logstash-output-elasticsearch 11.2.0-java → 11.3.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/lib/logstash/outputs/elasticsearch/http_client/pool.rb +4 -4
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json +925 -180
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +926 -184
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-8x.json +3695 -0
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v8/elasticsearch-7x.json +5777 -0
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v8/elasticsearch-8x.json +5782 -0
- data/lib/logstash/outputs/elasticsearch.rb +6 -1
- data/logstash-output-elasticsearch.gemspec +1 -1
- data/spec/integration/outputs/templates_spec.rb +100 -65
- data/spec/unit/outputs/elasticsearch/template_manager_spec.rb +6 -0
- metadata +5 -2
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
"mappings": {
|
|
6
6
|
"_doc": {
|
|
7
7
|
"_meta": {
|
|
8
|
-
"version": "1.
|
|
8
|
+
"version": "1.10.0"
|
|
9
9
|
},
|
|
10
10
|
"date_detection": false,
|
|
11
11
|
"dynamic_templates": [
|
|
@@ -25,6 +25,14 @@
|
|
|
25
25
|
},
|
|
26
26
|
"agent": {
|
|
27
27
|
"properties": {
|
|
28
|
+
"build": {
|
|
29
|
+
"properties": {
|
|
30
|
+
"original": {
|
|
31
|
+
"ignore_above": 1024,
|
|
32
|
+
"type": "keyword"
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
},
|
|
28
36
|
"ephemeral_id": {
|
|
29
37
|
"ignore_above": 1024,
|
|
30
38
|
"type": "keyword"
|
|
@@ -47,27 +55,6 @@
|
|
|
47
55
|
}
|
|
48
56
|
}
|
|
49
57
|
},
|
|
50
|
-
"as": {
|
|
51
|
-
"properties": {
|
|
52
|
-
"number": {
|
|
53
|
-
"type": "long"
|
|
54
|
-
},
|
|
55
|
-
"organization": {
|
|
56
|
-
"properties": {
|
|
57
|
-
"name": {
|
|
58
|
-
"fields": {
|
|
59
|
-
"text": {
|
|
60
|
-
"norms": false,
|
|
61
|
-
"type": "text"
|
|
62
|
-
}
|
|
63
|
-
},
|
|
64
|
-
"ignore_above": 1024,
|
|
65
|
-
"type": "keyword"
|
|
66
|
-
}
|
|
67
|
-
}
|
|
68
|
-
}
|
|
69
|
-
}
|
|
70
|
-
},
|
|
71
58
|
"client": {
|
|
72
59
|
"properties": {
|
|
73
60
|
"address": {
|
|
@@ -108,6 +95,10 @@
|
|
|
108
95
|
"ignore_above": 1024,
|
|
109
96
|
"type": "keyword"
|
|
110
97
|
},
|
|
98
|
+
"continent_code": {
|
|
99
|
+
"ignore_above": 1024,
|
|
100
|
+
"type": "keyword"
|
|
101
|
+
},
|
|
111
102
|
"continent_name": {
|
|
112
103
|
"ignore_above": 1024,
|
|
113
104
|
"type": "keyword"
|
|
@@ -127,6 +118,10 @@
|
|
|
127
118
|
"ignore_above": 1024,
|
|
128
119
|
"type": "keyword"
|
|
129
120
|
},
|
|
121
|
+
"postal_code": {
|
|
122
|
+
"ignore_above": 1024,
|
|
123
|
+
"type": "keyword"
|
|
124
|
+
},
|
|
130
125
|
"region_iso_code": {
|
|
131
126
|
"ignore_above": 1024,
|
|
132
127
|
"type": "keyword"
|
|
@@ -134,6 +129,10 @@
|
|
|
134
129
|
"region_name": {
|
|
135
130
|
"ignore_above": 1024,
|
|
136
131
|
"type": "keyword"
|
|
132
|
+
},
|
|
133
|
+
"timezone": {
|
|
134
|
+
"ignore_above": 1024,
|
|
135
|
+
"type": "keyword"
|
|
137
136
|
}
|
|
138
137
|
}
|
|
139
138
|
},
|
|
@@ -164,6 +163,10 @@
|
|
|
164
163
|
"ignore_above": 1024,
|
|
165
164
|
"type": "keyword"
|
|
166
165
|
},
|
|
166
|
+
"subdomain": {
|
|
167
|
+
"ignore_above": 1024,
|
|
168
|
+
"type": "keyword"
|
|
169
|
+
},
|
|
167
170
|
"top_level_domain": {
|
|
168
171
|
"ignore_above": 1024,
|
|
169
172
|
"type": "keyword"
|
|
@@ -221,6 +224,10 @@
|
|
|
221
224
|
},
|
|
222
225
|
"ignore_above": 1024,
|
|
223
226
|
"type": "keyword"
|
|
227
|
+
},
|
|
228
|
+
"roles": {
|
|
229
|
+
"ignore_above": 1024,
|
|
230
|
+
"type": "keyword"
|
|
224
231
|
}
|
|
225
232
|
}
|
|
226
233
|
}
|
|
@@ -233,6 +240,10 @@
|
|
|
233
240
|
"id": {
|
|
234
241
|
"ignore_above": 1024,
|
|
235
242
|
"type": "keyword"
|
|
243
|
+
},
|
|
244
|
+
"name": {
|
|
245
|
+
"ignore_above": 1024,
|
|
246
|
+
"type": "keyword"
|
|
236
247
|
}
|
|
237
248
|
}
|
|
238
249
|
},
|
|
@@ -260,6 +271,18 @@
|
|
|
260
271
|
}
|
|
261
272
|
}
|
|
262
273
|
},
|
|
274
|
+
"project": {
|
|
275
|
+
"properties": {
|
|
276
|
+
"id": {
|
|
277
|
+
"ignore_above": 1024,
|
|
278
|
+
"type": "keyword"
|
|
279
|
+
},
|
|
280
|
+
"name": {
|
|
281
|
+
"ignore_above": 1024,
|
|
282
|
+
"type": "keyword"
|
|
283
|
+
}
|
|
284
|
+
}
|
|
285
|
+
},
|
|
263
286
|
"provider": {
|
|
264
287
|
"ignore_above": 1024,
|
|
265
288
|
"type": "keyword"
|
|
@@ -267,27 +290,14 @@
|
|
|
267
290
|
"region": {
|
|
268
291
|
"ignore_above": 1024,
|
|
269
292
|
"type": "keyword"
|
|
270
|
-
}
|
|
271
|
-
}
|
|
272
|
-
},
|
|
273
|
-
"code_signature": {
|
|
274
|
-
"properties": {
|
|
275
|
-
"exists": {
|
|
276
|
-
"type": "boolean"
|
|
277
|
-
},
|
|
278
|
-
"status": {
|
|
279
|
-
"ignore_above": 1024,
|
|
280
|
-
"type": "keyword"
|
|
281
|
-
},
|
|
282
|
-
"subject_name": {
|
|
283
|
-
"ignore_above": 1024,
|
|
284
|
-
"type": "keyword"
|
|
285
|
-
},
|
|
286
|
-
"trusted": {
|
|
287
|
-
"type": "boolean"
|
|
288
293
|
},
|
|
289
|
-
"
|
|
290
|
-
"
|
|
294
|
+
"service": {
|
|
295
|
+
"properties": {
|
|
296
|
+
"name": {
|
|
297
|
+
"ignore_above": 1024,
|
|
298
|
+
"type": "keyword"
|
|
299
|
+
}
|
|
300
|
+
}
|
|
291
301
|
}
|
|
292
302
|
}
|
|
293
303
|
},
|
|
@@ -322,6 +332,22 @@
|
|
|
322
332
|
}
|
|
323
333
|
}
|
|
324
334
|
},
|
|
335
|
+
"data_stream": {
|
|
336
|
+
"properties": {
|
|
337
|
+
"dataset": {
|
|
338
|
+
"ignore_above": 1024,
|
|
339
|
+
"type": "keyword"
|
|
340
|
+
},
|
|
341
|
+
"namespace": {
|
|
342
|
+
"ignore_above": 1024,
|
|
343
|
+
"type": "keyword"
|
|
344
|
+
},
|
|
345
|
+
"type": {
|
|
346
|
+
"ignore_above": 1024,
|
|
347
|
+
"type": "keyword"
|
|
348
|
+
}
|
|
349
|
+
}
|
|
350
|
+
},
|
|
325
351
|
"destination": {
|
|
326
352
|
