logstash-output-elasticsearch 11.2.2-java → 11.3.2-java

Sign up to get free protection for your applications and to get access to all the features.
@@ -4,7 +4,7 @@
4
4
  ],
5
5
  "mappings": {
6
6
  "_meta": {
7
- "version": "1.12.1"
7
+ "version": "1.10.0"
8
8
  },
9
9
  "date_detection": false,
10
10
  "dynamic_templates": [
@@ -70,7 +70,8 @@
70
70
  "name": {
71
71
  "fields": {
72
72
  "text": {
73
- "type": "match_only_text"
73
+ "norms": false,
74
+ "type": "text"
74
75
  }
75
76
  },
76
77
  "ignore_above": 1024,
@@ -182,7 +183,8 @@
182
183
  "full_name": {
183
184
  "fields": {
184
185
  "text": {
185
- "type": "match_only_text"
186
+ "norms": false,
187
+ "type": "text"
186
188
  }
187
189
  },
188
190
  "ignore_above": 1024,
@@ -215,7 +217,8 @@
215
217
  "name": {
216
218
  "fields": {
217
219
  "text": {
218
- "type": "match_only_text"
220
+ "norms": false,
221
+ "type": "text"
219
222
  }
220
223
  },
221
224
  "ignore_above": 1024,
@@ -357,7 +360,8 @@
357
360
  "name": {
358
361
  "fields": {
359
362
  "text": {
360
- "type": "match_only_text"
363
+ "norms": false,
364
+ "type": "text"
361
365
  }
362
366
  },
363
367
  "ignore_above": 1024,
@@ -469,7 +473,8 @@
469
473
  "full_name": {
470
474
  "fields": {
471
475
  "text": {
472
- "type": "match_only_text"
476
+ "norms": false,
477
+ "type": "text"
473
478
  }
474
479
  },
475
480
  "ignore_above": 1024,
@@ -502,7 +507,8 @@
502
507
  "name": {
503
508
  "fields": {
504
509
  "text": {
505
- "type": "match_only_text"
510
+ "norms": false,
511
+ "type": "text"
506
512
  }
507
513
  },
508
514
  "ignore_above": 1024,
@@ -520,10 +526,6 @@
520
526
  "properties": {
521
527
  "code_signature": {
522
528
  "properties": {
523
- "digest_algorithm": {
524
- "ignore_above": 1024,
525
- "type": "keyword"
526
- },
527
529
  "exists": {
528
530
  "type": "boolean"
529
531
  },
@@ -543,9 +545,6 @@
543
545
  "ignore_above": 1024,
544
546
  "type": "keyword"
545
547
  },
546
- "timestamp": {
547
- "type": "date"
548
- },
549
548
  "trusted": {
550
549
  "type": "boolean"
551
550
  },
@@ -718,15 +717,20 @@
718
717
  "type": "keyword"
719
718
  },
720
719
  "message": {
721
- "type": "match_only_text"
720
+ "norms": false,
721
+ "type": "text"
722
722
  },
723
723
  "stack_trace": {
724
+ "doc_values": false,
724
725
  "fields": {
725
726
  "text": {
726
- "type": "match_only_text"
727
+ "norms": false,
728
+ "type": "text"
727
729
  }
728
730
  },
729
- "type": "wildcard"
731
+ "ignore_above": 1024,
732
+ "index": false,
733
+ "type": "keyword"
730
734
  },
731
735
  "type": {
732
736
  "ignore_above": 1024,
@@ -740,10 +744,6 @@
740
744
  "ignore_above": 1024,
741
745
  "type": "keyword"
742
746
  },
743
- "agent_id_status": {
744
- "ignore_above": 1024,
745
- "type": "keyword"
746
- },
747
747
  "category": {
748
748
  "ignore_above": 1024,
749
749
  "type": "keyword"
@@ -786,6 +786,7 @@
786
786
  },
787
787
  "original": {
788
788
  "doc_values": false,
789
+ "ignore_above": 1024,
789
790
  "index": false,
790
791
  "type": "keyword"
791
792
  },
@@ -845,10 +846,6 @@
845
846
  },
846
847
  "code_signature": {
847
848
  "properties": {
848
- "digest_algorithm": {
849
- "ignore_above": 1024,
850
- "type": "keyword"
851
- },
852
849
  "exists": {
853
850
  "type": "boolean"
854
851
  },
@@ -868,9 +865,6 @@
868
865
  "ignore_above": 1024,
869
866
  "type": "keyword"
870
867
  },
871
- "timestamp": {
872
- "type": "date"
873
- },
874
868
  "trusted": {
875
869
  "type": "boolean"
876
870
  },
@@ -897,131 +891,10 @@
897
891
  "ignore_above": 1,
898
892
  "type": "keyword"
899
893
  },
900
- "elf": {
901
- "properties": {
902
- "architecture": {
903
- "ignore_above": 1024,
904
- "type": "keyword"
905
- },
906
- "byte_order": {
907
- "ignore_above": 1024,
908
- "type": "keyword"
909
- },
910
- "cpu_type": {
911
- "ignore_above": 1024,
912
- "type": "keyword"
913
- },
914
- "creation_date": {
915
- "type": "date"
916
- },
917
- "exports": {
918
- "type": "flattened"
919
- },
920
- "header": {
921
- "properties": {
922
- "abi_version": {
923
- "ignore_above": 1024,
924
- "type": "keyword"
925
- },
926
- "class": {
927
- "ignore_above": 1024,
928
- "type": "keyword"
929
- },
930
- "data": {
931
- "ignore_above": 1024,
932
- "type": "keyword"
933
- },
934
- "entrypoint": {
935
- "type": "long"
936
- },
937
- "object_version": {
938
- "ignore_above": 1024,
939
- "type": "keyword"
940
- },
941
- "os_abi": {
942
- "ignore_above": 1024,
943
- "type": "keyword"
944
- },
945
- "type": {
946
- "ignore_above": 1024,
947
- "type": "keyword"
948
- },
949
- "version": {
950
- "ignore_above": 1024,
951
- "type": "keyword"
952
- }
953
- }
954
- },
955
- "imports": {
956
- "type": "flattened"
957
- },
958
- "sections": {
959
- "properties": {
960
- "chi2": {
961
- "type": "long"
962
- },
963
- "entropy": {
964
- "type": "long"
965
- },
966
- "flags": {
967
- "ignore_above": 1024,
968
- "type": "keyword"
969
- },
970
- "name": {
971
- "ignore_above": 1024,
972
- "type": "keyword"
973
- },
974
- "physical_offset": {
975
- "ignore_above": 1024,
976
- "type": "keyword"
977
- },
978
- "physical_size": {
979
- "type": "long"
980
- },
981
- "type": {
982
- "ignore_above": 1024,
983
- "type": "keyword"
984
- },
985
- "virtual_address": {
986
- "type": "long"
987
- },
988
- "virtual_size": {
989
- "type": "long"
990
- }
991
- },
992
- "type": "nested"
993
- },
994
- "segments": {
995
- "properties": {
996
- "sections": {
997
- "ignore_above": 1024,
998
- "type": "keyword"
999
- },
1000
- "type": {
1001
- "ignore_above": 1024,
1002
- "type": "keyword"
1003
- }
1004
- },
1005
- "type": "nested"
1006
- },
1007
- "shared_libraries": {
1008
- "ignore_above": 1024,
1009
- "type": "keyword"
1010
- },
1011
- "telfhash": {
1012
- "ignore_above": 1024,
1013
- "type": "keyword"
1014
- }
1015
- }
1016
- },
1017
894
  "extension": {
1018
895
  "ignore_above": 1024,
1019
896
  "type": "keyword"
1020
897
  },
1021
- "fork_name": {
1022
- "ignore_above": 1024,
1023
- "type": "keyword"
1024
- },
1025
898
  "gid": {
1026
899
  "ignore_above": 1024,
1027
900
  "type": "keyword"
@@ -1080,7 +953,8 @@
1080
953
  "path": {
1081
954
  "fields": {
1082
955
  "text": {
1083
- "type": "match_only_text"
956
+ "norms": false,
957
+ "type": "text"
1084
958
  }
1085
959
  },
1086
960
  "ignore_above": 1024,
@@ -1124,7 +998,8 @@
1124
998
  "target_path": {
1125
999
  "fields": {
1126
1000
  "text": {
1127
- "type": "match_only_text"
1001
+ "norms": false,
1002
+ "type": "text"
1128
1003
  }
1129
1004
  },
1130
1005
  "ignore_above": 1024,
@@ -1397,7 +1272,8 @@
1397
1272
  "full": {
1398
1273
  "fields": {
1399
1274
  "text": {
1400
- "type": "match_only_text"
1275
+ "norms": false,
1276
+ "type": "text"
1401
1277
  }
1402
1278
  },
1403
1279
  "ignore_above": 1024,
@@ -1410,7 +1286,8 @@
1410
1286
  "name": {
1411
1287
  "fields": {
1412
1288
  "text": {
1413
- "type": "match_only_text"
1289
+ "norms": false,
1290
+ "type": "text"
1414
1291
  }
1415
1292
  },
1416
1293
  "ignore_above": 1024,
@@ -1450,7 +1327,8 @@
1450
1327
  "full_name": {
1451
1328
  "fields": {
1452
1329
  "text": {
1453
- "type": "match_only_text"
1330
+ "norms": false,
1331
+ "type": "text"
1454
1332
  }
1455
1333
  },
1456
1334
  "ignore_above": 1024,
@@ -1483,7 +1361,8 @@
1483
1361
  "name": {
1484
1362
  "fields": {
1485
1363
  "text": {
1486
- "type": "match_only_text"
1364
+ "norms": false,
1365
+ "type": "text"
1487
1366
  }
1488
1367
  },
1489
1368
  "ignore_above": 1024,
@@ -1509,10 +1388,12 @@
1509
1388
  "content": {
1510
1389
  "fields": {
1511
1390
  "text": {
1512
- "type": "match_only_text"
1391
+ "norms": false,
1392
+ "type": "text"
1513
1393
  }
1514
1394
  },
1515
- "type": "wildcard"
1395
+ "ignore_above": 1024,
1396
+ "type": "keyword"
