logstash-output-elasticsearch 11.2.0-java → 11.3.0-java

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,3695 @@
1
+ {
2
+ "index_patterns": [
3
+ "ecs-logstash-*"
4
+ ],
5
+ "template": {
6
+ "settings": {
7
+ "index": {
8
+ "mapping": {
9
+ "total_fields": {
10
+ "limit": 10000
11
+ }
12
+ },
13
+ "refresh_interval": "5s"
14
+ }
15
+ },
16
+ "mappings": {
17
+ "_meta": {
18
+ "version": "1.10.0"
19
+ },
20
+ "date_detection": false,
21
+ "dynamic_templates": [
22
+ {
23
+ "strings_as_keyword": {
24
+ "mapping": {
25
+ "ignore_above": 1024,
26
+ "type": "keyword"
27
+ },
28
+ "match_mapping_type": "string"
29
+ }
30
+ }
31
+ ],
32
+ "properties": {
33
+ "@timestamp": {
34
+ "type": "date"
35
+ },
36
+ "agent": {
37
+ "properties": {
38
+ "build": {
39
+ "properties": {
40
+ "original": {
41
+ "ignore_above": 1024,
42
+ "type": "keyword"
43
+ }
44
+ }
45
+ },
46
+ "ephemeral_id": {
47
+ "ignore_above": 1024,
48
+ "type": "keyword"
49
+ },
50
+ "id": {
51
+ "ignore_above": 1024,
52
+ "type": "keyword"
53
+ },
54
+ "name": {
55
+ "ignore_above": 1024,
56
+ "type": "keyword"
57
+ },
58
+ "type": {
59
+ "ignore_above": 1024,
60
+ "type": "keyword"
61
+ },
62
+ "version": {
63
+ "ignore_above": 1024,
64
+ "type": "keyword"
65
+ }
66
+ }
67
+ },
68
+ "client": {
69
+ "properties": {
70
+ "address": {
71
+ "ignore_above": 1024,
72
+ "type": "keyword"
73
+ },
74
+ "as": {
75
+ "properties": {
76
+ "number": {
77
+ "type": "long"
78
+ },
79
+ "organization": {
80
+ "properties": {
81
+ "name": {
82
+ "fields": {
83
+ "text": {
84
+ "norms": false,
85
+ "type": "text"
86
+ }
87
+ },
88
+ "ignore_above": 1024,
89
+ "type": "keyword"
90
+ }
91
+ }
92
+ }
93
+ }
94
+ },
95
+ "bytes": {
96
+ "type": "long"
97
+ },
98
+ "domain": {
99
+ "ignore_above": 1024,
100
+ "type": "keyword"
101
+ },
102
+ "geo": {
103
+ "properties": {
104
+ "city_name": {
105
+ "ignore_above": 1024,
106
+ "type": "keyword"
107
+ },
108
+ "continent_code": {
109
+ "ignore_above": 1024,
110
+ "type": "keyword"
111
+ },
112
+ "continent_name": {
113
+ "ignore_above": 1024,
114
+ "type": "keyword"
115
+ },
116
+ "country_iso_code": {
117
+ "ignore_above": 1024,
118
+ "type": "keyword"
119
+ },
120
+ "country_name": {
121
+ "ignore_above": 1024,
122
+ "type": "keyword"
123
+ },
124
+ "location": {
125
+ "type": "geo_point"
126
+ },
127
+ "name": {
128
+ "ignore_above": 1024,
129
+ "type": "keyword"
130
+ },
131
+ "postal_code": {
132
+ "ignore_above": 1024,
133
+ "type": "keyword"
134
+ },
135
+ "region_iso_code": {
136
+ "ignore_above": 1024,
137
+ "type": "keyword"
138
+ },
139
+ "region_name": {
140
+ "ignore_above": 1024,
141
+ "type": "keyword"
142
+ },
143
+ "timezone": {
144
+ "ignore_above": 1024,
145
+ "type": "keyword"
146
+ }
147
+ }
148
+ },
149
+ "ip": {
150
+ "type": "ip"
151
+ },
152
+ "mac": {
153
+ "ignore_above": 1024,
154
+ "type": "keyword"
155
+ },
156
+ "nat": {
157
+ "properties": {
158
+ "ip": {
159
+ "type": "ip"
160
+ },
161
+ "port": {
162
+ "type": "long"
163
+ }
164
+ }
165
+ },
166
+ "packets": {
167
+ "type": "long"
168
+ },
169
+ "port": {
170
+ "type": "long"
171
+ },
172
+ "registered_domain": {
173
+ "ignore_above": 1024,
174
+ "type": "keyword"
175
+ },
176
+ "subdomain": {
177
+ "ignore_above": 1024,
178
+ "type": "keyword"
179
+ },
180
+ "top_level_domain": {
181
+ "ignore_above": 1024,
182
+ "type": "keyword"
183
+ },
184
+ "user": {
185
+ "properties": {
186
+ "domain": {
187
+ "ignore_above": 1024,
188
+ "type": "keyword"
189
+ },
190
+ "email": {
191
+ "ignore_above": 1024,
192
+ "type": "keyword"
193
+ },
194
+ "full_name": {
195
+ "fields": {
196
+ "text": {
197
+ "norms": false,
198
+ "type": "text"
199
+ }
200
+ },
201
+ "ignore_above": 1024,
202
+ "type": "keyword"
203
+ },
204
+ "group": {
205
+ "properties": {
206
+ "domain": {
207
+ "ignore_above": 1024,
208
+ "type": "keyword"
209
+ },
210
+ "id": {
211
+ "ignore_above": 1024,
212
+ "type": "keyword"
213
+ },
214
+ "name": {
215
+ "ignore_above": 1024,
216
+ "type": "keyword"
217
+ }
218
+ }
219
+ },
220
+ "hash": {
221
+ "ignore_above": 1024,
222
+ "type": "keyword"
223
+ },
224
+ "id": {
225
+ "ignore_above": 1024,
226
+ "type": "keyword"
227
+ },
228
+ "name": {
229
+ "fields": {
230
+ "text": {
231
+ "norms": false,
232
+ "type": "text"
233
+ }
234
+ },
235
+ "ignore_above": 1024,
236
+ "type": "keyword"
237
+ },
238
+ "roles": {
239
+ "ignore_above": 1024,
240
+ "type": "keyword"
241
+ }
242
+ }
243
+ }
244
+ }
245
+ },
246
+ "cloud": {
247
+ "properties": {
248
+ "account": {
249
+ "properties": {
250
+ "id": {
251
+ "ignore_above": 1024,
252
+ "type": "keyword"
253
+ },
254
+ "name": {
255
+ "ignore_above": 1024,
256
+ "type": "keyword"
257
+ }
258
+ }
259
+ },
260
+ "availability_zone": {
261
+ "ignore_above": 1024,
262
+ "type": "keyword"
263
+ },
264
+ "instance": {
265
+ "properties": {
266
+ "id": {
267
+ "ignore_above": 1024,
268
+ "type": "keyword"
269
+ },
270
+ "name": {
271
+ "ignore_above": 1024,
272
+ "type": "keyword"
273
+ }
274
+ }
275
+ },
276
+ "machine": {
277
+ "properties": {
278
+ "type": {
279
+ "ignore_above": 1024,
280
+ "type": "keyword"
281
+ }
282
+ }
283
+ },
284
+ "project": {
285
+ "properties": {
286
+ "id": {
287
+ "ignore_above": 1024,
288
+ "type": "keyword"
289
+ },
290
+ "name": {
291
+ "ignore_above": 1024,
292
+ "type": "keyword"
293
+ }
294
+ }
295
+ },
296
+ "provider": {
297
+ "ignore_above": 1024,
298
+ "type": "keyword"
299
+ },
300
+ "region": {
301
+ "ignore_above": 1024,
302
+ "type": "keyword"
303
+ },
304
+ "service": {
305
+ "properties": {
306
+ "name": {
307
+ "ignore_above": 1024,
308
+ "type": "keyword"
309
+ }
310
+ }
311
+ }
312
+ }
313
+ },
314
+ "container": {
315
+ "properties": {
316
+ "id": {
317
+ "ignore_above": 1024,
318
+ "type": "keyword"
319
+ },
320
+ "image": {
321
+ "properties": {
322
+ "name": {
323
+ "ignore_above": 1024,
324
+ "type": "keyword"
325
+ },
326
+ "tag": {
327
+ "ignore_above": 1024,
328
+ "type": "keyword"
329
+ }
330
+ }
331
+ },
332
+ "labels": {
333
+ "type": "object"
334
+ },
335
+ "name": {
336
+ "ignore_above": 1024,
337
+ "type": "keyword"
338
+ },
339
+ "runtime": {
340
+ "ignore_above": 1024,
341
+ "type": "keyword"
342
+ }
343
+ }
344
+ },
345
+ "data_stream": {
346
+ "properties": {
347
+ "dataset": {
348
+ "type": "constant_keyword"
349
+ },
350
+ "namespace": {
351
+ "type": "constant_keyword"
352
+ },
353
+ "type": {
354
+ "type": "constant_keyword"
355
+ }
356
+ }
357
+ },
358
+ "destination": {
359
+ "properties": {
360
+ "address": {
361
+ "ignore_above": 1024,
362
+ "type": "keyword"
363
+ },
364
+ "as": {
365
+ "properties": {
366
+ "number": {
367
+ "type": "long"
368
+ },
369
+ "organization": {
370
+ "properties": {
371
+ "name": {
372
+ "fields": {
373
+ "text": {
374
+ "norms": false,
375
+ "type": "text"
376
+ }
377
+ },
378
+ "ignore_above": 1024,
379
+ "type": "keyword"
380
+ }
381
+ }
382
+ }
383
+ }
384
+ },
385
+ "bytes": {
386
+ "type": "long"
387
+ },
388
+ "domain": {
389
+ "ignore_above": 1024,
390
+ "type": "keyword"
391
+ },
392
+ "geo": {
393
+ "properties": {
394
+ "city_name": {
395
+ "ignore_above": 1024,
396
+ "type": "keyword"
397
+ },
398
+ "continent_code": {
399
+ "ignore_above": 1024,
400
+ "type": "keyword"
401
+ },
402
+ "continent_name": {
403
+ "ignore_above": 1024,
404
+ "type": "keyword"
405
+ },
406
+ "country_iso_code": {
407
+ "ignore_above": 1024,
408
+ "type": "keyword"
409
+ },
410
+ "country_name": {
411
+ "ignore_above": 1024,
412
+ "type": "keyword"
413
+ },
414
+ "location": {
415
+ "type": "geo_point"
416
+ },
417
+ "name": {
418
+ "ignore_above": 1024,
419
+ "type": "keyword"
420
+ },
421
+ "postal_code": {
422
+ "ignore_above": 1024,
423
+ "type": "keyword"
424
+ },
425
+ "region_iso_code": {
426
+ "ignore_above": 1024,
427
+ "type": "keyword"
428
+ },
429
+ "region_name": {
430
+ "ignore_above": 1024,
431
+ "type": "keyword"
432
+ },
433
+ "timezone": {
434
+ "ignore_above": 1024,
435
+ "type": "keyword"
436
+ }
437
+ }
438
+ },
439
+ "ip": {
440
+ "type": "ip"
441
+ },
442
+ "mac": {
443
+ "ignore_above": 1024,
444
+ "type": "keyword"
445
+ },
446
+ "nat": {
447
+ "properties": {
448
+ "ip": {
449
+ "type": "ip"
450
+ },
451
+ "port": {
452
+ "type": "long"
453
+ }
454
+ }
455
+ },
456
+ "packets": {
457
+ "type": "long"
458
+ },
459
+ "port": {
460
+ "type": "long"
461
+ },
462
+ "registered_domain": {
463
+ "ignore_above": 1024,
464
+ "type": "keyword"
465
+ },
466
+ "subdomain": {
467
+ "ignore_above": 1024,
468
+ "type": "keyword"
469
+ },
470
+ "top_level_domain": {
471
+ "ignore_above": 1024,
472
+ "type": "keyword"
473
+ },
474
+ "user": {
475
+ "properties": {
476
+ "domain": {
477
+ "ignore_above": 1024,
478
+ "type": "keyword"
479
+ },
480
+ "email": {
481
+ "ignore_above": 1024,
482
+ "type": "keyword"
483
+ },
484
+ "full_name": {
485
+ "fields": {
