logstash-output-elasticsearch 11.2.1-java → 11.2.2-java
Sign up to get free protection for your applications and to get access to all the features.
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
],
|
|
5
5
|
"mappings": {
|
|
6
6
|
"_meta": {
|
|
7
|
-
"version": "1.
|
|
7
|
+
"version": "1.12.1"
|
|
8
8
|
},
|
|
9
9
|
"date_detection": false,
|
|
10
10
|
"dynamic_templates": [
|
|
@@ -24,6 +24,14 @@
|
|
|
24
24
|
},
|
|
25
25
|
"agent": {
|
|
26
26
|
"properties": {
|
|
27
|
+
"build": {
|
|
28
|
+
"properties": {
|
|
29
|
+
"original": {
|
|
30
|
+
"ignore_above": 1024,
|
|
31
|
+
"type": "keyword"
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
},
|
|
27
35
|
"ephemeral_id": {
|
|
28
36
|
"ignore_above": 1024,
|
|
29
37
|
"type": "keyword"
|
|
@@ -46,27 +54,6 @@
|
|
|
46
54
|
}
|
|
47
55
|
}
|
|
48
56
|
},
|
|
49
|
-
"as": {
|
|
50
|
-
"properties": {
|
|
51
|
-
"number": {
|
|
52
|
-
"type": "long"
|
|
53
|
-
},
|
|
54
|
-
"organization": {
|
|
55
|
-
"properties": {
|
|
56
|
-
"name": {
|
|
57
|
-
"fields": {
|
|
58
|
-
"text": {
|
|
59
|
-
"norms": false,
|
|
60
|
-
"type": "text"
|
|
61
|
-
}
|
|
62
|
-
},
|
|
63
|
-
"ignore_above": 1024,
|
|
64
|
-
"type": "keyword"
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
}
|
|
68
|
-
}
|
|
69
|
-
},
|
|
70
57
|
"client": {
|
|
71
58
|
"properties": {
|
|
72
59
|
"address": {
|
|
@@ -83,8 +70,7 @@
|
|
|
83
70
|
"name": {
|
|
84
71
|
"fields": {
|
|
85
72
|
"text": {
|
|
86
|
-
"
|
|
87
|
-
"type": "text"
|
|
73
|
+
"type": "match_only_text"
|
|
88
74
|
}
|
|
89
75
|
},
|
|
90
76
|
"ignore_above": 1024,
|
|
@@ -107,6 +93,10 @@
|
|
|
107
93
|
"ignore_above": 1024,
|
|
108
94
|
"type": "keyword"
|
|
109
95
|
},
|
|
96
|
+
"continent_code": {
|
|
97
|
+
"ignore_above": 1024,
|
|
98
|
+
"type": "keyword"
|
|
99
|
+
},
|
|
110
100
|
"continent_name": {
|
|
111
101
|
"ignore_above": 1024,
|
|
112
102
|
"type": "keyword"
|
|
@@ -126,6 +116,10 @@
|
|
|
126
116
|
"ignore_above": 1024,
|
|
127
117
|
"type": "keyword"
|
|
128
118
|
},
|
|
119
|
+
"postal_code": {
|
|
120
|
+
"ignore_above": 1024,
|
|
121
|
+
"type": "keyword"
|
|
122
|
+
},
|
|
129
123
|
"region_iso_code": {
|
|
130
124
|
"ignore_above": 1024,
|
|
131
125
|
"type": "keyword"
|
|
@@ -133,6 +127,10 @@
|
|
|
133
127
|
"region_name": {
|
|
134
128
|
"ignore_above": 1024,
|
|
135
129
|
"type": "keyword"
|
|
130
|
+
},
|
|
131
|
+
"timezone": {
|
|
132
|
+
"ignore_above": 1024,
|
|
133
|
+
"type": "keyword"
|
|
136
134
|
}
|
|
137
135
|
}
|
|
138
136
|
},
|
|
@@ -163,6 +161,10 @@
|
|
|
163
161
|
"ignore_above": 1024,
|
|
164
162
|
"type": "keyword"
|
|
165
163
|
},
|
|
164
|
+
"subdomain": {
|
|
165
|
+
"ignore_above": 1024,
|
|
166
|
+
"type": "keyword"
|
|
167
|
+
},
|
|
166
168
|
"top_level_domain": {
|
|
167
169
|
"ignore_above": 1024,
|
|
168
170
|
"type": "keyword"
|
|
@@ -180,8 +182,7 @@
|
|
|
180
182
|
"full_name": {
|
|
181
183
|
"fields": {
|
|
182
184
|
"text": {
|
|
183
|
-
"
|
|
184
|
-
"type": "text"
|
|
185
|
+
"type": "match_only_text"
|
|
185
186
|
}
|
|
186
187
|
},
|
|
187
188
|
"ignore_above": 1024,
|
|
@@ -214,12 +215,15 @@
|
|
|
214
215
|
"name": {
|
|
215
216
|
"fields": {
|
|
216
217
|
"text": {
|
|
217
|
-
"
|
|
218
|
-
"type": "text"
|
|
218
|
+
"type": "match_only_text"
|
|
219
219
|
}
|
|
220
220
|
},
|
|
221
221
|
"ignore_above": 1024,
|
|
222
222
|
"type": "keyword"
|
|
223
|
+
},
|
|
224
|
+
"roles": {
|
|
225
|
+
"ignore_above": 1024,
|
|
226
|
+
"type": "keyword"
|
|
223
227
|
}
|
|
224
228
|
}
|
|
225
229
|
}
|
|
@@ -232,6 +236,10 @@
|
|
|
232
236
|
"id": {
|
|
233
237
|
"ignore_above": 1024,
|
|
234
238
|
"type": "keyword"
|
|
239
|
+
},
|
|
240
|
+
"name": {
|
|
241
|
+
"ignore_above": 1024,
|
|
242
|
+
"type": "keyword"
|
|
235
243
|
}
|
|
236
244
|
}
|
|
237
245
|
},
|
|
@@ -259,6 +267,18 @@
|
|
|
259
267
|
}
|
|
260
268
|
}
|
|
261
269
|
},
|
|
270
|
+
"project": {
|
|
271
|
+
"properties": {
|
|
272
|
+
"id": {
|
|
273
|
+
"ignore_above": 1024,
|
|
274
|
+
"type": "keyword"
|
|
275
|
+
},
|
|
276
|
+
"name": {
|
|
277
|
+
"ignore_above": 1024,
|
|
278
|
+
"type": "keyword"
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
},
|
|
262
282
|
"provider": {
|
|
263
283
|
"ignore_above": 1024,
|
|
264
284
|
"type": "keyword"
|
|
@@ -266,27 +286,14 @@
|
|
|
266
286
|
"region": {
|
|
267
287
|
"ignore_above": 1024,
|
|
268
288
|
"type": "keyword"
|
|
269
|
-
}
|
|
270
|
-
}
|
|
271
|
-
},
|
|
272
|
-
"code_signature": {
|
|
273
|
-
"properties": {
|
|
274
|
-
"exists": {
|
|
275
|
-
"type": "boolean"
|
|
276
|
-
},
|
|
277
|
-
"status": {
|
|
278
|
-
"ignore_above": 1024,
|
|
279
|
-
"type": "keyword"
|
|
280
|
-
},
|
|
281
|
-
"subject_name": {
|
|
282
|
-
"ignore_above": 1024,
|
|
283
|
-
"type": "keyword"
|
|
284
289
|
},
|
|
285
|
-
"
|
|
286
|
-
"
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
+
"service": {
|
|
291
|
+
"properties": {
|
|
292
|
+
"name": {
|
|
293
|
+
"ignore_above": 1024,
|
|
294
|
+
"type": "keyword"
|
|
295
|
+
}
|
|
296
|
+
}
|
|
290
297
|
}
|
|
291
298
|
}
|
|
292
299
|
},
|
|
@@ -321,6 +328,19 @@
|
|
|
321
328
|
}
|
|
322
329
|
}
|
|
323
330
|
},
|
|
331
|
+
"data_stream": {
|
|
332
|
+
"properties": {
|
|
333
|
+
"dataset": {
|
|
334
|
+
"type": "constant_keyword"
|
|
335
|
+
},
|
|
336
|
+
"namespace": {
|
|
337
|
+
"type": "constant_keyword"
|
|
338
|
+
},
|
|
339
|
+
"type": {
|
|
340
|
+
"type": "constant_keyword"
|
|
341
|
+
}
|
|
342
|
+
}
|
|
343
|
+
},
|
|
324
344
|
"destination": {
|
|
325
345
|
"properties": {
|
|
326
346
|
"address": {
|
|
@@ -337,8 +357,7 @@
|
|
|
337
357
|
"name": {
|
|
338
358
|
"fields": {
|
|
339
359
|
"text": {
|
|
340
|
-
"
|
|
341
|
-
"type": "text"
|
|
360
|
+
"type": "match_only_text"
|
|
342
361
|
}
|
|
343
362
|
},
|
|
344
363
|
"ignore_above": 1024,
|
|
@@ -361,6 +380,10 @@
|
|
|
361
380
|
"ignore_above": 1024,
|
|
362
381
|
"type": "keyword"
|
|
363
382
|
},
|
|
383
|
+
"continent_code": {
|
|
384
|
+
"ignore_above": 1024,
|
|
385
|
+
"type": "keyword"
|
|
386
|
+
},
|
|
364
387
|
"continent_name": {
|
|
365
388
|
"ignore_above": 1024,
|
|
366
389
|
"type": "keyword"
|
|
@@ -380,6 +403,10 @@
|
|
|
380
403
|
"ignore_above": 1024,
|
|
381
404
|
"type": "keyword"
|
|
382
405
|
},
|
|
406
|
+
"postal_code": {
|
|
407
|
+
"ignore_above": 1024,
|
|
408
|
+
"type": "keyword"
|
|
409
|
+
},
|
|
383
410
|
"region_iso_code": {
|
|
384
411
|
"ignore_above": 1024,
|
|
385
412
|
"type": "keyword"
|
|
@@ -387,6 +414,10 @@
|
|
|
387
414
|
"region_name": {
|
|
388
415
|
"ignore_above": 1024,
|
|
389
416
|
"type": "keyword"
|
|
417
|
+
},
|
|
418
|
+
"timezone": {
|
|
419
|
+
"ignore_above": 1024,
|
|
420
|
+
"type": "keyword"
|
|
390
421
|
}
|
|
391
422
|
}
|
|
392
423
|
},
|
|
@@ -417,6 +448,10 @@
|
|
|
417
448
|
"ignore_above": 1024,
|
|
418
449
|
"type": "keyword"
|
|
419
450
|
},
|
|
451
|
+
"subdomain": {
|
|
452
|
+
"ignore_above": 1024,
|
|
453
|
+
"type": "keyword"
|
|
454
|
+
},
|
|
420
455
|
"top_level_domain": {
|
|
421
456
|
"ignore_above": 1024,
|
|
422
457
|
"type": "keyword"
|
|
@@ -434,8 +469,7 @@
|
|
|
434
469
|
"full_name": {
|
|
435
470
|
"fields": {
|
|
436
471
|
"text": {
|
|
437
|
-
"
|
|
438
|
-
"type": "text"
|
|
472
|
+
"type": "match_only_text"
|
|
439
473
|
}
|
|
440
474
|
},
|
|
441
475
|
"ignore_above": 1024,
|
|
@@ -468,12 +502,15 @@
|
|
|
468
502
|
"name": {
|
|
469
503
|
"fields": {
|
|
470
504
|
"text": {
|
|
471
|
-
"
|
|
472
|
-
"type": "text"
|
|
505
|
+
"type": "match_only_text"
|
|
473
506
|
}
|
|
474
507
|
},
|
|
475
508
|
"ignore_above": 1024,
|
|
476
509
|
"type": "keyword"
|
|
510
|
+
},
|
|
511
|
+
"roles": {
|
|
512
|
+
"ignore_above": 1024,
|
|
513
|
+
"type": "keyword"
|
|
477
514
|
}
|
|
478
515
|
}
|
|
479
516
|
}
|
|
@@ -483,9 +520,17 @@
|
|
|
483
520
|
"properties": {
|
|
484
521
|
"code_signature": {
|
|
485
522
|
"properties": {
|
|
523
|
+
"digest_algorithm": {
|
|
524
|
+
"ignore_above": 1024,
|
|
525
|
+
"type": "keyword"
|
|
526
|
+
},
|
|
486
527
|
"exists": {
|
|
487
528
|
"type": "boolean"
|
|
488
529
|
},
|
|
530
|
+
"signing_id": {
|
|
531
|
+
"ignore_above": 1024,
|
|
532
|
+
"type": "keyword"
|
|
533
|
+
},
|
|
489
534
|
"status": {
|
|
490
535
|
"ignore_above": 1024,
|
|
491
536
|
"type": "keyword"
|
|
@@ -494,6 +539,13 @@
|
|
|
494
539
|
"ignore_above": 1024,
|
|
495
540
|
"type": "keyword"
|
|
496
541
|
},
|
|
542
|
+
"team_id": {
|
|
543
|
+
"ignore_above": 1024,
|
|
544
|
+
"type": "keyword"
|
|
545
|
+
},
|
|
546
|
+
"timestamp": {
|
|
547
|
+
"type": "date"
|
|
548
|
+
},
|
|
497
549
|
"trusted": {
|
|
498
550
|
"type": "boolean"
|
|
499
551
|
},
|
|
@@ -519,6 +571,10 @@
|
|
|
519
571
|
"sha512": {
|
|
520
572
|
"ignore_above": 1024,
|
|
521
573
|
"type": "keyword"
|
|
574
|
+
},
|
|
575
|
+
"ssdeep": {
|
|
576
|
+
"ignore_above": 1024,
|
|
577
|
+
"type": "keyword"
|
|
522
578
|
}
|
|
523
579
|
}
|
|
524
580
|
},
|
|
@@ -532,6 +588,10 @@
|
|
|
532
588
|
},
|
|
533
589
|
"pe": {
|
|
534
590
|
"properties": {
|
|
591
|
+
"architecture": {
|
|
592
|
+
"ignore_above": 1024,
|
|
593
|
+
"type": "keyword"
|
|
594
|
+
},
|
|
535
595
|
"company": {
|
|
536
596
|
"ignore_above": 1024,
|
|
537
597
|
"type": "keyword"
|
|
@@ -544,6 +604,10 @@
|
|
|
544
604
|
"ignore_above": 1024,
|
|
545
605
|
"type": "keyword"
|
|
546
606
|
},
|
|
607
|
+
"imphash": {
|
|
608
|
+
"ignore_above": 1024,
|
|
609
|
+
"type": "keyword"
|
|
610
|
+
},
|
|
547
611
|
"original_file_name": {
|
|
548
612
|
"ignore_above": 1024,
|
|
549
613
|
"type": "keyword"
|
|
@@ -654,20 +718,15 @@
|
|
|
654
718
|
"type": "keyword"
|
|
655
719
|
},
|
|
656
720
|
"message": {
|
|
657
|
-
"
|
|
658
|
-
"type": "text"
|
|
721
|
+
"type": "match_only_text"
|
|
659
722
|
},
|
|
660
723
|
"stack_trace": {
|
|
661
|
-
"doc_values": false,
|
|
662
724
|
"fields": {
|
|
663
725
|
"text": {
|
|
664
|
-
"
|
|
665
|
-
"type": "text"
|
|
726
|
+
"type": "match_only_text"
|
|
666
727
|
}
|
|
667
728
|
},
|
|
668
|
-
"
|
|
669
|
-
"index": false,
|
|
670
|
-
"type": "keyword"
|
|
729
|
+
"type": "wildcard"
|
|
671
730
|
},
|
|
672
731
|
"type": {
|
|
673
732
|
"ignore_above": 1024,
|
|
@@ -681,6 +740,10 @@
|
|
|
681
740
|
"ignore_above": 1024,
|
|
682
741
|
"type": "keyword"
|
|
683
742
|
},
|
|
743
|
+
"agent_id_status": {
|
|
744
|
+
"ignore_above": 1024,
|
|
745
|
+
"type": "keyword"
|
|
746
|
+
},
|
|
684
747
|
"category": {
|
|
685
748
|
"ignore_above": 1024,
|
|
686
749
|
"type": "keyword"
|
|
@@ -723,7 +786,6 @@
|
|
|
723
786
|
},
|
|
724
787
|
"original": {
|
|
725
788
|
"doc_values": false,
|
|
726
|
-
"ignore_above": 1024,
|
|
727
789
|
"index": false,
|
|
728
790
|
"type": "keyword"
|
|
729
791
|
},
|
|
@@ -735,6 +797,10 @@
|
|
|
735
797
|
"ignore_above": 1024,
|
|
736
798
|
"type": "keyword"
|
|
737
799
|
},
|
|
800
|
+
"reason": {
|
|
801
|
+
"ignore_above": 1024,
|
|
802
|
+
"type": "keyword"
|
|
803
|
+
},
|
|
738
804
|
"reference": {
|
|
739
805
|
"ignore_above": 1024,
|
|
740
806
|
"type": "keyword"
|
|
@@ -779,9 +845,17 @@
|
|
|
779
845
|
},
|
|
780
846
|
"code_signature": {
|
|
781
847
|
"properties": {
|
|
848
|
+
"digest_algorithm": {
|
|
849
|
+
"ignore_above": 1024,
|
|
850
|
+
"type": "keyword"
|
|
851
|
+
},
|
|
782
852
|
"exists": {
|
|
783
853
|
"type": "boolean"
|
|
784
854
|
},
|
|
855
|
+
"signing_id": {
|
|
856
|
+
"ignore_above": 1024,
|
|
857
|
+
"type": "keyword"
|
|
858
|
+
},
|
|
785
859
|
"status": {
|
|
786
860
|
"ignore_above": 1024,
|
|
787
861
|
"type": "keyword"
|
|
@@ -790,6 +864,13 @@
|
|
|
790
864
|
"ignore_above": 1024,
|
|
791
865
|
"type": "keyword"
|
|
792
866
|
},
|
|
867
|
+
"team_id": {
|
|
868
|
+
"ignore_above": 1024,
|
|
869
|
+
"type": "keyword"
|
|
870
|
+
},
|
|
871
|
+
"timestamp": {
|
|
872
|
+
"type": "date"
|
|
873
|
+
},
|
|
793
874
|
"trusted": {
|
|
794
875
|
"type": "boolean"
|
|
795
876
|
},
|
|
@@ -816,10 +897,131 @@
|
|
|
816
897
|
"ignore_above": 1,
|
|
817
898
|
"type": "keyword"
|
|
818
899
|
},
|
|
900
|
+
"elf": {
|
|
901
|
+
"properties": {
|
|
902
|
+
"architecture": {
|
|
903
|
+
"ignore_above": 1024,
|
|
904
|
+
"type": "keyword"
|
|
905
|
+
},
|
|
906
|
+
"byte_order": {
|
|
907
|
+
"ignore_above": 1024,
|
|
908
|
+
"type": "keyword"
|
|
909
|
+
},
|
|
910
|
+
"cpu_type": {
|
|
911
|
+
"ignore_above": 1024,
|
|
912
|
+
"type": "keyword"
|
|
913
|
+
},
|
|
914
|
+
"creation_date": {
|
|
915
|
+
"type": "date"
|
|
916
|
+
},
|
|
917
|
+
"exports": {
|
|
918
|
+
"type": "flattened"
|
|
919
|
+
},
|
|
920
|
+
"header": {
|
|
921
|
+
"properties": {
|
|
922
|
+
"abi_version": {
|
|
923
|
+
"ignore_above": 1024,
|
|
924
|
+
"type": "keyword"
|
|
925
|
+
},
|
|
926
|
+
"class": {
|
|
927
|
+
"ignore_above": 1024,
|
|
928
|
+
"type": "keyword"
|
|
929
|
+
},
|
|
930
|
+
"data": {
|
|
931
|
+
"ignore_above": 1024,
|
|
932
|
+
"type": "keyword"
|
|
933
|
+
},
|
|
934
|
+
"entrypoint": {
|
|
935
|
+
"type": "long"
|
|
936
|
+
},
|
|
937
|
+
"object_version": {
|
|
938
|
+
"ignore_above": 1024,
|
|
939
|
+
"type": "keyword"
|
|
940
|
+
},
|
|
941
|
+
"os_abi": {
|
|
942
|
+
"ignore_above": 1024,
|
|
943
|
+
"type": "keyword"
|
|
944
|
+
},
|
|
945
|
+
"type": {
|
|
946
|
+
"ignore_above": 1024,
|
|
947
|
+
"type": "keyword"
|
|
948
|
+
},
|
|
949
|
+
"version": {
|
|
950
|
+
"ignore_above": 1024,
|
|
951
|
+
"type": "keyword"
|
|
952
|
+
}
|
|
953
|
+
}
|
|
954
|
+
},
|
|
955
|
+
"imports": {
|
|
956
|
+
"type": "flattened"
|
|
957
|
+
},
|
|
958
|
+
"sections": {
|
|
959
|
+
"properties": {
|
|
960
|
+
"chi2": {
|
|
961
|
+
"type": "long"
|
|
962
|
+
},
|
|
963
|
+
"entropy": {
|
|
964
|
+
"type": "long"
|
|
965
|
+
},
|
|
966
|
+
"flags": {
|
|
967
|
+
"ignore_above": 1024,
|
|
968
|
+
"type": "keyword"
|
|
969
|
+
},
|
|
970
|
+
"name": {
|
|
971
|
+
"ignore_above": 1024,
|
|
972
|
+
"type": "keyword"
