logstash-output-elasticsearch 11.3.1-java → 11.4.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -2
- data/Gemfile +2 -1
- data/docs/index.asciidoc +3 -7
- data/lib/logstash/outputs/elasticsearch/data_stream_support.rb +1 -1
- data/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb +40 -16
- data/lib/logstash/outputs/elasticsearch/http_client/pool.rb +5 -9
- data/lib/logstash/outputs/elasticsearch/http_client.rb +1 -2
- data/lib/logstash/outputs/elasticsearch/http_client_builder.rb +3 -6
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +2196 -288
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-8x.json +2196 -288
- data/logstash-output-elasticsearch.gemspec +2 -2
- data/spec/es_spec_helper.rb +5 -1
- data/spec/fixtures/test_certs/{ca/ca.crt → ca.crt} +0 -0
- data/spec/fixtures/test_certs/{ca/ca.key → ca.key} +0 -0
- data/spec/fixtures/test_certs/test.p12 +0 -0
- data/spec/fixtures/test_certs/test_invalid.crt +36 -0
- data/spec/fixtures/test_certs/test_invalid.key +51 -0
- data/spec/fixtures/test_certs/test_invalid.p12 +0 -0
- data/spec/fixtures/test_certs/test_self_signed.crt +32 -0
- data/spec/fixtures/test_certs/test_self_signed.key +54 -0
- data/spec/fixtures/test_certs/test_self_signed.p12 +0 -0
- data/spec/integration/outputs/ilm_spec.rb +2 -1
- data/spec/integration/outputs/index_spec.rb +87 -43
- data/spec/integration/outputs/ingest_pipeline_spec.rb +2 -1
- data/spec/integration/outputs/no_es_on_startup_spec.rb +12 -6
- data/spec/integration/outputs/retry_spec.rb +2 -1
- data/spec/integration/outputs/sniffer_spec.rb +1 -1
- data/spec/unit/outputs/elasticsearch/http_client/manticore_adapter_spec.rb +6 -5
- data/spec/unit/outputs/elasticsearch/http_client/pool_spec.rb +1 -1
- data/spec/unit/outputs/elasticsearch_ssl_spec.rb +1 -1
- metadata +22 -8
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
],
|
|
5
5
|
"mappings": {
|
|
6
6
|
"_meta": {
|
|
7
|
-
"version": "1.
|
|
7
|
+
"version": "1.12.1"
|
|
8
8
|
},
|
|
9
9
|
"date_detection": false,
|
|
10
10
|
"dynamic_templates": [
|
|
@@ -70,8 +70,7 @@
|
|
|
70
70
|
"name": {
|
|
71
71
|
"fields": {
|
|
72
72
|
"text": {
|
|
73
|
-
"
|
|
74
|
-
"type": "text"
|
|
73
|
+
"type": "match_only_text"
|
|
75
74
|
}
|
|
76
75
|
},
|
|
77
76
|
"ignore_above": 1024,
|
|
@@ -183,8 +182,7 @@
|
|
|
183
182
|
"full_name": {
|
|
184
183
|
"fields": {
|
|
185
184
|
"text": {
|
|
186
|
-
"
|
|
187
|
-
"type": "text"
|
|
185
|
+
"type": "match_only_text"
|
|
188
186
|
}
|
|
189
187
|
},
|
|
190
188
|