"properties": {
|
|
327
353
|
"address": {
|
|
@@ -362,6 +388,10 @@
|
|
|
362
388
|
"ignore_above": 1024,
|
|
363
389
|
"type": "keyword"
|
|
364
390
|
},
|
|
391
|
+
"continent_code": {
|
|
392
|
+
"ignore_above": 1024,
|
|
393
|
+
"type": "keyword"
|
|
394
|
+
},
|
|
365
395
|
"continent_name": {
|
|
366
396
|
"ignore_above": 1024,
|
|
367
397
|
"type": "keyword"
|
|
@@ -381,6 +411,10 @@
|
|
|
381
411
|
"ignore_above": 1024,
|
|
382
412
|
"type": "keyword"
|
|
383
413
|
},
|
|
414
|
+
"postal_code": {
|
|
415
|
+
"ignore_above": 1024,
|
|
416
|
+
"type": "keyword"
|
|
417
|
+
},
|
|
384
418
|
"region_iso_code": {
|
|
385
419
|
"ignore_above": 1024,
|
|
386
420
|
"type": "keyword"
|
|
@@ -388,6 +422,10 @@
|
|
|
388
422
|
"region_name": {
|
|
389
423
|
"ignore_above": 1024,
|
|
390
424
|
"type": "keyword"
|
|
425
|
+
},
|
|
426
|
+
"timezone": {
|
|
427
|
+
"ignore_above": 1024,
|
|
428
|
+
"type": "keyword"
|
|
391
429
|
}
|
|
392
430
|
}
|
|
393
431
|
},
|
|
@@ -418,6 +456,10 @@
|
|
|
418
456
|
"ignore_above": 1024,
|
|
419
457
|
"type": "keyword"
|
|
420
458
|
},
|
|
459
|
+
"subdomain": {
|
|
460
|
+
"ignore_above": 1024,
|
|
461
|
+
"type": "keyword"
|
|
462
|
+
},
|
|
421
463
|
"top_level_domain": {
|
|
422
464
|
"ignore_above": 1024,
|
|
423
465
|
"type": "keyword"
|
|
@@ -475,6 +517,10 @@
|
|
|
475
517
|
},
|
|
476
518
|
"ignore_above": 1024,
|
|
477
519
|
"type": "keyword"
|
|
520
|
+
},
|
|
521
|
+
"roles": {
|
|
522
|
+
"ignore_above": 1024,
|
|
523
|
+
"type": "keyword"
|
|
478
524
|
}
|
|
479
525
|
}
|
|
480
526
|
}
|
|
@@ -487,6 +533,10 @@
|
|
|
487
533
|
"exists": {
|
|
488
534
|
"type": "boolean"
|
|
489
535
|
},
|
|
536
|
+
"signing_id": {
|
|
537
|
+
"ignore_above": 1024,
|
|
538
|
+
"type": "keyword"
|
|
539
|
+
},
|
|
490
540
|
"status": {
|
|
491
541
|
"ignore_above": 1024,
|
|
492
542
|
"type": "keyword"
|
|
@@ -495,6 +545,10 @@
|
|
|
495
545
|
"ignore_above": 1024,
|
|
496
546
|
"type": "keyword"
|
|
497
547
|
},
|
|
548
|
+
"team_id": {
|
|
549
|
+
"ignore_above": 1024,
|
|
550
|
+
"type": "keyword"
|
|
551
|
+
},
|
|
498
552
|
"trusted": {
|
|
499
553
|
"type": "boolean"
|
|
500
554
|
},
|
|
@@ -520,6 +574,10 @@
|
|
|
520
574
|
"sha512": {
|
|
521
575
|
"ignore_above": 1024,
|
|
522
576
|
"type": "keyword"
|
|
577
|
+
},
|
|
578
|
+
"ssdeep": {
|
|
579
|
+
"ignore_above": 1024,
|
|
580
|
+
"type": "keyword"
|
|
523
581
|
}
|
|
524
582
|
}
|
|
525
583
|
},
|
|
@@ -533,6 +591,10 @@
|
|
|
533
591
|
},
|
|
534
592
|
"pe": {
|
|
535
593
|
"properties": {
|
|
594
|
+
"architecture": {
|
|
595
|
+
"ignore_above": 1024,
|
|
596
|
+
"type": "keyword"
|
|
597
|
+
},
|
|
536
598
|
"company": {
|
|
537
599
|
"ignore_above": 1024,
|
|
538
600
|
"type": "keyword"
|
|
@@ -545,6 +607,10 @@
|
|
|
545
607
|
"ignore_above": 1024,
|
|
546
608
|
"type": "keyword"
|
|
547
609
|
},
|
|
610
|
+
"imphash": {
|
|
611
|
+
"ignore_above": 1024,
|
|
612
|
+
"type": "keyword"
|
|
613
|
+
},
|
|
548
614
|
"original_file_name": {
|
|
549
615
|
"ignore_above": 1024,
|
|
550
616
|
"type": "keyword"
|
|
@@ -736,6 +802,10 @@
|
|
|
736
802
|
"ignore_above": 1024,
|
|
737
803
|
"type": "keyword"
|
|
738
804
|
},
|
|
805
|
+
"reason": {
|
|
806
|
+
"ignore_above": 1024,
|
|
807
|
+
"type": "keyword"
|
|
808
|
+
},
|
|
739
809
|
"reference": {
|
|
740
810
|
"ignore_above": 1024,
|
|
741
811
|
"type": "keyword"
|
|
@@ -783,6 +853,10 @@
|
|
|
783
853
|
"exists": {
|
|
784
854
|
"type": "boolean"
|
|
785
855
|
},
|
|
856
|
+
"signing_id": {
|
|
857
|
+
"ignore_above": 1024,
|
|
858
|
+
"type": "keyword"
|
|
859
|
+
},
|
|
786
860
|
"status": {
|
|
787
861
|
"ignore_above": 1024,
|
|
788
862
|
"type": "keyword"
|
|
@@ -791,6 +865,10 @@
|
|
|
791
865
|
"ignore_above": 1024,
|
|
792
866
|
"type": "keyword"
|
|
793
867
|
},
|
|
868
|
+
"team_id": {
|
|
869
|
+
"ignore_above": 1024,
|
|
870
|
+
"type": "keyword"
|
|
871
|
+
},
|
|
794
872
|
"trusted": {
|
|
795
873
|
"type": "boolean"
|
|
796
874
|
},
|
|
@@ -846,6 +924,10 @@
|
|
|
846
924
|
"sha512": {
|
|
847
925
|
"ignore_above": 1024,
|
|
848
926
|
"type": "keyword"
|
|
927
|
+
},
|
|
928
|
+
"ssdeep": {
|
|
929
|
+
"ignore_above": 1024,
|
|
930
|
+
"type": "keyword"
|
|
849
931
|
}
|
|
850
932
|
}
|
|
851
933
|
},
|
|
@@ -884,6 +966,10 @@
|
|
|
884
966
|
},
|
|
885
967
|
"pe": {
|
|
886
968
|
"properties": {
|
|
969
|
+
"architecture": {
|
|
970
|
+
"ignore_above": 1024,
|
|
971
|
+
"type": "keyword"
|
|
972
|
+
},
|
|
887
973
|
"company": {
|
|
888
974
|
"ignore_above": 1024,
|
|
889
975
|
"type": "keyword"
|
|
@@ -896,6 +982,10 @@
|
|
|
896
982
|
"ignore_above": 1024,
|
|
897
983
|
"type": "keyword"
|
|
898
984
|
},
|
|
985
|
+
"imphash": {
|
|
986
|
+
"ignore_above": 1024,
|
|
987
|
+
"type": "keyword"
|
|
988
|
+
},
|
|
899
989
|
"original_file_name": {
|
|
900
990
|
"ignore_above": 1024,
|
|
901
991
|
"type": "keyword"
|
|
@@ -926,41 +1016,112 @@
|
|
|
926
1016
|
"uid": {
|
|
927
1017
|
"ignore_above": 1024,
|
|
928
1018
|
"type": "keyword"
|
|
929
|
-
}
|
|
930
|
-
}
|
|
931
|
-
},
|
|
932
|
-
"geo": {
|
|
933
|
-
"properties": {
|
|
934
|
-
"city_name": {
|
|
935
|
-
"ignore_above": 1024,
|
|
936
|
-
"type": "keyword"
|
|
937
|
-
},
|
|
938
|
-
"continent_name": {
|
|
939
|
-
"ignore_above": 1024,
|
|
940
|
-
"type": "keyword"
|
|
941
|
-
},
|
|
942
|
-
"country_iso_code": {
|
|
943
|
-
"ignore_above": 1024,
|
|
944
|
-
"type": "keyword"
|
|
945
|
-
},
|
|
946
|
-
"country_name": {
|
|
947
|
-
"ignore_above": 1024,
|
|
948
|
-
"type": "keyword"
|
|
949
|
-
},
|
|
950
|
-
"location": {
|
|
951
|
-
"type": "geo_point"
|
|
952
|
-