|
|
973
|
+
},
|
|
974
|
+
"physical_offset": {
|
|
975
|
+
"ignore_above": 1024,
|
|
976
|
+
"type": "keyword"
|
|
977
|
+
},
|
|
978
|
+
"physical_size": {
|
|
979
|
+
"type": "long"
|
|
980
|
+
},
|
|
981
|
+
"type": {
|
|
982
|
+
"ignore_above": 1024,
|
|
983
|
+
"type": "keyword"
|
|
984
|
+
},
|
|
985
|
+
"virtual_address": {
|
|
986
|
+
"type": "long"
|
|
987
|
+
},
|
|
988
|
+
"virtual_size": {
|
|
989
|
+
"type": "long"
|
|
990
|
+
}
|
|
991
|
+
},
|
|
992
|
+
"type": "nested"
|
|
993
|
+
},
|
|
994
|
+
"segments": {
|
|
995
|
+
"properties": {
|
|
996
|
+
"sections": {
|
|
997
|
+
"ignore_above": 1024,
|
|
998
|
+
"type": "keyword"
|
|
999
|
+
},
|
|
1000
|
+
"type": {
|
|
1001
|
+
"ignore_above": 1024,
|
|
1002
|
+
"type": "keyword"
|
|
1003
|
+
}
|
|
1004
|
+
},
|
|
1005
|
+
"type": "nested"
|
|
1006
|
+
},
|
|
1007
|
+
"shared_libraries": {
|
|
1008
|
+
"ignore_above": 1024,
|
|
1009
|
+
"type": "keyword"
|
|
1010
|
+
},
|
|
1011
|
+
"telfhash": {
|
|
1012
|
+
"ignore_above": 1024,
|
|
1013
|
+
"type": "keyword"
|
|
1014
|
+
}
|
|
1015
|
+
}
|
|
1016
|
+
},
|
|
819
1017
|
"extension": {
|
|
820
1018
|
"ignore_above": 1024,
|
|
821
1019
|
"type": "keyword"
|
|
822
1020
|
},
|
|
1021
|
+
"fork_name": {
|
|
1022
|
+
"ignore_above": 1024,
|
|
1023
|
+
"type": "keyword"
|
|
1024
|
+
},
|
|
823
1025
|
"gid": {
|
|
824
1026
|
"ignore_above": 1024,
|
|
825
1027
|
"type": "keyword"
|
|
@@ -845,6 +1047,10 @@
|
|
|
845
1047
|
"sha512": {
|
|
846
1048
|
"ignore_above": 1024,
|
|
847
1049
|
"type": "keyword"
|
|
1050
|
+
},
|
|
1051
|
+
"ssdeep": {
|
|
1052
|
+
"ignore_above": 1024,
|
|
1053
|
+
"type": "keyword"
|
|
848
1054
|
}
|
|
849
1055
|
}
|
|
850
1056
|
},
|
|
@@ -874,8 +1080,7 @@
|
|
|
874
1080
|
"path": {
|
|
875
1081
|
"fields": {
|
|
876
1082
|
"text": {
|
|
877
|
-
"
|
|
878
|
-
"type": "text"
|
|
1083
|
+
"type": "match_only_text"
|
|
879
1084
|
}
|
|
880
1085
|
},
|
|
881
1086
|
"ignore_above": 1024,
|
|
@@ -883,6 +1088,10 @@
|
|
|
883
1088
|
},
|
|
884
1089
|
"pe": {
|
|
885
1090
|
"properties": {
|
|
1091
|
+
"architecture": {
|
|
1092
|
+
"ignore_above": 1024,
|
|
1093
|
+
"type": "keyword"
|
|
1094
|
+
},
|
|
886
1095
|
"company": {
|
|
887
1096
|
"ignore_above": 1024,
|
|
888
1097
|
"type": "keyword"
|
|
@@ -895,6 +1104,10 @@
|
|
|
895
1104
|
"ignore_above": 1024,
|
|
896
1105
|
"type": "keyword"
|
|
897
1106
|
},
|
|
1107
|
+
"imphash": {
|
|
1108
|
+
"ignore_above": 1024,
|
|
1109
|
+
"type": "keyword"
|
|
1110
|
+
},
|
|
898
1111
|
"original_file_name": {
|
|
899
1112
|
"ignore_above": 1024,
|
|
900
1113
|
"type": "keyword"
|
|
@@ -911,8 +1124,7 @@
|
|
|
911
1124
|
"target_path": {
|
|
912
1125
|
"fields": {
|
|
913
1126
|
"text": {
|
|
914
|
-
"
|
|
915
|
-
"type": "text"
|
|
1127
|
+
"type": "match_only_text"
|
|
916
1128
|
}
|
|
917
1129
|
},
|
|
918
1130
|
"ignore_above": 1024,
|
|
@@ -925,41 +1137,112 @@
|
|
|
925
1137
|
"uid": {
|
|
926
1138
|
"ignore_above": 1024,
|
|
927
1139
|
"type": "keyword"
|
|
928
|
-
}
|
|
929
|
-
}
|
|
930
|
-
},
|
|
931
|
-
"geo": {
|
|
932
|
-
"properties": {
|
|
933
|
-
"city_name": {
|
|
934
|
-
"ignore_above": 1024,
|
|
935
|
-
"type": "keyword"
|
|
936
|
-
},
|
|
937
|
-
"continent_name": {
|
|
938
|
-
"ignore_above": 1024,
|
|
939
|
-
"type": "keyword"
|
|
940
|
-
},
|
|
941
|
-
"country_iso_code": {
|
|
942
|
-
"ignore_above": 1024,
|
|
943
|
-
"type": "keyword"
|
|
944
|
-
},
|
|
945
|
-
"country_name": {
|
|
946
|
-
"ignore_above": 1024,
|
|
947
|
-
"type": "keyword"
|
|
948
|
-
},
|
|
949
|
-
"location": {
|
|
950
|
-
"type": "geo_point"
|
|
951
|
-
},
|
|
952
|
-
"name": {
|
|
953
|
-
"ignore_above": 1024,
|
|
954
|
-
"type": "keyword"
|
|
955
|
-
},
|
|
956
|
-
"region_iso_code": {
|
|
957
|
-
"ignore_above": 1024,
|
|
958
|
-
"type": "keyword"
|
|
959
1140
|
},
|
|
960
|
-
"
|
|
961
|
-
"
|
|
962
|
-
|
|
1141
|
+
"x509": {
|
|
1142
|
+
"properties": {
|
|
1143
|
+
"alternative_names": {
|
|
1144
|
+
"ignore_above": 1024,
|
|
1145
|
+
"type": "keyword"
|
|
1146
|
+
},
|
|
1147
|
+
"issuer": {
|
|
1148
|
+
"properties": {
|
|
1149
|
+
"common_name": {
|
|
1150
|
+
"ignore_above": 1024,
|
|
1151
|
+
"type": "keyword"
|
|
1152
|
+
},
|
|
1153
|
+
"country": {
|
|
1154
|
+
"ignore_above": 1024,
|
|
1155
|
+
"type": "keyword"
|
|
1156
|
+
},
|
|
1157
|
+
"distinguished_name": {
|
|
1158
|
+
"ignore_above": 1024,
|
|
1159
|
+
"type": "keyword"
|
|
1160
|
+
},
|
|
1161
|
+
"locality": {
|
|
1162
|
+
"ignore_above": 1024,
|
|
1163
|
+
"type": "keyword"
|
|
1164
|
+
},
|
|
1165
|
+
"organization": {
|
|
1166
|
+
"ignore_above": 1024,
|
|
1167
|
+
"type": "keyword"
|
|
1168
|
+
},
|
|
1169
|
+
"organizational_unit": {
|
|
1170
|
+
"ignore_above": 1024,
|
|
1171
|
+
"type": "keyword"
|
|
1172
|
+
},
|
|
1173
|
+
"state_or_province": {
|
|
1174
|
+
"ignore_above": 1024,
|
|
1175
|
+
"type": "keyword"
|
|
1176
|
+
}
|
|
1177
|
+
}
|
|
1178
|
+
},
|
|
1179
|
+
"not_after": {
|
|
1180
|
+
"type": "date"
|
|
1181
|
+
},
|
|
1182
|
+
"not_before": {
|
|
1183
|
+
"type": "date"
|
|
1184
|
+
},
|
|
1185
|
+
"public_key_algorithm": {
|
|
1186
|
+
"ignore_above": 1024,
|
|
1187
|
+
"type": "keyword"
|
|
1188
|
+
},
|
|
1189
|
+
"public_key_curve": {
|
|
1190
|
+
"ignore_above": 1024,
|
|
1191
|
+
"type": "keyword"
|
|
1192
|
+
},
|
|
1193
|
+
"public_key_exponent": {
|
|
1194
|
+
"doc_values": false,
|
|
1195
|
+
"index": false,
|
|
1196
|
+
"type": "long"
|
|
1197
|
+
},
|
|
1198
|
+
"public_key_size": {
|
|
1199
|
+
"type": "long"
|
|
1200
|
+
},
|
|
1201
|
+
"serial_number": {
|
|
1202
|
+
"ignore_above": 1024,
|
|
1203
|
+
"type": "keyword"
|
|
1204
|
+
},
|
|
1205
|
+
"signature_algorithm": {
|
|
1206
|
+
"ignore_above": 1024,
|
|
1207
|
+
"type": "keyword"
|
|
1208
|
+
},
|
|
1209
|
+
"subject": {
|
|
1210
|
+
"properties": {
|
|
1211
|
+
"common_name": {
|
|
1212
|
+
"ignore_above": 1024,
|
|
1213
|
+
"type": "keyword"
|
|
1214
|
+
},
|
|
1215
|
+
"country": {
|
|
1216
|
+
"ignore_above": 1024,
|
|
1217
|
+
"type": "keyword"
|
|
1218
|
+
},
|
|
1219
|
+
"distinguished_name": {
|
|
1220
|
+
"ignore_above": 1024,
|
|
1221
|
+
"type": "keyword"
|
|
1222
|
+
},
|
|
1223
|
+
"locality": {
|
|
1224
|
+
"ignore_above": 1024,
|
|
1225
|
+
"type": "keyword"
|
|
1226
|
+
},
|
|
1227
|
+
"organization": {
|
|
1228
|
+
"ignore_above": 1024,
|
|
1229
|
+
"type": "keyword"
|
|
1230
|
+
},
|
|
1231
|
+
"organizational_unit": {
|
|
1232
|
+
"ignore_above": 1024,
|
|
1233
|
+
"type": "keyword"
|
|
1234
|
+
},
|
|
1235
|
+
"state_or_province": {
|
|
1236
|
+
"ignore_above": 1024,
|
|
1237
|
+
"type": "keyword"
|
|
1238
|
+
}
|
|
1239
|
+
}
|
|
1240
|
+
},
|
|
1241
|
+
"version_number": {
|
|
1242
|
+
"ignore_above": 1024,
|
|
1243
|
+
"type": "keyword"
|
|
1244
|
+
}
|
|
1245
|
+
}
|
|
963
1246
|
}
|
|
964
1247
|
}
|
|
965
1248
|
},
|
|
@@ -979,32 +1262,38 @@
|
|
|
979
1262
|
}
|
|
980
1263
|
}
|
|
981
1264
|
},
|
|
982
|
-
"hash": {
|
|
983
|
-
"properties": {
|
|
984
|
-
"md5": {
|
|
985
|
-
"ignore_above": 1024,
|
|
986
|
-
"type": "keyword"
|
|
987
|
-
},
|
|
988
|
-
"sha1": {
|
|
989
|
-
"ignore_above": 1024,
|
|
990
|
-
"type": "keyword"
|
|
991
|
-
},
|
|
992
|
-
"sha256": {
|
|
993
|
-
"ignore_above": 1024,
|
|
994
|
-
"type": "keyword"
|
|
995
|
-
},
|
|
996
|
-
"sha512": {
|
|
997
|
-
"ignore_above": 1024,
|
|
998
|
-
"type": "keyword"
|
|
999
|
-
}
|
|
1000
|
-
}
|
|
1001
|
-
},
|
|
1002
1265
|
"host": {
|
|
1003
1266
|
"properties": {
|
|
1004
1267
|
"architecture": {
|
|
1005
1268
|
"ignore_above": 1024,
|
|
1006
1269
|
"type": "keyword"
|
|
1007
1270
|
},
|
|
1271
|
+
"cpu": {
|
|
1272
|
+
"properties": {
|
|
1273
|
+
"usage": {
|
|
1274
|
+
"scaling_factor": 1000,
|
|
1275
|
+
"type": "scaled_float"
|
|
1276
|
+
}
|
|
1277
|
+
}
|
|
1278
|
+
},
|
|
1279
|
+
"disk": {
|
|
1280
|
+
"properties": {
|
|
1281
|
+
"read": {
|
|
1282
|
+
"properties": {
|
|
1283
|
+
"bytes": {
|
|
1284
|
+
"type": "long"
|
|
1285
|
+
}
|
|
1286
|
+
}
|
|
1287
|
+
},
|
|
1288
|
+
"write": {
|
|
1289
|
+
"properties": {
|
|
1290
|
+
"bytes": {
|
|
1291
|
+
"type": "long"
|
|
1292
|
+
}
|
|
1293
|
+
}
|
|
1294
|
+
}
|
|
1295
|
+
}
|
|
1296
|
+
},
|
|
1008
1297
|
"domain": {
|
|
1009
1298
|
"ignore_above": 1024,
|
|
1010
1299
|
"type": "keyword"
|
|
@@ -1015,6 +1304,10 @@
|
|
|
1015
1304
|
"ignore_above": 1024,
|
|
1016
1305
|
"type": "keyword"
|
|
1017
1306
|
},
|
|
1307
|
+
"continent_code": {
|
|
1308
|
+
"ignore_above": 1024,
|
|
1309
|
+
"type": "keyword"
|
|
1310
|
+
},
|
|
1018
1311
|
"continent_name": {
|
|
1019
1312
|
"ignore_above": 1024,
|
|
1020
1313
|
"type": "keyword"
|
|
@@ -1034,6 +1327,10 @@
|
|
|
1034
1327
|
"ignore_above": 1024,
|
|
1035
1328
|
"type": "keyword"
|
|
1036
1329
|
},
|
|
1330
|
+
"postal_code": {
|
|
1331
|
+
"ignore_above": 1024,
|
|
1332
|
+
"type": "keyword"
|
|
1333
|
+
},
|
|
1037
1334
|
"region_iso_code": {
|
|
1038
1335
|
"ignore_above": 1024,
|
|
1039
1336
|
"type": "keyword"
|
|
@@ -1041,6 +1338,10 @@
|
|
|
1041
1338
|
"region_name": {
|
|
1042
1339
|
"ignore_above": 1024,
|
|
1043
1340
|
"type": "keyword"
|
|
1341
|
+
},
|
|
1342
|
+
"timezone": {
|
|
1343
|
+
"ignore_above": 1024,
|
|
1344
|
+
"type": "keyword"
|
|
1044
1345
|
}
|
|
1045
1346
|
}
|
|
1046
1347
|
},
|
|
@@ -1063,6 +1364,30 @@
|
|
|
1063
1364
|
"ignore_above": 1024,
|
|
1064
1365
|
"type": "keyword"
|
|
1065
1366
|
},
|
|
1367
|
+
"network": {
|
|
1368
|
+
"properties": {
|
|
1369
|
+
"egress": {
|
|
1370
|
+
"properties": {
|
|
1371
|
+
"bytes": {
|
|
1372
|
+
"type": "long"
|
|
1373
|
+
},
|
|
1374
|
+
"packets": {
|
|
1375
|
+
"type": "long"
|
|
1376
|
+
}
|
|
1377
|
+
}
|
|
1378
|
+
},
|
|
1379
|
+
"ingress": {
|
|
1380
|
+
"properties": {
|
|
1381
|
+
"bytes": {
|
|
1382
|
+
"type": "long"
|
|
1383
|
+
},
|
|
1384
|
+
"packets": {
|
|
1385
|
+
"type": "long"
|
|
1386
|
+
}
|
|
1387
|
+
}
|
|
1388
|
+
}
|
|
1389
|
+
}
|
|
1390
|
+
},
|
|
1066
1391
|
"os": {
|
|
1067
1392
|
"properties": {
|
|
1068
1393
|
"family": {
|
|
@@ -1072,8 +1397,7 @@
|
|
|
1072
1397
|
"full": {
|
|
1073
1398
|
"fields": {
|
|
1074
1399
|
"text": {
|
|
1075
|
-
"
|
|
1076
|
-
"type": "text"
|
|
1400
|
+
"type": "match_only_text"
|
|
1077
1401
|
}
|
|
1078
1402
|
},
|
|
1079
1403
|
"ignore_above": 1024,
|
|
@@ -1086,8 +1410,7 @@
|
|
|
1086
1410
|
"name": {
|
|
1087
1411
|
"fields": {
|
|
1088
1412
|
"text": {
|
|
1089
|
-
"
|
|
1090
|
-
"type": "text"
|
|
1413
|
+
"type": "match_only_text"
|
|
1091
1414
|
}
|
|
1092
1415
|
},
|
|
1093
1416
|
"ignore_above": 1024,
|
|
@@ -1097,6 +1420,10 @@
|
|
|
1097
1420
|
"ignore_above": 1024,
|
|
1098
1421
|
"type": "keyword"
|
|
1099
1422
|
},
|
|
1423
|
+
"type": {
|
|
1424
|
+
"ignore_above": 1024,
|
|
1425
|
+
"type": "keyword"
|
|
1426
|
+
},
|
|
1100
1427
|
"version": {
|
|
1101
1428
|
"ignore_above": 1024,
|
|
1102
1429
|
"type": "keyword"
|
|
@@ -1123,8 +1450,7 @@
|
|
|
1123
1450
|
"full_name": {
|
|
1124
1451
|
"fields": {
|
|
1125
1452
|
"text": {
|
|
1126
|
-
"
|
|
1127
|
-
"type": "text"
|
|
1453
|
+
"type": "match_only_text"
|
|
1128
1454
|
}
|
|
1129
1455
|
},
|
|
1130
1456
|
"ignore_above": 1024,
|
|
@@ -1157,12 +1483,15 @@
|
|
|
1157
1483
|
"name": {
|
|
1158
1484
|
"fields": {
|
|
1159
1485
|
"text": {
|
|
1160
|
-
"
|
|
1161
|
-
"type": "text"
|
|
1486
|
+
"type": "match_only_text"
|
|
1162
1487
|
}
|
|
1163
1488
|
},
|
|
1164
1489
|
"ignore_above": 1024,
|
|
1165
1490
|
"type": "keyword"
|
|
1491
|
+
},
|
|
1492
|
+
"roles": {
|
|
1493
|
+
"ignore_above": 1024,
|
|
1494
|
+
"type": "keyword"
|
|
1166
1495
|
}
|
|
1167
1496
|
}
|
|
1168
1497
|
}
|
|
@@ -1180,22 +1509,28 @@
|
|
|
1180
1509
|
"content": {
|
|
1181
1510
|
"fields": {
|
|
1182
1511
|
"text": {
|
|
1183
|
-
"
|
|
1184
|
-
"type": "text"
|
|
1512
|
+
"type": "match_only_text"
|
|
1185
1513
|
}
|
|
1186
1514
|
},
|
|
1187
|
-
"
|
|
1188
|
-
"type": "keyword"
|
|
1515
|
+
"type": "wildcard"
|
|
1189
1516
|
}
|
|
1190
1517
|
}
|
|
1191
1518
|
},
|
|
1192
1519
|
"bytes": {
|
|
1193
1520
|
"type": "long"
|
|
1194
1521
|
},
|
|
1522
|
+
"id": {
|
|
1523
|
+
"ignore_above": 1024,
|
|
1524
|
+
"type": "keyword"
|
|
1525
|
+
},
|
|
1195
1526
|
"method": {
|
|
1196
1527
|
"ignore_above": 1024,
|
|
1197
1528
|
"type": "keyword"
|
|
1198
1529
|
},
|
|
1530
|
+
"mime_type": {
|
|
1531
|
+
"ignore_above": 1024,
|
|
1532
|
+
"type": "keyword"
|
|
1533
|
+
},
|
|
1199
1534
|
"referrer": {
|
|
1200
1535
|
"ignore_above": 1024,
|
|
1201
1536
|
"type": "keyword"
|
|
@@ -1212,18 +1547,20 @@
|
|
|
1212
1547
|
"content": {
|
|
1213
1548
|
"fields": {
|
|
1214
1549
|
"text": {
|
|
1215
|
-
"
|
|
1216
|
-
"type": "text"
|
|
1550
|
+
"type": "match_only_text"
|
|
1217
1551
|
}
|
|
1218
1552
|
},
|
|
1219
|
-
"
|
|
1220
|
-
"type": "keyword"
|
|
1553
|
+
"type": "wildcard"
|
|
1221
1554
|
}
|
|
1222
1555
|
}
|
|
1223
1556
|
},
|
|
1224
1557
|
"bytes": {
|
|
1225
1558
|
"type": "long"
|
|
1226
1559
|
},
|
|
1560
|
+
"mime_type": {
|
|
1561
|
+
"ignore_above": 1024,
|
|
1562
|
+
"type": "keyword"
|
|
1563
|
+
},
|
|
1227
1564
|
"status_code": {
|
|
1228
1565
|
"type": "long"
|
|
1229
1566
|
}
|
|
@@ -1235,27 +1572,19 @@
|
|
|
1235
1572
|
}
|
|
1236
1573
|
}
|
|
1237
1574
|
},
|
|
1238
|
-
"interface": {
|
|
1239
|
-
"properties": {
|
|
1240
|
-
"alias": {
|
|
1241
|
-
"ignore_above": 1024,
|
|
1242
|
-
"type": "keyword"
|
|
1243
|
-
},
|
|
1244
|
-
"id": {
|
|
1245
|
-
"ignore_above": 1024,
|
|
1246
|
-
"type": "keyword"
|
|
1247
|
-
},
|
|
1248
|
-
"name": {
|
|
1249
|
-
"ignore_above": 1024,
|
|
1250
|
-
"type": "keyword"
|
|
1251
|
-
}
|
|
1252
|
-
}
|
|
1253
|
-
},
|
|
1254
1575
|
"labels": {
|
|
1255
1576
|
"type": "object"
|
|
1256
1577
|
},
|
|
1257
1578
|
"log": {
|
|
1258
1579
|
"properties": {
|
|
1580
|
+
"file": {
|
|
1581
|
+
"properties": {
|
|
1582
|
+
"path": {
|
|
1583
|
+