1516
1397
  }
1517
1398
  }
1518
1399
  },
@@ -1547,10 +1428,12 @@
1547
1428
  "content": {
1548
1429
  "fields": {
1549
1430
  "text": {
1550
- "type": "match_only_text"
1431
+ "norms": false,
1432
+ "type": "text"
1551
1433
  }
1552
1434
  },
1553
- "type": "wildcard"
1435
+ "ignore_above": 1024,
1436
+ "type": "keyword"
1554
1437
  }
1555
1438
  }
1556
1439
  },
@@ -1614,6 +1497,7 @@
1614
1497
  },
1615
1498
  "original": {
1616
1499
  "doc_values": false,
1500
+ "ignore_above": 1024,
1617
1501
  "index": false,
1618
1502
  "type": "keyword"
1619
1503
  },
@@ -1650,7 +1534,8 @@
1650
1534
  }
1651
1535
  },
1652
1536
  "message": {
1653
- "type": "match_only_text"
1537
+ "norms": false,
1538
+ "type": "text"
1654
1539
  },
1655
1540
  "network": {
1656
1541
  "properties": {
@@ -1873,7 +1758,8 @@
1873
1758
  "full": {
1874
1759
  "fields": {
1875
1760
  "text": {
1876
- "type": "match_only_text"
1761
+ "norms": false,
1762
+ "type": "text"
1877
1763
  }
1878
1764
  },
1879
1765
  "ignore_above": 1024,
@@ -1886,7 +1772,8 @@
1886
1772
  "name": {
1887
1773
  "fields": {
1888
1774
  "text": {
1889
- "type": "match_only_text"
1775
+ "norms": false,
1776
+ "type": "text"
1890
1777
  }
1891
1778
  },
1892
1779
  "ignore_above": 1024,
@@ -1985,7 +1872,8 @@
1985
1872
  "name": {
1986
1873
  "fields": {
1987
1874
  "text": {
1988
- "type": "match_only_text"
1875
+ "norms": false,
1876
+ "type": "text"
1989
1877
  }
1990
1878
  },
1991
1879
  "ignore_above": 1024,
@@ -2058,10 +1946,6 @@
2058
1946
  },
2059
1947
  "code_signature": {
2060
1948
  "properties": {
2061
- "digest_algorithm": {
2062
- "ignore_above": 1024,
2063
- "type": "keyword"
2064
- },
2065
1949
  "exists": {
2066
1950
  "type": "boolean"
2067
1951
  },
@@ -2081,9 +1965,6 @@
2081
1965
  "ignore_above": 1024,
2082
1966
  "type": "keyword"
2083
1967
  },
2084
- "timestamp": {
2085
- "type": "date"
2086
- },
2087
1968
  "trusted": {
2088
1969
  "type": "boolean"
2089
1970
  },
@@ -2095,130 +1976,12 @@
2095
1976
  "command_line": {
2096
1977
  "fields": {
2097
1978
  "text": {
2098
- "type": "match_only_text"
1979
+ "norms": false,
1980
+ "type": "text"
2099
1981
  }
2100
1982
  },
2101
- "type": "wildcard"
2102
- },
2103
- "elf": {
2104
- "properties": {
2105
- "architecture": {
2106
- "ignore_above": 1024,
2107
- "type": "keyword"
2108
- },
2109
- "byte_order": {
2110
- "ignore_above": 1024,
2111
- "type": "keyword"
2112
- },
2113
- "cpu_type": {
2114
- "ignore_above": 1024,
2115
- "type": "keyword"
2116
- },
2117
- "creation_date": {
2118
- "type": "date"
2119
- },
2120
- "exports": {
2121
- "type": "flattened"
2122
- },
2123
- "header": {
2124
- "properties": {
2125
- "abi_version": {
2126
- "ignore_above": 1024,
2127
- "type": "keyword"
2128
- },
2129
- "class": {
2130
- "ignore_above": 1024,
2131
- "type": "keyword"
2132
- },
2133
- "data": {
2134
- "ignore_above": 1024,
2135
- "type": "keyword"
2136
- },
2137
- "entrypoint": {
2138
- "type": "long"
2139
- },
2140
- "object_version": {
2141
- "ignore_above": 1024,
2142
- "type": "keyword"
2143
- },
2144
- "os_abi": {
2145
- "ignore_above": 1024,
2146
- "type": "keyword"
2147
- },
2148
- "type": {
2149
- "ignore_above": 1024,
2150
- "type": "keyword"
2151
- },
2152
- "version": {
2153
- "ignore_above": 1024,
2154
- "type": "keyword"
2155
- }
2156
- }
2157
- },
2158
- "imports": {
2159
- "type": "flattened"
2160
- },
2161
- "sections": {
2162
- "properties": {
2163
- "chi2": {
2164
- "type": "long"
2165
- },
2166
- "entropy": {
2167
- "type": "long"
2168
- },
2169
- "flags": {
2170
- "ignore_above": 1024,
2171
- "type": "keyword"
2172
- },
2173
- "name": {
2174
- "ignore_above": 1024,
2175
- "type": "keyword"
2176
- },
2177
- "physical_offset": {
2178
- "ignore_above": 1024,
2179
- "type": "keyword"
2180
- },
2181
- "physical_size": {
2182
- "type": "long"
2183
- },
2184
- "type": {
2185
- "ignore_above": 1024,
2186
- "type": "keyword"
2187
- },
2188
- "virtual_address": {
2189
- "type": "long"
2190
- },
2191
- "virtual_size": {
2192
- "type": "long"
2193
- }
2194
- },
2195
- "type": "nested"
2196
- },
2197
- "segments": {
2198
- "properties": {
2199
- "sections": {
2200
- "ignore_above": 1024,
2201
- "type": "keyword"
2202
- },
2203
- "type": {
2204
- "ignore_above": 1024,
2205
- "type": "keyword"
2206
- }
2207
- },
2208
- "type": "nested"
2209
- },
2210
- "shared_libraries": {
2211
- "ignore_above": 1024,
2212
- "type": "keyword"
2213
- },
2214
- "telfhash": {
2215
- "ignore_above": 1024,
2216
- "type": "keyword"
2217
- }
2218
- }
2219
- },
2220
- "end": {
2221
- "type": "date"
1983
+ "ignore_above": 1024,
1984
+ "type": "keyword"
2222
1985
  },
2223
1986
  "entity_id": {
2224
1987
  "ignore_above": 1024,
@@ -2227,7 +1990,8 @@
2227
1990
  "executable": {
2228
1991
  "fields": {
2229
1992
  "text": {
2230
- "type": "match_only_text"
1993
+ "norms": false,
1994
+ "type": "text"
2231
1995
  }
2232
1996
  },
2233
1997
  "ignore_above": 1024,
@@ -2263,7 +2027,8 @@
2263
2027
  "name": {
2264
2028
  "fields": {
2265
2029
  "text": {
2266
- "type": "match_only_text"
2030
+ "norms": false,
2031
+ "type": "text"
2267
2032
  }
2268
2033
  },
2269
2034
  "ignore_above": 1024,
@@ -2280,10 +2045,6 @@
2280
2045
  },
2281
2046
  "code_signature": {
2282
2047
  "properties": {
2283
- "digest_algorithm": {
2284
- "ignore_above": 1024,
2285
- "type": "keyword"
2286
- },
2287
2048
  "exists": {
2288
2049
  "type": "boolean"
2289
2050
  },
@@ -2303,9 +2064,6 @@
2303
2064
  "ignore_above": 1024,
2304
2065
  "type": "keyword"
2305
2066
  },
2306
- "timestamp": {
2307
- "type": "date"
2308
- },
2309
2067
  "trusted": {
2310
2068
  "type": "boolean"
2311
2069
  },
@@ -2317,185 +2075,69 @@
2317
2075
  "command_line": {
2318
2076
  "fields": {
2319
2077
  "text": {
2320
- "type": "match_only_text"
2078
+ "norms": false,
2079
+ "type": "text"
2080
+ }
2081
+ },
2082
+ "ignore_above": 1024,
2083
+ "type": "keyword"
2084
+ },
2085
+ "entity_id": {
2086
+ "ignore_above": 1024,
2087
+ "type": "keyword"
2088
+ },
2089
+ "executable": {
2090
+ "fields": {
2091
+ "text": {
2092
+ "norms": false,
2093
+ "type": "text"
2321
2094
  }
2322
2095
  },
2323
- "type": "wildcard"
2096
+ "ignore_above": 1024,
2097
+ "type": "keyword"
2098
+ },
2099
+ "exit_code": {
2100
+ "type": "long"
2324
2101
  },
2325
- "elf": {
2102
+ "hash": {
2326
2103
  "properties": {
2327
- "architecture": {
2104
+ "md5": {
2328
2105
  "ignore_above": 1024,
2329
2106
  "type": "keyword"
2330
2107
  },
2331
- "byte_order": {
2108
+ "sha1": {
2332
2109
  "ignore_above": 1024,
2333
2110
  "type": "keyword"
2334
2111
  },
2335
- "cpu_type": {
2112
+ "sha256": {
2336
2113
  "ignore_above": 1024,
2337
2114
  "type": "keyword"
2338
2115
  },
2339
- "creation_date": {
2340
- "type": "date"
2116
+ "sha512": {
2117
+ "ignore_above": 1024,
2118
+ "type": "keyword"
2341
2119
  },
2342
- "exports": {
2343
- "type": "flattened"
2344
- },
2345
- "header": {
2346
- "properties": {
2347
- "abi_version": {
2348
- "ignore_above": 1024,
2349
- "type": "keyword"
2350
- },
2351
- "class": {
2352
- "ignore_above": 1024,
2353
- "type": "keyword"
2354
- },
2355
- "data": {
2356
- "ignore_above": 1024,
2357
- "type": "keyword"
2358
- },
2359
- "entrypoint": {
2360
- "type": "long"
2361
- },
2362
- "object_version": {
2363
- "ignore_above": 1024,
2364
- "type": "keyword"
2365
- },
2366
- "os_abi": {
2367
- "ignore_above": 1024,
2368
- "type": "keyword"
2369
- },
2370
- "type": {
2371
- "ignore_above": 1024,
2372
- "type": "keyword"
2373
- },
2374
- "version": {
2375
- "ignore_above": 1024,
2376
- "type": "keyword"
2377
- }
2378
- }
2379
- },
2380
- "imports": {
2381
- "type": "flattened"
2382
- },
2383
- "sections": {
2384
- "properties": {
2385
- "chi2": {
2386
- "type": "long"
2387
- },
2388