},
|
|
953
|
-
"name": {
|
|
954
|
-
"ignore_above": 1024,
|
|
955
|
-
"type": "keyword"
|
|
956
|
-
},
|
|
957
|
-
"region_iso_code": {
|
|
958
|
-
"ignore_above": 1024,
|
|
959
|
-
"type": "keyword"
|
|
960
1019
|
},
|
|
961
|
-
"
|
|
962
|
-
"
|
|
963
|
-
|
|
1020
|
+
"x509": {
|
|
1021
|
+
"properties": {
|
|
1022
|
+
"alternative_names": {
|
|
1023
|
+
"ignore_above": 1024,
|
|
1024
|
+
"type": "keyword"
|
|
1025
|
+
},
|
|
1026
|
+
"issuer": {
|
|
1027
|
+
"properties": {
|
|
1028
|
+
"common_name": {
|
|
1029
|
+
"ignore_above": 1024,
|
|
1030
|
+
"type": "keyword"
|
|
1031
|
+
},
|
|
1032
|
+
"country": {
|
|
1033
|
+
"ignore_above": 1024,
|
|
1034
|
+
"type": "keyword"
|
|
1035
|
+
},
|
|
1036
|
+
"distinguished_name": {
|
|
1037
|
+
"ignore_above": 1024,
|
|
1038
|
+
"type": "keyword"
|
|
1039
|
+
},
|
|
1040
|
+
"locality": {
|
|
1041
|
+
"ignore_above": 1024,
|
|
1042
|
+
"type": "keyword"
|
|
1043
|
+
},
|
|
1044
|
+
"organization": {
|
|
1045
|
+
"ignore_above": 1024,
|
|
1046
|
+
"type": "keyword"
|
|
1047
|
+
},
|
|
1048
|
+
"organizational_unit": {
|
|
1049
|
+
"ignore_above": 1024,
|
|
1050
|
+
"type": "keyword"
|
|
1051
|
+
},
|
|
1052
|
+
"state_or_province": {
|
|
1053
|
+
"ignore_above": 1024,
|
|
1054
|
+
"type": "keyword"
|
|
1055
|
+
}
|
|
1056
|
+
}
|
|
1057
|
+
},
|
|
1058
|
+
"not_after": {
|
|
1059
|
+
"type": "date"
|
|
1060
|
+
},
|
|
1061
|
+
"not_before": {
|
|
1062
|
+
"type": "date"
|
|
1063
|
+
},
|
|
1064
|
+
"public_key_algorithm": {
|
|
1065
|
+
"ignore_above": 1024,
|
|
1066
|
+
"type": "keyword"
|
|
1067
|
+
},
|
|
1068
|
+
"public_key_curve": {
|
|
1069
|
+
"ignore_above": 1024,
|
|
1070
|
+
"type": "keyword"
|
|
1071
|
+
},
|
|
1072
|
+
"public_key_exponent": {
|
|
1073
|
+
"doc_values": false,
|
|
1074
|
+
"index": false,
|
|
1075
|
+
"type": "long"
|
|
1076
|
+
},
|
|
1077
|
+
"public_key_size": {
|
|
1078
|
+
"type": "long"
|
|
1079
|
+
},
|
|
1080
|
+
"serial_number": {
|
|
1081
|
+
"ignore_above": 1024,
|
|
1082
|
+
"type": "keyword"
|
|
1083
|
+
},
|
|
1084
|
+
"signature_algorithm": {
|
|
1085
|
+
"ignore_above": 1024,
|
|
1086
|
+
"type": "keyword"
|
|
1087
|
+
},
|
|
1088
|
+
"subject": {
|
|
1089
|
+
"properties": {
|
|
1090
|
+
"common_name": {
|
|
1091
|
+
"ignore_above": 1024,
|
|
1092
|
+
"type": "keyword"
|
|
1093
|
+
},
|
|
1094
|
+
"country": {
|
|
1095
|
+
"ignore_above": 1024,
|
|
1096
|
+
"type": "keyword"
|
|
1097
|
+
},
|
|
1098
|
+
"distinguished_name": {
|
|
1099
|
+
"ignore_above": 1024,
|
|
1100
|
+
"type": "keyword"
|
|
1101
|
+
},
|
|
1102
|
+
"locality": {
|
|
1103
|
+
"ignore_above": 1024,
|
|
1104
|
+
"type": "keyword"
|
|
1105
|
+
},
|
|
1106
|
+
"organization": {
|
|
1107
|
+
"ignore_above": 1024,
|
|
1108
|
+
"type": "keyword"
|
|
1109
|
+
},
|
|
1110
|
+
"organizational_unit": {
|
|
1111
|
+
"ignore_above": 1024,
|
|
1112
|
+
"type": "keyword"
|
|
1113
|
+
},
|
|
1114
|
+
"state_or_province": {
|
|
1115
|
+
"ignore_above": 1024,
|
|
1116
|
+
"type": "keyword"
|
|
1117
|
+
}
|
|
1118
|
+
}
|
|
1119
|
+
},
|
|
1120
|
+
"version_number": {
|
|
1121
|
+
"ignore_above": 1024,
|
|
1122
|
+
"type": "keyword"
|
|
1123
|
+
}
|
|
1124
|
+
}
|
|
964
1125
|
}
|
|
965
1126
|
}
|
|
966
1127
|
},
|
|
@@ -980,31 +1141,37 @@
|
|
|
980
1141
|
}
|
|
981
1142
|
}
|
|
982
1143
|
},
|
|
983
|
-
"
|
|
1144
|
+
"host": {
|
|
984
1145
|
"properties": {
|
|
985
|
-
"
|
|
986
|
-
"ignore_above": 1024,
|
|
987
|
-
"type": "keyword"
|
|
988
|
-
},
|
|
989
|
-
"sha1": {
|
|
1146
|
+
"architecture": {
|
|
990
1147
|
"ignore_above": 1024,
|
|
991
1148
|
"type": "keyword"
|
|
992
1149
|
},
|
|
993
|
-
"
|
|
994
|
-
"
|
|
995
|
-
|
|
1150
|
+
"cpu": {
|
|
1151
|
+
"properties": {
|
|
1152
|
+
"usage": {
|
|
1153
|
+
"scaling_factor": 1000,
|
|
1154
|
+
"type": "scaled_float"
|
|
1155
|
+
}
|
|
1156
|
+
}
|
|
996
1157
|
},
|
|
997
|
-
"
|
|
998
|
-
"
|
|
999
|
-
|
|
1000
|
-
|
|
1001
|
-
|
|
1002
|
-
|
|
1003
|
-
|
|
1004
|
-
|
|
1005
|
-
|
|
1006
|
-
|
|
1007
|
-
|
|
1158
|
+
"disk": {
|
|
1159
|
+
"properties": {
|
|
1160
|
+
"read": {
|
|
1161
|
+
"properties": {
|
|
1162
|
+
"bytes": {
|
|
1163
|
+
"type": "long"
|
|
1164
|
+
}
|
|
1165
|
+
}
|
|
1166
|
+
},
|
|
1167
|
+
"write": {
|
|
1168
|
+
"properties": {
|
|
1169
|
+
"bytes": {
|
|
1170
|
+
"type": "long"
|
|
1171
|
+
}
|
|
1172
|
+
}
|
|
1173
|
+
}
|
|
1174
|
+
}
|
|
1008
1175
|
},
|
|
1009
1176
|
"domain": {
|
|
1010
1177
|
"ignore_above": 1024,
|
|
@@ -1016,6 +1183,10 @@
|
|
|
1016
1183
|
"ignore_above": 1024,
|
|
1017
1184
|
"type": "keyword"
|
|
1018
1185
|
},
|
|
1186
|
+
"continent_code": {
|
|
1187
|
+
"ignore_above": 1024,
|
|
1188
|
+
"type": "keyword"
|
|
1189
|
+
},
|
|
1019
1190
|
"continent_name": {
|
|
1020
1191
|
"ignore_above": 1024,
|
|
1021
1192
|
"type": "keyword"
|
|
@@ -1035,6 +1206,10 @@
|
|
|
1035
1206
|
"ignore_above": 1024,
|
|
1036
1207
|
"type": "keyword"
|
|
1037
1208
|
},
|
|
1209
|
+
"postal_code": {
|
|
1210
|
+
"ignore_above": 1024,
|
|
1211
|
+
"type": "keyword"
|
|
1212
|
+
},
|
|
1038
1213
|
"region_iso_code": {
|
|
1039
1214
|
"ignore_above": 1024,
|
|
1040
1215
|
"type": "keyword"
|
|
@@ -1042,6 +1217,10 @@
|
|
|
1042
1217
|
"region_name": {
|
|
1043
1218
|
"ignore_above": 1024,
|
|
1044
1219
|
"type": "keyword"
|
|
1220
|
+
},
|
|
1221
|
+
"timezone": {
|
|
1222
|
+
"ignore_above": 1024,
|
|
1223
|
+
"type": "keyword"
|
|
1045
1224
|
}
|
|
1046
1225
|
}
|
|
1047
1226
|
},
|
|
@@ -1064,6 +1243,30 @@
|
|
|
1064
1243
|
"ignore_above": 1024,
|
|
1065
1244
|
"type": "keyword"
|
|
1066
1245
|
},
|
|
1246
|
+
"network": {
|
|
1247
