logstash-output-elasticsearch 11.2.1-java → 11.3.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/lib/logstash/outputs/elasticsearch/data_stream_support.rb +42 -8
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json +925 -180
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +926 -184
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-8x.json +3695 -0
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v8/elasticsearch-7x.json +5777 -0
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v8/elasticsearch-8x.json +5782 -0
- data/lib/logstash/outputs/elasticsearch.rb +11 -2
- data/logstash-output-elasticsearch.gemspec +2 -1
- data/spec/integration/outputs/data_stream_spec.rb +7 -0
- data/spec/integration/outputs/templates_spec.rb +100 -65
- data/spec/unit/outputs/elasticsearch/data_stream_support_spec.rb +52 -4
- data/spec/unit/outputs/elasticsearch/template_manager_spec.rb +6 -0
- data/spec/unit/outputs/elasticsearch_spec.rb +22 -1
- metadata +19 -2
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
],
|
|
5
5
|
"mappings": {
|
|
6
6
|
"_meta": {
|
|
7
|
-
"version": "1.
|
|
7
|
+
"version": "1.10.0"
|
|
8
8
|
},
|
|
9
9
|
"date_detection": false,
|
|
10
10
|
"dynamic_templates": [
|
|
@@ -24,6 +24,14 @@
|
|
|
24
24
|
},
|
|
25
25
|
"agent": {
|
|
26
26
|
"properties": {
|
|
27
|
+
"build": {
|
|
28
|
+
"properties": {
|
|
29
|
+
"original": {
|
|
30
|
+
"ignore_above": 1024,
|
|
31
|
+
"type": "keyword"
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
},
|
|
27
35
|
"ephemeral_id": {
|
|
28
36
|
"ignore_above": 1024,
|
|
29
37
|
"type": "keyword"
|
|
@@ -46,27 +54,6 @@
|
|
|
46
54
|
}
|
|
47
55
|
}
|
|
48
56
|
},
|
|
49
|
-
"as": {
|
|
50
|
-
"properties": {
|
|
51
|
-
"number": {
|
|
52
|
-
"type": "long"
|
|
53
|
-
},
|
|
54
|
-
"organization": {
|
|
55
|
-
"properties": {
|
|
56
|
-
"name": {
|
|
57
|
-
"fields": {
|
|
58
|
-
"text": {
|
|
59
|
-
"norms": false,
|
|
60
|
-
"type": "text"
|
|
61
|
-
}
|
|
62
|
-
},
|
|
63
|
-
"ignore_above": 1024,
|
|
64
|
-
"type": "keyword"
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
}
|
|
68
|
-
}
|
|
69
|
-
},
|
|
70
57
|
"client": {
|
|
71
58
|
"properties": {
|
|
72
59
|
"address": {
|
|
@@ -107,6 +94,10 @@
|
|
|
107
94
|
"ignore_above": 1024,
|
|
108
95
|
"type": "keyword"
|
|
109
96
|
},
|
|
97
|
+
"continent_code": {
|
|
98
|
+
"ignore_above": 1024,
|
|
99
|
+
"type": "keyword"
|
|
100
|
+
},
|
|
110
101
|
"continent_name": {
|
|
111
102
|
"ignore_above": 1024,
|
|
112
103
|
"type": "keyword"
|
|
@@ -126,6 +117,10 @@
|
|
|
126
117
|
"ignore_above": 1024,
|
|
127
118
|
"type": "keyword"
|
|
128
119
|
},
|
|
120
|
+
"postal_code": {
|
|
121
|
+
"ignore_above": 1024,
|
|
122
|
+
"type": "keyword"
|
|
123
|
+
},
|
|
129
124
|
"region_iso_code": {
|
|
130
125
|
"ignore_above": 1024,
|
|
131
126
|
"type": "keyword"
|
|
@@ -133,6 +128,10 @@
|
|
|
133
128
|
"region_name": {
|
|
134
129
|
"ignore_above": 1024,
|
|
135
130
|
"type": "keyword"
|
|
131
|
+
},
|
|
132
|
+
"timezone": {
|
|
133
|
+
"ignore_above": 1024,
|
|
134
|
+
"type": "keyword"
|
|
136
135
|
}
|
|
137
136
|
}
|
|
138
137
|
},
|
|
@@ -163,6 +162,10 @@
|
|
|
163
162
|
"ignore_above": 1024,
|
|
164
163
|
"type": "keyword"
|
|
165
164
|
},
|
|
165
|
+
"subdomain": {
|
|
166
|
+
"ignore_above": 1024,
|
|
167
|
+
"type": "keyword"
|
|
168
|
+
},
|
|
166
169
|
"top_level_domain": {
|
|
167
170
|
"ignore_above": 1024,
|
|
168
171
|
"type": "keyword"
|
|
@@ -220,6 +223,10 @@
|
|
|
220
223
|
},
|
|
221
224
|
"ignore_above": 1024,
|
|
222
225
|
"type": "keyword"
|
|
226
|
+
},
|
|
227
|
+
"roles": {
|
|
228
|
+
"ignore_above": 1024,
|
|
229
|
+
"type": "keyword"
|
|
223
230
|
}
|
|
224
231
|
}
|
|
225
232
|
}
|
|
@@ -232,6 +239,10 @@
|
|
|
232
239
|
"id": {
|
|
233
240
|
"ignore_above": 1024,
|
|
234
241
|
"type": "keyword"
|
|
242
|
+
},
|
|
243
|
+
"name": {
|
|
244
|
+
"ignore_above": 1024,
|
|
245
|
+
"type": "keyword"
|
|
235
246
|
}
|
|
236
247
|
}
|
|
237
248
|
},
|
|
@@ -259,6 +270,18 @@
|
|
|
259
270
|
}
|
|
260
271
|
}
|
|
261
272
|
},
|
|
273
|
+
"project": {
|
|
274
|
+
"properties": {
|
|
275
|
+
"id": {
|
|
276
|
+
"ignore_above": 1024,
|
|
277
|
+
"type": "keyword"
|
|
278
|
+
},
|
|
279
|
+
"name": {
|
|
280
|
+
"ignore_above": 1024,
|
|
281
|
+
"type": "keyword"
|
|
282
|
+
}
|
|
283
|
+
}
|
|
284
|
+
},
|
|
262
285
|
"provider": {
|
|
263
286
|
"ignore_above": 1024,
|
|
264
287
|
"type": "keyword"
|
|
@@ -266,27 +289,14 @@
|
|
|
266
289
|
"region": {
|
|
267
290
|
"ignore_above": 1024,
|
|
268
291
|
"type": "keyword"
|
|
269
|
-
}
|
|
270
|
-
}
|
|
271
|
-
},
|
|
272
|
-
"code_signature": {
|
|
273
|
-
"properties": {
|
|
274
|
-
"exists": {
|
|
275
|
-
"type": "boolean"
|
|
276
|
-
},
|
|
277
|
-
"status": {
|
|
278
|
-
"ignore_above": 1024,
|
|
279
|
-
"type": "keyword"
|
|
280
|
-
},
|
|
281
|
-
"subject_name": {
|
|
282
|
-
"ignore_above": 1024,
|
|
283
|
-
"type": "keyword"
|
|
284
|
-
},
|
|
285
|
-
"trusted": {
|
|
286
|
-
"type": "boolean"
|
|
287
292
|
},
|
|
288
|
-
"
|
|
289
|
-
"
|
|
293
|
+
"service": {
|
|
294
|
+
"properties": {
|
|
295
|
+
"name": {
|
|
296
|
+
"ignore_above": 1024,
|
|
297
|
+
"type": "keyword"
|
|
298
|
+
}
|
|
299
|
+
}
|
|
290
300
|
}
|
|
291
301
|
}
|
|
292
302
|
},
|
|
@@ -321,6 +331,19 @@
|
|
|
321
331
|
}
|
|
322
332
|
}
|
|
323
333
|
},
|
|
334
|
+
"data_stream": {
|
|
335
|
+
"properties": {
|
|
336
|
+
"dataset": {
|
|
337
|
+
"type": "constant_keyword"
|
|
338
|
+
},
|
|
339
|
+
"namespace": {
|
|
340
|
+
"type": "constant_keyword"
|
|
341
|
+
},
|
|
342
|
+
"type": {
|
|
343
|
+
"type": "constant_keyword"
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