- "entropy": {
2389
- "type": "long"
2390
- },
2391
- "flags": {
2392
- "ignore_above": 1024,
2393
- "type": "keyword"
2394
- },
2395
- "name": {
2396
- "ignore_above": 1024,
2397
- "type": "keyword"
2398
- },
2399
- "physical_offset": {
2400
- "ignore_above": 1024,
2401
- "type": "keyword"
2402
- },
2403
- "physical_size": {
2404
- "type": "long"
2405
- },
2406
- "type": {
2407
- "ignore_above": 1024,
2408
- "type": "keyword"
2409
- },
2410
- "virtual_address": {
2411
- "type": "long"
2412
- },
2413
- "virtual_size": {
2414
- "type": "long"
2415
- }
2416
- },
2417
- "type": "nested"
2418
- },
2419
- "segments": {
2420
- "properties": {
2421
- "sections": {
2422
- "ignore_above": 1024,
2423
- "type": "keyword"
2424
- },
2425
- "type": {
2426
- "ignore_above": 1024,
2427
- "type": "keyword"
2428
- }
2429
- },
2430
- "type": "nested"
2431
- },
2432
- "shared_libraries": {
2433
- "ignore_above": 1024,
2434
- "type": "keyword"
2435
- },
2436
- "telfhash": {
2437
- "ignore_above": 1024,
2438
- "type": "keyword"
2439
- }
2440
- }
2441
- },
2442
- "end": {
2443
- "type": "date"
2444
- },
2445
- "entity_id": {
2446
- "ignore_above": 1024,
2447
- "type": "keyword"
2448
- },
2449
- "executable": {
2450
- "fields": {
2451
- "text": {
2452
- "type": "match_only_text"
2453
- }
2454
- },
2455
- "ignore_above": 1024,
2456
- "type": "keyword"
2457
- },
2458
- "exit_code": {
2459
- "type": "long"
2460
- },
2461
- "hash": {
2462
- "properties": {
2463
- "md5": {
2464
- "ignore_above": 1024,
2465
- "type": "keyword"
2466
- },
2467
- "sha1": {
2468
- "ignore_above": 1024,
2469
- "type": "keyword"
2470
- },
2471
- "sha256": {
2472
- "ignore_above": 1024,
2473
- "type": "keyword"
2474
- },
2475
- "sha512": {
2476
- "ignore_above": 1024,
2477
- "type": "keyword"
2478
- },
2479
- "ssdeep": {
2480
- "ignore_above": 1024,
2481
- "type": "keyword"
2482
- }
2483
- }
2484
- },
2485
- "name": {
2486
- "fields": {
2487
- "text": {
2488
- "type": "match_only_text"
2489
- }
2490
- },
2491
- "ignore_above": 1024,
2492
- "type": "keyword"
2493
- },
2494
- "pe": {
2495
- "properties": {
2496
- "architecture": {
2497
- "ignore_above": 1024,
2498
- "type": "keyword"
2120
+ "ssdeep": {
2121
+ "ignore_above": 1024,
2122
+ "type": "keyword"
2123
+ }
2124
+ }
2125
+ },
2126
+ "name": {
2127
+ "fields": {
2128
+ "text": {
2129
+ "norms": false,
2130
+ "type": "text"
2131
+ }
2132
+ },
2133
+ "ignore_above": 1024,
2134
+ "type": "keyword"
2135
+ },
2136
+ "pe": {
2137
+ "properties": {
2138
+ "architecture": {
2139
+ "ignore_above": 1024,
2140
+ "type": "keyword"
2499
2141
  },
2500
2142
  "company": {
2501
2143
  "ignore_above": 1024,
@@ -2549,7 +2191,8 @@
2549
2191
  "title": {
2550
2192
  "fields": {
2551
2193
  "text": {
2552
- "type": "match_only_text"
2194
+ "norms": false,
2195
+ "type": "text"
2553
2196
  }
2554
2197
  },
2555
2198
  "ignore_above": 1024,
@@ -2561,7 +2204,8 @@
2561
2204
  "working_directory": {
2562
2205
  "fields": {
2563
2206
  "text": {
2564
- "type": "match_only_text"
2207
+ "norms": false,
2208
+ "type": "text"
2565
2209
  }
2566
2210
  },
2567
2211
  "ignore_above": 1024,
@@ -2627,7 +2271,8 @@
2627
2271
  "title": {
2628
2272
  "fields": {
2629
2273
  "text": {
2630
- "type": "match_only_text"
2274
+ "norms": false,
2275
+ "type": "text"
2631
2276
  }
2632
2277
  },
2633
2278
  "ignore_above": 1024,
@@ -2639,7 +2284,8 @@
2639
2284
  "working_directory": {
2640
2285
  "fields": {
2641
2286
  "text": {
2642
- "type": "match_only_text"
2287
+ "norms": false,
2288
+ "type": "text"
2643
2289
  }
2644
2290
  },
2645
2291
  "ignore_above": 1024,
@@ -2656,7 +2302,8 @@
2656
2302
  "type": "keyword"
2657
2303
  },
2658
2304
  "strings": {
2659
- "type": "wildcard"
2305
+ "ignore_above": 1024,
2306
+ "type": "keyword"
2660
2307
  },
2661
2308
  "type": {
2662
2309
  "ignore_above": 1024,
@@ -2761,7 +2408,8 @@
2761
2408
  "name": {
2762
2409
  "fields": {
2763
2410
  "text": {
2764
- "type": "match_only_text"
2411
+ "norms": false,
2412
+ "type": "text"
2765
2413
  }
2766
2414
  },
2767
2415
  "ignore_above": 1024,
@@ -2873,7 +2521,8 @@
2873
2521
  "full_name": {
2874
2522
  "fields": {
2875
2523
  "text": {
2876
- "type": "match_only_text"
2524
+ "norms": false,
2525
+ "type": "text"
2877
2526
  }
2878
2527
  },
2879
2528
  "ignore_above": 1024,
@@ -2906,7 +2555,8 @@
2906
2555
  "name": {
2907
2556
  "fields": {
2908
2557
  "text": {
2909
- "type": "match_only_text"
2558
+ "norms": false,
2559
+ "type": "text"
2910
2560
  }
2911
2561
  },
2912
2562
  "ignore_above": 1024,
@@ -2922,14 +2572,6 @@
2922
2572
  },
2923
2573
  "service": {
2924
2574
  "properties": {
2925
- "address": {
2926
- "ignore_above": 1024,
2927
- "type": "keyword"
2928
- },
2929
- "environment": {
2930
- "ignore_above": 1024,
2931
- "type": "keyword"
2932
- },
2933
2575
  "ephemeral_id": {
2934
2576
  "ignore_above": 1024,
2935
2577
  "type": "keyword"
@@ -2980,7 +2622,8 @@
2980
2622
  "name": {
2981
2623
  "fields": {
2982
2624
  "text": {
2983
- "type": "match_only_text"
2625
+ "norms": false,
2626
+ "type": "text"
2984
2627
  }
2985
2628
  },
2986
2629
  "ignore_above": 1024,
@@ -3092,7 +2735,8 @@
3092
2735
  "full_name": {
3093
2736
  "fields": {
3094
2737
  "text": {
3095
- "type": "match_only_text"
2738
+ "norms": false,
2739
+ "type": "text"
3096
2740
  }
3097
2741
  },
3098
2742
  "ignore_above": 1024,
@@ -3125,7 +2769,8 @@
3125
2769
  "name": {
3126
2770
  "fields": {
3127
2771
  "text": {
3128
- "type": "match_only_text"
2772
+ "norms": false,
2773
+ "type": "text"
3129
2774
  }
3130
2775
  },
3131
2776
  "ignore_above": 1024,
@@ -3153,1719 +2798,149 @@
3153
2798
  },
3154
2799
  "threat": {
3155
2800
  "properties": {
3156
- "enrichments": {
2801
+ "framework": {
2802
+ "ignore_above": 1024,
2803
+ "type": "keyword"
2804
+ },
2805
+ "tactic": {
2806
+ "properties": {
2807
+ "id": {
2808
+ "ignore_above": 1024,
2809
+ "type": "keyword"
2810
+ },
2811
+ "name": {
2812
+ "ignore_above": 1024,
2813
+ "type": "keyword"
2814
+ },
2815
+ "reference": {
2816
+ "ignore_above": 1024,
2817
+ "type": "keyword"
2818
+ }
2819
+ }
2820
+ },
2821
+ "technique": {
3157
2822
  "properties": {
3158
- "indicator": {
2823
+ "id": {
2824
+ "ignore_above": 1024,
2825
+ "type": "keyword"
2826
+ },
2827
+ "name": {
2828
+ "fields": {
2829
+ "text": {
2830
+ "norms": false,
2831
+ "type": "text"
2832
+ }
2833
+ },
2834
+ "ignore_above": 1024,
2835
+ "type": "keyword"
2836
+ },
2837
+ "reference": {
2838
+ "ignore_above": 1024,
2839
+ "type": "keyword"
2840
+ },
2841
+ "subtechnique": {
3159
2842
  "properties": {
3160
- "as": {
3161
- "properties": {
3162
- "number": {
3163
- "type": "long"
3164
- },
3165
- "organization": {
3166
- "properties": {
3167
- "name": {
3168
- "fields": {
3169
- "text": {
3170
- "type": "match_only_text"
3171
- }
3172
- },
3173
- "ignore_above": 1024,
3174
- "type": "keyword"
3175
- }
3176
- }
2843
+ "id": {
2844
+ "ignore_above": 1024,
2845
+ "type": "keyword"
2846
+ },
2847
+ "name": {
2848
+ "fields": {
2849
+ "text": {
2850
+ "norms": false,
2851
+ "type": "text"
3177
2852
  }
3178
- }
2853
+ },
2854
+ "ignore_above": 1024,
2855
+ "type": "keyword"
2856
+ },
2857
+ "reference": {
2858
+ "ignore_above": 1024,
2859
+ "type": "keyword"
2860
+ }
2861
+ }
2862
+ }
2863
+ }
2864
+ }
2865
+ }
2866
+ },
2867
+ "tls": {
2868
+ "properties": {
2869
+ "cipher": {
2870
+ "ignore_above": 1024,
2871
+ "type": "keyword"
2872
+ },
2873
+ "client": {
2874
+ "properties": {
2875
+ "certificate": {
2876
+ "ignore_above": 1024,
2877
+ "type": "keyword"
2878
+ },
2879
+ "certificate_chain": {
2880
+ "ignore_above": 1024,
2881
+ "type": "keyword"
2882
+ },
2883
+ "hash": {
2884
+ "properties": {
2885
+ "md5": {
2886
+ "ignore_above": 1024,
2887
+ "type": "keyword"
3179
2888
  },
