logstash-output-elasticsearch 11.2.1-java → 11.2.2-java

Sign up to get free protection for your applications and to get access to all the features.
@@ -5,7 +5,7 @@
5
5
  "mappings": {
6
6
  "_doc": {
7
7
  "_meta": {
8
- "version": "1.5.0"
8
+ "version": "1.12.1"
9
9
  },
10
10
  "date_detection": false,
11
11
  "dynamic_templates": [
@@ -25,6 +25,14 @@
25
25
  },
26
26
  "agent": {
27
27
  "properties": {
28
+ "build": {
29
+ "properties": {
30
+ "original": {
31
+ "ignore_above": 1024,
32
+ "type": "keyword"
33
+ }
34
+ }
35
+ },
28
36
  "ephemeral_id": {
29
37
  "ignore_above": 1024,
30
38
  "type": "keyword"
@@ -47,27 +55,6 @@
47
55
  }
48
56
  }
49
57
  },
50
- "as": {
51
- "properties": {
52
- "number": {
53
- "type": "long"
54
- },
55
- "organization": {
56
- "properties": {
57
- "name": {
58
- "fields": {
59
- "text": {
60
- "norms": false,
61
- "type": "text"
62
- }
63
- },
64
- "ignore_above": 1024,
65
- "type": "keyword"
66
- }
67
- }
68
- }
69
- }
70
- },
71
58
  "client": {
72
59
  "properties": {
73
60
  "address": {
@@ -108,6 +95,10 @@
108
95
  "ignore_above": 1024,
109
96
  "type": "keyword"
110
97
  },
98
+ "continent_code": {
99
+ "ignore_above": 1024,
100
+ "type": "keyword"
101
+ },
111
102
  "continent_name": {
112
103
  "ignore_above": 1024,
113
104
  "type": "keyword"
@@ -127,6 +118,10 @@
127
118
  "ignore_above": 1024,
128
119
  "type": "keyword"
129
120
  },
121
+ "postal_code": {
122
+ "ignore_above": 1024,
123
+ "type": "keyword"
124
+ },
130
125
  "region_iso_code": {
131
126
  "ignore_above": 1024,
132
127
  "type": "keyword"
@@ -134,6 +129,10 @@
134
129
  "region_name": {
135
130
  "ignore_above": 1024,
136
131
  "type": "keyword"
132
+ },
133
+ "timezone": {
134
+ "ignore_above": 1024,
135
+ "type": "keyword"
137
136
  }
138
137
  }
139
138
  },
@@ -164,6 +163,10 @@
164
163
  "ignore_above": 1024,
165
164
  "type": "keyword"
166
165
  },
166
+ "subdomain": {
167
+ "ignore_above": 1024,
168
+ "type": "keyword"
169
+ },
167
170
  "top_level_domain": {
168
171
  "ignore_above": 1024,
169
172
  "type": "keyword"
@@ -221,6 +224,10 @@
221
224
  },
222
225
  "ignore_above": 1024,
223
226
  "type": "keyword"
227
+ },
228
+ "roles": {
229
+ "ignore_above": 1024,
230
+ "type": "keyword"
224
231
  }
225
232
  }
226
233
  }
@@ -233,6 +240,10 @@
233
240
  "id": {
234
241
  "ignore_above": 1024,
235
242
  "type": "keyword"
243
+ },
244
+ "name": {
245
+ "ignore_above": 1024,
246
+ "type": "keyword"
236
247
  }
237
248
  }
238
249
  },
@@ -260,6 +271,18 @@
260
271
  }
261
272
  }
262
273
  },
274
+ "project": {
275
+ "properties": {
276
+ "id": {
277
+ "ignore_above": 1024,
278
+ "type": "keyword"
279
+ },
280
+ "name": {
281
+ "ignore_above": 1024,
282
+ "type": "keyword"
283
+ }
284
+ }
285
+ },
263
286
  "provider": {
264
287
  "ignore_above": 1024,
265
288
  "type": "keyword"
@@ -267,27 +290,14 @@
267
290
  "region": {
268
291
  "ignore_above": 1024,
269
292
  "type": "keyword"
270
- }
271
- }
272
- },
273
- "code_signature": {
274
- "properties": {
275
- "exists": {
276
- "type": "boolean"
277
- },
278
- "status": {
279
- "ignore_above": 1024,
280
- "type": "keyword"
281
- },
282
- "subject_name": {
283
- "ignore_above": 1024,
284
- "type": "keyword"
285
- },
286
- "trusted": {
287
- "type": "boolean"
288
293
  },
289
- "valid": {
290
- "type": "boolean"
294
+ "service": {
295
+ "properties": {
296
+ "name": {
297
+ "ignore_above": 1024,
298
+ "type": "keyword"
299
+ }
300
+ }
291
301
  }
292
302
  }
293
303
  },
@@ -322,6 +332,22 @@
322
332
  }
323
333
  }
324
334
  },
335
+ "data_stream": {
336
+ "properties": {
337
+ "dataset": {
338
+ "ignore_above": 1024,
339
+ "type": "keyword"
340
+ },
341
+ "namespace": {
342
+ "ignore_above": 1024,
343
+ "type": "keyword"
344
+ },
345
+ "type": {
346
+ "ignore_above": 1024,
347
+ "type": "keyword"
348
+ }
349
+ }
350
+ },
325
351
  "destination": {
326
352
  "properties": {
327
353
  "address": {
@@ -362,6 +388,10 @@
362
388
  "ignore_above": 1024,
363
389
  "type": "keyword"
364
390
  },
391
+ "continent_code": {
392
+ "ignore_above": 1024,
393
+ "type": "keyword"
394
+ },
365
395
  "continent_name": {
366
396
  "ignore_above": 1024,
367
397
  "type": "keyword"
@@ -381,6 +411,10 @@
381
411
  "ignore_above": 1024,
382
412
  "type": "keyword"
383
413
  },
414
+ "postal_code": {
415
+ "ignore_above": 1024,
416
+ "type": "keyword"
417
+ },
384
418
  "region_iso_code": {
385
419
  "ignore_above": 1024,
386
420
  "type": "keyword"
@@ -388,6 +422,10 @@
388
422
  "region_name": {
389
423
  "ignore_above": 1024,
390
424
  "type": "keyword"
425
+ },
426
+ "timezone": {
427
+ "ignore_above": 1024,
428
+ "type": "keyword"
391
429
  }
392
430
  }
393
431
  },
@@ -418,6 +456,10 @@
418
456
  "ignore_above": 1024,
419
457
  "type": "keyword"
420
458
  },
459
+ "subdomain": {
460
+ "ignore_above": 1024,
461
+ "type": "keyword"
462
+ },
421
463
  "top_level_domain": {
422
464
  "ignore_above": 1024,
423
465
  "type": "keyword"
@@ -475,6 +517,10 @@
475
517
  },
476
518
  "ignore_above": 1024,
477
519
  "type": "keyword"
520
+ },
521
+ "roles": {
522
+ "ignore_above": 1024,
523
+ "type": "keyword"
478
524
  }
479
525
  }
480
526
  }
@@ -484,9 +530,17 @@
484
530
  "properties": {
485
531
  "code_signature": {
486
532
  "properties": {
533
+ "digest_algorithm": {
534
+ "ignore_above": 1024,
535
+ "type": "keyword"
536
+ },
487
537
  "exists": {
488
538
  "type": "boolean"
489
539
  },
540
+ "signing_id": {
541
+ "ignore_above": 1024,
542
+ "type": "keyword"
543
+ },
490
544
  "status": {
491
545
  "ignore_above": 1024,
492
546
  "type": "keyword"
@@ -495,6 +549,13 @@
495
549
  "ignore_above": 1024,
496
550
  "type": "keyword"
497
551
  },
552
+ "team_id": {
553
+ "ignore_above": 1024,
554
+ "type": "keyword"
555
+ },
556
+ "timestamp": {
557
+ "type": "date"
558
+ },
498
559
  "trusted": {
499
560
  "type": "boolean"
500
561
  },
@@ -520,6 +581,10 @@
520
581
  "sha512": {
521
582
  "ignore_above": 1024,
522
583
  "type": "keyword"
584
+ },
585
+ "ssdeep": {
586
+ "ignore_above": 1024,
587
+ "type": "keyword"
523
588
  }
524
589
  }
525
590
  },
@@ -533,6 +598,10 @@
533
598
  },
534
599
  "pe": {
535
600
  "properties": {
601
+ "architecture": {
602
+ "ignore_above": 1024,
603
+ "type": "keyword"
604
+ },
536
605
  "company": {
537
606
  "ignore_above": 1024,
538
607
  "type": "keyword"
@@ -545,6 +614,10 @@
545
614
  "ignore_above": 1024,
546
615
  "type": "keyword"
547
616
  },
617
+ "imphash": {
618
+ "ignore_above": 1024,
619
+ "type": "keyword"
620
+ },
548
621
  "original_file_name": {
549
622
  "ignore_above": 1024,
550
623
  "type": "keyword"
@@ -682,6 +755,10 @@
682
755
  "ignore_above": 1024,
683
756
  "type": "keyword"
684
757
  },
758
+ "agent_id_status": {
759
+ "ignore_above": 1024,
760
+ "type": "keyword"
761
+ },
685
762
  "category": {
686
763
  "ignore_above": 1024,
687
764
  "type": "keyword"
@@ -724,7 +801,6 @@
724
801
  },
725
802
  "original": {
726
803
  "doc_values": false,
727
- "ignore_above": 1024,
728
804
  "index": false,
729
805
  "type": "keyword"
730
806
  },
@@ -736,6 +812,10 @@
736
812
  "ignore_above": 1024,
737
813
  "type": "keyword"
738
814
  },
815
+ "reason": {
816
+ "ignore_above": 1024,
817
+ "type": "keyword"
818
+ },
739
819
  "reference": {
740
820
  "ignore_above": 1024,
741
821
  "type": "keyword"
@@ -780,9 +860,17 @@
780
860
  },
781
861
  "code_signature": {
782
862
  "properties": {
863
+ "digest_algorithm": {
864
+ "ignore_above": 1024,
865
+ "type": "keyword"
866
+ },
783
867
  "exists": {
784
868
  "type": "boolean"
785
869
  },
870
+ "signing_id": {
871
+ "ignore_above": 1024,
872
+ "type": "keyword"
873
+ },
786
874
  "status": {
787
875
  "ignore_above": 1024,
788
876
  "type": "keyword"
@@ -791,6 +879,13 @@
791
879
  "ignore_above": 1024,
792
880
  "type": "keyword"
793
881
  },
882
+ "team_id": {
883
+ "ignore_above": 1024,
884
+ "type": "keyword"
885
+ },
886
+ "timestamp": {
887
+ "type": "date"
888
+ },
794
889
  "trusted": {
795
890
  "type": "boolean"
796
891
  },
@@ -817,10 +912,131 @@
817
912
  "ignore_above": 1,
818
913
  "type": "keyword"
819
914
  },
915
+ "elf": {
916
+ "properties": {
917
+ "architecture": {
918
+ "ignore_above": 1024,
919
+ "type": "keyword"
920
+ },
921
+ "byte_order": {
922
+ "ignore_above": 1024,
923
+ "type": "keyword"
924
+ },
925
+ "cpu_type": {
926
+ "ignore_above": 1024,
927
+ "type": "keyword"
928
+ },
929
+ "creation_date": {
930
+ "type": "date"
931
+ },
932
+ "exports": {
933
+ "type": "flattened"
934
+ },
935
+ "header": {
936
+ "properties": {
937
+ "abi_version": {
938
+ "ignore_above": 1024,
939
+ "type": "keyword"
940
+ },
941
+ "class": {
942
+ "ignore_above": 1024,
943
+ "type": "keyword"
944
+ },
945
+ "data": {
946
+ "ignore_above": 1024,
947
+ "type": "keyword"
948
+ },
949
+ "entrypoint": {
950
+ "type": "long"
951
+ },
952
+ "object_version": {
953
+ "ignore_above": 1024,
954
+ "type": "keyword"
955
+ },
956
+ "os_abi": {
957
+ "ignore_above": 1024,
958
+ "type": "keyword"
959
+ },
960
+ "type": {
961
+ "ignore_above": 1024,
962
+ "type": "keyword"
963
+ },
964
+ "version": {
965
+ "ignore_above": 1024,
966
+ "type": "keyword"
967
+ }
968
+ }
969
+ },
970
+ "imports": {
971
+ "type": "flattened"
972
+ },
973
+ "sections": {
974
+ "properties": {
975
+ "chi2": {
976
+ "type": "long"
977
+ },
978
+ "entropy": {
979
+ "type": "long"
980
+ },
981
+ "flags": {
982
+ "ignore_above": 1024,
983
+ "type": "keyword"
984
+ },
985
+ "name": {
986
+ "ignore_above": 1024,
987
+ "type": "keyword"
988
+ },
989
+ "physical_offset": {
990
+ "ignore_above": 1024,
991
+ "type": "keyword"
992
+ },
993
+ "physical_size": {
994
+ "type": "long"
995
+ },
996
+ "type": {
997
+ "ignore_above": 1024,
998
+ "type": "keyword"
999
+ },
1000
+ "virtual_address": {
1001
+ "type": "long"
1002
+ },
1003
+ "virtual_size": {
1004
+ "type": "long"
1005
+ }
1006
+ },
1007
+ "type": "nested"
1008
