ },
63
+ "as": {
64
+ "properties": {
65
+ "number": {
66
+ "type": "long"
67
+ },
68
+ "organization": {
69
+ "properties": {
70
+ "name": {
71
+ "fields": {
72
+ "text": {
73
+ "norms": false,
74
+ "type": "text"
75
+ }
76
+ },
77
+ "ignore_above": 1024,
78
+ "type": "keyword"
79
+ }
80
+ }
81
+ }
82
+ }
83
+ },
84
+ "bytes": {
85
+ "type": "long"
86
+ },
87
+ "domain": {
88
+ "ignore_above": 1024,
89
+ "type": "keyword"
90
+ },
91
+ "geo": {
92
+ "properties": {
93
+ "city_name": {
94
+ "ignore_above": 1024,
95
+ "type": "keyword"
96
+ },
97
+ "continent_code": {
98
+ "ignore_above": 1024,
99
+ "type": "keyword"
100
+ },
101
+ "continent_name": {
102
+ "ignore_above": 1024,
103
+ "type": "keyword"
104
+ },
105
+ "country_iso_code": {
106
+ "ignore_above": 1024,
107
+ "type": "keyword"
108
+ },
109
+ "country_name": {
110
+ "ignore_above": 1024,
111
+ "type": "keyword"
112
+ },
113
+ "location": {
114
+ "type": "geo_point"
115
+ },
116
+ "name": {
117
+ "ignore_above": 1024,
118
+ "type": "keyword"
119
+ },
120
+ "postal_code": {
121
+ "ignore_above": 1024,
122
+ "type": "keyword"
123
+ },
124
+ "region_iso_code": {
125
+ "ignore_above": 1024,
126
+ "type": "keyword"
127
+ },
128
+ "region_name": {
129
+ "ignore_above": 1024,
130
+ "type": "keyword"
131
+ },
132
+ "timezone": {
133
+ "ignore_above": 1024,
134
+ "type": "keyword"
135
+ }
136
+ }
137
+ },
138
+ "ip": {
139
+ "type": "ip"
140
+ },
141
+ "mac": {
142
+ "ignore_above": 1024,
143
+ "type": "keyword"
144
+ },
145
+ "nat": {
146
+ "properties": {
147
+ "ip": {
148
+ "type": "ip"
149
+ },
150
+ "port": {
151
+ "type": "long"
152
+ }
153
+ }
154
+ },
155
+ "packets": {
156
+ "type": "long"
157
+ },
158
+ "port": {
159
+ "type": "long"
160
+ },
161
+ "registered_domain": {
162
+ "ignore_above": 1024,
163
+ "type": "keyword"
164
+ },
165
+ "subdomain": {
166
+ "ignore_above": 1024,
167
+ "type": "keyword"
168
+ },
169
+ "top_level_domain": {
170
+ "ignore_above": 1024,
171
+ "type": "keyword"
172
+ },
173
+ "user": {
174
+ "properties": {
175
+ "domain": {
176
+ "ignore_above": 1024,
177
+ "type": "keyword"
178
+ },
179
+ "email": {
180
+ "ignore_above": 1024,
181
+ "type": "keyword"
182
+ },
183
+ "full_name": {
184
+ "fields": {
185
+ "text": {
186
+ "norms": false,
187
+ "type": "text"
188
+ }
189
+ },
190
+ "ignore_above": 1024,
191
+ "type": "keyword"
192
+ },
193
+ "group": {
194
+ "properties": {
195
+ "domain": {
196
+ "ignore_above": 1024,
197
+ "type": "keyword"
198
+ },
199
+ "id": {
200
+ "ignore_above": 1024,
201
+ "type": "keyword"
202
+ },
203
+ "name": {
204
+ "ignore_above": 1024,
205
+ "type": "keyword"
206
+ }
207
+ }
208
+ },
209
+ "hash": {
210
+ "ignore_above": 1024,
211
+ "type": "keyword"
212
+ },
213
+ "id": {
214
+ "ignore_above": 1024,
215
+ "type": "keyword"
216
+ },
217
+ "name": {
218
+ "fields": {
219
+ "text": {
220
+ "norms": false,
221
+ "type": "text"
222
+ }
223
+ },
224
+ "ignore_above": 1024,
225
+ "type": "keyword"
226
+ },
227
+ "roles": {
228
+ "ignore_above": 1024,
229
+ "type": "keyword"
230
+ }
231
+ }
232
+ }
233
+ }
234
+ },
235
+ "cloud": {
236
+ "properties": {
237
+ "account": {
238
+ "properties": {
239
+ "id": {
240
+ "ignore_above": 1024,
241
+ "type": "keyword"
242
+ },
243
+ "name": {
244
+ "ignore_above": 1024,
245
+ "type": "keyword"
246
+ }
247
+ }
248
+ },
249
+ "availability_zone": {
250
+ "ignore_above": 1024,
251
+ "type": "keyword"
252
+ },
253
+ "instance": {
254
+ "properties": {
255
+ "id": {
256
+ "ignore_above": 1024,
257
+ "type": "keyword"
258
+ },
259
+ "name": {
260
+ "ignore_above": 1024,
261
+ "type": "keyword"
262
+ }
263
+ }
264
+ },
265
+ "machine": {
266
+ "properties": {
267
+ "type": {
268
+ "ignore_above": 1024,
269
+ "type": "keyword"
270
+ }
271
+ }
272
+ },
273
+ "project": {
274
+ "properties": {
275
+ "id": {
276
+ "ignore_above": 1024,
277
+ "type": "keyword"
278
+ },
279
+ "name": {
280
+ "ignore_above": 1024,
281
+ "type": "keyword"
282
+ }
283
+ }
284
+ },
285
+ "provider": {
286
+ "ignore_above": 1024,
287
+ "type": "keyword"
288
+ },
289
+ "region": {
290
+ "ignore_above": 1024,
291
+ "type": "keyword"
292
+ },
293
+ "service": {
294
+ "properties": {
295
+ "name": {
296
+ "ignore_above": 1024,
297
+ "type": "keyword"
298
+ }
299
+ }
300
+ }
301
+ }
302
+ },
303
+ "container": {
304
+ "properties": {
305
+ "id": {
306
+ "ignore_above": 1024,
307
+ "type": "keyword"
308
+ },
309
+ "image": {
310
+ "properties": {
311
+ "name": {
312
+ "ignore_above": 1024,
313
+ "type": "keyword"
314
+ },
315
+ "tag": {
316
+ "ignore_above": 1024,
317
+ "type": "keyword"
318
+ }
319
+ }
320
+ },
321
+ "labels": {
322
+ "type": "object"
323
+ },
324
+ "name": {
325
+ "ignore_above": 1024,
326
+ "type": "keyword"
327
+ },
328
+ "runtime": {
329
+ "ignore_above": 1024,
330
+ "type": "keyword"
331
+ }
332
+ }
333
+ },
334
+ "data_stream": {
335
+ "properties": {
336
+ "dataset": {
337
+ "type": "constant_keyword"
338
+ },
339
+ "namespace": {
340
+ "type": "constant_keyword"
341
+ },
342
+ "type": {
343
+ "type": "constant_keyword"
344
+ }
345
+ }
346
+ },
347
+ "destination": {
348
+ "properties": {
349
+ "address": {
350
+ "ignore_above": 1024,
351
+ "type": "keyword"
352
+ },
353
+ "as": {
354
+ "properties": {
355
+ "number": {
356
+ "type": "long"
357
+ },
358
+ "organization": {
359
+ "properties": {
360
+ "name": {
361
+ "fields": {
362
+ "text": {
363
+ "norms": false,
364
+ "type": "text"
365
+ }
366
+ },
367
+ "ignore_above": 1024,
368
+ "type": "keyword"
369
+ }
370
+ }
371
+ }
372
+ }
373
+ },
374
+ "bytes": {
375
+ "type": "long"
376
+ },
377
+ "domain": {
378
+ "ignore_above": 1024,
379
+ "type": "keyword"
380
+ },
381
+ "geo": {
382
+ "properties": {
383
+ "city_name": {
384
+ "ignore_above": 1024,
385
+ "type": "keyword"
386
+ },
387
+ "continent_code": {
388
+ "ignore_above": 1024,
389
+ "type": "keyword"
390
+ },
391
+ "continent_name": {
392
+ "ignore_above": 1024,
393
+ "type": "keyword"
394
+ },
395
+ "country_iso_code": {
396
+ "ignore_above": 1024,
397
+ "type": "keyword"
398
+ },
399
+ "country_name": {
400
+ "ignore_above": 1024,
401
+ "type": "keyword"
402
+ },
403
+ "location": {
404
+ "type": "geo_point"
405
+ },
406
+ "name": {
407
+ "ignore_above": 1024,
408
+ "type": "keyword"
409
+ },
410
+ "postal_code": {
411
+ "ignore_above": 1024,
412
+ "type": "keyword"
413
+ },
414
+ "region_iso_code": {
415
+ "ignore_above": 1024,
416
+ "type": "keyword"
417
+ },
418
+ "region_name": {
419
+ "ignore_above": 1024,
420
+ "type": "keyword"
421
+ },
422
+ "timezone": {
423
+ "ignore_above": 1024,
424
+ "type": "keyword"
425
+ }
426
+ }
427
+ },
428
+ "ip": {
429
+ "type": "ip"
430
+ },
431
+ "mac": {
432
+ "ignore_above": 1024,
433
+ "type": "keyword"
434
+ },
435
+ "nat": {
436
+ "properties": {
437
+ "ip": {
438
+ "type": "ip"
439
+ },
440
+ "port": {
441
+ "type": "long"
442
+ }
443
+ }
444
+ },
445
+ "packets": {
446
+ "type": "long"
447
+ },
448
+ "port": {
449
+ "type": "long"
450
+ },
451
+ "registered_domain": {
452
+ "ignore_above": 1024,
453
+ "type": "keyword"
454
+ },
455
+ "subdomain": {
456
+ "ignore_above": 1024,
457
+ "type": "keyword"
458
+ },
459
+ "top_level_domain": {
460
+ "ignore_above": 1024,
461
+ "type": "keyword"
462
+ },
463
+ "user": {
464
+ "properties": {
465
+ "domain": {
466
+ "ignore_above": 1024,
467
+ "type": "keyword"
468
+ },
469
+ "email": {
470
+ "ignore_above": 1024,
471
+ "type": "keyword"
472
+ },
473
+ "full_name": {
474
+ "fields": {
475
+ "text": {
476
+ "norms": false,
477
+ "type": "text"
478
+ }
479
+ },
480
+ "ignore_above": 1024,
481
+ "type": "keyword"
482
+ },
483
+ "group": {
484
+ "properties": {
485
+ "domain": {
486
+ "ignore_above": 1024,
487
+ "type": "keyword"
488
+ },
489
+ "id": {
490
+ "ignore_above": 1024,
491
+ "type": "keyword"
492
+ },
493
+ "name": {
494
+ "ignore_above": 1024,
495
+ "type": "keyword"
496
+ }
497
+ }
498
+ },
499
+ "hash": {
500
+ "ignore_above": 1024,
501
+ "type": "keyword"
502
+ },
503
+ "id": {
504
+ "ignore_above": 1024,
505
+ "type": "keyword"
506
+ },
507
+ "name": {
508
+ "fields": {
509
+ "text": {
510
+ "norms": false,
511
+ "type": "text"
512
+ }
513
+ },
514
+ "ignore_above": 1024,
515
+ "type": "keyword"
516
+ },
517
+ "roles": {
518
+ "ignore_above": 1024,
519
+ "type": "keyword"
520
+ }
521
+ }
522
+ }
523
+ }
524
+ },
525
+ "dll": {
526
+ "properties": {
527
+ "code_signature": {
528
+ "properties": {
529
+ "exists": {
530
+ "type": "boolean"
531
+ },
532
+ "signing_id": {
533
+ "ignore_above": 1024,
534
+ "type": "keyword"
535
+ },
536
+ "status": {
537
+ "ignore_above": 1024,
538
+ "type": "keyword"
539
+ },
540
+ "subject_name": {
541
+ "ignore_above": 1024,
542