"ignore_above": 1024,
|
|
1584
|
+
"type": "keyword"
|
|
1585
|
+
}
|
|
1586
|
+
}
|
|
1587
|
+
},
|
|
1259
1588
|
"level": {
|
|
1260
1589
|
"ignore_above": 1024,
|
|
1261
1590
|
"type": "keyword"
|
|
@@ -1285,7 +1614,6 @@
|
|
|
1285
1614
|
},
|
|
1286
1615
|
"original": {
|
|
1287
1616
|
"doc_values": false,
|
|
1288
|
-
"ignore_above": 1024,
|
|
1289
1617
|
"index": false,
|
|
1290
1618
|
"type": "keyword"
|
|
1291
1619
|
},
|
|
@@ -1322,8 +1650,7 @@
|
|
|
1322
1650
|
}
|
|
1323
1651
|
},
|
|
1324
1652
|
"message": {
|
|
1325
|
-
"
|
|
1326
|
-
"type": "text"
|
|
1653
|
+
"type": "match_only_text"
|
|
1327
1654
|
},
|
|
1328
1655
|
"network": {
|
|
1329
1656
|
"properties": {
|
|
@@ -1444,6 +1771,10 @@
|
|
|
1444
1771
|
"ignore_above": 1024,
|
|
1445
1772
|
"type": "keyword"
|
|
1446
1773
|
},
|
|
1774
|
+
"continent_code": {
|
|
1775
|
+
"ignore_above": 1024,
|
|
1776
|
+
"type": "keyword"
|
|
1777
|
+
},
|
|
1447
1778
|
"continent_name": {
|
|
1448
1779
|
"ignore_above": 1024,
|
|
1449
1780
|
"type": "keyword"
|
|
@@ -1463,6 +1794,10 @@
|
|
|
1463
1794
|
"ignore_above": 1024,
|
|
1464
1795
|
"type": "keyword"
|
|
1465
1796
|
},
|
|
1797
|
+
"postal_code": {
|
|
1798
|
+
"ignore_above": 1024,
|
|
1799
|
+
"type": "keyword"
|
|
1800
|
+
},
|
|
1466
1801
|
"region_iso_code": {
|
|
1467
1802
|
"ignore_above": 1024,
|
|
1468
1803
|
"type": "keyword"
|
|
@@ -1470,6 +1805,10 @@
|
|
|
1470
1805
|
"region_name": {
|
|
1471
1806
|
"ignore_above": 1024,
|
|
1472
1807
|
"type": "keyword"
|
|
1808
|
+
},
|
|
1809
|
+
"timezone": {
|
|
1810
|
+
"ignore_above": 1024,
|
|
1811
|
+
"type": "keyword"
|
|
1473
1812
|
}
|
|
1474
1813
|
}
|
|
1475
1814
|
},
|
|
@@ -1534,8 +1873,7 @@
|
|
|
1534
1873
|
"full": {
|
|
1535
1874
|
"fields": {
|
|
1536
1875
|
"text": {
|
|
1537
|
-
"
|
|
1538
|
-
"type": "text"
|
|
1876
|
+
"type": "match_only_text"
|
|
1539
1877
|
}
|
|
1540
1878
|
},
|
|
1541
1879
|
"ignore_above": 1024,
|
|
@@ -1548,8 +1886,7 @@
|
|
|
1548
1886
|
"name": {
|
|
1549
1887
|
"fields": {
|
|
1550
1888
|
"text": {
|
|
1551
|
-
"
|
|
1552
|
-
"type": "text"
|
|
1889
|
+
"type": "match_only_text"
|
|
1553
1890
|
}
|
|
1554
1891
|
},
|
|
1555
1892
|
"ignore_above": 1024,
|
|
@@ -1559,6 +1896,10 @@
|
|
|
1559
1896
|
"ignore_above": 1024,
|
|
1560
1897
|
"type": "keyword"
|
|
1561
1898
|
},
|
|
1899
|
+
"type": {
|
|
1900
|
+
"ignore_above": 1024,
|
|
1901
|
+
"type": "keyword"
|
|
1902
|
+
},
|
|
1562
1903
|
"version": {
|
|
1563
1904
|
"ignore_above": 1024,
|
|
1564
1905
|
"type": "keyword"
|
|
@@ -1587,61 +1928,68 @@
|
|
|
1587
1928
|
}
|
|
1588
1929
|
}
|
|
1589
1930
|
},
|
|
1590
|
-
"
|
|
1931
|
+
"orchestrator": {
|
|
1591
1932
|
"properties": {
|
|
1592
|
-
"
|
|
1933
|
+
"api_version": {
|
|
1593
1934
|
"ignore_above": 1024,
|
|
1594
1935
|
"type": "keyword"
|
|
1595
1936
|
},
|
|
1596
|
-
"
|
|
1597
|
-
"
|
|
1598
|
-
"
|
|
1599
|
-
"
|
|
1600
|
-
"type": "
|
|
1937
|
+
"cluster": {
|
|
1938
|
+
"properties": {
|
|
1939
|
+
"name": {
|
|
1940
|
+
"ignore_above": 1024,
|
|
1941
|
+
"type": "keyword"
|
|
1942
|
+
},
|
|
1943
|
+
"url": {
|
|
1944
|
+
"ignore_above": 1024,
|
|
1945
|
+
"type": "keyword"
|
|
1946
|
+
},
|
|
1947
|
+
"version": {
|
|
1948
|
+
"ignore_above": 1024,
|
|
1949
|
+
"type": "keyword"
|
|
1601
1950
|
}
|
|
1602
|
-
}
|
|
1951
|
+
}
|
|
1952
|
+
},
|
|
1953
|
+
"namespace": {
|
|
1603
1954
|
"ignore_above": 1024,
|
|
1604
1955
|
"type": "keyword"
|
|
1605
|
-
}
|
|
1606
|
-
|
|
1607
|
-
},
|
|
1608
|
-
"os": {
|
|
1609
|
-
"properties": {
|
|
1610
|
-
"family": {
|
|
1956
|
+
},
|
|
1957
|
+
"organization": {
|
|
1611
1958
|
"ignore_above": 1024,
|
|
1612
1959
|
"type": "keyword"
|
|
1613
1960
|
},
|
|
1614
|
-
"
|
|
1615
|
-
"
|
|
1616
|
-
"
|
|
1617
|
-
"
|
|
1618
|
-
"type": "
|
|
1961
|
+
"resource": {
|
|
1962
|
+
"properties": {
|
|
1963
|
+
"name": {
|
|
1964
|
+
"ignore_above": 1024,
|
|
1965
|
+
"type": "keyword"
|
|
1966
|
+
},
|
|
1967
|
+
"type": {
|
|
1968
|
+
"ignore_above": 1024,
|
|
1969
|
+
"type": "keyword"
|
|
1619
1970
|
}
|
|
1620
|
-
}
|
|
1971
|
+
}
|
|
1972
|
+
},
|
|
1973
|
+
"type": {
|
|
1621
1974
|
"ignore_above": 1024,
|
|
1622
1975
|
"type": "keyword"
|
|
1623
|
-
}
|
|
1624
|
-
|
|
1976
|
+
}
|
|
1977
|
+
}
|
|
1978
|
+
},
|
|
1979
|
+
"organization": {
|
|
1980
|
+
"properties": {
|
|
1981
|
+
"id": {
|
|
1625
1982
|
"ignore_above": 1024,
|
|
1626
1983
|
"type": "keyword"
|
|
1627
1984
|
},
|
|
1628
1985
|
"name": {
|
|
1629
1986
|
"fields": {
|
|
1630
1987
|
"text": {
|
|
1631
|
-
"
|
|
1632
|
-
"type": "text"
|
|
1988
|
+
"type": "match_only_text"
|
|
1633
1989
|
}
|
|
1634
1990
|
},
|
|
1635
1991
|
"ignore_above": 1024,
|
|
1636
1992
|
"type": "keyword"
|
|
1637
|
-
},
|
|
1638
|
-
"platform": {
|
|
1639
|
-
"ignore_above": 1024,
|
|
1640
|
-
"type": "keyword"
|
|
1641
|
-
},
|
|
1642
|
-
"version": {
|
|
1643
|
-
"ignore_above": 1024,
|
|
1644
|
-
"type": "keyword"
|
|
1645
1993
|
}
|
|
1646
1994
|
}
|
|
1647
1995
|
},
|
|
@@ -1699,33 +2047,9 @@
|
|
|
1699
2047
|
}
|
|
1700
2048
|
}
|
|
1701
2049
|
},
|
|
1702
|
-
"
|
|
2050
|
+
"process": {
|
|
1703
2051
|
"properties": {
|
|
1704
|
-
"
|
|
1705
|
-
"ignore_above": 1024,
|
|
1706
|
-
"type": "keyword"
|
|
1707
|
-
},
|
|
1708
|
-
"description": {
|
|
1709
|
-
"ignore_above": 1024,
|
|
1710
|
-
"type": "keyword"
|
|
1711
|
-
},
|
|
1712
|
-
"file_version": {
|
|
1713
|
-
"ignore_above": 1024,
|
|
1714
|
-
"type": "keyword"
|
|
1715
|
-
},
|
|
1716
|
-
"original_file_name": {
|
|
1717
|
-
"ignore_above": 1024,
|
|
1718
|
-
"type": "keyword"
|
|
1719
|
-
},
|
|
1720
|
-
"product": {
|
|
1721
|
-
"ignore_above": 1024,
|
|
1722
|
-
"type": "keyword"
|
|
1723
|
-
}
|
|
1724
|
-
}
|
|
1725
|
-
},
|
|
1726
|
-
"process": {
|
|
1727
|
-
"properties": {
|
|
1728
|
-
"args": {
|
|
2052
|
+
"args": {
|
|
1729
2053
|
"ignore_above": 1024,
|
|
1730
2054
|
"type": "keyword"
|
|
1731
2055
|
},
|
|
@@ -1734,9 +2058,17 @@
|
|
|
1734
2058
|
},
|
|
1735
2059
|
"code_signature": {
|
|
1736
2060
|
"properties": {
|
|
2061
|
+
"digest_algorithm": {
|
|
2062
|
+
"ignore_above": 1024,
|
|
2063
|
+
"type": "keyword"
|
|
2064
|
+
},
|
|
1737
2065
|
"exists": {
|
|
1738
2066
|
"type": "boolean"
|
|
1739
2067
|
},
|
|
2068
|
+
"signing_id": {
|
|
2069
|
+
"ignore_above": 1024,
|
|
2070
|
+
"type": "keyword"
|
|
2071
|
+
},
|
|
1740
2072
|
"status": {
|
|
1741
2073
|
"ignore_above": 1024,
|
|
1742
2074
|
"type": "keyword"
|
|
@@ -1745,6 +2077,13 @@
|
|
|
1745
2077
|
"ignore_above": 1024,
|
|
1746
2078
|
"type": "keyword"
|
|
1747
2079
|
},
|
|
2080
|
+
"team_id": {
|
|
2081
|
+
"ignore_above": 1024,
|
|
2082
|
+
"type": "keyword"
|
|
2083
|
+
},
|
|
2084
|
+
"timestamp": {
|
|
2085
|
+
"type": "date"
|
|
2086
|
+
},
|
|
1748
2087
|
"trusted": {
|
|
1749
2088
|
"type": "boolean"
|
|
1750
2089
|
},
|
|
@@ -1756,12 +2095,130 @@
|
|
|
1756
2095
|
"command_line": {
|
|
1757
2096
|
"fields": {
|
|
1758
2097
|
"text": {
|
|
1759
|
-
"
|
|
1760
|
-
"type": "text"
|
|
2098
|
+
"type": "match_only_text"
|
|
1761
2099
|
}
|
|
1762
2100
|
},
|
|
1763
|
-
"
|
|
1764
|
-
|
|
2101
|
+
"type": "wildcard"
|
|
2102
|
+
},
|
|
2103
|
+
"elf": {
|
|
2104
|
+
"properties": {
|
|
2105
|
+
"architecture": {
|
|
2106
|
+
"ignore_above": 1024,
|
|
2107
|
+
"type": "keyword"
|
|
2108
|
+
},
|
|
2109
|
+
"byte_order": {
|
|
2110
|
+
"ignore_above": 1024,
|
|
2111
|
+
"type": "keyword"
|
|
2112
|
+
},
|
|
2113
|
+
"cpu_type": {
|
|
2114
|
+
"ignore_above": 1024,
|
|
2115
|
+
"type": "keyword"
|
|
2116
|
+
},
|
|
2117
|
+
"creation_date": {
|
|
2118
|
+
"type": "date"
|
|
2119
|
+
},
|
|
2120
|
+
"exports": {
|
|
2121
|
+
"type": "flattened"
|
|
2122
|
+
},
|
|
2123
|
+
"header": {
|
|
2124
|
+
"properties": {
|
|
2125
|
+
"abi_version": {
|
|
2126
|
+
"ignore_above": 1024,
|
|
2127
|
+
"type": "keyword"
|
|
2128
|
+
},
|
|
2129
|
+
"class": {
|
|
2130
|
+
"ignore_above": 1024,
|
|
2131
|
+
"type": "keyword"
|
|
2132
|
+
},
|
|
2133
|
+
"data": {
|
|
2134
|
+
"ignore_above": 1024,
|
|
2135
|
+
"type": "keyword"
|
|
2136
|
+
},
|
|
2137
|
+
"entrypoint": {
|
|
2138
|
+
"type": "long"
|
|
2139
|
+
},
|
|
2140
|
+
"object_version": {
|
|
2141
|
+
"ignore_above": 1024,
|
|
2142
|
+
"type": "keyword"
|
|
2143
|
+
},
|
|
2144
|
+
"os_abi": {
|
|
2145
|
+
"ignore_above": 1024,
|
|
2146
|
+
"type": "keyword"
|
|
2147
|
+
},
|
|
2148
|
+
"type": {
|
|
2149
|
+
"ignore_above": 1024,
|
|
2150
|
+
"type": "keyword"
|
|
2151
|
+
},
|
|
2152
|
+
"version": {
|
|
2153
|
+
"ignore_above": 1024,
|
|
2154
|
+
"type": "keyword"
|
|
2155
|
+
}
|
|
2156
|
+
}
|
|
2157
|
+
},
|
|
2158
|
+
"imports": {
|
|
2159
|
+
"type": "flattened"
|
|
2160
|
+
},
|
|
2161
|
+
"sections": {
|
|
2162
|
+
"properties": {
|
|
2163
|
+
"chi2": {
|
|
2164
|
+
"type": "long"
|
|
2165
|
+
},
|
|
2166
|
+
"entropy": {
|
|
2167
|
+
"type": "long"
|
|
2168
|
+
},
|
|
2169
|
+
"flags": {
|
|
2170
|
+
"ignore_above": 1024,
|
|
2171
|
+
"type": "keyword"
|
|
2172
|
+
},
|
|
2173
|
+
"name": {
|
|
2174
|
+
"ignore_above": 1024,
|
|
2175
|
+
"type": "keyword"
|
|
2176
|
+
},
|
|
2177
|
+
"physical_offset": {
|
|
2178
|
+
"ignore_above": 1024,
|
|
2179
|
+
"type": "keyword"
|
|
2180
|
+
},
|
|
2181
|
+
"physical_size": {
|
|
2182
|
+
"type": "long"
|
|
2183
|
+
},
|
|
2184
|
+
"type": {
|
|
2185
|
+
"ignore_above": 1024,
|
|
2186
|
+
"type": "keyword"
|
|
2187
|
+
},
|
|
2188
|
+
"virtual_address": {
|
|
2189
|
+
"type": "long"
|
|
2190
|
+
},
|
|
2191
|
+
"virtual_size": {
|
|
2192
|
+
"type": "long"
|
|
2193
|
+
}
|
|
2194
|
+
},
|
|
2195
|
+
"type": "nested"
|
|
2196
|
+
},
|
|
2197
|
+
"segments": {
|
|
2198
|
+
"properties": {
|
|
2199
|
+
"sections": {
|
|
2200
|
+
"ignore_above": 1024,
|
|
2201
|
+
"type": "keyword"
|
|
2202
|
+
},
|
|
2203
|
+
"type": {
|
|
2204
|
+
"ignore_above": 1024,
|
|
2205
|
+
"type": "keyword"
|
|
2206
|
+
}
|
|
2207
|
+
},
|
|
2208
|
+
"type": "nested"
|
|
2209
|
+
},
|
|
2210
|
+
"shared_libraries": {
|
|
2211
|
+
"ignore_above": 1024,
|
|
2212
|
+
"type": "keyword"
|
|
2213
|
+
},
|
|
2214
|
+
"telfhash": {
|
|
2215
|
+
"ignore_above": 1024,
|
|
2216
|
+
"type": "keyword"
|
|
2217
|
+
}
|
|
2218
|
+
}
|
|
2219
|
+
},
|
|
2220
|
+
"end": {
|
|
2221
|
+
"type": "date"
|
|
1765
2222
|
},
|
|
1766
2223
|
"entity_id": {
|
|
1767
2224
|
"ignore_above": 1024,
|
|
@@ -1770,8 +2227,7 @@
|
|
|
1770
2227
|
"executable": {
|
|
1771
2228
|
"fields": {
|
|
1772
2229
|
"text": {
|
|
1773
|
-
"
|
|
1774
|
-
"type": "text"
|
|
2230
|
+
"type": "match_only_text"
|
|
1775
2231
|
}
|
|
1776
2232
|
},
|
|
1777
2233
|
"ignore_above": 1024,
|
|
@@ -1797,14 +2253,17 @@
|
|
|
1797
2253
|
"sha512": {
|
|
1798
2254
|
"ignore_above": 1024,
|
|
1799
2255
|
"type": "keyword"
|
|
2256
|
+
},
|
|
2257
|
+
"ssdeep": {
|
|
2258
|
+
"ignore_above": 1024,
|
|
2259
|
+
"type": "keyword"
|
|
1800
2260
|
}
|
|
1801
2261
|
}
|
|
1802
2262
|
},
|
|
1803
2263
|
"name": {
|
|
1804
2264
|
"fields": {
|
|
1805
2265
|
"text": {
|
|
1806
|
-
"
|
|
1807
|
-
"type": "text"
|
|
2266
|
+
"type": "match_only_text"
|
|
1808
2267
|
}
|
|
1809
2268
|
},
|
|
1810
2269
|
"ignore_above": 1024,
|
|
@@ -1821,9 +2280,17 @@
|
|
|
1821
2280
|
},
|
|
1822
2281
|
"code_signature": {
|
|
1823
2282
|
"properties": {
|
|
2283
|
+
"digest_algorithm": {
|
|
2284
|
+
"ignore_above": 1024,
|
|
2285
|
+
"type": "keyword"
|
|
2286
|
+
},
|
|
1824
2287
|
"exists": {
|
|
1825
2288
|
"type": "boolean"
|
|
1826
2289
|
},
|
|
2290
|
+
"signing_id": {
|
|
2291
|
+
"ignore_above": 1024,
|
|
2292
|
+
"type": "keyword"
|
|
2293
|
+
},
|
|
1827
2294
|
"status": {
|
|
1828
2295
|
"ignore_above": 1024,
|
|
1829
2296
|
"type": "keyword"
|
|
@@ -1832,6 +2299,13 @@
|
|
|
1832
2299
|
"ignore_above": 1024,
|
|
1833
2300
|
"type": "keyword"
|
|
1834
2301
|
},
|
|
2302
|
+
"team_id": {
|
|
2303
|
+
"ignore_above": 1024,
|
|
2304
|
+
"type": "keyword"
|
|
2305
|
+
},
|
|
2306
|
+
"timestamp": {
|
|
2307
|
+
"type": "date"
|
|
2308
|
+
},
|
|
1835
2309
|
"trusted": {
|
|
1836
2310
|
"type": "boolean"
|
|
1837
2311
|
},
|
|
@@ -1843,12 +2317,130 @@
|
|
|
1843
2317
|
"command_line": {
|
|
1844
2318
|
"fields": {
|
|
1845
2319
|
"text": {
|
|
1846
|
-
"
|
|
1847
|
-
"type": "text"
|
|
2320
|
+
"type": "match_only_text"
|
|
1848
2321
|
}
|
|
1849
2322
|
},
|
|
1850
|
-
"
|
|
1851
|
-
|
|
2323
|
+
"type": "wildcard"
|
|
2324
|
+
},
|
|
2325
|
+
"elf": {
|
|
2326
|
+
"properties": {
|
|
2327
|
+
"architecture": {
|
|
2328
|
+
"ignore_above": 1024,
|
|
2329
|
+
"type": "keyword"
|
|
2330
|
+
},
|
|
2331
|
+
"byte_order": {
|
|
2332
|
+
"ignore_above": 1024,
|
|
2333
|
+
"type": "keyword"
|
|
2334
|
+
},
|
|
2335
|
+
"cpu_type": {
|
|
2336
|
+
"ignore_above": 1024,
|
|
2337
|
+
"type": "keyword"
|
|
2338
|
+
},
|
|
2339
|
+
"creation_date": {
|
|
2340
|
+
"type": "date"
|
|
2341
|
+
},
|
|
2342
|
+
"exports": {
|
|
2343
|
+
"type": "flattened"
|
|
2344
|
+
},
|
|
2345
|
+
"header": {
|
|
2346
|
+
"properties": {
|
|
2347
|
+
"abi_version": {
|
|
2348
|
+
"ignore_above": 1024,
|
|
2349
|
+
"type": "keyword"
|
|
2350
|
+
},
|
|
2351
|
+
"class": {
|
|
2352
|
+
"ignore_above": 1024,
|
|
2353
|
+
"type": "keyword"
|
|
2354
|
+
},
|
|
2355
|
+
"data": {
|
|
2356
|
+
"ignore_above": 1024,
|
|
2357
|
+
"type": "keyword"
|
|
2358
|
+
},
|
|
2359
|
+
"entrypoint": {
|
|
2360
|
+
"type": "long"
|
|
2361
|
+
},
|
|
2362
|
+
"object_version": {
|
|
2363
|
+
"ignore_above": 1024,
|
|
2364
|
+
"type": "keyword"
|
|
2365
|
+
},
|
|
2366
|
+
"os_abi": {
|
|
2367
|
+
"ignore_above": 1024,
|
|
2368
|
+
"type": "keyword"
|
|
2369
|
+
},
|
|
2370
|
+
"type": {
|
|
2371
|
+
"ignore_above": 1024,
|
|
2372
|
+
"type": "keyword"
|
|
2373
|
+
},
|
|
2374
|
+
"version": {
|
|
2375
|
+
"ignore_above": 1024,
|
|
2376
|
+
"type": "keyword"
|
|
2377
|
+
}
|
|
2378
|
+
}
|
|
2379
|
+
},
|