3180
- "confidence": {
2889
+ "sha1": {
3181
2890
  "ignore_above": 1024,
3182
2891
  "type": "keyword"
3183
2892
  },
3184
- "description": {
2893
+ "sha256": {
2894
+ "ignore_above": 1024,
2895
+ "type": "keyword"
2896
+ }
2897
+ }
2898
+ },
2899
+ "issuer": {
2900
+ "ignore_above": 1024,
2901
+ "type": "keyword"
2902
+ },
2903
+ "ja3": {
2904
+ "ignore_above": 1024,
2905
+ "type": "keyword"
2906
+ },
2907
+ "not_after": {
2908
+ "type": "date"
2909
+ },
2910
+ "not_before": {
2911
+ "type": "date"
2912
+ },
2913
+ "server_name": {
2914
+ "ignore_above": 1024,
2915
+ "type": "keyword"
2916
+ },
2917
+ "subject": {
2918
+ "ignore_above": 1024,
2919
+ "type": "keyword"
2920
+ },
2921
+ "supported_ciphers": {
2922
+ "ignore_above": 1024,
2923
+ "type": "keyword"
2924
+ },
2925
+ "x509": {
2926
+ "properties": {
2927
+ "alternative_names": {
3185
2928
  "ignore_above": 1024,
3186
2929
  "type": "keyword"
3187
2930
  },
3188
- "email": {
2931
+ "issuer": {
3189
2932
  "properties": {
3190
- "address": {
2933
+ "common_name": {
3191
2934
  "ignore_above": 1024,
3192
2935
  "type": "keyword"
3193
- }
3194
- }
3195
- },
3196
- "file": {
3197
- "properties": {
3198
- "accessed": {
3199
- "type": "date"
3200
2936
  },
3201
- "attributes": {
2937
+ "country": {
3202
2938
  "ignore_above": 1024,
3203
2939
  "type": "keyword"
3204
2940
  },
3205
- "code_signature": {
3206
- "properties": {
3207
- "digest_algorithm": {
3208
- "ignore_above": 1024,
3209
- "type": "keyword"
3210
- },
3211
- "exists": {
3212
- "type": "boolean"
3213
- },
3214
- "signing_id": {
3215
- "ignore_above": 1024,
3216
- "type": "keyword"
3217
- },
3218
- "status": {
3219
- "ignore_above": 1024,
3220
- "type": "keyword"
3221
- },
3222
- "subject_name": {
3223
- "ignore_above": 1024,
3224
- "type": "keyword"
3225
- },
3226
- "team_id": {
3227
- "ignore_above": 1024,
3228
- "type": "keyword"
3229
- },
3230
- "timestamp": {
3231
- "type": "date"
3232
- },
3233
- "trusted": {
3234
- "type": "boolean"
3235
- },
3236
- "valid": {
3237
- "type": "boolean"
3238
- }
3239
- }
3240
- },
3241
- "created": {
3242
- "type": "date"
3243
- },
3244
- "ctime": {
3245
- "type": "date"
3246
- },
3247
- "device": {
3248
- "ignore_above": 1024,
3249
- "type": "keyword"
3250
- },
3251
- "directory": {
3252
- "ignore_above": 1024,
3253
- "type": "keyword"
3254
- },
3255
- "drive_letter": {
3256
- "ignore_above": 1,
3257
- "type": "keyword"
3258
- },
3259
- "elf": {
3260
- "properties": {
3261
- "architecture": {
3262
- "ignore_above": 1024,
3263
- "type": "keyword"
3264
- },
3265
- "byte_order": {
3266
- "ignore_above": 1024,
3267
- "type": "keyword"
3268
- },
3269
- "cpu_type": {
3270
- "ignore_above": 1024,
3271
- "type": "keyword"
3272
- },
3273
- "creation_date": {
3274
- "type": "date"
3275
- },
3276
- "exports": {
3277
- "type": "flattened"
3278
- },
3279
- "header": {
3280
- "properties": {
3281
- "abi_version": {
3282
- "ignore_above": 1024,
3283
- "type": "keyword"
3284
- },
3285
- "class": {
3286
- "ignore_above": 1024,
3287
- "type": "keyword"
3288
- },
3289
- "data": {
3290
- "ignore_above": 1024,
3291
- "type": "keyword"
3292
- },
3293
- "entrypoint": {
3294
- "type": "long"
3295
- },
3296
- "object_version": {
3297
- "ignore_above": 1024,
3298
- "type": "keyword"
3299
- },
3300
- "os_abi": {
3301
- "ignore_above": 1024,
3302
- "type": "keyword"
3303
- },
3304
- "type": {
3305
- "ignore_above": 1024,
3306
- "type": "keyword"
3307
- },
3308
- "version": {
3309
- "ignore_above": 1024,
3310
- "type": "keyword"
3311
- }
3312
- }
3313
- },
3314
- "imports": {
3315
- "type": "flattened"
3316
- },
3317
- "sections": {
3318
- "properties": {
3319
- "chi2": {
3320
- "type": "long"
3321
- },
3322
- "entropy": {
3323
- "type": "long"
3324
- },
3325
- "flags": {
3326
- "ignore_above": 1024,
3327
- "type": "keyword"
3328
- },
3329
- "name": {
3330
- "ignore_above": 1024,
3331
- "type": "keyword"
3332
- },
3333
- "physical_offset": {
3334
- "ignore_above": 1024,
3335
- "type": "keyword"
3336
- },
3337
- "physical_size": {
3338
- "type": "long"
3339
- },
3340
- "type": {
3341
- "ignore_above": 1024,
3342
- "type": "keyword"
3343
- },
3344
- "virtual_address": {
3345
- "type": "long"
3346
- },
3347
- "virtual_size": {
3348
- "type": "long"
3349
- }
3350
- },
3351
- "type": "nested"
3352
- },
3353
- "segments": {
3354
- "properties": {
3355
- "sections": {
3356
- "ignore_above": 1024,
3357
- "type": "keyword"
3358
- },
3359
- "type": {
3360
- "ignore_above": 1024,
3361
- "type": "keyword"
3362
- }
3363
- },
3364
- "type": "nested"
3365
- },
3366
- "shared_libraries": {
3367
- "ignore_above": 1024,
3368
- "type": "keyword"
3369
- },
3370
- "telfhash": {
3371
- "ignore_above": 1024,
3372
- "type": "keyword"
3373
- }
3374
- }
3375
- },
3376
- "extension": {
3377
- "ignore_above": 1024,
3378
- "type": "keyword"
3379
- },
3380
- "fork_name": {
3381
- "ignore_above": 1024,
3382
- "type": "keyword"
3383
- },
3384
- "gid": {
3385
- "ignore_above": 1024,
3386
- "type": "keyword"
3387
- },
3388
- "group": {
3389
- "ignore_above": 1024,
3390
- "type": "keyword"
3391
- },
3392
- "hash": {
3393
- "properties": {
3394
- "md5": {
3395
- "ignore_above": 1024,
3396
- "type": "keyword"
3397
- },
3398
- "sha1": {
3399
- "ignore_above": 1024,
3400
- "type": "keyword"
3401
- },
3402
- "sha256": {
3403
- "ignore_above": 1024,
3404
- "type": "keyword"
3405
- },
3406
- "sha512": {
3407
- "ignore_above": 1024,
3408
- "type": "keyword"
3409
- },
3410
- "ssdeep": {
3411
- "ignore_above": 1024,
3412
- "type": "keyword"
3413
- }
3414
- }
3415
- },
3416
- "inode": {
3417
- "ignore_above": 1024,
3418
- "type": "keyword"
3419
- },
3420
- "mime_type": {
3421
- "ignore_above": 1024,
3422
- "type": "keyword"
3423
- },
3424
- "mode": {
3425
- "ignore_above": 1024,
3426
- "type": "keyword"
3427
- },
3428
- "mtime": {
3429
- "type": "date"
3430
- },
3431
- "name": {
3432
- "ignore_above": 1024,
3433
- "type": "keyword"
3434
- },
3435
- "owner": {
3436
- "ignore_above": 1024,
3437
- "type": "keyword"
3438
- },
3439
- "path": {
3440
- "fields": {
3441
- "text": {
3442
- "type": "match_only_text"
3443
- }
3444
- },
3445
- "ignore_above": 1024,
3446
- "type": "keyword"
3447
- },
3448
- "pe": {
3449
- "properties": {
3450
- "architecture": {
3451
- "ignore_above": 1024,
3452
- "type": "keyword"
3453
- },
3454
- "company": {
3455
- "ignore_above": 1024,
3456
- "type": "keyword"
3457
- },
3458
- "description": {
3459
- "ignore_above": 1024,
3460
- "type": "keyword"
3461
- },
3462
- "file_version": {
3463
- "ignore_above": 1024,
3464
- "type": "keyword"
3465
- },
3466
- "imphash": {
3467
- "ignore_above": 1024,
3468
- "type": "keyword"
3469
- },
3470
- "original_file_name": {
3471
- "ignore_above": 1024,
3472
- "type": "keyword"
3473
- },
3474
- "product": {
3475
- "ignore_above": 1024,
3476
- "type": "keyword"
3477
- }
3478
- }
3479
- },
3480
- "size": {
3481
- "type": "long"
3482
- },
3483
- "target_path": {
3484
- "fields": {
3485
- "text": {
3486
- "type": "match_only_text"
3487
- }
3488
- },
3489
- "ignore_above": 1024,
3490
- "type": "keyword"
3491
- },
3492
- "type": {
3493
- "ignore_above": 1024,
3494
- "type": "keyword"
3495
- },
3496
- "uid": {
3497
- "ignore_above": 1024,
3498
- "type": "keyword"
3499
- },
3500
- "x509": {
3501
- "properties": {
3502
- "alternative_names": {
3503
- "ignore_above": 1024,
3504
- "type": "keyword"
3505
- },
3506
- "issuer": {
3507
- "properties": {
3508
- "common_name": {
3509
- "ignore_above": 1024,
3510
- "type": "keyword"
3511
- },
3512
- "country": {
3513
- "ignore_above": 1024,
3514
- "type": "keyword"
3515
- },
3516
- "distinguished_name": {
3517
- "ignore_above": 1024,
3518
- "type": "keyword"
3519
- },
3520
- "locality": {
3521
- "ignore_above": 1024,
3522
- "type": "keyword"