+ "type": "keyword"
543
+ },
544
+ "team_id": {
545
+ "ignore_above": 1024,
546
+ "type": "keyword"
547
+ },
548
+ "trusted": {
549
+ "type": "boolean"
550
+ },
551
+ "valid": {
552
+ "type": "boolean"
553
+ }
554
+ }
555
+ },
556
+ "hash": {
557
+ "properties": {
558
+ "md5": {
559
+ "ignore_above": 1024,
560
+ "type": "keyword"
561
+ },
562
+ "sha1": {
563
+ "ignore_above": 1024,
564
+ "type": "keyword"
565
+ },
566
+ "sha256": {
567
+ "ignore_above": 1024,
568
+ "type": "keyword"
569
+ },
570
+ "sha512": {
571
+ "ignore_above": 1024,
572
+ "type": "keyword"
573
+ },
574
+ "ssdeep": {
575
+ "ignore_above": 1024,
576
+ "type": "keyword"
577
+ }
578
+ }
579
+ },
580
+ "name": {
581
+ "ignore_above": 1024,
582
+ "type": "keyword"
583
+ },
584
+ "path": {
585
+ "ignore_above": 1024,
586
+ "type": "keyword"
587
+ },
588
+ "pe": {
589
+ "properties": {
590
+ "architecture": {
591
+ "ignore_above": 1024,
592
+ "type": "keyword"
593
+ },
594
+ "company": {
595
+ "ignore_above": 1024,
596
+ "type": "keyword"
597
+ },
598
+ "description": {
599
+ "ignore_above": 1024,
600
+ "type": "keyword"
601
+ },
602
+ "file_version": {
603
+ "ignore_above": 1024,
604
+ "type": "keyword"
605
+ },
606
+ "imphash": {
607
+ "ignore_above": 1024,
608
+ "type": "keyword"
609
+ },
610
+ "original_file_name": {
611
+ "ignore_above": 1024,
612
+ "type": "keyword"
613
+ },
614
+ "product": {
615
+ "ignore_above": 1024,
616
+ "type": "keyword"
617
+ }
618
+ }
619
+ }
620
+ }
621
+ },
622
+ "dns": {
623
+ "properties": {
624
+ "answers": {
625
+ "properties": {
626
+ "class": {
627
+ "ignore_above": 1024,
628
+ "type": "keyword"
629
+ },
630
+ "data": {
631
+ "ignore_above": 1024,
632
+ "type": "keyword"
633
+ },
634
+ "name": {
635
+ "ignore_above": 1024,
636
+ "type": "keyword"
637
+ },
638
+ "ttl": {
639
+ "type": "long"
640
+ },
641
+ "type": {
642
+ "ignore_above": 1024,
643
+ "type": "keyword"
644
+ }
645
+ },
646
+ "type": "object"
647
+ },
648
+ "header_flags": {
649
+ "ignore_above": 1024,
650
+ "type": "keyword"
651
+ },
652
+ "id": {
653
+ "ignore_above": 1024,
654
+ "type": "keyword"
655
+ },
656
+ "op_code": {
657
+ "ignore_above": 1024,
658
+ "type": "keyword"
659
+ },
660
+ "question": {
661
+ "properties": {
662
+ "class": {
663
+ "ignore_above": 1024,
664
+ "type": "keyword"
665
+ },
666
+ "name": {
667
+ "ignore_above": 1024,
668
+ "type": "keyword"
669
+ },
670
+ "registered_domain": {
671
+ "ignore_above": 1024,
672
+ "type": "keyword"
673
+ },
674
+ "subdomain": {
675
+ "ignore_above": 1024,
676
+ "type": "keyword"
677
+ },
678
+ "top_level_domain": {
679
+ "ignore_above": 1024,
680
+ "type": "keyword"
681
+ },
682
+ "type": {
683
+ "ignore_above": 1024,
684
+ "type": "keyword"
685
+ }
686
+ }
687
+ },
688
+ "resolved_ip": {
689
+ "type": "ip"
690
+ },
691
+ "response_code": {
692
+ "ignore_above": 1024,
693
+ "type": "keyword"
694
+ },
695
+ "type": {
696
+ "ignore_above": 1024,
697
+ "type": "keyword"
698
+ }
699
+ }
700
+ },
701
+ "ecs": {
702
+ "properties": {
703
+ "version": {
704
+ "ignore_above": 1024,
705
+ "type": "keyword"
706
+ }
707
+ }
708
+ },
709
+ "error": {
710
+ "properties": {
711
+ "code": {
712
+ "ignore_above": 1024,
713
+ "type": "keyword"
714
+ },
715
+ "id": {
716
+ "ignore_above": 1024,
717
+ "type": "keyword"
718
+ },
719
+ "message": {
720
+ "norms": false,
721
+ "type": "text"
722
+ },
723
+ "stack_trace": {
724
+ "doc_values": false,
725
+ "fields": {
726
+ "text": {
727
+ "norms": false,
728
+ "type": "text"
729
+ }
730
+ },
731
+ "ignore_above": 1024,
732
+ "index": false,
733
+ "type": "keyword"
734
+ },
735
+ "type": {
736
+ "ignore_above": 1024,
737
+ "type": "keyword"
738
+ }
739
+ }
740
+ },
741
+ "event": {
742
+ "properties": {
743
+ "action": {
744
+ "ignore_above": 1024,
745
+ "type": "keyword"
746
+ },
747
+ "category": {
748
+ "ignore_above": 1024,
749
+ "type": "keyword"
750
+ },
751
+ "code": {
752
+ "ignore_above": 1024,
753
+ "type": "keyword"
754
+ },
755
+ "created": {
756
+ "type": "date"
757
+ },
758
+ "dataset": {
759
+ "ignore_above": 1024,
760
+ "type": "keyword"
761
+ },
762
+ "duration": {
763
+ "type": "long"
764
+ },
765
+ "end": {
766
+ "type": "date"
767
+ },
768
+ "hash": {
769
+ "ignore_above": 1024,
770
+ "type": "keyword"
771
+ },
772
+ "id": {
773
+ "ignore_above": 1024,
774
+ "type": "keyword"
775
+ },
776
+ "ingested": {
777
+ "type": "date"
778
+ },
779
+ "kind": {
780
+ "ignore_above": 1024,
781
+ "type": "keyword"
782
+ },
783
+ "module": {
784
+ "ignore_above": 1024,
785
+ "type": "keyword"
786
+ },
787
+ "original": {
788
+ "doc_values": false,
789
+ "ignore_above": 1024,
790
+ "index": false,
791
+ "type": "keyword"
792
+ },
793
+ "outcome": {
794
+ "ignore_above": 1024,
795
+ "type": "keyword"
796
+ },
797
+ "provider": {
798
+ "ignore_above": 1024,
799
+ "type": "keyword"
800
+ },
801
+ "reason": {
802
+ "ignore_above": 1024,
803
+ "type": "keyword"
804
+ },
805
+ "reference": {
806
+ "ignore_above": 1024,
807
+ "type": "keyword"
808
+ },
809
+ "risk_score": {
810
+ "type": "float"
811
+ },
812
+ "risk_score_norm": {
813
+ "type": "float"
814
+ },
815
+ "sequence": {
816
+ "type": "long"
817
+ },
818
+ "severity": {
819
+ "type": "long"
820
+ },
821
+ "start": {
822
+ "type": "date"
823
+ },
824
+ "timezone": {
825
+ "ignore_above": 1024,
826
+ "type": "keyword"
827
+ },
828
+ "type": {
829
+ "ignore_above": 1024,
830
+ "type": "keyword"
831
+ },
832
+ "url": {
833
+ "ignore_above": 1024,
834
+ "type": "keyword"
835
+ }
836
+ }
837
+ },
838
+ "file": {
839
+ "properties": {
840
+ "accessed": {
841
+ "type": "date"
842
+ },
843
+ "attributes": {
844
+ "ignore_above": 1024,
845
+ "type": "keyword"
846
+ },
847
+ "code_signature": {
848
+ "properties": {
849
+ "exists": {
850
+ "type": "boolean"
851
+ },
852
+ "signing_id": {
853
+ "ignore_above": 1024,
854
+ "type": "keyword"
855
+ },
856
+ "status": {
857
+ "ignore_above": 1024,
858
+ "type": "keyword"
859
+ },
860
+ "subject_name": {
861
+ "ignore_above": 1024,
862
+ "type": "keyword"
863
+ },
864
+ "team_id": {
865
+ "ignore_above": 1024,
866
+ "type": "keyword"
867
+ },
868
+ "trusted": {
869
+ "type": "boolean"
870
+ },
871
+ "valid": {
872
+ "type": "boolean"
873
+ }
874
+ }
875
+ },
876
+ "created": {
877
+ "type": "date"
878
+ },
879
+ "ctime": {
880
+ "type": "date"
881
+ },
882
+ "device": {
883
+ "ignore_above": 1024,
884
+ "type": "keyword"
885
+ },
886
+ "directory": {
887
+ "ignore_above": 1024,
888
+ "type": "keyword"
889
+ },
890
+ "drive_letter": {
891
+ "ignore_above": 1,
892
+ "type": "keyword"
893
+ },
894
+ "extension": {
895
+ "ignore_above": 1024,
896
+ "type": "keyword"
897
+ },
898
+ "gid": {
899
+ "ignore_above": 1024,
900
+ "type": "keyword"
901
+ },
902
+ "group": {
903
+ "ignore_above": 1024,
904
+ "type": "keyword"
905
+ },
906
+ "hash": {
907
+ "properties": {
908
+ "md5": {
909
+ "ignore_above": 1024,
910
+ "type": "keyword"
911
+ },
912
+ "sha1": {
913
+ "ignore_above": 1024,
914
+ "type": "keyword"
915
+ },
916
+ "sha256": {
917
+ "ignore_above": 1024,
918
+ "type": "keyword"
919
+ },
920
+ "sha512": {
921
+ "ignore_above": 1024,
922
+ "type": "keyword"
923
+ },
924
+ "ssdeep": {
925
+ "ignore_above": 1024,
926
+ "type": "keyword"
927
+ }
928
+ }
929
+ },
930
+ "inode": {
931
+ "ignore_above": 1024,
932
+ "type": "keyword"
933
+ },
934
+ "mime_type": {
935
+ "ignore_above": 1024,
936
+ "type": "keyword"
937
+ },
938
+ "mode": {
939
+ "ignore_above": 1024,
940
+ "type": "keyword"
941
+ },
942
+ "mtime": {
943
+ "type": "date"
944
+ },
945
+ "name": {
946
+ "ignore_above": 1024,
947
+ "type": "keyword"
948
+ },
949
+ "owner": {
950
+ "ignore_above": 1024,
951
+ "type": "keyword"
952
+ },
953
+ "path": {
954
+ "fields": {
955
+ "text": {
956
+ "norms": false,
957
+ "type": "text"
958
+ }
959
+ },
960
+ "ignore_above": 1024,
961
+ "type": "keyword"
962
+ },
963
+ "pe": {
964
+ "properties": {
965
+ "architecture": {
966
+ "ignore_above": 1024,
967
+ "type": "keyword"
968
+ },
969
+ "company": {
970
+ "ignore_above": 1024,
971
+ "type": "keyword"
972
+ },
973
+ "description": {
974
+ "ignore_above": 1024,
975
+ "type": "keyword"
976
+ },
977
+ "file_version": {
978
+ "ignore_above": 1024,
979
+ "type": "keyword"
980
+ },
981
+ "imphash": {
982
+ "ignore_above": 1024,
983
+ "type": "keyword"
984
+ },
985
+ "original_file_name": {
986
+ "ignore_above": 1024,
987
+ "type": "keyword"
988
+ },
989
+ "product": {
990
+ "ignore_above": 1024,
991
+ "type": "keyword"
992
+ }
993
+ }
994
+ },
995
+ "size": {
996
+ "type": "long"
997
+ },
998
+ "target_path": {
999
+ "fields": {
1000
+ "text": {
1001
+ "norms": false,
1002
+ "type": "text"
1003
+ }
1004
+ },
1005
+ "ignore_above": 1024,
1006