+ },
1009
+ "segments": {
1010
+ "properties": {
1011
+ "sections": {
1012
+ "ignore_above": 1024,
1013
+ "type": "keyword"
1014
+ },
1015
+ "type": {
1016
+ "ignore_above": 1024,
1017
+ "type": "keyword"
1018
+ }
1019
+ },
1020
+ "type": "nested"
1021
+ },
1022
+ "shared_libraries": {
1023
+ "ignore_above": 1024,
1024
+ "type": "keyword"
1025
+ },
1026
+ "telfhash": {
1027
+ "ignore_above": 1024,
1028
+ "type": "keyword"
1029
+ }
1030
+ }
1031
+ },
820
1032
  "extension": {
821
1033
  "ignore_above": 1024,
822
1034
  "type": "keyword"
823
1035
  },
1036
+ "fork_name": {
1037
+ "ignore_above": 1024,
1038
+ "type": "keyword"
1039
+ },
824
1040
  "gid": {
825
1041
  "ignore_above": 1024,
826
1042
  "type": "keyword"
@@ -846,6 +1062,10 @@
846
1062
  "sha512": {
847
1063
  "ignore_above": 1024,
848
1064
  "type": "keyword"
1065
+ },
1066
+ "ssdeep": {
1067
+ "ignore_above": 1024,
1068
+ "type": "keyword"
849
1069
  }
850
1070
  }
851
1071
  },
@@ -884,6 +1104,10 @@
884
1104
  },
885
1105
  "pe": {
886
1106
  "properties": {
1107
+ "architecture": {
1108
+ "ignore_above": 1024,
1109
+ "type": "keyword"
1110
+ },
887
1111
  "company": {
888
1112
  "ignore_above": 1024,
889
1113
  "type": "keyword"
@@ -896,6 +1120,10 @@
896
1120
  "ignore_above": 1024,
897
1121
  "type": "keyword"
898
1122
  },
1123
+ "imphash": {
1124
+ "ignore_above": 1024,
1125
+ "type": "keyword"
1126
+ },
899
1127
  "original_file_name": {
900
1128
  "ignore_above": 1024,
901
1129
  "type": "keyword"
@@ -926,41 +1154,112 @@
926
1154
  "uid": {
927
1155
  "ignore_above": 1024,
928
1156
  "type": "keyword"
929
- }
930
- }
931
- },
932
- "geo": {
933
- "properties": {
934
- "city_name": {
935
- "ignore_above": 1024,
936
- "type": "keyword"
937
- },
938
- "continent_name": {
939
- "ignore_above": 1024,
940
- "type": "keyword"
941
- },
942
- "country_iso_code": {
943
- "ignore_above": 1024,
944
- "type": "keyword"
945
- },
946
- "country_name": {
947
- "ignore_above": 1024,
948
- "type": "keyword"
949
1157
  },
950
- "location": {
951
- "type": "geo_point"
952
- },
953
- "name": {
954
- "ignore_above": 1024,
955
- "type": "keyword"
956
- },
957
- "region_iso_code": {
958
- "ignore_above": 1024,
959
- "type": "keyword"
960
- },
961
- "region_name": {
962
- "ignore_above": 1024,
963
- "type": "keyword"
1158
+ "x509": {
1159
+ "properties": {
1160
+ "alternative_names": {
1161
+ "ignore_above": 1024,
1162
+ "type": "keyword"
1163
+ },
1164
+ "issuer": {
1165
+ "properties": {
1166
+ "common_name": {
1167
+ "ignore_above": 1024,
1168
+ "type": "keyword"
1169
+ },
1170
+ "country": {
1171
+ "ignore_above": 1024,
1172
+ "type": "keyword"
1173
+ },
1174
+ "distinguished_name": {
1175
+ "ignore_above": 1024,
1176
+ "type": "keyword"
1177
+ },
1178
+ "locality": {
1179
+ "ignore_above": 1024,
1180
+ "type": "keyword"
1181
+ },
1182
+ "organization": {
1183
+ "ignore_above": 1024,
1184
+ "type": "keyword"
1185
+ },
1186
+ "organizational_unit": {
1187
+ "ignore_above": 1024,
1188
+ "type": "keyword"
1189
+ },
1190
+ "state_or_province": {
1191
+ "ignore_above": 1024,
1192
+ "type": "keyword"
1193
+ }
1194
+ }
1195
+ },
1196
+ "not_after": {
1197
+ "type": "date"
1198
+ },
1199
+ "not_before": {
1200
+ "type": "date"
1201
+ },
1202
+ "public_key_algorithm": {
1203
+ "ignore_above": 1024,
1204
+ "type": "keyword"
1205
+ },
1206
+ "public_key_curve": {
1207
+ "ignore_above": 1024,
1208
+ "type": "keyword"
1209
+ },
1210
+ "public_key_exponent": {
1211
+ "doc_values": false,
1212
+ "index": false,
1213
+ "type": "long"
1214
+ },
1215
+ "public_key_size": {
1216
+ "type": "long"
1217
+ },
1218
+ "serial_number": {
1219
+ "ignore_above": 1024,
1220
+ "type": "keyword"
1221
+ },
1222
+ "signature_algorithm": {
1223
+ "ignore_above": 1024,
1224
+ "type": "keyword"
1225
+ },
1226
+ "subject": {
1227
+ "properties": {
1228
+ "common_name": {
1229
+ "ignore_above": 1024,
1230
+ "type": "keyword"
1231
+ },
1232
+ "country": {
1233
+ "ignore_above": 1024,
1234
+ "type": "keyword"
1235
+ },
1236
+ "distinguished_name": {
1237
+ "ignore_above": 1024,
1238
+ "type": "keyword"
1239
+ },
1240
+ "locality": {
1241
+ "ignore_above": 1024,
1242
+ "type": "keyword"
1243
+ },
1244
+ "organization": {
1245
+ "ignore_above": 1024,
1246
+ "type": "keyword"
1247
+ },
1248
+ "organizational_unit": {
1249
+ "ignore_above": 1024,
1250
+ "type": "keyword"
1251
+ },
1252
+ "state_or_province": {
1253
+ "ignore_above": 1024,
1254
+ "type": "keyword"
1255
+ }
1256
+ }
1257
+ },
1258
+ "version_number": {
1259
+ "ignore_above": 1024,
1260
+ "type": "keyword"
1261
+ }
1262
+ }
964
1263
  }
965
1264
  }
966
1265
  },
@@ -980,32 +1279,38 @@
980
1279
  }
981
1280
  }
982
1281
  },
983
- "hash": {
984
- "properties": {
985
- "md5": {
986
- "ignore_above": 1024,
987
- "type": "keyword"
988
- },
989
- "sha1": {
990
- "ignore_above": 1024,
991
- "type": "keyword"
992
- },
993
- "sha256": {
994
- "ignore_above": 1024,
995
- "type": "keyword"
996
- },
997
- "sha512": {
998
- "ignore_above": 1024,
999
- "type": "keyword"
1000
- }
1001
- }
1002
- },
1003
1282
  "host": {
1004
1283
  "properties": {
1005
1284
  "architecture": {
1006
1285
  "ignore_above": 1024,
1007
1286
  "type": "keyword"
1008
1287
  },
1288
+ "cpu": {
1289
+ "properties": {
1290
+ "usage": {
1291
+ "scaling_factor": 1000,
1292
+ "type": "scaled_float"
1293
+ }
1294
+ }
1295
+ },
1296
+ "disk": {
1297
+ "properties": {
1298
+ "read": {
1299
+ "properties": {
1300
+ "bytes": {
1301
+ "type": "long"
1302
+ }
1303
+ }
1304
+ },
1305
+ "write": {
1306
+ "properties": {
1307
+ "bytes": {
1308
+ "type": "long"
1309
+ }
1310
+ }
1311
+ }
1312
+ }
1313
+ },
1009
1314
  "domain": {
1010
1315
  "ignore_above": 1024,
1011
1316
  "type": "keyword"
@@ -1016,6 +1321,10 @@
1016
1321
  "ignore_above": 1024,
1017
1322
  "type": "keyword"
1018
1323
  },
1324
+ "continent_code": {
1325
+ "ignore_above": 1024,
1326
+ "type": "keyword"
1327
+ },
1019
1328
  "continent_name": {
1020
1329
  "ignore_above": 1024,
1021
1330
  "type": "keyword"
@@ -1035,6 +1344,10 @@
1035
1344
  "ignore_above": 1024,
1036
1345
  "type": "keyword"
1037
1346
  },
1347
+ "postal_code": {
1348
+ "ignore_above": 1024,
1349
+ "type": "keyword"
1350
+ },
1038
1351
  "region_iso_code": {
1039
1352
  "ignore_above": 1024,
1040
1353
  "type": "keyword"
@@ -1042,6 +1355,10 @@
1042
1355
  "region_name": {
1043
1356
  "ignore_above": 1024,
1044
1357
  "type": "keyword"
1358
+ },
1359
+ "timezone": {
1360
+ "ignore_above": 1024,
1361
+ "type": "keyword"
1045
1362
  }
1046
1363
  }
1047
1364
  },
@@ -1064,6 +1381,30 @@
1064
1381
  "ignore_above": 1024,
1065
1382
  "type": "keyword"
1066
1383
  },
1384
+ "network": {
1385
+ "properties": {
1386
+ "egress": {
1387
+ "properties": {
1388
+ "bytes": {
1389
+ "type": "long"
1390
+ },
1391
+ "packets": {
1392
+ "type": "long"
1393
+ }
1394
+ }
1395
+ },
1396
+ "ingress": {
1397
+ "properties": {
1398
+ "bytes": {
1399
+ "type": "long"
1400
+ },
1401
+ "packets": {
1402
+ "type": "long"
1403
+ }
1404
+ }
1405
+ }
1406
+ }
1407
+ },
1067
1408
  "os": {
1068
1409
  "properties": {
1069
1410
  "family": {
@@ -1098,6 +1439,10 @@
1098
1439
  "ignore_above": 1024,
1099
1440
  "type": "keyword"
1100
1441
  },
1442
+ "type": {
1443
+ "ignore_above": 1024,
1444
+ "type": "keyword"
1445
+ },
1101
1446
  "version": {
1102
1447
  "ignore_above": 1024,
1103
1448
  "type": "keyword"
@@ -1164,6 +1509,10 @@
1164
1509
  },
1165
1510
  "ignore_above": 1024,
1166
1511
  "type": "keyword"
1512
+ },
1513
+ "roles": {
1514
+ "ignore_above": 1024,
1515
+ "type": "keyword"
1167
1516
  }
1168
1517
  }
1169
1518
  }
@@ -1193,10 +1542,18 @@
1193
1542
  "bytes": {
1194
1543
  "type": "long"
1195
1544
  },
1545
+ "id": {
1546
+ "ignore_above": 1024,
1547
+ "type": "keyword"
1548
+ },
1196
1549
  "method": {
1197
1550
  "ignore_above": 1024,
1198
1551
  "type": "keyword"
1199
1552
  },
1553
+ "mime_type": {
1554
+ "ignore_above": 1024,
1555
+ "type": "keyword"
1556
+ },
1200
1557
  "referrer": {
1201
1558
  "ignore_above": 1024,
1202
1559
  "type": "keyword"
@@ -1225,6 +1582,10 @@
1225
1582
  "bytes": {
1226
1583
  "type": "long"
1227
1584
  },
1585
+ "mime_type": {
1586
+ "ignore_above": 1024,
1587
+ "type": "keyword"
1588
+ },
1228
1589
  "status_code": {
1229
1590
  "type": "long"
1230
1591
  }
@@ -1236,27 +1597,19 @@
1236
1597
  }
1237
1598
  }
1238
1599
  },
1239
- "interface": {
1240
- "properties": {
1241
- "alias": {
1242
- "ignore_above": 1024,
1243
- "type": "keyword"
1244
- },
1245
- "id": {
1246
- "ignore_above": 1024,
1247
- "type": "keyword"
1248
- },
1249
- "name": {
1250
- "ignore_above": 1024,
1251
- "type": "keyword"
1252
- }
1253
- }
1254
- },
1255
1600
  "labels": {
1256
1601
  "type": "object"
1257
1602
  },
1258
1603
  "log": {
1259
1604
  "properties": {
1605
+ "file": {
1606
+ "properties": {
1607
+ "path": {
1608
+ "ignore_above": 1024,
1609
+ "type": "keyword"
1610
+ }
1611
+ }
1612
+ },
1260
1613
  "level": {
1261
1614
  "ignore_above": 1024,
1262
1615
  "type": "keyword"
@@ -1286,7 +1639,6 @@
1286
1639
  },
1287
1640
  "original": {
1288
1641
  "doc_values": false,
1289
- "ignore_above": 1024,
1290
1642
  "index": false,
1291
1643
  "type": "keyword"
1292
1644
  },
@@ -1445,6 +1797,10 @@
1445
1797
  "ignore_above": 1024,
1446
1798
  "type": "keyword"
1447
1799
  },
1800
+ "continent_code": {
1801
+ "ignore_above": 1024,
1802
+ "type": "keyword"
1803
+ },
1448
1804
  "continent_name": {
1449
1805
  "ignore_above": 1024,
1450
1806
  "type": "keyword"
@@ -1464,6 +1820,10 @@
1464
1820
  "ignore_above": 1024,
1465
1821
  "type": "keyword"
1466
1822
  },
1823
+ "postal_code": {
1824
+ "ignore_above": 1024,
1825
+ "type": "keyword"
1826
+ },
1467
1827
  "region_iso_code": {
1468
1828
  "ignore_above": 1024,
1469
1829
  "type": "keyword"
@@ -1471,6 +1831,10 @@
1471
1831
  "region_name": {
1472
1832
  "ignore_above": 1024,
1473
1833
  "type": "keyword"
1834
+ },