"ignore_above": 1024,
|
|
@@ -217,8 +215,7 @@
|
|
|
217
215
|
"name": {
|
|
218
216
|
"fields": {
|
|
219
217
|
"text": {
|
|
220
|
-
"
|
|
221
|
-
"type": "text"
|
|
218
|
+
"type": "match_only_text"
|
|
222
219
|
}
|
|
223
220
|
},
|
|
224
221
|
"ignore_above": 1024,
|
|
@@ -360,8 +357,7 @@
|
|
|
360
357
|
"name": {
|
|
361
358
|
"fields": {
|
|
362
359
|
"text": {
|
|
363
|
-
"
|
|
364
|
-
"type": "text"
|
|
360
|
+
"type": "match_only_text"
|
|
365
361
|
}
|
|
366
362
|
},
|
|
367
363
|
"ignore_above": 1024,
|
|
@@ -473,8 +469,7 @@
|
|
|
473
469
|
"full_name": {
|
|
474
470
|
"fields": {
|
|
475
471
|
"text": {
|
|
476
|
-
"
|
|
477
|
-
"type": "text"
|
|
472
|
+
"type": "match_only_text"
|
|
478
473
|
}
|
|
479
474
|
},
|
|
480
475
|
"ignore_above": 1024,
|
|
@@ -507,8 +502,7 @@
|
|
|
507
502
|
"name": {
|
|
508
503
|
"fields": {
|
|
509
504
|
"text": {
|
|
510
|
-
"
|
|
511
|
-
"type": "text"
|
|
505
|
+
"type": "match_only_text"
|
|
512
506
|
}
|
|
513
507
|
},
|
|
514
508
|
"ignore_above": 1024,
|
|
@@ -526,6 +520,10 @@
|
|
|
526
520
|
"properties": {
|
|
527
521
|
"code_signature": {
|
|
528
522
|
"properties": {
|
|
523
|
+
"digest_algorithm": {
|
|
524
|
+
"ignore_above": 1024,
|
|
525
|
+
"type": "keyword"
|
|
526
|
+
},
|
|
529
527
|
"exists": {
|
|
530
528
|
"type": "boolean"
|
|
531
529
|
},
|
|
@@ -545,6 +543,9 @@
|
|
|
545
543
|
"ignore_above": 1024,
|
|
546
544
|
"type": "keyword"
|
|
547
545
|
},
|
|
546
|
+
"timestamp": {
|
|
547
|
+
"type": "date"
|
|
548
|
+
},
|
|
548
549
|
"trusted": {
|
|
549
550
|
"type": "boolean"
|
|
550
551
|
},
|
|
@@ -717,20 +718,15 @@
|
|
|
717
718
|
"type": "keyword"
|
|
718
719
|
},
|
|
719
720
|
"message": {
|
|
720
|
-
"
|
|
721
|
-
"type": "text"
|
|
721
|
+
"type": "match_only_text"
|
|
722
722
|
},
|
|
723
723
|
"stack_trace": {
|
|
724
|
-
"doc_values": false,
|
|
725
724
|
"fields": {
|
|
726
725
|
"text": {
|
|
727
|
-
"
|
|
728
|
-
"type": "text"
|
|
726
|
+
"type": "match_only_text"
|
|
729
727
|
}
|
|
730
728
|
},
|
|
731
|
-
"
|
|
732
|
-
"index": false,
|
|
733
|
-
"type": "keyword"
|
|
729
|
+
"type": "wildcard"
|
|
734
730
|
},
|
|
735
731
|
"type": {
|
|
736
732
|
"ignore_above": 1024,
|
|
@@ -744,6 +740,10 @@
|
|
|
744
740
|
"ignore_above": 1024,
|
|
745
741
|
"type": "keyword"
|
|
746
742
|
},
|
|
743
|
+
"agent_id_status": {
|
|
744
|
+
"ignore_above": 1024,
|
|
745
|
+
"type": "keyword"
|
|
746
|
+
},
|
|
747
747
|
"category": {
|
|
748
748
|
"ignore_above": 1024,
|
|
749
749
|
"type": "keyword"
|
|
