logstash-output-elasticsearch 11.2.2-java → 11.2.3-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json +48 -2037
  4. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +290 -2198
  5. data/logstash-output-elasticsearch.gemspec +1 -1
  6. metadata +1 -1
data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json CHANGED
@@ -5,7 +5,7 @@
5
5
  "mappings": {
6
6
  "_doc": {
7
7
  "_meta": {
8
- "version": "1.12.1"
8
+ "version": "1.10.0"
9
9
  },
10
10
  "date_detection": false,
11
11
  "dynamic_templates": [
@@ -530,10 +530,6 @@
530
530
  "properties": {
531
531
  "code_signature": {
532
532
  "properties": {
533
- "digest_algorithm": {
534
- "ignore_above": 1024,
535
- "type": "keyword"
536
- },
537
533
  "exists": {
538
534
  "type": "boolean"
539
535
  },
@@ -553,9 +549,6 @@
553
549
  "ignore_above": 1024,
554
550
  "type": "keyword"
555
551
  },
556
- "timestamp": {
557
- "type": "date"
558
- },
559
552
  "trusted": {
560
553
  "type": "boolean"
561
554
  },
@@ -755,10 +748,6 @@
755
748
  "ignore_above": 1024,
756
749
  "type": "keyword"
757
750
  },
758
- "agent_id_status": {
759
- "ignore_above": 1024,
760
- "type": "keyword"
761
- },
762
751
  "category": {
763
752
  "ignore_above": 1024,
764
753
  "type": "keyword"
@@ -801,6 +790,7 @@
801
790
  },
802
791
  "original": {
803
792
  "doc_values": false,
793
+ "ignore_above": 1024,
804
794
  "index": false,
805
795
  "type": "keyword"
806
796
  },
@@ -860,10 +850,6 @@
860
850
  },
861
851
  "code_signature": {
862
852
  "properties": {
863
- "digest_algorithm": {
864
- "ignore_above": 1024,
865
- "type": "keyword"
866
- },
867
853
  "exists": {
868
854
  "type": "boolean"
869
855
  },
@@ -883,9 +869,6 @@
883
869
  "ignore_above": 1024,
884
870
  "type": "keyword"
885
871
  },
886
- "timestamp": {
887
- "type": "date"
888
- },
889
872
  "trusted": {
890
873
  "type": "boolean"
891
874
  },
@@ -912,131 +895,10 @@
912
895
  "ignore_above": 1,
913
896
  "type": "keyword"
914
897
  },
915
- "elf": {
916
- "properties": {
917
- "architecture": {
918
- "ignore_above": 1024,
919
- "type": "keyword"
920
- },
921
- "byte_order": {
922
- "ignore_above": 1024,
923
- "type": "keyword"
924
- },
925
- "cpu_type": {
926
- "ignore_above": 1024,
927
- "type": "keyword"
928
- },
929
- "creation_date": {
930
- "type": "date"
931
- },
932
- "exports": {
933
- "type": "flattened"
934
- },
935
- "header": {
936
- "properties": {
937
- "abi_version": {
938
- "ignore_above": 1024,
939
- "type": "keyword"
940
- },
941
- "class": {
942
- "ignore_above": 1024,
943
- "type": "keyword"
944
- },
945
- "data": {
946
- "ignore_above": 1024,
947
- "type": "keyword"
948
- },
949
- "entrypoint": {
950
- "type": "long"
951
- },
952
- "object_version": {
953
- "ignore_above": 1024,
954
- "type": "keyword"
955
- },
956
- "os_abi": {
957
- "ignore_above": 1024,
958
- "type": "keyword"
959
- },
960
- "type": {
961
- "ignore_above": 1024,
962
- "type": "keyword"
963
- },
964
- "version": {
965
- "ignore_above": 1024,
966
- "type": "keyword"
967
- }
968
- }
969
- },
970
- "imports": {
971
- "type": "flattened"
972
- },
973
- "sections": {
974
- "properties": {
975
- "chi2": {
976
- "type": "long"
977
- },
978
- "entropy": {
979
- "type": "long"
980
- },
981
- "flags": {
982
- "ignore_above": 1024,
983
- "type": "keyword"
984
- },
985
- "name": {
986
- "ignore_above": 1024,
987
- "type": "keyword"
988
- },
989
- "physical_offset": {
990
- "ignore_above": 1024,
991
- "type": "keyword"
992
- },
993
- "physical_size": {
994
- "type": "long"
995
- },
996
- "type": {
997
- "ignore_above": 1024,
998
- "type": "keyword"
999
- },
1000
- "virtual_address": {
1001
- "type": "long"
1002
- },
1003
- "virtual_size": {
1004
- "type": "long"
1005
- }
1006
- },
1007
- "type": "nested"
1008
- },
1009
- "segments": {
1010
- "properties": {
1011
- "sections": {
1012
- "ignore_above": 1024,
1013
- "type": "keyword"
1014
- },
1015
- "type": {
1016
- "ignore_above": 1024,
1017
- "type": "keyword"
1018
- }
1019
- },
1020
- "type": "nested"
1021
- },
1022
- "shared_libraries": {
1023
- "ignore_above": 1024,
1024
- "type": "keyword"
1025
- },
1026
- "telfhash": {
1027
- "ignore_above": 1024,
1028
- "type": "keyword"
1029
- }
1030
- }
1031
- },
1032
898
  "extension": {
1033
899
  "ignore_above": 1024,
1034
900
  "type": "keyword"
1035
901
  },
1036
- "fork_name": {
1037
- "ignore_above": 1024,
1038
- "type": "keyword"
1039
- },
1040
902
  "gid": {
1041
903
  "ignore_above": 1024,
1042
904
  "type": "keyword"
@@ -1639,6 +1501,7 @@
1639
1501
  },
1640
1502
  "original": {
1641
1503
  "doc_values": false,
1504
+ "ignore_above": 1024,
1642
1505
  "index": false,
1643
1506
  "type": "keyword"
1644
1507
  },
@@ -2087,10 +1950,6 @@
2087
1950
  },
2088
1951
  "code_signature": {
2089
1952
  "properties": {
2090
- "digest_algorithm": {
2091
- "ignore_above": 1024,
2092
- "type": "keyword"
2093
- },
2094
1953
  "exists": {
2095
1954
  "type": "boolean"
2096
1955
  },
@@ -2110,9 +1969,6 @@
2110
1969
  "ignore_above": 1024,
2111
1970
  "type": "keyword"
2112
1971
  },
2113
- "timestamp": {
2114
- "type": "date"
2115
- },
2116
1972
  "trusted": {
2117
1973
  "type": "boolean"
2118
1974
  },
@@ -2131,126 +1987,6 @@
2131
1987
  "ignore_above": 1024,
2132
1988
  "type": "keyword"
2133
1989
  },
2134
- "elf": {
2135
- "properties": {
2136
- "architecture": {
2137
- "ignore_above": 1024,
2138
- "type": "keyword"
2139
- },
2140
- "byte_order": {
2141
- "ignore_above": 1024,
2142
- "type": "keyword"
2143
- },
2144
- "cpu_type": {
2145
- "ignore_above": 1024,
2146
- "type": "keyword"
2147
- },
2148
- "creation_date": {
2149
- "type": "date"
2150
- },
2151
- "exports": {
2152
- "type": "flattened"
2153
- },
2154