+ "type": "keyword"
1007
+ },
1008
+ "type": {
1009
+ "ignore_above": 1024,
1010
+ "type": "keyword"
1011
+ },
1012
+ "uid": {
1013
+ "ignore_above": 1024,
1014
+ "type": "keyword"
1015
+ },
1016
+ "x509": {
1017
+ "properties": {
1018
+ "alternative_names": {
1019
+ "ignore_above": 1024,
1020
+ "type": "keyword"
1021
+ },
1022
+ "issuer": {
1023
+ "properties": {
1024
+ "common_name": {
1025
+ "ignore_above": 1024,
1026
+ "type": "keyword"
1027
+ },
1028
+ "country": {
1029
+ "ignore_above": 1024,
1030
+ "type": "keyword"
1031
+ },
1032
+ "distinguished_name": {
1033
+ "ignore_above": 1024,
1034
+ "type": "keyword"
1035
+ },
1036
+ "locality": {
1037
+ "ignore_above": 1024,
1038
+ "type": "keyword"
1039
+ },
1040
+ "organization": {
1041
+ "ignore_above": 1024,
1042
+ "type": "keyword"
1043
+ },
1044
+ "organizational_unit": {
1045
+ "ignore_above": 1024,
1046
+ "type": "keyword"
1047
+ },
1048
+ "state_or_province": {
1049
+ "ignore_above": 1024,
1050
+ "type": "keyword"
1051
+ }
1052
+ }
1053
+ },
1054
+ "not_after": {
1055
+ "type": "date"
1056
+ },
1057
+ "not_before": {
1058
+ "type": "date"
1059
+ },
1060
+ "public_key_algorithm": {
1061
+ "ignore_above": 1024,
1062
+ "type": "keyword"
1063
+ },
1064
+ "public_key_curve": {
1065
+ "ignore_above": 1024,
1066
+ "type": "keyword"
1067
+ },
1068
+ "public_key_exponent": {
1069
+ "doc_values": false,
1070
+ "index": false,
1071
+ "type": "long"
1072
+ },
1073
+ "public_key_size": {
1074
+ "type": "long"
1075
+ },
1076
+ "serial_number": {
1077
+ "ignore_above": 1024,
1078
+ "type": "keyword"
1079
+ },
1080
+ "signature_algorithm": {
1081
+ "ignore_above": 1024,
1082
+ "type": "keyword"
1083
+ },
1084
+ "subject": {
1085
+ "properties": {
1086
+ "common_name": {
1087
+ "ignore_above": 1024,
1088
+ "type": "keyword"
1089
+ },
1090
+ "country": {
1091
+ "ignore_above": 1024,
1092
+ "type": "keyword"
1093
+ },
1094
+ "distinguished_name": {
1095
+ "ignore_above": 1024,
1096
+ "type": "keyword"
1097
+ },
1098
+ "locality": {
1099
+ "ignore_above": 1024,
1100
+ "type": "keyword"
1101
+ },
1102
+ "organization": {
1103
+ "ignore_above": 1024,
1104
+ "type": "keyword"
1105
+ },
1106
+ "organizational_unit": {
1107
+ "ignore_above": 1024,
1108
+ "type": "keyword"
1109
+ },
1110
+ "state_or_province": {
1111
+ "ignore_above": 1024,
1112
+ "type": "keyword"
1113
+ }
1114
+ }
1115
+ },
1116
+ "version_number": {
1117
+ "ignore_above": 1024,
1118
+ "type": "keyword"
1119
+ }
1120
+ }
1121
+ }
1122
+ }
1123
+ },
1124
+ "group": {
1125
+ "properties": {
1126
+ "domain": {
1127
+ "ignore_above": 1024,
1128
+ "type": "keyword"
1129
+ },
1130
+ "id": {
1131
+ "ignore_above": 1024,
1132
+ "type": "keyword"
1133
+ },
1134
+ "name": {
1135
+ "ignore_above": 1024,
1136
+ "type": "keyword"
1137
+ }
1138
+ }
1139
+ },
1140
+ "host": {
1141
+ "properties": {
1142
+ "architecture": {
1143
+ "ignore_above": 1024,
1144
+ "type": "keyword"
1145
+ },
1146
+ "cpu": {
1147
+ "properties": {
1148
+ "usage": {
1149
+ "scaling_factor": 1000,
1150
+ "type": "scaled_float"
1151
+ }
1152
+ }
1153
+ },
1154
+ "disk": {
1155
+ "properties": {
1156
+ "read": {
1157
+ "properties": {
1158
+ "bytes": {
1159
+ "type": "long"
1160
+ }
1161
+ }
1162
+ },
1163
+ "write": {
1164
+ "properties": {
1165
+ "bytes": {
1166
+ "type": "long"
1167
+ }
1168
+ }
1169
+ }
1170
+ }
1171
+ },
1172
+ "domain": {
1173
+ "ignore_above": 1024,
1174
+ "type": "keyword"
1175
+ },
1176
+ "geo": {
1177
+ "properties": {
1178
+ "city_name": {
1179
+ "ignore_above": 1024,
1180
+ "type": "keyword"
1181
+ },
1182
+ "continent_code": {
1183
+ "ignore_above": 1024,
1184
+ "type": "keyword"
1185
+ },
1186
+ "continent_name": {
1187
+ "ignore_above": 1024,
1188
+ "type": "keyword"
1189
+ },
1190
+ "country_iso_code": {
1191
+ "ignore_above": 1024,
1192
+ "type": "keyword"
1193
+ },
1194
+ "country_name": {
1195
+ "ignore_above": 1024,
1196
+ "type": "keyword"
1197
+ },
1198
+ "location": {
1199
+ "type": "geo_point"
1200
+ },
1201
+ "name": {
1202
+ "ignore_above": 1024,
1203
+ "type": "keyword"
1204
+ },
1205
+ "postal_code": {
1206
+ "ignore_above": 1024,
1207
+ "type": "keyword"
1208
+ },
1209
+ "region_iso_code": {
1210
+ "ignore_above": 1024,
1211
+ "type": "keyword"
1212
+ },
1213
+ "region_name": {
1214
+ "ignore_above": 1024,
1215
+ "type": "keyword"
1216
+ },
1217
+ "timezone": {
1218
+ "ignore_above": 1024,
1219
+ "type": "keyword"
1220
+ }
1221
+ }
1222
+ },
1223
+ "hostname": {
1224
+ "ignore_above": 1024,
1225
+ "type": "keyword"
1226
+ },
1227
+ "id": {
1228
+ "ignore_above": 1024,
1229
+ "type": "keyword"
1230
+ },
1231
+ "ip": {
1232
+ "type": "ip"
1233
+ },
1234
+ "mac": {
1235
+ "ignore_above": 1024,
1236
+ "type": "keyword"
1237
+ },
1238
+ "name": {
1239
+ "ignore_above": 1024,
1240
+ "type": "keyword"
1241
+ },
1242
+ "network": {
1243
+ "properties": {
1244
+ "egress": {
1245
+ "properties": {
1246
+ "bytes": {
1247
+ "type": "long"
1248
+ },
1249
+ "packets": {
1250
+ "type": "long"
1251
+ }
1252
+ }
1253
+ },
1254
+ "ingress": {
1255
+ "properties": {
1256
+ "bytes": {
1257
+ "type": "long"
1258
+ },
1259
+ "packets": {
1260
+ "type": "long"
1261
+ }
1262
+ }
1263
+ }
1264
+ }
1265
+ },
1266
+ "os": {
1267
+ "properties": {
1268
+ "family": {
1269
+ "ignore_above": 1024,
1270
+ "type": "keyword"
1271
+ },
1272
+ "full": {
1273
+ "fields": {
1274
+ "text": {
1275
+ "norms": false,
1276
+ "type": "text"
1277
+ }
1278
+ },
1279
+ "ignore_above": 1024,
1280
+ "type": "keyword"
1281
+ },
1282
+ "kernel": {
1283
+ "ignore_above": 1024,
1284
+ "type": "keyword"
1285
+ },
1286
+ "name": {
1287
+ "fields": {
1288
+ "text": {
1289
+ "norms": false,
1290
+ "type": "text"
1291
+ }
1292
+ },
1293
+ "ignore_above": 1024,
1294
+ "type": "keyword"
1295
+ },
1296
+ "platform": {
1297
+ "ignore_above": 1024,
1298
+ "type": "keyword"
1299
+ },
1300
+ "type": {
1301
+ "ignore_above": 1024,
1302
+ "type": "keyword"
1303
+ },
1304
+ "version": {
1305
+ "ignore_above": 1024,
1306
+ "type": "keyword"
1307
+ }
1308
+ }
1309
+ },
1310
+ "type": {
1311
+ "ignore_above": 1024,
1312
+ "type": "keyword"
1313
+ },
1314
+ "uptime": {
1315
+ "type": "long"
1316
+ },
1317
+ "user": {
1318
+ "properties": {
1319
+ "domain": {
1320
+ "ignore_above": 1024,
1321
+ "type": "keyword"
1322
+ },
1323
+ "email": {
1324
+ "ignore_above": 1024,
1325
+ "type": "keyword"
1326
+ },
1327
+ "full_name": {
1328
+ "fields": {
1329
+ "text": {
1330
+ "norms": false,
1331
+ "type": "text"
1332
+ }
1333
+ },
1334
+ "ignore_above": 1024,
1335
+ "type": "keyword"
1336
+ },
1337
+ "group": {
1338
+ "properties": {
1339
+ "domain": {
1340
+ "ignore_above": 1024,
1341
+ "type": "keyword"
1342
+ },
1343
+ "id": {
1344
+ "ignore_above": 1024,
1345
+ "type": "keyword"
1346
+ },
1347
+ "name": {
1348
+ "ignore_above": 1024,
1349
+ "type": "keyword"
1350
+ }
1351
+ }
1352
+ },
1353
+ "hash": {
1354
+ "ignore_above": 1024,
1355
+ "type": "keyword"
1356
+ },
1357
+ "id": {
1358
+ "ignore_above": 1024,
1359
+ "type": "keyword"
1360
+ },
1361
+ "name": {
1362
+ "fields": {
1363
+ "text": {
1364
+ "norms": false,
1365
+ "type": "text"
1366
+ }
1367
+ },
1368
+ "ignore_above": 1024,
1369
+ "type": "keyword"
1370
+ },
1371
+ "roles": {
1372
+ "ignore_above": 1024,
1373
+ "type": "keyword"
1374
+ }
1375
+ }
1376
+ }
1377
+ }
1378
+ },
1379
+ "http": {
1380
+ "properties": {
1381
+ "request": {
1382
+ "properties": {
1383
+ "body": {
1384
+ "properties": {
1385
+ "bytes": {
1386
+ "type": "long"
1387
+ },
1388
+ "content": {
1389
+ "fields": {
1390
+ "text": {
1391
+ "norms": false,
1392
+ "type": "text"
1393
+ }
1394
+ },
1395
+ "ignore_above": 1024,
1396
+ "type": "keyword"
1397
+ }
1398
+ }
1399
+ },
1400
+ "bytes": {
1401
+ "type": "long"
1402
+ },
1403
+ "id": {
1404
+ "ignore_above": 1024,
1405
+ "type": "keyword"
1406
+ },
1407
+ "method": {
1408
+ "ignore_above": 1024,
1409
+ "type": "keyword"
1410
+ },
1411
+ "mime_type": {
1412
+ "ignore_above": 1024,
1413
+ "type": "keyword"
1414
+ },
1415
+ "referrer": {
1416
+ "ignore_above": 1024,
1417
+ "type": "keyword"
1418
+ }
1419
+ }
1420
+ },
1421
+ "response": {
1422
+ "properties": {
1423
+ "body": {
1424
+ "properties": {
1425
+ "bytes": {
1426
+ "type": "long"
1427
+ },
1428
+ "content": {
1429
+ "fields": {
1430
+ "text": {
1431
+ "norms": false,
1432
+ "type": "text"
1433
+ }
1434
+ },
1435
+ "ignore_above": 1024,
1436
+ "type": "keyword"
1437
+ }
1438
+ }
1439
+ },
1440
+ "bytes": {
1441
+ "type": "long"
1442
+ },
1443
+ "mime_type": {
1444
+ "ignore_above": 1024,
1445
+ "type": "keyword"
1446
+ },
1447
+ "status_code": {
1448
+ "type": "long"
1449
+ }
1450
+ }
1451
+ },
1452
+ "version": {
1453
+ "ignore_above": 1024,
1454