},
|
|
324
347
|
"destination": {
|
|
325
348
|
"properties": {
|
|
326
349
|
"address": {
|
|
@@ -361,6 +384,10 @@
|
|
|
361
384
|
"ignore_above": 1024,
|
|
362
385
|
"type": "keyword"
|
|
363
386
|
},
|
|
387
|
+
"continent_code": {
|
|
388
|
+
"ignore_above": 1024,
|
|
389
|
+
"type": "keyword"
|
|
390
|
+
},
|
|
364
391
|
"continent_name": {
|
|
365
392
|
"ignore_above": 1024,
|
|
366
393
|
"type": "keyword"
|
|
@@ -380,6 +407,10 @@
|
|
|
380
407
|
"ignore_above": 1024,
|
|
381
408
|
"type": "keyword"
|
|
382
409
|
},
|
|
410
|
+
"postal_code": {
|
|
411
|
+
"ignore_above": 1024,
|
|
412
|
+
"type": "keyword"
|
|
413
|
+
},
|
|
383
414
|
"region_iso_code": {
|
|
384
415
|
"ignore_above": 1024,
|
|
385
416
|
"type": "keyword"
|
|
@@ -387,6 +418,10 @@
|
|
|
387
418
|
"region_name": {
|
|
388
419
|
"ignore_above": 1024,
|
|
389
420
|
"type": "keyword"
|
|
421
|
+
},
|
|
422
|
+
"timezone": {
|
|
423
|
+
"ignore_above": 1024,
|
|
424
|
+
"type": "keyword"
|
|
390
425
|
}
|
|
391
426
|
}
|
|
392
427
|
},
|
|
@@ -417,6 +452,10 @@
|
|
|
417
452
|
"ignore_above": 1024,
|
|
418
453
|
"type": "keyword"
|
|
419
454
|
},
|
|
455
|
+
"subdomain": {
|
|
456
|
+
"ignore_above": 1024,
|
|
457
|
+
"type": "keyword"
|
|
458
|
+
},
|
|
420
459
|
"top_level_domain": {
|
|
421
460
|
"ignore_above": 1024,
|
|
422
461
|
"type": "keyword"
|
|
@@ -474,6 +513,10 @@
|
|
|
474
513
|
},
|
|
475
514
|
"ignore_above": 1024,
|
|
476
515
|
"type": "keyword"
|
|
516
|
+
},
|
|
517
|
+
"roles": {
|
|
518
|
+
"ignore_above": 1024,
|
|
519
|
+
"type": "keyword"
|
|
477
520
|
}
|
|
478
521
|
}
|
|
479
522
|
}
|
|
@@ -486,6 +529,10 @@
|
|
|
486
529
|
"exists": {
|
|
487
530
|
"type": "boolean"
|
|
488
531
|
},
|
|
532
|
+
"signing_id": {
|
|
533
|
+
"ignore_above": 1024,
|
|
534
|
+
"type": "keyword"
|
|
535
|
+
},
|
|
489
536
|
"status": {
|
|
490
537
|
"ignore_above": 1024,
|
|
491
538
|
"type": "keyword"
|
|
@@ -494,6 +541,10 @@
|
|
|
494
541
|
"ignore_above": 1024,
|
|
495
542
|
"type": "keyword"
|
|
496
543
|
},
|
|
544
|
+
"team_id": {
|
|
545
|
+
"ignore_above": 1024,
|
|
546
|
+
"type": "keyword"
|
|
547
|
+
},
|
|
497
548
|
"trusted": {
|
|
498
549
|
"type": "boolean"
|
|
499
550
|
},
|
|
@@ -519,6 +570,10 @@
|
|
|
519
570
|
"sha512": {
|
|
520
571
|
"ignore_above": 1024,
|
|
521
572
|
"type": "keyword"
|
|
573
|
+
},
|
|
574
|
+
"ssdeep": {
|
|
575
|
+
"ignore_above": 1024,
|
|
576
|
+
"type": "keyword"
|
|
522
577
|
}
|
|
523
578
|
}
|
|
524
579
|
},
|
|
@@ -532,6 +587,10 @@
|
|
|
532
587
|
},
|
|
533
588
|
"pe": {
|
|
534
589
|
"properties": {
|
|
590
|
+
"architecture": {
|
|
591
|
+
"ignore_above": 1024,
|
|
592
|
+
"type": "keyword"
|
|
593
|
+
},
|
|
535
594
|
"company": {
|
|
536
595
|
"ignore_above": 1024,
|
|
537
596
|
"type": "keyword"
|
|
@@ -544,6 +603,10 @@
|
|
|
544
603
|
"ignore_above": 1024,
|
|
545
604
|
"type": "keyword"
|
|
546
605
|
},
|
|
606
|
+
"imphash": {
|
|
607
|
+
"ignore_above": 1024,
|
|
608
|
+
"type": "keyword"
|
|
609
|
+
},
|
|
547
610
|
"original_file_name": {
|
|
548
611
|
"ignore_above": 1024,
|
|
549
612
|
"type": "keyword"
|
|
@@ -735,6 +798,10 @@
|
|
|
735
798
|
"ignore_above": 1024,
|
|
736
799
|
"type": "keyword"
|
|
737
800
|
},
|
|
801
|
+
"reason": {
|
|
802
|
+
"ignore_above": 1024,
|
|
803
|
+
"type": "keyword"
|
|
804
|
+
},
|
|
738
805
|
"reference": {
|
|
739
806
|
"ignore_above": 1024,
|
|
740
807
|
"type": "keyword"
|
|
@@ -782,6 +849,10 @@
|
|
|
782
849
|
"exists": {
|
|
783
850
|
"type": "boolean"
|
|
784
851
|
},
|
|
852
|
+
"signing_id": {
|
|
853
|
+
"ignore_above": 1024,
|
|
854
|
+
"type": "keyword"
|
|
855
|
+
},
|
|
785
856
|
"status": {
|
|
786
857
|
"ignore_above": 1024,
|
|
787
858
|
"type": "keyword"
|
|
@@ -790,6 +861,10 @@
|
|
|
790
861
|
"ignore_above": 1024,
|
|
791
862
|
"type": "keyword"
|
|
792
863
|
},
|
|
864
|
+
"team_id": {
|
|
865
|
+
"ignore_above": 1024,
|
|
866
|
+
"type": "keyword"
|
|
867
|
+
},
|
|
793
868
|
"trusted": {
|
|
794
869
|
"type": "boolean"
|
|
795
870
|
},
|
|
@@ -845,6 +920,10 @@
|
|
|
845
920
|
"sha512": {
|
|
846
921
|
"ignore_above": 1024,
|
|
847
922
|
"type": "keyword"
|
|
923
|
+
},
|
|
924
|
+
"ssdeep": {
|
|
925
|
+
"ignore_above": 1024,
|
|
926
|
+
"type": "keyword"
|
|
848
927
|
}
|
|
849
928
|
}
|
|
850
929
|
},
|
|
@@ -883,6 +962,10 @@
|
|
|
883
962
|
},
|
|
884
963
|
"pe": {
|
|
885
964
|
"properties": {
|
|
965
|
+
"architecture": {
|
|
966
|
+
"ignore_above": 1024,
|
|
967
|
+
"type": "keyword"
|
|
968
|
+
},
|
|
886
969
|
"company": {
|
|
887
970
|
"ignore_above": 1024,
|
|
888
971
|
"type": "keyword"
|
|
@@ -895,6 +978,10 @@
|
|
|
895
978
|
"ignore_above": 1024,
|
|
896
979
|
"type": "keyword"
|
|
897
980
|
},
|
|
981
|
+
"imphash": {
|
|
982
|
+
"ignore_above": 1024,
|
|
983
|
+
"type": "keyword"
|
|
984
|
+
},
|
|
898
985
|
"original_file_name": {
|
|
899
986
|
"ignore_above": 1024,
|
|
900
987
|
"type": "keyword"
|
|
@@ -925,41 +1012,112 @@
|
|
|
925
1012
|
"uid": {
|
|
926
1013
|
"ignore_above": 1024,
|
|
927
1014
|
"type": "keyword"
|
|
928
|
-
}
|
|
929
|
-
}
|
|
930
|
-
},
|
|
931
|
-
"geo": {
|
|
932
|
-
"properties": {
|
|
933
|
-
"city_name": {
|
|
934
|
-
"ignore_above": 1024,
|
|
935
|
-
"type": "keyword"
|
|
936
|
-
},
|
|
937
|
-
"continent_name": {
|
|
938
|
-
"ignore_above": 1024,
|
|
939
|
-
"type": "keyword"
|
|
940
|
-
},
|
|
941
|
-
"country_iso_code": {
|
|
942
|
-
"ignore_above": 1024,
|
|
943
|
-
"type": "keyword"
|
|
944
|
-
},
|
|
945
|
-
"country_name": {
|
|
946
|
-
"ignore_above": 1024,
|
|
947
|
-
"type": "keyword"
|
|
948
|
-
},
|
|
949
|
-
"location": {
|
|
950
|
-
"type": "geo_point"
|
|
951
|
-
},
|
|
952