486
+ "text": {
487
+ "norms": false,
488
+ "type": "text"
489
+ }
490
+ },
491
+ "ignore_above": 1024,
492
+ "type": "keyword"
493
+ },
494
+ "group": {
495
+ "properties": {
496
+ "domain": {
497
+ "ignore_above": 1024,
498
+ "type": "keyword"
499
+ },
500
+ "id": {
501
+ "ignore_above": 1024,
502
+ "type": "keyword"
503
+ },
504
+ "name": {
505
+ "ignore_above": 1024,
506
+ "type": "keyword"
507
+ }
508
+ }
509
+ },
510
+ "hash": {
511
+ "ignore_above": 1024,
512
+ "type": "keyword"
513
+ },
514
+ "id": {
515
+ "ignore_above": 1024,
516
+ "type": "keyword"
517
+ },
518
+ "name": {
519
+ "fields": {
520
+ "text": {
521
+ "norms": false,
522
+ "type": "text"
523
+ }
524
+ },
525
+ "ignore_above": 1024,
526
+ "type": "keyword"
527
+ },
528
+ "roles": {
529
+ "ignore_above": 1024,
530
+ "type": "keyword"
531
+ }
532
+ }
533
+ }
534
+ }
535
+ },
536
+ "dll": {
537
+ "properties": {
538
+ "code_signature": {
539
+ "properties": {
540
+ "exists": {
541
+ "type": "boolean"
542
+ },
543
+ "signing_id": {
544
+ "ignore_above": 1024,
545
+ "type": "keyword"
546
+ },
547
+ "status": {
548
+ "ignore_above": 1024,
549
+ "type": "keyword"
550
+ },
551
+ "subject_name": {
552
+ "ignore_above": 1024,
553
+ "type": "keyword"
554
+ },
555
+ "team_id": {
556
+ "ignore_above": 1024,
557
+ "type": "keyword"
558
+ },
559
+ "trusted": {
560
+ "type": "boolean"
561
+ },
562
+ "valid": {
563
+ "type": "boolean"
564
+ }
565
+ }
566
+ },
567
+ "hash": {
568
+ "properties": {
569
+ "md5": {
570
+ "ignore_above": 1024,
571
+ "type": "keyword"
572
+ },
573
+ "sha1": {
574
+ "ignore_above": 1024,
575
+ "type": "keyword"
576
+ },
577
+ "sha256": {
578
+ "ignore_above": 1024,
579
+ "type": "keyword"
580
+ },
581
+ "sha512": {
582
+ "ignore_above": 1024,
583
+ "type": "keyword"
584
+ },
585
+ "ssdeep": {
586
+ "ignore_above": 1024,
587
+ "type": "keyword"
588
+ }
589
+ }
590
+ },
591
+ "name": {
592
+ "ignore_above": 1024,
593
+ "type": "keyword"
594
+ },
595
+ "path": {
596
+ "ignore_above": 1024,
597
+ "type": "keyword"
598
+ },
599
+ "pe": {
600
+ "properties": {
601
+ "architecture": {
602
+ "ignore_above": 1024,
603
+ "type": "keyword"
604
+ },
605
+ "company": {
606
+ "ignore_above": 1024,
607
+ "type": "keyword"
608
+ },
609
+ "description": {
610
+ "ignore_above": 1024,
611
+ "type": "keyword"
612
+ },
613
+ "file_version": {
614
+ "ignore_above": 1024,
615
+ "type": "keyword"
616
+ },
617
+ "imphash": {
618
+ "ignore_above": 1024,
619
+ "type": "keyword"
620
+ },
621
+ "original_file_name": {
622
+ "ignore_above": 1024,
623
+ "type": "keyword"
624
+ },
625
+ "product": {
626
+ "ignore_above": 1024,
627
+ "type": "keyword"
628
+ }
629
+ }
630
+ }
631
+ }
632
+ },
633
+ "dns": {
634
+ "properties": {
635
+ "answers": {
636
+ "properties": {
637
+ "class": {
638
+ "ignore_above": 1024,
639
+ "type": "keyword"
640
+ },
641
+ "data": {
642
+ "ignore_above": 1024,
643
+ "type": "keyword"
644
+ },
645
+ "name": {
646
+ "ignore_above": 1024,
647
+ "type": "keyword"
648
+ },
649
+ "ttl": {
650
+ "type": "long"
651
+ },
652
+ "type": {
653
+ "ignore_above": 1024,
654
+ "type": "keyword"
655
+ }
656
+ },
657
+ "type": "object"
658
+ },
659
+ "header_flags": {
660
+ "ignore_above": 1024,
661
+ "type": "keyword"
662
+ },
663
+ "id": {
664
+ "ignore_above": 1024,
665
+ "type": "keyword"
666
+ },
667
+ "op_code": {
668
+ "ignore_above": 1024,
669
+ "type": "keyword"
670
+ },
671
+ "question": {
672
+ "properties": {
673
+ "class": {
674
+ "ignore_above": 1024,
675
+ "type": "keyword"
676
+ },
677
+ "name": {
678
+ "ignore_above": 1024,
679
+ "type": "keyword"
680
+ },
681
+ "registered_domain": {
682
+ "ignore_above": 1024,
683
+ "type": "keyword"
684
+ },
685
+ "subdomain": {
686
+ "ignore_above": 1024,
687
+ "type": "keyword"
688
+ },
689
+ "top_level_domain": {
690
+ "ignore_above": 1024,
691
+ "type": "keyword"
692
+ },
693
+ "type": {
694
+ "ignore_above": 1024,
695
+ "type": "keyword"
696
+ }
697
+ }
698
+ },
699
+ "resolved_ip": {
700
+ "type": "ip"
701
+ },
702
+ "response_code": {
703
+ "ignore_above": 1024,
704
+ "type": "keyword"
705
+ },
706
+ "type": {
707
+ "ignore_above": 1024,
708
+ "type": "keyword"
709
+ }
710
+ }
711
+ },
712
+ "ecs": {
713
+ "properties": {
714
+ "version": {
715
+ "ignore_above": 1024,
716
+ "type": "keyword"
717
+ }
718
+ }
719
+ },
720
+ "error": {
721
+ "properties": {
722
+ "code": {
723
+ "ignore_above": 1024,
724
+ "type": "keyword"
725
+ },
726
+ "id": {
727
+ "ignore_above": 1024,
728
+ "type": "keyword"
729
+ },
730
+ "message": {
731
+ "norms": false,
732
+ "type": "text"
733
+ },
734
+ "stack_trace": {
735
+ "doc_values": false,
736
+ "fields": {
737
+ "text": {
738
+ "norms": false,
739
+ "type": "text"
740
+ }
741
+ },
742
+ "ignore_above": 1024,
743
+ "index": false,
744
+ "type": "keyword"
745
+ },
746
+ "type": {
747
+ "ignore_above": 1024,
748
+ "type": "keyword"
749
+ }
750
+ }
751
+ },
752
+ "event": {
753
+ "properties": {
754
+ "action": {
755
+ "ignore_above": 1024,
756
+ "type": "keyword"
757
+ },
758
+ "category": {
759
+ "ignore_above": 1024,
760
+ "type": "keyword"
761
+ },
762
+ "code": {
763
+ "ignore_above": 1024,
764
+ "type": "keyword"
765
+ },
766
+ "created": {
767
+ "type": "date"
768
+ },
769
+ "dataset": {
770
+ "ignore_above": 1024,
771
+ "type": "keyword"
772
+ },
773
+ "duration": {
774
+ "type": "long"
775
+ },
776
+ "end": {
777
+ "type": "date"
778
+ },
779
+ "hash": {
780
+ "ignore_above": 1024,
781
+ "type": "keyword"
782
+ },
783
+ "id": {
784
+ "ignore_above": 1024,
785
+ "type": "keyword"
786
+ },
787
+ "ingested": {
788
+ "type": "date"
789
+ },
790
+ "kind": {
791
+ "ignore_above": 1024,
792
+ "type": "keyword"
793
+ },
794
+ "module": {
795
+ "ignore_above": 1024,
796
+ "type": "keyword"
797
+ },
798
+ "original": {
799
+ "doc_values": false,
800
+ "ignore_above": 1024,
801
+ "index": false,
802
+ "type": "keyword"
803
+ },
804
+ "outcome": {
805
+ "ignore_above": 1024,
806
+ "type": "keyword"
807
+ },
808
+ "provider": {
809
+ "ignore_above": 1024,
810
+ "type": "keyword"
811
+ },
812
+ "reason": {
813
+ "ignore_above": 1024,
814
+ "type": "keyword"
815
+ },
816
+ "reference": {
817
+ "ignore_above": 1024,
818
+ "type": "keyword"
819
+ },
820
+ "risk_score": {
821
+ "type": "float"
822
+ },
823
+ "risk_score_norm": {
824
+ "type": "float"
825
+ },
826
+ "sequence": {
827
+ "type": "long"
828
+ },
829
+ "severity": {
830
+ "type": "long"
831
+ },
832
+ "start": {
833
+ "type": "date"
834
+ },
835
+ "timezone": {
836
+ "ignore_above": 1024,
837
+ "type": "keyword"
838
+ },
839
+ "type": {
840
+ "ignore_above": 1024,
841
+ "type": "keyword"
842
+ },
843
+ "url": {
844
+ "ignore_above": 1024,
845
+ "type": "keyword"
846
+ }
847
+ }
848
+ },
849
+ "file": {
850
+ "properties": {
851
+ "accessed": {
852
+ "type": "date"
853
+ },
854
+ "attributes": {
855
+ "ignore_above": 1024,
856
+ "type": "keyword"
857
+ },
858
+ "code_signature": {
859
+ "properties": {
860
+ "exists": {
861
+ "type": "boolean"
862
+ },
863
+ "signing_id": {
864
+ "ignore_above": 1024,
865
+ "type": "keyword"
866
+ },
867
+ "status": {
868
+ "ignore_above": 1024,
869
+ "type": "keyword"
870
+ },
871
+ "subject_name": {
872
+ "ignore_above": 1024,
873
+ "type": "keyword"
874
+ },
875
+ "team_id": {
876
+ "ignore_above": 1024,
877
+ "type": "keyword"
878
+ },
879
+ "trusted": {
880
+ "type": "boolean"
881
+ },
882
+ "valid": {
883
+ "type": "boolean"
884
+ }
885
+ }
886
+ },
887
+ "created": {
888
+ "type": "date"
889
+ },
890
+ "ctime": {
891
+ "type": "date"
892
+ },
893
+ "device": {
894
+ "ignore_above": 1024,
895
+ "type": "keyword"
896
+ },
897
+ "directory": {
898
+ "ignore_above": 1024,
899
+ "type": "keyword"
900
+ },
901
+ "drive_letter": {
902
+ "ignore_above": 1,
903
+ "type": "keyword"
904
+ },
905
+ "extension": {
906
+ "ignore_above": 1024,
907
+ "type": "keyword"
908
+ },
909
+ "gid": {
910
+ "ignore_above": 1024,
911
+ "type": "keyword"
912
+ },
913
+ "group": {
914
+ "ignore_above": 1024,
915
+ "type": "keyword"
916
+ },
917
+ "hash": {
918
+ "properties": {
919
+ "md5": {
920
+ "ignore_above": 1024,
921
+ "type": "keyword"
922
+ },
923
+ "sha1": {
924
+ "ignore_above": 1024,
925
+ "type": "keyword"
926
+ },
927
+ "sha256": {
928
+ "ignore_above": 1024,
929
+ "type": "keyword"
930
+ },
931
+ "sha512": {
932
+ "ignore_above": 1024,
933
+ "type": "keyword"
934
+ },
935
+ "ssdeep": {
936
+ "ignore_above": 1024,
937
+ "type": "keyword"
938
+ }
939
+ }
940
+ },
941
+ "inode": {
942
+ "ignore_above": 1024,
943
+ "type": "keyword"
944
+ },
945
+ "mime_type": {
946
+ "ignore_above": 1024,
947
+ "type": "keyword"
948
+ },
949
+ "mode": {
950
+ "ignore_above": 1024,
951
+ "type": "keyword"
952
+ },
953
+ "mtime": {
954
+ "type": "date"
955
+ },
956
+ "name": {
957
+ "ignore_above": 1024,
958
+ "type": "keyword"
959
+ },
960
+ "owner": {
961
+ "ignore_above": 1024,