+ "type": "keyword"
1455
+ }
1456
+ }
1457
+ },
1458
+ "labels": {
1459
+ "type": "object"
1460
+ },
1461
+ "log": {
1462
+ "properties": {
1463
+ "file": {
1464
+ "properties": {
1465
+ "path": {
1466
+ "ignore_above": 1024,
1467
+ "type": "keyword"
1468
+ }
1469
+ }
1470
+ },
1471
+ "level": {
1472
+ "ignore_above": 1024,
1473
+ "type": "keyword"
1474
+ },
1475
+ "logger": {
1476
+ "ignore_above": 1024,
1477
+ "type": "keyword"
1478
+ },
1479
+ "origin": {
1480
+ "properties": {
1481
+ "file": {
1482
+ "properties": {
1483
+ "line": {
1484
+ "type": "integer"
1485
+ },
1486
+ "name": {
1487
+ "ignore_above": 1024,
1488
+ "type": "keyword"
1489
+ }
1490
+ }
1491
+ },
1492
+ "function": {
1493
+ "ignore_above": 1024,
1494
+ "type": "keyword"
1495
+ }
1496
+ }
1497
+ },
1498
+ "original": {
1499
+ "doc_values": false,
1500
+ "ignore_above": 1024,
1501
+ "index": false,
1502
+ "type": "keyword"
1503
+ },
1504
+ "syslog": {
1505
+ "properties": {
1506
+ "facility": {
1507
+ "properties": {
1508
+ "code": {
1509
+ "type": "long"
1510
+ },
1511
+ "name": {
1512
+ "ignore_above": 1024,
1513
+ "type": "keyword"
1514
+ }
1515
+ }
1516
+ },
1517
+ "priority": {
1518
+ "type": "long"
1519
+ },
1520
+ "severity": {
1521
+ "properties": {
1522
+ "code": {
1523
+ "type": "long"
1524
+ },
1525
+ "name": {
1526
+ "ignore_above": 1024,
1527
+ "type": "keyword"
1528
+ }
1529
+ }
1530
+ }
1531
+ },
1532
+ "type": "object"
1533
+ }
1534
+ }
1535
+ },
1536
+ "message": {
1537
+ "norms": false,
1538
+ "type": "text"
1539
+ },
1540
+ "network": {
1541
+ "properties": {
1542
+ "application": {
1543
+ "ignore_above": 1024,
1544
+ "type": "keyword"
1545
+ },
1546
+ "bytes": {
1547
+ "type": "long"
1548
+ },
1549
+ "community_id": {
1550
+ "ignore_above": 1024,
1551
+ "type": "keyword"
1552
+ },
1553
+ "direction": {
1554
+ "ignore_above": 1024,
1555
+ "type": "keyword"
1556
+ },
1557
+ "forwarded_ip": {
1558
+ "type": "ip"
1559
+ },
1560
+ "iana_number": {
1561
+ "ignore_above": 1024,
1562
+ "type": "keyword"
1563
+ },
1564
+ "inner": {
1565
+ "properties": {
1566
+ "vlan": {
1567
+ "properties": {
1568
+ "id": {
1569
+ "ignore_above": 1024,
1570
+ "type": "keyword"
1571
+ },
1572
+ "name": {
1573
+ "ignore_above": 1024,
1574
+ "type": "keyword"
1575
+ }
1576
+ }
1577
+ }
1578
+ },
1579
+ "type": "object"
1580
+ },
1581
+ "name": {
1582
+ "ignore_above": 1024,
1583
+ "type": "keyword"
1584
+ },
1585
+ "packets": {
1586
+ "type": "long"
1587
+ },
1588
+ "protocol": {
1589
+ "ignore_above": 1024,
1590
+ "type": "keyword"
1591
+ },
1592
+ "transport": {
1593
+ "ignore_above": 1024,
1594
+ "type": "keyword"
1595
+ },
1596
+ "type": {
1597
+ "ignore_above": 1024,
1598
+ "type": "keyword"
1599
+ },
1600
+ "vlan": {
1601
+ "properties": {
1602
+ "id": {
1603
+ "ignore_above": 1024,
1604
+ "type": "keyword"
1605
+ },
1606
+ "name": {
1607
+ "ignore_above": 1024,
1608
+ "type": "keyword"
1609
+ }
1610
+ }
1611
+ }
1612
+ }
1613
+ },
1614
+ "observer": {
1615
+ "properties": {
1616
+ "egress": {
1617
+ "properties": {
1618
+ "interface": {
1619
+ "properties": {
1620
+ "alias": {
1621
+ "ignore_above": 1024,
1622
+ "type": "keyword"
1623
+ },
1624
+ "id": {
1625
+ "ignore_above": 1024,
1626
+ "type": "keyword"
1627
+ },
1628
+ "name": {
1629
+ "ignore_above": 1024,
1630
+ "type": "keyword"
1631
+ }
1632
+ }
1633
+ },
1634
+ "vlan": {
1635
+ "properties": {
1636
+ "id": {
1637
+ "ignore_above": 1024,
1638
+ "type": "keyword"
1639
+ },
1640
+ "name": {
1641
+ "ignore_above": 1024,
1642
+ "type": "keyword"
1643
+ }
1644
+ }
1645
+ },
1646
+ "zone": {
1647
+ "ignore_above": 1024,
1648
+ "type": "keyword"
1649
+ }
1650
+ },
1651
+ "type": "object"
1652
+ },
1653
+ "geo": {
1654
+ "properties": {
1655
+ "city_name": {
1656
+ "ignore_above": 1024,
1657
+ "type": "keyword"
1658
+ },
1659
+ "continent_code": {
1660
+ "ignore_above": 1024,
1661
+ "type": "keyword"
1662
+ },
1663
+ "continent_name": {
1664
+ "ignore_above": 1024,
1665
+ "type": "keyword"
1666
+ },
1667
+ "country_iso_code": {
1668
+ "ignore_above": 1024,
1669
+ "type": "keyword"
1670
+ },
1671
+ "country_name": {
1672
+ "ignore_above": 1024,
1673
+ "type": "keyword"
1674
+ },
1675
+ "location": {
1676
+ "type": "geo_point"
1677
+ },
1678
+ "name": {
1679
+ "ignore_above": 1024,
1680
+ "type": "keyword"
1681
+ },
1682
+ "postal_code": {
1683
+ "ignore_above": 1024,
1684
+ "type": "keyword"
1685
+ },
1686
+ "region_iso_code": {
1687
+ "ignore_above": 1024,
1688
+ "type": "keyword"
1689
+ },
1690
+ "region_name": {
1691
+ "ignore_above": 1024,
1692
+ "type": "keyword"
1693
+ },
1694
+ "timezone": {
1695
+ "ignore_above": 1024,
1696
+ "type": "keyword"
1697
+ }
1698
+ }
1699
+ },
1700
+ "hostname": {
1701
+ "ignore_above": 1024,
1702
+ "type": "keyword"
1703
+ },
1704
+ "ingress": {
1705
+ "properties": {
1706
+ "interface": {
1707
+ "properties": {
1708
+ "alias": {
1709
+ "ignore_above": 1024,
1710
+ "type": "keyword"
1711
+ },
1712
+ "id": {
1713
+ "ignore_above": 1024,
1714
+ "type": "keyword"
1715
+ },
1716
+ "name": {
1717
+ "ignore_above": 1024,
1718
+ "type": "keyword"
1719
+ }
1720
+ }
1721
+ },
1722
+ "vlan": {
1723
+ "properties": {
1724
+ "id": {
1725
+ "ignore_above": 1024,
1726
+ "type": "keyword"
1727
+ },
1728
+ "name": {
1729
+ "ignore_above": 1024,
1730
+ "type": "keyword"
1731
+ }
1732
+ }
1733
+ },
1734
+ "zone": {
1735
+ "ignore_above": 1024,
1736
+ "type": "keyword"
1737
+ }
1738
+ },
1739
+ "type": "object"
1740
+ },
1741
+ "ip": {
1742
+ "type": "ip"
1743
+ },
1744
+ "mac": {
1745
+ "ignore_above": 1024,
1746
+ "type": "keyword"
1747
+ },
1748
+ "name": {
1749
+ "ignore_above": 1024,
1750
+ "type": "keyword"
1751
+ },
1752
+ "os": {
1753
+ "properties": {
1754
+ "family": {
1755
+ "ignore_above": 1024,
1756
+ "type": "keyword"
1757
+ },
1758
+ "full": {
1759
+ "fields": {
1760
+ "text": {
1761
+ "norms": false,
1762
+ "type": "text"
1763
+ }
1764
+ },
1765
+ "ignore_above": 1024,
1766
+ "type": "keyword"
1767
+ },
1768
+ "kernel": {
1769
+ "ignore_above": 1024,
1770
+ "type": "keyword"
1771
+ },
1772
+ "name": {
1773
+ "fields": {
1774
+ "text": {
1775
+ "norms": false,
1776
+ "type": "text"
1777
+ }
1778
+ },
1779
+ "ignore_above": 1024,
1780
+ "type": "keyword"
1781
+ },
1782
+ "platform": {
1783
+ "ignore_above": 1024,
1784
+ "type": "keyword"
1785
+ },
1786
+ "type": {
1787
+ "ignore_above": 1024,
1788
+ "type": "keyword"
1789
+ },
1790
+ "version": {
1791
+ "ignore_above": 1024,
1792
+ "type": "keyword"
1793
+ }
1794
+ }
1795
+ },
1796
+ "product": {
1797
+ "ignore_above": 1024,
1798
+ "type": "keyword"
1799
+ },
1800
+ "serial_number": {
1801
+ "ignore_above": 1024,
1802
+ "type": "keyword"
1803
+ },
1804
+ "type": {
1805
+ "ignore_above": 1024,
1806
+ "type": "keyword"
1807
+ },
1808
+ "vendor": {
1809
+ "ignore_above": 1024,
1810
+ "type": "keyword"
1811
+ },
1812
+ "version": {
1813
+ "ignore_above": 1024,
1814
+ "type": "keyword"
1815
+ }
1816
+ }
1817
+ },
1818
+ "orchestrator": {
1819
+ "properties": {
1820
+ "api_version": {
1821
+ "ignore_above": 1024,
1822
+ "type": "keyword"
1823
+ },
1824
+ "cluster": {
1825
+ "properties": {
1826
+ "name": {
1827
+ "ignore_above": 1024,
1828
+ "type": "keyword"
1829
+ },
1830
+ "url": {
1831
+ "ignore_above": 1024,
1832
+ "type": "keyword"
1833
+ },
1834
+ "version": {
1835
+ "ignore_above": 1024,
1836
+ "type": "keyword"
1837
+ }
1838
+ }
1839
+ },
1840
+ "namespace": {
1841
+ "ignore_above": 1024,
1842
+ "type": "keyword"
1843
+ },
1844
+ "organization": {
1845
+ "ignore_above": 1024,
1846
+ "type": "keyword"
1847
+ },
1848
+ "resource": {
1849
+ "properties": {
1850
+ "name": {
1851
+ "ignore_above": 1024,
1852
+ "type": "keyword"
1853
+ },
1854
+ "type": {
1855
+ "ignore_above": 1024,
1856
+ "type": "keyword"
1857
+ }
1858
+ }
1859
+ },
1860
+ "type": {
1861
+ "ignore_above": 1024,
1862
+ "type": "keyword"
1863
+ }
1864
+ }
1865
+ },
1866
+ "organization": {
1867
+ "properties": {
1868
+ "id": {
1869
+ "ignore_above": 1024,
1870
+ "type": "keyword"
1871
+ },
1872
+ "name": {
1873
+ "fields": {
1874
+ "text": {
1875
+ "norms": false,
1876
+ "type": "text"
1877
+ }
1878
+ },
1879
+ "ignore_above": 1024,
1880
+ "type": "keyword"
1881
+ }
1882
+ }
1883
+ },
1884
+ "package": {
1885
+ "properties": {
1886
+ "architecture": {
1887
+ "ignore_above": 1024,
1888
+ "type": "keyword"
1889
+ },
1890
+ "build_version": {
1891
+ "ignore_above": 1024,
1892
+ "type": "keyword"
1893
+ },
1894
+ "checksum": {
1895
+ "ignore_above": 1024,
1896
+ "type": "keyword"
1897
+ },
1898
+ "description": {
1899
+ "ignore_above": 1024,
1900
+ "type": "keyword"
1901
+ },
1902
+ "install_scope": {
1903
+ "ignore_above": 1024,
1904
+ "type": "keyword"