|
-
"name": {
|
|
953
|
-
"ignore_above": 1024,
|
|
954
|
-
"type": "keyword"
|
|
955
|
-
},
|
|
956
|
-
"region_iso_code": {
|
|
957
|
-
"ignore_above": 1024,
|
|
958
|
-
"type": "keyword"
|
|
959
1015
|
},
|
|
960
|
-
"
|
|
961
|
-
"
|
|
962
|
-
|
|
1016
|
+
"x509": {
|
|
1017
|
+
"properties": {
|
|
1018
|
+
"alternative_names": {
|
|
1019
|
+
"ignore_above": 1024,
|
|
1020
|
+
"type": "keyword"
|
|
1021
|
+
},
|
|
1022
|
+
"issuer": {
|
|
1023
|
+
"properties": {
|
|
1024
|
+
"common_name": {
|
|
1025
|
+
"ignore_above": 1024,
|
|
1026
|
+
"type": "keyword"
|
|
1027
|
+
},
|
|
1028
|
+
"country": {
|
|
1029
|
+
"ignore_above": 1024,
|
|
1030
|
+
"type": "keyword"
|
|
1031
|
+
},
|
|
1032
|
+
"distinguished_name": {
|
|
1033
|
+
"ignore_above": 1024,
|
|
1034
|
+
"type": "keyword"
|
|
1035
|
+
},
|
|
1036
|
+
"locality": {
|
|
1037
|
+
"ignore_above": 1024,
|
|
1038
|
+
"type": "keyword"
|
|
1039
|
+
},
|
|
1040
|
+
"organization": {
|
|
1041
|
+
"ignore_above": 1024,
|
|
1042
|
+
"type": "keyword"
|
|
1043
|
+
},
|
|
1044
|
+
"organizational_unit": {
|
|
1045
|
+
"ignore_above": 1024,
|
|
1046
|
+
"type": "keyword"
|
|
1047
|
+
},
|
|
1048
|
+
"state_or_province": {
|
|
1049
|
+
"ignore_above": 1024,
|
|
1050
|
+
"type": "keyword"
|
|
1051
|
+
}
|
|
1052
|
+
}
|
|
1053
|
+
},
|
|
1054
|
+
"not_after": {
|
|
1055
|
+
"type": "date"
|
|
1056
|
+
},
|
|
1057
|
+
"not_before": {
|
|
1058
|
+
"type": "date"
|
|
1059
|
+
},
|
|
1060
|
+
"public_key_algorithm": {
|
|
1061
|
+
"ignore_above": 1024,
|
|
1062
|
+
"type": "keyword"
|
|
1063
|
+
},
|
|
1064
|
+
"public_key_curve": {
|
|
1065
|
+
"ignore_above": 1024,
|
|
1066
|
+
"type": "keyword"
|
|
1067
|
+
},
|
|
1068
|
+
"public_key_exponent": {
|
|
1069
|
+
"doc_values": false,
|
|
1070
|
+
"index": false,
|
|
1071
|
+
"type": "long"
|
|
1072
|
+
},
|
|
1073
|
+
"public_key_size": {
|
|
1074
|
+
"type": "long"
|
|
1075
|
+
},
|
|
1076
|
+
"serial_number": {
|
|
1077
|
+
"ignore_above": 1024,
|
|
1078
|
+
"type": "keyword"
|
|
1079
|
+
},
|
|
1080
|
+
"signature_algorithm": {
|
|
1081
|
+
"ignore_above": 1024,
|
|
1082
|
+
"type": "keyword"
|
|
1083
|
+
},
|
|
1084
|
+
"subject": {
|
|
1085
|
+
"properties": {
|
|
1086
|
+
"common_name": {
|
|
1087
|
+
"ignore_above": 1024,
|
|
1088
|
+
"type": "keyword"
|
|
1089
|
+
},
|
|
1090
|
+
"country": {
|
|
1091
|
+
"ignore_above": 1024,
|
|
1092
|
+
"type": "keyword"
|
|
1093
|
+
},
|
|
1094
|
+
"distinguished_name": {
|
|
1095
|
+
"ignore_above": 1024,
|
|
1096
|
+
"type": "keyword"
|
|
1097
|
+
},
|
|
1098
|
+
"locality": {
|
|
1099
|
+
"ignore_above": 1024,
|
|
1100
|
+
"type": "keyword"
|
|
1101
|
+
},
|
|
1102
|
+
"organization": {
|
|
1103
|
+
"ignore_above": 1024,
|
|
1104
|
+
"type": "keyword"
|
|
1105
|
+
},
|
|
1106
|
+
"organizational_unit": {
|
|
1107
|
+
"ignore_above": 1024,
|
|
1108
|
+
"type": "keyword"
|
|
1109
|
+
},
|
|
1110
|
+
"state_or_province": {
|
|
1111
|
+
"ignore_above": 1024,
|
|
1112
|
+
"type": "keyword"
|
|
1113
|
+
}
|
|
1114
|
+
}
|
|
1115
|
+
},
|
|
1116
|
+
"version_number": {
|
|
1117
|
+
"ignore_above": 1024,
|
|
1118
|
+
"type": "keyword"
|
|
1119
|
+
}
|
|
1120
|
+
}
|
|
963
1121
|
}
|
|
964
1122
|
}
|
|
965
1123
|
},
|
|
@@ -979,42 +1137,52 @@
|
|
|
979
1137
|
}
|
|
980
1138
|
}
|
|
981
1139
|
},
|
|
982
|
-
"hash": {
|
|
983
|
-
"properties": {
|
|
984
|
-
"md5": {
|
|
985
|
-
"ignore_above": 1024,
|
|
986
|
-
"type": "keyword"
|
|
987
|
-
},
|
|
988
|
-
"sha1": {
|
|
989
|
-
"ignore_above": 1024,
|
|
990
|
-
"type": "keyword"
|
|
991
|
-
},
|
|
992
|
-
"sha256": {
|
|
993
|
-
"ignore_above": 1024,
|
|
994
|
-
"type": "keyword"
|
|
995
|
-
},
|
|
996
|
-
"sha512": {
|
|
997
|
-
"ignore_above": 1024,
|
|
998
|
-
"type": "keyword"
|
|
999
|
-
}
|
|
1000
|
-
}
|
|
1001
|
-
},
|
|
1002
1140
|
"host": {
|
|
1003
1141
|
"properties": {
|
|
1004
1142
|
"architecture": {
|
|
1005
1143
|
"ignore_above": 1024,
|
|
1006
1144
|
"type": "keyword"
|
|
1007
1145
|
},
|
|
1008
|
-
"
|
|
1009
|
-
"
|
|
1010
|
-
|
|
1011
|
-
|
|
1012
|
-
|
|
1146
|
+
"cpu": {
|
|
1147
|
+
"properties": {
|
|
1148
|
+
"usage": {
|
|
1149
|
+
"scaling_factor": 1000,
|
|
1150
|
+
"type": "scaled_float"
|
|
1151
|
+
}
|
|
1152
|
+
}
|
|
1153
|
+
},
|
|
1154
|
+
"disk": {
|
|
1155
|
+
"properties": {
|
|
1156
|
+
"read": {
|
|
1157
|
+
"properties": {
|
|
1158
|
+
"bytes": {
|
|
1159
|
+
"type": "long"
|
|
1160
|
+
}
|
|
1161
|
+
}
|
|
1162
|
+
},
|
|
1163
|
+
"write": {
|
|
1164
|
+
"properties": {
|
|
1165
|
+
"bytes": {
|
|
1166
|
+
"type": "long"
|
|
1167
|
+
}
|
|
1168
|
+
}
|
|
1169
|
+
}
|
|
1170
|
+
}
|
|
1171
|
+
},
|
|
1172
|
+
"domain": {
|
|
1173
|
+
"ignore_above": 1024,
|
|
1174
|
+
"type": "keyword"
|
|
1175
|
+
},
|
|
1176
|
+
"geo": {
|
|
1013
1177
|
"properties": {
|
|
1014
1178
|
"city_name": {
|
|
1015
1179
|
"ignore_above": 1024,
|
|
1016
1180
|
"type": "keyword"
|
|
1017
1181
|
},
|
|
1182
|
+
"continent_code": {
|
|
1183
|
+
"ignore_above": 1024,
|
|
1184
|
+
"type": "keyword"
|
|
1185
|
+
},
|
|
1018
1186
|
"continent_name": {
|
|
1019
1187
|
"ignore_above": 1024,
|
|
1020
1188
|
"type": "keyword"
|
|
@@ -1034,6 +1202,10 @@
|
|
|
1034
1202
|
"ignore_above": 1024,
|
|
1035
1203
|
"type": "keyword"
|
|
1036
1204
|
},
|
|
1205
|
+
"postal_code": {
|
|
1206
|
+
"ignore_above": 1024,
|
|
1207
|
+
"type": "keyword"
|
|
1208
|
+
},
|
|
1037
1209
|
"region_iso_code": {
|
|
1038
1210
|
"ignore_above": 1024,
|
|
1039
1211
|
"type": "keyword"
|
|
@@ -1041,6 +1213,10 @@
|
|
|
1041
1213
|
"region_name": {
|
|
1042
1214
|
"ignore_above": 1024,
|
|
1043
1215
|
"type": "keyword"
|
|
1216
|
+
},
|
|
1217
|
+
"timezone": {
|
|
1218
|
+