1835
+ "timezone": {
1836
+ "ignore_above": 1024,
1837
+ "type": "keyword"
1474
1838
  }
1475
1839
  }
1476
1840
  },
@@ -1560,6 +1924,10 @@
1560
1924
  "ignore_above": 1024,
1561
1925
  "type": "keyword"
1562
1926
  },
1927
+ "type": {
1928
+ "ignore_above": 1024,
1929
+ "type": "keyword"
1930
+ },
1563
1931
  "version": {
1564
1932
  "ignore_above": 1024,
1565
1933
  "type": "keyword"
@@ -1588,6 +1956,54 @@
1588
1956
  }
1589
1957
  }
1590
1958
  },
1959
+ "orchestrator": {
1960
+ "properties": {
1961
+ "api_version": {
1962
+ "ignore_above": 1024,
1963
+ "type": "keyword"
1964
+ },
1965
+ "cluster": {
1966
+ "properties": {
1967
+ "name": {
1968
+ "ignore_above": 1024,
1969
+ "type": "keyword"
1970
+ },
1971
+ "url": {
1972
+ "ignore_above": 1024,
1973
+ "type": "keyword"
1974
+ },
1975
+ "version": {
1976
+ "ignore_above": 1024,
1977
+ "type": "keyword"
1978
+ }
1979
+ }
1980
+ },
1981
+ "namespace": {
1982
+ "ignore_above": 1024,
1983
+ "type": "keyword"
1984
+ },
1985
+ "organization": {
1986
+ "ignore_above": 1024,
1987
+ "type": "keyword"
1988
+ },
1989
+ "resource": {
1990
+ "properties": {
1991
+ "name": {
1992
+ "ignore_above": 1024,
1993
+ "type": "keyword"
1994
+ },
1995
+ "type": {
1996
+ "ignore_above": 1024,
1997
+ "type": "keyword"
1998
+ }
1999
+ }
2000
+ },
2001
+ "type": {
2002
+ "ignore_above": 1024,
2003
+ "type": "keyword"
2004
+ }
2005
+ }
2006
+ },
1591
2007
  "organization": {
1592
2008
  "properties": {
1593
2009
  "id": {
@@ -1606,57 +2022,17 @@
1606
2022
  }
1607
2023
  }
1608
2024
  },
1609
- "os": {
2025
+ "package": {
1610
2026
  "properties": {
1611
- "family": {
2027
+ "architecture": {
1612
2028
  "ignore_above": 1024,
1613
2029
  "type": "keyword"
1614
2030
  },
1615
- "full": {
1616
- "fields": {
1617
- "text": {
1618
- "norms": false,
1619
- "type": "text"
1620
- }
1621
- },
2031
+ "build_version": {
1622
2032
  "ignore_above": 1024,
1623
2033
  "type": "keyword"
1624
2034
  },
1625
- "kernel": {
1626
- "ignore_above": 1024,
1627
- "type": "keyword"
1628
- },
1629
- "name": {
1630
- "fields": {
1631
- "text": {
1632
- "norms": false,
1633
- "type": "text"
1634
- }
1635
- },
1636
- "ignore_above": 1024,
1637
- "type": "keyword"
1638
- },
1639
- "platform": {
1640
- "ignore_above": 1024,
1641
- "type": "keyword"
1642
- },
1643
- "version": {
1644
- "ignore_above": 1024,
1645
- "type": "keyword"
1646
- }
1647
- }
1648
- },
1649
- "package": {
1650
- "properties": {
1651
- "architecture": {
1652
- "ignore_above": 1024,
1653
- "type": "keyword"
1654
- },
1655
- "build_version": {
1656
- "ignore_above": 1024,
1657
- "type": "keyword"
1658
- },
1659
- "checksum": {
2035
+ "checksum": {
1660
2036
  "ignore_above": 1024,
1661
2037
  "type": "keyword"
1662
2038
  },
@@ -1700,30 +2076,6 @@
1700
2076
  }
1701
2077
  }
1702
2078
  },
1703
- "pe": {
1704
- "properties": {
1705
- "company": {
1706
- "ignore_above": 1024,
1707
- "type": "keyword"
1708
- },
1709
- "description": {
1710
- "ignore_above": 1024,
1711
- "type": "keyword"
1712
- },
1713
- "file_version": {
1714
- "ignore_above": 1024,
1715
- "type": "keyword"
1716
- },
1717
- "original_file_name": {
1718
- "ignore_above": 1024,
1719
- "type": "keyword"
1720
- },
1721
- "product": {
1722
- "ignore_above": 1024,
1723
- "type": "keyword"
1724
- }
1725
- }
1726
- },
1727
2079
  "process": {
1728
2080
  "properties": {
1729
2081
  "args": {
@@ -1735,9 +2087,17 @@
1735
2087
  },
1736
2088
  "code_signature": {
1737
2089
  "properties": {
2090
+ "digest_algorithm": {
2091
+ "ignore_above": 1024,
2092
+ "type": "keyword"
2093
+ },
1738
2094
  "exists": {
1739
2095
  "type": "boolean"
1740
2096
  },
2097
+ "signing_id": {
2098
+ "ignore_above": 1024,
2099
+ "type": "keyword"
2100
+ },
1741
2101
  "status": {
1742
2102
  "ignore_above": 1024,
1743
2103
  "type": "keyword"
@@ -1746,6 +2106,13 @@
1746
2106
  "ignore_above": 1024,
1747
2107
  "type": "keyword"
1748
2108
  },
2109
+ "team_id": {
2110
+ "ignore_above": 1024,
2111
+ "type": "keyword"
2112
+ },
2113
+ "timestamp": {
2114
+ "type": "date"
2115
+ },
1749
2116
  "trusted": {
1750
2117
  "type": "boolean"
1751
2118
  },
@@ -1764,6 +2131,126 @@
1764
2131
  "ignore_above": 1024,
1765
2132
  "type": "keyword"
1766
2133
  },
2134
+ "elf": {
2135
+ "properties": {
2136
+ "architecture": {
2137
+ "ignore_above": 1024,
2138
+ "type": "keyword"
2139
+ },
2140
+ "byte_order": {
2141
+ "ignore_above": 1024,
2142
+ "type": "keyword"
2143
+ },
2144
+ "cpu_type": {
2145
+ "ignore_above": 1024,
2146
+ "type": "keyword"
2147
+ },
2148
+ "creation_date": {
2149
+ "type": "date"
2150
+ },
2151
+ "exports": {
2152
+ "type": "flattened"
2153
+ },
2154
+ "header": {
2155
+ "properties": {
2156
+ "abi_version": {
2157
+ "ignore_above": 1024,
2158
+ "type": "keyword"
2159
+ },
2160
+ "class": {
2161
+ "ignore_above": 1024,
2162
+ "type": "keyword"
2163
+ },
2164
+ "data": {
2165
+ "ignore_above": 1024,
2166
+ "type": "keyword"
2167
+ },
2168
+ "entrypoint": {
2169
+ "type": "long"
2170
+ },
2171
+ "object_version": {
2172
+ "ignore_above": 1024,
2173
+ "type": "keyword"
2174
+ },
2175
+ "os_abi": {
2176
+ "ignore_above": 1024,
2177
+ "type": "keyword"
2178
+ },
2179
+ "type": {
2180
+ "ignore_above": 1024,
2181
+ "type": "keyword"
2182
+ },
2183
+ "version": {
2184
+ "ignore_above": 1024,
2185
+ "type": "keyword"
2186
+ }
2187
+ }
2188
+ },
2189
+ "imports": {
2190
+ "type": "flattened"
2191
+ },
2192
+ "sections": {
2193
+ "properties": {
2194
+ "chi2": {
2195
+ "type": "long"
2196
+ },
2197
+ "entropy": {
2198
+ "type": "long"
2199
+ },
2200
+ "flags": {
2201
+ "ignore_above": 1024,
2202
+ "type": "keyword"
2203
+ },
2204
+ "name": {
2205
+ "ignore_above": 1024,
2206
+ "type": "keyword"
2207
+ },
2208
+ "physical_offset": {
2209
+ "ignore_above": 1024,
2210
+ "type": "keyword"
2211
+ },
2212
+ "physical_size": {
2213
+ "type": "long"
2214
+ },
2215
+ "type": {
2216
+ "ignore_above": 1024,
2217
+ "type": "keyword"
2218
+ },
2219
+ "virtual_address": {
2220
+ "type": "long"
2221
+ },
2222
+ "virtual_size": {
2223
+ "type": "long"
2224
+ }
2225
+ },
2226
+ "type": "nested"
2227
+ },
2228
+ "segments": {
2229
+ "properties": {
2230
+ "sections": {
2231
+ "ignore_above": 1024,
2232
+ "type": "keyword"
2233
+ },
2234
+ "type": {
2235
+ "ignore_above": 1024,
2236
+ "type": "keyword"
2237
+ }
2238
+ },
2239
+ "type": "nested"
2240
+ },
2241
+ "shared_libraries": {
2242
+ "ignore_above": 1024,
2243
+ "type": "keyword"
2244
+ },
2245
+ "telfhash": {
2246
+ "ignore_above": 1024,
2247
+ "type": "keyword"
2248
+ }
2249
+ }
2250
+ },
2251
+ "end": {
2252
+ "type": "date"
2253
+ },
1767
2254
  "entity_id": {
1768
2255
  "ignore_above": 1024,
1769
2256
  "type": "keyword"
@@ -1798,6 +2285,10 @@
1798
2285
  "sha512": {
1799
2286
  "ignore_above": 1024,
1800
2287
  "type": "keyword"
2288
+ },
2289
+ "ssdeep": {
2290
+ "ignore_above": 1024,
2291
+ "type": "keyword"
1801
2292
  }
1802
2293
  }
1803
2294
  },
@@ -1822,9 +2313,17 @@
1822
2313
  },
1823
2314
  "code_signature": {
1824
2315
  "properties": {
2316
+ "digest_algorithm": {
2317
+ "ignore_above": 1024,
2318
+ "type": "keyword"
2319
+ },
1825
2320
  "exists": {
1826
2321
  "type": "boolean"
1827
2322
  },
2323
+ "signing_id": {
2324
+ "ignore_above": 1024,
2325
+ "type": "keyword"
2326
+ },
1828
2327
  "status": {
1829
2328
  "ignore_above": 1024,
1830
2329
  "type": "keyword"
@@ -1833,6 +2332,13 @@
1833
2332
  "ignore_above": 1024,
1834
2333
  "type": "keyword"
1835
2334
  },
2335
+ "team_id": {
2336
+ "ignore_above": 1024,
2337
+ "type": "keyword"
2338
+ },
2339
+ "timestamp": {
2340
+ "type": "date"
2341
+ },
1836
2342
  "trusted": {
1837
2343
  "type": "boolean"
1838
2344
  },
@@ -1851,6 +2357,126 @@
1851
2357
  "ignore_above": 1024,
1852
2358
  "type": "keyword"
1853
2359
  },
2360
+ "elf": {
2361
+ "properties": {
2362
+ "architecture": {
2363
+ "ignore_above": 1024,
2364
+ "type": "keyword"
2365
+ },
2366
+ "byte_order": {
2367
+ "ignore_above": 1024,
2368
+ "type": "keyword"
2369
+ },
2370
+ "cpu_type": {
2371
+ "ignore_above": 1024,
2372
+ "type": "keyword"
2373
+ },
2374
+ "creation_date": {
2375
+ "type": "date"
2376
+ },
2377
+ "exports": {
2378
+ "type": "flattened"
2379
+ },
2380
+ "header": {
2381
+ "properties": {
2382
+ "abi_version": {
2383
+ "ignore_above": 1024,
2384
+ "type": "keyword"
2385
+ },
2386
+ "class": {
2387
+ "ignore_above": 1024,
2388
+ "type": "keyword"
2389
+ },
2390
+ "data": {
2391
+ "ignore_above": 1024,
2392
+ "type": "keyword"
2393
+ },
2394
+ "entrypoint": {
2395
+ "type": "long"
2396
+ },
2397
+ "object_version": {
2398
+ "ignore_above": 1024,
2399
+ "type": "keyword"
2400
+ },
2401
+ "os_abi": {
2402
+ "ignore_above": 1024,
2403
+ "type": "keyword"
2404
+ },
2405
+ "type": {
2406
+ "ignore_above": 1024,
2407
+ "type": "keyword"
2408
+ },
2409
+ "version": {
2410
+ "ignore_above": 1024,
2411
+ "type": "keyword"
2412
+ }
2413
+ }
2414
+ },
2415
+ "imports": {
2416
+ "type": "flattened"
2417
+ },
2418
+ "sections": {
2419
+ "properties": {
2420
+ "chi2": {
2421
+ "type": "long"
2422
+ },
2423
+ "entropy": {
2424
+ "type": "long"
2425
+ },
2426
+ "flags": {
2427
+ "ignore_above": 1024,
2428
+ "type": "keyword"
2429
+ },
2430
+ "name": {
2431
+ "ignore_above": 1024,
2432
+ "type": "keyword"
2433
+ },
2434
+ "physical_offset": {
2435
+ "ignore_above": 1024,
2436
+ "type": "keyword"
2437
+ },
2438
+ "physical_size": {
2439
+ "type": "long"
2440
+ },
2441
+ "type": {
2442
+ "ignore_above": 1024,
2443
+ "type": "keyword"
2444
+ },
2445
+ "virtual_address": {
2446
+ "type": "long"
2447
+ },
2448
+ "virtual_size": {
2449
+ "type": "long"
2450
+ }
2451
+ },
2452
+ "type": "nested"
2453
+ },
2454
+ "segments": {
2455
+ "properties": {
2456
+ "sections": {
2457
+ "ignore_above": 1024,
2458
+ "type": "keyword"
2459
+ },
2460
+ "type": {
2461
+ "ignore_above": 1024,
2462
+ "type": "keyword"
2463
+ }
2464
+ },
2465
+ "type": "nested"