1905
+ },
1906
+ "installed": {
1907
+ "type": "date"
1908
+ },
1909
+ "license": {
1910
+ "ignore_above": 1024,
1911
+ "type": "keyword"
1912
+ },
1913
+ "name": {
1914
+ "ignore_above": 1024,
1915
+ "type": "keyword"
1916
+ },
1917
+ "path": {
1918
+ "ignore_above": 1024,
1919
+ "type": "keyword"
1920
+ },
1921
+ "reference": {
1922
+ "ignore_above": 1024,
1923
+ "type": "keyword"
1924
+ },
1925
+ "size": {
1926
+ "type": "long"
1927
+ },
1928
+ "type": {
1929
+ "ignore_above": 1024,
1930
+ "type": "keyword"
1931
+ },
1932
+ "version": {
1933
+ "ignore_above": 1024,
1934
+ "type": "keyword"
1935
+ }
1936
+ }
1937
+ },
1938
+ "process": {
1939
+ "properties": {
1940
+ "args": {
1941
+ "ignore_above": 1024,
1942
+ "type": "keyword"
1943
+ },
1944
+ "args_count": {
1945
+ "type": "long"
1946
+ },
1947
+ "code_signature": {
1948
+ "properties": {
1949
+ "exists": {
1950
+ "type": "boolean"
1951
+ },
1952
+ "signing_id": {
1953
+ "ignore_above": 1024,
1954
+ "type": "keyword"
1955
+ },
1956
+ "status": {
1957
+ "ignore_above": 1024,
1958
+ "type": "keyword"
1959
+ },
1960
+ "subject_name": {
1961
+ "ignore_above": 1024,
1962
+ "type": "keyword"
1963
+ },
1964
+ "team_id": {
1965
+ "ignore_above": 1024,
1966
+ "type": "keyword"
1967
+ },
1968
+ "trusted": {
1969
+ "type": "boolean"
1970
+ },
1971
+ "valid": {
1972
+ "type": "boolean"
1973
+ }
1974
+ }
1975
+ },
1976
+ "command_line": {
1977
+ "fields": {
1978
+ "text": {
1979
+ "norms": false,
1980
+ "type": "text"
1981
+ }
1982
+ },
1983
+ "ignore_above": 1024,
1984
+ "type": "keyword"
1985
+ },
1986
+ "entity_id": {
1987
+ "ignore_above": 1024,
1988
+ "type": "keyword"
1989
+ },
1990
+ "executable": {
1991
+ "fields": {
1992
+ "text": {
1993
+ "norms": false,
1994
+ "type": "text"
1995
+ }
1996
+ },
1997
+ "ignore_above": 1024,
1998
+ "type": "keyword"
1999
+ },
2000
+ "exit_code": {
2001
+ "type": "long"
2002
+ },
2003
+ "hash": {
2004
+ "properties": {
2005
+ "md5": {
2006
+ "ignore_above": 1024,
2007
+ "type": "keyword"
2008
+ },
2009
+ "sha1": {
2010
+ "ignore_above": 1024,
2011
+ "type": "keyword"
2012
+ },
2013
+ "sha256": {
2014
+ "ignore_above": 1024,
2015
+ "type": "keyword"
2016
+ },
2017
+ "sha512": {
2018
+ "ignore_above": 1024,
2019
+ "type": "keyword"
2020
+ },
2021
+ "ssdeep": {
2022
+ "ignore_above": 1024,
2023
+ "type": "keyword"
2024
+ }
2025
+ }
2026
+ },
2027
+ "name": {
2028
+ "fields": {
2029
+ "text": {
2030
+ "norms": false,
2031
+ "type": "text"
2032
+ }
2033
+ },
2034
+ "ignore_above": 1024,
2035
+ "type": "keyword"
2036
+ },
2037
+ "parent": {
2038
+ "properties": {
2039
+ "args": {
2040
+ "ignore_above": 1024,
2041
+ "type": "keyword"
2042
+ },
2043
+ "args_count": {
2044
+ "type": "long"
2045
+ },
2046
+ "code_signature": {
2047
+ "properties": {
2048
+ "exists": {
2049
+ "type": "boolean"
2050
+ },
2051
+ "signing_id": {
2052
+ "ignore_above": 1024,
2053
+ "type": "keyword"
2054
+ },
2055
+ "status": {
2056
+ "ignore_above": 1024,
2057
+ "type": "keyword"
2058
+ },
2059
+ "subject_name": {
2060
+ "ignore_above": 1024,
2061
+ "type": "keyword"
2062
+ },
2063
+ "team_id": {
2064
+ "ignore_above": 1024,
2065
+ "type": "keyword"
2066
+ },
2067
+ "trusted": {
2068
+ "type": "boolean"
2069
+ },
2070
+ "valid": {
2071
+ "type": "boolean"
2072
+ }
2073
+ }
2074
+ },
2075
+ "command_line": {
2076
+ "fields": {
2077
+ "text": {
2078
+ "norms": false,
2079
+ "type": "text"
2080
+ }
2081
+ },
2082
+ "ignore_above": 1024,
2083
+ "type": "keyword"
2084
+ },
2085
+ "entity_id": {
2086
+ "ignore_above": 1024,
2087
+ "type": "keyword"
2088
+ },
2089
+ "executable": {
2090
+ "fields": {
2091
+ "text": {
2092
+ "norms": false,
2093
+ "type": "text"
2094
+ }
2095
+ },
2096
+ "ignore_above": 1024,
2097
+ "type": "keyword"
2098
+ },
2099
+ "exit_code": {
2100
+ "type": "long"
2101
+ },
2102
+ "hash": {
2103
+ "properties": {
2104
+ "md5": {
2105
+ "ignore_above": 1024,
2106
+ "type": "keyword"
2107
+ },
2108
+ "sha1": {
2109
+ "ignore_above": 1024,
2110
+ "type": "keyword"
2111
+ },
2112
+ "sha256": {
2113
+ "ignore_above": 1024,
2114
+ "type": "keyword"
2115
+ },
2116
+ "sha512": {
2117
+ "ignore_above": 1024,
2118
+ "type": "keyword"
2119
+ },
2120
+ "ssdeep": {
2121
+ "ignore_above": 1024,
2122
+ "type": "keyword"
2123
+ }
2124
+ }
2125
+ },
2126
+ "name": {
2127
+ "fields": {
2128
+ "text": {
2129
+ "norms": false,
2130
+ "type": "text"
2131
+ }
2132
+ },
2133
+ "ignore_above": 1024,
2134
+ "type": "keyword"
2135
+ },
2136
+ "pe": {
2137
+ "properties": {
2138
+ "architecture": {
2139
+ "ignore_above": 1024,
2140
+ "type": "keyword"
2141
+ },
2142
+ "company": {
2143
+ "ignore_above": 1024,
2144
+ "type": "keyword"
2145
+ },
2146
+ "description": {
2147
+ "ignore_above": 1024,
2148
+ "type": "keyword"
2149
+ },
2150
+ "file_version": {
2151
+ "ignore_above": 1024,
2152
+ "type": "keyword"
2153
+ },
2154
+ "imphash": {
2155
+ "ignore_above": 1024,
2156
+ "type": "keyword"
2157
+ },
2158
+ "original_file_name": {
2159
+ "ignore_above": 1024,
2160
+ "type": "keyword"
2161
+ },
2162
+ "product": {
2163
+ "ignore_above": 1024,
2164
+ "type": "keyword"
2165
+ }
2166
+ }
2167
+ },
2168
+ "pgid": {
2169
+ "type": "long"
2170
+ },
2171
+ "pid": {
2172
+ "type": "long"
2173
+ },
2174
+ "ppid": {
2175
+ "type": "long"
2176
+ },
2177
+ "start": {
2178
+ "type": "date"
2179
+ },
2180
+ "thread": {
2181
+ "properties": {
2182
+ "id": {
2183
+ "type": "long"
2184
+ },
2185
+ "name": {
2186
+ "ignore_above": 1024,
2187
+ "type": "keyword"
2188
+ }
2189
+ }
2190
+ },
2191
+ "title": {
2192
+ "fields": {
2193
+ "text": {
2194
+ "norms": false,
2195
+ "type": "text"
2196
+ }
2197
+ },
2198
+ "ignore_above": 1024,
2199
+ "type": "keyword"
2200
+ },
2201
+ "uptime": {
2202
+ "type": "long"
2203
+ },
2204
+ "working_directory": {
2205
+ "fields": {
2206
+ "text": {
2207
+ "norms": false,
2208
+ "type": "text"
2209
+ }
2210
+ },
2211
+ "ignore_above": 1024,
2212
+ "type": "keyword"
2213
+ }
2214
+ }
2215
+ },
2216
+ "pe": {
2217
+ "properties": {
2218
+ "architecture": {
2219
+ "ignore_above": 1024,
2220
+ "type": "keyword"
2221
+ },
2222
+ "company": {
2223
+ "ignore_above": 1024,
2224
+ "type": "keyword"
2225
+ },
2226
+ "description": {
2227
+ "ignore_above": 1024,
2228
+ "type": "keyword"
2229
+ },
2230
+ "file_version": {
2231
+ "ignore_above": 1024,
2232
+ "type": "keyword"
2233
+ },
2234
+ "imphash": {
2235
+ "ignore_above": 1024,
2236
+ "type": "keyword"
2237
+ },
2238
+ "original_file_name": {
2239
+ "ignore_above": 1024,
2240
+ "type": "keyword"
2241
+ },
2242
+ "product": {
2243
+ "ignore_above": 1024,
2244
+ "type": "keyword"
2245
+ }
2246
+ }
2247
+ },
2248
+ "pgid": {
2249
+ "type": "long"
2250
+ },
2251
+ "pid": {
2252
+ "type": "long"
2253
+ },
2254
+ "ppid": {
2255
+ "type": "long"
2256
+ },
2257
+ "start": {
2258
+ "type": "date"
2259
+ },
2260
+ "thread": {
2261
+ "properties": {
2262
+ "id": {
2263
+ "type": "long"
2264
+ },
2265
+ "name": {
2266
+ "ignore_above": 1024,
2267
+ "type": "keyword"
2268
+ }
2269
+ }
2270
+ },
2271
+ "title": {
2272
+ "fields": {
2273
+ "text": {
2274
+ "norms": false,
2275
+ "type": "text"
2276
+ }
2277
+ },
2278
+ "ignore_above": 1024,
2279
+ "type": "keyword"
2280
+ },
2281
+ "uptime": {
2282
+ "type": "long"
2283
+ },
2284
+ "working_directory": {
2285
+ "fields": {
2286
+ "text": {
2287
+ "norms": false,
2288
+ "type": "text"
2289
+ }
2290
+ },
2291
+ "ignore_above": 1024,
2292
+ "type": "keyword"
2293
+ }
2294
+ }
2295
+ },
2296
+ "registry": {
2297
+ "properties": {
2298
+ "data": {
2299
+ "properties": {
2300
+ "bytes": {
2301
+ "ignore_above": 1024,
2302
+ "type": "keyword"
2303
+ },
2304
+ "strings": {
2305
+ "ignore_above": 1024,
2306
+ "type": "keyword"
2307
+ },
2308
+ "type": {
2309
+ "ignore_above": 1024,
2310
+ "type": "keyword"
2311
+ }
2312
+ }
2313
+ },
2314
+ "hive": {
2315
+ "ignore_above": 1024,
2316
+ "type": "keyword"
2317
+ },
2318
+ "key": {
2319
+ "ignore_above": 1024,
2320
+ "type": "keyword"
2321
+ },
2322
+ "path": {
2323
+ "ignore_above": 1024,
2324
+ "type": "keyword"
2325
+ },
2326
+ "value": {
2327
+ "ignore_above": 1024,
2328
+ "type": "keyword"
2329
+ }
2330
+ }
2331
+ },
2332
+ "related": {
2333
+ "properties": {
2334
+ "hash": {
2335
+ "ignore_above": 1024,
2336
+ "type": "keyword"
2337
+ },
2338
+ "hosts": {
2339
+ "ignore_above": 1024,
2340
+ "type": "keyword"
2341
+ },
2342
+ "ip": {
2343
+ "type": "ip"
2344
+ },
2345
+ "user": {
2346
+ "ignore_above": 1024,
2347
+ "type": "keyword"
2348
+ }
2349
+ }
2350
+ },
2351
+ "rule": {
2352
+ "properties": {
2353
+ "author": {
2354
+ "ignore_above": 1024,
2355
+ "type": "keyword"
2356
+ },
2357
+ "category": {
2358
+ "ignore_above": 1024,
2359