|
+
"properties": {
|
|
1248
|
+
"egress": {
|
|
1249
|
+
"properties": {
|
|
1250
|
+
"bytes": {
|
|
1251
|
+
"type": "long"
|
|
1252
|
+
},
|
|
1253
|
+
"packets": {
|
|
1254
|
+
"type": "long"
|
|
1255
|
+
}
|
|
1256
|
+
}
|
|
1257
|
+
},
|
|
1258
|
+
"ingress": {
|
|
1259
|
+
"properties": {
|
|
1260
|
+
"bytes": {
|
|
1261
|
+
"type": "long"
|
|
1262
|
+
},
|
|
1263
|
+
"packets": {
|
|
1264
|
+
"type": "long"
|
|
1265
|
+
}
|
|
1266
|
+
}
|
|
1267
|
+
}
|
|
1268
|
+
}
|
|
1269
|
+
},
|
|
1067
1270
|
"os": {
|
|
1068
1271
|
"properties": {
|
|
1069
1272
|
"family": {
|
|
@@ -1098,6 +1301,10 @@
|
|
|
1098
1301
|
"ignore_above": 1024,
|
|
1099
1302
|
"type": "keyword"
|
|
1100
1303
|
},
|
|
1304
|
+
"type": {
|
|
1305
|
+
"ignore_above": 1024,
|
|
1306
|
+
"type": "keyword"
|
|
1307
|
+
},
|
|
1101
1308
|
"version": {
|
|
1102
1309
|
"ignore_above": 1024,
|
|
1103
1310
|
"type": "keyword"
|
|
@@ -1164,6 +1371,10 @@
|
|
|
1164
1371
|
},
|
|
1165
1372
|
"ignore_above": 1024,
|
|
1166
1373
|
"type": "keyword"
|
|
1374
|
+
},
|
|
1375
|
+
"roles": {
|
|
1376
|
+
"ignore_above": 1024,
|
|
1377
|
+
"type": "keyword"
|
|
1167
1378
|
}
|
|
1168
1379
|
}
|
|
1169
1380
|
}
|
|
@@ -1193,10 +1404,18 @@
|
|
|
1193
1404
|
"bytes": {
|
|
1194
1405
|
"type": "long"
|
|
1195
1406
|
},
|
|
1407
|
+
"id": {
|
|
1408
|
+
"ignore_above": 1024,
|
|
1409
|
+
"type": "keyword"
|
|
1410
|
+
},
|
|
1196
1411
|
"method": {
|
|
1197
1412
|
"ignore_above": 1024,
|
|
1198
1413
|
"type": "keyword"
|
|
1199
1414
|
},
|
|
1415
|
+
"mime_type": {
|
|
1416
|
+
"ignore_above": 1024,
|
|
1417
|
+
"type": "keyword"
|
|
1418
|
+
},
|
|
1200
1419
|
"referrer": {
|
|
1201
1420
|
"ignore_above": 1024,
|
|
1202
1421
|
"type": "keyword"
|
|
@@ -1225,6 +1444,10 @@
|
|
|
1225
1444
|
"bytes": {
|
|
1226
1445
|
"type": "long"
|
|
1227
1446
|
},
|
|
1447
|
+
"mime_type": {
|
|
1448
|
+
"ignore_above": 1024,
|
|
1449
|
+
"type": "keyword"
|
|
1450
|
+
},
|
|
1228
1451
|
"status_code": {
|
|
1229
1452
|
"type": "long"
|
|
1230
1453
|
}
|
|
@@ -1236,27 +1459,19 @@
|
|
|
1236
1459
|
}
|
|
1237
1460
|
}
|
|
1238
1461
|
},
|
|
1239
|
-
"interface": {
|
|
1240
|
-
"properties": {
|
|
1241
|
-
"alias": {
|
|
1242
|
-
"ignore_above": 1024,
|
|
1243
|
-
"type": "keyword"
|
|
1244
|
-
},
|
|
1245
|
-
"id": {
|
|
1246
|
-
"ignore_above": 1024,
|
|
1247
|
-
"type": "keyword"
|
|
1248
|
-
},
|
|
1249
|
-
"name": {
|
|
1250
|
-
"ignore_above": 1024,
|
|
1251
|
-
"type": "keyword"
|
|
1252
|
-
}
|
|
1253
|
-
}
|
|
1254
|
-
},
|
|
1255
1462
|
"labels": {
|
|
1256
1463
|
"type": "object"
|
|
1257
1464
|
},
|
|
1258
1465
|
"log": {
|
|
1259
1466
|
"properties": {
|
|
1467
|
+
"file": {
|
|
1468
|
+
"properties": {
|
|
1469
|
+
"path": {
|
|
1470
|
+
"ignore_above": 1024,
|
|
1471
|
+
"type": "keyword"
|
|
1472
|
+
}
|
|
1473
|
+
}
|
|
1474
|
+
},
|
|
1260
1475
|
"level": {
|
|
1261
1476
|
"ignore_above": 1024,
|
|
1262
1477
|
"type": "keyword"
|
|
@@ -1445,6 +1660,10 @@
|
|
|
1445
1660
|
"ignore_above": 1024,
|
|
1446
1661
|
"type": "keyword"
|
|
1447
1662
|
},
|
|
1663
|
+
"continent_code": {
|
|
1664
|
+
"ignore_above": 1024,
|
|
1665
|
+
"type": "keyword"
|
|
1666
|
+
},
|
|
1448
1667
|
"continent_name": {
|
|
1449
1668
|
"ignore_above": 1024,
|
|
1450
1669
|
"type": "keyword"
|
|
@@ -1464,6 +1683,10 @@
|
|
|
1464
1683
|
"ignore_above": 1024,
|
|
1465
1684
|
"type": "keyword"
|
|
1466
1685
|
},
|
|
1686
|
+
"postal_code": {
|
|
1687
|
+
"ignore_above": 1024,
|
|
1688
|
+
"type": "keyword"
|
|
1689
|
+
},
|
|
1467
1690
|
"region_iso_code": {
|
|
1468
1691
|
"ignore_above": 1024,
|
|
1469
1692
|
"type": "keyword"
|
|
@@ -1471,6 +1694,10 @@
|
|
|
1471
1694
|
"region_name": {
|
|
1472
1695
|
"ignore_above": 1024,
|
|
1473
1696
|
"type": "keyword"
|
|
1697
|
+
},
|
|
1698
|
+
"timezone": {
|
|
1699
|
+
"ignore_above": 1024,
|
|
1700
|
+
"type": "keyword"
|
|
1474
1701
|
}
|
|
1475
1702
|
}
|
|
1476
1703
|
},
|
|
@@ -1560,6 +1787,10 @@
|
|
|
1560
1787
|
"ignore_above": 1024,
|
|
1561
1788
|
"type": "keyword"
|
|
1562
1789
|
},
|
|
1790
|
+
"type": {
|
|
1791
|
+
"ignore_above": 1024,
|
|
1792
|
+
"type": "keyword"
|
|
1793
|
+
},
|
|
1563
1794
|
"version": {
|
|
1564
1795
|
"ignore_above": 1024,
|
|
1565
1796
|
"type": "keyword"
|
|
@@ -1588,41 +1819,57 @@
|
|
|
1588
1819
|
}
|
|
1589
1820
|
}
|
|
1590
1821
|
},
|
|
1591
|
-
"
|
|
1822
|
+
"orchestrator": {
|
|
1592
1823
|
"properties": {
|
|
1593
|
-
"
|
|
1824
|
+
"api_version": {
|
|
1594
1825
|
"ignore_above": 1024,
|
|
1595
1826
|
"type": "keyword"
|
|
1596
1827
|
},
|
|
1597
|
-
"
|
|
1598
|
-
"
|
|
1599
|
-
"
|
|
1600
|
-
"
|
|
1601
|
-
"type": "
|
|
1828
|
+
"cluster": {
|
|
1829
|
+
"properties": {
|
|
1830
|
+
"name": {
|
|
1831
|
+
"ignore_above": 1024,
|
|
1832
|
+
"type": "keyword"
|
|
1833
|
+
},
|
|
1834
|
+
"url": {
|
|
1835
|
+
"ignore_above": 1024,
|
|
1836
|
+
"type": "keyword"
|
|
1837
|
+
},
|
|
1838
|
+
"version": {
|
|
1839
|
+
"ignore_above": 1024,
|
|
1840
|
+
"type": "keyword"
|
|
1602
1841
|
}
|
|
1603
|
-
}
|
|
1842
|
+
}
|
|
1843
|
+
},
|
|
1844
|
+
"namespace": {
|
|
1604
1845
|
"ignore_above": 1024,
|
|
1605
1846
|
"type": "keyword"
|
|
1606
|
-
}
|
|
1607
|
-
|
|
1608
|
-
},
|
|
1609
|
-
"os": {
|
|
1610
|
-
"properties": {
|
|
1611
|
-
"family": {
|
|
1847
|
+
},
|
|
1848
|
+
"organization": {
|
|
1612
1849
|
"ignore_above": 1024,
|
|
1613
1850
|
"type": "keyword"
|
|
1614
1851
|
},
|
|
1615
|
-
"
|
|
1616
|
-
"
|
|
1617
|
-
"
|
|
1618
|
-
"
|
|
1619
|
-
"type": "
|
|
1852
|
+
"resource": {
|
|
1853
|
+
"properties": {
|
|
1854
|
+
"name": {
|
|