- "header": {
2155
- "properties": {
2156
- "abi_version": {
2157
- "ignore_above": 1024,
2158
- "type": "keyword"
2159
- },
2160
- "class": {
2161
- "ignore_above": 1024,
2162
- "type": "keyword"
2163
- },
2164
- "data": {
2165
- "ignore_above": 1024,
2166
- "type": "keyword"
2167
- },
2168
- "entrypoint": {
2169
- "type": "long"
2170
- },
2171
- "object_version": {
2172
- "ignore_above": 1024,
2173
- "type": "keyword"
2174
- },
2175
- "os_abi": {
2176
- "ignore_above": 1024,
2177
- "type": "keyword"
2178
- },
2179
- "type": {
2180
- "ignore_above": 1024,
2181
- "type": "keyword"
2182
- },
2183
- "version": {
2184
- "ignore_above": 1024,
2185
- "type": "keyword"
2186
- }
2187
- }
2188
- },
2189
- "imports": {
2190
- "type": "flattened"
2191
- },
2192
- "sections": {
2193
- "properties": {
2194
- "chi2": {
2195
- "type": "long"
2196
- },
2197
- "entropy": {
2198
- "type": "long"
2199
- },
2200
- "flags": {
2201
- "ignore_above": 1024,
2202
- "type": "keyword"
2203
- },
2204
- "name": {
2205
- "ignore_above": 1024,
2206
- "type": "keyword"
2207
- },
2208
- "physical_offset": {
2209
- "ignore_above": 1024,
2210
- "type": "keyword"
2211
- },
2212
- "physical_size": {
2213
- "type": "long"
2214
- },
2215
- "type": {
2216
- "ignore_above": 1024,
2217
- "type": "keyword"
2218
- },
2219
- "virtual_address": {
2220
- "type": "long"
2221
- },
2222
- "virtual_size": {
2223
- "type": "long"
2224
- }
2225
- },
2226
- "type": "nested"
2227
- },
2228
- "segments": {
2229
- "properties": {
2230
- "sections": {
2231
- "ignore_above": 1024,
2232
- "type": "keyword"
2233
- },
2234
- "type": {
2235
- "ignore_above": 1024,
2236
- "type": "keyword"
2237
- }
2238
- },
2239
- "type": "nested"
2240
- },
2241
- "shared_libraries": {
2242
- "ignore_above": 1024,
2243
- "type": "keyword"
2244
- },
2245
- "telfhash": {
2246
- "ignore_above": 1024,
2247
- "type": "keyword"
2248
- }
2249
- }
2250
- },
2251
- "end": {
2252
- "type": "date"
2253
- },
2254
1990
  "entity_id": {
2255
1991
  "ignore_above": 1024,
2256
1992
  "type": "keyword"
@@ -2313,10 +2049,6 @@
2313
2049
  },
2314
2050
  "code_signature": {
2315
2051
  "properties": {
2316
- "digest_algorithm": {
2317
- "ignore_above": 1024,
2318
- "type": "keyword"
2319
- },
2320
2052
  "exists": {
2321
2053
  "type": "boolean"
2322
2054
  },
@@ -2336,9 +2068,6 @@
2336
2068
  "ignore_above": 1024,
2337
2069
  "type": "keyword"
2338
2070
  },
2339
- "timestamp": {
2340
- "type": "date"
2341
- },
2342
2071
  "trusted": {
2343
2072
  "type": "boolean"
2344
2073
  },
@@ -2357,182 +2086,62 @@
2357
2086
  "ignore_above": 1024,
2358
2087
  "type": "keyword"
2359
2088
  },
2360
- "elf": {
2089
+ "entity_id": {
2090
+ "ignore_above": 1024,
2091
+ "type": "keyword"
2092
+ },
2093
+ "executable": {
2094
+ "fields": {
2095
+ "text": {
2096
+ "norms": false,
2097
+ "type": "text"
2098
+ }
2099
+ },
2100
+ "ignore_above": 1024,
2101
+ "type": "keyword"
2102
+ },
2103
+ "exit_code": {
2104
+ "type": "long"
2105
+ },
2106
+ "hash": {
2361
2107
  "properties": {
2362
- "architecture": {
2108
+ "md5": {
2363
2109
  "ignore_above": 1024,
2364
2110
  "type": "keyword"
2365
2111
  },
2366
- "byte_order": {
2112
+ "sha1": {
2367
2113
  "ignore_above": 1024,
2368
2114
  "type": "keyword"
2369
2115
  },
2370
- "cpu_type": {
2116
+ "sha256": {
2371
2117
  "ignore_above": 1024,
2372
2118
  "type": "keyword"
2373
2119
  },
2374
- "creation_date": {
2375
- "type": "date"
2120
+ "sha512": {
2121
+ "ignore_above": 1024,
2122
+ "type": "keyword"
2376
2123
  },
2377
- "exports": {
2378
- "type": "flattened"
2379
- },
2380
- "header": {
2381
- "properties": {
2382
- "abi_version": {
2383
- "ignore_above": 1024,
2384
- "type": "keyword"
2385
- },
2386
- "class": {
2387
- "ignore_above": 1024,
2388
- "type": "keyword"
2389
- },
2390
- "data": {
2391
- "ignore_above": 1024,
2392
- "type": "keyword"
2393
- },
2394
- "entrypoint": {
2395
- "type": "long"
2396
- },
2397
- "object_version": {
2398
- "ignore_above": 1024,
2399
- "type": "keyword"
2400
- },
2401
- "os_abi": {
2402
- "ignore_above": 1024,
2403
- "type": "keyword"
2404
- },
2405
- "type": {
2406
- "ignore_above": 1024,
2407
- "type": "keyword"
2408
- },
2409
- "version": {
2410
- "ignore_above": 1024,
2411
- "type": "keyword"
2412
- }
2413
- }
2414
- },
2415
- "imports": {
2416
- "type": "flattened"
2417
- },
2418
- "sections": {
2419
- "properties": {
2420
- "chi2": {
2421
- "type": "long"
2422
- },
2423
- "entropy": {
2424
- "type": "long"
2425
- },
2426
- "flags": {
2427
- "ignore_above": 1024,
2428
- "type": "keyword"
2429
- },
2430
- "name": {
2431
- "ignore_above": 1024,
2432
- "type": "keyword"
2433
- },
2434
- "physical_offset": {
2435
- "ignore_above": 1024,
2436
- "type": "keyword"
2437
- },
2438
- "physical_size": {
2439
- "type": "long"
2440
- },
2441
- "type": {
2442
- "ignore_above": 1024,
2443
- "type": "keyword"
2444
- },
2445
- "virtual_address": {
2446
- "type": "long"
2447
- },
2448
- "virtual_size": {
2449
- "type": "long"
2450
- }
2451
- },
2452
- "type": "nested"
2453
- },
2454
- "segments": {
2455
- "properties": {
2456
- "sections": {
2457
- "ignore_above": 1024,
2458
- "type": "keyword"
2459
- },
2460
- "type": {
2461
- "ignore_above": 1024,
2462
- "type": "keyword"
2463
- }
2464
- },
2465
- "type": "nested"
2466
- },
2467
- "shared_libraries": {
2468
- "ignore_above": 1024,
2469
- "type": "keyword"
2470
- },
2471
- "telfhash": {
2472
- "ignore_above": 1024,
2473
- "type": "keyword"
2474
- }
2475
- }
2476
- },
2477
- "end": {
2478
- "type": "date"
2479
- },
2480
- "entity_id": {
2481
- "ignore_above": 1024,
2482
- "type": "keyword"
2483
- },
2484
- "executable": {
2485
- "fields": {
2486
- "text": {
2487