+ "type": "keyword"
2360
+ },
2361
+ "description": {
2362
+ "ignore_above": 1024,
2363
+ "type": "keyword"
2364
+ },
2365
+ "id": {
2366
+ "ignore_above": 1024,
2367
+ "type": "keyword"
2368
+ },
2369
+ "license": {
2370
+ "ignore_above": 1024,
2371
+ "type": "keyword"
2372
+ },
2373
+ "name": {
2374
+ "ignore_above": 1024,
2375
+ "type": "keyword"
2376
+ },
2377
+ "reference": {
2378
+ "ignore_above": 1024,
2379
+ "type": "keyword"
2380
+ },
2381
+ "ruleset": {
2382
+ "ignore_above": 1024,
2383
+ "type": "keyword"
2384
+ },
2385
+ "uuid": {
2386
+ "ignore_above": 1024,
2387
+ "type": "keyword"
2388
+ },
2389
+ "version": {
2390
+ "ignore_above": 1024,
2391
+ "type": "keyword"
2392
+ }
2393
+ }
2394
+ },
2395
+ "server": {
2396
+ "properties": {
2397
+ "address": {
2398
+ "ignore_above": 1024,
2399
+ "type": "keyword"
2400
+ },
2401
+ "as": {
2402
+ "properties": {
2403
+ "number": {
2404
+ "type": "long"
2405
+ },
2406
+ "organization": {
2407
+ "properties": {
2408
+ "name": {
2409
+ "fields": {
2410
+ "text": {
2411
+ "norms": false,
2412
+ "type": "text"
2413
+ }
2414
+ },
2415
+ "ignore_above": 1024,
2416
+ "type": "keyword"
2417
+ }
2418
+ }
2419
+ }
2420
+ }
2421
+ },
2422
+ "bytes": {
2423
+ "type": "long"
2424
+ },
2425
+ "domain": {
2426
+ "ignore_above": 1024,
2427
+ "type": "keyword"
2428
+ },
2429
+ "geo": {
2430
+ "properties": {
2431
+ "city_name": {
2432
+ "ignore_above": 1024,
2433
+ "type": "keyword"
2434
+ },
2435
+ "continent_code": {
2436
+ "ignore_above": 1024,
2437
+ "type": "keyword"
2438
+ },
2439
+ "continent_name": {
2440
+ "ignore_above": 1024,
2441
+ "type": "keyword"
2442
+ },
2443
+ "country_iso_code": {
2444
+ "ignore_above": 1024,
2445
+ "type": "keyword"
2446
+ },
2447
+ "country_name": {
2448
+ "ignore_above": 1024,
2449
+ "type": "keyword"
2450
+ },
2451
+ "location": {
2452
+ "type": "geo_point"
2453
+ },
2454
+ "name": {
2455
+ "ignore_above": 1024,
2456
+ "type": "keyword"
2457
+ },
2458
+ "postal_code": {
2459
+ "ignore_above": 1024,
2460
+ "type": "keyword"
2461
+ },
2462
+ "region_iso_code": {
2463
+ "ignore_above": 1024,
2464
+ "type": "keyword"
2465
+ },
2466
+ "region_name": {
2467
+ "ignore_above": 1024,
2468
+ "type": "keyword"
2469
+ },
2470
+ "timezone": {
2471
+ "ignore_above": 1024,
2472
+ "type": "keyword"
2473
+ }
2474
+ }
2475
+ },
2476
+ "ip": {
2477
+ "type": "ip"
2478
+ },
2479
+ "mac": {
2480
+ "ignore_above": 1024,
2481
+ "type": "keyword"
2482
+ },
2483
+ "nat": {
2484
+ "properties": {
2485
+ "ip": {
2486
+ "type": "ip"
2487
+ },
2488
+ "port": {
2489
+ "type": "long"
2490
+ }
2491
+ }
2492
+ },
2493
+ "packets": {
2494
+ "type": "long"
2495
+ },
2496
+ "port": {
2497
+ "type": "long"
2498
+ },
2499
+ "registered_domain": {
2500
+ "ignore_above": 1024,
2501
+ "type": "keyword"
2502
+ },
2503
+ "subdomain": {
2504
+ "ignore_above": 1024,
2505
+ "type": "keyword"
2506
+ },
2507
+ "top_level_domain": {
2508
+ "ignore_above": 1024,
2509
+ "type": "keyword"
2510
+ },
2511
+ "user": {
2512
+ "properties": {
2513
+ "domain": {
2514
+ "ignore_above": 1024,
2515
+ "type": "keyword"
2516
+ },
2517
+ "email": {
2518
+ "ignore_above": 1024,
2519
+ "type": "keyword"
2520
+ },
2521
+ "full_name": {
2522
+ "fields": {
2523
+ "text": {
2524
+ "norms": false,
2525
+ "type": "text"
2526
+ }
2527
+ },
2528
+ "ignore_above": 1024,
2529
+ "type": "keyword"
2530
+ },
2531
+ "group": {
2532
+ "properties": {
2533
+ "domain": {
2534
+ "ignore_above": 1024,
2535
+ "type": "keyword"
2536
+ },
2537
+ "id": {
2538
+ "ignore_above": 1024,
2539
+ "type": "keyword"
2540
+ },
2541
+ "name": {
2542
+ "ignore_above": 1024,
2543
+ "type": "keyword"
2544
+ }
2545
+ }
2546
+ },
2547
+ "hash": {
2548
+ "ignore_above": 1024,
2549
+ "type": "keyword"
2550
+ },
2551
+ "id": {
2552
+ "ignore_above": 1024,
2553
+ "type": "keyword"
2554
+ },
2555
+ "name": {
2556
+ "fields": {
2557
+ "text": {
2558
+ "norms": false,
2559
+ "type": "text"
2560
+ }
2561
+ },
2562
+ "ignore_above": 1024,
2563
+ "type": "keyword"
2564
+ },
2565
+ "roles": {
2566
+ "ignore_above": 1024,
2567
+ "type": "keyword"
2568
+ }
2569
+ }
2570
+ }
2571
+ }
2572
+ },
2573
+ "service": {
2574
+ "properties": {
2575
+ "ephemeral_id": {
2576
+ "ignore_above": 1024,
2577
+ "type": "keyword"
2578
+ },
2579
+ "id": {
2580
+ "ignore_above": 1024,
2581
+ "type": "keyword"
2582
+ },
2583
+ "name": {
2584
+ "ignore_above": 1024,
2585
+ "type": "keyword"
2586
+ },
2587
+ "node": {
2588
+ "properties": {
2589
+ "name": {
2590
+ "ignore_above": 1024,
2591
+ "type": "keyword"
2592
+ }
2593
+ }
2594
+ },
2595
+ "state": {
2596
+ "ignore_above": 1024,
2597
+ "type": "keyword"
2598
+ },
2599
+ "type": {
2600
+ "ignore_above": 1024,
2601
+ "type": "keyword"
2602
+ },
2603
+ "version": {
2604
+ "ignore_above": 1024,
2605
+ "type": "keyword"
2606
+ }
2607
+ }
2608
+ },
2609
+ "source": {
2610
+ "properties": {
2611
+ "address": {
2612
+ "ignore_above": 1024,
2613
+ "type": "keyword"
2614
+ },
2615
+ "as": {
2616
+ "properties": {
2617
+ "number": {
2618
+ "type": "long"
2619
+ },
2620
+ "organization": {
2621
+ "properties": {
2622
+ "name": {
2623
+ "fields": {
2624
+ "text": {
2625
+ "norms": false,
2626
+ "type": "text"
2627
+ }
2628
+ },
2629
+ "ignore_above": 1024,
2630
+ "type": "keyword"
2631
+ }
2632
+ }
2633
+ }
2634
+ }
2635
+ },
2636
+ "bytes": {
2637
+ "type": "long"
2638
+ },
2639
+ "domain": {
2640
+ "ignore_above": 1024,
2641
+ "type": "keyword"
2642
+ },
2643
+ "geo": {
2644
+ "properties": {
2645
+ "city_name": {
2646
+ "ignore_above": 1024,
2647
+ "type": "keyword"
2648
+ },
2649
+ "continent_code": {
2650
+ "ignore_above": 1024,
2651
+ "type": "keyword"
2652
+ },
2653
+ "continent_name": {
2654
+ "ignore_above": 1024,
2655
+ "type": "keyword"
2656
+ },
2657
+ "country_iso_code": {
2658
+ "ignore_above": 1024,
2659
+ "type": "keyword"
2660
+ },
2661
+ "country_name": {
2662
+ "ignore_above": 1024,
2663
+ "type": "keyword"
2664
+ },
2665
+ "location": {
2666
+ "type": "geo_point"
2667
+ },
2668
+ "name": {
2669
+ "ignore_above": 1024,
2670
+ "type": "keyword"
2671
+ },
2672
+ "postal_code": {
2673
+ "ignore_above": 1024,
2674
+ "type": "keyword"
2675
+ },
2676
+ "region_iso_code": {
2677
+ "ignore_above": 1024,
2678
+ "type": "keyword"
2679
+ },
2680
+ "region_name": {
2681
+ "ignore_above": 1024,
2682
+ "type": "keyword"
2683
+ },
2684
+ "timezone": {
2685
+ "ignore_above": 1024,
2686
+ "type": "keyword"
2687
+ }
2688
+ }
2689
+ },
2690
+ "ip": {
2691
+ "type": "ip"
2692
+ },
2693
+ "mac": {
2694
+ "ignore_above": 1024,
2695
+ "type": "keyword"
2696
+ },
2697
+ "nat": {
2698
+ "properties": {
2699
+ "ip": {
2700
+ "type": "ip"
2701
+ },
2702
+ "port": {
2703
+ "type": "long"
2704
+ }
2705
+ }
2706
+ },
2707
+ "packets": {
2708
+ "type": "long"
2709
+ },
2710
+ "port": {
2711
+ "type": "long"
2712
+ },
2713
+ "registered_domain": {
2714
+ "ignore_above": 1024,
2715
+ "type": "keyword"
2716
+ },
2717
+ "subdomain": {
2718
+ "ignore_above": 1024,
2719
+ "type": "keyword"
2720
+ },
2721
+ "top_level_domain": {
2722
+ "ignore_above": 1024,
2723
+ "type": "keyword"
2724
+ },
2725
+ "user": {
2726
+ "properties": {
2727
+ "domain": {
2728
+ "ignore_above": 1024,
2729
+ "type": "keyword"
2730
+ },
2731
+ "email": {
2732
+ "ignore_above": 1024,
2733
+ "type": "keyword"
2734
+ },
2735
+ "full_name": {
2736
+ "fields": {
2737
+ "text": {
2738
+ "norms": false,
2739
+ "type": "text"
2740
+ }
2741
+ },
2742
+ "ignore_above": 1024,
2743
+ "type": "keyword"
2744
+ },
2745
+ "group": {
2746
+ "properties": {
2747
+ "domain": {
2748
+ "ignore_above": 1024,
2749
+ "type": "keyword"
2750
+ },
2751
+ "id": {
2752
+ "ignore_above": 1024,
2753
+ "type": "keyword"
2754
+ },
2755
+ "name": {
2756
+ "ignore_above": 1024,
2757
+ "type": "keyword"
2758
+ }
2759
+ }
2760
+ },
2761
+ "hash": {
2762
+ "ignore_above": 1024,
2763
+ "type": "keyword"
2764
+ },
2765
+ "id": {
2766
+ "ignore_above": 1024,
2767
+ "type": "keyword"
2768
+ },
2769
+ "name": {
2770
+ "fields": {
2771
+ "text": {
2772
+ "norms": false,
2773
+ "type": "text"
2774
+ }
2775
+ },
2776
+ "ignore_above": 1024,
2777
+ "type": "keyword"
2778
+ },
2779
+ "roles": {
2780
+ "ignore_above": 1024,
2781
+ "type": "keyword"
2782
+ }
2783
+ }
2784
+ }
2785
+ }
2786
+ },
2787
+ "span": {
2788
+ "properties": {
2789
+ "id": {
2790
+ "ignore_above": 1024,
2791
+ "type": "keyword"
2792
+ }
2793
+ }
2794
+ },
2795
+ "tags": {
2796
+ "ignore_above": 1024,
2797
+ "type": "keyword"
2798
+ },
2799
+ "threat": {
2800
+ "properties": {
2801
+ "framework": {
2802
+ "ignore_above": 1024,
2803
+ "type": "keyword"
2804
+ },
2805
+ "tactic": {
2806
+ "properties": {
2807
+ "id": {
2808
+ "ignore_above": 1024,
2809