1855
|
+
"ignore_above": 1024,
|
|
1856
|
+
"type": "keyword"
|
|
1857
|
+
},
|
|
1858
|
+
"type": {
|
|
1859
|
+
"ignore_above": 1024,
|
|
1860
|
+
"type": "keyword"
|
|
1620
1861
|
}
|
|
1621
|
-
}
|
|
1862
|
+
}
|
|
1863
|
+
},
|
|
1864
|
+
"type": {
|
|
1622
1865
|
"ignore_above": 1024,
|
|
1623
1866
|
"type": "keyword"
|
|
1624
|
-
}
|
|
1625
|
-
|
|
1867
|
+
}
|
|
1868
|
+
}
|
|
1869
|
+
},
|
|
1870
|
+
"organization": {
|
|
1871
|
+
"properties": {
|
|
1872
|
+
"id": {
|
|
1626
1873
|
"ignore_above": 1024,
|
|
1627
1874
|
"type": "keyword"
|
|
1628
1875
|
},
|
|
@@ -1635,14 +1882,6 @@
|
|
|
1635
1882
|
},
|
|
1636
1883
|
"ignore_above": 1024,
|
|
1637
1884
|
"type": "keyword"
|
|
1638
|
-
},
|
|
1639
|
-
"platform": {
|
|
1640
|
-
"ignore_above": 1024,
|
|
1641
|
-
"type": "keyword"
|
|
1642
|
-
},
|
|
1643
|
-
"version": {
|
|
1644
|
-
"ignore_above": 1024,
|
|
1645
|
-
"type": "keyword"
|
|
1646
1885
|
}
|
|
1647
1886
|
}
|
|
1648
1887
|
},
|
|
@@ -1700,30 +1939,6 @@
|
|
|
1700
1939
|
}
|
|
1701
1940
|
}
|
|
1702
1941
|
},
|
|
1703
|
-
"pe": {
|
|
1704
|
-
"properties": {
|
|
1705
|
-
"company": {
|
|
1706
|
-
"ignore_above": 1024,
|
|
1707
|
-
"type": "keyword"
|
|
1708
|
-
},
|
|
1709
|
-
"description": {
|
|
1710
|
-
"ignore_above": 1024,
|
|
1711
|
-
"type": "keyword"
|
|
1712
|
-
},
|
|
1713
|
-
"file_version": {
|
|
1714
|
-
"ignore_above": 1024,
|
|
1715
|
-
"type": "keyword"
|
|
1716
|
-
},
|
|
1717
|
-
"original_file_name": {
|
|
1718
|
-
"ignore_above": 1024,
|
|
1719
|
-
"type": "keyword"
|
|
1720
|
-
},
|
|
1721
|
-
"product": {
|
|
1722
|
-
"ignore_above": 1024,
|
|
1723
|
-
"type": "keyword"
|
|
1724
|
-
}
|
|
1725
|
-
}
|
|
1726
|
-
},
|
|
1727
1942
|
"process": {
|
|
1728
1943
|
"properties": {
|
|
1729
1944
|
"args": {
|
|
@@ -1738,6 +1953,10 @@
|
|
|
1738
1953
|
"exists": {
|
|
1739
1954
|
"type": "boolean"
|
|
1740
1955
|
},
|
|
1956
|
+
"signing_id": {
|
|
1957
|
+
"ignore_above": 1024,
|
|
1958
|
+
"type": "keyword"
|
|
1959
|
+
},
|
|
1741
1960
|
"status": {
|
|
1742
1961
|
"ignore_above": 1024,
|
|
1743
1962
|
"type": "keyword"
|
|
@@ -1746,6 +1965,10 @@
|
|
|
1746
1965
|
"ignore_above": 1024,
|
|
1747
1966
|
"type": "keyword"
|
|
1748
1967
|
},
|
|
1968
|
+
"team_id": {
|
|
1969
|
+
"ignore_above": 1024,
|
|
1970
|
+
"type": "keyword"
|
|
1971
|
+
},
|
|
1749
1972
|
"trusted": {
|
|
1750
1973
|
"type": "boolean"
|
|
1751
1974
|
},
|
|
@@ -1798,6 +2021,10 @@
|
|
|
1798
2021
|
"sha512": {
|
|
1799
2022
|
"ignore_above": 1024,
|
|
1800
2023
|
"type": "keyword"
|
|
2024
|
+
},
|
|
2025
|
+
"ssdeep": {
|
|
2026
|
+
"ignore_above": 1024,
|
|
2027
|
+
"type": "keyword"
|
|
1801
2028
|
}
|
|
1802
2029
|
}
|
|
1803
2030
|
},
|
|
@@ -1825,6 +2052,10 @@
|
|
|
1825
2052
|
"exists": {
|
|
1826
2053
|
"type": "boolean"
|
|
1827
2054
|
},
|
|
2055
|
+
"signing_id": {
|
|
2056
|
+
"ignore_above": 1024,
|
|
2057
|
+
"type": "keyword"
|
|
2058
|
+
},
|
|
1828
2059
|
"status": {
|
|
1829
2060
|
"ignore_above": 1024,
|
|
1830
2061
|
"type": "keyword"
|
|
@@ -1833,6 +2064,10 @@
|
|
|
1833
2064
|
"ignore_above": 1024,
|
|
1834
2065
|
"type": "keyword"
|
|
1835
2066
|
},
|
|
2067
|
+
"team_id": {
|
|
2068
|
+
"ignore_above": 1024,
|
|
2069
|
+
"type": "keyword"
|
|
2070
|
+
},
|
|
1836
2071
|
"trusted": {
|
|
1837
2072
|
"type": "boolean"
|
|
1838
2073
|
},
|
|
@@ -1885,6 +2120,10 @@
|
|
|
1885
2120
|
"sha512": {
|
|
1886
2121
|
"ignore_above": 1024,
|
|
1887
2122
|
"type": "keyword"
|
|
2123
|
+
},
|
|
2124
|
+
"ssdeep": {
|
|
2125
|
+
"ignore_above": 1024,
|
|
2126
|
+
"type": "keyword"
|
|
1888
2127
|
}
|
|
1889
2128
|
}
|
|
1890
2129
|
},
|
|
@@ -1898,6 +2137,38 @@
|
|
|
1898
2137
|
"ignore_above": 1024,
|
|
1899
2138
|
"type": "keyword"
|
|
1900
2139
|
},
|
|
2140
|
+
"pe": {
|
|
2141
|
+
"properties": {
|
|
2142
|
+
"architecture": {
|
|
2143
|
+
"ignore_above": 1024,
|
|
2144
|
+
"type": "keyword"
|
|
2145
|
+
},
|
|
2146
|
+
"company": {
|
|
2147
|
+
"ignore_above": 1024,
|
|
2148
|
+
"type": "keyword"
|
|
2149
|
+
},
|
|
2150
|
+
"description": {
|
|
2151
|
+
"ignore_above": 1024,
|
|
2152
|
+
"type": "keyword"
|
|
2153
|
+
},
|
|
2154
|
+
"file_version": {
|
|
2155
|
+
"ignore_above": 1024,
|
|
2156
|
+
"type": "keyword"
|
|
2157
|
+
},
|
|
2158
|
+
"imphash": {
|
|
2159
|
+
"ignore_above": 1024,
|
|
2160
|
+
"type": "keyword"
|
|
2161
|
+
},
|
|
2162
|
+
"original_file_name": {
|
|
2163
|
+
"ignore_above": 1024,
|
|
2164
|
+
"type": "keyword"
|
|
2165
|
+
},
|
|
2166
|
+
"product": {
|
|
2167
|
+
"ignore_above": 1024,
|
|
2168
|
+
"type": "keyword"
|
|
2169
|
+
}
|
|
2170
|
+
}
|
|
2171
|
+
},
|
|
1901
2172
|
"pgid": {
|
|
1902
2173
|
"type": "long"
|
|
1903
2174
|
},
|
|
@@ -1948,6 +2219,10 @@
|
|
|
1948
2219
|
},
|
|
1949
2220
|
"pe": {
|
|
1950
2221
|
"properties": {
|
|
2222
|
+
"architecture": {
|
|
2223
|
+
"ignore_above": 1024,
|
|
2224
|
+
"type": "keyword"
|
|
2225
|
+
},
|
|
1951
2226
|
"company": {
|
|
1952
2227
|
"ignore_above": 1024,
|
|
1953
2228
|
"type": "keyword"
|
|
@@ -1960,6 +2235,10 @@
|
|
|
1960
2235
|
"ignore_above": 1024,
|
|
1961
2236
|
"type": "keyword"
|
|
1962
2237
|
},
|
|
2238
|
+
"imphash": {
|
|
2239
|
+
"ignore_above": 1024,
|
|
2240
|
+
"type": "keyword"
|
|
2241
|
+
},
|
|
1963
2242
|
"original_file_name": {
|
|
1964
2243
|
"ignore_above": 1024,
|
|
1965
2244
|
"type": "keyword"
|
|
@@ -2060,6 +2339,10 @@
|
|
|
2060
2339
|
"ignore_above": 1024,
|
|
2061
2340
|
"type": "keyword"
|
|
2062
2341
|
},
|
|
2342
|
+
"hosts": {
|
|
2343
|
+
"ignore_above": 1024,
|
|
2344
|
+
"type": "keyword"
|
|
2345
|
+
},
|
|
2063