- "norms": false,
2488
- "type": "text"
2489
- }
2490
- },
2491
- "ignore_above": 1024,
2492
- "type": "keyword"
2493
- },
2494
- "exit_code": {
2495
- "type": "long"
2496
- },
2497
- "hash": {
2498
- "properties": {
2499
- "md5": {
2500
- "ignore_above": 1024,
2501
- "type": "keyword"
2502
- },
2503
- "sha1": {
2504
- "ignore_above": 1024,
2505
- "type": "keyword"
2506
- },
2507
- "sha256": {
2508
- "ignore_above": 1024,
2509
- "type": "keyword"
2510
- },
2511
- "sha512": {
2512
- "ignore_above": 1024,
2513
- "type": "keyword"
2514
- },
2515
- "ssdeep": {
2516
- "ignore_above": 1024,
2517
- "type": "keyword"
2518
- }
2519
- }
2520
- },
2521
- "name": {
2522
- "fields": {
2523
- "text": {
2524
- "norms": false,
2525
- "type": "text"
2526
- }
2527
- },
2528
- "ignore_above": 1024,
2529
- "type": "keyword"
2530
- },
2531
- "pe": {
2532
- "properties": {
2533
- "architecture": {
2534
- "ignore_above": 1024,
2535
- "type": "keyword"
2124
+ "ssdeep": {
2125
+ "ignore_above": 1024,
2126
+ "type": "keyword"
2127
+ }
2128
+ }
2129
+ },
2130
+ "name": {
2131
+ "fields": {
2132
+ "text": {
2133
+ "norms": false,
2134
+ "type": "text"
2135
+ }
2136
+ },
2137
+ "ignore_above": 1024,
2138
+ "type": "keyword"
2139
+ },
2140
+ "pe": {
2141
+ "properties": {
2142
+ "architecture": {
2143
+ "ignore_above": 1024,
2144
+ "type": "keyword"
2536
2145
  },
2537
2146
  "company": {
2538
2147
  "ignore_above": 1024,
@@ -2967,14 +2576,6 @@
2967
2576
  },
2968
2577
  "service": {
2969
2578
  "properties": {
2970
- "address": {
2971
- "ignore_above": 1024,
2972
- "type": "keyword"
2973
- },
2974
- "environment": {
2975
- "ignore_above": 1024,
2976
- "type": "keyword"
2977
- },
2978
2579
  "ephemeral_id": {
2979
2580
  "ignore_above": 1024,
2980
2581
  "type": "keyword"
@@ -3201,1600 +2802,10 @@
3201
2802
  },
3202
2803
  "threat": {
3203
2804
  "properties": {
3204
- "enrichments": {
3205
- "properties": {
3206
- "indicator": {
3207
- "properties": {
3208
- "as": {
3209
- "properties": {
3210
- "number": {
3211
- "type": "long"
3212
- },
3213
- "organization": {
3214
- "properties": {
3215
- "name": {
3216
- "fields": {
3217
- "text": {
3218
- "norms": false,
3219
- "type": "text"
3220
- }
3221
- },
3222
- "ignore_above": 1024,
3223
- "type": "keyword"
3224
- }
3225
- }
3226
- }
3227
- }
3228
- },
3229
- "confidence": {
3230
- "ignore_above": 1024,
3231
- "type": "keyword"
3232
- },
3233
- "description": {
3234
- "ignore_above": 1024,
3235
- "type": "keyword"
3236
- },
3237
- "email": {
3238
- "properties": {
3239
- "address": {
3240
- "ignore_above": 1024,
3241
- "type": "keyword"
3242
- }
3243
- }
3244
- },
3245
- "file": {
3246
- "properties": {
3247
- "accessed": {
3248
- "type": "date"
3249
- },
3250
- "attributes": {
3251
- "ignore_above": 1024,
3252
- "type": "keyword"
3253
- },
3254
- "code_signature": {
3255
- "properties": {
3256
- "digest_algorithm": {
3257
- "ignore_above": 1024,
3258
- "type": "keyword"
3259
- },
3260
- "exists": {
3261
- "type": "boolean"
3262
- },
3263
- "signing_id": {
3264
- "ignore_above": 1024,
3265
- "type": "keyword"
3266
- },
3267
- "status": {
3268
- "ignore_above": 1024,
3269
- "type": "keyword"
3270
- },
3271
- "subject_name": {
3272
- "ignore_above": 1024,
3273
- "type": "keyword"
3274
- },
3275
- "team_id": {
3276
- "ignore_above": 1024,
3277
- "type": "keyword"
3278
- },
3279
- "timestamp": {
3280
- "type": "date"
3281
- },
3282
- "trusted": {
3283
- "type": "boolean"
3284
- },
3285
- "valid": {
3286
- "type": "boolean"
3287
- }
3288
- }
3289
- },
3290
- "created": {
3291
- "type": "date"
3292
- },
3293
- "ctime": {
3294
- "type": "date"
3295
- },
3296
- "device": {
3297
- "ignore_above": 1024,
3298
- "type": "keyword"
3299
- },
3300
- "directory": {
3301
- "ignore_above": 1024,
3302
- "type": "keyword"
3303
- },
3304
- "drive_letter": {
3305
- "ignore_above": 1,
3306
- "type": "keyword"
3307
- },
3308
- "elf": {
3309
- "properties": {
3310
- "architecture": {
3311
- "ignore_above": 1024,
3312
- "type": "keyword"
3313
- },
3314
- "byte_order": {
3315
- "ignore_above": 1024,
3316
- "type": "keyword"
3317
- },
3318
- "cpu_type": {
3319
- "ignore_above": 1024,
3320
- "type": "keyword"
3321
- },
3322
- "creation_date": {
3323
- "type": "date"
3324
- },
3325
- "exports": {
3326
- "type": "flattened"
3327
- },
3328
- "header": {
3329
- "properties": {
3330
- "abi_version": {
3331
- "ignore_above": 1024,
3332
- "type": "keyword"
3333
- },
3334
- "class": {
3335
- "ignore_above": 1024,
3336
- "type": "keyword"
3337
- },
3338
- "data": {
3339
- "ignore_above": 1024,
3340
- "type": "keyword"
3341
- },
3342
- "entrypoint": {
3343
- "type": "long"
3344
- },
3345
- "object_version": {
3346
- "ignore_above": 1024,
3347
- "type": "keyword"
3348
- },
3349
- "os_abi": {
3350
- "ignore_above": 1024,
3351
- "type": "keyword"
3352
- },
3353
- "type": {
3354
- "ignore_above": 1024,
3355
- "type": "keyword"
3356
- },
3357
- "version": {
3358
- "ignore_above": 1024,
3359
- "type": "keyword"
3360
- }
3361
- }
3362
- },
3363
- "imports": {
3364
- "type": "flattened"
3365
- },
3366
- "sections": {
3367
- "properties": {
3368
- "chi2": {
3369
- "type": "long"
3370
- },
3371
- "entropy": {
3372
- "type": "long"
3373
- },
3374
- "flags": {
3375
- "ignore_above": 1024,
3376
- "type": "keyword"
3377
- },
3378
- "name": {
3379
- "ignore_above": 1024,
3380
- "type": "keyword"
3381
- },
3382
- "physical_offset": {
3383
- "ignore_above": 1024,
3384
- "type": "keyword"
3385
- },
3386
- "physical_size": {
3387
- "type": "long"
3388
- },
3389
- "type": {
3390
- "ignore_above": 1024,
3391
- "type": "keyword"
3392
- },
3393
- "virtual_address": {
3394
- "type": "long"
3395
- },
3396
- "virtual_size": {
3397