962
+ "type": "keyword"
963
+ },
964
+ "path": {
965
+ "fields": {
966
+ "text": {
967
+ "norms": false,
968
+ "type": "text"
969
+ }
970
+ },
971
+ "ignore_above": 1024,
972
+ "type": "keyword"
973
+ },
974
+ "pe": {
975
+ "properties": {
976
+ "architecture": {
977
+ "ignore_above": 1024,
978
+ "type": "keyword"
979
+ },
980
+ "company": {
981
+ "ignore_above": 1024,
982
+ "type": "keyword"
983
+ },
984
+ "description": {
985
+ "ignore_above": 1024,
986
+ "type": "keyword"
987
+ },
988
+ "file_version": {
989
+ "ignore_above": 1024,
990
+ "type": "keyword"
991
+ },
992
+ "imphash": {
993
+ "ignore_above": 1024,
994
+ "type": "keyword"
995
+ },
996
+ "original_file_name": {
997
+ "ignore_above": 1024,
998
+ "type": "keyword"
999
+ },
1000
+ "product": {
1001
+ "ignore_above": 1024,
1002
+ "type": "keyword"
1003
+ }
1004
+ }
1005
+ },
1006
+ "size": {
1007
+ "type": "long"
1008
+ },
1009
+ "target_path": {
1010
+ "fields": {
1011
+ "text": {
1012
+ "norms": false,
1013
+ "type": "text"
1014
+ }
1015
+ },
1016
+ "ignore_above": 1024,
1017
+ "type": "keyword"
1018
+ },
1019
+ "type": {
1020
+ "ignore_above": 1024,
1021
+ "type": "keyword"
1022
+ },
1023
+ "uid": {
1024
+ "ignore_above": 1024,
1025
+ "type": "keyword"
1026
+ },
1027
+ "x509": {
1028
+ "properties": {
1029
+ "alternative_names": {
1030
+ "ignore_above": 1024,
1031
+ "type": "keyword"
1032
+ },
1033
+ "issuer": {
1034
+ "properties": {
1035
+ "common_name": {
1036
+ "ignore_above": 1024,
1037
+ "type": "keyword"
1038
+ },
1039
+ "country": {
1040
+ "ignore_above": 1024,
1041
+ "type": "keyword"
1042
+ },
1043
+ "distinguished_name": {
1044
+ "ignore_above": 1024,
1045
+ "type": "keyword"
1046
+ },
1047
+ "locality": {
1048
+ "ignore_above": 1024,
1049
+ "type": "keyword"
1050
+ },
1051
+ "organization": {
1052
+ "ignore_above": 1024,
1053
+ "type": "keyword"
1054
+ },
1055
+ "organizational_unit": {
1056
+ "ignore_above": 1024,
1057
+ "type": "keyword"
1058
+ },
1059
+ "state_or_province": {
1060
+ "ignore_above": 1024,
1061
+ "type": "keyword"
1062
+ }
1063
+ }
1064
+ },
1065
+ "not_after": {
1066
+ "type": "date"
1067
+ },
1068
+ "not_before": {
1069
+ "type": "date"
1070
+ },
1071
+ "public_key_algorithm": {
1072
+ "ignore_above": 1024,
1073
+ "type": "keyword"
1074
+ },
1075
+ "public_key_curve": {
1076
+ "ignore_above": 1024,
1077
+ "type": "keyword"
1078
+ },
1079
+ "public_key_exponent": {
1080
+ "doc_values": false,
1081
+ "index": false,
1082
+ "type": "long"
1083
+ },
1084
+ "public_key_size": {
1085
+ "type": "long"
1086
+ },
1087
+ "serial_number": {
1088
+ "ignore_above": 1024,
1089
+ "type": "keyword"
1090
+ },
1091
+ "signature_algorithm": {
1092
+ "ignore_above": 1024,
1093
+ "type": "keyword"
1094
+ },
1095
+ "subject": {
1096
+ "properties": {
1097
+ "common_name": {
1098
+ "ignore_above": 1024,
1099
+ "type": "keyword"
1100
+ },
1101
+ "country": {
1102
+ "ignore_above": 1024,
1103
+ "type": "keyword"
1104
+ },
1105
+ "distinguished_name": {
1106
+ "ignore_above": 1024,
1107
+ "type": "keyword"
1108
+ },
1109
+ "locality": {
1110
+ "ignore_above": 1024,
1111
+ "type": "keyword"
1112
+ },
1113
+ "organization": {
1114
+ "ignore_above": 1024,
1115
+ "type": "keyword"
1116
+ },
1117
+ "organizational_unit": {
1118
+ "ignore_above": 1024,
1119
+ "type": "keyword"
1120
+ },
1121
+ "state_or_province": {
1122
+ "ignore_above": 1024,
1123
+ "type": "keyword"
1124
+ }
1125
+ }
1126
+ },
1127
+ "version_number": {
1128
+ "ignore_above": 1024,
1129
+ "type": "keyword"
1130
+ }
1131
+ }
1132
+ }
1133
+ }
1134
+ },
1135
+ "group": {
1136
+ "properties": {
1137
+ "domain": {
1138
+ "ignore_above": 1024,
1139
+ "type": "keyword"
1140
+ },
1141
+ "id": {
1142
+ "ignore_above": 1024,
1143
+ "type": "keyword"
1144
+ },
1145
+ "name": {
1146
+ "ignore_above": 1024,
1147
+ "type": "keyword"
1148
+ }
1149
+ }
1150
+ },
1151
+ "host": {
1152
+ "properties": {
1153
+ "architecture": {
1154
+ "ignore_above": 1024,
1155
+ "type": "keyword"
1156
+ },
1157
+ "cpu": {
1158
+ "properties": {
1159
+ "usage": {
1160
+ "scaling_factor": 1000,
1161
+ "type": "scaled_float"
1162
+ }
1163
+ }
1164
+ },
1165
+ "disk": {
1166
+ "properties": {
1167
+ "read": {
1168
+ "properties": {
1169
+ "bytes": {
1170
+ "type": "long"
1171
+ }
1172
+ }
1173
+ },
1174
+ "write": {
1175
+ "properties": {
1176
+ "bytes": {
1177
+ "type": "long"
1178
+ }
1179
+ }
1180
+ }
1181
+ }
1182
+ },
1183
+ "domain": {
1184
+ "ignore_above": 1024,
1185
+ "type": "keyword"
1186
+ },
1187
+ "geo": {
1188
+ "properties": {
1189
+ "city_name": {
1190
+ "ignore_above": 1024,
1191
+ "type": "keyword"
1192
+ },
1193
+ "continent_code": {
1194
+ "ignore_above": 1024,
1195
+ "type": "keyword"
1196
+ },
1197
+ "continent_name": {
1198
+ "ignore_above": 1024,
1199
+ "type": "keyword"
1200
+ },
1201
+ "country_iso_code": {
1202
+ "ignore_above": 1024,
1203
+ "type": "keyword"
1204
+ },
1205
+ "country_name": {
1206
+ "ignore_above": 1024,
1207
+ "type": "keyword"
1208
+ },
1209
+ "location": {
1210
+ "type": "geo_point"
1211
+ },
1212
+ "name": {
1213
+ "ignore_above": 1024,
1214
+ "type": "keyword"
1215
+ },
1216
+ "postal_code": {
1217
+ "ignore_above": 1024,
1218
+ "type": "keyword"
1219
+ },
1220
+ "region_iso_code": {
1221
+ "ignore_above": 1024,
1222
+ "type": "keyword"
1223
+ },
1224
+ "region_name": {
1225
+ "ignore_above": 1024,
1226
+ "type": "keyword"
1227
+ },
1228
+ "timezone": {
1229
+ "ignore_above": 1024,
1230
+ "type": "keyword"
1231
+ }
1232
+ }
1233
+ },
1234
+ "hostname": {
1235
+ "ignore_above": 1024,
1236
+ "type": "keyword"
1237
+ },
1238
+ "id": {
1239
+ "ignore_above": 1024,
1240
+ "type": "keyword"
1241
+ },
1242
+ "ip": {
1243
+ "type": "ip"
1244
+ },
1245
+ "mac": {
1246
+ "ignore_above": 1024,
1247
+ "type": "keyword"
1248
+ },
1249
+ "name": {
1250
+ "ignore_above": 1024,
1251
+ "type": "keyword"
1252
+ },
1253
+ "network": {
1254
+ "properties": {
1255
+ "egress": {
1256
+ "properties": {
1257
+ "bytes": {
1258
+ "type": "long"
1259
+ },
1260
+ "packets": {
1261
+ "type": "long"
1262
+ }
1263
+ }
1264
+ },
1265
+ "ingress": {
1266
+ "properties": {
1267
+ "bytes": {
1268
+ "type": "long"
1269
+ },
1270
+ "packets": {
1271
+ "type": "long"
1272
+ }
1273
+ }
1274
+ }
1275
+ }
1276
+ },
1277
+ "os": {
1278
+ "properties": {
1279
+ "family": {
1280
+ "ignore_above": 1024,
1281
+ "type": "keyword"
1282
+ },
1283
+ "full": {
1284
+ "fields": {
1285
+ "text": {
1286
+ "norms": false,
1287
+ "type": "text"
1288
+ }
1289
+ },
1290
+ "ignore_above": 1024,
1291
+ "type": "keyword"
1292
+ },
1293
+ "kernel": {
1294
+ "ignore_above": 1024,
1295
+ "type": "keyword"
1296
+ },
1297
+ "name": {
1298
+ "fields": {
1299
+ "text": {
1300
+ "norms": false,
1301
+ "type": "text"
1302
+ }
1303
+ },
1304
+ "ignore_above": 1024,
1305
+ "type": "keyword"
1306
+ },
1307
+ "platform": {
1308
+ "ignore_above": 1024,
1309
+ "type": "keyword"
1310
+ },
1311
+ "type": {
1312
+ "ignore_above": 1024,
1313
+ "type": "keyword"
1314
+ },
1315
+ "version": {
1316
+ "ignore_above": 1024,
1317
+ "type": "keyword"
1318
+ }
1319
+ }
1320
+ },
1321
+ "type": {
1322
+ "ignore_above": 1024,
1323
+ "type": "keyword"
1324
+ },
1325
+ "uptime": {
1326
+ "type": "long"
1327
+ },
1328
+ "user": {
1329
+ "properties": {
1330
+ "domain": {
1331
+ "ignore_above": 1024,
1332
+ "type": "keyword"
1333
+ },
1334
+ "email": {
1335
+ "ignore_above": 1024,
1336
+ "type": "keyword"
1337
+ },
1338
+ "full_name": {
1339
+ "fields": {
1340
+ "text": {
1341
+ "norms": false,
1342
+ "type": "text"
1343
+ }
1344
+ },
1345
+ "ignore_above": 1024,
1346
+ "type": "keyword"
1347
+ },
1348
+ "group": {
1349
+ "properties": {
1350
+ "domain": {
1351
+ "ignore_above": 1024,
1352
+ "type": "keyword"
1353
+ },
1354
+ "id": {
1355
+ "ignore_above": 1024,
1356
+ "type": "keyword"
1357
+ },
1358
+ "name": {
1359
+ "ignore_above": 1024,
1360
+ "type": "keyword"
1361
+ }
1362
+ }
1363
+ },
1364
+ "hash": {
1365
+ "ignore_above": 1024,
1366
+ "type": "keyword"
1367
+ },
1368
+ "id": {
1369
+ "ignore_above": 1024,
1370
+ "type": "keyword"
1371
+ },
1372
+ "name": {
1373
+ "fields": {
1374
+ "text": {
1375
+ "norms": false,
1376
+ "type": "text"
1377
+ }
1378
+ },
1379
+ "ignore_above": 1024,
1380
+ "type": "keyword"
1381
+ },
1382
+ "roles": {
1383
+ "ignore_above": 1024,
1384
+ "type": "keyword"
1385
+ }
1386
+ }
1387
+ }
1388
+ }
1389
+ },
1390
+ "http": {
1391
+ "properties": {
1392
+ "request": {
1393
+ "properties": {
1394
+ "body": {
1395
+ "properties": {
1396
+ "bytes": {
1397
+ "type": "long"
1398
+ },
1399
+ "content": {
1400
+ "fields": {
1401
+ "text": {
1402
+ "norms": false,
1403
+ "type": "text"
1404
+ }
1405
+ },
1406
+ "ignore_above": 1024,
1407
+ "type": "keyword"
1408
+ }
1409
+ }
1410
+ },
1411
+ "bytes": {
1412
+ "type": "long"
1413
+ },
1414
+ "id": {
1415
+ "ignore_above": 1024,
1416