2346
|
"ip": {
|
|
2064
2347
|
"type": "ip"
|
|
2065
2348
|
},
|
|
@@ -2153,6 +2436,10 @@
|
|
|
2153
2436
|
"ignore_above": 1024,
|
|
2154
2437
|
"type": "keyword"
|
|
2155
2438
|
},
|
|
2439
|
+
"continent_code": {
|
|
2440
|
+
"ignore_above": 1024,
|
|
2441
|
+
"type": "keyword"
|
|
2442
|
+
},
|
|
2156
2443
|
"continent_name": {
|
|
2157
2444
|
"ignore_above": 1024,
|
|
2158
2445
|
"type": "keyword"
|
|
@@ -2172,6 +2459,10 @@
|
|
|
2172
2459
|
"ignore_above": 1024,
|
|
2173
2460
|
"type": "keyword"
|
|
2174
2461
|
},
|
|
2462
|
+
"postal_code": {
|
|
2463
|
+
"ignore_above": 1024,
|
|
2464
|
+
"type": "keyword"
|
|
2465
|
+
},
|
|
2175
2466
|
"region_iso_code": {
|
|
2176
2467
|
"ignore_above": 1024,
|
|
2177
2468
|
"type": "keyword"
|
|
@@ -2179,6 +2470,10 @@
|
|
|
2179
2470
|
"region_name": {
|
|
2180
2471
|
"ignore_above": 1024,
|
|
2181
2472
|
"type": "keyword"
|
|
2473
|
+
},
|
|
2474
|
+
"timezone": {
|
|
2475
|
+
"ignore_above": 1024,
|
|
2476
|
+
"type": "keyword"
|
|
2182
2477
|
}
|
|
2183
2478
|
}
|
|
2184
2479
|
},
|
|
@@ -2209,6 +2504,10 @@
|
|
|
2209
2504
|
"ignore_above": 1024,
|
|
2210
2505
|
"type": "keyword"
|
|
2211
2506
|
},
|
|
2507
|
+
"subdomain": {
|
|
2508
|
+
"ignore_above": 1024,
|
|
2509
|
+
"type": "keyword"
|
|
2510
|
+
},
|
|
2212
2511
|
"top_level_domain": {
|
|
2213
2512
|
"ignore_above": 1024,
|
|
2214
2513
|
"type": "keyword"
|
|
@@ -2266,6 +2565,10 @@
|
|
|
2266
2565
|
},
|
|
2267
2566
|
"ignore_above": 1024,
|
|
2268
2567
|
"type": "keyword"
|
|
2568
|
+
},
|
|
2569
|
+
"roles": {
|
|
2570
|
+
"ignore_above": 1024,
|
|
2571
|
+
"type": "keyword"
|
|
2269
2572
|
}
|
|
2270
2573
|
}
|
|
2271
2574
|
}
|
|
@@ -2347,6 +2650,10 @@
|
|
|
2347
2650
|
"ignore_above": 1024,
|
|
2348
2651
|
"type": "keyword"
|
|
2349
2652
|
},
|
|
2653
|
+
"continent_code": {
|
|
2654
|
+
"ignore_above": 1024,
|
|
2655
|
+
"type": "keyword"
|
|
2656
|
+
},
|
|
2350
2657
|
"continent_name": {
|
|
2351
2658
|
"ignore_above": 1024,
|
|
2352
2659
|
"type": "keyword"
|
|
@@ -2366,6 +2673,10 @@
|
|
|
2366
2673
|
"ignore_above": 1024,
|
|
2367
2674
|
"type": "keyword"
|
|
2368
2675
|
},
|
|
2676
|
+
"postal_code": {
|
|
2677
|
+
"ignore_above": 1024,
|
|
2678
|
+
"type": "keyword"
|
|
2679
|
+
},
|
|
2369
2680
|
"region_iso_code": {
|
|
2370
2681
|
"ignore_above": 1024,
|
|
2371
2682
|
"type": "keyword"
|
|
@@ -2373,6 +2684,10 @@
|
|
|
2373
2684
|
"region_name": {
|
|
2374
2685
|
"ignore_above": 1024,
|
|
2375
2686
|
"type": "keyword"
|
|
2687
|
+
},
|
|
2688
|
+
"timezone": {
|
|
2689
|
+
"ignore_above": 1024,
|
|
2690
|
+
"type": "keyword"
|
|
2376
2691
|
}
|
|
2377
2692
|
}
|
|
2378
2693
|
},
|
|
@@ -2403,6 +2718,10 @@
|
|
|
2403
2718
|
"ignore_above": 1024,
|
|
2404
2719
|
"type": "keyword"
|
|
2405
2720
|
},
|
|
2721
|
+
"subdomain": {
|
|
2722
|
+
"ignore_above": 1024,
|
|
2723
|
+
"type": "keyword"
|
|
2724
|
+
},
|
|
2406
2725
|
"top_level_domain": {
|
|
2407
2726
|
"ignore_above": 1024,
|
|
2408
2727
|
"type": "keyword"
|
|
@@ -2460,8 +2779,20 @@
|
|
|
2460
2779
|
},
|
|
2461
2780
|
"ignore_above": 1024,
|
|
2462
2781
|
"type": "keyword"
|
|
2463
|
-
}
|
|
2464
|
-
|
|
2782
|
+
},
|
|
2783
|
+
"roles": {
|
|
2784
|
+
"ignore_above": 1024,
|
|
2785
|
+
"type": "keyword"
|
|
2786
|
+
}
|
|
2787
|
+
}
|
|
2788
|
+
}
|
|
2789
|
+
}
|
|
2790
|
+
},
|
|
2791
|
+
"span": {
|
|
2792
|
+
"properties": {
|
|
2793
|
+
"id": {
|
|
2794
|
+
"ignore_above": 1024,
|
|
2795
|
+
"type": "keyword"
|
|
2465
2796
|
}
|
|
2466
2797
|
}
|
|
2467
2798
|
},
|
|
@@ -2510,6 +2841,28 @@
|
|
|
2510
2841
|
"reference": {
|
|
2511
2842
|
"ignore_above": 1024,
|
|
2512
2843
|
"type": "keyword"
|
|
2844
|
+
},
|
|
2845
|
+
"subtechnique": {
|
|
2846
|
+
"properties": {
|
|
2847
|
+
"id": {
|
|
2848
|
+
"ignore_above": 1024,
|
|
2849
|
+
"type": "keyword"
|
|
2850
|
+
},
|
|
2851
|
+
"name": {
|
|
2852
|
+
"fields": {
|
|
2853
|
+
"text": {
|
|
2854
|
+
"norms": false,
|
|
2855
|
+
"type": "text"
|
|
2856
|
+
}
|
|
2857
|
+
},
|
|
2858
|
+
"ignore_above": 1024,
|
|
2859
|
+
"type": "keyword"
|
|
2860
|
+
},
|
|
2861
|
+
"reference": {
|
|
2862
|
+
"ignore_above": 1024,
|
|
2863
|
+
"type": "keyword"
|
|
2864
|
+
}
|
|
2865
|
+
}
|
|
2513
2866
|
}
|
|
2514
2867
|
}
|
|
2515
2868
|
}
|
|
@@ -2572,6 +2925,112 @@
|
|
|
2572
2925
|
"supported_ciphers": {
|
|
2573
2926
|
"ignore_above": 1024,
|
|
2574
2927
|
"type": "keyword"
|
|
2928
|
+
},
|
|
2929
|
+
"x509": {
|
|
2930
|
+
"properties": {
|
|
2931
|
+
"alternative_names": {
|
|
2932
|
+
"ignore_above": 1024,
|
|
2933
|
+
"type": "keyword"
|
|
2934
|
+
},
|
|
2935
|
+
"issuer": {
|
|
2936
|
+
"properties": {
|
|
2937
|
+
"common_name": {
|
|
2938
|
+
"ignore_above": 1024,
|
|
2939
|
+
"type": "keyword"
|
|
2940
|
+
},
|
|
2941
|
+
"country": {
|
|
2942
|
+
"ignore_above": 1024,
|
|
2943
|
+
"type": "keyword"
|
|
2944
|
+
},
|
|
2945
|
+
"distinguished_name": {
|
|
2946
|
+
"ignore_above": 1024,
|
|
2947
|
+
"type": "keyword"
|
|
2948
|
+
},
|
|
2949
|
+
"locality": {
|
|
2950
|
+
"ignore_above": 1024,
|
|
2951
|
+
"type": "keyword"
|
|
2952
|
+
},
|
|
2953
|
+
"organization": {
|
|
2954
|
+
"ignore_above": 1024,
|
|
2955
|
+
"type": "keyword"
|
|
2956
|
+
},
|
|
2957
|
+
"organizational_unit": {
|
|
2958
|
+
"ignore_above": 1024,
|
|
2959
|
+
"type": "keyword"
|
|
2960
|
+
},
|
|
2961
|
+
"state_or_province": {
|
|
2962
|
+
"ignore_above": 1024,
|
|
2963
|
+
"type": "keyword"
|
|
2964
|
+
}
|
|
2965
|
+
}
|
|
2966
|
+
},
|
|
2967
|
+
"not_after": {
|
|
2968
|
+
"type": "date"
|
|
2969
|
+
},
|
|
2970
|
+
"not_before": {
|
|
2971
|
+