|
2380
|
+
"imports": {
|
|
2381
|
+
"type": "flattened"
|
|
2382
|
+
},
|
|
2383
|
+
"sections": {
|
|
2384
|
+
"properties": {
|
|
2385
|
+
"chi2": {
|
|
2386
|
+
"type": "long"
|
|
2387
|
+
},
|
|
2388
|
+
"entropy": {
|
|
2389
|
+
"type": "long"
|
|
2390
|
+
},
|
|
2391
|
+
"flags": {
|
|
2392
|
+
"ignore_above": 1024,
|
|
2393
|
+
"type": "keyword"
|
|
2394
|
+
},
|
|
2395
|
+
"name": {
|
|
2396
|
+
"ignore_above": 1024,
|
|
2397
|
+
"type": "keyword"
|
|
2398
|
+
},
|
|
2399
|
+
"physical_offset": {
|
|
2400
|
+
"ignore_above": 1024,
|
|
2401
|
+
"type": "keyword"
|
|
2402
|
+
},
|
|
2403
|
+
"physical_size": {
|
|
2404
|
+
"type": "long"
|
|
2405
|
+
},
|
|
2406
|
+
"type": {
|
|
2407
|
+
"ignore_above": 1024,
|
|
2408
|
+
"type": "keyword"
|
|
2409
|
+
},
|
|
2410
|
+
"virtual_address": {
|
|
2411
|
+
"type": "long"
|
|
2412
|
+
},
|
|
2413
|
+
"virtual_size": {
|
|
2414
|
+
"type": "long"
|
|
2415
|
+
}
|
|
2416
|
+
},
|
|
2417
|
+
"type": "nested"
|
|
2418
|
+
},
|
|
2419
|
+
"segments": {
|
|
2420
|
+
"properties": {
|
|
2421
|
+
"sections": {
|
|
2422
|
+
"ignore_above": 1024,
|
|
2423
|
+
"type": "keyword"
|
|
2424
|
+
},
|
|
2425
|
+
"type": {
|
|
2426
|
+
"ignore_above": 1024,
|
|
2427
|
+
"type": "keyword"
|
|
2428
|
+
}
|
|
2429
|
+
},
|
|
2430
|
+
"type": "nested"
|
|
2431
|
+
},
|
|
2432
|
+
"shared_libraries": {
|
|
2433
|
+
"ignore_above": 1024,
|
|
2434
|
+
"type": "keyword"
|
|
2435
|
+
},
|
|
2436
|
+
"telfhash": {
|
|
2437
|
+
"ignore_above": 1024,
|
|
2438
|
+
"type": "keyword"
|
|
2439
|
+
}
|
|
2440
|
+
}
|
|
2441
|
+
},
|
|
2442
|
+
"end": {
|
|
2443
|
+
"type": "date"
|
|
1852
2444
|
},
|
|
1853
2445
|
"entity_id": {
|
|
1854
2446
|
"ignore_above": 1024,
|
|
@@ -1857,8 +2449,7 @@
|
|
|
1857
2449
|
"executable": {
|
|
1858
2450
|
"fields": {
|
|
1859
2451
|
"text": {
|
|
1860
|
-
"
|
|
1861
|
-
"type": "text"
|
|
2452
|
+
"type": "match_only_text"
|
|
1862
2453
|
}
|
|
1863
2454
|
},
|
|
1864
2455
|
"ignore_above": 1024,
|
|
@@ -1884,19 +2475,54 @@
|
|
|
1884
2475
|
"sha512": {
|
|
1885
2476
|
"ignore_above": 1024,
|
|
1886
2477
|
"type": "keyword"
|
|
2478
|
+
},
|
|
2479
|
+
"ssdeep": {
|
|
2480
|
+
"ignore_above": 1024,
|
|
2481
|
+
"type": "keyword"
|
|
1887
2482
|
}
|
|
1888
2483
|
}
|
|
1889
2484
|
},
|
|
1890
2485
|
"name": {
|
|
1891
2486
|
"fields": {
|
|
1892
2487
|
"text": {
|
|
1893
|
-
"
|
|
1894
|
-
"type": "text"
|
|
2488
|
+
"type": "match_only_text"
|
|
1895
2489
|
}
|
|
1896
2490
|
},
|
|
1897
2491
|
"ignore_above": 1024,
|
|
1898
2492
|
"type": "keyword"
|
|
1899
2493
|
},
|
|
2494
|
+
"pe": {
|
|
2495
|
+
"properties": {
|
|
2496
|
+
"architecture": {
|
|
2497
|
+
"ignore_above": 1024,
|
|
2498
|
+
"type": "keyword"
|
|
2499
|
+
},
|
|
2500
|
+
"company": {
|
|
2501
|
+
"ignore_above": 1024,
|
|
2502
|
+
"type": "keyword"
|
|
2503
|
+
},
|
|
2504
|
+
"description": {
|
|
2505
|
+
"ignore_above": 1024,
|
|
2506
|
+
"type": "keyword"
|
|
2507
|
+
},
|
|
2508
|
+
"file_version": {
|
|
2509
|
+
"ignore_above": 1024,
|
|
2510
|
+
"type": "keyword"
|
|
2511
|
+
},
|
|
2512
|
+
"imphash": {
|
|
2513
|
+
"ignore_above": 1024,
|
|
2514
|
+
"type": "keyword"
|
|
2515
|
+
},
|
|
2516
|
+
"original_file_name": {
|
|
2517
|
+
"ignore_above": 1024,
|
|
2518
|
+
"type": "keyword"
|
|
2519
|
+
},
|
|
2520
|
+
"product": {
|
|
2521
|
+
"ignore_above": 1024,
|
|
2522
|
+
"type": "keyword"
|
|
2523
|
+
}
|
|
2524
|
+
}
|
|
2525
|
+
},
|
|
1900
2526
|
"pgid": {
|
|
1901
2527
|
"type": "long"
|
|
1902
2528
|
},
|
|
@@ -1923,8 +2549,7 @@
|
|
|
1923
2549
|
"title": {
|
|
1924
2550
|
"fields": {
|
|
1925
2551
|
"text": {
|
|
1926
|
-
"
|
|
1927
|
-
"type": "text"
|
|
2552
|
+
"type": "match_only_text"
|
|
1928
2553
|
}
|
|
1929
2554
|
},
|
|
1930
2555
|
"ignore_above": 1024,
|
|
@@ -1936,8 +2561,7 @@
|
|
|
1936
2561
|
"working_directory": {
|
|
1937
2562
|
"fields": {
|
|
1938
2563
|
"text": {
|
|
1939
|
-
"
|
|
1940
|
-
"type": "text"
|
|
2564
|
+
"type": "match_only_text"
|
|
1941
2565
|
}
|
|
1942
2566
|
},
|
|
1943
2567
|
"ignore_above": 1024,
|
|
@@ -1947,6 +2571,10 @@
|
|
|
1947
2571
|
},
|
|
1948
2572
|
"pe": {
|
|
1949
2573
|
"properties": {
|
|
2574
|
+
"architecture": {
|
|
2575
|
+
"ignore_above": 1024,
|
|
2576
|
+
"type": "keyword"
|
|
2577
|
+
},
|
|
1950
2578
|
"company": {
|
|
1951
2579
|
"ignore_above": 1024,
|
|
1952
2580
|
"type": "keyword"
|
|
@@ -1959,6 +2587,10 @@
|
|
|
1959
2587
|
"ignore_above": 1024,
|
|
1960
2588
|
"type": "keyword"
|
|
1961
2589
|
},
|
|
2590
|
+
"imphash": {
|
|
2591
|
+
"ignore_above": 1024,
|
|
2592
|
+
"type": "keyword"
|
|
2593
|
+
},
|
|
1962
2594
|
"original_file_name": {
|
|
1963
2595
|
"ignore_above": 1024,
|
|
1964
2596
|
"type": "keyword"
|
|
@@ -1995,8 +2627,7 @@
|
|
|
1995
2627
|
"title": {
|
|
1996
2628
|
"fields": {
|
|
1997
2629
|
"text": {
|
|
1998
|
-
"
|
|
1999
|
-
"type": "text"
|
|
2630
|
+
"type": "match_only_text"
|
|
2000
2631
|
}
|
|
2001
2632
|
},
|
|
2002
2633
|
"ignore_above": 1024,
|
|
@@ -2008,8 +2639,7 @@
|
|
|
2008
2639
|
"working_directory": {
|
|
2009
2640
|
"fields": {
|
|
2010
2641
|
"text": {
|
|
2011
|
-
"
|
|
2012
|
-
"type": "text"
|
|
2642
|
+
"type": "match_only_text"
|
|
2013
2643
|
}
|
|
2014
2644
|
},
|
|
2015
2645
|
"ignore_above": 1024,
|
|
@@ -2026,8 +2656,7 @@
|
|
|
2026
2656
|
"type": "keyword"
|
|
2027
2657
|
},
|
|
2028
2658
|
"strings": {
|
|
2029
|
-
"
|
|
2030
|
-
"type": "keyword"
|
|
2659
|
+
"type": "wildcard"
|
|
2031
2660
|
},
|
|
2032
2661
|
"type": {
|
|
2033
2662
|
"ignore_above": 1024,
|
|
@@ -2059,6 +2688,10 @@
|
|
|
2059
2688
|
"ignore_above": 1024,
|
|
2060
2689
|
"type": "keyword"
|
|
2061
2690
|
},
|
|
2691
|
+
"hosts": {
|
|
2692
|
+
"ignore_above": 1024,
|
|
2693
|
+
"type": "keyword"
|
|
2694
|
+
},
|
|
2062
2695
|
"ip": {
|
|
2063
2696
|
"type": "ip"
|
|
2064
2697
|
},
|
|
@@ -2128,8 +2761,7 @@
|
|
|
2128
2761
|
"name": {
|
|
2129
2762
|
"fields": {
|
|
2130
2763
|
"text": {
|
|
2131
|
-
"
|
|
2132
|
-
"type": "text"
|
|
2764
|
+
"type": "match_only_text"
|
|
2133
2765
|
}
|
|
2134
2766
|
},
|
|
2135
2767
|
"ignore_above": 1024,
|
|
@@ -2152,6 +2784,10 @@
|
|
|
2152
2784
|
"ignore_above": 1024,
|
|
2153
2785
|
"type": "keyword"
|
|
2154
2786
|
},
|
|
2787
|
+
"continent_code": {
|
|
2788
|
+
"ignore_above": 1024,
|
|
2789
|
+
"type": "keyword"
|
|
2790
|
+
},
|
|
2155
2791
|
"continent_name": {
|
|
2156
2792
|
"ignore_above": 1024,
|
|
2157
2793
|
"type": "keyword"
|
|
@@ -2171,6 +2807,10 @@
|
|
|
2171
2807
|
"ignore_above": 1024,
|
|
2172
2808
|
"type": "keyword"
|
|
2173
2809
|
},
|
|
2810
|
+
"postal_code": {
|
|
2811
|
+
"ignore_above": 1024,
|
|
2812
|
+
"type": "keyword"
|
|
2813
|
+
},
|
|
2174
2814
|
"region_iso_code": {
|
|
2175
2815
|
"ignore_above": 1024,
|
|
2176
2816
|
"type": "keyword"
|
|
@@ -2178,6 +2818,10 @@
|
|
|
2178
2818
|
"region_name": {
|
|
2179
2819
|
"ignore_above": 1024,
|
|
2180
2820
|
"type": "keyword"
|
|
2821
|
+
},
|
|
2822
|
+
"timezone": {
|
|
2823
|
+
"ignore_above": 1024,
|
|
2824
|
+
"type": "keyword"
|
|
2181
2825
|
}
|
|
2182
2826
|
}
|
|
2183
2827
|
},
|
|
@@ -2208,6 +2852,10 @@
|
|
|
2208
2852
|
"ignore_above": 1024,
|
|
2209
2853
|
"type": "keyword"
|
|
2210
2854
|
},
|
|
2855
|
+
"subdomain": {
|
|
2856
|
+
"ignore_above": 1024,
|
|
2857
|
+
"type": "keyword"
|
|
2858
|
+
},
|
|
2211
2859
|
"top_level_domain": {
|
|
2212
2860
|
"ignore_above": 1024,
|
|
2213
2861
|
"type": "keyword"
|
|
@@ -2225,8 +2873,7 @@
|
|
|
2225
2873
|
"full_name": {
|
|
2226
2874
|
"fields": {
|
|
2227
2875
|
"text": {
|
|
2228
|
-
"
|
|
2229
|
-
"type": "text"
|
|
2876
|
+
"type": "match_only_text"
|
|
2230
2877
|
}
|
|
2231
2878
|
},
|
|
2232
2879
|
"ignore_above": 1024,
|
|
@@ -2259,12 +2906,15 @@
|
|
|
2259
2906
|
"name": {
|
|
2260
2907
|
"fields": {
|
|
2261
2908
|
"text": {
|
|
2262
|
-
"
|
|
2263
|
-
"type": "text"
|
|
2909
|
+
"type": "match_only_text"
|
|
2264
2910
|
}
|
|
2265
2911
|
},
|
|
2266
2912
|
"ignore_above": 1024,
|
|
2267
2913
|
"type": "keyword"
|
|
2914
|
+
},
|
|
2915
|
+
"roles": {
|
|
2916
|
+
"ignore_above": 1024,
|
|
2917
|
+
"type": "keyword"
|
|
2268
2918
|
}
|
|
2269
2919
|
}
|
|
2270
2920
|
}
|
|
@@ -2272,6 +2922,14 @@
|
|
|
2272
2922
|
},
|
|
2273
2923
|
"service": {
|
|
2274
2924
|
"properties": {
|
|
2925
|
+
"address": {
|
|
2926
|
+
"ignore_above": 1024,
|
|
2927
|
+
"type": "keyword"
|
|
2928
|
+
},
|
|
2929
|
+
"environment": {
|
|
2930
|
+
"ignore_above": 1024,
|
|
2931
|
+
"type": "keyword"
|
|
2932
|
+
},
|
|
2275
2933
|
"ephemeral_id": {
|
|
2276
2934
|
"ignore_above": 1024,
|
|
2277
2935
|
"type": "keyword"
|
|
@@ -2322,8 +2980,7 @@
|
|
|
2322
2980
|
"name": {
|
|
2323
2981
|
"fields": {
|
|
2324
2982
|
"text": {
|
|
2325
|
-
"
|
|
2326
|
-
"type": "text"
|
|
2983
|
+
"type": "match_only_text"
|
|
2327
2984
|
}
|
|
2328
2985
|
},
|
|
2329
2986
|
"ignore_above": 1024,
|
|
@@ -2346,6 +3003,10 @@
|
|
|
2346
3003
|
"ignore_above": 1024,
|
|
2347
3004
|
"type": "keyword"
|
|
2348
3005
|
},
|
|
3006
|
+
"continent_code": {
|
|
3007
|
+
"ignore_above": 1024,
|
|
3008
|
+
"type": "keyword"
|
|
3009
|
+
},
|
|
2349
3010
|
"continent_name": {
|
|
2350
3011
|
"ignore_above": 1024,
|
|
2351
3012
|
"type": "keyword"
|
|
@@ -2365,6 +3026,10 @@
|
|
|
2365
3026
|
"ignore_above": 1024,
|
|
2366
3027
|
"type": "keyword"
|
|
2367
3028
|
},
|
|
3029
|
+
"postal_code": {
|
|
3030
|
+
"ignore_above": 1024,
|
|
3031
|
+
"type": "keyword"
|
|
3032
|
+
},
|
|
2368
3033
|
"region_iso_code": {
|
|
2369
3034
|
"ignore_above": 1024,
|
|
2370
3035
|
"type": "keyword"
|
|
@@ -2372,6 +3037,10 @@
|
|
|
2372
3037
|
"region_name": {
|
|
2373
3038
|
"ignore_above": 1024,
|
|
2374
3039
|
"type": "keyword"
|
|
3040
|
+
},
|
|
3041
|
+
"timezone": {
|
|
3042
|
+
"ignore_above": 1024,
|
|
3043
|
+
"type": "keyword"
|
|
2375
3044
|
}
|
|
2376
3045
|
}
|
|
2377
3046
|
},
|
|
@@ -2402,6 +3071,10 @@
|
|
|
2402
3071
|
"ignore_above": 1024,
|
|
2403
3072
|
"type": "keyword"
|
|
2404
3073
|
},
|
|
3074
|
+
"subdomain": {
|
|
3075
|
+
"ignore_above": 1024,
|
|
3076
|
+
"type": "keyword"
|
|
3077
|
+
},
|
|
2405
3078
|
"top_level_domain": {
|
|
2406
3079
|
"ignore_above": 1024,
|
|
2407
3080
|
"type": "keyword"
|
|
@@ -2419,8 +3092,7 @@
|
|
|
2419
3092
|
"full_name": {
|
|
2420
3093
|
"fields": {
|
|
2421
3094
|
"text": {
|
|
2422
|
-
"
|
|
2423
|
-
"type": "text"
|
|
3095
|
+
"type": "match_only_text"
|
|
2424
3096
|
}
|
|
2425
3097
|
},
|
|
2426
3098
|
"ignore_above": 1024,
|
|
@@ -2453,32 +3125,1615 @@
|
|
|
2453
3125
|
"name": {
|
|
2454
3126
|
"fields": {
|
|
2455
3127
|
"text": {
|
|
2456
|
-
"
|
|
2457
|
-
"type": "text"
|
|
3128
|
+
"type": "match_only_text"
|
|
2458
3129
|
}
|
|
2459
3130
|
},
|
|
2460
3131
|
"ignore_above": 1024,
|
|
2461
3132
|
"type": "keyword"
|
|
3133
|
+
},
|
|
3134
|
+
"roles": {
|
|
3135
|
+
"ignore_above": 1024,
|
|
3136
|
+
"type": "keyword"
|
|
2462
3137
|
}
|
|
2463
3138
|
}
|
|
2464
3139
|
}
|
|
2465
3140
|
}
|
|
2466
3141
|
},
|
|
3142
|
+
"span": {
|
|
3143
|
+
"properties": {
|
|
3144
|
+
"id": {
|
|
3145
|
+
"ignore_above": 1024,
|
|
3146
|
+
"type": "keyword"
|
|
3147
|
+
}
|
|
3148
|
+
}
|
|
3149
|
+
},
|
|
2467
3150
|
"tags": {
|
|
2468
3151
|
"ignore_above": 1024,
|
|
2469
3152
|
"type": "keyword"
|
|
2470
3153
|
},
|
|
2471
3154
|
"threat": {
|
|
2472
3155
|
"properties": {
|
|
2473
|
-
"
|
|
2474
|
-
"ignore_above": 1024,
|
|
2475
|
-
"type": "keyword"
|
|
2476
|
-
},
|
|
2477
|
-
"tactic": {
|
|
3156
|
+
"enrichments": {
|
|
2478
3157
|
"properties": {
|
|
2479
|
-
"
|
|
2480
|
-
"
|
|
2481
|
-
|
|
3158
|
+
"indicator": {
|
|
3159
|
+
"properties": {
|
|
3160
|
+
"as": {
|
|
3161
|
+
"properties": {
|
|
3162
|
+
"number": {
|
|
3163
|
+
"type": "long"
|
|
3164
|
+
},
|
|
3165
|
+
"organization": {
|
|
3166
|
+
"properties": {
|
|
3167
|
+
"name": {
|
|
3168
|
+
"fields": {
|
|
3169
|
+
"text": {
|
|
3170
|
+
"type": "match_only_text"
|
|
3171
|
+
}
|
|
3172
|
+
},
|
|
3173
|
+
"ignore_above": 1024,
|
|
3174
|
+
"type": "keyword"
|
|
3175
|
+
}
|
|
3176
|
+
}
|
|
3177
|
+
}
|
|
3178
|
+
}
|
|
3179
|
+
},
|
|
3180
|
+
"confidence": {
|
|
3181
|
+
"ignore_above": 1024,
|
|
3182
|
+
"type": "keyword"
|
|
3183
|
+
},
|
|
3184
|
+
"description": {
|
|
3185
|
+
"ignore_above": 1024,
|
|
3186
|
+
"type": "keyword"
|
|
3187
|
+
},
|
|
3188
|
+
"email": {
|
|
3189
|
+
"properties": {
|
|
3190
|
+
"address": {
|
|
3191
|
+
"ignore_above": 1024,
|
|
3192
|
+
"type": "keyword"
|
|
3193
|
+
}
|
|
3194
|
+
}
|
|
3195
|
+
},
|
|
3196
|
+
"file": {
|
|
3197
|
+
"properties": {
|
|
3198
|
+
"accessed": {
|
|
3199
|
+
"type": "date"
|
|
3200
|
+
},
|
|
3201
|
+
"attributes": {
|
|
3202
|
+
"ignore_above": 1024,
|
|
3203
|
+
"type": "keyword"
|
|
3204
|
+
},
|
|
3205
|
+
"code_signature": {
|
|
3206
|
+
"properties": {
|
|
3207
|
+
"digest_algorithm": {
|
|
3208
|
+
"ignore_above": 1024,
|
|
3209
|
+
"type": "keyword"
|
|
3210
|
+
},
|
|
3211
|
+
"exists": {
|
|
3212
|
+
"type": "boolean"
|
|
3213
|
+
},
|
|
3214
|
+
"signing_id": {
|
|
3215
|
+
"ignore_above": 1024,
|
|
3216
|
+
"type": "keyword"
|
|
3217
|
+
},
|
|
3218
|
+
"status": {
|
|
3219
|
+
"ignore_above": 1024,
|
|
3220
|
+
"type": "keyword"
|
|
3221
|
+
},
|
|
3222
|
+
"subject_name": {
|
|
3223
|
+
"ignore_above": 1024,
|
|
3224
|
+
"type": "keyword"
|
|
3225
|
+
},
|
|
3226
|
+
"team_id": {
|
|
3227
|
+
"ignore_above": 1024,
|
|
3228
|
+
"type": "keyword"
|
|
3229
|
+
},
|
|
3230
|
+
"timestamp": {
|
|
3231
|
+
"type": "date"
|
|
3232
|
+
},
|
|
3233
|
+
"trusted": {
|
|
3234
|
+
"type": "boolean"
|
|
3235
|
+
},
|
|
3236
|
+
"valid": {
|
|
3237
|
+
"type": "boolean"
|
|
3238
|
+
}
|
|
3239
|
+
}
|
|
3240
|
+
},
|
|
3241
|
+
"created": {
|
|
3242
|
+
"type": "date"
|
|
3243
|
+
},
|
|
3244
|
+
"ctime": {
|
|
3245
|
+
"type": "date"
|
|
3246
|