"ignore_above": 1024,
|
|
1219
|
+
"type": "keyword"
|
|
1044
1220
|
}
|
|
1045
1221
|
}
|
|
1046
1222
|
},
|
|
@@ -1063,6 +1239,30 @@
|
|
|
1063
1239
|
"ignore_above": 1024,
|
|
1064
1240
|
"type": "keyword"
|
|
1065
1241
|
},
|
|
1242
|
+
"network": {
|
|
1243
|
+
"properties": {
|
|
1244
|
+
"egress": {
|
|
1245
|
+
"properties": {
|
|
1246
|
+
"bytes": {
|
|
1247
|
+
"type": "long"
|
|
1248
|
+
},
|
|
1249
|
+
"packets": {
|
|
1250
|
+
"type": "long"
|
|
1251
|
+
}
|
|
1252
|
+
}
|
|
1253
|
+
},
|
|
1254
|
+
"ingress": {
|
|
1255
|
+
"properties": {
|
|
1256
|
+
"bytes": {
|
|
1257
|
+
"type": "long"
|
|
1258
|
+
},
|
|
1259
|
+
"packets": {
|
|
1260
|
+
"type": "long"
|
|
1261
|
+
}
|
|
1262
|
+
}
|
|
1263
|
+
}
|
|
1264
|
+
}
|
|
1265
|
+
},
|
|
1066
1266
|
"os": {
|
|
1067
1267
|
"properties": {
|
|
1068
1268
|
"family": {
|
|
@@ -1097,6 +1297,10 @@
|
|
|
1097
1297
|
"ignore_above": 1024,
|
|
1098
1298
|
"type": "keyword"
|
|
1099
1299
|
},
|
|
1300
|
+
"type": {
|
|
1301
|
+
"ignore_above": 1024,
|
|
1302
|
+
"type": "keyword"
|
|
1303
|
+
},
|
|
1100
1304
|
"version": {
|
|
1101
1305
|
"ignore_above": 1024,
|
|
1102
1306
|
"type": "keyword"
|
|
@@ -1163,6 +1367,10 @@
|
|
|
1163
1367
|
},
|
|
1164
1368
|
"ignore_above": 1024,
|
|
1165
1369
|
"type": "keyword"
|
|
1370
|
+
},
|
|
1371
|
+
"roles": {
|
|
1372
|
+
"ignore_above": 1024,
|
|
1373
|
+
"type": "keyword"
|
|
1166
1374
|
}
|
|
1167
1375
|
}
|
|
1168
1376
|
}
|
|
@@ -1192,10 +1400,18 @@
|
|
|
1192
1400
|
"bytes": {
|
|
1193
1401
|
"type": "long"
|
|
1194
1402
|
},
|
|
1403
|
+
"id": {
|
|
1404
|
+
"ignore_above": 1024,
|
|
1405
|
+
"type": "keyword"
|
|
1406
|
+
},
|
|
1195
1407
|
"method": {
|
|
1196
1408
|
"ignore_above": 1024,
|
|
1197
1409
|
"type": "keyword"
|
|
1198
1410
|
},
|
|
1411
|
+
"mime_type": {
|
|
1412
|
+
"ignore_above": 1024,
|
|
1413
|
+
"type": "keyword"
|
|
1414
|
+
},
|
|
1199
1415
|
"referrer": {
|
|
1200
1416
|
"ignore_above": 1024,
|
|
1201
1417
|
"type": "keyword"
|
|
@@ -1224,6 +1440,10 @@
|
|
|
1224
1440
|
"bytes": {
|
|
1225
1441
|
"type": "long"
|
|
1226
1442
|
},
|
|
1443
|
+
"mime_type": {
|
|
1444
|
+
"ignore_above": 1024,
|
|
1445
|
+
"type": "keyword"
|
|
1446
|
+
},
|
|
1227
1447
|
"status_code": {
|
|
1228
1448
|
"type": "long"
|
|
1229
1449
|
}
|
|
@@ -1235,27 +1455,19 @@
|
|
|
1235
1455
|
}
|
|
1236
1456
|
}
|
|
1237
1457
|
},
|
|
1238
|
-
"interface": {
|
|
1239
|
-
"properties": {
|
|
1240
|
-
"alias": {
|
|
1241
|
-
"ignore_above": 1024,
|
|
1242
|
-
"type": "keyword"
|
|
1243
|
-
},
|
|
1244
|
-
"id": {
|
|
1245
|
-
"ignore_above": 1024,
|
|
1246
|
-
"type": "keyword"
|
|
1247
|
-
},
|
|
1248
|
-
"name": {
|
|
1249
|
-
"ignore_above": 1024,
|
|
1250
|
-
"type": "keyword"
|
|
1251
|
-
}
|
|
1252
|
-
}
|
|
1253
|
-
},
|
|
1254
1458
|
"labels": {
|
|
1255
1459
|
"type": "object"
|
|
1256
1460
|
},
|
|
1257
1461
|
"log": {
|
|
1258
1462
|
"properties": {
|
|
1463
|
+
"file": {
|
|
1464
|
+
"properties": {
|
|
1465
|
+
"path": {
|
|
1466
|
+
"ignore_above": 1024,
|
|
1467
|
+
"type": "keyword"
|
|
1468
|
+
}
|
|
1469
|
+
}
|
|
1470
|
+
},
|
|
1259
1471
|
"level": {
|
|
1260
1472
|
"ignore_above": 1024,
|
|
1261
1473
|
"type": "keyword"
|
|
@@ -1444,6 +1656,10 @@
|
|
|
1444
1656
|
"ignore_above": 1024,
|
|
1445
1657
|
"type": "keyword"
|
|
1446
1658
|
},
|
|
1659
|
+
"continent_code": {
|
|
1660
|
+
"ignore_above": 1024,
|
|
1661
|
+
"type": "keyword"
|
|
1662
|
+
},
|
|
1447
1663
|
"continent_name": {
|
|
1448
1664
|
"ignore_above": 1024,
|
|
1449
1665
|
"type": "keyword"
|
|
@@ -1463,6 +1679,10 @@
|
|
|
1463
1679
|
"ignore_above": 1024,
|
|
1464
1680
|
"type": "keyword"
|
|
1465
1681
|
},
|
|
1682
|
+
"postal_code": {
|
|
1683
|
+
"ignore_above": 1024,
|
|
1684
|
+
"type": "keyword"
|
|
1685
|
+
},
|
|
1466
1686
|
"region_iso_code": {
|
|
1467
1687
|
"ignore_above": 1024,
|
|
1468
1688
|
"type": "keyword"
|
|
@@ -1470,6 +1690,10 @@
|
|
|
1470
1690
|
"region_name": {
|
|
1471
1691
|
"ignore_above": 1024,
|
|
1472
1692
|
"type": "keyword"
|
|
1693
|
+
},
|
|
1694
|
+
"timezone": {
|
|
1695
|
+
"ignore_above": 1024,
|
|
1696
|
+
"type": "keyword"
|
|
1473
1697
|
}
|
|
1474
1698
|
}
|
|
1475
1699
|
},
|
|
@@ -1559,6 +1783,10 @@
|
|
|
1559
1783
|
"ignore_above": 1024,
|
|
1560
1784
|
"type": "keyword"
|
|
1561
1785
|
},
|
|
1786
|
+
"type": {
|
|
1787
|
+
"ignore_above": 1024,
|
|
1788
|
+
"type": "keyword"
|
|
1789
|
+
},
|
|
1562
1790
|
"version": {
|
|
1563
1791
|
"ignore_above": 1024,
|
|
1564
1792
|
"type": "keyword"
|
|
@@ -1587,41 +1815,57 @@
|
|
|
1587
1815
|
}
|
|
1588
1816
|
}
|
|
1589
1817
|
},
|
|
1590
|
-
"
|
|
1818
|
+
"orchestrator": {
|
|
1591
1819
|
"properties": {
|
|
1592
|
-
"
|
|
1820
|
+
"api_version": {
|
|
1593
1821
|
"ignore_above": 1024,
|
|
1594
1822
|
"type": "keyword"
|
|
1595
1823
|
},
|
|
1596
|
-
"
|
|
1597
|
-
"
|
|
1598
|
-
"
|
|
1599
|
-
"
|
|
1600
|
-
"type": "
|
|
1824
|
+
"cluster": {
|
|
1825
|
+
"properties": {
|
|
1826
|
+
"name": {
|
|
1827
|
+
"ignore_above": 1024,
|
|
1828
|
+
"type": "keyword"
|
|
1829
|
+
},
|
|
1830
|
+
"url": {
|
|
1831
|
+
"ignore_above": 1024,
|
|
1832
|
+
"type": "keyword"
|
|
1833
|
+
},
|
|
1834
|
+
"version": {
|
|
1835
|
+
"ignore_above": 1024,
|
|
1836
|
+
"type": "keyword"
|
|
1601
1837
|
}
|
|
1602
|
-
}
|
|
1838
|
+
}
|
|
1839
|
+
},
|
|
1840
|
+
"namespace": {
|
|
1603
1841
|
"ignore_above": 1024,
|
|
1604
1842
|
"type": "keyword"
|
|
1605
|
-
}
|
|
1606
|
-
|
|
1607
|
-
},
|
|
1608
|
-
"os": {
|
|
1609
|
-
"properties": {
|
|
1610
|
-
"family": {
|
|
1843
|
+
},
|
|
1844
|
+
"organization": {
|
|
1611
1845
|
"ignore_above": 1024,
|
|
1612
1846
|
"type": "keyword"