3523
- },
3524
- "organization": {
3525
- "ignore_above": 1024,
3526
- "type": "keyword"
3527
- },
3528
- "organizational_unit": {
3529
- "ignore_above": 1024,
3530
- "type": "keyword"
3531
- },
3532
- "state_or_province": {
3533
- "ignore_above": 1024,
3534
- "type": "keyword"
3535
- }
3536
- }
3537
- },
3538
- "not_after": {
3539
- "type": "date"
3540
- },
3541
- "not_before": {
3542
- "type": "date"
3543
- },
3544
- "public_key_algorithm": {
3545
- "ignore_above": 1024,
3546
- "type": "keyword"
3547
- },
3548
- "public_key_curve": {
3549
- "ignore_above": 1024,
3550
- "type": "keyword"
3551
- },
3552
- "public_key_exponent": {
3553
- "doc_values": false,
3554
- "index": false,
3555
- "type": "long"
3556
- },
3557
- "public_key_size": {
3558
- "type": "long"
3559
- },
3560
- "serial_number": {
3561
- "ignore_above": 1024,
3562
- "type": "keyword"
3563
- },
3564
- "signature_algorithm": {
3565
- "ignore_above": 1024,
3566
- "type": "keyword"
3567
- },
3568
- "subject": {
3569
- "properties": {
3570
- "common_name": {
3571
- "ignore_above": 1024,
3572
- "type": "keyword"
3573
- },
3574
- "country": {
3575
- "ignore_above": 1024,
3576
- "type": "keyword"
3577
- },
3578
- "distinguished_name": {
3579
- "ignore_above": 1024,
3580
- "type": "keyword"
3581
- },
3582
- "locality": {
3583
- "ignore_above": 1024,
3584
- "type": "keyword"
3585
- },
3586
- "organization": {
3587
- "ignore_above": 1024,
3588
- "type": "keyword"
3589
- },
3590
- "organizational_unit": {
3591
- "ignore_above": 1024,
3592
- "type": "keyword"
3593
- },
3594
- "state_or_province": {
3595
- "ignore_above": 1024,
3596
- "type": "keyword"
3597
- }
3598
- }
3599
- },
3600
- "version_number": {
3601
- "ignore_above": 1024,
3602
- "type": "keyword"
3603
- }
3604
- }
3605
- }
3606
- }
3607
- },
3608
- "first_seen": {
3609
- "type": "date"
3610
- },
3611
- "geo": {
3612
- "properties": {
3613
- "city_name": {
3614
- "ignore_above": 1024,
3615
- "type": "keyword"
3616
- },
3617
- "continent_code": {
3618
- "ignore_above": 1024,
3619
- "type": "keyword"
3620
- },
3621
- "continent_name": {
3622
- "ignore_above": 1024,
3623
- "type": "keyword"
3624
- },
3625
- "country_iso_code": {
3626
- "ignore_above": 1024,
3627
- "type": "keyword"
3628
- },
3629
- "country_name": {
3630
- "ignore_above": 1024,
3631
- "type": "keyword"
3632
- },
3633
- "location": {
3634
- "type": "geo_point"
3635
- },
3636
- "name": {
3637
- "ignore_above": 1024,
3638
- "type": "keyword"
3639
- },
3640
- "postal_code": {
3641
- "ignore_above": 1024,
3642
- "type": "keyword"
3643
- },
3644
- "region_iso_code": {
3645
- "ignore_above": 1024,
3646
- "type": "keyword"
3647
- },
3648
- "region_name": {
3649
- "ignore_above": 1024,
3650
- "type": "keyword"
3651
- },
3652
- "timezone": {
3653
- "ignore_above": 1024,
3654
- "type": "keyword"
3655
- }
3656
- }
3657
- },
3658
- "ip": {
3659
- "type": "ip"
3660
- },
3661
- "last_seen": {
3662
- "type": "date"
3663
- },
3664
- "marking": {
3665
- "properties": {
3666
- "tlp": {
3667
- "ignore_above": 1024,
3668
- "type": "keyword"
3669
- }
3670
- }
3671
- },
3672
- "modified_at": {
3673
- "type": "date"
3674
- },
3675
- "port": {
3676
- "type": "long"
3677
- },
3678
- "provider": {
3679
- "ignore_above": 1024,
3680
- "type": "keyword"
3681
- },
3682
- "reference": {
3683
- "ignore_above": 1024,
3684
- "type": "keyword"
3685
- },
3686
- "registry": {
3687
- "properties": {
3688
- "data": {
3689
- "properties": {
3690
- "bytes": {
3691
- "ignore_above": 1024,
3692
- "type": "keyword"
3693
- },
3694
- "strings": {
3695
- "type": "wildcard"
3696
- },
3697
- "type": {
3698
- "ignore_above": 1024,
3699
- "type": "keyword"
3700
- }
3701
- }
3702
- },
3703
- "hive": {
3704
- "ignore_above": 1024,
3705
- "type": "keyword"
3706
- },
3707
- "key": {
3708
- "ignore_above": 1024,
3709
- "type": "keyword"
3710
- },
3711
- "path": {
3712
- "ignore_above": 1024,
3713
- "type": "keyword"
3714
- },
3715
- "value": {
3716
- "ignore_above": 1024,
3717
- "type": "keyword"
3718
- }
3719
- }
3720
- },
3721
- "scanner_stats": {
3722
- "type": "long"
3723
- },
3724
- "sightings": {
3725
- "type": "long"
3726
- },
3727
- "type": {
3728
- "ignore_above": 1024,
3729
- "type": "keyword"
3730
- },
3731
- "url": {
3732
- "properties": {
3733
- "domain": {
3734
- "ignore_above": 1024,
3735
- "type": "keyword"
3736
- },
3737
- "extension": {
3738
- "ignore_above": 1024,
3739
- "type": "keyword"
3740
- },
3741
- "fragment": {
3742
- "ignore_above": 1024,
3743
- "type": "keyword"
3744
- },
3745
- "full": {
3746
- "fields": {
3747
- "text": {
3748
- "type": "match_only_text"
3749
- }
3750
- },
3751
- "type": "wildcard"
3752
- },
3753
- "original": {
3754
- "fields": {
3755
- "text": {
3756
- "type": "match_only_text"
3757
- }
3758
- },
3759
- "type": "wildcard"
3760
- },
3761
- "password": {
3762
- "ignore_above": 1024,
3763
- "type": "keyword"
3764
- },
3765
- "path": {
3766
- "type": "wildcard"
3767
- },
3768
- "port": {
3769
- "type": "long"
3770
- },
3771
- "query": {
3772
- "ignore_above": 1024,
3773
- "type": "keyword"
3774
- },
3775
- "registered_domain": {
3776
- "ignore_above": 1024,
3777
- "type": "keyword"
3778
- },
3779
- "scheme": {
3780
- "ignore_above": 1024,
3781
- "type": "keyword"
3782
- },
3783
- "subdomain": {
3784
- "ignore_above": 1024,
3785
- "type": "keyword"
3786
- },
3787
- "top_level_domain": {
3788
- "ignore_above": 1024,
3789
- "type": "keyword"
3790
- },
3791
- "username": {
3792
- "ignore_above": 1024,
3793
- "type": "keyword"
3794
- }
3795
- }
3796
- },
3797
- "x509": {
3798
- "properties": {
3799
- "alternative_names": {
3800
- "ignore_above": 1024,
3801
- "type": "keyword"
3802
- },
3803
- "issuer": {
3804
- "properties": {
3805
- "common_name": {
3806
- "ignore_above": 1024,
3807
- "type": "keyword"
3808
- },
3809
- "country": {
3810
- "ignore_above": 1024,
3811
- "type": "keyword"
3812
- },
3813
- "distinguished_name": {
3814
- "ignore_above": 1024,
3815
- "type": "keyword"
3816
- },
3817
- "locality": {
3818
- "ignore_above": 1024,
3819
- "type": "keyword"
3820
- },
3821
- "organization": {
3822
- "ignore_above": 1024,
3823
- "type": "keyword"
3824
- },
3825
- "organizational_unit": {
3826
- "ignore_above": 1024,
3827
- "type": "keyword"
3828
- },
3829
- "state_or_province": {
3830
- "ignore_above": 1024,
3831
- "type": "keyword"
3832
- }
3833
- }
3834
- },
3835
- "not_after": {
3836
- "type": "date"
3837
- },
3838
- "not_before": {
3839
- "type": "date"
3840
- },
3841
- "public_key_algorithm": {
3842
- "ignore_above": 1024,
3843
- "type": "keyword"
3844
- },
3845
- "public_key_curve": {
3846
- "ignore_above": 1024,
3847
- "type": "keyword"
3848
- },
3849
- "public_key_exponent": {
3850
- "doc_values": false,
3851
- "index": false,
3852
- "type": "long"
3853
- },
3854
- "public_key_size": {
3855
- "type": "long"
3856
- },
3857
- "serial_number": {
3858
- "ignore_above": 1024,
3859
- "type": "keyword"
3860
- },
3861
- "signature_algorithm": {
3862
- "ignore_above": 1024,
3863
- "type": "keyword"
3864
- },
3865
- "subject": {
3866
- "properties": {
3867
- "common_name": {
3868
- "ignore_above": 1024,
3869
- "type": "keyword"
3870
- },
3871
- "country": {
3872
- "ignore_above": 1024,
3873
- "type": "keyword"
3874
- },
3875
- "distinguished_name": {
3876
- "ignore_above": 1024,
3877
- "type": "keyword"
3878
- },
3879
- "locality": {
3880
- "ignore_above": 1024,
3881
- "type": "keyword"
3882
- },
3883
- "organization": {
3884
- "ignore_above": 1024,
3885
- "type": "keyword"
3886
- },
3887
- "organizational_unit": {
3888
- "ignore_above": 1024,
3889
- "type": "keyword"
3890
- },
3891
- "state_or_province": {
3892
- "ignore_above": 1024,
3893
- "type": "keyword"
3894
- }
3895
- }
3896
- },
3897
- "version_number": {
3898
- "ignore_above": 1024,
3899