+
},
|
|
3247
|
+
"device": {
|
|
3248
|
+
"ignore_above": 1024,
|
|
3249
|
+
"type": "keyword"
|
|
3250
|
+
},
|
|
3251
|
+
"directory": {
|
|
3252
|
+
"ignore_above": 1024,
|
|
3253
|
+
"type": "keyword"
|
|
3254
|
+
},
|
|
3255
|
+
"drive_letter": {
|
|
3256
|
+
"ignore_above": 1,
|
|
3257
|
+
"type": "keyword"
|
|
3258
|
+
},
|
|
3259
|
+
"elf": {
|
|
3260
|
+
"properties": {
|
|
3261
|
+
"architecture": {
|
|
3262
|
+
"ignore_above": 1024,
|
|
3263
|
+
"type": "keyword"
|
|
3264
|
+
},
|
|
3265
|
+
"byte_order": {
|
|
3266
|
+
"ignore_above": 1024,
|
|
3267
|
+
"type": "keyword"
|
|
3268
|
+
},
|
|
3269
|
+
"cpu_type": {
|
|
3270
|
+
"ignore_above": 1024,
|
|
3271
|
+
"type": "keyword"
|
|
3272
|
+
},
|
|
3273
|
+
"creation_date": {
|
|
3274
|
+
"type": "date"
|
|
3275
|
+
},
|
|
3276
|
+
"exports": {
|
|
3277
|
+
"type": "flattened"
|
|
3278
|
+
},
|
|
3279
|
+
"header": {
|
|
3280
|
+
"properties": {
|
|
3281
|
+
"abi_version": {
|
|
3282
|
+
"ignore_above": 1024,
|
|
3283
|
+
"type": "keyword"
|
|
3284
|
+
},
|
|
3285
|
+
"class": {
|
|
3286
|
+
"ignore_above": 1024,
|
|
3287
|
+
"type": "keyword"
|
|
3288
|
+
},
|
|
3289
|
+
"data": {
|
|
3290
|
+
"ignore_above": 1024,
|
|
3291
|
+
"type": "keyword"
|
|
3292
|
+
},
|
|
3293
|
+
"entrypoint": {
|
|
3294
|
+
"type": "long"
|
|
3295
|
+
},
|
|
3296
|
+
"object_version": {
|
|
3297
|
+
"ignore_above": 1024,
|
|
3298
|
+
"type": "keyword"
|
|
3299
|
+
},
|
|
3300
|
+
"os_abi": {
|
|
3301
|
+
"ignore_above": 1024,
|
|
3302
|
+
"type": "keyword"
|
|
3303
|
+
},
|
|
3304
|
+
"type": {
|
|
3305
|
+
"ignore_above": 1024,
|
|
3306
|
+
"type": "keyword"
|
|
3307
|
+
},
|
|
3308
|
+
"version": {
|
|
3309
|
+
"ignore_above": 1024,
|
|
3310
|
+
"type": "keyword"
|
|
3311
|
+
}
|
|
3312
|
+
}
|
|
3313
|
+
},
|
|
3314
|
+
"imports": {
|
|
3315
|
+
"type": "flattened"
|
|
3316
|
+
},
|
|
3317
|
+
"sections": {
|
|
3318
|
+
"properties": {
|
|
3319
|
+
"chi2": {
|
|
3320
|
+
"type": "long"
|
|
3321
|
+
},
|
|
3322
|
+
"entropy": {
|
|
3323
|
+
"type": "long"
|
|
3324
|
+
},
|
|
3325
|
+
"flags": {
|
|
3326
|
+
"ignore_above": 1024,
|
|
3327
|
+
"type": "keyword"
|
|
3328
|
+
},
|
|
3329
|
+
"name": {
|
|
3330
|
+
"ignore_above": 1024,
|
|
3331
|
+
"type": "keyword"
|
|
3332
|
+
},
|
|
3333
|
+
"physical_offset": {
|
|
3334
|
+
"ignore_above": 1024,
|
|
3335
|
+
"type": "keyword"
|
|
3336
|
+
},
|
|
3337
|
+
"physical_size": {
|
|
3338
|
+
"type": "long"
|
|
3339
|
+
},
|
|
3340
|
+
"type": {
|
|
3341
|
+
"ignore_above": 1024,
|
|
3342
|
+
"type": "keyword"
|
|
3343
|
+
},
|
|
3344
|
+
"virtual_address": {
|
|
3345
|
+
"type": "long"
|
|
3346
|
+
},
|
|
3347
|
+
"virtual_size": {
|
|
3348
|
+
"type": "long"
|
|
3349
|
+
}
|
|
3350
|
+
},
|
|
3351
|
+
"type": "nested"
|
|
3352
|
+
},
|
|
3353
|
+
"segments": {
|
|
3354
|
+
"properties": {
|
|
3355
|
+
"sections": {
|
|
3356
|
+
"ignore_above": 1024,
|
|
3357
|
+
"type": "keyword"
|
|
3358
|
+
},
|
|
3359
|
+
"type": {
|
|
3360
|
+
"ignore_above": 1024,
|
|
3361
|
+
"type": "keyword"
|
|
3362
|
+
}
|
|
3363
|
+
},
|
|
3364
|
+
"type": "nested"
|
|
3365
|
+
},
|
|
3366
|
+
"shared_libraries": {
|
|
3367
|
+
"ignore_above": 1024,
|
|
3368
|
+
"type": "keyword"
|
|
3369
|
+
},
|
|
3370
|
+
"telfhash": {
|
|
3371
|
+
"ignore_above": 1024,
|
|
3372
|
+
"type": "keyword"
|
|
3373
|
+
}
|
|
3374
|
+
}
|
|
3375
|
+
},
|
|
3376
|
+
"extension": {
|
|
3377
|
+
"ignore_above": 1024,
|
|
3378
|
+
"type": "keyword"
|
|
3379
|
+
},
|
|
3380
|
+
"fork_name": {
|
|
3381
|
+
"ignore_above": 1024,
|
|
3382
|
+
"type": "keyword"
|
|
3383
|
+
},
|
|
3384
|
+
"gid": {
|
|
3385
|
+
"ignore_above": 1024,
|
|
3386
|
+
"type": "keyword"
|
|
3387
|
+
},
|
|
3388
|
+
"group": {
|
|
3389
|
+
"ignore_above": 1024,
|
|
3390
|
+
"type": "keyword"
|
|
3391
|
+
},
|
|
3392
|
+
"hash": {
|
|
3393
|
+
"properties": {
|
|
3394
|
+
"md5": {
|
|
3395
|
+
"ignore_above": 1024,
|
|
3396
|
+
"type": "keyword"
|
|
3397
|
+
},
|
|
3398
|
+
"sha1": {
|
|
3399
|
+
"ignore_above": 1024,
|
|
3400
|
+
"type": "keyword"
|
|
3401
|
+
},
|
|
3402
|
+
"sha256": {
|
|
3403
|
+
"ignore_above": 1024,
|
|
3404
|
+
"type": "keyword"
|
|
3405
|
+
},
|
|
3406
|
+
"sha512": {
|
|
3407
|
+
"ignore_above": 1024,
|
|
3408
|
+
"type": "keyword"
|
|
3409
|
+
},
|
|
3410
|
+
"ssdeep": {
|
|
3411
|
+
"ignore_above": 1024,
|
|
3412
|
+
"type": "keyword"
|
|
3413
|
+
}
|
|
3414
|
+
}
|
|
3415
|
+
},
|
|
3416
|
+
"inode": {
|
|
3417
|
+
"ignore_above": 1024,
|
|
3418
|
+
"type": "keyword"
|
|
3419
|
+
},
|
|
3420
|
+
"mime_type": {
|
|
3421
|
+
"ignore_above": 1024,
|
|
3422
|
+
"type": "keyword"
|
|
3423
|
+
},
|
|
3424
|
+
"mode": {
|
|
3425
|
+
"ignore_above": 1024,
|
|
3426
|
+
"type": "keyword"
|
|
3427
|
+
},
|
|
3428
|
+
"mtime": {
|
|
3429
|
+
"type": "date"
|
|
3430
|
+
},
|
|
3431
|
+
"name": {
|
|
3432
|
+
"ignore_above": 1024,
|
|
3433
|
+
"type": "keyword"
|
|
3434
|
+
},
|
|
3435
|
+
"owner": {
|
|
3436
|
+
"ignore_above": 1024,
|
|
3437
|
+
"type": "keyword"
|
|
3438
|
+
},
|
|
3439
|
+
"path": {
|
|
3440
|
+
"fields": {
|
|
3441
|
+
"text": {
|
|
3442
|
+
"type": "match_only_text"
|
|
3443
|
+
}
|
|
3444
|
+
},
|
|
3445
|
+
"ignore_above": 1024,
|
|
3446
|
+
"type": "keyword"
|
|
3447
|
+
},
|
|
3448
|
+
"pe": {
|
|
3449
|
+
"properties": {
|
|
3450
|
+
"architecture": {
|
|
3451
|
+
"ignore_above": 1024,
|
|
3452
|
+
"type": "keyword"
|
|
3453
|
+
},
|
|
3454
|
+
"company": {
|
|
3455
|
+
"ignore_above": 1024,
|
|
3456
|
+
"type": "keyword"
|
|
3457
|
+
},
|
|
3458
|
+
"description": {
|
|
3459
|
+
"ignore_above": 1024,
|
|
3460
|
+
"type": "keyword"
|
|
3461
|
+
},
|
|
3462
|
+
"file_version": {
|
|
3463
|
+
"ignore_above": 1024,
|
|
3464
|
+
"type": "keyword"
|
|
3465
|
+
},
|
|
3466
|
+
"imphash": {
|
|
3467
|
+
"ignore_above": 1024,
|
|
3468
|
+
"type": "keyword"
|
|
3469
|
+
},
|
|
3470
|
+
"original_file_name": {
|
|
3471
|
+
"ignore_above": 1024,
|
|
3472
|
+
"type": "keyword"
|
|
3473
|
+
},
|
|
3474
|
+
"product": {
|
|
3475
|
+
"ignore_above": 1024,
|
|
3476
|
+
"type": "keyword"
|
|
3477
|
+
}
|
|
3478
|
+
}
|
|
3479
|
+
},
|
|
3480
|
+
"size": {
|
|
3481
|
+
"type": "long"
|
|
3482
|
+
},
|
|
3483
|
+
"target_path": {
|
|
3484
|
+
"fields": {
|
|
3485
|
+
"text": {
|
|
3486
|
+
"type": "match_only_text"
|
|
3487
|
+
}
|
|
3488
|
+
},
|
|
3489
|
+
"ignore_above": 1024,
|
|
3490
|
+
"type": "keyword"
|
|
3491
|
+
},
|
|
3492
|
+
"type": {
|
|
3493
|
+
"ignore_above": 1024,
|
|
3494
|
+
"type": "keyword"
|
|
3495
|
+
},
|
|
3496
|
+
"uid": {
|
|
3497
|
+
"ignore_above": 1024,
|
|
3498
|
+
"type": "keyword"
|
|
3499
|
+
},
|
|
3500
|
+
"x509": {
|
|
3501
|
+
"properties": {
|
|
3502
|
+
"alternative_names": {
|
|
3503
|
+
"ignore_above": 1024,
|
|
3504
|
+
"type": "keyword"
|
|
3505
|
+
},
|
|
3506
|
+
"issuer": {
|
|
3507
|
+
"properties": {
|
|
3508
|
+
"common_name": {
|
|
3509
|
+
"ignore_above": 1024,
|
|
3510
|
+
"type": "keyword"
|
|
3511
|
+
},
|
|
3512
|
+
"country": {
|
|
3513
|
+
"ignore_above": 1024,
|
|
3514
|
+
"type": "keyword"
|
|
3515
|
+
},
|
|
3516
|
+
"distinguished_name": {
|
|
3517
|
+
"ignore_above": 1024,
|
|
3518
|
+
"type": "keyword"
|
|
3519
|
+
},
|
|
3520
|
+
"locality": {
|
|
3521
|
+
"ignore_above": 1024,
|
|
3522
|
+
"type": "keyword"
|
|
3523
|
+
},
|
|
3524
|
+
"organization": {
|
|
3525
|
+
"ignore_above": 1024,
|
|
3526
|
+
"type": "keyword"
|
|
3527
|
+
},
|
|
3528
|
+
"organizational_unit": {
|
|
3529
|
+
"ignore_above": 1024,
|
|
3530
|
+
"type": "keyword"
|
|
3531
|
+
},
|
|
3532
|
+
"state_or_province": {
|
|
3533
|
+
"ignore_above": 1024,
|
|
3534
|
+
"type": "keyword"
|
|
3535
|
+
}
|
|
3536
|
+
}
|
|
3537
|
+
},
|
|
3538
|
+
"not_after": {
|
|
3539
|
+
"type": "date"
|
|
3540
|
+
},
|
|
3541
|
+
"not_before": {
|
|
3542
|
+
"type": "date"
|
|
3543
|
+
},
|
|
3544
|
+
"public_key_algorithm": {
|
|
3545
|
+
"ignore_above": 1024,
|
|
3546
|
+
"type": "keyword"
|
|
3547
|
+
},
|
|
3548
|
+
"public_key_curve": {
|
|
3549
|
+
"ignore_above": 1024,
|
|
3550
|
+
"type": "keyword"
|
|
3551
|
+
},
|
|
3552
|
+
"public_key_exponent": {
|
|
3553
|
+
"doc_values": false,
|
|
3554
|
+
"index": false,
|
|
3555
|
+
"type": "long"
|
|
3556
|
+
},
|
|
3557
|
+
"public_key_size": {
|
|
3558
|
+
"type": "long"
|
|
3559
|
+
},
|
|
3560
|
+
"serial_number": {
|
|
3561
|
+
"ignore_above": 1024,
|
|
3562
|
+
"type": "keyword"
|
|
3563
|
+
},
|
|
3564
|
+
"signature_algorithm": {
|
|
3565
|
+
"ignore_above": 1024,
|
|
3566
|
+
"type": "keyword"
|
|
3567
|
+
},
|
|
3568
|
+
"subject": {
|
|
3569
|
+
"properties": {
|
|
3570
|
+
"common_name": {
|
|
3571
|
+
"ignore_above": 1024,
|
|
3572
|
+
"type": "keyword"
|
|
3573
|
+
},
|
|
3574
|
+
"country": {
|
|
3575
|
+
"ignore_above": 1024,
|
|
3576
|
+
"type": "keyword"
|
|
3577
|
+
},
|
|
3578
|
+
"distinguished_name": {
|
|
3579
|
+
"ignore_above": 1024,
|
|
3580
|
+
"type": "keyword"
|
|
3581
|
+
},
|
|
3582
|
+
"locality": {
|
|
3583
|
+
"ignore_above": 1024,
|
|
3584
|
+
"type": "keyword"
|
|
3585
|
+
},
|
|
3586
|
+
"organization": {
|
|
3587
|
+
"ignore_above": 1024,
|
|
3588
|
+
"type": "keyword"
|
|
3589
|
+
},
|
|
3590
|
+
"organizational_unit": {
|
|
3591
|
+
"ignore_above": 1024,
|
|
3592
|
+
"type": "keyword"
|
|
3593
|
+
},
|
|
3594
|
+
"state_or_province": {
|
|
3595
|
+
"ignore_above": 1024,
|
|
3596
|
+
"type": "keyword"
|
|
3597
|
+
}
|
|
3598
|
+
}
|
|
3599
|
+
},
|
|
3600
|
+
"version_number": {
|
|
3601
|
+
"ignore_above": 1024,
|
|
3602
|
+
"type": "keyword"
|
|
3603
|
+
}
|
|
3604
|
+
}
|
|
3605
|
+
}
|
|
3606
|
+
}
|
|
3607
|
+
},
|
|
3608
|
+
"first_seen": {
|
|
3609
|
+
"type": "date"
|
|
3610
|
+
},
|
|
3611
|
+
"geo": {
|
|
3612
|
+
"properties": {
|
|
3613
|
+
"city_name": {
|
|
3614
|
+
"ignore_above": 1024,
|
|
3615
|
+
"type": "keyword"
|
|
3616
|
+
},
|
|
3617
|
+
"continent_code": {
|
|
3618
|
+
"ignore_above": 1024,
|
|
3619
|
+
"type": "keyword"
|
|
3620
|
+
},
|
|
3621
|
+
"continent_name": {
|
|
3622
|
+
"ignore_above": 1024,
|
|
3623
|
+
"type": "keyword"
|
|
3624
|
+
},
|
|
3625
|
+
"country_iso_code": {
|
|
3626
|
+
"ignore_above": 1024,
|
|
3627
|
+
"type": "keyword"
|
|
3628
|
+
},
|
|
3629
|
+
"country_name": {
|
|
3630
|
+
"ignore_above": 1024,
|
|
3631
|
+
"type": "keyword"
|
|
3632
|
+
},
|
|
3633
|
+
"location": {
|
|
3634
|
+
"type": "geo_point"
|
|
3635
|
+
},
|
|
3636
|
+
"name": {
|
|
3637
|
+
"ignore_above": 1024,
|
|
3638
|
+
"type": "keyword"
|
|
3639
|
+
},
|
|
3640
|
+
"postal_code": {
|
|
3641
|
+
"ignore_above": 1024,
|
|
3642
|
+
"type": "keyword"
|
|
3643
|
+
},
|
|
3644
|
+
"region_iso_code": {
|
|
3645
|
+
"ignore_above": 1024,
|
|
3646
|
+
"type": "keyword"
|
|
3647
|
+
},
|
|
3648
|
+
"region_name": {
|
|
3649
|
+
"ignore_above": 1024,
|
|
3650
|
+
"type": "keyword"
|
|
3651
|
+
},
|
|
3652
|
+
"timezone": {
|
|
3653
|
+
"ignore_above": 1024,
|
|
3654
|
+
"type": "keyword"
|
|
3655
|
+
}
|
|
3656
|
+
}
|
|
3657
|
+
},
|
|
3658
|
+
"ip": {
|
|
3659
|
+
"type": "ip"
|
|
3660
|
+
},
|
|
3661
|
+
"last_seen": {
|
|
3662
|
+
"type": "date"
|
|
3663
|
+
},
|
|
3664
|
+
"marking": {
|
|
3665
|
+
"properties": {
|
|
3666
|
+
"tlp": {
|
|
3667
|
+
"ignore_above": 1024,
|
|
3668
|
+
"type": "keyword"
|
|
3669
|
+
}
|
|
3670
|
+
}
|
|
3671
|
+
},
|
|
3672
|
+
"modified_at": {
|
|
3673
|
+
"type": "date"
|
|
3674
|
+
},
|
|
3675
|
+
"port": {
|
|
3676
|
+
"type": "long"
|
|
3677
|
+
},
|
|
3678
|
+
"provider": {
|
|
3679
|
+
"ignore_above": 1024,
|
|
3680
|
+
"type": "keyword"
|
|
3681
|
+
},
|
|
3682
|
+
"reference": {
|
|
3683
|
+
"ignore_above": 1024,
|
|
3684
|
+
"type": "keyword"
|
|
3685
|
+
},
|
|
3686
|
+
"registry": {
|
|
3687
|
+
"properties": {
|
|
3688
|
+
"data": {
|
|
3689
|
+
"properties": {
|
|
3690
|
+
"bytes": {
|
|
3691
|
+
"ignore_above": 1024,
|
|
3692
|
+
"type": "keyword"
|
|
3693
|
+
},
|
|
3694
|
+
"strings": {
|
|
3695
|
+
"type": "wildcard"
|
|
3696
|
+
},
|
|
3697
|
+
"type": {
|
|
3698
|
+
"ignore_above": 1024,
|
|
3699
|
+
"type": "keyword"
|
|
3700
|
+
}
|
|
3701
|
+
}
|
|
3702
|
+
},
|
|
3703
|
+
"hive": {
|
|
3704
|
+
"ignore_above": 1024,
|
|
3705
|
+
"type": "keyword"
|
|
3706
|
+
},
|
|
3707
|
+
"key": {
|
|
3708
|
+
"ignore_above": 1024,
|
|
3709
|
+
"type": "keyword"
|
|
3710
|
+
},
|
|
3711
|
+
"path": {
|
|
3712
|
+
"ignore_above": 1024,
|
|
3713
|
+
"type": "keyword"
|
|
3714
|
+
},
|
|
3715
|
+
"value": {
|
|
3716
|
+
"ignore_above": 1024,
|
|
3717
|
+
"type": "keyword"
|
|
3718
|
+
}
|
|
3719
|
+
}
|
|
3720
|
+
},
|
|
3721
|
+
"scanner_stats": {
|
|
3722
|
+
"type": "long"
|
|
3723
|
+
},
|
|
3724
|
+
"sightings": {
|
|
3725
|
+
"type": "long"
|
|
3726
|
+
},
|
|
3727
|
+
"type": {
|
|
3728
|
+
"ignore_above": 1024,
|
|
3729
|
+
"type": "keyword"
|
|
3730
|
+
},
|
|
3731
|
+
"url": {
|
|
3732
|
+
"properties": {
|
|
3733
|
+
"domain": {
|
|
3734
|
+
"ignore_above": 1024,
|
|
3735
|
+
"type": "keyword"
|
|
3736
|
+
},
|
|
3737
|
+
"extension": {
|
|
3738
|
+
"ignore_above": 1024,
|
|
3739
|
+
"type": "keyword"
|
|
3740
|
+
},
|
|
3741
|
+
"fragment": {
|
|
3742
|
+
"ignore_above": 1024,
|
|
3743
|
+
"type": "keyword"
|
|
3744
|
+
},
|
|
3745
|
+
"full": {
|
|
3746
|
+
"fields": {
|
|
3747
|
+
"text": {
|
|
3748
|
+
"type": "match_only_text"
|
|
3749
|
+
}
|
|
3750
|
+
},
|
|
3751
|
+
"type": "wildcard"
|
|
3752
|
+
},
|
|
3753
|
+
"original": {
|
|
3754
|
+
"fields": {
|
|
3755
|
+
"text": {
|
|
3756
|
+
"type": "match_only_text"
|
|
3757
|
+
}
|
|
3758
|
+
},
|
|
3759
|
+
"type": "wildcard"
|
|
3760
|
+
},
|
|
3761
|
+
"password": {
|
|
3762
|
+
"ignore_above": 1024,
|
|
3763
|
+
"type": "keyword"
|
|
3764
|
+
},
|
|
3765
|
+
"path": {
|
|
3766
|
+
"type": "wildcard"
|
|
3767
|
+
},
|
|
3768
|
+
"port": {
|
|
3769
|
+
"type": "long"
|
|
3770
|
+
},
|
|
3771
|
+
"query": {
|
|
3772
|
+