2466
+ },
2467
+ "shared_libraries": {
2468
+ "ignore_above": 1024,
2469
+ "type": "keyword"
2470
+ },
2471
+ "telfhash": {
2472
+ "ignore_above": 1024,
2473
+ "type": "keyword"
2474
+ }
2475
+ }
2476
+ },
2477
+ "end": {
2478
+ "type": "date"
2479
+ },
1854
2480
  "entity_id": {
1855
2481
  "ignore_above": 1024,
1856
2482
  "type": "keyword"
@@ -1885,6 +2511,10 @@
1885
2511
  "sha512": {
1886
2512
  "ignore_above": 1024,
1887
2513
  "type": "keyword"
2514
+ },
2515
+ "ssdeep": {
2516
+ "ignore_above": 1024,
2517
+ "type": "keyword"
1888
2518
  }
1889
2519
  }
1890
2520
  },
@@ -1898,6 +2528,38 @@
1898
2528
  "ignore_above": 1024,
1899
2529
  "type": "keyword"
1900
2530
  },
2531
+ "pe": {
2532
+ "properties": {
2533
+ "architecture": {
2534
+ "ignore_above": 1024,
2535
+ "type": "keyword"
2536
+ },
2537
+ "company": {
2538
+ "ignore_above": 1024,
2539
+ "type": "keyword"
2540
+ },
2541
+ "description": {
2542
+ "ignore_above": 1024,
2543
+ "type": "keyword"
2544
+ },
2545
+ "file_version": {
2546
+ "ignore_above": 1024,
2547
+ "type": "keyword"
2548
+ },
2549
+ "imphash": {
2550
+ "ignore_above": 1024,
2551
+ "type": "keyword"
2552
+ },
2553
+ "original_file_name": {
2554
+ "ignore_above": 1024,
2555
+ "type": "keyword"
2556
+ },
2557
+ "product": {
2558
+ "ignore_above": 1024,
2559
+ "type": "keyword"
2560
+ }
2561
+ }
2562
+ },
1901
2563
  "pgid": {
1902
2564
  "type": "long"
1903
2565
  },
@@ -1948,6 +2610,10 @@
1948
2610
  },
1949
2611
  "pe": {
1950
2612
  "properties": {
2613
+ "architecture": {
2614
+ "ignore_above": 1024,
2615
+ "type": "keyword"
2616
+ },
1951
2617
  "company": {
1952
2618
  "ignore_above": 1024,
1953
2619
  "type": "keyword"
@@ -1960,6 +2626,10 @@
1960
2626
  "ignore_above": 1024,
1961
2627
  "type": "keyword"
1962
2628
  },
2629
+ "imphash": {
2630
+ "ignore_above": 1024,
2631
+ "type": "keyword"
2632
+ },
1963
2633
  "original_file_name": {
1964
2634
  "ignore_above": 1024,
1965
2635
  "type": "keyword"
@@ -2060,6 +2730,10 @@
2060
2730
  "ignore_above": 1024,
2061
2731
  "type": "keyword"
2062
2732
  },
2733
+ "hosts": {
2734
+ "ignore_above": 1024,
2735
+ "type": "keyword"
2736
+ },
2063
2737
  "ip": {
2064
2738
  "type": "ip"
2065
2739
  },
@@ -2153,6 +2827,10 @@
2153
2827
  "ignore_above": 1024,
2154
2828
  "type": "keyword"
2155
2829
  },
2830
+ "continent_code": {
2831
+ "ignore_above": 1024,
2832
+ "type": "keyword"
2833
+ },
2156
2834
  "continent_name": {
2157
2835
  "ignore_above": 1024,
2158
2836
  "type": "keyword"
@@ -2172,6 +2850,10 @@
2172
2850
  "ignore_above": 1024,
2173
2851
  "type": "keyword"
2174
2852
  },
2853
+ "postal_code": {
2854
+ "ignore_above": 1024,
2855
+ "type": "keyword"
2856
+ },
2175
2857
  "region_iso_code": {
2176
2858
  "ignore_above": 1024,
2177
2859
  "type": "keyword"
@@ -2179,6 +2861,10 @@
2179
2861
  "region_name": {
2180
2862
  "ignore_above": 1024,
2181
2863
  "type": "keyword"
2864
+ },
2865
+ "timezone": {
2866
+ "ignore_above": 1024,
2867
+ "type": "keyword"
2182
2868
  }
2183
2869
  }
2184
2870
  },
@@ -2209,6 +2895,10 @@
2209
2895
  "ignore_above": 1024,
2210
2896
  "type": "keyword"
2211
2897
  },
2898
+ "subdomain": {
2899
+ "ignore_above": 1024,
2900
+ "type": "keyword"
2901
+ },
2212
2902
  "top_level_domain": {
2213
2903
  "ignore_above": 1024,
2214
2904
  "type": "keyword"
@@ -2266,6 +2956,10 @@
2266
2956
  },
2267
2957
  "ignore_above": 1024,
2268
2958
  "type": "keyword"
2959
+ },
2960
+ "roles": {
2961
+ "ignore_above": 1024,
2962
+ "type": "keyword"
2269
2963
  }
2270
2964
  }
2271
2965
  }
@@ -2273,6 +2967,14 @@
2273
2967
  },
2274
2968
  "service": {
2275
2969
  "properties": {
2970
+ "address": {
2971
+ "ignore_above": 1024,
2972
+ "type": "keyword"
2973
+ },
2974
+ "environment": {
2975
+ "ignore_above": 1024,
2976
+ "type": "keyword"
2977
+ },
2276
2978
  "ephemeral_id": {
2277
2979
  "ignore_above": 1024,
2278
2980
  "type": "keyword"
@@ -2347,6 +3049,10 @@
2347
3049
  "ignore_above": 1024,
2348
3050
  "type": "keyword"
2349
3051
  },
3052
+ "continent_code": {
3053
+ "ignore_above": 1024,
3054
+ "type": "keyword"
3055
+ },
2350
3056
  "continent_name": {
2351
3057
  "ignore_above": 1024,
2352
3058
  "type": "keyword"
@@ -2366,6 +3072,10 @@
2366
3072
  "ignore_above": 1024,
2367
3073
  "type": "keyword"
2368
3074
  },
3075
+ "postal_code": {
3076
+ "ignore_above": 1024,
3077
+ "type": "keyword"
3078
+ },
2369
3079
  "region_iso_code": {
2370
3080
  "ignore_above": 1024,
2371
3081
  "type": "keyword"
@@ -2373,8 +3083,12 @@
2373
3083
  "region_name": {
2374
3084
  "ignore_above": 1024,
2375
3085
  "type": "keyword"
2376
- }
2377
- }
3086
+ },
3087
+ "timezone": {
3088
+ "ignore_above": 1024,
3089
+ "type": "keyword"
3090
+ }
3091
+ }
2378
3092
  },
2379
3093
  "ip": {
2380
3094
  "type": "ip"
@@ -2403,6 +3117,10 @@
2403
3117
  "ignore_above": 1024,
2404
3118
  "type": "keyword"
2405
3119
  },
3120
+ "subdomain": {
3121
+ "ignore_above": 1024,
3122
+ "type": "keyword"
3123
+ },
2406
3124
  "top_level_domain": {
2407
3125
  "ignore_above": 1024,
2408
3126
  "type": "keyword"
@@ -2460,21 +3178,1623 @@
2460
3178
  },
2461
3179
  "ignore_above": 1024,
2462
3180
  "type": "keyword"
3181
+ },
3182
+ "roles": {
3183
+ "ignore_above": 1024,
3184
+ "type": "keyword"
2463
3185
  }
2464
3186
  }
2465
3187
  }
2466
3188
  }
2467
3189
  },
3190
+ "span": {
3191
+ "properties": {
3192
+ "id": {
3193
+ "ignore_above": 1024,
3194
+ "type": "keyword"
3195
+ }
3196
+ }
3197
+ },
2468
3198
  "tags": {
2469
3199
  "ignore_above": 1024,
2470
3200
  "type": "keyword"
2471
3201
  },
2472
3202
  "threat": {
2473
3203
  "properties": {
3204
+ "enrichments": {
3205
+ "properties": {
3206
+ "indicator": {
3207
+ "properties": {
3208
+ "as": {
3209
+ "properties": {
3210
+ "number": {
3211
+ "type": "long"
3212
+ },
3213
+ "organization": {
3214
+ "properties": {
3215
+ "name": {
3216
+ "fields": {
3217
+ "text": {
3218
+ "norms": false,
3219
+ "type": "text"
3220
+ }
3221
+ },
3222
+ "ignore_above": 1024,
3223
+ "type": "keyword"
3224
+ }
3225
+ }
3226
+ }
3227
+ }
3228
+ },
3229
+ "confidence": {
3230
+ "ignore_above": 1024,
3231
+ "type": "keyword"
3232
+ },
3233
+ "description": {
3234
+ "ignore_above": 1024,
3235
+ "type": "keyword"
3236
+ },
3237
+ "email": {
3238
+ "properties": {
3239
+ "address": {
3240
+ "ignore_above": 1024,
3241
+ "type": "keyword"
3242
+ }
3243
+ }
3244
+ },
3245
+ "file": {
3246
+ "properties": {
3247
+ "accessed": {
3248
+ "type": "date"
3249
+ },
3250
+ "attributes": {
3251
+ "ignore_above": 1024,
3252
+ "type": "keyword"
3253
+ },
3254
+ "code_signature": {
3255
+ "properties": {
3256
+ "digest_algorithm": {
3257
+ "ignore_above": 1024,
3258
+ "type": "keyword"
3259
+ },
3260
+ "exists": {
3261
+ "type": "boolean"
3262
+ },
3263
+ "signing_id": {
3264
+ "ignore_above": 1024,
3265
+ "type": "keyword"
3266
+ },
3267
+ "status": {
3268
+ "ignore_above": 1024,
3269
+ "type": "keyword"
3270
+ },
3271
+ "subject_name": {
3272
+ "ignore_above": 1024,
3273
+ "type": "keyword"
3274
+ },
3275
+ "team_id": {
3276
+ "ignore_above": 1024,
3277
+ "type": "keyword"
3278
+ },
3279
+ "timestamp": {
3280
+ "type": "date"
3281
+ },
3282
+ "trusted": {
3283
+ "type": "boolean"
3284
+ },
3285
+ "valid": {
3286
+ "type": "boolean"
3287
+ }
3288
+ }
3289
+ },
3290
+ "created": {
3291
+ "type": "date"
3292
+ },
3293
+ "ctime": {
3294
+ "type": "date"
3295
+ },
3296
+ "device": {
3297
+ "ignore_above": 1024,
3298
+ "type": "keyword"
3299
+ },
3300
+ "directory": {
3301
+ "ignore_above": 1024,
3302
+ "type": "keyword"
3303
+ },
3304
+ "drive_letter": {
3305
+ "ignore_above": 1,
3306
+ "type": "keyword"
3307
+ },
3308
+ "elf": {
3309
+ "properties": {
3310
+ "architecture": {
3311
+ "ignore_above": 1024,
3312
+ "type": "keyword"
3313
+ },
3314
+ "byte_order": {
3315
+ "ignore_above": 1024,
3316
+ "type": "keyword"
3317
+ },
3318
+ "cpu_type": {
3319
+ "ignore_above": 1024,
3320
+ "type": "keyword"
3321
+ },
3322
+ "creation_date": {
3323
+ "type": "date"
3324
+ },
3325
+ "exports": {
3326
+ "type": "flattened"
3327
+ },
3328
+ "header": {
3329
+ "properties": {
3330
+ "abi_version": {
3331
+ "ignore_above": 1024,
3332
+ "type": "keyword"
3333
+ },
3334
+ "class": {
3335
+ "ignore_above": 1024,
3336
+ "type": "keyword"
3337
+ },
3338
+ "data": {
3339
+ "ignore_above": 1024,
3340
+ "type": "keyword"
3341
+ },
3342
+ "entrypoint": {
3343
+ "type": "long"
3344
+ },
3345
+ "object_version": {
3346
+ "ignore_above": 1024,
3347
+ "type": "keyword"
3348
+ },
3349
+ "os_abi": {
3350
+ "ignore_above": 1024,
3351
+ "type": "keyword"
3352
+ },
3353
+ "type": {
3354
+ "ignore_above": 1024,
3355
+ "type": "keyword"
3356
+ },
3357
+ "version": {
3358
+ "ignore_above": 1024,
3359
+ "type": "keyword"
3360
+ }
3361
+ }
3362
+ },
3363
+ "imports": {
3364
+ "type": "flattened"
3365
+ },
3366
+ "sections": {
3367
+ "properties": {
3368
+ "chi2": {
3369
+ "type": "long"
3370
+ },
3371
+ "entropy": {
3372
+ "type": "long"
3373
+ },
3374
+ "flags": {
3375
+ "ignore_above": 1024,
3376
+ "type": "keyword"
3377
+ },
3378
+ "name": {
3379
+ "ignore_above": 1024,
3380
+ "type": "keyword"
3381
+ },
3382
+ "physical_offset": {
3383
+ "ignore_above": 1024,
3384
+ "type": "keyword"
3385
+ },
3386
+ "physical_size": {
3387
+ "type": "long"
3388
+ },
3389
+ "type": {
3390
+ "ignore_above": 1024,
3391
+ "type": "keyword"
3392
+ },
3393
+ "virtual_address": {
3394
+ "type": "long"
3395
+ },
3396
+ "virtual_size": {
3397
+ "type": "long"
3398
+ }
3399
+ },
3400
+ "type": "nested"
3401
+ },
3402
+ "segments": {
3403
+ "properties": {
3404
+ "sections": {
3405
+ "ignore_above": 1024,
3406
+ "type": "keyword"
3407
+ },
3408
+ "type": {
3409
+ "ignore_above": 1024,
3410
+ "type": "keyword"
3411
+ }
3412
+ },
3413
+ "type": "nested"
3414
+ },
3415
+ "shared_libraries": {
3416
+ "ignore_above": 1024,
3417
+ "type": "keyword"
3418
+ },
3419
+ "telfhash": {
3420
+ "ignore_above": 1024,