- "type": "long"
3398
- }
3399
- },
3400
- "type": "nested"
3401
- },
3402
- "segments": {
3403
- "properties": {
3404
- "sections": {
3405
- "ignore_above": 1024,
3406
- "type": "keyword"
3407
- },
3408
- "type": {
3409
- "ignore_above": 1024,
3410
- "type": "keyword"
3411
- }
3412
- },
3413
- "type": "nested"
3414
- },
3415
- "shared_libraries": {
3416
- "ignore_above": 1024,
3417
- "type": "keyword"
3418
- },
3419
- "telfhash": {
3420
- "ignore_above": 1024,
3421
- "type": "keyword"
3422
- }
3423
- }
3424
- },
3425
- "extension": {
3426
- "ignore_above": 1024,
3427
- "type": "keyword"
3428
- },
3429
- "fork_name": {
3430
- "ignore_above": 1024,
3431
- "type": "keyword"
3432
- },
3433
- "gid": {
3434
- "ignore_above": 1024,
3435
- "type": "keyword"
3436
- },
3437
- "group": {
3438
- "ignore_above": 1024,
3439
- "type": "keyword"
3440
- },
3441
- "hash": {
3442
- "properties": {
3443
- "md5": {
3444
- "ignore_above": 1024,
3445
- "type": "keyword"
3446
- },
3447
- "sha1": {
3448
- "ignore_above": 1024,
3449
- "type": "keyword"
3450
- },
3451
- "sha256": {
3452
- "ignore_above": 1024,
3453
- "type": "keyword"
3454
- },
3455
- "sha512": {
3456
- "ignore_above": 1024,
3457
- "type": "keyword"
3458
- },
3459
- "ssdeep": {
3460
- "ignore_above": 1024,
3461
- "type": "keyword"
3462
- }
3463
- }
3464
- },
3465
- "inode": {
3466
- "ignore_above": 1024,
3467
- "type": "keyword"
3468
- },
3469
- "mime_type": {
3470
- "ignore_above": 1024,
3471
- "type": "keyword"
3472
- },
3473
- "mode": {
3474
- "ignore_above": 1024,
3475
- "type": "keyword"
3476
- },
3477
- "mtime": {
3478
- "type": "date"
3479
- },
3480
- "name": {
3481
- "ignore_above": 1024,
3482
- "type": "keyword"
3483
- },
3484
- "owner": {
3485
- "ignore_above": 1024,
3486
- "type": "keyword"
3487
- },
3488
- "path": {
3489
- "fields": {
3490
- "text": {
3491
- "norms": false,
3492
- "type": "text"
3493
- }
3494
- },
3495
- "ignore_above": 1024,
3496
- "type": "keyword"
3497
- },
3498
- "pe": {
3499
- "properties": {
3500
- "architecture": {
3501
- "ignore_above": 1024,
3502
- "type": "keyword"
3503
- },
3504
- "company": {
3505
- "ignore_above": 1024,
3506
- "type": "keyword"
3507
- },
3508
- "description": {
3509
- "ignore_above": 1024,
3510
- "type": "keyword"
3511
- },
3512
- "file_version": {
3513
- "ignore_above": 1024,
3514
- "type": "keyword"
3515
- },
3516
- "imphash": {
3517
- "ignore_above": 1024,
3518
- "type": "keyword"
3519
- },
3520
- "original_file_name": {
3521
- "ignore_above": 1024,
3522
- "type": "keyword"
3523
- },
3524
- "product": {
3525
- "ignore_above": 1024,
3526
- "type": "keyword"
3527
- }
3528
- }
3529
- },
3530
- "size": {
3531
- "type": "long"
3532
- },
3533
- "target_path": {
3534
- "fields": {
3535
- "text": {
3536
- "norms": false,
3537
- "type": "text"
3538
- }
3539
- },
3540
- "ignore_above": 1024,
3541
- "type": "keyword"
3542
- },
3543
- "type": {
3544
- "ignore_above": 1024,
3545
- "type": "keyword"
3546
- },
3547
- "uid": {
3548
- "ignore_above": 1024,
3549
- "type": "keyword"
3550
- },
3551
- "x509": {
3552
- "properties": {
3553
- "alternative_names": {
3554
- "ignore_above": 1024,
3555
- "type": "keyword"
3556
- },
3557
- "issuer": {
3558
- "properties": {
3559
- "common_name": {
3560
- "ignore_above": 1024,
3561
- "type": "keyword"
3562
- },
3563
- "country": {
3564
- "ignore_above": 1024,
3565
- "type": "keyword"
3566
- },
3567
- "distinguished_name": {
3568
- "ignore_above": 1024,
3569
- "type": "keyword"
3570
- },
3571
- "locality": {
3572
- "ignore_above": 1024,
3573
- "type": "keyword"
3574
- },
3575
- "organization": {
3576
- "ignore_above": 1024,
3577
- "type": "keyword"
3578
- },
3579
- "organizational_unit": {
3580
- "ignore_above": 1024,
3581
- "type": "keyword"
3582
- },
3583
- "state_or_province": {
3584
- "ignore_above": 1024,
3585
- "type": "keyword"
3586
- }
3587
- }
3588
- },
3589
- "not_after": {
3590
- "type": "date"
3591
- },
3592
- "not_before": {
3593
- "type": "date"
3594
- },
3595
- "public_key_algorithm": {
3596
- "ignore_above": 1024,
3597
- "type": "keyword"
3598
- },
3599
- "public_key_curve": {
3600
- "ignore_above": 1024,
3601
- "type": "keyword"
3602
- },
3603
- "public_key_exponent": {
3604
- "doc_values": false,
3605
- "index": false,
3606
- "type": "long"
3607
- },
3608
- "public_key_size": {
3609
- "type": "long"
3610
- },
3611
- "serial_number": {
3612
- "ignore_above": 1024,
3613
- "type": "keyword"
3614
- },
3615
- "signature_algorithm": {
3616
- "ignore_above": 1024,
3617
- "type": "keyword"
3618
- },
3619
- "subject": {
3620
- "properties": {
3621
- "common_name": {
3622
- "ignore_above": 1024,
3623
- "type": "keyword"
3624
- },
3625
- "country": {
3626
- "ignore_above": 1024,
3627
- "type": "keyword"
3628
- },
3629
- "distinguished_name": {
3630
- "ignore_above": 1024,
3631
- "type": "keyword"
3632
- },
3633
- "locality": {
3634
- "ignore_above": 1024,
3635
- "type": "keyword"
3636
- },
3637
- "organization": {
3638
- "ignore_above": 1024,
3639
- "type": "keyword"
3640
- },
3641
- "organizational_unit": {
3642
- "ignore_above": 1024,
3643
- "type": "keyword"
3644
- },
3645
- "state_or_province": {
3646
- "ignore_above": 1024,
3647
- "type": "keyword"
3648
- }
3649
- }
3650
- },
3651
- "version_number": {
3652
- "ignore_above": 1024,
3653
- "type": "keyword"
3654
- }
3655
- }
3656
- }
3657
- }
3658
- },
3659
- "first_seen": {
3660
- "type": "date"
3661
- },
3662
- "geo": {
3663
- "properties": {
3664
- "city_name": {
3665
- "ignore_above": 1024,
3666
- "type": "keyword"
3667
- },
3668
- "continent_code": {
3669
- "ignore_above": 1024,
3670
- "type": "keyword"
3671
- },
3672
- "continent_name": {
3673
- "ignore_above": 1024,
3674
- "type": "keyword"
3675