|
|
1613
1847
|
},
|
|
1614
|
-
"
|
|
1615
|
-
"
|
|
1616
|
-
"
|
|
1617
|
-
"
|
|
1618
|
-
"type": "
|
|
1848
|
+
"resource": {
|
|
1849
|
+
"properties": {
|
|
1850
|
+
"name": {
|
|
1851
|
+
"ignore_above": 1024,
|
|
1852
|
+
"type": "keyword"
|
|
1853
|
+
},
|
|
1854
|
+
"type": {
|
|
1855
|
+
"ignore_above": 1024,
|
|
1856
|
+
"type": "keyword"
|
|
1619
1857
|
}
|
|
1620
|
-
}
|
|
1858
|
+
}
|
|
1859
|
+
},
|
|
1860
|
+
"type": {
|
|
1621
1861
|
"ignore_above": 1024,
|
|
1622
1862
|
"type": "keyword"
|
|
1623
|
-
}
|
|
1624
|
-
|
|
1863
|
+
}
|
|
1864
|
+
}
|
|
1865
|
+
},
|
|
1866
|
+
"organization": {
|
|
1867
|
+
"properties": {
|
|
1868
|
+
"id": {
|
|
1625
1869
|
"ignore_above": 1024,
|
|
1626
1870
|
"type": "keyword"
|
|
1627
1871
|
},
|
|
@@ -1634,14 +1878,6 @@
|
|
|
1634
1878
|
},
|
|
1635
1879
|
"ignore_above": 1024,
|
|
1636
1880
|
"type": "keyword"
|
|
1637
|
-
},
|
|
1638
|
-
"platform": {
|
|
1639
|
-
"ignore_above": 1024,
|
|
1640
|
-
"type": "keyword"
|
|
1641
|
-
},
|
|
1642
|
-
"version": {
|
|
1643
|
-
"ignore_above": 1024,
|
|
1644
|
-
"type": "keyword"
|
|
1645
1881
|
}
|
|
1646
1882
|
}
|
|
1647
1883
|
},
|
|
@@ -1699,30 +1935,6 @@
|
|
|
1699
1935
|
}
|
|
1700
1936
|
}
|
|
1701
1937
|
},
|
|
1702
|
-
"pe": {
|
|
1703
|
-
"properties": {
|
|
1704
|
-
"company": {
|
|
1705
|
-
"ignore_above": 1024,
|
|
1706
|
-
"type": "keyword"
|
|
1707
|
-
},
|
|
1708
|
-
"description": {
|
|
1709
|
-
"ignore_above": 1024,
|
|
1710
|
-
"type": "keyword"
|
|
1711
|
-
},
|
|
1712
|
-
"file_version": {
|
|
1713
|
-
"ignore_above": 1024,
|
|
1714
|
-
"type": "keyword"
|
|
1715
|
-
},
|
|
1716
|
-
"original_file_name": {
|
|
1717
|
-
"ignore_above": 1024,
|
|
1718
|
-
"type": "keyword"
|
|
1719
|
-
},
|
|
1720
|
-
"product": {
|
|
1721
|
-
"ignore_above": 1024,
|
|
1722
|
-
"type": "keyword"
|
|
1723
|
-
}
|
|
1724
|
-
}
|
|
1725
|
-
},
|
|
1726
1938
|
"process": {
|
|
1727
1939
|
"properties": {
|
|
1728
1940
|
"args": {
|
|
@@ -1737,6 +1949,10 @@
|
|
|
1737
1949
|
"exists": {
|
|
1738
1950
|
"type": "boolean"
|
|
1739
1951
|
},
|
|
1952
|
+
"signing_id": {
|
|
1953
|
+
"ignore_above": 1024,
|
|
1954
|
+
"type": "keyword"
|
|
1955
|
+
},
|
|
1740
1956
|
"status": {
|
|
1741
1957
|
"ignore_above": 1024,
|
|
1742
1958
|
"type": "keyword"
|
|
@@ -1745,6 +1961,10 @@
|
|
|
1745
1961
|
"ignore_above": 1024,
|
|
1746
1962
|
"type": "keyword"
|
|
1747
1963
|
},
|
|
1964
|
+
"team_id": {
|
|
1965
|
+
"ignore_above": 1024,
|
|
1966
|
+
"type": "keyword"
|
|
1967
|
+
},
|
|
1748
1968
|
"trusted": {
|
|
1749
1969
|
"type": "boolean"
|
|
1750
1970
|
},
|
|
@@ -1797,6 +2017,10 @@
|
|
|
1797
2017
|
"sha512": {
|
|
1798
2018
|
"ignore_above": 1024,
|
|
1799
2019
|
"type": "keyword"
|
|
2020
|
+
},
|
|
2021
|
+
"ssdeep": {
|
|
2022
|
+
"ignore_above": 1024,
|
|
2023
|
+
"type": "keyword"
|
|
1800
2024
|
}
|
|
1801
2025
|
}
|
|
1802
2026
|
},
|
|
@@ -1824,6 +2048,10 @@
|
|
|
1824
2048
|
"exists": {
|
|
1825
2049
|
"type": "boolean"
|
|
1826
2050
|
},
|
|
2051
|
+
"signing_id": {
|
|
2052
|
+
"ignore_above": 1024,
|
|
2053
|
+
"type": "keyword"
|
|
2054
|
+
},
|
|
1827
2055
|
"status": {
|
|
1828
2056
|
"ignore_above": 1024,
|
|
1829
2057
|
"type": "keyword"
|
|
@@ -1832,6 +2060,10 @@
|
|
|
1832
2060
|
"ignore_above": 1024,
|
|
1833
2061
|
"type": "keyword"
|
|
1834
2062
|
},
|
|
2063
|
+
"team_id": {
|
|
2064
|
+
"ignore_above": 1024,
|
|
2065
|
+
"type": "keyword"
|
|
2066
|
+
},
|
|
1835
2067
|
"trusted": {
|
|
1836
2068
|
"type": "boolean"
|
|
1837
2069
|
},
|
|
@@ -1884,6 +2116,10 @@
|
|
|
1884
2116
|
"sha512": {
|
|
1885
2117
|
"ignore_above": 1024,
|
|
1886
2118
|
"type": "keyword"
|
|
2119
|
+
},
|
|
2120
|
+
"ssdeep": {
|
|
2121
|
+
"ignore_above": 1024,
|
|
2122
|
+
"type": "keyword"
|
|
1887
2123
|
}
|
|
1888
2124
|
}
|
|
1889
2125
|
},
|
|
@@ -1897,6 +2133,38 @@
|
|
|
1897
2133
|
"ignore_above": 1024,
|
|
1898
2134
|
"type": "keyword"
|
|
1899
2135
|
},
|
|
2136
|
+
"pe": {
|
|
2137
|
+
"properties": {
|
|
2138
|
+
"architecture": {
|
|
2139
|
+
"ignore_above": 1024,
|
|
2140
|
+
"type": "keyword"
|
|
2141
|
+
},
|
|
2142
|
+
"company": {
|
|
2143
|
+
"ignore_above": 1024,
|
|
2144
|
+
"type": "keyword"
|
|
2145
|
+
},
|
|
2146
|
+
"description": {
|
|
2147
|
+
"ignore_above": 1024,
|
|
2148
|
+
"type": "keyword"
|
|
2149
|
+
},
|
|
2150
|
+
"file_version": {
|
|
2151
|
+
"ignore_above": 1024,
|
|
2152
|
+
"type": "keyword"
|
|
2153
|
+
},
|
|
2154
|
+
"imphash": {
|
|
2155
|
+
"ignore_above": 1024,
|
|
2156
|
+
"type": "keyword"
|
|
2157
|
+
},
|
|
2158
|
+
"original_file_name": {
|
|
2159
|
+
"ignore_above": 1024,
|
|
2160
|
+
"type": "keyword"
|
|
2161
|
+
},
|
|
2162
|
+
"product": {
|
|
2163
|
+
"ignore_above": 1024,
|
|
2164
|
+
"type": "keyword"
|
|
2165
|
+
}
|
|
2166
|
+
}
|
|
2167
|
+
},
|
|
1900
2168
|
"pgid": {
|
|
1901
2169
|
"type": "long"
|
|
1902
2170
|
},
|
|
@@ -1947,6 +2215,10 @@
|
|
|
1947
2215
|
},
|
|
1948
2216
|
"pe": {
|
|
1949
2217
|
"properties": {
|
|
2218
|
+
"architecture": {
|
|
2219
|
+
"ignore_above": 1024,
|
|
2220
|
+
"type": "keyword"
|
|
2221
|
+
},
|
|
1950
2222
|
"company": {
|
|
1951
2223
|
"ignore_above": 1024,
|
|
1952
2224
|
"type": "keyword"
|
|
@@ -1959,6 +2231,10 @@
|
|
|
1959
2231
|
"ignore_above": 1024,
|
|
1960
2232
|
"type": "keyword"
|
|
1961
2233
|
},
|
|
2234
|
+
"imphash": {
|
|
2235
|
+
"ignore_above": 1024,
|
|
2236
|
+
"type": "keyword"
|
|
2237
|
+
},
|
|
1962
2238
|
"original_file_name": {
|
|
1963
2239
|
"ignore_above": 1024,
|
|
1964
2240
|
"type": "keyword"
|
|
@@ -2059,6 +2335,10 @@
|
|
|
2059
2335
|
"ignore_above": 1024,
|
|
2060
2336
|
"type": "keyword"
|
|
2061
2337
|
},
|