3421
+ "type": "keyword"
3422
+ }
3423
+ }
3424
+ },
3425
+ "extension": {
3426
+ "ignore_above": 1024,
3427
+ "type": "keyword"
3428
+ },
3429
+ "fork_name": {
3430
+ "ignore_above": 1024,
3431
+ "type": "keyword"
3432
+ },
3433
+ "gid": {
3434
+ "ignore_above": 1024,
3435
+ "type": "keyword"
3436
+ },
3437
+ "group": {
3438
+ "ignore_above": 1024,
3439
+ "type": "keyword"
3440
+ },
3441
+ "hash": {
3442
+ "properties": {
3443
+ "md5": {
3444
+ "ignore_above": 1024,
3445
+ "type": "keyword"
3446
+ },
3447
+ "sha1": {
3448
+ "ignore_above": 1024,
3449
+ "type": "keyword"
3450
+ },
3451
+ "sha256": {
3452
+ "ignore_above": 1024,
3453
+ "type": "keyword"
3454
+ },
3455
+ "sha512": {
3456
+ "ignore_above": 1024,
3457
+ "type": "keyword"
3458
+ },
3459
+ "ssdeep": {
3460
+ "ignore_above": 1024,
3461
+ "type": "keyword"
3462
+ }
3463
+ }
3464
+ },
3465
+ "inode": {
3466
+ "ignore_above": 1024,
3467
+ "type": "keyword"
3468
+ },
3469
+ "mime_type": {
3470
+ "ignore_above": 1024,
3471
+ "type": "keyword"
3472
+ },
3473
+ "mode": {
3474
+ "ignore_above": 1024,
3475
+ "type": "keyword"
3476
+ },
3477
+ "mtime": {
3478
+ "type": "date"
3479
+ },
3480
+ "name": {
3481
+ "ignore_above": 1024,
3482
+ "type": "keyword"
3483
+ },
3484
+ "owner": {
3485
+ "ignore_above": 1024,
3486
+ "type": "keyword"
3487
+ },
3488
+ "path": {
3489
+ "fields": {
3490
+ "text": {
3491
+ "norms": false,
3492
+ "type": "text"
3493
+ }
3494
+ },
3495
+ "ignore_above": 1024,
3496
+ "type": "keyword"
3497
+ },
3498
+ "pe": {
3499
+ "properties": {
3500
+ "architecture": {
3501
+ "ignore_above": 1024,
3502
+ "type": "keyword"
3503
+ },
3504
+ "company": {
3505
+ "ignore_above": 1024,
3506
+ "type": "keyword"
3507
+ },
3508
+ "description": {
3509
+ "ignore_above": 1024,
3510
+ "type": "keyword"
3511
+ },
3512
+ "file_version": {
3513
+ "ignore_above": 1024,
3514
+ "type": "keyword"
3515
+ },
3516
+ "imphash": {
3517
+ "ignore_above": 1024,
3518
+ "type": "keyword"
3519
+ },
3520
+ "original_file_name": {
3521
+ "ignore_above": 1024,
3522
+ "type": "keyword"
3523
+ },
3524
+ "product": {
3525
+ "ignore_above": 1024,
3526
+ "type": "keyword"
3527
+ }
3528
+ }
3529
+ },
3530
+ "size": {
3531
+ "type": "long"
3532
+ },
3533
+ "target_path": {
3534
+ "fields": {
3535
+ "text": {
3536
+ "norms": false,
3537
+ "type": "text"
3538
+ }
3539
+ },
3540
+ "ignore_above": 1024,
3541
+ "type": "keyword"
3542
+ },
3543
+ "type": {
3544
+ "ignore_above": 1024,
3545
+ "type": "keyword"
3546
+ },
3547
+ "uid": {
3548
+ "ignore_above": 1024,
3549
+ "type": "keyword"
3550
+ },
3551
+ "x509": {
3552
+ "properties": {
3553
+ "alternative_names": {
3554
+ "ignore_above": 1024,
3555
+ "type": "keyword"
3556
+ },
3557
+ "issuer": {
3558
+ "properties": {
3559
+ "common_name": {
3560
+ "ignore_above": 1024,
3561
+ "type": "keyword"
3562
+ },
3563
+ "country": {
3564
+ "ignore_above": 1024,
3565
+ "type": "keyword"
3566
+ },
3567
+ "distinguished_name": {
3568
+ "ignore_above": 1024,
3569
+ "type": "keyword"
3570
+ },
3571
+ "locality": {
3572
+ "ignore_above": 1024,
3573
+ "type": "keyword"
3574
+ },
3575
+ "organization": {
3576
+ "ignore_above": 1024,
3577
+ "type": "keyword"
3578
+ },
3579
+ "organizational_unit": {
3580
+ "ignore_above": 1024,
3581
+ "type": "keyword"
3582
+ },
3583
+ "state_or_province": {
3584
+ "ignore_above": 1024,
3585
+ "type": "keyword"
3586
+ }
3587
+ }
3588
+ },
3589
+ "not_after": {
3590
+ "type": "date"
3591
+ },
3592
+ "not_before": {
3593
+ "type": "date"
3594
+ },
3595
+ "public_key_algorithm": {
3596
+ "ignore_above": 1024,
3597
+ "type": "keyword"
3598
+ },
3599
+ "public_key_curve": {
3600
+ "ignore_above": 1024,
3601
+ "type": "keyword"
3602
+ },
3603
+ "public_key_exponent": {
3604
+ "doc_values": false,
3605
+ "index": false,
3606
+ "type": "long"
3607
+ },
3608
+ "public_key_size": {
3609
+ "type": "long"
3610
+ },
3611
+ "serial_number": {
3612
+ "ignore_above": 1024,
3613
+ "type": "keyword"
3614
+ },
3615
+ "signature_algorithm": {
3616
+ "ignore_above": 1024,
3617
+ "type": "keyword"
3618
+ },
3619
+ "subject": {
3620
+ "properties": {
3621
+ "common_name": {
3622
+ "ignore_above": 1024,
3623
+ "type": "keyword"
3624
+ },
3625
+ "country": {
3626
+ "ignore_above": 1024,
3627
+ "type": "keyword"
3628
+ },
3629
+ "distinguished_name": {
3630
+ "ignore_above": 1024,
3631
+ "type": "keyword"
3632
+ },
3633
+ "locality": {
3634
+ "ignore_above": 1024,
3635
+ "type": "keyword"
3636
+ },
3637
+ "organization": {
3638
+ "ignore_above": 1024,
3639
+ "type": "keyword"
3640
+ },
3641
+ "organizational_unit": {
3642
+ "ignore_above": 1024,
3643
+ "type": "keyword"
3644
+ },
3645
+ "state_or_province": {
3646
+ "ignore_above": 1024,
3647
+ "type": "keyword"
3648
+ }
3649
+ }
3650
+ },
3651
+ "version_number": {
3652
+ "ignore_above": 1024,
3653
+ "type": "keyword"
3654
+ }
3655
+ }
3656
+ }
3657
+ }
3658
+ },
3659
+ "first_seen": {
3660
+ "type": "date"
3661
+ },
3662
+ "geo": {
3663
+ "properties": {
3664
+ "city_name": {
3665
+ "ignore_above": 1024,
3666
+ "type": "keyword"
3667
+ },
3668
+ "continent_code": {
3669
+ "ignore_above": 1024,
3670
+ "type": "keyword"
3671
+ },
3672
+ "continent_name": {
3673
+ "ignore_above": 1024,
3674
+ "type": "keyword"
3675
+ },
3676
+ "country_iso_code": {
3677
+ "ignore_above": 1024,
3678
+ "type": "keyword"
3679
+ },
3680
+ "country_name": {
3681
+ "ignore_above": 1024,
3682
+ "type": "keyword"
3683
+ },
3684
+ "location": {
3685
+ "type": "geo_point"
3686
+ },
3687
+ "name": {
3688
+ "ignore_above": 1024,
3689
+ "type": "keyword"
3690
+ },
3691
+ "postal_code": {
3692
+ "ignore_above": 1024,
3693
+ "type": "keyword"
3694
+ },
3695
+ "region_iso_code": {
3696
+ "ignore_above": 1024,
3697
+ "type": "keyword"
3698
+ },
3699
+ "region_name": {
3700
+ "ignore_above": 1024,
3701
+ "type": "keyword"
3702
+ },
3703
+ "timezone": {
3704
+ "ignore_above": 1024,
3705
+ "type": "keyword"
3706
+ }
3707
+ }
3708
+ },
3709
+ "ip": {
3710
+ "type": "ip"
3711
+ },
3712
+ "last_seen": {
3713
+ "type": "date"
3714
+ },
3715
+ "marking": {
3716
+ "properties": {
3717
+ "tlp": {
3718
+ "ignore_above": 1024,
3719
+ "type": "keyword"
3720
+ }
3721
+ }
3722
+ },
3723
+ "modified_at": {
3724
+ "type": "date"
3725
+ },
3726
+ "port": {
3727
+ "type": "long"
3728
+ },
3729
+ "provider": {
3730
+ "ignore_above": 1024,
3731
+ "type": "keyword"
3732
+ },
3733
+ "reference": {
3734
+ "ignore_above": 1024,
3735
+ "type": "keyword"
3736
+ },
3737
+ "registry": {
3738
+ "properties": {
3739
+ "data": {
3740
+ "properties": {
3741
+ "bytes": {
3742
+ "ignore_above": 1024,
3743
+ "type": "keyword"
3744
+ },
3745
+ "strings": {
3746
+ "ignore_above": 1024,
3747
+ "type": "keyword"
3748
+ },
3749
+ "type": {
3750
+ "ignore_above": 1024,
3751
+ "type": "keyword"
3752
+ }
3753
+ }
3754
+ },
3755
+ "hive": {
3756
+ "ignore_above": 1024,
3757
+ "type": "keyword"
3758
+ },
3759
+ "key": {
3760
+ "ignore_above": 1024,
3761
+ "type": "keyword"
3762
+ },
3763
+ "path": {
3764
+ "ignore_above": 1024,
3765
+ "type": "keyword"
3766
+ },
3767
+ "value": {
3768
+ "ignore_above": 1024,
3769
+ "type": "keyword"
3770
+ }
3771
+ }
3772
+ },
3773
+ "scanner_stats": {
3774
+ "type": "long"
3775
+ },
3776
+ "sightings": {
3777
+ "type": "long"
3778
+ },
3779
+ "type": {
3780
+ "ignore_above": 1024,
3781
+ "type": "keyword"
3782
+ },
3783
+ "url": {
3784
+ "properties": {
3785
+ "domain": {
3786
+ "ignore_above": 1024,
3787
+ "type": "keyword"
3788
+ },
3789
+ "extension": {
3790
+ "ignore_above": 1024,
3791
+ "type": "keyword"
3792
+ },
3793
+ "fragment": {
3794
+ "ignore_above": 1024,
3795
+ "type": "keyword"
3796
+ },
3797
+ "full": {
3798
+ "fields": {
3799
+ "text": {
3800
+ "norms": false,
3801
+ "type": "text"
3802
+ }
3803
+ },
3804
+ "ignore_above": 1024,
3805
+ "type": "keyword"
3806
+ },
3807
+ "original": {
3808
+ "fields": {
3809
+ "text": {
3810
+ "norms": false,
3811
+ "type": "text"
3812
+ }
3813
+ },
3814
+ "ignore_above": 1024,
3815
+ "type": "keyword"
3816
+ },
3817
+ "password": {
3818
+ "ignore_above": 1024,
3819
+ "type": "keyword"
3820
+ },
3821
+ "path": {
3822
+ "ignore_above": 1024,
3823
+ "type": "keyword"
3824
+ },
3825
+ "port": {
3826
+ "type": "long"
3827
+ },
3828
+ "query": {
3829
+ "ignore_above": 1024,
3830
+ "type": "keyword"
3831
+ },
3832
+ "registered_domain": {
3833
+ "ignore_above": 1024,
3834
+ "type": "keyword"
3835
+ },
3836
+ "scheme": {
3837
+ "ignore_above": 1024,
3838
+ "type": "keyword"
3839
+ },
3840
+ "subdomain": {
3841
+ "ignore_above": 1024,
3842
+ "type": "keyword"
3843
+ },
3844
+ "top_level_domain": {
3845
+ "ignore_above": 1024,
3846
+ "type": "keyword"
3847
+ },
3848
+ "username": {
3849
+ "ignore_above": 1024,
3850
+ "type": "keyword"
3851
+ }
3852
+ }
3853
+ },
3854
+ "x509": {
3855
+ "properties": {
3856
+ "alternative_names": {
3857
+ "ignore_above": 1024,
3858
+ "type": "keyword"
3859
+ },
3860
+ "issuer": {
3861
+ "properties": {
3862
+ "common_name": {
3863
+ "ignore_above": 1024,
3864
+ "type": "keyword"
3865
+ },
3866
+ "country": {
3867
+ "ignore_above": 1024,
3868
+ "type": "keyword"
3869
+ },
3870
+ "distinguished_name": {
3871
+ "ignore_above": 1024,
3872
+ "type": "keyword"
3873
+ },
3874
+ "locality": {
3875
+ "ignore_above": 1024,
3876
+ "type": "keyword"
3877
+ },
3878
+ "organization": {
3879
+ "ignore_above": 1024,
3880
+ "type": "keyword"
3881
+ },
3882
+ "organizational_unit": {
3883
+ "ignore_above": 1024,
3884
+ "type": "keyword"
3885
+ },
3886
+ "state_or_province": {
3887
+ "ignore_above": 1024,
3888
+ "type": "keyword"
3889
+ }
3890
+ }
3891
+ },
3892
+ "not_after": {
3893
+ "type": "date"
3894
+ },
3895
+ "not_before": {
3896
+ "type": "date"
3897
+ },
3898
+ "public_key_algorithm": {
3899
+ "ignore_above": 1024,
3900
+ "type": "keyword"
3901
+ },
3902
+ "public_key_curve": {
3903
+ "ignore_above": 1024,
3904
+ "type": "keyword"
3905
+ },
3906
+ "public_key_exponent": {
3907