- },
3676
- "country_iso_code": {
3677
- "ignore_above": 1024,
3678
- "type": "keyword"
3679
- },
3680
- "country_name": {
3681
- "ignore_above": 1024,
3682
- "type": "keyword"
3683
- },
3684
- "location": {
3685
- "type": "geo_point"
3686
- },
3687
- "name": {
3688
- "ignore_above": 1024,
3689
- "type": "keyword"
3690
- },
3691
- "postal_code": {
3692
- "ignore_above": 1024,
3693
- "type": "keyword"
3694
- },
3695
- "region_iso_code": {
3696
- "ignore_above": 1024,
3697
- "type": "keyword"
3698
- },
3699
- "region_name": {
3700
- "ignore_above": 1024,
3701
- "type": "keyword"
3702
- },
3703
- "timezone": {
3704
- "ignore_above": 1024,
3705
- "type": "keyword"
3706
- }
3707
- }
3708
- },
3709
- "ip": {
3710
- "type": "ip"
3711
- },
3712
- "last_seen": {
3713
- "type": "date"
3714
- },
3715
- "marking": {
3716
- "properties": {
3717
- "tlp": {
3718
- "ignore_above": 1024,
3719
- "type": "keyword"
3720
- }
3721
- }
3722
- },
3723
- "modified_at": {
3724
- "type": "date"
3725
- },
3726
- "port": {
3727
- "type": "long"
3728
- },
3729
- "provider": {
3730
- "ignore_above": 1024,
3731
- "type": "keyword"
3732
- },
3733
- "reference": {
3734
- "ignore_above": 1024,
3735
- "type": "keyword"
3736
- },
3737
- "registry": {
3738
- "properties": {
3739
- "data": {
3740
- "properties": {
3741
- "bytes": {
3742
- "ignore_above": 1024,
3743
- "type": "keyword"
3744
- },
3745
- "strings": {
3746
- "ignore_above": 1024,
3747
- "type": "keyword"
3748
- },
3749
- "type": {
3750
- "ignore_above": 1024,
3751
- "type": "keyword"
3752
- }
3753
- }
3754
- },
3755
- "hive": {
3756
- "ignore_above": 1024,
3757
- "type": "keyword"
3758
- },
3759
- "key": {
3760
- "ignore_above": 1024,
3761
- "type": "keyword"
3762
- },
3763
- "path": {
3764
- "ignore_above": 1024,
3765
- "type": "keyword"
3766
- },
3767
- "value": {
3768
- "ignore_above": 1024,
3769
- "type": "keyword"
3770
- }
3771
- }
3772
- },
3773
- "scanner_stats": {
3774
- "type": "long"
3775
- },
3776
- "sightings": {
3777
- "type": "long"
3778
- },
3779
- "type": {
3780
- "ignore_above": 1024,
3781
- "type": "keyword"
3782
- },
3783
- "url": {
3784
- "properties": {
3785
- "domain": {
3786
- "ignore_above": 1024,
3787
- "type": "keyword"
3788
- },
3789
- "extension": {
3790
- "ignore_above": 1024,
3791
- "type": "keyword"
3792
- },
3793
- "fragment": {
3794
- "ignore_above": 1024,
3795
- "type": "keyword"
3796
- },
3797
- "full": {
3798
- "fields": {
3799
- "text": {
3800
- "norms": false,
3801
- "type": "text"
3802
- }
3803
- },
3804
- "ignore_above": 1024,
3805
- "type": "keyword"
3806
- },
3807
- "original": {
3808
- "fields": {
3809
- "text": {
3810
- "norms": false,
3811
- "type": "text"
3812
- }
3813
- },
3814
- "ignore_above": 1024,
3815
- "type": "keyword"
3816
- },
3817
- "password": {
3818
- "ignore_above": 1024,
3819
- "type": "keyword"
3820
- },
3821
- "path": {
3822
- "ignore_above": 1024,
3823
- "type": "keyword"
3824
- },
3825
- "port": {
3826
- "type": "long"
3827
- },
3828
- "query": {
3829
- "ignore_above": 1024,
3830
- "type": "keyword"
3831
- },
3832
- "registered_domain": {
3833
- "ignore_above": 1024,
3834
- "type": "keyword"
3835
- },
3836
- "scheme": {
3837
- "ignore_above": 1024,
3838
- "type": "keyword"
3839
- },
3840
- "subdomain": {
3841
- "ignore_above": 1024,
3842
- "type": "keyword"
3843
- },
3844
- "top_level_domain": {
3845
- "ignore_above": 1024,
3846
- "type": "keyword"
3847
- },
3848
- "username": {
3849
- "ignore_above": 1024,
3850
- "type": "keyword"
3851
- }
3852
- }
3853
- },
3854
- "x509": {
3855
- "properties": {
3856
- "alternative_names": {
3857
- "ignore_above": 1024,
3858
- "type": "keyword"
3859
- },
3860
- "issuer": {
3861
- "properties": {
3862
- "common_name": {
3863
- "ignore_above": 1024,
3864
- "type": "keyword"
3865
- },
3866
- "country": {
3867
- "ignore_above": 1024,
3868
- "type": "keyword"
3869
- },
3870
- "distinguished_name": {
3871
- "ignore_above": 1024,
3872
- "type": "keyword"
3873
- },
3874
- "locality": {
3875
- "ignore_above": 1024,
3876
- "type": "keyword"
3877
- },
3878
- "organization": {
3879
- "ignore_above": 1024,
3880
- "type": "keyword"
3881
- },
3882
- "organizational_unit": {
3883
- "ignore_above": 1024,
3884
- "type": "keyword"
3885
- },
3886
- "state_or_province": {
3887
- "ignore_above": 1024,
3888
- "type": "keyword"
3889
- }
3890
- }
3891
- },
3892
- "not_after": {
3893
- "type": "date"
3894
- },
3895
- "not_before": {
3896
- "type": "date"
3897
- },
3898
- "public_key_algorithm": {
3899
- "ignore_above": 1024,
3900
- "type": "keyword"
3901
- },
3902
- "public_key_curve": {
3903
- "ignore_above": 1024,
3904
- "type": "keyword"
3905
- },
3906
- "public_key_exponent": {
3907
- "doc_values": false,
3908
- "index": false,
3909
- "type": "long"
3910
- },
3911
- "public_key_size": {
3912
- "type": "long"
3913
- },
3914
- "serial_number": {
3915
- "ignore_above": 1024,
3916
- "type": "keyword"
3917
- },
3918
- "signature_algorithm": {
3919
- "ignore_above": 1024,
3920
- "type": "keyword"
3921
- },
3922
- "subject": {
3923
- "properties": {
3924
- "common_name": {
3925
- "ignore_above": 1024,
3926
- "type": "keyword"
3927
- },
3928
- "country": {
3929
- "ignore_above": 1024,
3930
- "type": "keyword"
3931
- },
3932
- "distinguished_name": {
3933
- "ignore_above": 1024,
3934
- "type": "keyword"
3935
- },
3936
- "locality": {
3937
- "ignore_above": 1024,
3938
- "type": "keyword"
3939
- },
3940
- "organization": {
3941
- "ignore_above": 1024,
3942
- "type": "keyword"
3943
- },
3944
- "organizational_unit": {
3945
- "ignore_above": 1024,
3946
- "type": "keyword"
3947
- },
3948
- "state_or_province": {
3949
- "ignore_above": 1024,
3950
- "type": "keyword"
3951
- }
3952
- }
3953
- },
3954