+ "type": "keyword"
1417
+ },
1418
+ "method": {
1419
+ "ignore_above": 1024,
1420
+ "type": "keyword"
1421
+ },
1422
+ "mime_type": {
1423
+ "ignore_above": 1024,
1424
+ "type": "keyword"
1425
+ },
1426
+ "referrer": {
1427
+ "ignore_above": 1024,
1428
+ "type": "keyword"
1429
+ }
1430
+ }
1431
+ },
1432
+ "response": {
1433
+ "properties": {
1434
+ "body": {
1435
+ "properties": {
1436
+ "bytes": {
1437
+ "type": "long"
1438
+ },
1439
+ "content": {
1440
+ "fields": {
1441
+ "text": {
1442
+ "norms": false,
1443
+ "type": "text"
1444
+ }
1445
+ },
1446
+ "ignore_above": 1024,
1447
+ "type": "keyword"
1448
+ }
1449
+ }
1450
+ },
1451
+ "bytes": {
1452
+ "type": "long"
1453
+ },
1454
+ "mime_type": {
1455
+ "ignore_above": 1024,
1456
+ "type": "keyword"
1457
+ },
1458
+ "status_code": {
1459
+ "type": "long"
1460
+ }
1461
+ }
1462
+ },
1463
+ "version": {
1464
+ "ignore_above": 1024,
1465
+ "type": "keyword"
1466
+ }
1467
+ }
1468
+ },
1469
+ "labels": {
1470
+ "type": "object"
1471
+ },
1472
+ "log": {
1473
+ "properties": {
1474
+ "file": {
1475
+ "properties": {
1476
+ "path": {
1477
+ "ignore_above": 1024,
1478
+ "type": "keyword"
1479
+ }
1480
+ }
1481
+ },
1482
+ "level": {
1483
+ "ignore_above": 1024,
1484
+ "type": "keyword"
1485
+ },
1486
+ "logger": {
1487
+ "ignore_above": 1024,
1488
+ "type": "keyword"
1489
+ },
1490
+ "origin": {
1491
+ "properties": {
1492
+ "file": {
1493
+ "properties": {
1494
+ "line": {
1495
+ "type": "integer"
1496
+ },
1497
+ "name": {
1498
+ "ignore_above": 1024,
1499
+ "type": "keyword"
1500
+ }
1501
+ }
1502
+ },
1503
+ "function": {
1504
+ "ignore_above": 1024,
1505
+ "type": "keyword"
1506
+ }
1507
+ }
1508
+ },
1509
+ "original": {
1510
+ "doc_values": false,
1511
+ "ignore_above": 1024,
1512
+ "index": false,
1513
+ "type": "keyword"
1514
+ },
1515
+ "syslog": {
1516
+ "properties": {
1517
+ "facility": {
1518
+ "properties": {
1519
+ "code": {
1520
+ "type": "long"
1521
+ },
1522
+ "name": {
1523
+ "ignore_above": 1024,
1524
+ "type": "keyword"
1525
+ }
1526
+ }
1527
+ },
1528
+ "priority": {
1529
+ "type": "long"
1530
+ },
1531
+ "severity": {
1532
+ "properties": {
1533
+ "code": {
1534
+ "type": "long"
1535
+ },
1536
+ "name": {
1537
+ "ignore_above": 1024,
1538
+ "type": "keyword"
1539
+ }
1540
+ }
1541
+ }
1542
+ },
1543
+ "type": "object"
1544
+ }
1545
+ }
1546
+ },
1547
+ "message": {
1548
+ "norms": false,
1549
+ "type": "text"
1550
+ },
1551
+ "network": {
1552
+ "properties": {
1553
+ "application": {
1554
+ "ignore_above": 1024,
1555
+ "type": "keyword"
1556
+ },
1557
+ "bytes": {
1558
+ "type": "long"
1559
+ },
1560
+ "community_id": {
1561
+ "ignore_above": 1024,
1562
+ "type": "keyword"
1563
+ },
1564
+ "direction": {
1565
+ "ignore_above": 1024,
1566
+ "type": "keyword"
1567
+ },
1568
+ "forwarded_ip": {
1569
+ "type": "ip"
1570
+ },
1571
+ "iana_number": {
1572
+ "ignore_above": 1024,
1573
+ "type": "keyword"
1574
+ },
1575
+ "inner": {
1576
+ "properties": {
1577
+ "vlan": {
1578
+ "properties": {
1579
+ "id": {
1580
+ "ignore_above": 1024,
1581
+ "type": "keyword"
1582
+ },
1583
+ "name": {
1584
+ "ignore_above": 1024,
1585
+ "type": "keyword"
1586
+ }
1587
+ }
1588
+ }
1589
+ },
1590
+ "type": "object"
1591
+ },
1592
+ "name": {
1593
+ "ignore_above": 1024,
1594
+ "type": "keyword"
1595
+ },
1596
+ "packets": {
1597
+ "type": "long"
1598
+ },
1599
+ "protocol": {
1600
+ "ignore_above": 1024,
1601
+ "type": "keyword"
1602
+ },
1603
+ "transport": {
1604
+ "ignore_above": 1024,
1605
+ "type": "keyword"
1606
+ },
1607
+ "type": {
1608
+ "ignore_above": 1024,
1609
+ "type": "keyword"
1610
+ },
1611
+ "vlan": {
1612
+ "properties": {
1613
+ "id": {
1614
+ "ignore_above": 1024,
1615
+ "type": "keyword"
1616
+ },
1617
+ "name": {
1618
+ "ignore_above": 1024,
1619
+ "type": "keyword"
1620
+ }
1621
+ }
1622
+ }
1623
+ }
1624
+ },
1625
+ "observer": {
1626
+ "properties": {
1627
+ "egress": {
1628
+ "properties": {
1629
+ "interface": {
1630
+ "properties": {
1631
+ "alias": {
1632
+ "ignore_above": 1024,
1633
+ "type": "keyword"
1634
+ },
1635
+ "id": {
1636
+ "ignore_above": 1024,
1637
+ "type": "keyword"
1638
+ },
1639
+ "name": {
1640
+ "ignore_above": 1024,
1641
+ "type": "keyword"
1642
+ }
1643
+ }
1644
+ },
1645
+ "vlan": {
1646
+ "properties": {
1647
+ "id": {
1648
+ "ignore_above": 1024,
1649
+ "type": "keyword"
1650
+ },
1651
+ "name": {
1652
+ "ignore_above": 1024,
1653
+ "type": "keyword"
1654
+ }
1655
+ }
1656
+ },
1657
+ "zone": {
1658
+ "ignore_above": 1024,
1659
+ "type": "keyword"
1660
+ }
1661
+ },
1662
+ "type": "object"
1663
+ },
1664
+ "geo": {
1665
+ "properties": {
1666
+ "city_name": {
1667
+ "ignore_above": 1024,
1668
+ "type": "keyword"
1669
+ },
1670
+ "continent_code": {
1671
+ "ignore_above": 1024,
1672
+ "type": "keyword"
1673
+ },
1674
+ "continent_name": {
1675
+ "ignore_above": 1024,
1676
+ "type": "keyword"
1677
+ },
1678
+ "country_iso_code": {
1679
+ "ignore_above": 1024,
1680
+ "type": "keyword"
1681
+ },
1682
+ "country_name": {
1683
+ "ignore_above": 1024,
1684
+ "type": "keyword"
1685
+ },
1686
+ "location": {
1687
+ "type": "geo_point"
1688
+ },
1689
+ "name": {
1690
+ "ignore_above": 1024,
1691
+ "type": "keyword"
1692
+ },
1693
+ "postal_code": {
1694
+ "ignore_above": 1024,
1695
+ "type": "keyword"
1696
+ },
1697
+ "region_iso_code": {
1698
+ "ignore_above": 1024,
1699
+ "type": "keyword"
1700
+ },
1701
+ "region_name": {
1702
+ "ignore_above": 1024,
1703
+ "type": "keyword"
1704
+ },
1705
+ "timezone": {
1706
+ "ignore_above": 1024,
1707
+ "type": "keyword"
1708
+ }
1709
+ }
1710
+ },
1711
+ "hostname": {
1712
+ "ignore_above": 1024,
1713
+ "type": "keyword"
1714
+ },
1715
+ "ingress": {
1716
+ "properties": {
1717
+ "interface": {
1718
+ "properties": {
1719
+ "alias": {
1720
+ "ignore_above": 1024,
1721
+ "type": "keyword"
1722
+ },
1723
+ "id": {
1724
+ "ignore_above": 1024,
1725
+ "type": "keyword"
1726
+ },
1727
+ "name": {
1728
+ "ignore_above": 1024,
1729
+ "type": "keyword"
1730
+ }
1731
+ }
1732
+ },
1733
+ "vlan": {
1734
+ "properties": {
1735
+ "id": {
1736
+ "ignore_above": 1024,
1737
+ "type": "keyword"
1738
+ },
1739
+ "name": {
1740
+ "ignore_above": 1024,
1741
+ "type": "keyword"
1742
+ }
1743
+ }
1744
+ },
1745
+ "zone": {
1746
+ "ignore_above": 1024,
1747
+ "type": "keyword"
1748
+ }
1749
+ },
1750
+ "type": "object"
1751
+ },
1752
+ "ip": {
1753
+ "type": "ip"
1754
+ },
1755
+ "mac": {
1756
+ "ignore_above": 1024,
1757
+ "type": "keyword"
1758
+ },
1759
+ "name": {
1760
+ "ignore_above": 1024,
1761
+ "type": "keyword"
1762
+ },
1763
+ "os": {
1764
+ "properties": {
1765
+ "family": {
1766
+ "ignore_above": 1024,
1767
+ "type": "keyword"
1768
+ },
1769
+ "full": {
1770
+ "fields": {
1771
+ "text": {
1772
+ "norms": false,
1773
+ "type": "text"
1774
+ }
1775
+ },
1776
+ "ignore_above": 1024,
1777
+ "type": "keyword"
1778
+ },
1779
+ "kernel": {
1780
+ "ignore_above": 1024,
1781
+ "type": "keyword"
1782
+ },
1783
+ "name": {
1784
+ "fields": {
1785
+ "text": {
1786
+ "norms": false,
1787
+ "type": "text"
1788
+ }
1789
+ },
1790
+ "ignore_above": 1024,
1791
+ "type": "keyword"
1792
+ },
1793
+ "platform": {
1794
+ "ignore_above": 1024,
1795
+ "type": "keyword"
1796
+ },
1797
+ "type": {
1798
+ "ignore_above": 1024,
1799
+ "type": "keyword"
1800
+ },
1801
+ "version": {
1802
+ "ignore_above": 1024,
1803
+ "type": "keyword"
1804
+ }
1805
+ }
1806
+ },
1807
+ "product": {
1808
+ "ignore_above": 1024,
1809
+ "type": "keyword"
1810
+ },
1811
+ "serial_number": {
1812
+ "ignore_above": 1024,
1813
+ "type": "keyword"
1814
+ },
1815
+ "type": {
1816
+ "ignore_above": 1024,
1817
+ "type": "keyword"
1818
+ },
1819
+ "vendor": {
1820
+ "ignore_above": 1024,
1821
+ "type": "keyword"
1822
+ },
1823
+ "version": {
1824
+ "ignore_above": 1024,
1825
+ "type": "keyword"
1826
+ }
1827
+ }
1828
+ },
1829
+ "orchestrator": {
1830
+ "properties": {
1831
+ "api_version": {
1832
+ "ignore_above": 1024,
1833
+ "type": "keyword"
1834
+ },
1835
+ "cluster": {
1836
+ "properties": {
1837
+ "name": {
1838
+ "ignore_above": 1024,
1839
+ "type": "keyword"
1840
+ },
1841
+ "url": {
1842
+ "ignore_above": 1024,
1843
+ "type": "keyword"
1844
+ },
1845
+ "version": {
1846
+ "ignore_above": 1024,
1847
+ "type": "keyword"
1848
+ }
1849
+ }
1850
+ },
1851
+ "namespace": {
1852
+ "ignore_above": 1024,
1853
+ "type": "keyword"
1854
+ },
1855
+ "organization": {
1856
+ "ignore_above": 1024,
1857
+ "type": "keyword"
1858
+ },
1859
+ "resource": {
1860
+ "properties": {
1861
+ "name": {
1862
+ "ignore_above": 1024,
1863
+ "type": "keyword"
1864
+ },
1865
+ "type": {
1866
+ "ignore_above": 1024,
1867
+ "type": "keyword"
1868
+ }
1869
+ }
1870
+ },
1871
+ "type": {
1872
+ "ignore_above": 1024,
1873
+ "type": "keyword"
1874
+ }
1875
+ }
1876
+ },
1877
+ "organization": {
1878
+ "properties": {
1879
+ "id": {
1880