+ "doc_values": false,
3908
+ "index": false,
3909
+ "type": "long"
3910
+ },
3911
+ "public_key_size": {
3912
+ "type": "long"
3913
+ },
3914
+ "serial_number": {
3915
+ "ignore_above": 1024,
3916
+ "type": "keyword"
3917
+ },
3918
+ "signature_algorithm": {
3919
+ "ignore_above": 1024,
3920
+ "type": "keyword"
3921
+ },
3922
+ "subject": {
3923
+ "properties": {
3924
+ "common_name": {
3925
+ "ignore_above": 1024,
3926
+ "type": "keyword"
3927
+ },
3928
+ "country": {
3929
+ "ignore_above": 1024,
3930
+ "type": "keyword"
3931
+ },
3932
+ "distinguished_name": {
3933
+ "ignore_above": 1024,
3934
+ "type": "keyword"
3935
+ },
3936
+ "locality": {
3937
+ "ignore_above": 1024,
3938
+ "type": "keyword"
3939
+ },
3940
+ "organization": {
3941
+ "ignore_above": 1024,
3942
+ "type": "keyword"
3943
+ },
3944
+ "organizational_unit": {
3945
+ "ignore_above": 1024,
3946
+ "type": "keyword"
3947
+ },
3948
+ "state_or_province": {
3949
+ "ignore_above": 1024,
3950
+ "type": "keyword"
3951
+ }
3952
+ }
3953
+ },
3954
+ "version_number": {
3955
+ "ignore_above": 1024,
3956
+ "type": "keyword"
3957
+ }
3958
+ }
3959
+ }
3960
+ },
3961
+ "type": "object"
3962
+ },
3963
+ "matched": {
3964
+ "properties": {
3965
+ "atomic": {
3966
+ "ignore_above": 1024,
3967
+ "type": "keyword"
3968
+ },
3969
+ "field": {
3970
+ "ignore_above": 1024,
3971
+ "type": "keyword"
3972
+ },
3973
+ "id": {
3974
+ "ignore_above": 1024,
3975
+ "type": "keyword"
3976
+ },
3977
+ "index": {
3978
+ "ignore_above": 1024,
3979
+ "type": "keyword"
3980
+ },
3981
+ "type": {
3982
+ "ignore_above": 1024,
3983
+ "type": "keyword"
3984
+ }
3985
+ }
3986
+ }
3987
+ },
3988
+ "type": "nested"
3989
+ },
2474
3990
  "framework": {
2475
3991
  "ignore_above": 1024,
2476
3992
  "type": "keyword"
2477
3993
  },
3994
+ "group": {
3995
+ "properties": {
3996
+ "alias": {
3997
+ "ignore_above": 1024,
3998
+ "type": "keyword"
3999
+ },
4000
+ "id": {
4001
+ "ignore_above": 1024,
4002
+ "type": "keyword"
4003
+ },
4004
+ "name": {
4005
+ "ignore_above": 1024,
4006
+ "type": "keyword"
4007
+ },
4008
+ "reference": {
4009
+ "ignore_above": 1024,
4010
+ "type": "keyword"
4011
+ }
4012
+ }
4013
+ },
4014
+ "indicator": {
4015
+ "properties": {
4016
+ "as": {
4017
+ "properties": {
4018
+ "number": {
4019
+ "type": "long"
4020
+ },
4021
+ "organization": {
4022
+ "properties": {
4023
+ "name": {
4024
+ "fields": {
4025
+ "text": {
4026
+ "norms": false,
4027
+ "type": "text"
4028
+ }
4029
+ },
4030
+ "ignore_above": 1024,
4031
+ "type": "keyword"
4032
+ }
4033
+ }
4034
+ }
4035
+ }
4036
+ },
4037
+ "confidence": {
4038
+ "ignore_above": 1024,
4039
+ "type": "keyword"
4040
+ },
4041
+ "description": {
4042
+ "ignore_above": 1024,
4043
+ "type": "keyword"
4044
+ },
4045
+ "email": {
4046
+ "properties": {
4047
+ "address": {
4048
+ "ignore_above": 1024,
4049
+ "type": "keyword"
4050
+ }
4051
+ }
4052
+ },
4053
+ "file": {
4054
+ "properties": {
4055
+ "accessed": {
4056
+ "type": "date"
4057
+ },
4058
+ "attributes": {
4059
+ "ignore_above": 1024,
4060
+ "type": "keyword"
4061
+ },
4062
+ "code_signature": {
4063
+ "properties": {
4064
+ "digest_algorithm": {
4065
+ "ignore_above": 1024,
4066
+ "type": "keyword"
4067
+ },
4068
+ "exists": {
4069
+ "type": "boolean"
4070
+ },
4071
+ "signing_id": {
4072
+ "ignore_above": 1024,
4073
+ "type": "keyword"
4074
+ },
4075
+ "status": {
4076
+ "ignore_above": 1024,
4077
+ "type": "keyword"
4078
+ },
4079
+ "subject_name": {
4080
+ "ignore_above": 1024,
4081
+ "type": "keyword"
4082
+ },
4083
+ "team_id": {
4084
+ "ignore_above": 1024,
4085
+ "type": "keyword"
4086
+ },
4087
+ "timestamp": {
4088
+ "type": "date"
4089
+ },
4090
+ "trusted": {
4091
+ "type": "boolean"
4092
+ },
4093
+ "valid": {
4094
+ "type": "boolean"
4095
+ }
4096
+ }
4097
+ },
4098
+ "created": {
4099
+ "type": "date"
4100
+ },
4101
+ "ctime": {
4102
+ "type": "date"
4103
+ },
4104
+ "device": {
4105
+ "ignore_above": 1024,
4106
+ "type": "keyword"
4107
+ },
4108
+ "directory": {
4109
+ "ignore_above": 1024,
4110
+ "type": "keyword"
4111
+ },
4112
+ "drive_letter": {
4113
+ "ignore_above": 1,
4114
+ "type": "keyword"
4115
+ },
4116
+ "elf": {
4117
+ "properties": {
4118
+ "architecture": {
4119
+ "ignore_above": 1024,
4120
+ "type": "keyword"
4121
+ },
4122
+ "byte_order": {
4123
+ "ignore_above": 1024,
4124
+ "type": "keyword"
4125
+ },
4126
+ "cpu_type": {
4127
+ "ignore_above": 1024,
4128
+ "type": "keyword"
4129
+ },
4130
+ "creation_date": {
4131
+ "type": "date"
4132
+ },
4133
+ "exports": {
4134
+ "type": "flattened"
4135
+ },
4136
+ "header": {
4137
+ "properties": {
4138
+ "abi_version": {
4139
+ "ignore_above": 1024,
4140
+ "type": "keyword"
4141
+ },
4142
+ "class": {
4143
+ "ignore_above": 1024,
4144
+ "type": "keyword"
4145
+ },
4146
+ "data": {
4147
+ "ignore_above": 1024,
4148
+ "type": "keyword"
4149
+ },
4150
+ "entrypoint": {
4151
+ "type": "long"
4152
+ },
4153
+ "object_version": {
4154
+ "ignore_above": 1024,
4155
+ "type": "keyword"
4156
+ },
4157
+ "os_abi": {
4158
+ "ignore_above": 1024,
4159
+ "type": "keyword"
4160
+ },
4161
+ "type": {
4162
+ "ignore_above": 1024,
4163
+ "type": "keyword"
4164
+ },
4165
+ "version": {
4166
+ "ignore_above": 1024,
4167
+ "type": "keyword"
4168
+ }
4169
+ }
4170
+ },
4171
+ "imports": {
4172
+ "type": "flattened"
4173
+ },
4174
+ "sections": {
4175
+ "properties": {
4176
+ "chi2": {
4177
+ "type": "long"
4178
+ },
4179
+ "entropy": {
4180
+ "type": "long"
4181
+ },
4182
+ "flags": {
4183
+ "ignore_above": 1024,
4184
+ "type": "keyword"
4185
+ },
4186
+ "name": {
4187
+ "ignore_above": 1024,
4188
+ "type": "keyword"
4189
+ },
4190
+ "physical_offset": {
4191
+ "ignore_above": 1024,
4192
+ "type": "keyword"
4193
+ },
4194
+ "physical_size": {
4195
+ "type": "long"
4196
+ },
4197
+ "type": {
4198
+ "ignore_above": 1024,
4199
+ "type": "keyword"
4200
+ },
4201
+ "virtual_address": {
4202
+ "type": "long"
4203
+ },
4204
+ "virtual_size": {
4205
+ "type": "long"
4206
+ }
4207
+ },
4208
+ "type": "nested"
4209
+ },
4210
+ "segments": {
4211
+ "properties": {
4212
+ "sections": {
4213
+ "ignore_above": 1024,
4214
+ "type": "keyword"
4215
+ },
4216
+ "type": {
4217
+ "ignore_above": 1024,
4218
+ "type": "keyword"
4219
+ }
4220
+ },
4221
+ "type": "nested"
4222
+ },
4223
+ "shared_libraries": {
4224
+ "ignore_above": 1024,
4225
+ "type": "keyword"
4226
+ },
4227
+ "telfhash": {
4228
+ "ignore_above": 1024,
4229
+ "type": "keyword"
4230
+ }
4231
+ }
4232
+ },
4233
+ "extension": {
4234
+ "ignore_above": 1024,
4235
+ "type": "keyword"
4236
+ },
4237
+ "fork_name": {
4238
+ "ignore_above": 1024,
4239
+ "type": "keyword"
4240
+ },
4241
+ "gid": {
4242
+ "ignore_above": 1024,
4243
+ "type": "keyword"
4244
+ },
4245
+ "group": {
4246
+ "ignore_above": 1024,
4247
+ "type": "keyword"
4248
+ },
4249
+ "hash": {
4250
+ "properties": {
4251
+ "md5": {
4252
+ "ignore_above": 1024,
4253
+ "type": "keyword"
4254
+ },
4255
+ "sha1": {
4256
+ "ignore_above": 1024,
4257
+ "type": "keyword"
4258
+ },
4259
+ "sha256": {
4260
+ "ignore_above": 1024,
4261
+ "type": "keyword"
4262
+ },
4263
+ "sha512": {
4264
+ "ignore_above": 1024,
4265
+ "type": "keyword"
4266
+ },
4267
+ "ssdeep": {
4268
+ "ignore_above": 1024,
4269
+ "type": "keyword"
4270
+ }
4271
+ }
4272
+ },
4273
+ "inode": {
4274
+ "ignore_above": 1024,
4275
+ "type": "keyword"
4276
+ },
4277
+ "mime_type": {
4278
+ "ignore_above": 1024,
4279
+ "type": "keyword"
4280
+ },
4281
+ "mode": {
4282
+ "ignore_above": 1024,
4283
+ "type": "keyword"
4284
+ },
4285
+ "mtime": {
4286
+ "type": "date"
4287
+ },
4288
+ "name": {
4289
+ "ignore_above": 1024,
4290
+ "type": "keyword"
4291
+ },
4292
+ "owner": {
4293
+ "ignore_above": 1024,
4294
+ "type": "keyword"
4295
+ },
4296
+ "path": {
4297
+ "fields": {
4298
+ "text": {
4299
+ "norms": false,
4300
+ "type": "text"
4301
+ }
4302
+ },
4303
+ "ignore_above": 1024,
4304
+ "type": "keyword"
4305
+ },
4306
+ "pe": {
4307
+ "properties": {
4308
+ "architecture": {
4309
+ "ignore_above": 1024,
4310
+ "type": "keyword"
4311
+ },
4312
+ "company": {
4313
+ "ignore_above": 1024,
4314
+ "type": "keyword"
4315
+ },
4316
+ "description": {
4317
+ "ignore_above": 1024,
4318
+ "type": "keyword"
4319
+ },
4320
+ "file_version": {
4321
+ "ignore_above": 1024,
4322
+ "type": "keyword"
4323
+ },
4324
+ "imphash": {
4325
+ "ignore_above": 1024,
4326
+ "type": "keyword"
4327
+ },
4328
+ "original_file_name": {
4329
+ "ignore_above": 1024,
4330
+ "type": "keyword"
4331
+ },
4332
+ "product": {
4333
+ "ignore_above": 1024,
4334
+ "type": "keyword"
4335
+ }
4336
+ }
4337
+ },
4338
+ "size": {
4339
+ "type": "long"
4340
+ },
4341
+ "target_path": {
4342
+ "fields": {
4343
+ "text": {
4344
+ "norms": false,
4345
+ "type": "text"
4346
+ }
4347
+ },
4348
+ "ignore_above": 1024,
4349
+ "type": "keyword"
4350
+ },
4351
+ "type": {
4352
+ "ignore_above": 1024,
4353
+ "type": "keyword"
4354
+ },
4355
+ "uid": {
4356
+ "ignore_above": 1024,
4357
+ "type": "keyword"
4358
+ },
4359
+ "x509": {
4360
+ "properties": {
4361
+ "alternative_names": {
4362
+ "ignore_above": 1024,
4363
+ "type": "keyword"
4364
+ },
4365
+ "issuer": {
4366
+ "properties": {
4367
+ "common_name": {
4368
+ "ignore_above": 1024,
4369
+ "type": "keyword"
4370
+ },
4371
+ "country": {
4372
+ "ignore_above": 1024,
4373
+ "type": "keyword"
4374
+ },
4375
+ "distinguished_name": {
4376
+ "ignore_above": 1024,
4377
+ "type": "keyword"
4378
+ },
4379
+ "locality": {
4380
+ "ignore_above": 1024,
4381
+ "type": "keyword"
4382
+ },
4383
+ "organization": {
4384
+ "ignore_above": 1024,
4385
+ "type": "keyword"
4386
+ },
4387
+ "organizational_unit": {
4388
+ "ignore_above": 1024,
4389
+ "type": "keyword"
4390
+ },
4391
+ "state_or_province": {
4392
+ "ignore_above": 1024,
4393
+ "type": "keyword"
4394
+ }
4395
+ }
4396
+ },
4397
+ "not_after": {
4398
+ "type": "date"
4399
+ },
4400
+ "not_before": {
4401