- "type": "keyword"
3900
- }
3901
- }
3902
- }
3903
- },
3904
- "type": "object"
3905
- },
3906
- "matched": {
3907
- "properties": {
3908
- "atomic": {
3909
- "ignore_above": 1024,
3910
- "type": "keyword"
3911
- },
3912
- "field": {
3913
- "ignore_above": 1024,
3914
- "type": "keyword"
3915
- },
3916
- "id": {
3917
- "ignore_above": 1024,
3918
- "type": "keyword"
3919
- },
3920
- "index": {
3921
- "ignore_above": 1024,
3922
- "type": "keyword"
3923
- },
3924
- "type": {
3925
- "ignore_above": 1024,
3926
- "type": "keyword"
3927
- }
3928
- }
3929
- }
3930
- },
3931
- "type": "nested"
3932
- },
3933
- "framework": {
3934
- "ignore_above": 1024,
3935
- "type": "keyword"
3936
- },
3937
- "group": {
3938
- "properties": {
3939
- "alias": {
3940
- "ignore_above": 1024,
3941
- "type": "keyword"
3942
- },
3943
- "id": {
3944
- "ignore_above": 1024,
3945
- "type": "keyword"
3946
- },
3947
- "name": {
3948
- "ignore_above": 1024,
3949
- "type": "keyword"
3950
- },
3951
- "reference": {
3952
- "ignore_above": 1024,
3953
- "type": "keyword"
3954
- }
3955
- }
3956
- },
3957
- "indicator": {
3958
- "properties": {
3959
- "as": {
3960
- "properties": {
3961
- "number": {
3962
- "type": "long"
3963
- },
3964
- "organization": {
3965
- "properties": {
3966
- "name": {
3967
- "fields": {
3968
- "text": {
3969
- "type": "match_only_text"
3970
- }
3971
- },
3972
- "ignore_above": 1024,
3973
- "type": "keyword"
3974
- }
3975
- }
3976
- }
3977
- }
3978
- },
3979
- "confidence": {
3980
- "ignore_above": 1024,
3981
- "type": "keyword"
3982
- },
3983
- "description": {
3984
- "ignore_above": 1024,
3985
- "type": "keyword"
3986
- },
3987
- "email": {
3988
- "properties": {
3989
- "address": {
3990
- "ignore_above": 1024,
3991
- "type": "keyword"
3992
- }
3993
- }
3994
- },
3995
- "file": {
3996
- "properties": {
3997
- "accessed": {
3998
- "type": "date"
3999
- },
4000
- "attributes": {
4001
- "ignore_above": 1024,
4002
- "type": "keyword"
4003
- },
4004
- "code_signature": {
4005
- "properties": {
4006
- "digest_algorithm": {
4007
- "ignore_above": 1024,
4008
- "type": "keyword"
4009
- },
4010
- "exists": {
4011
- "type": "boolean"
4012
- },
4013
- "signing_id": {
4014
- "ignore_above": 1024,
4015
- "type": "keyword"
4016
- },
4017
- "status": {
4018
- "ignore_above": 1024,
4019
- "type": "keyword"
4020
- },
4021
- "subject_name": {
4022
- "ignore_above": 1024,
4023
- "type": "keyword"
4024
- },
4025
- "team_id": {
4026
- "ignore_above": 1024,
4027
- "type": "keyword"
4028
- },
4029
- "timestamp": {
4030
- "type": "date"
4031
- },
4032
- "trusted": {
4033
- "type": "boolean"
4034
- },
4035
- "valid": {
4036
- "type": "boolean"
4037
- }
4038
- }
4039
- },
4040
- "created": {
4041
- "type": "date"
4042
- },
4043
- "ctime": {
4044
- "type": "date"
4045
- },
4046
- "device": {
4047
- "ignore_above": 1024,
4048
- "type": "keyword"
4049
- },
4050
- "directory": {
4051
- "ignore_above": 1024,
4052
- "type": "keyword"
4053
- },
4054
- "drive_letter": {
4055
- "ignore_above": 1,
4056
- "type": "keyword"
4057
- },
4058
- "elf": {
4059
- "properties": {
4060
- "architecture": {
4061
- "ignore_above": 1024,
4062
- "type": "keyword"
4063
- },
4064
- "byte_order": {
4065
- "ignore_above": 1024,
4066
- "type": "keyword"
4067
- },
4068
- "cpu_type": {
4069
- "ignore_above": 1024,
4070
- "type": "keyword"
4071
- },
4072
- "creation_date": {
4073
- "type": "date"
4074
- },
4075
- "exports": {
4076
- "type": "flattened"
4077
- },
4078
- "header": {
4079
- "properties": {
4080
- "abi_version": {
4081
- "ignore_above": 1024,
4082
- "type": "keyword"
4083
- },
4084
- "class": {
4085
- "ignore_above": 1024,
4086
- "type": "keyword"
4087
- },
4088
- "data": {
4089
- "ignore_above": 1024,
4090
- "type": "keyword"
4091
- },
4092
- "entrypoint": {
4093
- "type": "long"
4094
- },
4095
- "object_version": {
4096
- "ignore_above": 1024,
4097
- "type": "keyword"
4098
- },
4099
- "os_abi": {
4100
- "ignore_above": 1024,
4101
- "type": "keyword"
4102
- },
4103
- "type": {
4104
- "ignore_above": 1024,
4105
- "type": "keyword"
4106
- },
4107
- "version": {
4108
- "ignore_above": 1024,
4109
- "type": "keyword"
4110
- }
4111
- }
4112
- },
4113
- "imports": {
4114
- "type": "flattened"
4115
- },
4116
- "sections": {
4117
- "properties": {
4118
- "chi2": {
4119
- "type": "long"
4120
- },
4121
- "entropy": {
4122
- "type": "long"
4123
- },
4124
- "flags": {
4125
- "ignore_above": 1024,
4126
- "type": "keyword"
4127
- },
4128
- "name": {
4129
- "ignore_above": 1024,
4130
- "type": "keyword"
4131
- },
4132
- "physical_offset": {
4133
- "ignore_above": 1024,
4134
- "type": "keyword"
4135
- },
4136
- "physical_size": {
4137
- "type": "long"
4138
- },
4139
- "type": {
4140
- "ignore_above": 1024,
4141
- "type": "keyword"
4142
- },
4143
- "virtual_address": {
4144
- "type": "long"
4145
- },
4146
- "virtual_size": {
4147
- "type": "long"
4148
- }
4149
- },
4150
- "type": "nested"
4151
- },
4152
- "segments": {
4153
- "properties": {
4154
- "sections": {
4155
- "ignore_above": 1024,
4156
- "type": "keyword"
4157
- },
4158
- "type": {
4159
- "ignore_above": 1024,
4160
- "type": "keyword"
4161
- }
4162
- },
4163
- "type": "nested"
4164
- },
4165
- "shared_libraries": {
4166
- "ignore_above": 1024,
4167
- "type": "keyword"
4168
- },
4169
- "telfhash": {
4170
- "ignore_above": 1024,
4171
- "type": "keyword"
4172
- }
4173
- }
4174
- },
4175
- "extension": {
4176
- "ignore_above": 1024,
4177
- "type": "keyword"
4178
- },
4179
- "fork_name": {
4180
- "ignore_above": 1024,
4181
- "type": "keyword"
4182
- },
4183
- "gid": {
4184
- "ignore_above": 1024,
4185
- "type": "keyword"
4186
- },
4187
- "group": {
4188
- "ignore_above": 1024,
4189
- "type": "keyword"
4190
- },
4191
- "hash": {
4192
- "properties": {
4193
- "md5": {
4194
- "ignore_above": 1024,
4195
- "type": "keyword"
4196
- },
4197
- "sha1": {
4198
- "ignore_above": 1024,
4199
- "type": "keyword"
4200
- },
4201
- "sha256": {
4202
- "ignore_above": 1024,
4203
- "type": "keyword"
4204
- },
4205
- "sha512": {
4206
- "ignore_above": 1024,
4207
- "type": "keyword"
4208
- },
4209
- "ssdeep": {
4210
- "ignore_above": 1024,
4211
- "type": "keyword"
4212
- }
4213
- }
4214
- },
4215
- "inode": {
4216
- "ignore_above": 1024,
4217
- "type": "keyword"
4218
- },
4219
- "mime_type": {
4220
- "ignore_above": 1024,
4221
- "type": "keyword"
4222
- },
4223
- "mode": {
4224
- "ignore_above": 1024,
4225
- "type": "keyword"
4226
- },
4227
- "mtime": {
4228
- "type": "date"
4229
- },
4230
- "name": {
4231
- "ignore_above": 1024,
4232
- "type": "keyword"
4233
- },
4234
- "owner": {
4235
- "ignore_above": 1024,
4236
- "type": "keyword"
4237
- },
4238
- "path": {
4239
- "fields": {
4240
- "text": {
4241
- "type": "match_only_text"
4242
- }
4243
- },
4244
- "ignore_above": 1024,
4245
- "type": "keyword"
4246
- },
4247
- "pe": {
4248
- "properties": {
4249
- "architecture": {
4250
- "ignore_above": 1024,
4251
- "type": "keyword"
4252
- },
4253
- "company": {
4254
- "ignore_above": 1024,
4255
- "type": "keyword"
4256
- },
4257
- "description": {
4258
- "ignore_above": 1024,
4259
- "type": "keyword"
4260
- },
4261
- "file_version": {
4262
- "ignore_above": 1024,
4263
- "type": "keyword"
4264
- },
4265
- "imphash": {
4266
- "ignore_above": 1024,
4267
- "type": "keyword"
4268
- },
4269
- "original_file_name": {
4270
- "ignore_above": 1024,
4271
- "type": "keyword"
4272
- },
4273
- "product": {
4274
- "ignore_above": 1024,
4275
- "type": "keyword"
4276
- }
4277
- }
4278
- },
4279
- "size": {
4280
- "type": "long"
4281
- },
4282
- "target_path": {
4283
- "fields": {
4284
- "text": {
4285
- "type": "match_only_text"
4286
- }
4287
- },
4288
- "ignore_above": 1024,
4289
- "type": "keyword"
4290
- },
4291
- "type": {
4292
- "ignore_above": 1024,
4293
- "type": "keyword"
4294