"ignore_above": 1024,
|
|
3773
|
+
"type": "keyword"
|
|
3774
|
+
},
|
|
3775
|
+
"registered_domain": {
|
|
3776
|
+
"ignore_above": 1024,
|
|
3777
|
+
"type": "keyword"
|
|
3778
|
+
},
|
|
3779
|
+
"scheme": {
|
|
3780
|
+
"ignore_above": 1024,
|
|
3781
|
+
"type": "keyword"
|
|
3782
|
+
},
|
|
3783
|
+
"subdomain": {
|
|
3784
|
+
"ignore_above": 1024,
|
|
3785
|
+
"type": "keyword"
|
|
3786
|
+
},
|
|
3787
|
+
"top_level_domain": {
|
|
3788
|
+
"ignore_above": 1024,
|
|
3789
|
+
"type": "keyword"
|
|
3790
|
+
},
|
|
3791
|
+
"username": {
|
|
3792
|
+
"ignore_above": 1024,
|
|
3793
|
+
"type": "keyword"
|
|
3794
|
+
}
|
|
3795
|
+
}
|
|
3796
|
+
},
|
|
3797
|
+
"x509": {
|
|
3798
|
+
"properties": {
|
|
3799
|
+
"alternative_names": {
|
|
3800
|
+
"ignore_above": 1024,
|
|
3801
|
+
"type": "keyword"
|
|
3802
|
+
},
|
|
3803
|
+
"issuer": {
|
|
3804
|
+
"properties": {
|
|
3805
|
+
"common_name": {
|
|
3806
|
+
"ignore_above": 1024,
|
|
3807
|
+
"type": "keyword"
|
|
3808
|
+
},
|
|
3809
|
+
"country": {
|
|
3810
|
+
"ignore_above": 1024,
|
|
3811
|
+
"type": "keyword"
|
|
3812
|
+
},
|
|
3813
|
+
"distinguished_name": {
|
|
3814
|
+
"ignore_above": 1024,
|
|
3815
|
+
"type": "keyword"
|
|
3816
|
+
},
|
|
3817
|
+
"locality": {
|
|
3818
|
+
"ignore_above": 1024,
|
|
3819
|
+
"type": "keyword"
|
|
3820
|
+
},
|
|
3821
|
+
"organization": {
|
|
3822
|
+
"ignore_above": 1024,
|
|
3823
|
+
"type": "keyword"
|
|
3824
|
+
},
|
|
3825
|
+
"organizational_unit": {
|
|
3826
|
+
"ignore_above": 1024,
|
|
3827
|
+
"type": "keyword"
|
|
3828
|
+
},
|
|
3829
|
+
"state_or_province": {
|
|
3830
|
+
"ignore_above": 1024,
|
|
3831
|
+
"type": "keyword"
|
|
3832
|
+
}
|
|
3833
|
+
}
|
|
3834
|
+
},
|
|
3835
|
+
"not_after": {
|
|
3836
|
+
"type": "date"
|
|
3837
|
+
},
|
|
3838
|
+
"not_before": {
|
|
3839
|
+
"type": "date"
|
|
3840
|
+
},
|
|
3841
|
+
"public_key_algorithm": {
|
|
3842
|
+
"ignore_above": 1024,
|
|
3843
|
+
"type": "keyword"
|
|
3844
|
+
},
|
|
3845
|
+
"public_key_curve": {
|
|
3846
|
+
"ignore_above": 1024,
|
|
3847
|
+
"type": "keyword"
|
|
3848
|
+
},
|
|
3849
|
+
"public_key_exponent": {
|
|
3850
|
+
"doc_values": false,
|
|
3851
|
+
"index": false,
|
|
3852
|
+
"type": "long"
|
|
3853
|
+
},
|
|
3854
|
+
"public_key_size": {
|
|
3855
|
+
"type": "long"
|
|
3856
|
+
},
|
|
3857
|
+
"serial_number": {
|
|
3858
|
+
"ignore_above": 1024,
|
|
3859
|
+
"type": "keyword"
|
|
3860
|
+
},
|
|
3861
|
+
"signature_algorithm": {
|
|
3862
|
+
"ignore_above": 1024,
|
|
3863
|
+
"type": "keyword"
|
|
3864
|
+
},
|
|
3865
|
+
"subject": {
|
|
3866
|
+
"properties": {
|
|
3867
|
+
"common_name": {
|
|
3868
|
+
"ignore_above": 1024,
|
|
3869
|
+
"type": "keyword"
|
|
3870
|
+
},
|
|
3871
|
+
"country": {
|
|
3872
|
+
"ignore_above": 1024,
|
|
3873
|
+
"type": "keyword"
|
|
3874
|
+
},
|
|
3875
|
+
"distinguished_name": {
|
|
3876
|
+
"ignore_above": 1024,
|
|
3877
|
+
"type": "keyword"
|
|
3878
|
+
},
|
|
3879
|
+
"locality": {
|
|
3880
|
+
"ignore_above": 1024,
|
|
3881
|
+
"type": "keyword"
|
|
3882
|
+
},
|
|
3883
|
+
"organization": {
|
|
3884
|
+
"ignore_above": 1024,
|
|
3885
|
+
"type": "keyword"
|
|
3886
|
+
},
|
|
3887
|
+
"organizational_unit": {
|
|
3888
|
+
"ignore_above": 1024,
|
|
3889
|
+
"type": "keyword"
|
|
3890
|
+
},
|
|
3891
|
+
"state_or_province": {
|
|
3892
|
+
"ignore_above": 1024,
|
|
3893
|
+
"type": "keyword"
|
|
3894
|
+
}
|
|
3895
|
+
}
|
|
3896
|
+
},
|
|
3897
|
+
"version_number": {
|
|
3898
|
+
"ignore_above": 1024,
|
|
3899
|
+
"type": "keyword"
|
|
3900
|
+
}
|
|
3901
|
+
}
|
|
3902
|
+
}
|
|
3903
|
+
},
|
|
3904
|
+
"type": "object"
|
|
3905
|
+
},
|
|
3906
|
+
"matched": {
|
|
3907
|
+
"properties": {
|
|
3908
|
+
"atomic": {
|
|
3909
|
+
"ignore_above": 1024,
|
|
3910
|
+
"type": "keyword"
|
|
3911
|
+
},
|
|
3912
|
+
"field": {
|
|
3913
|
+
"ignore_above": 1024,
|
|
3914
|
+
"type": "keyword"
|
|
3915
|
+
},
|
|
3916
|
+
"id": {
|
|
3917
|
+
"ignore_above": 1024,
|
|
3918
|
+
"type": "keyword"
|
|
3919
|
+
},
|
|
3920
|
+
"index": {
|
|
3921
|
+
"ignore_above": 1024,
|
|
3922
|
+
"type": "keyword"
|
|
3923
|
+
},
|
|
3924
|
+
"type": {
|
|
3925
|
+
"ignore_above": 1024,
|
|
3926
|
+
"type": "keyword"
|
|
3927
|
+
}
|
|
3928
|
+
}
|
|
3929
|
+
}
|
|
3930
|
+
},
|
|
3931
|
+
"type": "nested"
|
|
3932
|
+
},
|
|
3933
|
+
"framework": {
|
|
3934
|
+
"ignore_above": 1024,
|
|
3935
|
+
"type": "keyword"
|
|
3936
|
+
},
|
|
3937
|
+
"group": {
|
|
3938
|
+
"properties": {
|
|
3939
|
+
"alias": {
|
|
3940
|
+
"ignore_above": 1024,
|
|
3941
|
+
"type": "keyword"
|
|
3942
|
+
},
|
|
3943
|
+
"id": {
|
|
3944
|
+
"ignore_above": 1024,
|
|
3945
|
+
"type": "keyword"
|
|
3946
|
+
},
|
|
3947
|
+
"name": {
|
|
3948
|
+
"ignore_above": 1024,
|
|
3949
|
+
"type": "keyword"
|
|
3950
|
+
},
|
|
3951
|
+
"reference": {
|
|
3952
|
+
"ignore_above": 1024,
|
|
3953
|
+
"type": "keyword"
|
|
3954
|
+
}
|
|
3955
|
+
}
|
|
3956
|
+
},
|
|
3957
|
+
"indicator": {
|
|
3958
|
+
"properties": {
|
|
3959
|
+
"as": {
|
|
3960
|
+
"properties": {
|
|
3961
|
+
"number": {
|
|
3962
|
+
"type": "long"
|
|
3963
|
+
},
|
|
3964
|
+
"organization": {
|
|
3965
|
+
"properties": {
|
|
3966
|
+
"name": {
|
|
3967
|
+
"fields": {
|
|
3968
|
+
"text": {
|
|
3969
|
+
"type": "match_only_text"
|
|
3970
|
+
}
|
|
3971
|
+
},
|
|
3972
|
+
"ignore_above": 1024,
|
|
3973
|
+
"type": "keyword"
|
|
3974
|
+
}
|
|
3975
|
+
}
|
|
3976
|
+
}
|
|
3977
|
+
}
|
|
3978
|
+
},
|
|
3979
|
+
"confidence": {
|
|
3980
|
+
"ignore_above": 1024,
|
|
3981
|
+
"type": "keyword"
|
|
3982
|
+
},
|
|
3983
|
+
"description": {
|
|
3984
|
+
"ignore_above": 1024,
|
|
3985
|
+
"type": "keyword"
|
|
3986
|
+
},
|
|
3987
|
+
"email": {
|
|
3988
|
+
"properties": {
|
|
3989
|
+
"address": {
|
|
3990
|
+
"ignore_above": 1024,
|
|
3991
|
+
"type": "keyword"
|
|
3992
|
+
}
|
|
3993
|
+
}
|
|
3994
|
+
},
|
|
3995
|
+
"file": {
|
|
3996
|
+
"properties": {
|
|
3997
|
+
"accessed": {
|
|
3998
|
+
"type": "date"
|
|
3999
|
+
},
|
|
4000
|
+
"attributes": {
|
|
4001
|
+
"ignore_above": 1024,
|
|
4002
|
+
"type": "keyword"
|
|
4003
|
+
},
|
|
4004
|
+
"code_signature": {
|
|
4005
|
+
"properties": {
|
|
4006
|
+
"digest_algorithm": {
|
|
4007
|
+
"ignore_above": 1024,
|
|
4008
|
+
"type": "keyword"
|
|
4009
|
+
},
|
|
4010
|
+
"exists": {
|
|
4011
|
+
"type": "boolean"
|
|
4012
|
+
},
|
|
4013
|
+
"signing_id": {
|
|
4014
|
+
"ignore_above": 1024,
|
|
4015
|
+
"type": "keyword"
|
|
4016
|
+
},
|
|
4017
|
+
"status": {
|
|
4018
|
+
"ignore_above": 1024,
|
|
4019
|
+
"type": "keyword"
|
|
4020
|
+
},
|
|
4021
|
+
"subject_name": {
|
|
4022
|
+
"ignore_above": 1024,
|
|
4023
|
+
"type": "keyword"
|
|
4024
|
+
},
|
|
4025
|
+
"team_id": {
|
|
4026
|
+
"ignore_above": 1024,
|
|
4027
|
+
"type": "keyword"
|
|
4028
|
+
},
|
|
4029
|
+
"timestamp": {
|
|
4030
|
+
"type": "date"
|
|
4031
|
+
},
|
|
4032
|
+
"trusted": {
|
|
4033
|
+
"type": "boolean"
|
|
4034
|
+
},
|
|
4035
|
+
"valid": {
|
|
4036
|
+
"type": "boolean"
|
|
4037
|
+
}
|
|
4038
|
+
}
|
|
4039
|
+
},
|
|
4040
|
+
"created": {
|
|
4041
|
+
"type": "date"
|
|
4042
|
+
},
|
|
4043
|
+
"ctime": {
|
|
4044
|
+
"type": "date"
|
|
4045
|
+
},
|
|
4046
|
+
"device": {
|
|
4047
|
+
"ignore_above": 1024,
|
|
4048
|
+
"type": "keyword"
|
|
4049
|
+
},
|
|
4050
|
+
"directory": {
|
|
4051
|
+
"ignore_above": 1024,
|
|
4052
|
+
"type": "keyword"
|
|
4053
|
+
},
|
|
4054
|
+
"drive_letter": {
|
|
4055
|
+
"ignore_above": 1,
|
|
4056
|
+
"type": "keyword"
|
|
4057
|
+
},
|
|
4058
|
+
"elf": {
|
|
4059
|
+
"properties": {
|
|
4060
|
+
"architecture": {
|
|
4061
|
+
"ignore_above": 1024,
|
|
4062
|
+
"type": "keyword"
|
|
4063
|
+
},
|
|
4064
|
+
"byte_order": {
|
|
4065
|
+
"ignore_above": 1024,
|
|
4066
|
+
"type": "keyword"
|
|
4067
|
+
},
|
|
4068
|
+
"cpu_type": {
|
|
4069
|
+
"ignore_above": 1024,
|
|
4070
|
+
"type": "keyword"
|
|
4071
|
+
},
|
|
4072
|
+
"creation_date": {
|
|
4073
|
+
"type": "date"
|
|
4074
|
+
},
|
|
4075
|
+
"exports": {
|
|
4076
|
+
"type": "flattened"
|
|
4077
|
+
},
|
|
4078
|
+
"header": {
|
|
4079
|
+
"properties": {
|
|
4080
|
+
"abi_version": {
|
|
4081
|
+
"ignore_above": 1024,
|
|
4082
|
+
"type": "keyword"
|
|
4083
|
+
},
|
|
4084
|
+
"class": {
|
|
4085
|
+
"ignore_above": 1024,
|
|
4086
|
+
"type": "keyword"
|
|
4087
|
+
},
|
|
4088
|
+
"data": {
|
|
4089
|
+
"ignore_above": 1024,
|
|
4090
|
+
"type": "keyword"
|
|
4091
|
+
},
|
|
4092
|
+
"entrypoint": {
|
|
4093
|
+
"type": "long"
|
|
4094
|
+
},
|
|
4095
|
+
"object_version": {
|
|
4096
|
+
"ignore_above": 1024,
|
|
4097
|
+
"type": "keyword"
|
|
4098
|
+
},
|
|
4099
|
+
"os_abi": {
|
|
4100
|
+
"ignore_above": 1024,
|
|
4101
|
+
"type": "keyword"
|
|
4102
|
+
},
|
|
4103
|
+
"type": {
|
|
4104
|
+
"ignore_above": 1024,
|
|
4105
|
+
"type": "keyword"
|
|
4106
|
+
},
|
|
4107
|
+
"version": {
|
|
4108
|
+
"ignore_above": 1024,
|
|
4109
|
+
"type": "keyword"
|
|
4110
|
+
}
|
|
4111
|
+
}
|
|
4112
|
+
},
|
|
4113
|
+
"imports": {
|
|
4114
|
+
"type": "flattened"
|
|
4115
|
+
},
|
|
4116
|
+
"sections": {
|
|
4117
|
+
"properties": {
|
|
4118
|
+
"chi2": {
|
|
4119
|
+
"type": "long"
|
|
4120
|
+
},
|
|
4121
|
+
"entropy": {
|
|
4122
|
+
"type": "long"
|
|
4123
|
+
},
|
|
4124
|
+
"flags": {
|
|
4125
|
+
"ignore_above": 1024,
|
|
4126
|
+
"type": "keyword"
|
|
4127
|
+
},
|
|
4128
|
+
"name": {
|
|
4129
|
+
"ignore_above": 1024,
|
|
4130
|
+
"type": "keyword"
|
|
4131
|
+
},
|
|
4132
|
+
"physical_offset": {
|
|
4133
|
+
"ignore_above": 1024,
|
|
4134
|
+
"type": "keyword"
|
|
4135
|
+
},
|
|
4136
|
+
"physical_size": {
|
|
4137
|
+
"type": "long"
|
|
4138
|
+
},
|
|
4139
|
+
"type": {
|
|
4140
|
+
"ignore_above": 1024,
|
|
4141
|
+
"type": "keyword"
|
|
4142
|
+
},
|
|
4143
|
+
"virtual_address": {
|
|
4144
|
+
"type": "long"
|
|
4145
|
+
},
|
|
4146
|
+
"virtual_size": {
|
|
4147
|
+
"type": "long"
|
|
4148
|
+
}
|
|
4149
|
+
},
|
|
4150
|
+
"type": "nested"
|
|
4151
|
+
},
|
|
4152
|
+
"segments": {
|
|
4153
|
+
"properties": {
|
|
4154
|
+
"sections": {
|
|
4155
|
+
"ignore_above": 1024,
|
|
4156
|
+
"type": "keyword"
|
|
4157
|
+
},
|
|
4158
|
+
"type": {
|
|
4159
|
+
"ignore_above": 1024,
|
|
4160
|
+
"type": "keyword"
|
|
4161
|
+
}
|
|
4162
|
+
},
|
|
4163
|
+
"type": "nested"
|
|
4164
|
+
},
|
|
4165
|
+
"shared_libraries": {
|
|
4166
|
+
"ignore_above": 1024,
|
|
4167
|
+
"type": "keyword"
|
|
4168
|
+
},
|
|
4169
|
+
"telfhash": {
|
|
4170
|
+
"ignore_above": 1024,
|
|
4171
|
+
"type": "keyword"
|
|
4172
|
+
}
|
|
4173
|
+
}
|
|
4174
|
+
},
|
|
4175
|
+
"extension": {
|
|
4176
|
+
"ignore_above": 1024,
|
|
4177
|
+
"type": "keyword"
|
|
4178
|
+
},
|
|
4179
|
+
"fork_name": {
|
|
4180
|
+
"ignore_above": 1024,
|
|
4181
|
+
"type": "keyword"
|
|
4182
|
+
},
|
|
4183
|
+
"gid": {
|
|
4184
|
+
"ignore_above": 1024,
|
|
4185
|
+
"type": "keyword"
|
|
4186
|
+
},
|
|
4187
|
+
"group": {
|
|
4188
|
+
"ignore_above": 1024,
|
|
4189
|
+
"type": "keyword"
|
|
4190
|
+
},
|
|
4191
|
+
"hash": {
|
|
4192
|
+
"properties": {
|
|
4193
|
+
"md5": {
|
|
4194
|
+
"ignore_above": 1024,
|
|
4195
|
+
"type": "keyword"
|
|
4196
|
+
},
|
|
4197
|
+
"sha1": {
|
|
4198
|
+
"ignore_above": 1024,
|
|
4199
|
+
"type": "keyword"
|
|
4200
|
+
},
|
|
4201
|
+
"sha256": {
|
|
4202
|
+
"ignore_above": 1024,
|
|
4203
|
+
"type": "keyword"
|
|
4204
|
+
},
|
|
4205
|
+
"sha512": {
|
|
4206
|
+
"ignore_above": 1024,
|
|
4207
|
+
"type": "keyword"
|
|
4208
|
+
},
|
|
4209
|
+
"ssdeep": {
|
|
4210
|
+
"ignore_above": 1024,
|
|
4211
|
+
"type": "keyword"
|
|
4212
|
+
}
|
|
4213
|
+
}
|
|
4214
|
+
},
|
|
4215
|
+
"inode": {
|
|
4216
|
+
"ignore_above": 1024,
|
|
4217
|
+
"type": "keyword"
|
|
4218
|
+
},
|
|
4219
|
+
"mime_type": {
|
|
4220
|
+
"ignore_above": 1024,
|
|
4221
|
+
"type": "keyword"
|
|
4222
|
+
},
|
|
4223
|
+
"mode": {
|
|
4224
|
+
"ignore_above": 1024,
|
|
4225
|
+
"type": "keyword"
|
|
4226
|
+
},
|
|
4227
|
+
"mtime": {
|
|
4228
|
+
"type": "date"
|
|
4229
|
+
},
|
|
4230
|
+
"name": {
|
|
4231
|
+
"ignore_above": 1024,
|
|
4232
|
+
"type": "keyword"
|
|
4233
|
+
},
|
|
4234
|
+
"owner": {
|
|
4235
|
+
"ignore_above": 1024,
|
|
4236
|
+
"type": "keyword"
|
|
4237
|
+
},
|
|
4238
|
+
"path": {
|
|
4239
|
+
"fields": {
|
|
4240
|
+
"text": {
|
|
4241
|
+
"type": "match_only_text"
|
|
4242
|
+
}
|
|
4243
|
+
},
|
|
4244
|
+
"ignore_above": 1024,
|
|
4245
|
+
"type": "keyword"
|
|
4246
|
+
},
|
|
4247
|
+
"pe": {
|
|
4248
|
+
"properties": {
|
|
4249
|
+
"architecture": {
|
|
4250
|
+
"ignore_above": 1024,
|
|
4251
|
+
"type": "keyword"
|
|
4252
|
+
},
|
|
4253
|
+
"company": {
|
|
4254
|
+
"ignore_above": 1024,
|
|
4255
|
+
"type": "keyword"
|
|
4256
|
+
},
|
|
4257
|
+
"description": {
|
|
4258
|
+
"ignore_above": 1024,
|
|
4259
|
+
"type": "keyword"
|
|
4260
|
+
},
|
|
4261
|
+
"file_version": {
|
|
4262
|
+
"ignore_above": 1024,
|
|
4263
|
+
"type": "keyword"
|
|
4264
|
+
},
|
|
4265
|
+
"imphash": {
|
|
4266
|
+
"ignore_above": 1024,
|
|
4267
|
+
"type": "keyword"
|
|
4268
|
+
},
|
|
4269
|
+
"original_file_name": {
|
|
4270
|
+
"ignore_above": 1024,
|
|
4271
|
+
"type": "keyword"
|
|
4272
|
+
},
|
|
4273
|
+
"product": {
|
|
4274
|
+
"ignore_above": 1024,
|
|
4275
|
+
"type": "keyword"
|
|
4276
|
+
}
|
|
4277
|
+
}
|
|
4278
|
+
},
|
|
4279
|
+
"size": {
|
|
4280
|
+
"type": "long"
|
|
4281
|
+
},
|
|
4282
|
+
"target_path": {
|
|
4283
|
+
"fields": {
|
|
4284
|
+
"text": {
|
|
4285
|
+
"type": "match_only_text"
|
|
4286
|
+
}
|
|
4287
|
+
},
|
|
4288
|
+
"ignore_above": 1024,
|
|
4289
|
+
"type": "keyword"
|
|
4290
|
+
},
|
|
4291
|
+
"type": {
|
|
4292
|
+
"ignore_above": 1024,
|
|
4293
|
+
"type": "keyword"
|
|
4294
|
+
},
|
|
4295
|
+
"uid": {
|
|
4296
|
+
"ignore_above": 1024,
|
|
4297
|
+
"type": "keyword"
|
|
4298
|