|
2338
|
+
"hosts": {
|
|
2339
|
+
"ignore_above": 1024,
|
|
2340
|
+
"type": "keyword"
|
|
2341
|
+
},
|
|
2062
2342
|
"ip": {
|
|
2063
2343
|
"type": "ip"
|
|
2064
2344
|
},
|
|
@@ -2152,6 +2432,10 @@
|
|
|
2152
2432
|
"ignore_above": 1024,
|
|
2153
2433
|
"type": "keyword"
|
|
2154
2434
|
},
|
|
2435
|
+
"continent_code": {
|
|
2436
|
+
"ignore_above": 1024,
|
|
2437
|
+
"type": "keyword"
|
|
2438
|
+
},
|
|
2155
2439
|
"continent_name": {
|
|
2156
2440
|
"ignore_above": 1024,
|
|
2157
2441
|
"type": "keyword"
|
|
@@ -2171,6 +2455,10 @@
|
|
|
2171
2455
|
"ignore_above": 1024,
|
|
2172
2456
|
"type": "keyword"
|
|
2173
2457
|
},
|
|
2458
|
+
"postal_code": {
|
|
2459
|
+
"ignore_above": 1024,
|
|
2460
|
+
"type": "keyword"
|
|
2461
|
+
},
|
|
2174
2462
|
"region_iso_code": {
|
|
2175
2463
|
"ignore_above": 1024,
|
|
2176
2464
|
"type": "keyword"
|
|
@@ -2178,6 +2466,10 @@
|
|
|
2178
2466
|
"region_name": {
|
|
2179
2467
|
"ignore_above": 1024,
|
|
2180
2468
|
"type": "keyword"
|
|
2469
|
+
},
|
|
2470
|
+
"timezone": {
|
|
2471
|
+
"ignore_above": 1024,
|
|
2472
|
+
"type": "keyword"
|
|
2181
2473
|
}
|
|
2182
2474
|
}
|
|
2183
2475
|
},
|
|
@@ -2208,6 +2500,10 @@
|
|
|
2208
2500
|
"ignore_above": 1024,
|
|
2209
2501
|
"type": "keyword"
|
|
2210
2502
|
},
|
|
2503
|
+
"subdomain": {
|
|
2504
|
+
"ignore_above": 1024,
|
|
2505
|
+
"type": "keyword"
|
|
2506
|
+
},
|
|
2211
2507
|
"top_level_domain": {
|
|
2212
2508
|
"ignore_above": 1024,
|
|
2213
2509
|
"type": "keyword"
|
|
@@ -2265,6 +2561,10 @@
|
|
|
2265
2561
|
},
|
|
2266
2562
|
"ignore_above": 1024,
|
|
2267
2563
|
"type": "keyword"
|
|
2564
|
+
},
|
|
2565
|
+
"roles": {
|
|
2566
|
+
"ignore_above": 1024,
|
|
2567
|
+
"type": "keyword"
|
|
2268
2568
|
}
|
|
2269
2569
|
}
|
|
2270
2570
|
}
|
|
@@ -2346,6 +2646,10 @@
|
|
|
2346
2646
|
"ignore_above": 1024,
|
|
2347
2647
|
"type": "keyword"
|
|
2348
2648
|
},
|
|
2649
|
+
"continent_code": {
|
|
2650
|
+
"ignore_above": 1024,
|
|
2651
|
+
"type": "keyword"
|
|
2652
|
+
},
|
|
2349
2653
|
"continent_name": {
|
|
2350
2654
|
"ignore_above": 1024,
|
|
2351
2655
|
"type": "keyword"
|
|
@@ -2365,6 +2669,10 @@
|
|
|
2365
2669
|
"ignore_above": 1024,
|
|
2366
2670
|
"type": "keyword"
|
|
2367
2671
|
},
|
|
2672
|
+
"postal_code": {
|
|
2673
|
+
"ignore_above": 1024,
|
|
2674
|
+
"type": "keyword"
|
|
2675
|
+
},
|
|
2368
2676
|
"region_iso_code": {
|
|
2369
2677
|
"ignore_above": 1024,
|
|
2370
2678
|
"type": "keyword"
|
|
@@ -2372,6 +2680,10 @@
|
|
|
2372
2680
|
"region_name": {
|
|
2373
2681
|
"ignore_above": 1024,
|
|
2374
2682
|
"type": "keyword"
|
|
2683
|
+
},
|
|
2684
|
+
"timezone": {
|
|
2685
|
+
"ignore_above": 1024,
|
|
2686
|
+
"type": "keyword"
|
|
2375
2687
|
}
|
|
2376
2688
|
}
|
|
2377
2689
|
},
|
|
@@ -2402,7 +2714,11 @@
|
|
|
2402
2714
|
"ignore_above": 1024,
|
|
2403
2715
|
"type": "keyword"
|
|
2404
2716
|
},
|
|
2405
|
-
"
|
|
2717
|
+
"subdomain": {
|
|
2718
|
+
"ignore_above": 1024,
|
|
2719
|
+
"type": "keyword"
|
|
2720
|
+
},
|
|
2721
|
+
"top_level_domain": {
|
|
2406
2722
|
"ignore_above": 1024,
|
|
2407
2723
|
"type": "keyword"
|
|
2408
2724
|
},
|
|
@@ -2459,11 +2775,23 @@
|
|
|
2459
2775
|
},
|
|
2460
2776
|
"ignore_above": 1024,
|
|
2461
2777
|
"type": "keyword"
|
|
2778
|
+
},
|
|
2779
|
+
"roles": {
|
|
2780
|
+
"ignore_above": 1024,
|
|
2781
|
+
"type": "keyword"
|
|
2462
2782
|
}
|
|
2463
2783
|
}
|
|
2464
2784
|
}
|
|
2465
2785
|
}
|
|
2466
2786
|
},
|
|
2787
|
+
"span": {
|
|
2788
|
+
"properties": {
|
|
2789
|
+
"id": {
|
|
2790
|
+
"ignore_above": 1024,
|
|
2791
|
+
"type": "keyword"
|
|
2792
|
+
}
|
|
2793
|
+
}
|
|
2794
|
+
},
|
|
2467
2795
|
"tags": {
|
|
2468
2796
|
"ignore_above": 1024,
|
|
2469
2797
|
"type": "keyword"
|
|
@@ -2509,6 +2837,28 @@
|
|
|
2509
2837
|
"reference": {
|
|
2510
2838
|
"ignore_above": 1024,
|
|
2511
2839
|
"type": "keyword"
|
|
2840
|
+
},
|
|
2841
|
+
"subtechnique": {
|
|
2842
|
+
"properties": {
|
|
2843
|
+
"id": {
|
|
2844
|
+
"ignore_above": 1024,
|
|
2845
|
+
"type": "keyword"
|
|
2846
|
+
},
|
|
2847
|
+
"name": {
|
|
2848
|
+
"fields": {
|
|
2849
|
+
"text": {
|
|
2850
|
+
"norms": false,
|
|
2851
|
+
"type": "text"
|
|
2852
|
+
}
|
|
2853
|
+
},
|
|
2854
|
+
"ignore_above": 1024,
|
|
2855
|
+
"type": "keyword"
|
|
2856
|
+
},
|
|
2857
|
+
"reference": {
|
|
2858
|
+
"ignore_above": 1024,
|
|
2859
|
+
"type": "keyword"
|
|
2860
|
+
}
|
|
2861
|
+
}
|
|
2512
2862
|
}
|
|
2513
2863
|
}
|
|
2514
2864
|
}
|
|
@@ -2571,6 +2921,112 @@
|
|
|
2571
2921
|
"supported_ciphers": {
|
|
2572
2922
|
"ignore_above": 1024,
|
|
2573
2923
|
"type": "keyword"
|
|
2924
|
+
},
|
|
2925
|
+
"x509": {
|
|
2926
|
+
"properties": {
|
|
2927
|
+
"alternative_names": {
|
|
2928
|
+
"ignore_above": 1024,
|
|
2929
|
+
"type": "keyword"
|
|
2930
|
+
},
|
|
2931
|
+
"issuer": {
|
|
2932
|
+
"properties": {
|
|
2933
|
+
"common_name": {
|
|
2934
|
+
"ignore_above": 1024,
|
|
2935
|
+
"type": "keyword"
|
|
2936
|
+
},
|
|
2937
|
+
"country": {
|
|
2938
|
+
"ignore_above": 1024,
|
|
2939
|
+
"type": "keyword"
|
|
2940
|
+
},
|
|
2941
|
+
"distinguished_name": {
|
|
2942
|
+
"ignore_above": 1024,
|
|
2943
|
+
"type": "keyword"
|
|
2944
|
+
},
|
|
2945
|
+
"locality": {
|
|
2946
|
+
"ignore_above": 1024,
|
|
2947
|
+
"type": "keyword"
|
|
2948
|
+
},
|
|
2949
|
+
"organization": {
|
|
2950
|
+
"ignore_above": 1024,
|
|
2951
|
+
"type": "keyword"
|
|
2952
|
+
},
|
|
2953
|
+
"organizational_unit": {
|
|
2954
|
+
"ignore_above": 1024,
|
|
2955
|
+
"type": "keyword"
|
|
2956
|
+
},
|
|
2957
|
+
"state_or_province": {
|
|
2958
|
+
"ignore_above": 1024,
|
|
2959
|
+
"type": "keyword"
|
|
2960
|
+
}