+ "ignore_above": 1024,
1881
+ "type": "keyword"
1882
+ },
1883
+ "name": {
1884
+ "fields": {
1885
+ "text": {
1886
+ "norms": false,
1887
+ "type": "text"
1888
+ }
1889
+ },
1890
+ "ignore_above": 1024,
1891
+ "type": "keyword"
1892
+ }
1893
+ }
1894
+ },
1895
+ "package": {
1896
+ "properties": {
1897
+ "architecture": {
1898
+ "ignore_above": 1024,
1899
+ "type": "keyword"
1900
+ },
1901
+ "build_version": {
1902
+ "ignore_above": 1024,
1903
+ "type": "keyword"
1904
+ },
1905
+ "checksum": {
1906
+ "ignore_above": 1024,
1907
+ "type": "keyword"
1908
+ },
1909
+ "description": {
1910
+ "ignore_above": 1024,
1911
+ "type": "keyword"
1912
+ },
1913
+ "install_scope": {
1914
+ "ignore_above": 1024,
1915
+ "type": "keyword"
1916
+ },
1917
+ "installed": {
1918
+ "type": "date"
1919
+ },
1920
+ "license": {
1921
+ "ignore_above": 1024,
1922
+ "type": "keyword"
1923
+ },
1924
+ "name": {
1925
+ "ignore_above": 1024,
1926
+ "type": "keyword"
1927
+ },
1928
+ "path": {
1929
+ "ignore_above": 1024,
1930
+ "type": "keyword"
1931
+ },
1932
+ "reference": {
1933
+ "ignore_above": 1024,
1934
+ "type": "keyword"
1935
+ },
1936
+ "size": {
1937
+ "type": "long"
1938
+ },
1939
+ "type": {
1940
+ "ignore_above": 1024,
1941
+ "type": "keyword"
1942
+ },
1943
+ "version": {
1944
+ "ignore_above": 1024,
1945
+ "type": "keyword"
1946
+ }
1947
+ }
1948
+ },
1949
+ "process": {
1950
+ "properties": {
1951
+ "args": {
1952
+ "ignore_above": 1024,
1953
+ "type": "keyword"
1954
+ },
1955
+ "args_count": {
1956
+ "type": "long"
1957
+ },
1958
+ "code_signature": {
1959
+ "properties": {
1960
+ "exists": {
1961
+ "type": "boolean"
1962
+ },
1963
+ "signing_id": {
1964
+ "ignore_above": 1024,
1965
+ "type": "keyword"
1966
+ },
1967
+ "status": {
1968
+ "ignore_above": 1024,
1969
+ "type": "keyword"
1970
+ },
1971
+ "subject_name": {
1972
+ "ignore_above": 1024,
1973
+ "type": "keyword"
1974
+ },
1975
+ "team_id": {
1976
+ "ignore_above": 1024,
1977
+ "type": "keyword"
1978
+ },
1979
+ "trusted": {
1980
+ "type": "boolean"
1981
+ },
1982
+ "valid": {
1983
+ "type": "boolean"
1984
+ }
1985
+ }
1986
+ },
1987
+ "command_line": {
1988
+ "fields": {
1989
+ "text": {
1990
+ "norms": false,
1991
+ "type": "text"
1992
+ }
1993
+ },
1994
+ "ignore_above": 1024,
1995
+ "type": "keyword"
1996
+ },
1997
+ "entity_id": {
1998
+ "ignore_above": 1024,
1999
+ "type": "keyword"
2000
+ },
2001
+ "executable": {
2002
+ "fields": {
2003
+ "text": {
2004
+ "norms": false,
2005
+ "type": "text"
2006
+ }
2007
+ },
2008
+ "ignore_above": 1024,
2009
+ "type": "keyword"
2010
+ },
2011
+ "exit_code": {
2012
+ "type": "long"
2013
+ },
2014
+ "hash": {
2015
+ "properties": {
2016
+ "md5": {
2017
+ "ignore_above": 1024,
2018
+ "type": "keyword"
2019
+ },
2020
+ "sha1": {
2021
+ "ignore_above": 1024,
2022
+ "type": "keyword"
2023
+ },
2024
+ "sha256": {
2025
+ "ignore_above": 1024,
2026
+ "type": "keyword"
2027
+ },
2028
+ "sha512": {
2029
+ "ignore_above": 1024,
2030
+ "type": "keyword"
2031
+ },
2032
+ "ssdeep": {
2033
+ "ignore_above": 1024,
2034
+ "type": "keyword"
2035
+ }
2036
+ }
2037
+ },
2038
+ "name": {
2039
+ "fields": {
2040
+ "text": {
2041
+ "norms": false,
2042
+ "type": "text"
2043
+ }
2044
+ },
2045
+ "ignore_above": 1024,
2046
+ "type": "keyword"
2047
+ },
2048
+ "parent": {
2049
+ "properties": {
2050
+ "args": {
2051
+ "ignore_above": 1024,
2052
+ "type": "keyword"
2053
+ },
2054
+ "args_count": {
2055
+ "type": "long"
2056
+ },
2057
+ "code_signature": {
2058
+ "properties": {
2059
+ "exists": {
2060
+ "type": "boolean"
2061
+ },
2062
+ "signing_id": {
2063
+ "ignore_above": 1024,
2064
+ "type": "keyword"
2065
+ },
2066
+ "status": {
2067
+ "ignore_above": 1024,
2068
+ "type": "keyword"
2069
+ },
2070
+ "subject_name": {
2071
+ "ignore_above": 1024,
2072
+ "type": "keyword"
2073
+ },
2074
+ "team_id": {
2075
+ "ignore_above": 1024,
2076
+ "type": "keyword"
2077
+ },
2078
+ "trusted": {
2079
+ "type": "boolean"
2080
+ },
2081
+ "valid": {
2082
+ "type": "boolean"
2083
+ }
2084
+ }
2085
+ },
2086
+ "command_line": {
2087
+ "fields": {
2088
+ "text": {
2089
+ "norms": false,
2090
+ "type": "text"
2091
+ }
2092
+ },
2093
+ "ignore_above": 1024,
2094
+ "type": "keyword"
2095
+ },
2096
+ "entity_id": {
2097
+ "ignore_above": 1024,
2098
+ "type": "keyword"
2099
+ },
2100
+ "executable": {
2101
+ "fields": {
2102
+ "text": {
2103
+ "norms": false,
2104
+ "type": "text"
2105
+ }
2106
+ },
2107
+ "ignore_above": 1024,
2108
+ "type": "keyword"
2109
+ },
2110
+ "exit_code": {
2111
+ "type": "long"
2112
+ },
2113
+ "hash": {
2114
+ "properties": {
2115
+ "md5": {
2116
+ "ignore_above": 1024,
2117
+ "type": "keyword"
2118
+ },
2119
+ "sha1": {
2120
+ "ignore_above": 1024,
2121
+ "type": "keyword"
2122
+ },
2123
+ "sha256": {
2124
+ "ignore_above": 1024,
2125
+ "type": "keyword"
2126
+ },
2127
+ "sha512": {
2128
+ "ignore_above": 1024,
2129
+ "type": "keyword"
2130
+ },
2131
+ "ssdeep": {
2132
+ "ignore_above": 1024,
2133
+ "type": "keyword"
2134
+ }
2135
+ }
2136
+ },
2137
+ "name": {
2138
+ "fields": {
2139
+ "text": {
2140
+ "norms": false,
2141
+ "type": "text"
2142
+ }
2143
+ },
2144
+ "ignore_above": 1024,
2145
+ "type": "keyword"
2146
+ },
2147
+ "pe": {
2148
+ "properties": {
2149
+ "architecture": {
2150
+ "ignore_above": 1024,
2151
+ "type": "keyword"
2152
+ },
2153
+ "company": {
2154
+ "ignore_above": 1024,
2155
+ "type": "keyword"
2156
+ },
2157
+ "description": {
2158
+ "ignore_above": 1024,
2159
+ "type": "keyword"
2160
+ },
2161
+ "file_version": {
2162
+ "ignore_above": 1024,
2163
+ "type": "keyword"
2164
+ },
2165
+ "imphash": {
2166
+ "ignore_above": 1024,
2167
+ "type": "keyword"
2168
+ },
2169
+ "original_file_name": {
2170
+ "ignore_above": 1024,
2171
+ "type": "keyword"
2172
+ },
2173
+ "product": {
2174
+ "ignore_above": 1024,
2175
+ "type": "keyword"
2176
+ }
2177
+ }
2178
+ },
2179
+ "pgid": {
2180
+ "type": "long"
2181
+ },
2182
+ "pid": {
2183
+ "type": "long"
2184
+ },
2185
+ "ppid": {
2186
+ "type": "long"
2187
+ },
2188
+ "start": {
2189
+ "type": "date"
2190
+ },
2191
+ "thread": {
2192
+ "properties": {
2193
+ "id": {
2194
+ "type": "long"
2195
+ },
2196
+ "name": {
2197
+ "ignore_above": 1024,
2198
+ "type": "keyword"
2199
+ }
2200
+ }
2201
+ },
2202
+ "title": {
2203
+ "fields": {
2204
+ "text": {
2205
+ "norms": false,
2206
+ "type": "text"
2207
+ }
2208
+ },
2209
+ "ignore_above": 1024,
2210
+ "type": "keyword"
2211
+ },
2212
+ "uptime": {
2213
+ "type": "long"
2214
+ },
2215
+ "working_directory": {
2216
+ "fields": {
2217
+ "text": {
2218
+ "norms": false,
2219
+ "type": "text"
2220
+ }
2221
+ },
2222
+ "ignore_above": 1024,
2223
+ "type": "keyword"
2224
+ }
2225
+ }
2226
+ },
2227
+ "pe": {
2228
+ "properties": {
2229
+ "architecture": {
2230
+ "ignore_above": 1024,
2231
+ "type": "keyword"
2232
+ },
2233
+ "company": {
2234
+ "ignore_above": 1024,
2235
+ "type": "keyword"
2236
+ },
2237
+ "description": {
2238
+ "ignore_above": 1024,
2239
+ "type": "keyword"
2240
+ },
2241
+ "file_version": {
2242
+ "ignore_above": 1024,
2243
+ "type": "keyword"
2244
+ },
2245
+ "imphash": {
2246
+ "ignore_above": 1024,
2247
+ "type": "keyword"
2248
+ },
2249
+ "original_file_name": {
2250
+ "ignore_above": 1024,
2251
+ "type": "keyword"
2252
+ },
2253
+ "product": {
2254
+ "ignore_above": 1024,
2255
+ "type": "keyword"
2256
+ }
2257
+ }
2258
+ },
2259
+ "pgid": {
2260
+ "type": "long"
2261
+ },
2262
+ "pid": {
2263
+ "type": "long"
2264
+ },
2265
+ "ppid": {
2266
+ "type": "long"
2267
+ },
2268
+ "start": {
2269
+ "type": "date"
2270
+ },
2271
+ "thread": {
2272
+ "properties": {
2273
+ "id": {
2274
+ "type": "long"
2275
+ },
2276
+ "name": {
2277
+ "ignore_above": 1024,
2278
+ "type": "keyword"
2279
+ }
2280
+ }
2281
+ },
2282
+ "title": {
2283
+ "fields": {
2284
+ "text": {
2285
+ "norms": false,
2286
+ "type": "text"
2287
+ }
2288
+ },
2289
+ "ignore_above": 1024,
2290
+ "type": "keyword"
2291
+ },
2292
+ "uptime": {
2293
+ "type": "long"
2294
+ },
2295
+ "working_directory": {
2296
+ "fields": {
2297
+ "text": {
2298
+ "norms": false,
2299
+ "type": "text"
2300
+ }
2301
+ },
2302
+ "ignore_above": 1024,
2303
+ "type": "keyword"
2304
+ }
2305
+ }
2306
+ },
2307
+ "registry": {
2308
+ "properties": {
2309
+ "data": {
2310
+ "properties": {
2311
+ "bytes": {
2312
+ "ignore_above": 1024,
2313
+ "type": "keyword"
2314
+ },
2315
+ "strings": {
2316
+ "ignore_above": 1024,
2317
+ "type": "keyword"
2318
+ },
2319
+ "type": {
2320
+ "ignore_above": 1024,
2321
+ "type": "keyword"
2322
+ }
2323
+ }
2324
+ },
2325
+ "hive": {
2326
+ "ignore_above": 1024,
2327
+ "type": "keyword"
2328
+ },
2329
+ "key": {
2330
+ "ignore_above": 1024,
2331
+ "type": "keyword"
2332
+ },
2333
+ "path": {
2334
+ "ignore_above": 1024,
2335
+ "type": "keyword"
2336
+ },
2337
+ "value": {
2338
+ "ignore_above": 1024,
2339
+ "type": "keyword"