- "version_number": {
3955
- "ignore_above": 1024,
3956
- "type": "keyword"
3957
- }
3958
- }
3959
- }
3960
- },
3961
- "type": "object"
3962
- },
3963
- "matched": {
3964
- "properties": {
3965
- "atomic": {
3966
- "ignore_above": 1024,
3967
- "type": "keyword"
3968
- },
3969
- "field": {
3970
- "ignore_above": 1024,
3971
- "type": "keyword"
3972
- },
3973
- "id": {
3974
- "ignore_above": 1024,
3975
- "type": "keyword"
3976
- },
3977
- "index": {
3978
- "ignore_above": 1024,
3979
- "type": "keyword"
3980
- },
3981
- "type": {
3982
- "ignore_above": 1024,
3983
- "type": "keyword"
3984
- }
3985
- }
3986
- }
3987
- },
3988
- "type": "nested"
3989
- },
3990
2805
  "framework": {
3991
2806
  "ignore_above": 1024,
3992
2807
  "type": "keyword"
3993
2808
  },
3994
- "group": {
3995
- "properties": {
3996
- "alias": {
3997
- "ignore_above": 1024,
3998
- "type": "keyword"
3999
- },
4000
- "id": {
4001
- "ignore_above": 1024,
4002
- "type": "keyword"
4003
- },
4004
- "name": {
4005
- "ignore_above": 1024,
4006
- "type": "keyword"
4007
- },
4008
- "reference": {
4009
- "ignore_above": 1024,
4010
- "type": "keyword"
4011
- }
4012
- }
4013
- },
4014
- "indicator": {
4015
- "properties": {
4016
- "as": {
4017
- "properties": {
4018
- "number": {
4019
- "type": "long"
4020
- },
4021
- "organization": {
4022
- "properties": {
4023
- "name": {
4024
- "fields": {
4025
- "text": {
4026
- "norms": false,
4027
- "type": "text"
4028
- }
4029
- },
4030
- "ignore_above": 1024,
4031
- "type": "keyword"
4032
- }
4033
- }
4034
- }
4035
- }
4036
- },
4037
- "confidence": {
4038
- "ignore_above": 1024,
4039
- "type": "keyword"
4040
- },
4041
- "description": {
4042
- "ignore_above": 1024,
4043
- "type": "keyword"
4044
- },
4045
- "email": {
4046
- "properties": {
4047
- "address": {
4048
- "ignore_above": 1024,
4049
- "type": "keyword"
4050
- }
4051
- }
4052
- },
4053
- "file": {
4054
- "properties": {
4055
- "accessed": {
4056
- "type": "date"
4057
- },
4058
- "attributes": {
4059
- "ignore_above": 1024,
4060
- "type": "keyword"
4061
- },
4062
- "code_signature": {
4063
- "properties": {
4064
- "digest_algorithm": {
4065
- "ignore_above": 1024,
4066
- "type": "keyword"
4067
- },
4068
- "exists": {
4069
- "type": "boolean"
4070
- },
4071
- "signing_id": {
4072
- "ignore_above": 1024,
4073
- "type": "keyword"
4074
- },
4075
- "status": {
4076
- "ignore_above": 1024,
4077
- "type": "keyword"
4078
- },
4079
- "subject_name": {
4080
- "ignore_above": 1024,
4081
- "type": "keyword"
4082
- },
4083
- "team_id": {
4084
- "ignore_above": 1024,
4085
- "type": "keyword"
4086
- },
4087
- "timestamp": {
4088
- "type": "date"
4089
- },
4090
- "trusted": {
4091
- "type": "boolean"
4092
- },
4093
- "valid": {
4094
- "type": "boolean"
4095
- }
4096
- }
4097
- },
4098
- "created": {
4099
- "type": "date"
4100
- },
4101
- "ctime": {
4102
- "type": "date"
4103
- },
4104
- "device": {
4105
- "ignore_above": 1024,
4106
- "type": "keyword"
4107
- },
4108
- "directory": {
4109
- "ignore_above": 1024,
4110
- "type": "keyword"
4111
- },
4112
- "drive_letter": {
4113
- "ignore_above": 1,
4114
- "type": "keyword"
4115
- },
4116
- "elf": {
4117
- "properties": {
4118
- "architecture": {
4119
- "ignore_above": 1024,
4120
- "type": "keyword"
4121
- },
4122
- "byte_order": {
4123
- "ignore_above": 1024,
4124
- "type": "keyword"
4125
- },
4126
- "cpu_type": {
4127
- "ignore_above": 1024,
4128
- "type": "keyword"
4129
- },
4130
- "creation_date": {
4131
- "type": "date"
4132
- },
4133
- "exports": {
4134
- "type": "flattened"
4135
- },
4136
- "header": {
4137
- "properties": {
4138
- "abi_version": {
4139
- "ignore_above": 1024,
4140
- "type": "keyword"
4141
- },
4142
- "class": {
4143
- "ignore_above": 1024,
4144
- "type": "keyword"
4145
- },
4146
- "data": {
4147
- "ignore_above": 1024,
4148
- "type": "keyword"
4149
- },
4150
- "entrypoint": {
4151
- "type": "long"
4152
- },
4153
- "object_version": {
4154
- "ignore_above": 1024,
4155
- "type": "keyword"
4156
- },
4157
- "os_abi": {
4158
- "ignore_above": 1024,
4159
- "type": "keyword"
4160
- },
4161
- "type": {
4162
- "ignore_above": 1024,
4163
- "type": "keyword"
4164
- },
4165
- "version": {
4166
- "ignore_above": 1024,
4167
- "type": "keyword"
4168
- }
4169
- }
4170
- },
4171
- "imports": {
4172
- "type": "flattened"
4173
- },
4174
- "sections": {
4175
- "properties": {
4176
- "chi2": {
4177
- "type": "long"
4178
- },
4179
- "entropy": {
4180
- "type": "long"
4181
- },
4182
- "flags": {
4183
- "ignore_above": 1024,
4184
- "type": "keyword"
4185
- },
4186
- "name": {
4187
- "ignore_above": 1024,
4188
- "type": "keyword"
4189
- },
4190
- "physical_offset": {
4191
- "ignore_above": 1024,
4192
- "type": "keyword"
4193
- },
4194
- "physical_size": {
4195
- "type": "long"
4196
- },
4197
- "type": {
4198
- "ignore_above": 1024,
4199
- "type": "keyword"
4200
- },
4201
- "virtual_address": {
4202
- "type": "long"
4203
- },
4204
- "virtual_size": {
4205
- "type": "long"
4206
- }
4207
- },
4208
- "type": "nested"
4209
- },
4210
- "segments": {
4211
- "properties": {
4212
- "sections": {
4213
- "ignore_above": 1024,
4214
- "type": "keyword"
4215
- },
4216
- "type": {
4217
- "ignore_above": 1024,
4218
- "type": "keyword"
4219
- }
4220
- },
4221
- "type": "nested"
4222
- },
4223
- "shared_libraries": {
4224
- "ignore_above": 1024,
4225
- "type": "keyword"
4226
- },
4227
- "telfhash": {
4228
- "ignore_above": 1024,
4229
- "type": "keyword"
4230
- }
4231
- }
4232
- },
4233
- "extension": {
4234
- "ignore_above": 1024,
4235
- "type": "keyword"
4236
- },
4237
- "fork_name": {
4238
- "ignore_above": 1024,
4239
- "type": "keyword"
4240
- },
4241
- "gid": {
4242
- "ignore_above": 1024,
4243
- "type": "keyword"