"type": "date"
|
|
2972
|
+
},
|
|
2973
|
+
"public_key_algorithm": {
|
|
2974
|
+
"ignore_above": 1024,
|
|
2975
|
+
"type": "keyword"
|
|
2976
|
+
},
|
|
2977
|
+
"public_key_curve": {
|
|
2978
|
+
"ignore_above": 1024,
|
|
2979
|
+
"type": "keyword"
|
|
2980
|
+
},
|
|
2981
|
+
"public_key_exponent": {
|
|
2982
|
+
"doc_values": false,
|
|
2983
|
+
"index": false,
|
|
2984
|
+
"type": "long"
|
|
2985
|
+
},
|
|
2986
|
+
"public_key_size": {
|
|
2987
|
+
"type": "long"
|
|
2988
|
+
},
|
|
2989
|
+
"serial_number": {
|
|
2990
|
+
"ignore_above": 1024,
|
|
2991
|
+
"type": "keyword"
|
|
2992
|
+
},
|
|
2993
|
+
"signature_algorithm": {
|
|
2994
|
+
"ignore_above": 1024,
|
|
2995
|
+
"type": "keyword"
|
|
2996
|
+
},
|
|
2997
|
+
"subject": {
|
|
2998
|
+
"properties": {
|
|
2999
|
+
"common_name": {
|
|
3000
|
+
"ignore_above": 1024,
|
|
3001
|
+
"type": "keyword"
|
|
3002
|
+
},
|
|
3003
|
+
"country": {
|
|
3004
|
+
"ignore_above": 1024,
|
|
3005
|
+
"type": "keyword"
|
|
3006
|
+
},
|
|
3007
|
+
"distinguished_name": {
|
|
3008
|
+
"ignore_above": 1024,
|
|
3009
|
+
"type": "keyword"
|
|
3010
|
+
},
|
|
3011
|
+
"locality": {
|
|
3012
|
+
"ignore_above": 1024,
|
|
3013
|
+
"type": "keyword"
|
|
3014
|
+
},
|
|
3015
|
+
"organization": {
|
|
3016
|
+
"ignore_above": 1024,
|
|
3017
|
+
"type": "keyword"
|
|
3018
|
+
},
|
|
3019
|
+
"organizational_unit": {
|
|
3020
|
+
"ignore_above": 1024,
|
|
3021
|
+
"type": "keyword"
|
|
3022
|
+
},
|
|
3023
|
+
"state_or_province": {
|
|
3024
|
+
"ignore_above": 1024,
|
|
3025
|
+
"type": "keyword"
|
|
3026
|
+
}
|
|
3027
|
+
}
|
|
3028
|
+
},
|
|
3029
|
+
"version_number": {
|
|
3030
|
+
"ignore_above": 1024,
|
|
3031
|
+
"type": "keyword"
|
|
3032
|
+
}
|
|
3033
|
+
}
|
|
2575
3034
|
}
|
|
2576
3035
|
}
|
|
2577
3036
|
},
|
|
@@ -2632,6 +3091,112 @@
|
|
|
2632
3091
|
"subject": {
|
|
2633
3092
|
"ignore_above": 1024,
|
|
2634
3093
|
"type": "keyword"
|
|
3094
|
+
},
|
|
3095
|
+
"x509": {
|
|
3096
|
+
"properties": {
|
|
3097
|
+
"alternative_names": {
|
|
3098
|
+
"ignore_above": 1024,
|
|
3099
|
+
"type": "keyword"
|
|
3100
|
+
},
|
|
3101
|
+
"issuer": {
|
|
3102
|
+
"properties": {
|
|
3103
|
+
"common_name": {
|
|
3104
|
+
"ignore_above": 1024,
|
|
3105
|
+
"type": "keyword"
|
|
3106
|
+
},
|
|
3107
|
+
"country": {
|
|
3108
|
+
"ignore_above": 1024,
|
|
3109
|
+
"type": "keyword"
|
|
3110
|
+
},
|
|
3111
|
+
"distinguished_name": {
|
|
3112
|
+
"ignore_above": 1024,
|
|
3113
|
+
"type": "keyword"
|
|
3114
|
+
},
|
|
3115
|
+
"locality": {
|
|
3116
|
+
"ignore_above": 1024,
|
|
3117
|
+
"type": "keyword"
|
|
3118
|
+
},
|
|
3119
|
+
"organization": {
|
|
3120
|
+
"ignore_above": 1024,
|
|
3121
|
+
"type": "keyword"
|
|
3122
|
+
},
|
|
3123
|
+
"organizational_unit": {
|
|
3124
|
+
"ignore_above": 1024,
|
|
3125
|
+
"type": "keyword"
|
|
3126
|
+
},
|
|
3127
|
+
"state_or_province": {
|
|
3128
|
+
"ignore_above": 1024,
|
|
3129
|
+
"type": "keyword"
|
|
3130
|
+
}
|
|
3131
|
+
}
|
|
3132
|
+
},
|
|
3133
|
+
"not_after": {
|
|
3134
|
+
"type": "date"
|
|
3135
|
+
},
|
|
3136
|
+
"not_before": {
|
|
3137
|
+
"type": "date"
|
|
3138
|
+
},
|
|
3139
|
+
"public_key_algorithm": {
|
|
3140
|
+
"ignore_above": 1024,
|
|
3141
|
+
"type": "keyword"
|
|
3142
|
+
},
|
|
3143
|
+
"public_key_curve": {
|
|
3144
|
+
"ignore_above": 1024,
|
|
3145
|
+
"type": "keyword"
|
|
3146
|
+
},
|
|
3147
|
+
"public_key_exponent": {
|
|
3148
|
+
"doc_values": false,
|
|
3149
|
+
"index": false,
|
|
3150
|
+
"type": "long"
|
|
3151
|
+
},
|
|
3152
|
+
"public_key_size": {
|
|
3153
|
+
"type": "long"
|
|
3154
|
+
},
|
|
3155
|
+
"serial_number": {
|
|
3156
|
+
"ignore_above": 1024,
|
|
3157
|
+
"type": "keyword"
|
|
3158
|
+
},
|
|
3159
|
+
"signature_algorithm": {
|
|
3160
|
+
"ignore_above": 1024,
|
|
3161
|
+
"type": "keyword"
|
|
3162
|
+
},
|
|
3163
|
+
"subject": {
|
|
3164
|
+
"properties": {
|
|
3165
|
+
"common_name": {
|
|
3166
|
+
"ignore_above": 1024,
|
|
3167
|
+
"type": "keyword"
|
|
3168
|
+
},
|
|
3169
|
+
"country": {
|
|
3170
|
+
"ignore_above": 1024,
|
|
3171
|
+
"type": "keyword"
|
|
3172
|
+
},
|
|
3173
|
+
"distinguished_name": {
|
|
3174
|
+
"ignore_above": 1024,
|
|
3175
|
+
"type": "keyword"
|
|
3176
|
+
},
|
|
3177
|
+
"locality": {
|
|
3178
|
+
"ignore_above": 1024,
|
|
3179
|
+
"type": "keyword"
|
|
3180
|
+
},
|
|
3181
|
+
"organization": {
|
|
3182
|
+
"ignore_above": 1024,
|
|
3183
|
+
"type": "keyword"
|
|
3184
|
+
},
|
|
3185
|
+
"organizational_unit": {
|
|
3186
|
+
"ignore_above": 1024,
|
|
3187
|
+
"type": "keyword"
|
|
3188
|
+
},
|
|
3189
|
+
"state_or_province": {
|
|
3190
|
+
"ignore_above": 1024,
|
|
3191
|
+
"type": "keyword"
|
|
3192
|
+
}
|
|
3193
|
+
}
|
|
3194
|
+
},
|
|
3195
|
+
"version_number": {
|
|
3196
|
+
"ignore_above": 1024,
|
|
3197
|
+
"type": "keyword"
|
|
3198
|
+
}
|
|
3199
|
+
}
|
|
2635
3200
|
}
|
|
2636
3201
|
}
|
|
2637
3202
|
},
|
|
@@ -2718,6 +3283,10 @@
|
|
|
2718
3283
|
"ignore_above": 1024,
|
|
2719
3284
|
"type": "keyword"
|
|
2720
3285
|
},
|
|
3286
|
+
"subdomain": {
|
|
3287
|
+
"ignore_above": 1024,
|
|
3288
|
+
"type": "keyword"
|
|
3289
|
+
},
|
|
2721
3290
|
"top_level_domain": {
|
|
2722
3291
|
"ignore_above": 1024,
|
|
2723
3292
|
"type": "keyword"
|
|
@@ -2730,10 +3299,130 @@
|
|
|
2730
3299
|
},
|
|
2731
3300
|
"user": {
|
|
2732
3301
|
"properties": {
|
|
3302
|
+
"changes": {
|
|
3303
|
+
"properties": {
|
|
3304
|
+
"domain": {
|
|
3305
|
+
"ignore_above": 1024,
|
|
3306
|
+
"type": "keyword"
|
|
3307
|
+
},
|
|
3308
|
+
"email": {
|
|
3309
|
+
"ignore_above": 1024,