2340
+ }
2341
+ }
2342
+ },
2343
+ "related": {
2344
+ "properties": {
2345
+ "hash": {
2346
+ "ignore_above": 1024,
2347
+ "type": "keyword"
2348
+ },
2349
+ "hosts": {
2350
+ "ignore_above": 1024,
2351
+ "type": "keyword"
2352
+ },
2353
+ "ip": {
2354
+ "type": "ip"
2355
+ },
2356
+ "user": {
2357
+ "ignore_above": 1024,
2358
+ "type": "keyword"
2359
+ }
2360
+ }
2361
+ },
2362
+ "rule": {
2363
+ "properties": {
2364
+ "author": {
2365
+ "ignore_above": 1024,
2366
+ "type": "keyword"
2367
+ },
2368
+ "category": {
2369
+ "ignore_above": 1024,
2370
+ "type": "keyword"
2371
+ },
2372
+ "description": {
2373
+ "ignore_above": 1024,
2374
+ "type": "keyword"
2375
+ },
2376
+ "id": {
2377
+ "ignore_above": 1024,
2378
+ "type": "keyword"
2379
+ },
2380
+ "license": {
2381
+ "ignore_above": 1024,
2382
+ "type": "keyword"
2383
+ },
2384
+ "name": {
2385
+ "ignore_above": 1024,
2386
+ "type": "keyword"
2387
+ },
2388
+ "reference": {
2389
+ "ignore_above": 1024,
2390
+ "type": "keyword"
2391
+ },
2392
+ "ruleset": {
2393
+ "ignore_above": 1024,
2394
+ "type": "keyword"
2395
+ },
2396
+ "uuid": {
2397
+ "ignore_above": 1024,
2398
+ "type": "keyword"
2399
+ },
2400
+ "version": {
2401
+ "ignore_above": 1024,
2402
+ "type": "keyword"
2403
+ }
2404
+ }
2405
+ },
2406
+ "server": {
2407
+ "properties": {
2408
+ "address": {
2409
+ "ignore_above": 1024,
2410
+ "type": "keyword"
2411
+ },
2412
+ "as": {
2413
+ "properties": {
2414
+ "number": {
2415
+ "type": "long"
2416
+ },
2417
+ "organization": {
2418
+ "properties": {
2419
+ "name": {
2420
+ "fields": {
2421
+ "text": {
2422
+ "norms": false,
2423
+ "type": "text"
2424
+ }
2425
+ },
2426
+ "ignore_above": 1024,
2427
+ "type": "keyword"
2428
+ }
2429
+ }
2430
+ }
2431
+ }
2432
+ },
2433
+ "bytes": {
2434
+ "type": "long"
2435
+ },
2436
+ "domain": {
2437
+ "ignore_above": 1024,
2438
+ "type": "keyword"
2439
+ },
2440
+ "geo": {
2441
+ "properties": {
2442
+ "city_name": {
2443
+ "ignore_above": 1024,
2444
+ "type": "keyword"
2445
+ },
2446
+ "continent_code": {
2447
+ "ignore_above": 1024,
2448
+ "type": "keyword"
2449
+ },
2450
+ "continent_name": {
2451
+ "ignore_above": 1024,
2452
+ "type": "keyword"
2453
+ },
2454
+ "country_iso_code": {
2455
+ "ignore_above": 1024,
2456
+ "type": "keyword"
2457
+ },
2458
+ "country_name": {
2459
+ "ignore_above": 1024,
2460
+ "type": "keyword"
2461
+ },
2462
+ "location": {
2463
+ "type": "geo_point"
2464
+ },
2465
+ "name": {
2466
+ "ignore_above": 1024,
2467
+ "type": "keyword"
2468
+ },
2469
+ "postal_code": {
2470
+ "ignore_above": 1024,
2471
+ "type": "keyword"
2472
+ },
2473
+ "region_iso_code": {
2474
+ "ignore_above": 1024,
2475
+ "type": "keyword"
2476
+ },
2477
+ "region_name": {
2478
+ "ignore_above": 1024,
2479
+ "type": "keyword"
2480
+ },
2481
+ "timezone": {
2482
+ "ignore_above": 1024,
2483
+ "type": "keyword"
2484
+ }
2485
+ }
2486
+ },
2487
+ "ip": {
2488
+ "type": "ip"
2489
+ },
2490
+ "mac": {
2491
+ "ignore_above": 1024,
2492
+ "type": "keyword"
2493
+ },
2494
+ "nat": {
2495
+ "properties": {
2496
+ "ip": {
2497
+ "type": "ip"
2498
+ },
2499
+ "port": {
2500
+ "type": "long"
2501
+ }
2502
+ }
2503
+ },
2504
+ "packets": {
2505
+ "type": "long"
2506
+ },
2507
+ "port": {
2508
+ "type": "long"
2509
+ },
2510
+ "registered_domain": {
2511
+ "ignore_above": 1024,
2512
+ "type": "keyword"
2513
+ },
2514
+ "subdomain": {
2515
+ "ignore_above": 1024,
2516
+ "type": "keyword"
2517
+ },
2518
+ "top_level_domain": {
2519
+ "ignore_above": 1024,
2520
+ "type": "keyword"
2521
+ },
2522
+ "user": {
2523
+ "properties": {
2524
+ "domain": {
2525
+ "ignore_above": 1024,
2526
+ "type": "keyword"
2527
+ },
2528
+ "email": {
2529
+ "ignore_above": 1024,
2530
+ "type": "keyword"
2531
+ },
2532
+ "full_name": {
2533
+ "fields": {
2534
+ "text": {
2535
+ "norms": false,
2536
+ "type": "text"
2537
+ }
2538
+ },
2539
+ "ignore_above": 1024,
2540
+ "type": "keyword"
2541
+ },
2542
+ "group": {
2543
+ "properties": {
2544
+ "domain": {
2545
+ "ignore_above": 1024,
2546
+ "type": "keyword"
2547
+ },
2548
+ "id": {
2549
+ "ignore_above": 1024,
2550
+ "type": "keyword"
2551
+ },
2552
+ "name": {
2553
+ "ignore_above": 1024,
2554
+ "type": "keyword"
2555
+ }
2556
+ }
2557
+ },
2558
+ "hash": {
2559
+ "ignore_above": 1024,
2560
+ "type": "keyword"
2561
+ },
2562
+ "id": {
2563
+ "ignore_above": 1024,
2564
+ "type": "keyword"
2565
+ },
2566
+ "name": {
2567
+ "fields": {
2568
+ "text": {
2569
+ "norms": false,
2570
+ "type": "text"
2571
+ }
2572
+ },
2573
+ "ignore_above": 1024,
2574
+ "type": "keyword"
2575
+ },
2576
+ "roles": {
2577
+ "ignore_above": 1024,
2578
+ "type": "keyword"
2579
+ }
2580
+ }
2581
+ }
2582
+ }
2583
+ },
2584
+ "service": {
2585
+ "properties": {
2586
+ "ephemeral_id": {
2587
+ "ignore_above": 1024,
2588
+ "type": "keyword"
2589
+ },
2590
+ "id": {
2591
+ "ignore_above": 1024,
2592
+ "type": "keyword"
2593
+ },
2594
+ "name": {
2595
+ "ignore_above": 1024,
2596
+ "type": "keyword"
2597
+ },
2598
+ "node": {
2599
+ "properties": {
2600
+ "name": {
2601
+ "ignore_above": 1024,
2602
+ "type": "keyword"
2603
+ }
2604
+ }
2605
+ },
2606
+ "state": {
2607
+ "ignore_above": 1024,
2608
+ "type": "keyword"
2609
+ },
2610
+ "type": {
2611
+ "ignore_above": 1024,
2612
+ "type": "keyword"
2613
+ },
2614
+ "version": {
2615
+ "ignore_above": 1024,
2616
+ "type": "keyword"
2617
+ }
2618
+ }
2619
+ },
2620
+ "source": {
2621
+ "properties": {
2622
+ "address": {
2623
+ "ignore_above": 1024,
2624
+ "type": "keyword"
2625
+ },
2626
+ "as": {
2627
+ "properties": {
2628
+ "number": {
2629
+ "type": "long"
2630
+ },
2631
+ "organization": {
2632
+ "properties": {
2633
+ "name": {
2634
+ "fields": {
2635
+ "text": {
2636
+ "norms": false,
2637
+ "type": "text"
2638
+ }
2639
+ },
2640
+ "ignore_above": 1024,
2641
+ "type": "keyword"
2642
+ }
2643
+ }
2644
+ }
2645
+ }
2646
+ },
2647
+ "bytes": {
2648
+ "type": "long"
2649
+ },
2650
+ "domain": {
2651
+ "ignore_above": 1024,
2652
+ "type": "keyword"
2653
+ },
2654
+ "geo": {
2655
+ "properties": {
2656
+ "city_name": {
2657
+ "ignore_above": 1024,
2658
+ "type": "keyword"
2659
+ },
2660
+ "continent_code": {
2661
+ "ignore_above": 1024,
2662
+ "type": "keyword"
2663
+ },
2664
+ "continent_name": {
2665
+ "ignore_above": 1024,
2666
+ "type": "keyword"
2667
+ },
2668
+ "country_iso_code": {
2669
+ "ignore_above": 1024,
2670
+ "type": "keyword"
2671
+ },
2672
+ "country_name": {
2673
+ "ignore_above": 1024,
2674
+ "type": "keyword"
2675
+ },
2676
+ "location": {
2677
+ "type": "geo_point"
2678
+ },
2679
+ "name": {
2680
+ "ignore_above": 1024,
2681
+ "type": "keyword"
2682
+ },
2683
+ "postal_code": {
2684
+ "ignore_above": 1024,
2685
+ "type": "keyword"
2686
+ },
2687
+ "region_iso_code": {
2688
+ "ignore_above": 1024,
2689
+ "type": "keyword"
2690
+ },
2691
+ "region_name": {
2692
+ "ignore_above": 1024,
2693
+ "type": "keyword"
2694
+ },
2695
+ "timezone": {
2696
+ "ignore_above": 1024,
2697
+ "type": "keyword"
2698
+ }
2699
+ }
2700
+ },
2701
+ "ip": {
2702
+ "type": "ip"
2703
+ },
2704
+ "mac": {
2705
+ "ignore_above": 1024,
2706
+ "type": "keyword"
2707
+ },
2708
+ "nat": {
2709
+ "properties": {
2710
+ "ip": {
2711
+ "type": "ip"
2712
+ },
2713
+ "port": {
2714
+ "type": "long"
2715
+ }
2716
+ }
2717
+ },
2718
+ "packets": {
2719
+ "type": "long"
2720
+ },
2721
+ "port": {
2722
+ "type": "long"
2723
+ },
2724
+ "registered_domain": {
2725
+ "ignore_above": 1024,
2726
+ "type": "keyword"
2727
+ },
2728
+ "subdomain": {
2729
+ "ignore_above": 1024,
2730
+ "type": "keyword"
2731
+ },
2732
+ "top_level_domain": {
2733
+ "ignore_above": 1024,
2734
+ "type": "keyword"
2735
+ },
2736
+ "user": {
2737
+ "properties": {
2738
+ "domain": {
2739
+ "ignore_above": 1024,
2740
+ "type": "keyword"
2741
+ },
2742
+ "email": {
2743
+ "ignore_above": 1024,
2744
+ "type": "keyword"
2745
+ },
2746
+ "full_name": {
2747
+ "fields": {
2748
+ "text": {
2749
+ "norms": false,
2750
+ "type": "text"
2751
+ }
2752
+ },
2753
+ "ignore_above": 1024,
2754
+ "type": "keyword"
2755
+ },
2756
+ "group": {
2757
+ "properties": {
2758
+ "domain": {
2759
+ "ignore_above": 1024,
2760
+ "type": "keyword"
2761
+ },
2762
+ "id": {
2763
+ "ignore_above": 1024,
2764
+ "type": "keyword"
2765
+ },
2766
+ "name": {
2767
+ "ignore_above": 1024,
2768
+ "type": "keyword"
2769
+ }
2770
+ }
2771
+ },
2772
+ "hash": {
2773
+ "ignore_above": 1024,
2774
+ "type": "keyword"
2775
+ },
2776
+ "id": {
2777
+ "ignore_above": 1024,
2778
+ "type": "keyword"
2779
+ },
2780
+ "name": {
2781
+ "fields": {
2782
+ "text": {
2783
+ "norms": false,
2784
+ "type": "text"
2785
+ }
2786
+ },
2787
+ "ignore_above": 1024,
2788
+ "type": "keyword"
2789
+ },
2790
+ "roles": {
2791
+ "ignore_above": 1024,
2792
+ "type": "keyword"
2793
+ }
2794
+ }
2795
+ }
2796
+ }
2797
+ },
2798
+ "span": {
2799
+ "properties": {
2800
+ "id": {