4244
- },
4245
- "group": {
4246
- "ignore_above": 1024,
4247
- "type": "keyword"
4248
- },
4249
- "hash": {
4250
- "properties": {
4251
- "md5": {
4252
- "ignore_above": 1024,
4253
- "type": "keyword"
4254
- },
4255
- "sha1": {
4256
- "ignore_above": 1024,
4257
- "type": "keyword"
4258
- },
4259
- "sha256": {
4260
- "ignore_above": 1024,
4261
- "type": "keyword"
4262
- },
4263
- "sha512": {
4264
- "ignore_above": 1024,
4265
- "type": "keyword"
4266
- },
4267
- "ssdeep": {
4268
- "ignore_above": 1024,
4269
- "type": "keyword"
4270
- }
4271
- }
4272
- },
4273
- "inode": {
4274
- "ignore_above": 1024,
4275
- "type": "keyword"
4276
- },
4277
- "mime_type": {
4278
- "ignore_above": 1024,
4279
- "type": "keyword"
4280
- },
4281
- "mode": {
4282
- "ignore_above": 1024,
4283
- "type": "keyword"
4284
- },
4285
- "mtime": {
4286
- "type": "date"
4287
- },
4288
- "name": {
4289
- "ignore_above": 1024,
4290
- "type": "keyword"
4291
- },
4292
- "owner": {
4293
- "ignore_above": 1024,
4294
- "type": "keyword"
4295
- },
4296
- "path": {
4297
- "fields": {
4298
- "text": {
4299
- "norms": false,
4300
- "type": "text"
4301
- }
4302
- },
4303
- "ignore_above": 1024,
4304
- "type": "keyword"
4305
- },
4306
- "pe": {
4307
- "properties": {
4308
- "architecture": {
4309
- "ignore_above": 1024,
4310
- "type": "keyword"
4311
- },
4312
- "company": {
4313
- "ignore_above": 1024,
4314
- "type": "keyword"
4315
- },
4316
- "description": {
4317
- "ignore_above": 1024,
4318
- "type": "keyword"
4319
- },
4320
- "file_version": {
4321
- "ignore_above": 1024,
4322
- "type": "keyword"
4323
- },
4324
- "imphash": {
4325
- "ignore_above": 1024,
4326
- "type": "keyword"
4327
- },
4328
- "original_file_name": {
4329
- "ignore_above": 1024,
4330
- "type": "keyword"
4331
- },
4332
- "product": {
4333
- "ignore_above": 1024,
4334
- "type": "keyword"
4335
- }
4336
- }
4337
- },
4338
- "size": {
4339
- "type": "long"
4340
- },
4341
- "target_path": {
4342
- "fields": {
4343
- "text": {
4344
- "norms": false,
4345
- "type": "text"
4346
- }
4347
- },
4348
- "ignore_above": 1024,
4349
- "type": "keyword"
4350
- },
4351
- "type": {
4352
- "ignore_above": 1024,
4353
- "type": "keyword"
4354
- },
4355
- "uid": {
4356
- "ignore_above": 1024,
4357
- "type": "keyword"
4358
- },
4359
- "x509": {
4360
- "properties": {
4361
- "alternative_names": {
4362
- "ignore_above": 1024,
4363
- "type": "keyword"
4364
- },
4365
- "issuer": {
4366
- "properties": {
4367
- "common_name": {
4368
- "ignore_above": 1024,
4369
- "type": "keyword"
4370
- },
4371
- "country": {
4372
- "ignore_above": 1024,
4373
- "type": "keyword"
4374
- },
4375
- "distinguished_name": {
4376
- "ignore_above": 1024,
4377
- "type": "keyword"
4378
- },
4379
- "locality": {
4380
- "ignore_above": 1024,
4381
- "type": "keyword"
4382
- },
4383
- "organization": {
4384
- "ignore_above": 1024,
4385
- "type": "keyword"
4386
- },
4387
- "organizational_unit": {
4388
- "ignore_above": 1024,
4389
- "type": "keyword"
4390
- },
4391
- "state_or_province": {
4392
- "ignore_above": 1024,
4393
- "type": "keyword"
4394
- }
4395
- }
4396
- },
4397
- "not_after": {
4398
- "type": "date"
4399
- },
4400
- "not_before": {
4401
- "type": "date"
4402
- },
4403
- "public_key_algorithm": {
4404
- "ignore_above": 1024,
4405
- "type": "keyword"
4406
- },
4407
- "public_key_curve": {
4408
- "ignore_above": 1024,
4409
- "type": "keyword"
4410
- },
4411
- "public_key_exponent": {
4412
- "doc_values": false,
4413
- "index": false,
4414
- "type": "long"
4415
- },
4416
- "public_key_size": {
4417
- "type": "long"
4418
- },
4419
- "serial_number": {
4420
- "ignore_above": 1024,
4421
- "type": "keyword"
4422
- },
4423
- "signature_algorithm": {
4424
- "ignore_above": 1024,
4425
- "type": "keyword"
4426
- },
4427
- "subject": {
4428
- "properties": {
4429
- "common_name": {
4430
- "ignore_above": 1024,
4431
- "type": "keyword"
4432
- },
4433
- "country": {
4434
- "ignore_above": 1024,
4435
- "type": "keyword"
4436
- },
4437
- "distinguished_name": {
4438
- "ignore_above": 1024,
4439
- "type": "keyword"
4440
- },
4441
- "locality": {
4442
- "ignore_above": 1024,
4443
- "type": "keyword"
4444
- },
4445
- "organization": {
4446
- "ignore_above": 1024,
4447
- "type": "keyword"
4448
- },
4449
- "organizational_unit": {
4450
- "ignore_above": 1024,
4451
- "type": "keyword"
4452
- },
4453
- "state_or_province": {
4454
- "ignore_above": 1024,
4455
- "type": "keyword"
4456
- }
4457
- }
4458
- },
4459
- "version_number": {
4460
- "ignore_above": 1024,
4461
- "type": "keyword"
4462
- }
4463
- }
4464
- }
4465
- }
4466
- },
4467
- "first_seen": {
4468
- "type": "date"
4469
- },
4470
- "geo": {
4471
- "properties": {
4472
- "city_name": {
4473
- "ignore_above": 1024,
4474
- "type": "keyword"
4475
- },
4476
- "continent_code": {
4477
- "ignore_above": 1024,
4478
- "type": "keyword"
4479
- },
4480
- "continent_name": {
4481
- "ignore_above": 1024,
4482
- "type": "keyword"
4483
- },
4484
- "country_iso_code": {
4485
- "ignore_above": 1024,
4486
- "type": "keyword"
4487
- },
4488
- "country_name": {
4489
- "ignore_above": 1024,
4490
- "type": "keyword"
4491
- },
4492
- "location": {
4493
- "type": "geo_point"
4494
- },
4495
- "name": {
4496
- "ignore_above": 1024,
4497
- "type": "keyword"
4498
- },
4499
- "postal_code": {
4500
- "ignore_above": 1024,
4501
- "type": "keyword"
4502
- },
4503
- "region_iso_code": {
4504
- "ignore_above": 1024,
4505
- "type": "keyword"
4506
- },
4507
- "region_name": {
4508
- "ignore_above": 1024,
4509
- "type": "keyword"
4510
- },
4511
- "timezone": {
4512
- "ignore_above": 1024,
4513
- "type": "keyword"
4514
- }
4515
- }
4516
- },
4517
- "ip": {
4518
- "type": "ip"
4519
- },
4520