|
|
2961
|
+
}
|
|
2962
|
+
},
|
|
2963
|
+
"not_after": {
|
|
2964
|
+
"type": "date"
|
|
2965
|
+
},
|
|
2966
|
+
"not_before": {
|
|
2967
|
+
"type": "date"
|
|
2968
|
+
},
|
|
2969
|
+
"public_key_algorithm": {
|
|
2970
|
+
"ignore_above": 1024,
|
|
2971
|
+
"type": "keyword"
|
|
2972
|
+
},
|
|
2973
|
+
"public_key_curve": {
|
|
2974
|
+
"ignore_above": 1024,
|
|
2975
|
+
"type": "keyword"
|
|
2976
|
+
},
|
|
2977
|
+
"public_key_exponent": {
|
|
2978
|
+
"doc_values": false,
|
|
2979
|
+
"index": false,
|
|
2980
|
+
"type": "long"
|
|
2981
|
+
},
|
|
2982
|
+
"public_key_size": {
|
|
2983
|
+
"type": "long"
|
|
2984
|
+
},
|
|
2985
|
+
"serial_number": {
|
|
2986
|
+
"ignore_above": 1024,
|
|
2987
|
+
"type": "keyword"
|
|
2988
|
+
},
|
|
2989
|
+
"signature_algorithm": {
|
|
2990
|
+
"ignore_above": 1024,
|
|
2991
|
+
"type": "keyword"
|
|
2992
|
+
},
|
|
2993
|
+
"subject": {
|
|
2994
|
+
"properties": {
|
|
2995
|
+
"common_name": {
|
|
2996
|
+
"ignore_above": 1024,
|
|
2997
|
+
"type": "keyword"
|
|
2998
|
+
},
|
|
2999
|
+
"country": {
|
|
3000
|
+
"ignore_above": 1024,
|
|
3001
|
+
"type": "keyword"
|
|
3002
|
+
},
|
|
3003
|
+
"distinguished_name": {
|
|
3004
|
+
"ignore_above": 1024,
|
|
3005
|
+
"type": "keyword"
|
|
3006
|
+
},
|
|
3007
|
+
"locality": {
|
|
3008
|
+
"ignore_above": 1024,
|
|
3009
|
+
"type": "keyword"
|
|
3010
|
+
},
|
|
3011
|
+
"organization": {
|
|
3012
|
+
"ignore_above": 1024,
|
|
3013
|
+
"type": "keyword"
|
|
3014
|
+
},
|
|
3015
|
+
"organizational_unit": {
|
|
3016
|
+
"ignore_above": 1024,
|
|
3017
|
+
"type": "keyword"
|
|
3018
|
+
},
|
|
3019
|
+
"state_or_province": {
|
|
3020
|
+
"ignore_above": 1024,
|
|
3021
|
+
"type": "keyword"
|
|
3022
|
+
}
|
|
3023
|
+
}
|
|
3024
|
+
},
|
|
3025
|
+
"version_number": {
|
|
3026
|
+
"ignore_above": 1024,
|
|
3027
|
+
"type": "keyword"
|
|
3028
|
+
}
|
|
3029
|
+
}
|
|
2574
3030
|
}
|
|
2575
3031
|
}
|
|
2576
3032
|
},
|
|
@@ -2631,6 +3087,112 @@
|
|
|
2631
3087
|
"subject": {
|
|
2632
3088
|
"ignore_above": 1024,
|
|
2633
3089
|
"type": "keyword"
|
|
3090
|
+
},
|
|
3091
|
+
"x509": {
|
|
3092
|
+
"properties": {
|
|
3093
|
+
"alternative_names": {
|
|
3094
|
+
"ignore_above": 1024,
|
|
3095
|
+
"type": "keyword"
|
|
3096
|
+
},
|
|
3097
|
+
"issuer": {
|
|
3098
|
+
"properties": {
|
|
3099
|
+
"common_name": {
|
|
3100
|
+
"ignore_above": 1024,
|
|
3101
|
+
"type": "keyword"
|
|
3102
|
+
},
|
|
3103
|
+
"country": {
|
|
3104
|
+
"ignore_above": 1024,
|
|
3105
|
+
"type": "keyword"
|
|
3106
|
+
},
|
|
3107
|
+
"distinguished_name": {
|
|
3108
|
+
"ignore_above": 1024,
|
|
3109
|
+
"type": "keyword"
|
|
3110
|
+
},
|
|
3111
|
+
"locality": {
|
|
3112
|
+
"ignore_above": 1024,
|
|
3113
|
+
"type": "keyword"
|
|
3114
|
+
},
|
|
3115
|
+
"organization": {
|
|
3116
|
+
"ignore_above": 1024,
|
|
3117
|
+
"type": "keyword"
|
|
3118
|
+
},
|
|
3119
|
+
"organizational_unit": {
|
|
3120
|
+
"ignore_above": 1024,
|
|
3121
|
+
"type": "keyword"
|
|
3122
|
+
},
|
|
3123
|
+
"state_or_province": {
|
|
3124
|
+
"ignore_above": 1024,
|
|
3125
|
+
"type": "keyword"
|
|
3126
|
+
}
|
|
3127
|
+
}
|
|
3128
|
+
},
|
|
3129
|
+
"not_after": {
|
|
3130
|
+
"type": "date"
|
|
3131
|
+
},
|
|
3132
|
+
"not_before": {
|
|
3133
|
+
"type": "date"
|
|
3134
|
+
},
|
|
3135
|
+
"public_key_algorithm": {
|
|
3136
|
+
"ignore_above": 1024,
|
|
3137
|
+
"type": "keyword"
|
|
3138
|
+
},
|
|
3139
|
+
"public_key_curve": {
|
|
3140
|
+
"ignore_above": 1024,
|
|
3141
|
+
"type": "keyword"
|
|
3142
|
+
},
|
|
3143
|
+
"public_key_exponent": {
|
|
3144
|
+
"doc_values": false,
|
|
3145
|
+
"index": false,
|
|
3146
|
+
"type": "long"
|
|
3147
|
+
},
|
|
3148
|
+
"public_key_size": {
|
|
3149
|
+
"type": "long"
|
|
3150
|
+
},
|
|
3151
|
+
"serial_number": {
|
|
3152
|
+
"ignore_above": 1024,
|
|
3153
|
+
"type": "keyword"
|
|
3154
|
+
},
|
|
3155
|
+
"signature_algorithm": {
|
|
3156
|
+
"ignore_above": 1024,
|
|
3157
|
+
"type": "keyword"
|
|
3158
|
+
},
|
|
3159
|
+
"subject": {
|
|
3160
|
+
"properties": {
|
|
3161
|
+
"common_name": {
|
|
3162
|
+
"ignore_above": 1024,
|
|
3163
|
+
"type": "keyword"
|
|
3164
|
+
},
|
|
3165
|
+
"country": {
|
|
3166
|
+
"ignore_above": 1024,
|
|
3167
|
+
"type": "keyword"
|
|
3168
|
+
},
|
|
3169
|
+
"distinguished_name": {
|
|
3170
|
+
"ignore_above": 1024,
|
|
3171
|
+
"type": "keyword"
|
|
3172
|
+
},
|
|
3173
|
+
"locality": {
|
|
3174
|
+
"ignore_above": 1024,
|
|
3175
|
+
"type": "keyword"
|
|
3176
|
+
},
|
|
3177
|
+
"organization": {
|
|
3178
|
+
"ignore_above": 1024,
|
|
3179
|
+
"type": "keyword"
|
|
3180
|
+
},
|
|
3181
|
+
"organizational_unit": {
|
|
3182
|
+
"ignore_above": 1024,
|
|
3183
|
+
"type": "keyword"
|
|
3184
|
+
},
|
|
3185
|
+
"state_or_province": {
|
|
3186
|
+
"ignore_above": 1024,
|
|
3187
|
+
"type": "keyword"
|
|
3188
|
+
}
|
|
3189
|
+
}
|
|
3190
|
+
},
|
|
3191
|
+
"version_number": {
|
|
3192
|
+
"ignore_above": 1024,
|
|
3193
|
+
"type": "keyword"
|
|
3194
|
+
}
|
|
3195
|
+
}
|
|
2634
3196
|
}
|
|
2635
3197
|
}
|
|
2636
3198
|
},
|
|
@@ -2717,6 +3279,10 @@
|
|
|
2717
3279
|
"ignore_above": 1024,
|
|
2718
3280
|
"type": "keyword"
|
|
2719
3281
|
},
|
|
3282
|
+
"subdomain": {
|
|
3283
|
+
"ignore_above": 1024,
|
|
3284
|
+
"type": "keyword"
|
|
3285
|
+
},
|
|
2720
3286
|
"top_level_domain": {
|
|
2721
3287
|
"ignore_above": 1024,
|
|
2722
3288
|
"type": "keyword"
|
|
@@ -2729,10 +3295,130 @@
|
|
|
2729
3295
|
},
|
|
2730
3296
|
"user": {
|
|
2731
3297
|
"properties": {
|
|
3298
|
+
"changes": {
|
|
3299
|
+
"properties": {
|
|
3300
|
+
"domain": {
|
|
3301
|
+
"ignore_above": 1024,
|
|
3302
|
+
"type": "keyword"
|