|
|
3310
|
+
"type": "keyword"
|
|
3311
|
+
},
|
|
3312
|
+
"full_name": {
|
|
3313
|
+
"fields": {
|
|
3314
|
+
"text": {
|
|
3315
|
+
"norms": false,
|
|
3316
|
+
"type": "text"
|
|
3317
|
+
}
|
|
3318
|
+
},
|
|
3319
|
+
"ignore_above": 1024,
|
|
3320
|
+
"type": "keyword"
|
|
3321
|
+
},
|
|
3322
|
+
"group": {
|
|
3323
|
+
"properties": {
|
|
3324
|
+
"domain": {
|
|
3325
|
+
"ignore_above": 1024,
|
|
3326
|
+
"type": "keyword"
|
|
3327
|
+
},
|
|
3328
|
+
"id": {
|
|
3329
|
+
"ignore_above": 1024,
|
|
3330
|
+
"type": "keyword"
|
|
3331
|
+
},
|
|
3332
|
+
"name": {
|
|
3333
|
+
"ignore_above": 1024,
|
|
3334
|
+
"type": "keyword"
|
|
3335
|
+
}
|
|
3336
|
+
}
|
|
3337
|
+
},
|
|
3338
|
+
"hash": {
|
|
3339
|
+
"ignore_above": 1024,
|
|
3340
|
+
"type": "keyword"
|
|
3341
|
+
},
|
|
3342
|
+
"id": {
|
|
3343
|
+
"ignore_above": 1024,
|
|
3344
|
+
"type": "keyword"
|
|
3345
|
+
},
|
|
3346
|
+
"name": {
|
|
3347
|
+
"fields": {
|
|
3348
|
+
"text": {
|
|
3349
|
+
"norms": false,
|
|
3350
|
+
"type": "text"
|
|
3351
|
+
}
|
|
3352
|
+
},
|
|
3353
|
+
"ignore_above": 1024,
|
|
3354
|
+
"type": "keyword"
|
|
3355
|
+
},
|
|
3356
|
+
"roles": {
|
|
3357
|
+
"ignore_above": 1024,
|
|
3358
|
+
"type": "keyword"
|
|
3359
|
+
}
|
|
3360
|
+
}
|
|
3361
|
+
},
|
|
2733
3362
|
"domain": {
|
|
2734
3363
|
"ignore_above": 1024,
|
|
2735
3364
|
"type": "keyword"
|
|
2736
3365
|
},
|
|
3366
|
+
"effective": {
|
|
3367
|
+
"properties": {
|
|
3368
|
+
"domain": {
|
|
3369
|
+
"ignore_above": 1024,
|
|
3370
|
+
"type": "keyword"
|
|
3371
|
+
},
|
|
3372
|
+
"email": {
|
|
3373
|
+
"ignore_above": 1024,
|
|
3374
|
+
"type": "keyword"
|
|
3375
|
+
},
|
|
3376
|
+
"full_name": {
|
|
3377
|
+
"fields": {
|
|
3378
|
+
"text": {
|
|
3379
|
+
"norms": false,
|
|
3380
|
+
"type": "text"
|
|
3381
|
+
}
|
|
3382
|
+
},
|
|
3383
|
+
"ignore_above": 1024,
|
|
3384
|
+
"type": "keyword"
|
|
3385
|
+
},
|
|
3386
|
+
"group": {
|
|
3387
|
+
"properties": {
|
|
3388
|
+
"domain": {
|
|
3389
|
+
"ignore_above": 1024,
|
|
3390
|
+
"type": "keyword"
|
|
3391
|
+
},
|
|
3392
|
+
"id": {
|
|
3393
|
+
"ignore_above": 1024,
|
|
3394
|
+
"type": "keyword"
|
|
3395
|
+
},
|
|
3396
|
+
"name": {
|
|
3397
|
+
"ignore_above": 1024,
|
|
3398
|
+
"type": "keyword"
|
|
3399
|
+
}
|
|
3400
|
+
}
|
|
3401
|
+
},
|
|
3402
|
+
"hash": {
|
|
3403
|
+
"ignore_above": 1024,
|
|
3404
|
+
"type": "keyword"
|
|
3405
|
+
},
|
|
3406
|
+
"id": {
|
|
3407
|
+
"ignore_above": 1024,
|
|
3408
|
+
"type": "keyword"
|
|
3409
|
+
},
|
|
3410
|
+
"name": {
|
|
3411
|
+
"fields": {
|
|
3412
|
+
"text": {
|
|
3413
|
+
"norms": false,
|
|
3414
|
+
"type": "text"
|
|
3415
|
+
}
|
|
3416
|
+
},
|
|
3417
|
+
"ignore_above": 1024,
|
|
3418
|
+
"type": "keyword"
|
|
3419
|
+
},
|
|
3420
|
+
"roles": {
|
|
3421
|
+
"ignore_above": 1024,
|
|
3422
|
+
"type": "keyword"
|
|
3423
|
+
}
|
|
3424
|
+
}
|
|
3425
|
+
},
|
|
2737
3426
|
"email": {
|
|
2738
3427
|
"ignore_above": 1024,
|
|
2739
3428
|
"type": "keyword"
|
|
@@ -2781,6 +3470,70 @@
|
|
|
2781
3470
|
},
|
|
2782
3471
|
"ignore_above": 1024,
|
|
2783
3472
|
"type": "keyword"
|
|
3473
|
+
},
|
|
3474
|
+
"roles": {
|
|
3475
|
+
"ignore_above": 1024,
|
|
3476
|
+
"type": "keyword"
|
|
3477
|
+
},
|
|
3478
|
+
"target": {
|
|
3479
|
+
"properties": {
|
|
3480
|
+
"domain": {
|
|
3481
|
+
"ignore_above": 1024,
|
|
3482
|
+
"type": "keyword"
|
|
3483
|
+
},
|
|
3484
|
+
"email": {
|
|
3485
|
+
"ignore_above": 1024,
|
|
3486
|
+
"type": "keyword"
|
|
3487
|
+
},
|
|
3488
|
+
"full_name": {
|
|
3489
|
+
"fields": {
|
|
3490
|
+
"text": {
|
|
3491
|
+
"norms": false,
|
|
3492
|
+
"type": "text"
|
|
3493
|
+
}
|
|
3494
|
+
},
|
|
3495
|
+
"ignore_above": 1024,
|
|
3496
|
+
"type": "keyword"
|
|
3497
|
+
},
|
|
3498
|
+
"group": {
|
|
3499
|
+
"properties": {
|
|
3500
|
+
"domain": {
|
|
3501
|
+
"ignore_above": 1024,
|
|
3502
|
+
"type": "keyword"
|
|
3503
|
+
},
|
|
3504
|
+
"id": {
|
|
3505
|
+
"ignore_above": 1024,
|
|
3506
|
+
"type": "keyword"
|
|
3507
|
+
},
|
|
3508
|
+
"name": {
|
|
3509
|
+
"ignore_above": 1024,
|
|
3510
|
+
"type": "keyword"
|
|
3511
|
+
}
|
|
3512
|
+
}
|
|
3513
|
+
},
|
|
3514
|
+
"hash": {
|
|
3515
|
+
"ignore_above": 1024,
|
|
3516
|
+
"type": "keyword"
|
|
3517
|
+
},
|
|
3518
|
+
"id": {
|
|
3519
|
+
"ignore_above": 1024,
|
|
3520
|
+
"type": "keyword"
|
|
3521
|
+
},
|
|
3522
|
+
"name": {
|
|
3523
|
+
"fields": {
|
|
3524
|
+
"text": {
|
|
3525
|
+
"norms": false,
|
|
3526
|
+
"type": "text"
|
|
3527
|
+
}
|
|
3528
|
+
},
|
|
3529
|
+
"ignore_above": 1024,
|
|
3530
|
+
"type": "keyword"
|
|
3531
|
+
},
|
|
3532
|
+
"roles": {
|
|
3533
|
+
"ignore_above": 1024,
|
|
3534
|
+
"type": "keyword"
|
|
3535
|
+
}
|
|
3536
|
+
}
|
|
2784
3537
|
}
|
|
2785
3538
|
}
|
|
2786
3539
|
},
|
|
@@ -2842,6 +3595,10 @@
|
|
|
2842
3595
|
"ignore_above": 1024,
|
|
2843
3596
|
"type": "keyword"
|
|
2844
3597
|
},
|
|
3598
|
+
"type": {
|
|
3599
|
+
"ignore_above": 1024,
|
|
3600
|
+
"type": "keyword"
|
|
3601
|
+
},
|
|
2845
3602
|
"version": {
|
|
2846
3603
|
"ignore_above": 1024,
|
|
2847
3604
|
"type": "keyword"
|
|
@@ -2854,18 +3611,6 @@
|
|
|
2854
3611
|
}
|
|
2855
3612
|
}
|
|
2856
3613
|
},
|
|
2857
|
-
"vlan": {
|
|
2858
|
-
"properties": {
|
|
2859
|
-
"id": {
|
|
2860
|
-
"ignore_above": 1024,
|
|
2861
|
-
"type": "keyword"
|
|
2862
|
-
},
|
|
2863
|
-
"name": {
|
|
2864
|
-
"ignore_above": 1024,
|
|
2865
|
-
"type": "keyword"
|
|
2866
|
-
}
|
|
2867
|
-
}
|
|
2868
|
-
},
|
|
2869
3614
|
"vulnerability": {
|
|
2870
3615
|
"properties": {
|
|
2871
3616
|
"category": {
|