+ "type": "date"
4402
+ },
4403
+ "public_key_algorithm": {
4404
+ "ignore_above": 1024,
4405
+ "type": "keyword"
4406
+ },
4407
+ "public_key_curve": {
4408
+ "ignore_above": 1024,
4409
+ "type": "keyword"
4410
+ },
4411
+ "public_key_exponent": {
4412
+ "doc_values": false,
4413
+ "index": false,
4414
+ "type": "long"
4415
+ },
4416
+ "public_key_size": {
4417
+ "type": "long"
4418
+ },
4419
+ "serial_number": {
4420
+ "ignore_above": 1024,
4421
+ "type": "keyword"
4422
+ },
4423
+ "signature_algorithm": {
4424
+ "ignore_above": 1024,
4425
+ "type": "keyword"
4426
+ },
4427
+ "subject": {
4428
+ "properties": {
4429
+ "common_name": {
4430
+ "ignore_above": 1024,
4431
+ "type": "keyword"
4432
+ },
4433
+ "country": {
4434
+ "ignore_above": 1024,
4435
+ "type": "keyword"
4436
+ },
4437
+ "distinguished_name": {
4438
+ "ignore_above": 1024,
4439
+ "type": "keyword"
4440
+ },
4441
+ "locality": {
4442
+ "ignore_above": 1024,
4443
+ "type": "keyword"
4444
+ },
4445
+ "organization": {
4446
+ "ignore_above": 1024,
4447
+ "type": "keyword"
4448
+ },
4449
+ "organizational_unit": {
4450
+ "ignore_above": 1024,
4451
+ "type": "keyword"
4452
+ },
4453
+ "state_or_province": {
4454
+ "ignore_above": 1024,
4455
+ "type": "keyword"
4456
+ }
4457
+ }
4458
+ },
4459
+ "version_number": {
4460
+ "ignore_above": 1024,
4461
+ "type": "keyword"
4462
+ }
4463
+ }
4464
+ }
4465
+ }
4466
+ },
4467
+ "first_seen": {
4468
+ "type": "date"
4469
+ },
4470
+ "geo": {
4471
+ "properties": {
4472
+ "city_name": {
4473
+ "ignore_above": 1024,
4474
+ "type": "keyword"
4475
+ },
4476
+ "continent_code": {
4477
+ "ignore_above": 1024,
4478
+ "type": "keyword"
4479
+ },
4480
+ "continent_name": {
4481
+ "ignore_above": 1024,
4482
+ "type": "keyword"
4483
+ },
4484
+ "country_iso_code": {
4485
+ "ignore_above": 1024,
4486
+ "type": "keyword"
4487
+ },
4488
+ "country_name": {
4489
+ "ignore_above": 1024,
4490
+ "type": "keyword"
4491
+ },
4492
+ "location": {
4493
+ "type": "geo_point"
4494
+ },
4495
+ "name": {
4496
+ "ignore_above": 1024,
4497
+ "type": "keyword"
4498
+ },
4499
+ "postal_code": {
4500
+ "ignore_above": 1024,
4501
+ "type": "keyword"
4502
+ },
4503
+ "region_iso_code": {
4504
+ "ignore_above": 1024,
4505
+ "type": "keyword"
4506
+ },
4507
+ "region_name": {
4508
+ "ignore_above": 1024,
4509
+ "type": "keyword"
4510
+ },
4511
+ "timezone": {
4512
+ "ignore_above": 1024,
4513
+ "type": "keyword"
4514
+ }
4515
+ }
4516
+ },
4517
+ "ip": {
4518
+ "type": "ip"
4519
+ },
4520
+ "last_seen": {
4521
+ "type": "date"
4522
+ },
4523
+ "marking": {
4524
+ "properties": {
4525
+ "tlp": {
4526
+ "ignore_above": 1024,
4527
+ "type": "keyword"
4528
+ }
4529
+ }
4530
+ },
4531
+ "modified_at": {
4532
+ "type": "date"
4533
+ },
4534
+ "port": {
4535
+ "type": "long"
4536
+ },
4537
+ "provider": {
4538
+ "ignore_above": 1024,
4539
+ "type": "keyword"
4540
+ },
4541
+ "reference": {
4542
+ "ignore_above": 1024,
4543
+ "type": "keyword"
4544
+ },
4545
+ "registry": {
4546
+ "properties": {
4547
+ "data": {
4548
+ "properties": {
4549
+ "bytes": {
4550
+ "ignore_above": 1024,
4551
+ "type": "keyword"
4552
+ },
4553
+ "strings": {
4554
+ "ignore_above": 1024,
4555
+ "type": "keyword"
4556
+ },
4557
+ "type": {
4558
+ "ignore_above": 1024,
4559
+ "type": "keyword"
4560
+ }
4561
+ }
4562
+ },
4563
+ "hive": {
4564
+ "ignore_above": 1024,
4565
+ "type": "keyword"
4566
+ },
4567
+ "key": {
4568
+ "ignore_above": 1024,
4569
+ "type": "keyword"
4570
+ },
4571
+ "path": {
4572
+ "ignore_above": 1024,
4573
+ "type": "keyword"
4574
+ },
4575
+ "value": {
4576
+ "ignore_above": 1024,
4577
+ "type": "keyword"
4578
+ }
4579
+ }
4580
+ },
4581
+ "scanner_stats": {
4582
+ "type": "long"
4583
+ },
4584
+ "sightings": {
4585
+ "type": "long"
4586
+ },
4587
+ "type": {
4588
+ "ignore_above": 1024,
4589
+ "type": "keyword"
4590
+ },
4591
+ "url": {
4592
+ "properties": {
4593
+ "domain": {
4594
+ "ignore_above": 1024,
4595
+ "type": "keyword"
4596
+ },
4597
+ "extension": {
4598
+ "ignore_above": 1024,
4599
+ "type": "keyword"
4600
+ },
4601
+ "fragment": {
4602
+ "ignore_above": 1024,
4603
+ "type": "keyword"
4604
+ },
4605
+ "full": {
4606
+ "fields": {
4607
+ "text": {
4608
+ "norms": false,
4609
+ "type": "text"
4610
+ }
4611
+ },
4612
+ "ignore_above": 1024,
4613
+ "type": "keyword"
4614
+ },
4615
+ "original": {
4616
+ "fields": {
4617
+ "text": {
4618
+ "norms": false,
4619
+ "type": "text"
4620
+ }
4621
+ },
4622
+ "ignore_above": 1024,
4623
+ "type": "keyword"
4624
+ },
4625
+ "password": {
4626
+ "ignore_above": 1024,
4627
+ "type": "keyword"
4628
+ },
4629
+ "path": {
4630
+ "ignore_above": 1024,
4631
+ "type": "keyword"
4632
+ },
4633
+ "port": {
4634
+ "type": "long"
4635
+ },
4636
+ "query": {
4637
+ "ignore_above": 1024,
4638
+ "type": "keyword"
4639
+ },
4640
+ "registered_domain": {
4641
+ "ignore_above": 1024,
4642
+ "type": "keyword"
4643
+ },
4644
+ "scheme": {
4645
+ "ignore_above": 1024,
4646
+ "type": "keyword"
4647
+ },
4648
+ "subdomain": {
4649
+ "ignore_above": 1024,
4650
+ "type": "keyword"
4651
+ },
4652
+ "top_level_domain": {
4653
+ "ignore_above": 1024,
4654
+ "type": "keyword"
4655
+ },
4656
+ "username": {
4657
+ "ignore_above": 1024,
4658
+ "type": "keyword"
4659
+ }
4660
+ }
4661
+ },
4662
+ "x509": {
4663
+ "properties": {
4664
+ "alternative_names": {
4665
+ "ignore_above": 1024,
4666
+ "type": "keyword"
4667
+ },
4668
+ "issuer": {
4669
+ "properties": {
4670
+ "common_name": {
4671
+ "ignore_above": 1024,
4672
+ "type": "keyword"
4673
+ },
4674
+ "country": {
4675
+ "ignore_above": 1024,
4676
+ "type": "keyword"
4677
+ },
4678
+ "distinguished_name": {
4679
+ "ignore_above": 1024,
4680
+ "type": "keyword"
4681
+ },
4682
+ "locality": {
4683
+ "ignore_above": 1024,
4684
+ "type": "keyword"
4685
+ },
4686
+ "organization": {
4687
+ "ignore_above": 1024,
4688
+ "type": "keyword"
4689
+ },
4690
+ "organizational_unit": {
4691
+ "ignore_above": 1024,
4692
+ "type": "keyword"
4693
+ },
4694
+ "state_or_province": {
4695
+ "ignore_above": 1024,
4696
+ "type": "keyword"
4697
+ }
4698
+ }
4699
+ },
4700
+ "not_after": {
4701
+ "type": "date"
4702
+ },
4703
+ "not_before": {
4704
+ "type": "date"
4705
+ },
4706
+ "public_key_algorithm": {
4707
+ "ignore_above": 1024,
4708
+ "type": "keyword"
4709
+ },
4710
+ "public_key_curve": {
4711
+ "ignore_above": 1024,
4712
+ "type": "keyword"
4713
+ },
4714
+ "public_key_exponent": {
4715
+ "doc_values": false,
4716
+ "index": false,
4717
+ "type": "long"
4718
+ },
4719
+ "public_key_size": {
4720
+ "type": "long"
4721
+ },
4722
+ "serial_number": {
4723
+ "ignore_above": 1024,
4724
+ "type": "keyword"
4725
+ },
4726
+ "signature_algorithm": {
4727
+ "ignore_above": 1024,
4728
+ "type": "keyword"
4729
+ },
4730
+ "subject": {
4731
+ "properties": {
4732
+ "common_name": {
4733
+ "ignore_above": 1024,
4734
+ "type": "keyword"
4735
+ },
4736
+ "country": {
4737
+ "ignore_above": 1024,
4738
+ "type": "keyword"
4739
+ },
4740
+ "distinguished_name": {
4741
+ "ignore_above": 1024,
4742
+ "type": "keyword"
4743
+ },
4744
+ "locality": {
4745
+ "ignore_above": 1024,
4746
+ "type": "keyword"
4747
+ },
4748
+ "organization": {
4749
+ "ignore_above": 1024,
4750
+ "type": "keyword"
4751
+ },
4752
+ "organizational_unit": {
4753
+ "ignore_above": 1024,
4754
+ "type": "keyword"
4755
+ },
4756
+ "state_or_province": {
4757
+ "ignore_above": 1024,
4758
+ "type": "keyword"
4759
+ }
4760
+ }
4761
+ },
4762
+ "version_number": {
4763
+ "ignore_above": 1024,
4764
+ "type": "keyword"
4765
+ }
4766
+ }
4767
+ }
4768
+ }
4769
+ },
4770
+ "software": {
4771
+ "properties": {
4772
+ "alias": {
4773
+ "ignore_above": 1024,
4774
+ "type": "keyword"
4775
+ },
4776
+ "id": {
4777
+ "ignore_above": 1024,
4778
+ "type": "keyword"
4779
+ },
4780
+ "name": {
4781
+ "ignore_above": 1024,
4782
+ "type": "keyword"
4783
+ },
4784
+ "platforms": {
4785
+ "ignore_above": 1024,
4786
+ "type": "keyword"
4787
+ },
4788
+ "reference": {
4789
+ "ignore_above": 1024,
4790
+ "type": "keyword"
4791
+ },
4792
+ "type": {
4793
+ "ignore_above": 1024,
4794
+ "type": "keyword"
4795
+ }
4796
+ }
4797
+ },
2478
4798
  "tactic": {
2479
4799
  "properties": {
2480
4800
  "id": {
@@ -2510,6 +4830,28 @@
2510
4830
  "reference": {
2511
4831
  "ignore_above": 1024,
2512
4832
  "type": "keyword"
4833
+ },
4834
+ "subtechnique": {
4835
+ "properties": {
4836
+ "id": {
4837
+ "ignore_above": 1024,
4838
+ "type": "keyword"
4839
+ },
4840
+ "name": {
4841
+ "fields": {
4842
+ "text": {
4843
+ "norms": false,
4844
+ "type": "text"
4845
+ }
4846
+ },
4847
+ "ignore_above": 1024,
4848
+ "type": "keyword"
4849
+ },
4850
+ "reference": {
4851
+ "ignore_above": 1024,
4852
+ "type": "keyword"
4853
+ }
4854
+ }
2513
4855
  }
2514
4856
  }
2515
4857
  }
@@ -2537,41 +4879,147 @@
2537
4879
  "ignore_above": 1024,
2538
4880
  "type": "keyword"
2539
4881
  },
2540
- "sha1": {
4882
+ "sha1": {
4883
+ "ignore_above": 1024,
4884
+ "type": "keyword"
4885
+ },
4886
+ "sha256": {
4887
+ "ignore_above": 1024,
4888
+ "type": "keyword"
4889
+ }
4890
+ }
4891
+ },
4892
+ "issuer": {
4893
+ "ignore_above": 1024,
4894
+ "type": "keyword"
4895
+ },
4896
+ "ja3": {
4897
+ "ignore_above": 1024,
4898
+ "type": "keyword"
4899
+ },
4900
+ "not_after": {
4901
+ "type": "date"
4902
+ },
4903
+ "not_before": {
4904
+ "type": "date"
4905
+ },
4906
+ "server_name": {
4907
+ "ignore_above": 1024,
4908
+ "type": "keyword"
4909
+ },
4910
+ "subject": {
4911
+ "ignore_above": 1024,
4912
+ "type": "keyword"
4913
+ },
4914
+ "supported_ciphers": {
4915
+ "ignore_above": 1024,
4916
+ "type": "keyword"
4917
+ },
4918
+ "x509": {
4919
+ "properties": {
4920
+ "alternative_names": {
4921
+ "ignore_above": 1024,
4922
+ "type": "keyword"
4923
+ },
4924
+ "issuer": {
4925
+ "properties": {
4926
+ "common_name": {
4927
+ "ignore_above": 1024,
4928
+ "type": "keyword"
4929
+ },
4930
+ "country": {
4931