2801
+ "ignore_above": 1024,
2802
+ "type": "keyword"
2803
+ }
2804
+ }
2805
+ },
2806
+ "tags": {
2807
+ "ignore_above": 1024,
2808
+ "type": "keyword"
2809
+ },
2810
+ "threat": {
2811
+ "properties": {
2812
+ "framework": {
2813
+ "ignore_above": 1024,
2814
+ "type": "keyword"
2815
+ },
2816
+ "tactic": {
2817
+ "properties": {
2818
+ "id": {
2819
+ "ignore_above": 1024,
2820
+ "type": "keyword"
2821
+ },
2822
+ "name": {
2823
+ "ignore_above": 1024,
2824
+ "type": "keyword"
2825
+ },
2826
+ "reference": {
2827
+ "ignore_above": 1024,
2828
+ "type": "keyword"
2829
+ }
2830
+ }
2831
+ },
2832
+ "technique": {
2833
+ "properties": {
2834
+ "id": {
2835
+ "ignore_above": 1024,
2836
+ "type": "keyword"
2837
+ },
2838
+ "name": {
2839
+ "fields": {
2840
+ "text": {
2841
+ "norms": false,
2842
+ "type": "text"
2843
+ }
2844
+ },
2845
+ "ignore_above": 1024,
2846
+ "type": "keyword"
2847
+ },
2848
+ "reference": {
2849
+ "ignore_above": 1024,
2850
+ "type": "keyword"
2851
+ },
2852
+ "subtechnique": {
2853
+ "properties": {
2854
+ "id": {
2855
+ "ignore_above": 1024,
2856
+ "type": "keyword"
2857
+ },
2858
+ "name": {
2859
+ "fields": {
2860
+ "text": {
2861
+ "norms": false,
2862
+ "type": "text"
2863
+ }
2864
+ },
2865
+ "ignore_above": 1024,
2866
+ "type": "keyword"
2867
+ },
2868
+ "reference": {
2869
+ "ignore_above": 1024,
2870
+ "type": "keyword"
2871
+ }
2872
+ }
2873
+ }
2874
+ }
2875
+ }
2876
+ }
2877
+ },
2878
+ "tls": {
2879
+ "properties": {
2880
+ "cipher": {
2881
+ "ignore_above": 1024,
2882
+ "type": "keyword"
2883
+ },
2884
+ "client": {
2885
+ "properties": {
2886
+ "certificate": {
2887
+ "ignore_above": 1024,
2888
+ "type": "keyword"
2889
+ },
2890
+ "certificate_chain": {
2891
+ "ignore_above": 1024,
2892
+ "type": "keyword"
2893
+ },
2894
+ "hash": {
2895
+ "properties": {
2896
+ "md5": {
2897
+ "ignore_above": 1024,
2898
+ "type": "keyword"
2899
+ },
2900
+ "sha1": {
2901
+ "ignore_above": 1024,
2902
+ "type": "keyword"
2903
+ },
2904
+ "sha256": {
2905
+ "ignore_above": 1024,
2906
+ "type": "keyword"
2907
+ }
2908
+ }
2909
+ },
2910
+ "issuer": {
2911
+ "ignore_above": 1024,
2912
+ "type": "keyword"
2913
+ },
2914
+ "ja3": {
2915
+ "ignore_above": 1024,
2916
+ "type": "keyword"
2917
+ },
2918
+ "not_after": {
2919
+ "type": "date"
2920
+ },
2921
+ "not_before": {
2922
+ "type": "date"
2923
+ },
2924
+ "server_name": {
2925
+ "ignore_above": 1024,
2926
+ "type": "keyword"
2927
+ },
2928
+ "subject": {
2929
+ "ignore_above": 1024,
2930
+ "type": "keyword"
2931
+ },
2932
+ "supported_ciphers": {
2933
+ "ignore_above": 1024,
2934
+ "type": "keyword"
2935
+ },
2936
+ "x509": {
2937
+ "properties": {
2938
+ "alternative_names": {
2939
+ "ignore_above": 1024,
2940
+ "type": "keyword"
2941
+ },
2942
+ "issuer": {
2943
+ "properties": {
2944
+ "common_name": {
2945
+ "ignore_above": 1024,
2946
+ "type": "keyword"
2947
+ },
2948
+ "country": {
2949
+ "ignore_above": 1024,
2950
+ "type": "keyword"
2951
+ },
2952
+ "distinguished_name": {
2953
+ "ignore_above": 1024,
2954
+ "type": "keyword"
2955
+ },
2956
+ "locality": {
2957
+ "ignore_above": 1024,
2958
+ "type": "keyword"
2959
+ },
2960
+ "organization": {
2961
+ "ignore_above": 1024,
2962
+ "type": "keyword"
2963
+ },
2964
+ "organizational_unit": {
2965
+ "ignore_above": 1024,
2966
+ "type": "keyword"
2967
+ },
2968
+ "state_or_province": {
2969
+ "ignore_above": 1024,
2970
+ "type": "keyword"
2971
+ }
2972
+ }
2973
+ },
2974
+ "not_after": {
2975
+ "type": "date"
2976
+ },
2977
+ "not_before": {
2978
+ "type": "date"
2979
+ },
2980
+ "public_key_algorithm": {
2981
+ "ignore_above": 1024,
2982
+ "type": "keyword"
2983
+ },
2984
+ "public_key_curve": {
2985
+ "ignore_above": 1024,
2986
+ "type": "keyword"
2987
+ },
2988
+ "public_key_exponent": {
2989
+ "doc_values": false,
2990
+ "index": false,
2991
+ "type": "long"
2992
+ },
2993
+ "public_key_size": {
2994
+ "type": "long"
2995
+ },
2996
+ "serial_number": {
2997
+ "ignore_above": 1024,
2998
+ "type": "keyword"
2999
+ },
3000
+ "signature_algorithm": {
3001
+ "ignore_above": 1024,
3002
+ "type": "keyword"
3003
+ },
3004
+ "subject": {
3005
+ "properties": {
3006
+ "common_name": {
3007
+ "ignore_above": 1024,
3008
+ "type": "keyword"
3009
+ },
3010
+ "country": {
3011
+ "ignore_above": 1024,
3012
+ "type": "keyword"
3013
+ },
3014
+ "distinguished_name": {
3015
+ "ignore_above": 1024,
3016
+ "type": "keyword"
3017
+ },
3018
+ "locality": {
3019
+ "ignore_above": 1024,
3020
+ "type": "keyword"
3021
+ },
3022
+ "organization": {
3023
+ "ignore_above": 1024,
3024
+ "type": "keyword"
3025
+ },
3026
+ "organizational_unit": {
3027
+ "ignore_above": 1024,
3028
+ "type": "keyword"
3029
+ },
3030
+ "state_or_province": {
3031
+ "ignore_above": 1024,
3032
+ "type": "keyword"
3033
+ }
3034
+ }
3035
+ },
3036
+ "version_number": {
3037
+ "ignore_above": 1024,
3038
+ "type": "keyword"
3039
+ }
3040
+ }
3041
+ }
3042
+ }
3043
+ },
3044
+ "curve": {
3045
+ "ignore_above": 1024,
3046
+ "type": "keyword"
3047
+ },
3048
+ "established": {
3049
+ "type": "boolean"
3050
+ },
3051
+ "next_protocol": {
3052
+ "ignore_above": 1024,
3053
+ "type": "keyword"
3054
+ },
3055
+ "resumed": {
3056
+ "type": "boolean"
3057
+ },
3058
+ "server": {
3059
+ "properties": {
3060
+ "certificate": {
3061
+ "ignore_above": 1024,
3062
+ "type": "keyword"
3063
+ },
3064
+ "certificate_chain": {
3065
+ "ignore_above": 1024,
3066
+ "type": "keyword"
3067
+ },
3068
+ "hash": {
3069
+ "properties": {
3070
+ "md5": {
3071
+ "ignore_above": 1024,
3072
+ "type": "keyword"
3073
+ },
3074
+ "sha1": {
3075
+ "ignore_above": 1024,
3076
+ "type": "keyword"
3077
+ },
3078
+ "sha256": {
3079
+ "ignore_above": 1024,
3080
+ "type": "keyword"
3081
+ }
3082
+ }
3083
+ },
3084
+ "issuer": {
3085
+ "ignore_above": 1024,
3086
+ "type": "keyword"
3087
+ },
3088
+ "ja3s": {
3089
+ "ignore_above": 1024,
3090
+ "type": "keyword"
3091
+ },
3092
+ "not_after": {
3093
+ "type": "date"
3094
+ },
3095
+ "not_before": {
3096
+ "type": "date"
3097
+ },
3098
+ "subject": {
3099
+ "ignore_above": 1024,
3100
+ "type": "keyword"
3101
+ },
3102
+ "x509": {
3103
+ "properties": {
3104
+ "alternative_names": {
3105
+ "ignore_above": 1024,
3106
+ "type": "keyword"
3107
+ },
3108
+ "issuer": {
3109
+ "properties": {
3110
+ "common_name": {
3111
+ "ignore_above": 1024,
3112
+ "type": "keyword"
3113
+ },
3114
+ "country": {
3115
+ "ignore_above": 1024,
3116
+ "type": "keyword"
3117
+ },
3118
+ "distinguished_name": {
3119
+ "ignore_above": 1024,
3120
+ "type": "keyword"
3121
+ },
3122
+ "locality": {
3123
+ "ignore_above": 1024,
3124
+ "type": "keyword"
3125
+ },
3126
+ "organization": {
3127
+ "ignore_above": 1024,
3128
+ "type": "keyword"
3129
+ },
3130
+ "organizational_unit": {
3131
+ "ignore_above": 1024,
3132
+ "type": "keyword"
3133
+ },
3134
+ "state_or_province": {
3135
+ "ignore_above": 1024,
3136
+ "type": "keyword"
3137
+ }
3138
+ }
3139
+ },
3140
+ "not_after": {
3141
+ "type": "date"
3142
+ },
3143
+ "not_before": {
3144
+ "type": "date"
3145
+ },
3146
+ "public_key_algorithm": {
3147
+ "ignore_above": 1024,
3148
+ "type": "keyword"
3149
+ },
3150
+ "public_key_curve": {
3151
+ "ignore_above": 1024,
3152
+ "type": "keyword"
3153
+ },
3154
+ "public_key_exponent": {
3155
+ "doc_values": false,
3156
+ "index": false,
3157
+ "type": "long"
3158
+ },
3159
+ "public_key_size": {
3160
+ "type": "long"
3161
+ },
3162
+ "serial_number": {
3163
+ "ignore_above": 1024,
3164
+ "type": "keyword"
3165
+ },
3166
+ "signature_algorithm": {
3167
+ "ignore_above": 1024,
3168
+ "type": "keyword"
3169
+ },
3170
+ "subject": {
3171
+ "properties": {
3172
+ "common_name": {
3173
+ "ignore_above": 1024,
3174
+ "type": "keyword"
3175
+ },
3176
+ "country": {
3177
+ "ignore_above": 1024,
3178
+ "type": "keyword"
3179
+ },
3180
+ "distinguished_name": {
3181
+ "ignore_above": 1024,
3182
+ "type": "keyword"
3183
+ },
3184
+ "locality": {
3185
+ "ignore_above": 1024,
3186
+ "type": "keyword"
3187
+ },
3188
+ "organization": {
3189
+ "ignore_above": 1024,
3190
+ "type": "keyword"
3191
+ },
3192
+ "organizational_unit": {
3193
+ "ignore_above": 1024,
3194
+ "type": "keyword"
3195
+ },
3196
+ "state_or_province": {
3197
+ "ignore_above": 1024,
3198
+ "type": "keyword"
3199
+ }
3200
+ }
3201
+ },
3202
+ "version_number": {
3203
+ "ignore_above": 1024,
3204
+ "type": "keyword"
3205
+ }
3206
+ }
3207
+ }
3208
+ }
3209
+ },
3210
+ "version": {
3211
+ "ignore_above": 1024,
3212
+ "type": "keyword"
3213
+ },
3214
+ "version_protocol": {
3215
+ "ignore_above": 1024,
3216
+ "type": "keyword"
3217
+ }
3218
+ }
3219
+ },
3220
+ "trace": {
3221
+ "properties": {
3222
+ "id": {
3223
+ "ignore_above": 1024,
3224
+ "type": "keyword"
3225
+ }
3226
+ }
3227
+ },
3228
+ "transaction": {
3229
+ "properties": {
3230
+ "id": {
3231
+ "ignore_above": 1024,
3232
+ "type": "keyword"