- },
4295
- "uid": {
4296
- "ignore_above": 1024,
4297
- "type": "keyword"
4298
- },
4299
- "x509": {
4300
- "properties": {
4301
- "alternative_names": {
4302
- "ignore_above": 1024,
4303
- "type": "keyword"
4304
- },
4305
- "issuer": {
4306
- "properties": {
4307
- "common_name": {
4308
- "ignore_above": 1024,
4309
- "type": "keyword"
4310
- },
4311
- "country": {
4312
- "ignore_above": 1024,
4313
- "type": "keyword"
4314
- },
4315
- "distinguished_name": {
4316
- "ignore_above": 1024,
4317
- "type": "keyword"
4318
- },
4319
- "locality": {
4320
- "ignore_above": 1024,
4321
- "type": "keyword"
4322
- },
4323
- "organization": {
4324
- "ignore_above": 1024,
4325
- "type": "keyword"
4326
- },
4327
- "organizational_unit": {
4328
- "ignore_above": 1024,
4329
- "type": "keyword"
4330
- },
4331
- "state_or_province": {
4332
- "ignore_above": 1024,
4333
- "type": "keyword"
4334
- }
4335
- }
4336
- },
4337
- "not_after": {
4338
- "type": "date"
4339
- },
4340
- "not_before": {
4341
- "type": "date"
4342
- },
4343
- "public_key_algorithm": {
4344
- "ignore_above": 1024,
4345
- "type": "keyword"
4346
- },
4347
- "public_key_curve": {
4348
- "ignore_above": 1024,
4349
- "type": "keyword"
4350
- },
4351
- "public_key_exponent": {
4352
- "doc_values": false,
4353
- "index": false,
4354
- "type": "long"
4355
- },
4356
- "public_key_size": {
4357
- "type": "long"
4358
- },
4359
- "serial_number": {
4360
- "ignore_above": 1024,
4361
- "type": "keyword"
4362
- },
4363
- "signature_algorithm": {
4364
- "ignore_above": 1024,
4365
- "type": "keyword"
4366
- },
4367
- "subject": {
4368
- "properties": {
4369
- "common_name": {
4370
- "ignore_above": 1024,
4371
- "type": "keyword"
4372
- },
4373
- "country": {
4374
- "ignore_above": 1024,
4375
- "type": "keyword"
4376
- },
4377
- "distinguished_name": {
4378
- "ignore_above": 1024,
4379
- "type": "keyword"
4380
- },
4381
- "locality": {
4382
- "ignore_above": 1024,
4383
- "type": "keyword"
4384
- },
4385
- "organization": {
4386
- "ignore_above": 1024,
4387
- "type": "keyword"
4388
- },
4389
- "organizational_unit": {
4390
- "ignore_above": 1024,
4391
- "type": "keyword"
4392
- },
4393
- "state_or_province": {
4394
- "ignore_above": 1024,
4395
- "type": "keyword"
4396
- }
4397
- }
4398
- },
4399
- "version_number": {
4400
- "ignore_above": 1024,
4401
- "type": "keyword"
4402
- }
4403
- }
4404
- }
4405
- }
4406
- },
4407
- "first_seen": {
4408
- "type": "date"
4409
- },
4410
- "geo": {
4411
- "properties": {
4412
- "city_name": {
4413
- "ignore_above": 1024,
4414
- "type": "keyword"
4415
- },
4416
- "continent_code": {
4417
- "ignore_above": 1024,
4418
- "type": "keyword"
4419
- },
4420
- "continent_name": {
4421
- "ignore_above": 1024,
4422
- "type": "keyword"
4423
- },
4424
- "country_iso_code": {
4425
- "ignore_above": 1024,
4426
- "type": "keyword"
4427
- },
4428
- "country_name": {
4429
- "ignore_above": 1024,
4430
- "type": "keyword"
4431
- },
4432
- "location": {
4433
- "type": "geo_point"
4434
- },
4435
- "name": {
4436
- "ignore_above": 1024,
4437
- "type": "keyword"
4438
- },
4439
- "postal_code": {
4440
- "ignore_above": 1024,
4441
- "type": "keyword"
4442
- },
4443
- "region_iso_code": {
4444
- "ignore_above": 1024,
4445
- "type": "keyword"
4446
- },
4447
- "region_name": {
4448
- "ignore_above": 1024,
4449
- "type": "keyword"
4450
- },
4451
- "timezone": {
4452
- "ignore_above": 1024,
4453
- "type": "keyword"
4454
- }
4455
- }
4456
- },
4457
- "ip": {
4458
- "type": "ip"
4459
- },
4460
- "last_seen": {
4461
- "type": "date"
4462
- },
4463
- "marking": {
4464
- "properties": {
4465
- "tlp": {
4466
- "ignore_above": 1024,
4467
- "type": "keyword"
4468
- }
4469
- }
4470
- },
4471
- "modified_at": {
4472
- "type": "date"
4473
- },
4474
- "port": {
4475
- "type": "long"
4476
- },
4477
- "provider": {
4478
- "ignore_above": 1024,
4479
- "type": "keyword"
4480
- },
4481
- "reference": {
4482
- "ignore_above": 1024,
4483
- "type": "keyword"
4484
- },
4485
- "registry": {
4486
- "properties": {
4487
- "data": {
4488
- "properties": {
4489
- "bytes": {
4490
- "ignore_above": 1024,
4491
- "type": "keyword"
4492
- },
4493
- "strings": {
4494
- "type": "wildcard"
4495
- },
4496
- "type": {
4497
- "ignore_above": 1024,
4498
- "type": "keyword"
4499
- }
4500
- }
4501
- },
4502
- "hive": {
4503
- "ignore_above": 1024,
4504
- "type": "keyword"
4505
- },
4506
- "key": {
4507
- "ignore_above": 1024,
4508
- "type": "keyword"
4509
- },
4510
- "path": {
4511
- "ignore_above": 1024,
4512
- "type": "keyword"
4513
- },
4514
- "value": {
4515
- "ignore_above": 1024,
4516
- "type": "keyword"
4517
- }
4518
- }
4519
- },
4520
- "scanner_stats": {
4521
- "type": "long"
4522
- },
4523
- "sightings": {
4524
- "type": "long"
4525
- },
4526
- "type": {
4527
- "ignore_above": 1024,
4528
- "type": "keyword"
4529
- },
4530
- "url": {
4531
- "properties": {
4532
- "domain": {
4533
- "ignore_above": 1024,
4534
- "type": "keyword"
4535
- },
4536
- "extension": {
4537
- "ignore_above": 1024,
4538
- "type": "keyword"
4539
- },
4540
- "fragment": {
4541
- "ignore_above": 1024,
4542
- "type": "keyword"
4543
- },
4544
- "full": {
4545
- "fields": {
4546
- "text": {
4547
- "type": "match_only_text"
4548
- }
4549
- },
4550
- "type": "wildcard"
4551
- },
4552
- "original": {
4553
- "fields": {
4554
- "text": {
4555
- "type": "match_only_text"
4556
- }
4557
- },
4558
- "type": "wildcard"
4559
- },
4560
- "password": {
4561
- "ignore_above": 1024,
4562
- "type": "keyword"
4563
- },
4564
- "path": {
4565
- "type": "wildcard"
4566
- },
4567
- "port": {
4568
- "type": "long"
4569
- },
4570
- "query": {
4571
- "ignore_above": 1024,
4572
- "type": "keyword"
4573
- },
4574
- "registered_domain": {
4575
- "ignore_above": 1024,
4576
- "type": "keyword"
4577
- },
4578
- "scheme": {
4579
- "ignore_above": 1024,
4580
- "type": "keyword"
4581
- },
4582
- "subdomain": {
4583
- "ignore_above": 1024,
4584
- "type": "keyword"
4585
- },
4586
- "top_level_domain": {
4587
- "ignore_above": 1024,
4588
- "type": "keyword"
4589
- },
4590
- "username": {
4591
- "ignore_above": 1024,
4592
- "type": "keyword"
4593
- }
4594
- }
4595
- },
4596
- "x509": {
4597
- "properties": {
4598
- "alternative_names": {
4599
- "ignore_above": 1024,
4600
- "type": "keyword"
4601
- },
4602
- "issuer": {
4603
- "properties": {
4604
- "common_name": {
4605
- "ignore_above": 1024,
4606
- "type": "keyword"
4607
- },
4608
- "country": {
4609
- "ignore_above": 1024,
4610
- "type": "keyword"
4611
- },
4612
- "distinguished_name": {
4613
- "ignore_above": 1024,
4614
- "type": "keyword"
4615
- },
4616
- "locality": {
4617
- "ignore_above": 1024,
4618
- "type": "keyword"
4619
- },
4620
- "organization": {
4621
- "ignore_above": 1024,
4622
- "type": "keyword"
4623
- },
4624
- "organizational_unit": {
4625
- "ignore_above": 1024,
4626
- "type": "keyword"
4627
- },
4628
- "state_or_province": {
4629
- "ignore_above": 1024,
4630
- "type": "keyword"
4631
- }
4632
- }
4633
- },
4634
- "not_after": {
4635
- "type": "date"
4636
- },
4637
- "not_before": {
4638
- "type": "date"
4639
- },
4640
- "public_key_algorithm": {
4641
- "ignore_above": 1024,
4642
- "type": "keyword"
4643
- },
4644
- "public_key_curve": {
4645
- "ignore_above": 1024,
4646
- "type": "keyword"
4647
- },
4648
- "public_key_exponent": {
4649
- "doc_values": false,
4650
- "index": false,
4651
- "type": "long"
4652
- },
4653
- "public_key_size": {
4654
- "type": "long"
4655
- },
4656
- "serial_number": {
4657
- "ignore_above": 1024,
4658
- "type": "keyword"
4659
- },
4660
- "signature_algorithm": {
4661
- "ignore_above": 1024,
4662
- "type": "keyword"
4663
- },
4664
- "subject": {
4665
- "properties": {
4666
- "common_name": {
4667
- "ignore_above": 1024,
4668
- "type": "keyword"
4669
- },
4670
- "country": {
4671