@@ -786,7 +786,6 @@
|
|
|
786
786
|
},
|
|
787
787
|
"original": {
|
|
788
788
|
"doc_values": false,
|
|
789
|
-
"ignore_above": 1024,
|
|
790
789
|
"index": false,
|
|
791
790
|
"type": "keyword"
|
|
792
791
|
},
|
|
@@ -846,6 +845,10 @@
|
|
|
846
845
|
},
|
|
847
846
|
"code_signature": {
|
|
848
847
|
"properties": {
|
|
848
|
+
"digest_algorithm": {
|
|
849
|
+
"ignore_above": 1024,
|
|
850
|
+
"type": "keyword"
|
|
851
|
+
},
|
|
849
852
|
"exists": {
|
|
850
853
|
"type": "boolean"
|
|
851
854
|
},
|
|
@@ -865,6 +868,9 @@
|
|
|
865
868
|
"ignore_above": 1024,
|
|
866
869
|
"type": "keyword"
|
|
867
870
|
},
|
|
871
|
+
"timestamp": {
|
|
872
|
+
"type": "date"
|
|
873
|
+
},
|
|
868
874
|
"trusted": {
|
|
869
875
|
"type": "boolean"
|
|
870
876
|
},
|
|
@@ -891,10 +897,131 @@
|
|
|
891
897
|
"ignore_above": 1,
|
|
892
898
|
"type": "keyword"
|
|
893
899
|
},
|
|
900
|
+
"elf": {
|
|
901
|
+
"properties": {
|
|
902
|
+
"architecture": {
|
|
903
|
+
"ignore_above": 1024,
|
|
904
|
+
"type": "keyword"
|
|
905
|
+
},
|
|
906
|
+
"byte_order": {
|
|
907
|
+
"ignore_above": 1024,
|
|
908
|
+
"type": "keyword"
|
|
909
|
+
},
|
|
910
|
+
"cpu_type": {
|
|
911
|
+
"ignore_above": 1024,
|
|
912
|
+
"type": "keyword"
|
|
913
|
+
},
|
|
914
|
+
"creation_date": {
|
|
915
|
+
"type": "date"
|
|
916
|
+
},
|
|
917
|
+
"exports": {
|
|
918
|
+
"type": "flattened"
|
|
919
|
+
},
|
|
920
|
+
"header": {
|
|
921
|
+
"properties": {
|
|
922
|
+
"abi_version": {
|
|
923
|
+
"ignore_above": 1024,
|
|
924
|
+
"type": "keyword"
|
|
925
|
+
},
|
|
926
|
+
"class": {
|
|
927
|
+
"ignore_above": 1024,
|
|
928
|
+
"type": "keyword"
|
|
929
|
+
},
|
|
930
|
+
"data": {
|
|
931
|
+
"ignore_above": 1024,
|
|
932
|
+
"type": "keyword"
|
|
933
|
+
},
|
|
934
|
+
"entrypoint": {
|
|
935
|
+
"type": "long"
|
|
936
|
+
},
|
|
937
|
+
"object_version": {
|
|
938
|
+
"ignore_above": 1024,
|
|
939
|
+
"type": "keyword"
|
|
940
|
+
},
|
|
941
|
+
"os_abi": {
|
|
942
|
+
"ignore_above": 1024,
|
|
943
|
+
"type": "keyword"
|
|
944
|
+
},
|
|
945
|
+
"type": {
|
|
946
|
+
"ignore_above": 1024,
|
|
947
|
+
"type": "keyword"
|
|
948
|
+
},
|
|
949
|
+
"version": {
|
|
950
|
+
"ignore_above": 1024,
|
|
951
|
+
"type": "keyword"
|
|
952
|
+
}
|
|
953
|
+
}
|
|
954
|
+
},
|
|
955
|
+
"imports": {
|
|
956
|
+
"type": "flattened"
|
|
957
|
+
},
|
|
958
|
+
"sections": {
|
|
959
|
+
"properties": {
|
|
960
|
+
"chi2": {
|
|
961
|
+
"type": "long"
|
|
962
|
+
},
|
|
963
|
+
"entropy": {
|
|
964
|
+
"type": "long"