+ "ignore_above": 1024,
4932
+ "type": "keyword"
4933
+ },
4934
+ "distinguished_name": {
4935
+ "ignore_above": 1024,
4936
+ "type": "keyword"
4937
+ },
4938
+ "locality": {
4939
+ "ignore_above": 1024,
4940
+ "type": "keyword"
4941
+ },
4942
+ "organization": {
4943
+ "ignore_above": 1024,
4944
+ "type": "keyword"
4945
+ },
4946
+ "organizational_unit": {
4947
+ "ignore_above": 1024,
4948
+ "type": "keyword"
4949
+ },
4950
+ "state_or_province": {
4951
+ "ignore_above": 1024,
4952
+ "type": "keyword"
4953
+ }
4954
+ }
4955
+ },
4956
+ "not_after": {
4957
+ "type": "date"
4958
+ },
4959
+ "not_before": {
4960
+ "type": "date"
4961
+ },
4962
+ "public_key_algorithm": {
4963
+ "ignore_above": 1024,
4964
+ "type": "keyword"
4965
+ },
4966
+ "public_key_curve": {
4967
+ "ignore_above": 1024,
4968
+ "type": "keyword"
4969
+ },
4970
+ "public_key_exponent": {
4971
+ "doc_values": false,
4972
+ "index": false,
4973
+ "type": "long"
4974
+ },
4975
+ "public_key_size": {
4976
+ "type": "long"
4977
+ },
4978
+ "serial_number": {
4979
+ "ignore_above": 1024,
4980
+ "type": "keyword"
4981
+ },
4982
+ "signature_algorithm": {
2541
4983
  "ignore_above": 1024,
2542
4984
  "type": "keyword"
2543
4985
  },
2544
- "sha256": {
4986
+ "subject": {
4987
+ "properties": {
4988
+ "common_name": {
4989
+ "ignore_above": 1024,
4990
+ "type": "keyword"
4991
+ },
4992
+ "country": {
4993
+ "ignore_above": 1024,
4994
+ "type": "keyword"
4995
+ },
4996
+ "distinguished_name": {
4997
+ "ignore_above": 1024,
4998
+ "type": "keyword"
4999
+ },
5000
+ "locality": {
5001
+ "ignore_above": 1024,
5002
+ "type": "keyword"
5003
+ },
5004
+ "organization": {
5005
+ "ignore_above": 1024,
5006
+ "type": "keyword"
5007
+ },
5008
+ "organizational_unit": {
5009
+ "ignore_above": 1024,
5010
+ "type": "keyword"
5011
+ },
5012
+ "state_or_province": {
5013
+ "ignore_above": 1024,
5014
+ "type": "keyword"
5015
+ }
5016
+ }
5017
+ },
5018
+ "version_number": {
2545
5019
  "ignore_above": 1024,
2546
5020
  "type": "keyword"
2547
5021
  }
2548
5022
  }
2549
- },
2550
- "issuer": {
2551
- "ignore_above": 1024,
2552
- "type": "keyword"
2553
- },
2554
- "ja3": {
2555
- "ignore_above": 1024,
2556
- "type": "keyword"
2557
- },
2558
- "not_after": {
2559
- "type": "date"
2560
- },
2561
- "not_before": {
2562
- "type": "date"
2563
- },
2564
- "server_name": {
2565
- "ignore_above": 1024,
2566
- "type": "keyword"
2567
- },
2568
- "subject": {
2569
- "ignore_above": 1024,
2570
- "type": "keyword"
2571
- },
2572
- "supported_ciphers": {
2573
- "ignore_above": 1024,
2574
- "type": "keyword"
2575
5023
  }
2576
5024
  }
2577
5025
  },
@@ -2632,6 +5080,112 @@
2632
5080
  "subject": {
2633
5081
  "ignore_above": 1024,
2634
5082
  "type": "keyword"
5083
+ },
5084
+ "x509": {
5085
+ "properties": {
5086
+ "alternative_names": {
5087
+ "ignore_above": 1024,
5088
+ "type": "keyword"
5089
+ },
5090
+ "issuer": {
5091
+ "properties": {
5092
+ "common_name": {
5093
+ "ignore_above": 1024,
5094
+ "type": "keyword"
5095
+ },
5096
+ "country": {
5097
+ "ignore_above": 1024,
5098
+ "type": "keyword"
5099
+ },
5100
+ "distinguished_name": {
5101
+ "ignore_above": 1024,
5102
+ "type": "keyword"
5103
+ },
5104
+ "locality": {
5105
+ "ignore_above": 1024,
5106
+ "type": "keyword"
5107
+ },
5108
+ "organization": {
5109
+ "ignore_above": 1024,
5110
+ "type": "keyword"
5111
+ },
5112
+ "organizational_unit": {
5113
+ "ignore_above": 1024,
5114
+ "type": "keyword"
5115
+ },
5116
+ "state_or_province": {
5117
+ "ignore_above": 1024,
5118
+ "type": "keyword"
5119
+ }
5120
+ }
5121
+ },
5122
+ "not_after": {
5123
+ "type": "date"
5124
+ },
5125
+ "not_before": {
5126
+ "type": "date"
5127
+ },
5128
+ "public_key_algorithm": {
5129
+ "ignore_above": 1024,
5130
+ "type": "keyword"
5131
+ },
5132
+ "public_key_curve": {
5133
+ "ignore_above": 1024,
5134
+ "type": "keyword"
5135
+ },
5136
+ "public_key_exponent": {
5137
+ "doc_values": false,
5138
+ "index": false,
5139
+ "type": "long"
5140
+ },
5141
+ "public_key_size": {
5142
+ "type": "long"
5143
+ },
5144
+ "serial_number": {
5145
+ "ignore_above": 1024,
5146
+ "type": "keyword"
5147
+ },
5148
+ "signature_algorithm": {
5149
+ "ignore_above": 1024,
5150
+ "type": "keyword"
5151
+ },
5152
+ "subject": {
5153
+ "properties": {
5154
+ "common_name": {
5155
+ "ignore_above": 1024,
5156
+ "type": "keyword"
5157
+ },
5158
+ "country": {
5159
+ "ignore_above": 1024,
5160
+ "type": "keyword"
5161
+ },
5162
+ "distinguished_name": {
5163
+ "ignore_above": 1024,
5164
+ "type": "keyword"
5165
+ },
5166
+ "locality": {
5167
+ "ignore_above": 1024,
5168
+ "type": "keyword"
5169
+ },
5170
+ "organization": {
5171
+ "ignore_above": 1024,
5172
+ "type": "keyword"
5173
+ },
5174
+ "organizational_unit": {
5175
+ "ignore_above": 1024,
5176
+ "type": "keyword"
5177
+ },
5178
+ "state_or_province": {
5179
+ "ignore_above": 1024,
5180
+ "type": "keyword"
5181
+ }
5182
+ }
5183
+ },
5184
+ "version_number": {
5185
+ "ignore_above": 1024,
5186
+ "type": "keyword"
5187
+ }
5188
+ }
2635
5189
  }
2636
5190
  }
2637
5191
  },
@@ -2718,6 +5272,10 @@
2718
5272
  "ignore_above": 1024,
2719
5273
  "type": "keyword"
2720
5274
  },
5275
+ "subdomain": {
5276
+ "ignore_above": 1024,
5277
+ "type": "keyword"
5278
+ },
2721
5279
  "top_level_domain": {
2722
5280
  "ignore_above": 1024,
2723
5281
  "type": "keyword"
@@ -2730,10 +5288,130 @@
2730
5288
  },
2731
5289
  "user": {
2732
5290
  "properties": {
5291
+ "changes": {
5292
+ "properties": {
5293
+ "domain": {
5294
+ "ignore_above": 1024,
5295
+ "type": "keyword"
5296
+ },
5297
+ "email": {
5298
+ "ignore_above": 1024,
5299
+ "type": "keyword"
5300
+ },
5301
+ "full_name": {
5302
+ "fields": {
5303
+ "text": {
5304
+ "norms": false,
5305
+ "type": "text"
5306
+ }
5307
+ },
5308
+ "ignore_above": 1024,
5309
+ "type": "keyword"
5310
+ },
5311
+ "group": {
5312
+ "properties": {
5313
+ "domain": {
5314
+ "ignore_above": 1024,
5315
+ "type": "keyword"
5316
+ },
5317
+ "id": {
5318
+ "ignore_above": 1024,
5319
+ "type": "keyword"
5320
+ },
5321
+ "name": {
5322
+ "ignore_above": 1024,
5323
+ "type": "keyword"
5324
+ }
5325
+ }
5326
+ },
5327
+ "hash": {
5328
+ "ignore_above": 1024,
5329
+ "type": "keyword"
5330
+ },
5331
+ "id": {
5332
+ "ignore_above": 1024,
5333
+ "type": "keyword"
5334
+ },
5335
+ "name": {
5336
+ "fields": {
5337
+ "text": {
5338
+ "norms": false,
5339
+ "type": "text"
5340
+ }
5341
+ },
5342
+ "ignore_above": 1024,
5343
+ "type": "keyword"
5344
+ },
5345
+ "roles": {
5346
+ "ignore_above": 1024,
5347
+ "type": "keyword"
5348
+ }
5349
+ }
5350
+ },
2733
5351
  "domain": {
2734
5352
  "ignore_above": 1024,
2735
5353
  "type": "keyword"
2736
5354
  },
5355
+ "effective": {
5356
+ "properties": {
5357
+ "domain": {
5358
+ "ignore_above": 1024,
5359
+ "type": "keyword"
5360
+ },
5361
+ "email": {
5362
+ "ignore_above": 1024,
5363
+ "type": "keyword"
5364
+ },
5365
+ "full_name": {
5366
+ "fields": {
5367
+ "text": {
5368
+ "norms": false,
5369
+ "type": "text"
5370
+ }
5371
+ },
5372
+ "ignore_above": 1024,
5373
+ "type": "keyword"
5374
+ },
5375
+ "group": {
5376
+ "properties": {
5377
+ "domain": {
5378
+ "ignore_above": 1024,
5379
+ "type": "keyword"
5380
+ },
5381
+ "id": {
5382
+ "ignore_above": 1024,
5383
+ "type": "keyword"
5384
+ },
5385
+ "name": {
5386
+ "ignore_above": 1024,
5387
+ "type": "keyword"
5388
+ }
5389
+ }
5390
+ },
5391
+ "hash": {
5392
+ "ignore_above": 1024,
5393
+ "type": "keyword"
5394
+ },
5395
+ "id": {
5396
+ "ignore_above": 1024,
5397
+ "type": "keyword"
5398
+ },
5399
+ "name": {
5400
+ "fields": {
5401
+ "text": {
5402
+ "norms": false,
5403
+ "type": "text"
5404
+ }
5405
+ },
5406
+ "ignore_above": 1024,
5407
+ "type": "keyword"
5408
+ },
5409
+ "roles": {
5410
+ "ignore_above": 1024,
5411
+ "type": "keyword"
5412
+ }
5413
+ }
5414
+ },
2737
5415
  "email": {
2738
5416
  "ignore_above": 1024,
2739
5417
  "type": "keyword"
@@ -2781,6 +5459,70 @@
2781
5459
  },
2782
5460
  "ignore_above": 1024,
2783
5461
  "type": "keyword"
5462
+ },
5463
+ "roles": {
5464
+ "ignore_above": 1024,
5465
+ "type": "keyword"
5466
+ },
5467
+ "target": {
5468
+ "properties": {
5469
+ "domain": {
5470
+ "ignore_above": 1024,
5471
+ "type": "keyword"
5472
+ },
5473
+ "email": {
5474
+ "ignore_above": 1024,
5475
+ "type": "keyword"
5476
+ },
5477
+ "full_name": {
5478
+ "fields": {
5479
+ "text": {
5480
+ "norms": false,
5481
+ "type": "text"
5482
+ }
5483
+ },
5484
+ "ignore_above": 1024,
5485
+ "type": "keyword"
5486
+ },
5487
+ "group": {
5488
+ "properties": {
5489
+ "domain": {
5490
+ "ignore_above": 1024,
5491
+ "type": "keyword"
5492
+ },
5493
+ "id": {
5494
+ "ignore_above": 1024,
5495
+ "type": "keyword"
5496
+ },
5497
+ "name": {
5498
+ "ignore_above": 1024,
5499
+ "type": "keyword"
5500
+ }
5501
+ }
5502
+ },
5503
+ "hash": {
5504
+ "ignore_above": 1024,
5505
+ "type": "keyword"
5506
+ },
5507
+ "id": {
5508
+ "ignore_above": 1024,
5509
+ "type": "keyword"
5510
+ },
5511
+ "name": {
5512
+ "fields": {
5513
+ "text": {
5514
+ "norms": false,
5515
+ "type": "text"
5516
+ }
5517
+ },
5518
+ "ignore_above": 1024,
5519
+ "type": "keyword"
5520
+ },
5521
+ "roles": {
5522
+ "ignore_above": 1024,
5523
+ "type": "keyword"
5524
+ }
5525
+ }
2784
5526
  }
2785
5527
  }
2786
5528
  },
@@ -2842,6 +5584,10 @@
2842
5584
  "ignore_above": 1024,
2843
5585
  "type": "keyword"
2844
5586
  },
5587
+ "type": {
5588
+ "ignore_above": 1024,
5589
+ "type": "keyword"
5590
+ },
2845
5591
  "version": {
2846
5592
  "ignore_above": 1024,
2847
5593
  "type": "keyword"
@@ -2854,18 +5600,6 @@
2854
5600
  }
2855
5601
  }
2856
5602
  },
2857
- "vlan": {
2858
- "properties": {
2859
- "id": {
2860
- "ignore_above": 1024,
2861
- "type": "keyword"
2862
- },
2863
- "name": {
2864
- "ignore_above": 1024,
2865
- "type": "keyword"
2866
- }
2867
- }
2868
- },
2869
5603
  "vulnerability": {
2870
5604
  "properties": {
2871
5605
  "category": {