+ "type": "keyword"
2810
+ },
2811
+ "name": {
2812
+ "ignore_above": 1024,
2813
+ "type": "keyword"
2814
+ },
2815
+ "reference": {
2816
+ "ignore_above": 1024,
2817
+ "type": "keyword"
2818
+ }
2819
+ }
2820
+ },
2821
+ "technique": {
2822
+ "properties": {
2823
+ "id": {
2824
+ "ignore_above": 1024,
2825
+ "type": "keyword"
2826
+ },
2827
+ "name": {
2828
+ "fields": {
2829
+ "text": {
2830
+ "norms": false,
2831
+ "type": "text"
2832
+ }
2833
+ },
2834
+ "ignore_above": 1024,
2835
+ "type": "keyword"
2836
+ },
2837
+ "reference": {
2838
+ "ignore_above": 1024,
2839
+ "type": "keyword"
2840
+ },
2841
+ "subtechnique": {
2842
+ "properties": {
2843
+ "id": {
2844
+ "ignore_above": 1024,
2845
+ "type": "keyword"
2846
+ },
2847
+ "name": {
2848
+ "fields": {
2849
+ "text": {
2850
+ "norms": false,
2851
+ "type": "text"
2852
+ }
2853
+ },
2854
+ "ignore_above": 1024,
2855
+ "type": "keyword"
2856
+ },
2857
+ "reference": {
2858
+ "ignore_above": 1024,
2859
+ "type": "keyword"
2860
+ }
2861
+ }
2862
+ }
2863
+ }
2864
+ }
2865
+ }
2866
+ },
2867
+ "tls": {
2868
+ "properties": {
2869
+ "cipher": {
2870
+ "ignore_above": 1024,
2871
+ "type": "keyword"
2872
+ },
2873
+ "client": {
2874
+ "properties": {
2875
+ "certificate": {
2876
+ "ignore_above": 1024,
2877
+ "type": "keyword"
2878
+ },
2879
+ "certificate_chain": {
2880
+ "ignore_above": 1024,
2881
+ "type": "keyword"
2882
+ },
2883
+ "hash": {
2884
+ "properties": {
2885
+ "md5": {
2886
+ "ignore_above": 1024,
2887
+ "type": "keyword"
2888
+ },
2889
+ "sha1": {
2890
+ "ignore_above": 1024,
2891
+ "type": "keyword"
2892
+ },
2893
+ "sha256": {
2894
+ "ignore_above": 1024,
2895
+ "type": "keyword"
2896
+ }
2897
+ }
2898
+ },
2899
+ "issuer": {
2900
+ "ignore_above": 1024,
2901
+ "type": "keyword"
2902
+ },
2903
+ "ja3": {
2904
+ "ignore_above": 1024,
2905
+ "type": "keyword"
2906
+ },
2907
+ "not_after": {
2908
+ "type": "date"
2909
+ },
2910
+ "not_before": {
2911
+ "type": "date"
2912
+ },
2913
+ "server_name": {
2914
+ "ignore_above": 1024,
2915
+ "type": "keyword"
2916
+ },
2917
+ "subject": {
2918
+ "ignore_above": 1024,
2919
+ "type": "keyword"
2920
+ },
2921
+ "supported_ciphers": {
2922
+ "ignore_above": 1024,
2923
+ "type": "keyword"
2924
+ },
2925
+ "x509": {
2926
+ "properties": {
2927
+ "alternative_names": {
2928
+ "ignore_above": 1024,
2929
+ "type": "keyword"
2930
+ },
2931
+ "issuer": {
2932
+ "properties": {
2933
+ "common_name": {
2934
+ "ignore_above": 1024,
2935
+ "type": "keyword"
2936
+ },
2937
+ "country": {
2938
+ "ignore_above": 1024,
2939
+ "type": "keyword"
2940
+ },
2941
+ "distinguished_name": {
2942
+ "ignore_above": 1024,
2943
+ "type": "keyword"
2944
+ },
2945
+ "locality": {
2946
+ "ignore_above": 1024,
2947
+ "type": "keyword"
2948
+ },
2949
+ "organization": {
2950
+ "ignore_above": 1024,
2951
+ "type": "keyword"
2952
+ },
2953
+ "organizational_unit": {
2954
+ "ignore_above": 1024,
2955
+ "type": "keyword"
2956
+ },
2957
+ "state_or_province": {
2958
+ "ignore_above": 1024,
2959
+ "type": "keyword"
2960
+ }
2961
+ }
2962
+ },
2963
+ "not_after": {
2964
+ "type": "date"
2965
+ },
2966
+ "not_before": {
2967
+ "type": "date"
2968
+ },
2969
+ "public_key_algorithm": {
2970
+ "ignore_above": 1024,
2971
+ "type": "keyword"
2972
+ },
2973
+ "public_key_curve": {
2974
+ "ignore_above": 1024,
2975
+ "type": "keyword"
2976
+ },
2977
+ "public_key_exponent": {
2978
+ "doc_values": false,
2979
+ "index": false,
2980
+ "type": "long"
2981
+ },
2982
+ "public_key_size": {
2983
+ "type": "long"
2984
+ },
2985
+ "serial_number": {
2986
+ "ignore_above": 1024,
2987
+ "type": "keyword"
2988
+ },
2989
+ "signature_algorithm": {
2990
+ "ignore_above": 1024,
2991
+ "type": "keyword"
2992
+ },
2993
+ "subject": {
2994
+ "properties": {
2995
+ "common_name": {
2996
+ "ignore_above": 1024,
2997
+ "type": "keyword"
2998
+ },
2999
+ "country": {
3000
+ "ignore_above": 1024,
3001
+ "type": "keyword"
3002
+ },
3003
+ "distinguished_name": {
3004
+ "ignore_above": 1024,
3005
+ "type": "keyword"
3006
+ },
3007
+ "locality": {
3008
+ "ignore_above": 1024,
3009
+ "type": "keyword"
3010
+ },
3011
+ "organization": {
3012
+ "ignore_above": 1024,
3013
+ "type": "keyword"
3014
+ },
3015
+ "organizational_unit": {
3016
+ "ignore_above": 1024,
3017
+ "type": "keyword"
3018
+ },
3019
+ "state_or_province": {
3020
+ "ignore_above": 1024,
3021
+ "type": "keyword"
3022
+ }
3023
+ }
3024
+ },
3025
+ "version_number": {
3026
+ "ignore_above": 1024,
3027
+ "type": "keyword"
3028
+ }
3029
+ }
3030
+ }
3031
+ }
3032
+ },
3033
+ "curve": {
3034
+ "ignore_above": 1024,
3035
+ "type": "keyword"
3036
+ },
3037
+ "established": {
3038
+ "type": "boolean"
3039
+ },
3040
+ "next_protocol": {
3041
+ "ignore_above": 1024,
3042
+ "type": "keyword"
3043
+ },
3044
+ "resumed": {
3045
+ "type": "boolean"
3046
+ },
3047
+ "server": {
3048
+ "properties": {
3049
+ "certificate": {
3050
+ "ignore_above": 1024,
3051
+ "type": "keyword"
3052
+ },
3053
+ "certificate_chain": {
3054
+ "ignore_above": 1024,
3055
+ "type": "keyword"
3056
+ },
3057
+ "hash": {
3058
+ "properties": {
3059
+ "md5": {
3060
+ "ignore_above": 1024,
3061
+ "type": "keyword"
3062
+ },
3063
+ "sha1": {
3064
+ "ignore_above": 1024,
3065
+ "type": "keyword"
3066
+ },
3067
+ "sha256": {
3068
+ "ignore_above": 1024,
3069
+ "type": "keyword"
3070
+ }
3071
+ }
3072
+ },
3073
+ "issuer": {
3074
+ "ignore_above": 1024,
3075
+ "type": "keyword"
3076
+ },
3077
+ "ja3s": {
3078
+ "ignore_above": 1024,
3079
+ "type": "keyword"
3080
+ },
3081
+ "not_after": {
3082
+ "type": "date"
3083
+ },
3084
+ "not_before": {
3085
+ "type": "date"
3086
+ },
3087
+ "subject": {
3088
+ "ignore_above": 1024,
3089
+ "type": "keyword"
3090
+ },
3091
+ "x509": {
3092
+ "properties": {
3093
+ "alternative_names": {
3094
+ "ignore_above": 1024,
3095
+ "type": "keyword"
3096
+ },
3097
+ "issuer": {
3098
+ "properties": {
3099
+ "common_name": {
3100
+ "ignore_above": 1024,
3101
+ "type": "keyword"
3102
+ },
3103
+ "country": {
3104
+ "ignore_above": 1024,
3105
+ "type": "keyword"
3106
+ },
3107
+ "distinguished_name": {
3108
+ "ignore_above": 1024,
3109
+ "type": "keyword"
3110
+ },
3111
+ "locality": {
3112
+ "ignore_above": 1024,
3113
+ "type": "keyword"
3114
+ },
3115
+ "organization": {
3116
+ "ignore_above": 1024,
3117
+ "type": "keyword"
3118
+ },
3119
+ "organizational_unit": {
3120
+ "ignore_above": 1024,
3121
+ "type": "keyword"
3122
+ },
3123
+ "state_or_province": {
3124
+ "ignore_above": 1024,
3125
+ "type": "keyword"
3126
+ }
3127
+ }
3128
+ },
3129
+ "not_after": {
3130
+ "type": "date"
3131
+ },
3132
+ "not_before": {
3133
+ "type": "date"
3134
+ },
3135
+ "public_key_algorithm": {
3136
+ "ignore_above": 1024,
3137
+ "type": "keyword"
3138
+ },
3139
+ "public_key_curve": {
3140
+ "ignore_above": 1024,
3141
+ "type": "keyword"
3142
+ },
3143
+ "public_key_exponent": {
3144
+ "doc_values": false,
3145
+ "index": false,
3146
+ "type": "long"
3147
+ },
3148
+ "public_key_size": {
3149
+ "type": "long"
3150
+ },
3151
+ "serial_number": {
3152
+ "ignore_above": 1024,
3153
+ "type": "keyword"
3154
+ },
3155
+ "signature_algorithm": {
3156
+ "ignore_above": 1024,
3157
+ "type": "keyword"
3158
+ },
3159
+ "subject": {
3160
+ "properties": {
3161
+ "common_name": {
3162
+ "ignore_above": 1024,
3163
+ "type": "keyword"
3164
+ },
3165
+ "country": {
3166
+ "ignore_above": 1024,
3167
+ "type": "keyword"
3168
+ },
3169
+ "distinguished_name": {
3170
+ "ignore_above": 1024,
3171
+ "type": "keyword"
3172
+ },
3173
+ "locality": {
3174
+ "ignore_above": 1024,
3175
+ "type": "keyword"
3176
+ },
3177
+ "organization": {
3178
+ "ignore_above": 1024,
3179
+ "type": "keyword"
3180
+ },
3181
+ "organizational_unit": {
3182
+ "ignore_above": 1024,
3183
+ "type": "keyword"
3184
+ },
3185
+ "state_or_province": {
3186
+ "ignore_above": 1024,
3187
+ "type": "keyword"
3188
+ }
3189
+ }
3190
+ },
3191
+ "version_number": {
3192
+ "ignore_above": 1024,
3193
+ "type": "keyword"
3194
+ }
3195
+ }
3196
+ }
3197
+ }
3198
+ },
3199
+ "version": {
3200
+ "ignore_above": 1024,
3201
+ "type": "keyword"
3202
+ },
3203
+ "version_protocol": {
3204
+ "ignore_above": 1024,
3205
+ "type": "keyword"
3206
+ }
3207
+ }
3208
+ },
3209
+ "trace": {
3210
+ "properties": {
3211
+ "id": {
3212
+ "ignore_above": 1024,
3213
+ "type": "keyword"
3214
+ }
3215
+ }
3216
+ },
3217
+ "transaction": {
3218
+ "properties": {
3219
+ "id": {
3220
+ "ignore_above": 1024,
3221
+ "type": "keyword"
3222
+ }
3223
+ }
3224
+ },
3225
+ "url": {
3226
+ "properties": {
3227
+ "domain": {
3228
+ "ignore_above": 1024,
3229
+ "type": "keyword"
3230
+ },
3231
+ "extension": {
3232
+ "ignore_above": 1024,
3233
+ "type": "keyword"