3233
+ }
3234
+ }
3235
+ },
3236
+ "url": {
3237
+ "properties": {
3238
+ "domain": {
3239
+ "ignore_above": 1024,
3240
+ "type": "keyword"
3241
+ },
3242
+ "extension": {
3243
+ "ignore_above": 1024,
3244
+ "type": "keyword"
3245
+ },
3246
+ "fragment": {
3247
+ "ignore_above": 1024,
3248
+ "type": "keyword"
3249
+ },
3250
+ "full": {
3251
+ "fields": {
3252
+ "text": {
3253
+ "norms": false,
3254
+ "type": "text"
3255
+ }
3256
+ },
3257
+ "ignore_above": 1024,
3258
+ "type": "keyword"
3259
+ },
3260
+ "original": {
3261
+ "fields": {
3262
+ "text": {
3263
+ "norms": false,
3264
+ "type": "text"
3265
+ }
3266
+ },
3267
+ "ignore_above": 1024,
3268
+ "type": "keyword"
3269
+ },
3270
+ "password": {
3271
+ "ignore_above": 1024,
3272
+ "type": "keyword"
3273
+ },
3274
+ "path": {
3275
+ "ignore_above": 1024,
3276
+ "type": "keyword"
3277
+ },
3278
+ "port": {
3279
+ "type": "long"
3280
+ },
3281
+ "query": {
3282
+ "ignore_above": 1024,
3283
+ "type": "keyword"
3284
+ },
3285
+ "registered_domain": {
3286
+ "ignore_above": 1024,
3287
+ "type": "keyword"
3288
+ },
3289
+ "scheme": {
3290
+ "ignore_above": 1024,
3291
+ "type": "keyword"
3292
+ },
3293
+ "subdomain": {
3294
+ "ignore_above": 1024,
3295
+ "type": "keyword"
3296
+ },
3297
+ "top_level_domain": {
3298
+ "ignore_above": 1024,
3299
+ "type": "keyword"
3300
+ },
3301
+ "username": {
3302
+ "ignore_above": 1024,
3303
+ "type": "keyword"
3304
+ }
3305
+ }
3306
+ },
3307
+ "user": {
3308
+ "properties": {
3309
+ "changes": {
3310
+ "properties": {
3311
+ "domain": {
3312
+ "ignore_above": 1024,
3313
+ "type": "keyword"
3314
+ },
3315
+ "email": {
3316
+ "ignore_above": 1024,
3317
+ "type": "keyword"
3318
+ },
3319
+ "full_name": {
3320
+ "fields": {
3321
+ "text": {
3322
+ "norms": false,
3323
+ "type": "text"
3324
+ }
3325
+ },
3326
+ "ignore_above": 1024,
3327
+ "type": "keyword"
3328
+ },
3329
+ "group": {
3330
+ "properties": {
3331
+ "domain": {
3332
+ "ignore_above": 1024,
3333
+ "type": "keyword"
3334
+ },
3335
+ "id": {
3336
+ "ignore_above": 1024,
3337
+ "type": "keyword"
3338
+ },
3339
+ "name": {
3340
+ "ignore_above": 1024,
3341
+ "type": "keyword"
3342
+ }
3343
+ }
3344
+ },
3345
+ "hash": {
3346
+ "ignore_above": 1024,
3347
+ "type": "keyword"
3348
+ },
3349
+ "id": {
3350
+ "ignore_above": 1024,
3351
+ "type": "keyword"
3352
+ },
3353
+ "name": {
3354
+ "fields": {
3355
+ "text": {
3356
+ "norms": false,
3357
+ "type": "text"
3358
+ }
3359
+ },
3360
+ "ignore_above": 1024,
3361
+ "type": "keyword"
3362
+ },
3363
+ "roles": {
3364
+ "ignore_above": 1024,
3365
+ "type": "keyword"
3366
+ }
3367
+ }
3368
+ },
3369
+ "domain": {
3370
+ "ignore_above": 1024,
3371
+ "type": "keyword"
3372
+ },
3373
+ "effective": {
3374
+ "properties": {
3375
+ "domain": {
3376
+ "ignore_above": 1024,
3377
+ "type": "keyword"
3378
+ },
3379
+ "email": {
3380
+ "ignore_above": 1024,
3381
+ "type": "keyword"
3382
+ },
3383
+ "full_name": {
3384
+ "fields": {
3385
+ "text": {
3386
+ "norms": false,
3387
+ "type": "text"
3388
+ }
3389
+ },
3390
+ "ignore_above": 1024,
3391
+ "type": "keyword"
3392
+ },
3393
+ "group": {
3394
+ "properties": {
3395
+ "domain": {
3396
+ "ignore_above": 1024,
3397
+ "type": "keyword"
3398
+ },
3399
+ "id": {
3400
+ "ignore_above": 1024,
3401
+ "type": "keyword"
3402
+ },
3403
+ "name": {
3404
+ "ignore_above": 1024,
3405
+ "type": "keyword"
3406
+ }
3407
+ }
3408
+ },
3409
+ "hash": {
3410
+ "ignore_above": 1024,
3411
+ "type": "keyword"
3412
+ },
3413
+ "id": {
3414
+ "ignore_above": 1024,
3415
+ "type": "keyword"
3416
+ },
3417
+ "name": {
3418
+ "fields": {
3419
+ "text": {
3420
+ "norms": false,
3421
+ "type": "text"
3422
+ }
3423
+ },
3424
+ "ignore_above": 1024,
3425
+ "type": "keyword"
3426
+ },
3427
+ "roles": {
3428
+ "ignore_above": 1024,
3429
+ "type": "keyword"
3430
+ }
3431
+ }
3432
+ },
3433
+ "email": {
3434
+ "ignore_above": 1024,
3435
+ "type": "keyword"
3436
+ },
3437
+ "full_name": {
3438
+ "fields": {
3439
+ "text": {
3440
+ "norms": false,
3441
+ "type": "text"
3442
+ }
3443
+ },
3444
+ "ignore_above": 1024,
3445
+ "type": "keyword"
3446
+ },
3447
+ "group": {
3448
+ "properties": {
3449
+ "domain": {
3450
+ "ignore_above": 1024,
3451
+ "type": "keyword"
3452
+ },
3453
+ "id": {
3454
+ "ignore_above": 1024,
3455
+ "type": "keyword"
3456
+ },
3457
+ "name": {
3458
+ "ignore_above": 1024,
3459
+ "type": "keyword"
3460
+ }
3461
+ }
3462
+ },
3463
+ "hash": {
3464
+ "ignore_above": 1024,
3465
+ "type": "keyword"
3466
+ },
3467
+ "id": {
3468
+ "ignore_above": 1024,
3469
+ "type": "keyword"
3470
+ },
3471
+ "name": {
3472
+ "fields": {
3473
+ "text": {
3474
+ "norms": false,
3475
+ "type": "text"
3476
+ }
3477
+ },
3478
+ "ignore_above": 1024,
3479
+ "type": "keyword"
3480
+ },
3481
+ "roles": {
3482
+ "ignore_above": 1024,
3483
+ "type": "keyword"
3484
+ },
3485
+ "target": {
3486
+ "properties": {
3487
+ "domain": {
3488
+ "ignore_above": 1024,
3489
+ "type": "keyword"
3490
+ },
3491
+ "email": {
3492
+ "ignore_above": 1024,
3493
+ "type": "keyword"
3494
+ },
3495
+ "full_name": {
3496
+ "fields": {
3497
+ "text": {
3498
+ "norms": false,
3499
+ "type": "text"
3500
+ }
3501
+ },
3502
+ "ignore_above": 1024,
3503
+ "type": "keyword"
3504
+ },
3505
+ "group": {
3506
+ "properties": {
3507
+ "domain": {
3508
+ "ignore_above": 1024,
3509
+ "type": "keyword"
3510
+ },
3511
+ "id": {
3512
+ "ignore_above": 1024,
3513
+ "type": "keyword"
3514
+ },
3515
+ "name": {
3516
+ "ignore_above": 1024,
3517
+ "type": "keyword"
3518
+ }
3519
+ }
3520
+ },
3521
+ "hash": {
3522
+ "ignore_above": 1024,
3523
+ "type": "keyword"
3524
+ },
3525
+ "id": {
3526
+ "ignore_above": 1024,
3527
+ "type": "keyword"
3528
+ },
3529
+ "name": {
3530
+ "fields": {
3531
+ "text": {
3532
+ "norms": false,
3533
+ "type": "text"
3534
+ }
3535
+ },
3536
+ "ignore_above": 1024,
3537
+ "type": "keyword"
3538
+ },
3539
+ "roles": {
3540
+ "ignore_above": 1024,
3541
+ "type": "keyword"
3542
+ }
3543
+ }
3544
+ }
3545
+ }
3546
+ },
3547
+ "user_agent": {
3548
+ "properties": {
3549
+ "device": {
3550
+ "properties": {
3551
+ "name": {
3552
+ "ignore_above": 1024,
3553
+ "type": "keyword"
3554
+ }
3555
+ }
3556
+ },
3557
+ "name": {
3558
+ "ignore_above": 1024,
3559
+ "type": "keyword"
3560
+ },
3561
+ "original": {
3562
+ "fields": {
3563
+ "text": {
3564
+ "norms": false,
3565
+ "type": "text"
3566
+ }
3567
+ },
3568
+ "ignore_above": 1024,
3569
+ "type": "keyword"
3570
+ },
3571
+ "os": {
3572
+ "properties": {
3573
+ "family": {
3574
+ "ignore_above": 1024,
3575
+ "type": "keyword"
3576
+ },
3577
+ "full": {
3578
+ "fields": {
3579
+ "text": {
3580
+ "norms": false,
3581
+ "type": "text"
3582
+ }
3583
+ },
3584
+ "ignore_above": 1024,
3585
+ "type": "keyword"
3586
+ },
3587
+ "kernel": {
3588
+ "ignore_above": 1024,
3589
+ "type": "keyword"
3590
+ },
3591
+ "name": {
3592
+ "fields": {
3593
+ "text": {
3594
+ "norms": false,
3595
+ "type": "text"
3596
+ }
3597
+ },
3598
+ "ignore_above": 1024,
3599
+ "type": "keyword"
3600
+ },
3601
+ "platform": {
3602
+ "ignore_above": 1024,
3603
+ "type": "keyword"
3604
+ },
3605
+ "type": {
3606
+ "ignore_above": 1024,
3607
+ "type": "keyword"
3608
+ },
3609
+ "version": {
3610
+ "ignore_above": 1024,
3611
+ "type": "keyword"
3612
+ }
3613
+ }
3614
+ },
3615
+ "version": {
3616
+ "ignore_above": 1024,
3617
+ "type": "keyword"
3618
+ }
3619
+ }
3620
+ },
3621
+ "vulnerability": {
3622
+ "properties": {
3623
+ "category": {
3624
+ "ignore_above": 1024,
3625
+ "type": "keyword"
3626
+ },
3627
+ "classification": {
3628
+ "ignore_above": 1024,
3629
+ "type": "keyword"
3630
+ },
3631
+ "description": {
3632
+ "fields": {
3633
+ "text": {
3634
+ "norms": false,
3635
+ "type": "text"
3636
+ }
3637
+ },
3638
+ "ignore_above": 1024,
3639
+ "type": "keyword"
3640
+ },
3641
+ "enumeration": {
3642
+ "ignore_above": 1024,
3643
+ "type": "keyword"
3644
+ },
3645
+ "id": {
3646
+ "ignore_above": 1024,
3647
+ "type": "keyword"
3648
+ },
3649
+ "reference": {
3650
+ "ignore_above": 1024,
3651
+ "type": "keyword"
3652
+ },
3653
+ "report_id": {
3654
+ "ignore_above": 1024,
3655
+ "type": "keyword"
3656
+ },
3657
+ "scanner": {
3658
+ "properties": {
3659
+ "vendor": {
3660
+ "ignore_above": 1024,
3661
+ "type": "keyword"
3662
+ }
3663
+ }
3664
+ },
3665
+ "score": {
3666
+ "properties": {
3667
+ "base": {
3668
+ "type": "float"
3669
+ },
3670
+ "environmental": {
3671
+ "type": "float"
3672
+ },
3673
+ "temporal": {
3674
+ "type": "float"
3675
+ },
3676
+ "version": {
3677
+ "ignore_above": 1024,
3678
+ "type": "keyword"
3679
+ }
3680
+ }
3681
+ },
3682
+ "severity": {
3683
+ "ignore_above": 1024,
3684
+ "type": "keyword"
3685
+ }
3686
+ }
3687
+ }
3688
+ }
3689
+ }
3690
+ },
3691
+ "priority": 200,
3692
+ "_meta": {
3693
+ "description": "ECS index template for logstash-output-elasticsearch"
3694
+ }
3695
+ }