- "ignore_above": 1024,
4672
- "type": "keyword"
4673
- },
4674
- "distinguished_name": {
4675
- "ignore_above": 1024,
4676
- "type": "keyword"
4677
- },
4678
- "locality": {
4679
- "ignore_above": 1024,
4680
- "type": "keyword"
4681
- },
4682
- "organization": {
4683
- "ignore_above": 1024,
4684
- "type": "keyword"
4685
- },
4686
- "organizational_unit": {
4687
- "ignore_above": 1024,
4688
- "type": "keyword"
4689
- },
4690
- "state_or_province": {
4691
- "ignore_above": 1024,
4692
- "type": "keyword"
4693
- }
4694
- }
4695
- },
4696
- "version_number": {
4697
- "ignore_above": 1024,
4698
- "type": "keyword"
4699
- }
4700
- }
4701
- }
4702
- }
4703
- },
4704
- "software": {
4705
- "properties": {
4706
- "alias": {
4707
- "ignore_above": 1024,
4708
- "type": "keyword"
4709
- },
4710
- "id": {
4711
- "ignore_above": 1024,
4712
- "type": "keyword"
4713
- },
4714
- "name": {
4715
- "ignore_above": 1024,
4716
- "type": "keyword"
4717
- },
4718
- "platforms": {
4719
- "ignore_above": 1024,
4720
- "type": "keyword"
4721
- },
4722
- "reference": {
4723
- "ignore_above": 1024,
4724
- "type": "keyword"
4725
- },
4726
- "type": {
4727
- "ignore_above": 1024,
4728
- "type": "keyword"
4729
- }
4730
- }
4731
- },
4732
- "tactic": {
4733
- "properties": {
4734
- "id": {
4735
- "ignore_above": 1024,
4736
- "type": "keyword"
4737
- },
4738
- "name": {
4739
- "ignore_above": 1024,
4740
- "type": "keyword"
4741
- },
4742
- "reference": {
4743
- "ignore_above": 1024,
4744
- "type": "keyword"
4745
- }
4746
- }
4747
- },
4748
- "technique": {
4749
- "properties": {
4750
- "id": {
4751
- "ignore_above": 1024,
4752
- "type": "keyword"
4753
- },
4754
- "name": {
4755
- "fields": {
4756
- "text": {
4757
- "type": "match_only_text"
4758
- }
4759
- },
4760
- "ignore_above": 1024,
4761
- "type": "keyword"
4762
- },
4763
- "reference": {
4764
- "ignore_above": 1024,
4765
- "type": "keyword"
4766
- },
4767
- "subtechnique": {
4768
- "properties": {
4769
- "id": {
4770
- "ignore_above": 1024,
4771
- "type": "keyword"
4772
- },
4773
- "name": {
4774
- "fields": {
4775
- "text": {
4776
- "type": "match_only_text"
4777
- }
4778
- },
4779
- "ignore_above": 1024,
4780
- "type": "keyword"
4781
- },
4782
- "reference": {
4783
- "ignore_above": 1024,
4784
- "type": "keyword"
4785
- }
4786
- }
4787
- }
4788
- }
4789
- }
4790
- }
4791
- },
4792
- "tls": {
4793
- "properties": {
4794
- "cipher": {
4795
- "ignore_above": 1024,
4796
- "type": "keyword"
4797
- },
4798
- "client": {
4799
- "properties": {
4800
- "certificate": {
4801
- "ignore_above": 1024,
4802
- "type": "keyword"
4803
- },
4804
- "certificate_chain": {
4805
- "ignore_above": 1024,
4806
- "type": "keyword"
4807
- },
4808
- "hash": {
4809
- "properties": {
4810
- "md5": {
4811
- "ignore_above": 1024,
4812
- "type": "keyword"
4813
- },
4814
- "sha1": {
4815
- "ignore_above": 1024,
4816
- "type": "keyword"
4817
- },
4818
- "sha256": {
4819
- "ignore_above": 1024,
4820
- "type": "keyword"
4821
- }
4822
- }
4823
- },
4824
- "issuer": {
4825
- "ignore_above": 1024,
4826
- "type": "keyword"
4827
- },
4828
- "ja3": {
4829
- "ignore_above": 1024,
4830
- "type": "keyword"
4831
- },
4832
- "not_after": {
4833
- "type": "date"
4834
- },
4835
- "not_before": {
4836
- "type": "date"
4837
- },
4838
- "server_name": {
4839
- "ignore_above": 1024,
4840
- "type": "keyword"
4841
- },
4842
- "subject": {
4843
- "ignore_above": 1024,
4844
- "type": "keyword"
4845
- },
4846
- "supported_ciphers": {
4847
- "ignore_above": 1024,
4848
- "type": "keyword"
4849
- },
4850
- "x509": {
4851
- "properties": {
4852
- "alternative_names": {
4853
- "ignore_above": 1024,
4854
- "type": "keyword"
4855
- },
4856
- "issuer": {
4857
- "properties": {
4858
- "common_name": {
4859
- "ignore_above": 1024,
4860
- "type": "keyword"
4861
- },
4862
- "country": {
4863
- "ignore_above": 1024,
4864
- "type": "keyword"
4865
- },
4866
- "distinguished_name": {
4867
- "ignore_above": 1024,
4868
- "type": "keyword"
2941
+ "distinguished_name": {
2942
+ "ignore_above": 1024,
2943
+ "type": "keyword"
4869
2944
  },
4870
2945
  "locality": {
4871
2946
  "ignore_above": 1024,
@@ -5164,25 +3239,30 @@
5164
3239
  "full": {
5165
3240
  "fields": {
5166
3241
  "text": {
5167
- "type": "match_only_text"
3242
+ "norms": false,
3243
+ "type": "text"
5168
3244
  }
5169
3245
  },
5170
- "type": "wildcard"
3246
+ "ignore_above": 1024,
3247
+ "type": "keyword"
5171
3248
  },
5172
3249
  "original": {
5173
3250
  "fields": {
5174
3251
  "text": {
5175
- "type": "match_only_text"
3252
+ "norms": false,
3253
+ "type": "text"
5176
3254
  }
5177
3255
  },
5178
- "type": "wildcard"
3256
+ "ignore_above": 1024,
3257
+ "type": "keyword"
5179
3258
  },
5180
3259
  "password": {
5181
3260
  "ignore_above": 1024,
5182
3261
  "type": "keyword"
5183
3262
  },
5184
3263
  "path": {
5185
- "type": "wildcard"
3264
+ "ignore_above": 1024,
3265
+ "type": "keyword"
5186
3266
  },
5187
3267
  "port": {
5188
3268
  "type": "long"
@@ -5228,7 +3308,8 @@
5228
3308
  "full_name": {
5229
3309
  "fields": {
5230
3310
  "text": {
5231
- "type": "match_only_text"
3311
+ "norms": false,
3312
+ "type": "text"
5232
3313
  }
5233
3314
  },
5234
3315
  "ignore_above": 1024,
@@ -5261,7 +3342,8 @@
5261
3342
  "name": {
5262
3343
  "fields": {
5263
3344
  "text": {
5264
- "type": "match_only_text"
3345
+ "norms": false,
3346
+ "type": "text"
5265
3347
  }
5266
3348
  },
5267
3349
  "ignore_above": 1024,
@@ -5290,7 +3372,8 @@
5290
3372
  "full_name": {
5291
3373
  "fields": {
5292
3374
  "text": {
5293
- "type": "match_only_text"
3375
+ "norms": false,
3376
+ "type": "text"
5294
3377
  }
5295
3378
  },
5296
3379
  "ignore_above": 1024,
@@ -5323,7 +3406,8 @@
5323
3406
  "name": {
5324
3407
  "fields": {
5325
3408
  "text": {
5326
- "type": "match_only_text"
3409
+ "norms": false,
3410
+ "type": "text"
5327
3411
  }
5328
3412
  },
5329
3413
  "ignore_above": 1024,
@@ -5342,7 +3426,8 @@
5342
3426
  "full_name": {
5343
3427
  "fields": {
5344
3428
  "text": {
5345
- "type": "match_only_text"
3429
+ "norms": false,
3430
+ "type": "text"
5346
3431
  }
5347
3432
  },
5348
3433
  "ignore_above": 1024,
@@ -5375,7 +3460,8 @@
5375
3460
  "name": {
5376
3461
  "fields": {
5377
3462
  "text": {
5378
- "type": "match_only_text"
3463
+ "norms": false,
3464
+ "type": "text"
5379
3465
  }
5380
3466
  },
5381
3467
  "ignore_above": 1024,
@@ -5398,7 +3484,8 @@
5398
3484
  "full_name": {
5399
3485
  "fields": {
5400
3486
  "text": {
5401
- "type": "match_only_text"
3487
+ "norms": false,
3488
+ "type": "text"
5402
3489
  }
5403
3490
  },
5404
3491
  "ignore_above": 1024,
@@ -5431,7 +3518,8 @@
5431
3518
  "name": {
5432
3519
  "fields": {
5433
3520
  "text": {
5434
- "type": "match_only_text"
3521
+ "norms": false,
3522
+ "type": "text"
5435
3523
  }
5436
3524
  },
5437
3525
  "ignore_above": 1024,
@@ -5462,7 +3550,8 @@
5462
3550
  "original": {
5463
3551
  "fields": {
5464
3552
  "text": {
5465
- "type": "match_only_text"
3553
+ "norms": false,
3554
+ "type": "text"
5466
3555
  }
5467
3556
  },
5468
3557
  "ignore_above": 1024,
@@ -5477,7 +3566,8 @@
5477
3566
  "full": {
5478
3567
  "fields": {
5479
3568
  "text": {
5480
- "type": "match_only_text"
3569
+ "norms": false,
3570
+ "type": "text"
5481
3571
  }
5482
3572
  },
5483
3573
  "ignore_above": 1024,
@@ -5490,7 +3580,8 @@
5490
3580
  "name": {
5491
3581
  "fields": {
5492
3582
  "text": {
5493
- "type": "match_only_text"
3583
+ "norms": false,
3584
+ "type": "text"
5494
3585
  }
5495
3586
  },
5496
3587
  "ignore_above": 1024,
@@ -5529,7 +3620,8 @@
5529
3620
  "description": {
5530
3621
  "fields": {
5531
3622
  "text": {
5532
- "type": "match_only_text"
3623
+ "norms": false,
3624
+ "type": "text"
5533
3625
  }
5534
3626
  },
5535
3627
  "ignore_above": 1024,