3234
+ },
3235
+ "fragment": {
3236
+ "ignore_above": 1024,
3237
+ "type": "keyword"
3238
+ },
3239
+ "full": {
3240
+ "fields": {
3241
+ "text": {
3242
+ "norms": false,
3243
+ "type": "text"
3244
+ }
3245
+ },
3246
+ "ignore_above": 1024,
3247
+ "type": "keyword"
3248
+ },
3249
+ "original": {
3250
+ "fields": {
3251
+ "text": {
3252
+ "norms": false,
3253
+ "type": "text"
3254
+ }
3255
+ },
3256
+ "ignore_above": 1024,
3257
+ "type": "keyword"
3258
+ },
3259
+ "password": {
3260
+ "ignore_above": 1024,
3261
+ "type": "keyword"
3262
+ },
3263
+ "path": {
3264
+ "ignore_above": 1024,
3265
+ "type": "keyword"
3266
+ },
3267
+ "port": {
3268
+ "type": "long"
3269
+ },
3270
+ "query": {
3271
+ "ignore_above": 1024,
3272
+ "type": "keyword"
3273
+ },
3274
+ "registered_domain": {
3275
+ "ignore_above": 1024,
3276
+ "type": "keyword"
3277
+ },
3278
+ "scheme": {
3279
+ "ignore_above": 1024,
3280
+ "type": "keyword"
3281
+ },
3282
+ "subdomain": {
3283
+ "ignore_above": 1024,
3284
+ "type": "keyword"
3285
+ },
3286
+ "top_level_domain": {
3287
+ "ignore_above": 1024,
3288
+ "type": "keyword"
3289
+ },
3290
+ "username": {
3291
+ "ignore_above": 1024,
3292
+ "type": "keyword"
3293
+ }
3294
+ }
3295
+ },
3296
+ "user": {
3297
+ "properties": {
3298
+ "changes": {
3299
+ "properties": {
3300
+ "domain": {
3301
+ "ignore_above": 1024,
3302
+ "type": "keyword"
3303
+ },
3304
+ "email": {
3305
+ "ignore_above": 1024,
3306
+ "type": "keyword"
3307
+ },
3308
+ "full_name": {
3309
+ "fields": {
3310
+ "text": {
3311
+ "norms": false,
3312
+ "type": "text"
3313
+ }
3314
+ },
3315
+ "ignore_above": 1024,
3316
+ "type": "keyword"
3317
+ },
3318
+ "group": {
3319
+ "properties": {
3320
+ "domain": {
3321
+ "ignore_above": 1024,
3322
+ "type": "keyword"
3323
+ },
3324
+ "id": {
3325
+ "ignore_above": 1024,
3326
+ "type": "keyword"
3327
+ },
3328
+ "name": {
3329
+ "ignore_above": 1024,
3330
+ "type": "keyword"
3331
+ }
3332
+ }
3333
+ },
3334
+ "hash": {
3335
+ "ignore_above": 1024,
3336
+ "type": "keyword"
3337
+ },
3338
+ "id": {
3339
+ "ignore_above": 1024,
3340
+ "type": "keyword"
3341
+ },
3342
+ "name": {
3343
+ "fields": {
3344
+ "text": {
3345
+ "norms": false,
3346
+ "type": "text"
3347
+ }
3348
+ },
3349
+ "ignore_above": 1024,
3350
+ "type": "keyword"
3351
+ },
3352
+ "roles": {
3353
+ "ignore_above": 1024,
3354
+ "type": "keyword"
3355
+ }
3356
+ }
3357
+ },
3358
+ "domain": {
3359
+ "ignore_above": 1024,
3360
+ "type": "keyword"
3361
+ },
3362
+ "effective": {
3363
+ "properties": {
3364
+ "domain": {
3365
+ "ignore_above": 1024,
3366
+ "type": "keyword"
3367
+ },
3368
+ "email": {
3369
+ "ignore_above": 1024,
3370
+ "type": "keyword"
3371
+ },
3372
+ "full_name": {
3373
+ "fields": {
3374
+ "text": {
3375
+ "norms": false,
3376
+ "type": "text"
3377
+ }
3378
+ },
3379
+ "ignore_above": 1024,
3380
+ "type": "keyword"
3381
+ },
3382
+ "group": {
3383
+ "properties": {
3384
+ "domain": {
3385
+ "ignore_above": 1024,
3386
+ "type": "keyword"
3387
+ },
3388
+ "id": {
3389
+ "ignore_above": 1024,
3390
+ "type": "keyword"
3391
+ },
3392
+ "name": {
3393
+ "ignore_above": 1024,
3394
+ "type": "keyword"
3395
+ }
3396
+ }
3397
+ },
3398
+ "hash": {
3399
+ "ignore_above": 1024,
3400
+ "type": "keyword"
3401
+ },
3402
+ "id": {
3403
+ "ignore_above": 1024,
3404
+ "type": "keyword"
3405
+ },
3406
+ "name": {
3407
+ "fields": {
3408
+ "text": {
3409
+ "norms": false,
3410
+ "type": "text"
3411
+ }
3412
+ },
3413
+ "ignore_above": 1024,
3414
+ "type": "keyword"
3415
+ },
3416
+ "roles": {
3417
+ "ignore_above": 1024,
3418
+ "type": "keyword"
3419
+ }
3420
+ }
3421
+ },
3422
+ "email": {
3423
+ "ignore_above": 1024,
3424
+ "type": "keyword"
3425
+ },
3426
+ "full_name": {
3427
+ "fields": {
3428
+ "text": {
3429
+ "norms": false,
3430
+ "type": "text"
3431
+ }
3432
+ },
3433
+ "ignore_above": 1024,
3434
+ "type": "keyword"
3435
+ },
3436
+ "group": {
3437
+ "properties": {
3438
+ "domain": {
3439
+ "ignore_above": 1024,
3440
+ "type": "keyword"
3441
+ },
3442
+ "id": {
3443
+ "ignore_above": 1024,
3444
+ "type": "keyword"
3445
+ },
3446
+ "name": {
3447
+ "ignore_above": 1024,
3448
+ "type": "keyword"
3449
+ }
3450
+ }
3451
+ },
3452
+ "hash": {
3453
+ "ignore_above": 1024,
3454
+ "type": "keyword"
3455
+ },
3456
+ "id": {
3457
+ "ignore_above": 1024,
3458
+ "type": "keyword"
3459
+ },
3460
+ "name": {
3461
+ "fields": {
3462
+ "text": {
3463
+ "norms": false,
3464
+ "type": "text"
3465
+ }
3466
+ },
3467
+ "ignore_above": 1024,
3468
+ "type": "keyword"
3469
+ },
3470
+ "roles": {
3471
+ "ignore_above": 1024,
3472
+ "type": "keyword"
3473
+ },
3474
+ "target": {
3475
+ "properties": {
3476
+ "domain": {
3477
+ "ignore_above": 1024,
3478
+ "type": "keyword"
3479
+ },
3480
+ "email": {
3481
+ "ignore_above": 1024,
3482
+ "type": "keyword"
3483
+ },
3484
+ "full_name": {
3485
+ "fields": {
3486
+ "text": {
3487
+ "norms": false,
3488
+ "type": "text"
3489
+ }
3490
+ },
3491
+ "ignore_above": 1024,
3492
+ "type": "keyword"
3493
+ },
3494
+ "group": {
3495
+ "properties": {
3496
+ "domain": {
3497
+ "ignore_above": 1024,
3498
+ "type": "keyword"
3499
+ },
3500
+ "id": {
3501
+ "ignore_above": 1024,
3502
+ "type": "keyword"
3503
+ },
3504
+ "name": {
3505
+ "ignore_above": 1024,
3506
+ "type": "keyword"
3507
+ }
3508
+ }
3509
+ },
3510
+ "hash": {
3511
+ "ignore_above": 1024,
3512
+ "type": "keyword"
3513
+ },
3514
+ "id": {
3515
+ "ignore_above": 1024,
3516
+ "type": "keyword"
3517
+ },
3518
+ "name": {
3519
+ "fields": {
3520
+ "text": {
3521
+ "norms": false,
3522
+ "type": "text"
3523
+ }
3524
+ },
3525
+ "ignore_above": 1024,
3526
+ "type": "keyword"
3527
+ },
3528
+ "roles": {
3529
+ "ignore_above": 1024,
3530
+ "type": "keyword"
3531
+ }
3532
+ }
3533
+ }
3534
+ }
3535
+ },
3536
+ "user_agent": {
3537
+ "properties": {
3538
+ "device": {
3539
+ "properties": {
3540
+ "name": {
3541
+ "ignore_above": 1024,
3542
+ "type": "keyword"
3543
+ }
3544
+ }
3545
+ },
3546
+ "name": {
3547
+ "ignore_above": 1024,
3548
+ "type": "keyword"
3549
+ },
3550
+ "original": {
3551
+ "fields": {
3552
+ "text": {
3553
+ "norms": false,
3554
+ "type": "text"
3555
+ }
3556
+ },
3557
+ "ignore_above": 1024,
3558
+ "type": "keyword"
3559
+ },
3560
+ "os": {
3561
+ "properties": {
3562
+ "family": {
3563
+ "ignore_above": 1024,
3564
+ "type": "keyword"
3565
+ },
3566
+ "full": {
3567
+ "fields": {
3568
+ "text": {
3569
+ "norms": false,
3570
+ "type": "text"
3571
+ }
3572
+ },
3573
+ "ignore_above": 1024,
3574
+ "type": "keyword"
3575
+ },
3576
+ "kernel": {
3577
+ "ignore_above": 1024,
3578
+ "type": "keyword"
3579
+ },
3580
+ "name": {
3581
+ "fields": {
3582
+ "text": {
3583
+ "norms": false,
3584
+ "type": "text"
3585
+ }
3586
+ },
3587
+ "ignore_above": 1024,
3588
+ "type": "keyword"
3589
+ },
3590
+ "platform": {
3591
+ "ignore_above": 1024,
3592
+ "type": "keyword"
3593
+ },
3594
+ "type": {
3595
+ "ignore_above": 1024,
3596
+ "type": "keyword"
3597
+ },
3598
+ "version": {
3599
+ "ignore_above": 1024,
3600
+ "type": "keyword"
3601
+ }
3602
+ }
3603
+ },
3604
+ "version": {
3605
+ "ignore_above": 1024,
3606
+ "type": "keyword"
3607
+ }
3608
+ }
3609
+ },
3610
+ "vulnerability": {
3611
+ "properties": {
3612
+ "category": {
3613
+ "ignore_above": 1024,
3614
+ "type": "keyword"
3615
+ },
3616
+ "classification": {
3617
+ "ignore_above": 1024,
3618
+ "type": "keyword"
3619
+ },
3620
+ "description": {
3621
+ "fields": {
3622
+ "text": {
3623
+ "norms": false,
3624
+ "type": "text"
3625
+ }
3626
+ },
3627
+ "ignore_above": 1024,
3628
+ "type": "keyword"
3629
+ },
3630
+ "enumeration": {
3631
+ "ignore_above": 1024,
3632
+ "type": "keyword"
3633
+ },
3634
+ "id": {
3635
+ "ignore_above": 1024,
3636
+ "type": "keyword"
3637
+ },
3638
+ "reference": {
3639
+ "ignore_above": 1024,
3640
+ "type": "keyword"
3641
+ },
3642
+ "report_id": {
3643
+ "ignore_above": 1024,
3644
+ "type": "keyword"
3645
+ },
3646
+ "scanner": {
3647
+ "properties": {
3648
+ "vendor": {
3649
+ "ignore_above": 1024,
3650
+ "type": "keyword"
3651
+ }
3652
+ }
3653
+ },
3654
+ "score": {
3655
+ "properties": {
3656
+ "base": {
3657
+ "type": "float"
3658
+ },
3659
+ "environmental": {
3660
+ "type": "float"
3661
+ },
3662
+ "temporal": {
3663
+ "type": "float"
3664
+ },
3665
+ "version": {
3666
+ "ignore_above": 1024,
3667
+ "type": "keyword"
3668
+ }
3669
+ }
3670
+ },
3671
+ "severity": {
3672
+ "ignore_above": 1024,
3673
+ "type": "keyword"
3674
+ }
3675
+ }
3676
+ }
3677
+ }
3678
+ },
3679
+ "order": 1,
3680
+ "settings": {
3681
+ "index": {
3682
+ "mapping": {
3683
+ "total_fields": {
3684
+ "limit": 10000
3685
+ }
3686
+ },
3687
+ "refresh_interval": "5s"
3688
+ }
3689
+ }
3690
+ }