- "last_seen": {
4521
- "type": "date"
4522
- },
4523
- "marking": {
4524
- "properties": {
4525
- "tlp": {
4526
- "ignore_above": 1024,
4527
- "type": "keyword"
4528
- }
4529
- }
4530
- },
4531
- "modified_at": {
4532
- "type": "date"
4533
- },
4534
- "port": {
4535
- "type": "long"
4536
- },
4537
- "provider": {
4538
- "ignore_above": 1024,
4539
- "type": "keyword"
4540
- },
4541
- "reference": {
4542
- "ignore_above": 1024,
4543
- "type": "keyword"
4544
- },
4545
- "registry": {
4546
- "properties": {
4547
- "data": {
4548
- "properties": {
4549
- "bytes": {
4550
- "ignore_above": 1024,
4551
- "type": "keyword"
4552
- },
4553
- "strings": {
4554
- "ignore_above": 1024,
4555
- "type": "keyword"
4556
- },
4557
- "type": {
4558
- "ignore_above": 1024,
4559
- "type": "keyword"
4560
- }
4561
- }
4562
- },
4563
- "hive": {
4564
- "ignore_above": 1024,
4565
- "type": "keyword"
4566
- },
4567
- "key": {
4568
- "ignore_above": 1024,
4569
- "type": "keyword"
4570
- },
4571
- "path": {
4572
- "ignore_above": 1024,
4573
- "type": "keyword"
4574
- },
4575
- "value": {
4576
- "ignore_above": 1024,
4577
- "type": "keyword"
4578
- }
4579
- }
4580
- },
4581
- "scanner_stats": {
4582
- "type": "long"
4583
- },
4584
- "sightings": {
4585
- "type": "long"
4586
- },
4587
- "type": {
4588
- "ignore_above": 1024,
4589
- "type": "keyword"
4590
- },
4591
- "url": {
4592
- "properties": {
4593
- "domain": {
4594
- "ignore_above": 1024,
4595
- "type": "keyword"
4596
- },
4597
- "extension": {
4598
- "ignore_above": 1024,
4599
- "type": "keyword"
4600
- },
4601
- "fragment": {
4602
- "ignore_above": 1024,
4603
- "type": "keyword"
4604
- },
4605
- "full": {
4606
- "fields": {
4607
- "text": {
4608
- "norms": false,
4609
- "type": "text"
4610
- }
4611
- },
4612
- "ignore_above": 1024,
4613
- "type": "keyword"
4614
- },
4615
- "original": {
4616
- "fields": {
4617
- "text": {
4618
- "norms": false,
4619
- "type": "text"
4620
- }
4621
- },
4622
- "ignore_above": 1024,
4623
- "type": "keyword"
4624
- },
4625
- "password": {
4626
- "ignore_above": 1024,
4627
- "type": "keyword"
4628
- },
4629
- "path": {
4630
- "ignore_above": 1024,
4631
- "type": "keyword"
4632
- },
4633
- "port": {
4634
- "type": "long"
4635
- },
4636
- "query": {
4637
- "ignore_above": 1024,
4638
- "type": "keyword"
4639
- },
4640
- "registered_domain": {
4641
- "ignore_above": 1024,
4642
- "type": "keyword"
4643
- },
4644
- "scheme": {
4645
- "ignore_above": 1024,
4646
- "type": "keyword"
4647
- },
4648
- "subdomain": {
4649
- "ignore_above": 1024,
4650
- "type": "keyword"
4651
- },
4652
- "top_level_domain": {
4653
- "ignore_above": 1024,
4654
- "type": "keyword"
4655
- },
4656
- "username": {
4657
- "ignore_above": 1024,
4658
- "type": "keyword"
4659
- }
4660
- }
4661
- },
4662
- "x509": {
4663
- "properties": {
4664
- "alternative_names": {
4665
- "ignore_above": 1024,
4666
- "type": "keyword"
4667
- },
4668
- "issuer": {
4669
- "properties": {
4670
- "common_name": {
4671
- "ignore_above": 1024,
4672
- "type": "keyword"
4673
- },
4674
- "country": {
4675
- "ignore_above": 1024,
4676
- "type": "keyword"
4677
- },
4678
- "distinguished_name": {
4679
- "ignore_above": 1024,
4680
- "type": "keyword"
4681
- },
4682
- "locality": {
4683
- "ignore_above": 1024,
4684
- "type": "keyword"
4685
- },
4686
- "organization": {
4687
- "ignore_above": 1024,
4688
- "type": "keyword"
4689
- },
4690
- "organizational_unit": {
4691
- "ignore_above": 1024,
4692
- "type": "keyword"
4693
- },
4694
- "state_or_province": {
4695
- "ignore_above": 1024,
4696
- "type": "keyword"
4697
- }
4698
- }
4699
- },
4700
- "not_after": {
4701
- "type": "date"
4702
- },
4703
- "not_before": {
4704
- "type": "date"
4705
- },
4706
- "public_key_algorithm": {
4707
- "ignore_above": 1024,
4708
- "type": "keyword"
4709
- },
4710
- "public_key_curve": {
4711
- "ignore_above": 1024,
4712
- "type": "keyword"
4713
- },
4714
- "public_key_exponent": {
4715
- "doc_values": false,
4716
- "index": false,
4717
- "type": "long"
4718
- },
4719
- "public_key_size": {
4720
- "type": "long"
4721
- },
4722
- "serial_number": {
4723
- "ignore_above": 1024,
4724
- "type": "keyword"
4725
- },
4726
- "signature_algorithm": {
4727
- "ignore_above": 1024,
4728
- "type": "keyword"
4729
- },
4730
- "subject": {
4731
- "properties": {
4732
- "common_name": {
4733
- "ignore_above": 1024,
4734
- "type": "keyword"
4735
- },
4736
- "country": {
4737
- "ignore_above": 1024,
4738
- "type": "keyword"
4739
- },
4740
- "distinguished_name": {
4741
- "ignore_above": 1024,
4742
- "type": "keyword"
4743
- },
4744
- "locality": {
4745
- "ignore_above": 1024,
4746
- "type": "keyword"
4747
- },
4748
- "organization": {
4749
- "ignore_above": 1024,
4750
- "type": "keyword"
4751
- },
4752
- "organizational_unit": {
4753
- "ignore_above": 1024,
4754
- "type": "keyword"
4755
- },
4756
- "state_or_province": {
4757
- "ignore_above": 1024,
4758
- "type": "keyword"
4759
- }
4760
- }
4761
- },
4762
- "version_number": {
4763
- "ignore_above": 1024,
4764
- "type": "keyword"
4765
- }
4766
- }
4767
- }
4768
- }
4769
- },
4770
- "software": {
4771
- "properties": {
4772
- "alias": {
4773
- "ignore_above": 1024,
4774
- "type": "keyword"
4775
- },
4776
- "id": {
4777
- "ignore_above": 1024,
4778
- "type": "keyword"
4779
- },
4780
- "name": {
4781
- "ignore_above": 1024,
4782
- "type": "keyword"
4783
- },
4784
- "platforms": {
4785
- "ignore_above": 1024,
4786
- "type": "keyword"
4787
- },
4788
- "reference": {
4789
- "ignore_above": 1024,
4790
- "type": "keyword"
4791
- },
4792
- "type": {
4793
- "ignore_above": 1024,
4794
- "type": "keyword"
4795
- }
4796
- }
4797
- },
4798
2809
  "tactic": {
4799
2810
  "properties": {
4800
2811
  "id": {