+
},
|
|
4299
|
+
"x509": {
|
|
4300
|
+
"properties": {
|
|
4301
|
+
"alternative_names": {
|
|
4302
|
+
"ignore_above": 1024,
|
|
4303
|
+
"type": "keyword"
|
|
4304
|
+
},
|
|
4305
|
+
"issuer": {
|
|
4306
|
+
"properties": {
|
|
4307
|
+
"common_name": {
|
|
4308
|
+
"ignore_above": 1024,
|
|
4309
|
+
"type": "keyword"
|
|
4310
|
+
},
|
|
4311
|
+
"country": {
|
|
4312
|
+
"ignore_above": 1024,
|
|
4313
|
+
"type": "keyword"
|
|
4314
|
+
},
|
|
4315
|
+
"distinguished_name": {
|
|
4316
|
+
"ignore_above": 1024,
|
|
4317
|
+
"type": "keyword"
|
|
4318
|
+
},
|
|
4319
|
+
"locality": {
|
|
4320
|
+
"ignore_above": 1024,
|
|
4321
|
+
"type": "keyword"
|
|
4322
|
+
},
|
|
4323
|
+
"organization": {
|
|
4324
|
+
"ignore_above": 1024,
|
|
4325
|
+
"type": "keyword"
|
|
4326
|
+
},
|
|
4327
|
+
"organizational_unit": {
|
|
4328
|
+
"ignore_above": 1024,
|
|
4329
|
+
"type": "keyword"
|
|
4330
|
+
},
|
|
4331
|
+
"state_or_province": {
|
|
4332
|
+
"ignore_above": 1024,
|
|
4333
|
+
"type": "keyword"
|
|
4334
|
+
}
|
|
4335
|
+
}
|
|
4336
|
+
},
|
|
4337
|
+
"not_after": {
|
|
4338
|
+
"type": "date"
|
|
4339
|
+
},
|
|
4340
|
+
"not_before": {
|
|
4341
|
+
"type": "date"
|
|
4342
|
+
},
|
|
4343
|
+
"public_key_algorithm": {
|
|
4344
|
+
"ignore_above": 1024,
|
|
4345
|
+
"type": "keyword"
|
|
4346
|
+
},
|
|
4347
|
+
"public_key_curve": {
|
|
4348
|
+
"ignore_above": 1024,
|
|
4349
|
+
"type": "keyword"
|
|
4350
|
+
},
|
|
4351
|
+
"public_key_exponent": {
|
|
4352
|
+
"doc_values": false,
|
|
4353
|
+
"index": false,
|
|
4354
|
+
"type": "long"
|
|
4355
|
+
},
|
|
4356
|
+
"public_key_size": {
|
|
4357
|
+
"type": "long"
|
|
4358
|
+
},
|
|
4359
|
+
"serial_number": {
|
|
4360
|
+
"ignore_above": 1024,
|
|
4361
|
+
"type": "keyword"
|
|
4362
|
+
},
|
|
4363
|
+
"signature_algorithm": {
|
|
4364
|
+
"ignore_above": 1024,
|
|
4365
|
+
"type": "keyword"
|
|
4366
|
+
},
|
|
4367
|
+
"subject": {
|
|
4368
|
+
"properties": {
|
|
4369
|
+
"common_name": {
|
|
4370
|
+
"ignore_above": 1024,
|
|
4371
|
+
"type": "keyword"
|
|
4372
|
+
},
|
|
4373
|
+
"country": {
|
|
4374
|
+
"ignore_above": 1024,
|
|
4375
|
+
"type": "keyword"
|
|
4376
|
+
},
|
|
4377
|
+
"distinguished_name": {
|
|
4378
|
+
"ignore_above": 1024,
|
|
4379
|
+
"type": "keyword"
|
|
4380
|
+
},
|
|
4381
|
+
"locality": {
|
|
4382
|
+
"ignore_above": 1024,
|
|
4383
|
+
"type": "keyword"
|
|
4384
|
+
},
|
|
4385
|
+
"organization": {
|
|
4386
|
+
"ignore_above": 1024,
|
|
4387
|
+
"type": "keyword"
|
|
4388
|
+
},
|
|
4389
|
+
"organizational_unit": {
|
|
4390
|
+
"ignore_above": 1024,
|
|
4391
|
+
"type": "keyword"
|
|
4392
|
+
},
|
|
4393
|
+
"state_or_province": {
|
|
4394
|
+
"ignore_above": 1024,
|
|
4395
|
+
"type": "keyword"
|
|
4396
|
+
}
|
|
4397
|
+
}
|
|
4398
|
+
},
|
|
4399
|
+
"version_number": {
|
|
4400
|
+
"ignore_above": 1024,
|
|
4401
|
+
"type": "keyword"
|
|
4402
|
+
}
|
|
4403
|
+
}
|
|
4404
|
+
}
|
|
4405
|
+
}
|
|
4406
|
+
},
|
|
4407
|
+
"first_seen": {
|
|
4408
|
+
"type": "date"
|
|
4409
|
+
},
|
|
4410
|
+
"geo": {
|
|
4411
|
+
"properties": {
|
|
4412
|
+
"city_name": {
|
|
4413
|
+
"ignore_above": 1024,
|
|
4414
|
+
"type": "keyword"
|
|
4415
|
+
},
|
|
4416
|
+
"continent_code": {
|
|
4417
|
+
"ignore_above": 1024,
|
|
4418
|
+
"type": "keyword"
|
|
4419
|
+
},
|
|
4420
|
+
"continent_name": {
|
|
4421
|
+
"ignore_above": 1024,
|
|
4422
|
+
"type": "keyword"
|
|
4423
|
+
},
|
|
4424
|
+
"country_iso_code": {
|
|
4425
|
+
"ignore_above": 1024,
|
|
4426
|
+
"type": "keyword"
|
|
4427
|
+
},
|
|
4428
|
+
"country_name": {
|
|
4429
|
+
"ignore_above": 1024,
|
|
4430
|
+
"type": "keyword"
|
|
4431
|
+
},
|
|
4432
|
+
"location": {
|
|
4433
|
+
"type": "geo_point"
|
|
4434
|
+
},
|
|
4435
|
+
"name": {
|
|
4436
|
+
"ignore_above": 1024,
|
|
4437
|
+
"type": "keyword"
|
|
4438
|
+
},
|
|
4439
|
+
"postal_code": {
|
|
4440
|
+
"ignore_above": 1024,
|
|
4441
|
+
"type": "keyword"
|
|
4442
|
+
},
|
|
4443
|
+
"region_iso_code": {
|
|
4444
|
+
"ignore_above": 1024,
|
|
4445
|
+
"type": "keyword"
|
|
4446
|
+
},
|
|
4447
|
+
"region_name": {
|
|
4448
|
+
"ignore_above": 1024,
|
|
4449
|
+
"type": "keyword"
|
|
4450
|
+
},
|
|
4451
|
+
"timezone": {
|
|
4452
|
+
"ignore_above": 1024,
|
|
4453
|
+
"type": "keyword"
|
|
4454
|
+
}
|
|
4455
|
+
}
|
|
4456
|
+
},
|
|
4457
|
+
"ip": {
|
|
4458
|
+
"type": "ip"
|
|
4459
|
+
},
|
|
4460
|
+
"last_seen": {
|
|
4461
|
+
"type": "date"
|
|
4462
|
+
},
|
|
4463
|
+
"marking": {
|
|
4464
|
+
"properties": {
|
|
4465
|
+
"tlp": {
|
|
4466
|
+
"ignore_above": 1024,
|
|
4467
|
+
"type": "keyword"
|
|
4468
|
+
}
|
|
4469
|
+
}
|
|
4470
|
+
},
|
|
4471
|
+
"modified_at": {
|
|
4472
|
+
"type": "date"
|
|
4473
|
+
},
|
|
4474
|
+
"port": {
|
|
4475
|
+
"type": "long"
|
|
4476
|
+
},
|
|
4477
|
+
"provider": {
|
|
4478
|
+
"ignore_above": 1024,
|
|
4479
|
+
"type": "keyword"
|
|
4480
|
+
},
|
|
4481
|
+
"reference": {
|
|
4482
|
+
"ignore_above": 1024,
|
|
4483
|
+
"type": "keyword"
|
|
4484
|
+
},
|
|
4485
|
+
"registry": {
|
|
4486
|
+
"properties": {
|
|
4487
|
+
"data": {
|
|
4488
|
+
"properties": {
|
|
4489
|
+
"bytes": {
|
|
4490
|
+
"ignore_above": 1024,
|
|
4491
|
+
"type": "keyword"
|
|
4492
|
+
},
|
|
4493
|
+
"strings": {
|
|
4494
|
+
"type": "wildcard"
|
|
4495
|
+
},
|
|
4496
|
+
"type": {
|
|
4497
|
+
"ignore_above": 1024,
|
|
4498
|
+
"type": "keyword"
|
|
4499
|
+
}
|
|
4500
|
+
}
|
|
4501
|
+
},
|
|
4502
|
+
"hive": {
|
|
4503
|
+
"ignore_above": 1024,
|
|
4504
|
+
"type": "keyword"
|
|
4505
|
+
},
|
|
4506
|
+
"key": {
|
|
4507
|
+
"ignore_above": 1024,
|
|
4508
|
+
"type": "keyword"
|
|
4509
|
+
},
|
|
4510
|
+
"path": {
|
|
4511
|
+
"ignore_above": 1024,
|
|
4512
|
+
"type": "keyword"
|
|
4513
|
+
},
|
|
4514
|
+
"value": {
|
|
4515
|
+
"ignore_above": 1024,
|
|
4516
|
+
"type": "keyword"
|
|
4517
|
+
}
|
|
4518
|
+
}
|
|
4519
|
+
},
|
|
4520
|
+
"scanner_stats": {
|
|
4521
|
+
"type": "long"
|
|
4522
|
+
},
|
|
4523
|
+
"sightings": {
|
|
4524
|
+
"type": "long"
|
|
4525
|
+
},
|
|
4526
|
+
"type": {
|
|
4527
|
+
"ignore_above": 1024,
|
|
4528
|
+
"type": "keyword"
|
|
4529
|
+
},
|
|
4530
|
+
"url": {
|
|
4531
|
+
"properties": {
|
|
4532
|
+
"domain": {
|
|
4533
|
+
"ignore_above": 1024,
|
|
4534
|
+
"type": "keyword"
|
|
4535
|
+
},
|
|
4536
|
+
"extension": {
|
|
4537
|
+
"ignore_above": 1024,
|
|
4538
|
+
"type": "keyword"
|
|
4539
|
+
},
|
|
4540
|
+
"fragment": {
|
|
4541
|
+
"ignore_above": 1024,
|
|
4542
|
+
"type": "keyword"
|
|
4543
|
+
},
|
|
4544
|
+
"full": {
|
|
4545
|
+
"fields": {
|
|
4546
|
+
"text": {
|
|
4547
|
+
"type": "match_only_text"
|
|
4548
|
+
}
|
|
4549
|
+
},
|
|
4550
|
+
"type": "wildcard"
|
|
4551
|
+
},
|
|
4552
|
+
"original": {
|
|
4553
|
+
"fields": {
|
|
4554
|
+
"text": {
|
|
4555
|
+
"type": "match_only_text"
|
|
4556
|
+
}
|
|
4557
|
+
},
|
|
4558
|
+
"type": "wildcard"
|
|
4559
|
+
},
|
|
4560
|
+
"password": {
|
|
4561
|
+
"ignore_above": 1024,
|
|
4562
|
+
"type": "keyword"
|
|
4563
|
+
},
|
|
4564
|
+
"path": {
|
|
4565
|
+
"type": "wildcard"
|
|
4566
|
+
},
|
|
4567
|
+
"port": {
|
|
4568
|
+
"type": "long"
|
|
4569
|
+
},
|
|
4570
|
+
"query": {
|
|
4571
|
+
"ignore_above": 1024,
|
|
4572
|
+
"type": "keyword"
|
|
4573
|
+
},
|
|
4574
|
+
"registered_domain": {
|
|
4575
|
+
"ignore_above": 1024,
|
|
4576
|
+
"type": "keyword"
|
|
4577
|
+
},
|
|
4578
|
+
"scheme": {
|
|
4579
|
+
"ignore_above": 1024,
|
|
4580
|
+
"type": "keyword"
|
|
4581
|
+
},
|
|
4582
|
+
"subdomain": {
|
|
4583
|
+
"ignore_above": 1024,
|
|
4584
|
+
"type": "keyword"
|
|
4585
|
+
},
|
|
4586
|
+
"top_level_domain": {
|
|
4587
|
+
"ignore_above": 1024,
|
|
4588
|
+
"type": "keyword"
|
|
4589
|
+
},
|
|
4590
|
+
"username": {
|
|
4591
|
+
"ignore_above": 1024,
|
|
4592
|
+
"type": "keyword"
|
|
4593
|
+
}
|
|
4594
|
+
}
|
|
4595
|
+
},
|
|
4596
|
+
"x509": {
|
|
4597
|
+
"properties": {
|
|
4598
|
+
"alternative_names": {
|
|
4599
|
+
"ignore_above": 1024,
|
|
4600
|
+
"type": "keyword"
|
|
4601
|
+
},
|
|
4602
|
+
"issuer": {
|
|
4603
|
+
"properties": {
|
|
4604
|
+
"common_name": {
|
|
4605
|
+
"ignore_above": 1024,
|
|
4606
|
+
"type": "keyword"
|
|
4607
|
+
},
|
|
4608
|
+
"country": {
|
|
4609
|
+
"ignore_above": 1024,
|
|
4610
|
+
"type": "keyword"
|
|
4611
|
+
},
|
|
4612
|
+
"distinguished_name": {
|
|
4613
|
+
"ignore_above": 1024,
|
|
4614
|
+
"type": "keyword"
|
|
4615
|
+
},
|
|
4616
|
+
"locality": {
|
|
4617
|
+
"ignore_above": 1024,
|
|
4618
|
+
"type": "keyword"
|
|
4619
|
+
},
|
|
4620
|
+
"organization": {
|
|
4621
|
+
"ignore_above": 1024,
|
|
4622
|
+
"type": "keyword"
|
|
4623
|
+
},
|
|
4624
|
+
"organizational_unit": {
|
|
4625
|
+
"ignore_above": 1024,
|
|
4626
|
+
"type": "keyword"
|
|
4627
|
+
},
|
|
4628
|
+
"state_or_province": {
|
|
4629
|
+
"ignore_above": 1024,
|
|
4630
|
+
"type": "keyword"
|
|
4631
|
+
}
|
|
4632
|
+
}
|
|
4633
|
+
},
|
|
4634
|
+
"not_after": {
|
|
4635
|
+
"type": "date"
|
|
4636
|
+
},
|
|
4637
|
+
"not_before": {
|
|
4638
|
+
"type": "date"
|
|
4639
|
+
},
|
|
4640
|
+
"public_key_algorithm": {
|
|
4641
|
+
"ignore_above": 1024,
|
|
4642
|
+
"type": "keyword"
|
|
4643
|
+
},
|
|
4644
|
+
"public_key_curve": {
|
|
4645
|
+
"ignore_above": 1024,
|
|
4646
|
+
"type": "keyword"
|
|
4647
|
+
},
|
|
4648
|
+
"public_key_exponent": {
|
|
4649
|
+
"doc_values": false,
|
|
4650
|
+
"index": false,
|
|
4651
|
+
"type": "long"
|
|
4652
|
+
},
|
|
4653
|
+
"public_key_size": {
|
|
4654
|
+
"type": "long"
|
|
4655
|
+
},
|
|
4656
|
+
"serial_number": {
|
|
4657
|
+
"ignore_above": 1024,
|
|
4658
|
+
"type": "keyword"
|
|
4659
|
+
},
|
|
4660
|
+
"signature_algorithm": {
|
|
4661
|
+
"ignore_above": 1024,
|
|
4662
|
+
"type": "keyword"
|
|
4663
|
+
},
|
|
4664
|
+
"subject": {
|
|
4665
|
+
"properties": {
|
|
4666
|
+
"common_name": {
|
|
4667
|
+
"ignore_above": 1024,
|
|
4668
|
+
"type": "keyword"
|
|
4669
|
+
},
|
|
4670
|
+
"country": {
|
|
4671
|
+
"ignore_above": 1024,
|
|
4672
|
+
"type": "keyword"
|
|
4673
|
+
},
|
|
4674
|
+
"distinguished_name": {
|
|
4675
|
+
"ignore_above": 1024,
|
|
4676
|
+
"type": "keyword"
|
|
4677
|
+
},
|
|
4678
|
+
"locality": {
|
|
4679
|
+
"ignore_above": 1024,
|
|
4680
|
+
"type": "keyword"
|
|
4681
|
+
},
|
|
4682
|
+
"organization": {
|
|
4683
|
+
"ignore_above": 1024,
|
|
4684
|
+
"type": "keyword"
|
|
4685
|
+
},
|
|
4686
|
+
"organizational_unit": {
|
|
4687
|
+
"ignore_above": 1024,
|
|
4688
|
+
"type": "keyword"
|
|
4689
|
+
},
|
|
4690
|
+
"state_or_province": {
|
|
4691
|
+
"ignore_above": 1024,
|
|
4692
|
+
"type": "keyword"
|
|
4693
|
+
}
|
|
4694
|
+
}
|
|
4695
|
+
},
|
|
4696
|
+
"version_number": {
|
|
4697
|
+
"ignore_above": 1024,
|
|
4698
|
+
"type": "keyword"
|
|
4699
|
+
}
|
|
4700
|
+
}
|
|
4701
|
+
}
|
|
4702
|
+
}
|
|
4703
|
+
},
|
|
4704
|
+
"software": {
|
|
4705
|
+
"properties": {
|
|
4706
|
+
"alias": {
|
|
4707
|
+
"ignore_above": 1024,
|
|
4708
|
+
"type": "keyword"
|
|
4709
|
+
},
|
|
4710
|
+
"id": {
|
|
4711
|
+
"ignore_above": 1024,
|
|
4712
|
+
"type": "keyword"
|
|
4713
|
+
},
|
|
4714
|
+
"name": {
|
|
4715
|
+
"ignore_above": 1024,
|
|
4716
|
+
"type": "keyword"
|
|
4717
|
+
},
|
|
4718
|
+
"platforms": {
|
|
4719
|
+
"ignore_above": 1024,
|
|
4720
|
+
"type": "keyword"
|
|
4721
|
+
},
|
|
4722
|
+
"reference": {
|
|
4723
|
+
"ignore_above": 1024,
|
|
4724
|
+
"type": "keyword"
|
|
4725
|
+
},
|
|
4726
|
+
"type": {
|
|
4727
|
+
"ignore_above": 1024,
|
|
4728
|
+
"type": "keyword"
|
|
4729
|
+
}
|
|
4730
|
+
}
|
|
4731
|
+
},
|
|
4732
|
+
"tactic": {
|
|
4733
|
+
"properties": {
|
|
4734
|
+
"id": {
|
|
4735
|
+
"ignore_above": 1024,
|
|
4736
|
+
"type": "keyword"
|
|
2482
4737
|
},
|
|
2483
4738
|
"name": {
|
|
2484
4739
|
"ignore_above": 1024,
|
|
@@ -2499,8 +4754,7 @@
|
|
|
2499
4754
|
"name": {
|
|
2500
4755
|
"fields": {
|
|
2501
4756
|
"text": {
|
|
2502
|
-
"
|
|
2503
|
-
"type": "text"
|
|
4757
|
+
"type": "match_only_text"
|
|
2504
4758
|
}
|
|
2505
4759
|
},
|
|
2506
4760
|
"ignore_above": 1024,
|
|
@@ -2509,6 +4763,27 @@
|
|
|
2509
4763
|
"reference": {
|
|
2510
4764
|
"ignore_above": 1024,
|
|
2511
4765
|
"type": "keyword"
|
|
4766
|
+
},
|
|
4767
|
+
"subtechnique": {
|
|
4768
|
+
"properties": {
|
|
4769
|
+
"id": {
|
|
4770
|
+
"ignore_above": 1024,
|
|
4771
|
+
"type": "keyword"
|
|
4772
|
+
},
|
|
4773
|
+
"name": {
|
|
4774
|
+
"fields": {
|
|
4775
|
+
"text": {
|
|
4776
|
+
"type": "match_only_text"
|
|
4777
|
+
}
|
|
4778
|
+
},
|
|
4779
|
+
"ignore_above": 1024,
|
|
4780
|
+
"type": "keyword"
|
|
4781
|
+
},
|
|
4782
|
+
"reference": {
|
|
4783
|
+
"ignore_above": 1024,
|
|
4784
|
+
"type": "keyword"
|
|
4785
|
+
}
|
|
4786
|
+
}
|
|
2512
4787
|
}
|
|
2513
4788
|
}
|
|
2514
4789
|
}
|
|
@@ -2571,6 +4846,112 @@
|
|
|
2571
4846
|
"supported_ciphers": {
|
|
2572
4847
|
"ignore_above": 1024,
|
|
2573
4848
|
"type": "keyword"
|
|
4849
|
+
},
|
|
4850
|
+
"x509": {
|
|
4851
|
+
"properties": {
|
|
4852
|
+
"alternative_names": {
|
|
4853
|
+
"ignore_above": 1024,
|
|
4854
|
+
"type": "keyword"
|
|
4855
|
+
},
|
|
4856
|
+
"issuer": {
|
|
4857
|
+
"properties": {
|
|
4858
|
+
"common_name": {
|
|
4859
|
+
"ignore_above": 1024,
|
|
4860
|
+
"type": "keyword"
|
|
4861
|
+
},
|
|
4862
|
+
"country": {
|
|
4863
|
+
"ignore_above": 1024,
|
|
4864
|
+
"type": "keyword"
|
|
4865
|
+
},
|
|
4866
|
+
"distinguished_name": {
|
|
4867
|
+
"ignore_above": 1024,
|
|
4868
|
+
"type": "keyword"
|
|
4869
|
+
},
|
|
4870
|
+
"locality": {
|
|
4871
|
+
"ignore_above": 1024,
|
|
4872
|
+
"type": "keyword"
|
|
4873
|
+
},
|
|
4874
|
+
"organization": {
|
|
4875
|
+
"ignore_above": 1024,
|
|
4876
|
+
"type": "keyword"
|
|
4877
|
+
},
|
|
4878
|
+
"organizational_unit": {
|
|
4879
|
+
"ignore_above": 1024,
|
|
4880
|
+
"type": "keyword"
|
|