|
3303
|
+
},
|
|
3304
|
+
"email": {
|
|
3305
|
+
"ignore_above": 1024,
|
|
3306
|
+
"type": "keyword"
|
|
3307
|
+
},
|
|
3308
|
+
"full_name": {
|
|
3309
|
+
"fields": {
|
|
3310
|
+
"text": {
|
|
3311
|
+
"norms": false,
|
|
3312
|
+
"type": "text"
|
|
3313
|
+
}
|
|
3314
|
+
},
|
|
3315
|
+
"ignore_above": 1024,
|
|
3316
|
+
"type": "keyword"
|
|
3317
|
+
},
|
|
3318
|
+
"group": {
|
|
3319
|
+
"properties": {
|
|
3320
|
+
"domain": {
|
|
3321
|
+
"ignore_above": 1024,
|
|
3322
|
+
"type": "keyword"
|
|
3323
|
+
},
|
|
3324
|
+
"id": {
|
|
3325
|
+
"ignore_above": 1024,
|
|
3326
|
+
"type": "keyword"
|
|
3327
|
+
},
|
|
3328
|
+
"name": {
|
|
3329
|
+
"ignore_above": 1024,
|
|
3330
|
+
"type": "keyword"
|
|
3331
|
+
}
|
|
3332
|
+
}
|
|
3333
|
+
},
|
|
3334
|
+
"hash": {
|
|
3335
|
+
"ignore_above": 1024,
|
|
3336
|
+
"type": "keyword"
|
|
3337
|
+
},
|
|
3338
|
+
"id": {
|
|
3339
|
+
"ignore_above": 1024,
|
|
3340
|
+
"type": "keyword"
|
|
3341
|
+
},
|
|
3342
|
+
"name": {
|
|
3343
|
+
"fields": {
|
|
3344
|
+
"text": {
|
|
3345
|
+
"norms": false,
|
|
3346
|
+
"type": "text"
|
|
3347
|
+
}
|
|
3348
|
+
},
|
|
3349
|
+
"ignore_above": 1024,
|
|
3350
|
+
"type": "keyword"
|
|
3351
|
+
},
|
|
3352
|
+
"roles": {
|
|
3353
|
+
"ignore_above": 1024,
|
|
3354
|
+
"type": "keyword"
|
|
3355
|
+
}
|
|
3356
|
+
}
|
|
3357
|
+
},
|
|
2732
3358
|
"domain": {
|
|
2733
3359
|
"ignore_above": 1024,
|
|
2734
3360
|
"type": "keyword"
|
|
2735
3361
|
},
|
|
3362
|
+
"effective": {
|
|
3363
|
+
"properties": {
|
|
3364
|
+
"domain": {
|
|
3365
|
+
"ignore_above": 1024,
|
|
3366
|
+
"type": "keyword"
|
|
3367
|
+
},
|
|
3368
|
+
"email": {
|
|
3369
|
+
"ignore_above": 1024,
|
|
3370
|
+
"type": "keyword"
|
|
3371
|
+
},
|
|
3372
|
+
"full_name": {
|
|
3373
|
+
"fields": {
|
|
3374
|
+
"text": {
|
|
3375
|
+
"norms": false,
|
|
3376
|
+
"type": "text"
|
|
3377
|
+
}
|
|
3378
|
+
},
|
|
3379
|
+
"ignore_above": 1024,
|
|
3380
|
+
"type": "keyword"
|
|
3381
|
+
},
|
|
3382
|
+
"group": {
|
|
3383
|
+
"properties": {
|
|
3384
|
+
"domain": {
|
|
3385
|
+
"ignore_above": 1024,
|
|
3386
|
+
"type": "keyword"
|
|
3387
|
+
},
|
|
3388
|
+
"id": {
|
|
3389
|
+
"ignore_above": 1024,
|
|
3390
|
+
"type": "keyword"
|
|
3391
|
+
},
|
|
3392
|
+
"name": {
|
|
3393
|
+
"ignore_above": 1024,
|
|
3394
|
+
"type": "keyword"
|
|
3395
|
+
}
|
|
3396
|
+
}
|
|
3397
|
+
},
|
|
3398
|
+
"hash": {
|
|
3399
|
+
"ignore_above": 1024,
|
|
3400
|
+
"type": "keyword"
|
|
3401
|
+
},
|
|
3402
|
+
"id": {
|
|
3403
|
+
"ignore_above": 1024,
|
|
3404
|
+
"type": "keyword"
|
|
3405
|
+
},
|
|
3406
|
+
"name": {
|
|
3407
|
+
"fields": {
|
|
3408
|
+
"text": {
|
|
3409
|
+
"norms": false,
|
|
3410
|
+
"type": "text"
|
|
3411
|
+
}
|
|
3412
|
+
},
|
|
3413
|
+
"ignore_above": 1024,
|
|
3414
|
+
"type": "keyword"
|
|
3415
|
+
},
|
|
3416
|
+
"roles": {
|
|
3417
|
+
"ignore_above": 1024,
|
|
3418
|
+
"type": "keyword"
|
|
3419
|
+
}
|
|
3420
|
+
}
|
|
3421
|
+
},
|
|
2736
3422
|
"email": {
|
|
2737
3423
|
"ignore_above": 1024,
|
|
2738
3424
|
"type": "keyword"
|
|
@@ -2780,6 +3466,70 @@
|
|
|
2780
3466
|
},
|
|
2781
3467
|
"ignore_above": 1024,
|
|
2782
3468
|
"type": "keyword"
|
|
3469
|
+
},
|
|
3470
|
+
"roles": {
|
|
3471
|
+
"ignore_above": 1024,
|
|
3472
|
+
"type": "keyword"
|
|
3473
|
+
},
|
|
3474
|
+
"target": {
|
|
3475
|
+
"properties": {
|
|
3476
|
+
"domain": {
|
|
3477
|
+
"ignore_above": 1024,
|
|
3478
|
+
"type": "keyword"
|
|
3479
|
+
},
|
|
3480
|
+
"email": {
|
|
3481
|
+
"ignore_above": 1024,
|
|
3482
|
+
"type": "keyword"
|
|
3483
|
+
},
|
|
3484
|
+
"full_name": {
|
|
3485
|
+
"fields": {
|
|
3486
|
+
"text": {
|
|
3487
|
+
"norms": false,
|
|
3488
|
+
"type": "text"
|
|
3489
|
+
}
|
|
3490
|
+
},
|
|
3491
|
+
"ignore_above": 1024,
|
|
3492
|
+
"type": "keyword"
|
|
3493
|
+
},
|
|
3494
|
+
"group": {
|
|
3495
|
+
"properties": {
|
|
3496
|
+
"domain": {
|
|
3497
|
+
"ignore_above": 1024,
|
|
3498
|
+
"type": "keyword"
|
|
3499
|
+
},
|
|
3500
|
+
"id": {
|
|
3501
|
+
"ignore_above": 1024,
|
|
3502
|
+
"type": "keyword"
|
|
3503
|
+
},
|
|
3504
|
+
"name": {
|
|
3505
|
+
"ignore_above": 1024,
|
|
3506
|
+
"type": "keyword"
|
|
3507
|
+
}
|
|
3508
|
+
}
|
|
3509
|
+
},
|
|
3510
|
+
"hash": {
|
|
3511
|
+
"ignore_above": 1024,
|
|
3512
|
+
"type": "keyword"
|
|
3513
|
+
},
|
|
3514
|
+
"id": {
|
|
3515
|
+
"ignore_above": 1024,
|
|
3516
|
+
"type": "keyword"
|
|
3517
|
+
},
|
|
3518
|
+
"name": {
|
|
3519
|
+
"fields": {
|
|
3520
|
+
"text": {
|
|
3521
|
+
"norms": false,
|
|
3522
|
+
"type": "text"
|
|
3523
|
+
}
|
|
3524
|
+
},
|
|
3525
|
+
"ignore_above": 1024,
|
|
3526
|
+
"type": "keyword"
|
|
3527
|
+
},
|
|
3528
|
+
"roles": {
|
|
3529
|
+
"ignore_above": 1024,
|
|
3530
|
+
"type": "keyword"
|
|
3531
|
+
}
|
|
3532
|
+
}
|
|
2783
3533
|
}
|
|
2784
3534
|
}
|
|
2785
3535
|
},
|
|
@@ -2841,6 +3591,10 @@
|
|
|
2841
3591
|
"ignore_above": 1024,
|
|
2842
3592
|
"type": "keyword"
|
|
2843
3593
|
},
|
|
3594
|
+
"type": {
|
|
3595
|
+
"ignore_above": 1024,
|
|
3596
|
+
"type": "keyword"
|
|
3597
|
+
},
|
|
2844
3598
|
"version": {
|
|
2845
3599
|
"ignore_above": 1024,
|
|
2846
3600
|
"type": "keyword"
|
|
@@ -2853,18 +3607,6 @@
|
|
|
2853
3607
|
}
|
|
2854
3608
|
}
|
|
2855
3609
|
},
|
|
2856
|
-
"vlan": {
|
|
2857
|
-
"properties": {
|
|
2858
|
-
"id": {
|
|
2859
|
-
"ignore_above": 1024,
|
|
2860
|
-
"type": "keyword"
|
|
2861
|
-
},
|
|
2862
|
-
"name": {
|
|
2863
|
-
"ignore_above": 1024,
|
|
2864
|
-
"type": "keyword"
|
|
2865
|
-
}
|
|
2866
|
-
}
|
|
2867
|
-
},
|
|
2868
3610
|
"vulnerability": {
|
|
2869
3611
|
"properties": {
|
|
2870
3612
|
"category": {
|