4881
|
+
},
|
|
4882
|
+
"state_or_province": {
|
|
4883
|
+
"ignore_above": 1024,
|
|
4884
|
+
"type": "keyword"
|
|
4885
|
+
}
|
|
4886
|
+
}
|
|
4887
|
+
},
|
|
4888
|
+
"not_after": {
|
|
4889
|
+
"type": "date"
|
|
4890
|
+
},
|
|
4891
|
+
"not_before": {
|
|
4892
|
+
"type": "date"
|
|
4893
|
+
},
|
|
4894
|
+
"public_key_algorithm": {
|
|
4895
|
+
"ignore_above": 1024,
|
|
4896
|
+
"type": "keyword"
|
|
4897
|
+
},
|
|
4898
|
+
"public_key_curve": {
|
|
4899
|
+
"ignore_above": 1024,
|
|
4900
|
+
"type": "keyword"
|
|
4901
|
+
},
|
|
4902
|
+
"public_key_exponent": {
|
|
4903
|
+
"doc_values": false,
|
|
4904
|
+
"index": false,
|
|
4905
|
+
"type": "long"
|
|
4906
|
+
},
|
|
4907
|
+
"public_key_size": {
|
|
4908
|
+
"type": "long"
|
|
4909
|
+
},
|
|
4910
|
+
"serial_number": {
|
|
4911
|
+
"ignore_above": 1024,
|
|
4912
|
+
"type": "keyword"
|
|
4913
|
+
},
|
|
4914
|
+
"signature_algorithm": {
|
|
4915
|
+
"ignore_above": 1024,
|
|
4916
|
+
"type": "keyword"
|
|
4917
|
+
},
|
|
4918
|
+
"subject": {
|
|
4919
|
+
"properties": {
|
|
4920
|
+
"common_name": {
|
|
4921
|
+
"ignore_above": 1024,
|
|
4922
|
+
"type": "keyword"
|
|
4923
|
+
},
|
|
4924
|
+
"country": {
|
|
4925
|
+
"ignore_above": 1024,
|
|
4926
|
+
"type": "keyword"
|
|
4927
|
+
},
|
|
4928
|
+
"distinguished_name": {
|
|
4929
|
+
"ignore_above": 1024,
|
|
4930
|
+
"type": "keyword"
|
|
4931
|
+
},
|
|
4932
|
+
"locality": {
|
|
4933
|
+
"ignore_above": 1024,
|
|
4934
|
+
"type": "keyword"
|
|
4935
|
+
},
|
|
4936
|
+
"organization": {
|
|
4937
|
+
"ignore_above": 1024,
|
|
4938
|
+
"type": "keyword"
|
|
4939
|
+
},
|
|
4940
|
+
"organizational_unit": {
|
|
4941
|
+
"ignore_above": 1024,
|
|
4942
|
+
"type": "keyword"
|
|
4943
|
+
},
|
|
4944
|
+
"state_or_province": {
|
|
4945
|
+
"ignore_above": 1024,
|
|
4946
|
+
"type": "keyword"
|
|
4947
|
+
}
|
|
4948
|
+
}
|
|
4949
|
+
},
|
|
4950
|
+
"version_number": {
|
|
4951
|
+
"ignore_above": 1024,
|
|
4952
|
+
"type": "keyword"
|
|
4953
|
+
}
|
|
4954
|
+
}
|
|
2574
4955
|
}
|
|
2575
4956
|
}
|
|
2576
4957
|
},
|
|
@@ -2631,6 +5012,112 @@
|
|
|
2631
5012
|
"subject": {
|
|
2632
5013
|
"ignore_above": 1024,
|
|
2633
5014
|
"type": "keyword"
|
|
5015
|
+
},
|
|
5016
|
+
"x509": {
|
|
5017
|
+
"properties": {
|
|
5018
|
+
"alternative_names": {
|
|
5019
|
+
"ignore_above": 1024,
|
|
5020
|
+
"type": "keyword"
|
|
5021
|
+
},
|
|
5022
|
+
"issuer": {
|
|
5023
|
+
"properties": {
|
|
5024
|
+
"common_name": {
|
|
5025
|
+
"ignore_above": 1024,
|
|
5026
|
+
"type": "keyword"
|
|
5027
|
+
},
|
|
5028
|
+
"country": {
|
|
5029
|
+
"ignore_above": 1024,
|
|
5030
|
+
"type": "keyword"
|
|
5031
|
+
},
|
|
5032
|
+
"distinguished_name": {
|
|
5033
|
+
"ignore_above": 1024,
|
|
5034
|
+
"type": "keyword"
|
|
5035
|
+
},
|
|
5036
|
+
"locality": {
|
|
5037
|
+
"ignore_above": 1024,
|
|
5038
|
+
"type": "keyword"
|
|
5039
|
+
},
|
|
5040
|
+
"organization": {
|
|
5041
|
+
"ignore_above": 1024,
|
|
5042
|
+
"type": "keyword"
|
|
5043
|
+
},
|
|
5044
|
+
"organizational_unit": {
|
|
5045
|
+
"ignore_above": 1024,
|
|
5046
|
+
"type": "keyword"
|
|
5047
|
+
},
|
|
5048
|
+
"state_or_province": {
|
|
5049
|
+
"ignore_above": 1024,
|
|
5050
|
+
"type": "keyword"
|
|
5051
|
+
}
|
|
5052
|
+
}
|
|
5053
|
+
},
|
|
5054
|
+
"not_after": {
|
|
5055
|
+
"type": "date"
|
|
5056
|
+
},
|
|
5057
|
+
"not_before": {
|
|
5058
|
+
"type": "date"
|
|
5059
|
+
},
|
|
5060
|
+
"public_key_algorithm": {
|
|
5061
|
+
"ignore_above": 1024,
|
|
5062
|
+
"type": "keyword"
|
|
5063
|
+
},
|
|
5064
|
+
"public_key_curve": {
|
|
5065
|
+
"ignore_above": 1024,
|
|
5066
|
+
"type": "keyword"
|
|
5067
|
+
},
|
|
5068
|
+
"public_key_exponent": {
|
|
5069
|
+
"doc_values": false,
|
|
5070
|
+
"index": false,
|
|
5071
|
+
"type": "long"
|
|
5072
|
+
},
|
|
5073
|
+
"public_key_size": {
|
|
5074
|
+
"type": "long"
|
|
5075
|
+
},
|
|
5076
|
+
"serial_number": {
|
|
5077
|
+
"ignore_above": 1024,
|
|
5078
|
+
"type": "keyword"
|
|
5079
|
+
},
|
|
5080
|
+
"signature_algorithm": {
|
|
5081
|
+
"ignore_above": 1024,
|
|
5082
|
+
"type": "keyword"
|
|
5083
|
+
},
|
|
5084
|
+
"subject": {
|
|
5085
|
+
"properties": {
|
|
5086
|
+
"common_name": {
|
|
5087
|
+
"ignore_above": 1024,
|
|
5088
|
+
"type": "keyword"
|
|
5089
|
+
},
|
|
5090
|
+
"country": {
|
|
5091
|
+
"ignore_above": 1024,
|
|
5092
|
+
"type": "keyword"
|
|
5093
|
+
},
|
|
5094
|
+
"distinguished_name": {
|
|
5095
|
+
"ignore_above": 1024,
|
|
5096
|
+
"type": "keyword"
|
|
5097
|
+
},
|
|
5098
|
+
"locality": {
|
|
5099
|
+
"ignore_above": 1024,
|
|
5100
|
+
"type": "keyword"
|
|
5101
|
+
},
|
|
5102
|
+
"organization": {
|
|
5103
|
+
"ignore_above": 1024,
|
|
5104
|
+
"type": "keyword"
|
|
5105
|
+
},
|
|
5106
|
+
"organizational_unit": {
|
|
5107
|
+
"ignore_above": 1024,
|
|
5108
|
+
"type": "keyword"
|
|
5109
|
+
},
|
|
5110
|
+
"state_or_province": {
|
|
5111
|
+
"ignore_above": 1024,
|
|
5112
|
+
"type": "keyword"
|
|
5113
|
+
}
|
|
5114
|
+
}
|
|
5115
|
+
},
|
|
5116
|
+
"version_number": {
|
|
5117
|
+
"ignore_above": 1024,
|
|
5118
|
+
"type": "keyword"
|
|
5119
|
+
}
|
|
5120
|
+
}
|
|
2634
5121
|
}
|
|
2635
5122
|
}
|
|
2636
5123
|
},
|
|
@@ -2677,30 +5164,25 @@
|
|
|
2677
5164
|
"full": {
|
|
2678
5165
|
"fields": {
|
|
2679
5166
|
"text": {
|
|
2680
|
-
"
|
|
2681
|
-
"type": "text"
|
|
5167
|
+
"type": "match_only_text"
|
|
2682
5168
|
}
|
|
2683
5169
|
},
|
|
2684
|
-
"
|
|
2685
|
-
"type": "keyword"
|
|
5170
|
+
"type": "wildcard"
|
|
2686
5171
|
},
|
|
2687
5172
|
"original": {
|
|
2688
5173
|
"fields": {
|
|
2689
5174
|
"text": {
|
|
2690
|
-
"
|
|
2691
|
-
"type": "text"
|
|
5175
|
+
"type": "match_only_text"
|
|
2692
5176
|
}
|
|
2693
5177
|
},
|
|
2694
|
-
"
|
|
2695
|
-
"type": "keyword"
|
|
5178
|
+
"type": "wildcard"
|
|
2696
5179
|
},
|
|
2697
5180
|
"password": {
|
|
2698
5181
|
"ignore_above": 1024,
|
|
2699
5182
|
"type": "keyword"
|
|
2700
5183
|
},
|
|
2701
5184
|
"path": {
|
|
2702
|
-
"
|
|
2703
|
-
"type": "keyword"
|
|
5185
|
+
"type": "wildcard"
|
|
2704
5186
|
},
|
|
2705
5187
|
"port": {
|
|
2706
5188
|
"type": "long"
|
|
@@ -2717,6 +5199,10 @@
|
|
|
2717
5199
|
"ignore_above": 1024,
|
|
2718
5200
|
"type": "keyword"
|
|
2719
5201
|
},
|
|
5202
|
+
"subdomain": {
|
|
5203
|
+
"ignore_above": 1024,
|
|
5204
|
+
"type": "keyword"
|
|
5205
|
+
},
|
|
2720
5206
|
"top_level_domain": {
|
|
2721
5207
|
"ignore_above": 1024,
|
|
2722
5208
|
"type": "keyword"
|
|
@@ -2729,10 +5215,126 @@
|
|
|
2729
5215
|
},
|
|
2730
5216
|
"user": {
|
|
2731
5217
|
"properties": {
|
|
5218
|
+
"changes": {
|
|
5219
|
+
"properties": {
|
|
5220
|
+
"domain": {
|
|
5221
|
+
"ignore_above": 1024,
|
|
5222
|
+
"type": "keyword"
|
|
5223
|
+
},
|
|
5224
|
+
"email": {
|
|
5225
|
+
"ignore_above": 1024,
|
|
5226
|
+
"type": "keyword"
|
|
5227
|
+
},
|
|
5228
|
+
"full_name": {
|
|
5229
|
+
"fields": {
|
|
5230
|
+
"text": {
|
|
5231
|
+
"type": "match_only_text"
|
|
5232
|
+
}
|
|
5233
|
+
},
|
|
5234
|
+
"ignore_above": 1024,
|
|
5235
|
+
"type": "keyword"
|
|
5236
|
+
},
|
|
5237
|
+
"group": {
|
|
5238
|
+
"properties": {
|
|
5239
|
+
"domain": {
|
|
5240
|
+
"ignore_above": 1024,
|
|
5241
|
+
"type": "keyword"
|
|
5242
|
+
},
|
|
5243
|
+
"id": {
|
|
5244
|
+
"ignore_above": 1024,
|
|
5245
|
+
"type": "keyword"
|
|
5246
|
+
},
|
|
5247
|
+
"name": {
|
|
5248
|
+
"ignore_above": 1024,
|
|
5249
|
+
"type": "keyword"
|
|
5250
|
+
}
|
|
5251
|
+
}
|
|
5252
|
+
},
|
|
5253
|
+
"hash": {
|
|
5254
|
+
"ignore_above": 1024,
|
|
5255
|
+
"type": "keyword"
|
|
5256
|
+
},
|
|
5257
|
+
"id": {
|
|
5258
|
+
"ignore_above": 1024,
|
|
5259
|
+
"type": "keyword"
|
|
5260
|
+
},
|
|
5261
|
+
"name": {
|
|
5262
|
+
"fields": {
|
|
5263
|
+
"text": {
|
|
5264
|
+
"type": "match_only_text"
|
|
5265
|
+
}
|
|
5266
|
+
},
|
|
5267
|
+
"ignore_above": 1024,
|
|
5268
|
+
"type": "keyword"
|
|
5269
|
+
},
|
|
5270
|
+
"roles": {
|
|
5271
|
+
"ignore_above": 1024,
|
|
5272
|
+
"type": "keyword"
|
|
5273
|
+
}
|
|
5274
|
+
}
|
|
5275
|
+
},
|
|
2732
5276
|
"domain": {
|
|
2733
5277
|
"ignore_above": 1024,
|
|
2734
5278
|
"type": "keyword"
|
|
2735
5279
|
},
|
|
5280
|
+
"effective": {
|
|
5281
|
+
"properties": {
|
|
5282
|
+
"domain": {
|
|
5283
|
+
"ignore_above": 1024,
|
|
5284
|
+
"type": "keyword"
|
|
5285
|
+
},
|
|
5286
|
+
"email": {
|
|
5287
|
+
"ignore_above": 1024,
|
|
5288
|
+
"type": "keyword"
|
|
5289
|
+
},
|
|
5290
|
+
"full_name": {
|
|
5291
|
+
"fields": {
|
|
5292
|
+
"text": {
|
|
5293
|
+
"type": "match_only_text"
|
|
5294
|
+
}
|
|
5295
|
+
},
|
|
5296
|
+
"ignore_above": 1024,
|
|
5297
|
+
"type": "keyword"
|
|
5298
|
+
},
|
|
5299
|
+
"group": {
|
|
5300
|
+
"properties": {
|
|
5301
|
+
"domain": {
|
|
5302
|
+
"ignore_above": 1024,
|
|
5303
|
+
"type": "keyword"
|
|
5304
|
+
},
|
|
5305
|
+
"id": {
|
|
5306
|
+
"ignore_above": 1024,
|
|
5307
|
+
"type": "keyword"
|
|
5308
|
+
},
|
|
5309
|
+
"name": {
|
|
5310
|
+
"ignore_above": 1024,
|
|
5311
|
+
"type": "keyword"
|
|
5312
|
+
}
|
|
5313
|
+
}
|
|
5314
|
+
},
|
|
5315
|
+
"hash": {
|
|
5316
|
+
"ignore_above": 1024,
|
|
5317
|
+
"type": "keyword"
|
|
5318
|
+
},
|
|
5319
|
+
"id": {
|
|
5320
|
+
"ignore_above": 1024,
|
|
5321
|
+
"type": "keyword"
|
|
5322
|
+
},
|
|
5323
|
+
"name": {
|
|
5324
|
+
"fields": {
|
|
5325
|
+
"text": {
|
|
5326
|
+
"type": "match_only_text"
|
|
5327
|
+
}
|
|
5328
|
+
},
|
|
5329
|
+
"ignore_above": 1024,
|
|
5330
|
+
"type": "keyword"
|
|
5331
|
+
},
|
|
5332
|
+
"roles": {
|
|
5333
|
+
"ignore_above": 1024,
|
|
5334
|
+
"type": "keyword"
|
|
5335
|
+
}
|
|
5336
|
+
}
|
|
5337
|
+
},
|
|
2736
5338
|
"email": {
|
|
2737
5339
|
"ignore_above": 1024,
|
|
2738
5340
|
"type": "keyword"
|
|
@@ -2740,8 +5342,7 @@
|
|
|
2740
5342
|
"full_name": {
|
|
2741
5343
|
"fields": {
|
|
2742
5344
|
"text": {
|
|
2743
|
-
"
|
|
2744
|
-
"type": "text"
|
|
5345
|
+
"type": "match_only_text"
|
|
2745
5346
|
}
|
|
2746
5347
|
},
|
|
2747
5348
|
"ignore_above": 1024,
|
|
@@ -2774,12 +5375,73 @@
|
|
|
2774
5375
|
"name": {
|
|
2775
5376
|
"fields": {
|
|
2776
5377
|
"text": {
|
|
2777
|
-
"
|
|
2778
|
-
"type": "text"
|
|
5378
|
+
"type": "match_only_text"
|
|
2779
5379
|
}
|
|
2780
5380
|
},
|
|
2781
5381
|
"ignore_above": 1024,
|
|
2782
5382
|
"type": "keyword"
|
|
5383
|
+
},
|
|
5384
|
+
"roles": {
|
|
5385
|
+
"ignore_above": 1024,
|
|
5386
|
+
"type": "keyword"
|
|
5387
|
+
},
|
|
5388
|
+
"target": {
|
|
5389
|
+
"properties": {
|
|
5390
|
+
"domain": {
|
|
5391
|
+
"ignore_above": 1024,
|
|
5392
|
+
"type": "keyword"
|
|
5393
|
+
},
|
|
5394
|
+
"email": {
|
|
5395
|
+
"ignore_above": 1024,
|
|
5396
|
+
"type": "keyword"
|
|
5397
|
+
},
|
|
5398
|
+
"full_name": {
|
|
5399
|
+
"fields": {
|
|
5400
|
+
"text": {
|
|
5401
|
+
"type": "match_only_text"
|
|
5402
|
+
}
|
|
5403
|
+
},
|
|
5404
|
+
"ignore_above": 1024,
|
|
5405
|
+
"type": "keyword"
|
|
5406
|
+
},
|
|
5407
|
+
"group": {
|
|
5408
|
+
"properties": {
|
|
5409
|
+
"domain": {
|
|
5410
|
+
"ignore_above": 1024,
|
|
5411
|
+
"type": "keyword"
|
|
5412
|
+
},
|
|
5413
|
+
"id": {
|
|
5414
|
+
"ignore_above": 1024,
|
|
5415
|
+
"type": "keyword"
|
|
5416
|
+
},
|
|
5417
|
+
"name": {
|
|
5418
|
+
"ignore_above": 1024,
|
|
5419
|
+
"type": "keyword"
|
|
5420
|
+
}
|
|
5421
|
+
}
|
|
5422
|
+
},
|
|
5423
|
+
"hash": {
|
|
5424
|
+
"ignore_above": 1024,
|
|
5425
|
+
"type": "keyword"
|
|
5426
|
+
},
|
|
5427
|
+
"id": {
|
|
5428
|
+
"ignore_above": 1024,
|
|
5429
|
+
"type": "keyword"
|
|
5430
|
+
},
|
|
5431
|
+
"name": {
|
|
5432
|
+
"fields": {
|
|
5433
|
+
"text": {
|
|
5434
|
+
"type": "match_only_text"
|
|
5435
|
+
}
|
|
5436
|
+
},
|
|
5437
|
+
"ignore_above": 1024,
|
|
5438
|
+
"type": "keyword"
|
|
5439
|
+
},
|
|
5440
|
+
"roles": {
|
|
5441
|
+
"ignore_above": 1024,
|
|
5442
|
+
"type": "keyword"
|
|
5443
|
+
}
|
|
5444
|
+
}
|
|
2783
5445
|
}
|
|
2784
5446
|
}
|
|
2785
5447
|
},
|
|
@@ -2800,8 +5462,7 @@
|
|
|
2800
5462
|
"original": {
|
|
2801
5463
|
"fields": {
|
|
2802
5464
|
"text": {
|
|
2803
|
-
"
|
|
2804
|
-
"type": "text"
|
|
5465
|
+
"type": "match_only_text"
|
|
2805
5466
|
}
|
|
2806
5467
|
},
|
|
2807
5468
|
"ignore_above": 1024,
|
|
@@ -2816,8 +5477,7 @@
|
|
|
2816
5477
|
"full": {
|
|
2817
5478
|
"fields": {
|
|
2818
5479
|
"text": {
|
|
2819
|
-
"
|
|
2820
|
-
"type": "text"
|
|
5480
|
+
"type": "match_only_text"
|
|
2821
5481
|
}
|
|
2822
5482
|
},
|
|
2823
5483
|
"ignore_above": 1024,
|
|
@@ -2830,8 +5490,7 @@
|
|
|
2830
5490
|
"name": {
|
|
2831
5491
|
"fields": {
|
|
2832
5492
|
"text": {
|
|
2833
|
-
"
|
|
2834
|
-
"type": "text"
|
|
5493
|
+
"type": "match_only_text"
|
|
2835
5494
|
}
|
|
2836
5495
|
},
|
|
2837
5496
|
"ignore_above": 1024,
|
|
@@ -2841,6 +5500,10 @@
|
|
|
2841
5500
|
"ignore_above": 1024,
|
|
2842
5501
|
"type": "keyword"
|
|
2843
5502
|
},
|
|
5503
|
+
"type": {
|
|
5504
|
+
"ignore_above": 1024,
|
|
5505
|
+
"type": "keyword"
|
|
5506
|
+
},
|
|
2844
5507
|
"version": {
|
|
2845
5508
|
"ignore_above": 1024,
|
|
2846
5509
|
"type": "keyword"
|
|
@@ -2853,18 +5516,6 @@
|
|
|
2853
5516
|
}
|
|
2854
5517
|
}
|
|
2855
5518
|
},
|
|
2856
|
-
"vlan": {
|
|
2857
|
-
"properties": {
|
|
2858
|
-
"id": {
|
|
2859
|
-
"ignore_above": 1024,
|
|
2860
|
-
"type": "keyword"
|
|
2861
|
-
},
|
|
2862
|
-
"name": {
|
|
2863
|
-
"ignore_above": 1024,
|
|
2864
|
-
"type": "keyword"
|
|
2865
|
-
}
|
|
2866
|
-
}
|
|
2867
|
-
},
|
|
2868
5519
|
"vulnerability": {
|
|
2869
5520
|
"properties": {
|
|
2870
5521
|
"category": {
|
|
@@ -2878,8 +5529,7 @@
|
|
|
2878
5529
|
"description": {
|
|
2879
5530
|
"fields": {
|
|
2880
5531
|
"text": {
|
|
2881
|
-
"
|
|
2882
|
-
"type": "text"
|
|
5532
|
+
"type": "match_only_text"
|
|
2883
5533
|
}
|
|
2884
5534
|
},
|
|
2885
5535
|
"ignore_above": 1024,
|