|
|
965
|
+
},
|
|
966
|
+
"flags": {
|
|
967
|
+
"ignore_above": 1024,
|
|
968
|
+
"type": "keyword"
|
|
969
|
+
},
|
|
970
|
+
"name": {
|
|
971
|
+
"ignore_above": 1024,
|
|
972
|
+
"type": "keyword"
|
|
973
|
+
},
|
|
974
|
+
"physical_offset": {
|
|
975
|
+
"ignore_above": 1024,
|
|
976
|
+
"type": "keyword"
|
|
977
|
+
},
|
|
978
|
+
"physical_size": {
|
|
979
|
+
"type": "long"
|
|
980
|
+
},
|
|
981
|
+
"type": {
|
|
982
|
+
"ignore_above": 1024,
|
|
983
|
+
"type": "keyword"
|
|
984
|
+
},
|
|
985
|
+
"virtual_address": {
|
|
986
|
+
"type": "long"
|
|
987
|
+
},
|
|
988
|
+
"virtual_size": {
|
|
989
|
+
"type": "long"
|
|
990
|
+
}
|
|
991
|
+
},
|
|
992
|
+
"type": "nested"
|
|
993
|
+
},
|
|
994
|
+
"segments": {
|
|
995
|
+
"properties": {
|
|
996
|
+
"sections": {
|
|
997
|
+
"ignore_above": 1024,
|
|
998
|
+
"type": "keyword"
|
|
999
|
+
},
|
|
1000
|
+
"type": {
|
|
1001
|
+
"ignore_above": 1024,
|
|
1002
|
+
"type": "keyword"
|
|
1003
|
+
}
|
|
1004
|
+
},
|
|
1005
|
+
"type": "nested"
|
|
1006
|
+
},
|
|
1007
|
+
"shared_libraries": {
|
|
1008
|
+
"ignore_above": 1024,
|
|
1009
|
+
"type": "keyword"
|
|
1010
|
+
},
|
|
1011
|
+
"telfhash": {
|
|
1012
|
+
"ignore_above": 1024,
|
|
1013
|
+
"type": "keyword"
|
|
1014
|
+
}
|
|
1015
|
+
}
|
|
1016
|
+
},
|
|
894
1017
|
"extension": {
|
|
895
1018
|
"ignore_above": 1024,
|
|
896
1019
|
"type": "keyword"
|
|
897
1020
|
},
|
|
1021
|
+
"fork_name": {
|
|
1022
|
+
"ignore_above": 1024,
|
|
1023
|
+
"type": "keyword"
|
|
1024
|
+
},
|
|
898
1025
|
"gid": {
|
|
899
1026
|
"ignore_above": 1024,
|
|
900
1027
|
"type": "keyword"
|
|
@@ -953,8 +1080,7 @@
|
|
|
953
1080
|
"path": {
|
|
954
1081
|
"fields": {
|
|
955
1082
|
"text": {
|
|
956
|
-
"
|
|
957
|
-
"type": "text"
|
|
1083
|
+
"type": "match_only_text"
|
|
958
1084
|
}
|
|
959
1085
|
},
|
|
960
1086
|
"ignore_above": 1024,
|
|
@@ -998,8 +1124,7 @@
|
|
|
998
1124
|
"target_path": {
|
|
999
1125
|
"fields": {
|
|
1000
1126
|
"text": {
|
|
1001
|
-
"
|
|
1002
|
-
"type": "text"
|
|
1127
|
+
"type": "match_only_text"
|
|
1003
1128
|
}
|
|
1004
1129
|
},
|
|
1005
1130
|
"ignore_above": 1024,
|
|
@@ -1272,8 +1397,7 @@
|
|
|
1272
1397
|
"full": {
|
|
1273
1398
|
"fields": {
|
|
1274
1399
|
"text": {
|
|
1275
|
-
"
|
|
1276
|
-
"type": "text"
|
|
1400
|
+
"type": "match_only_text"
|
|
1277
1401
|
}
|
|
1278
1402
|
},
|
|
1279
1403
|
"ignore_above": 1024,
|
|
@@ -1286,8 +1410,7 @@
|
|
|
1286
1410
|
"name": {
|
|
1287
1411
|
"fields": {
|
|
1288
1412
|
"text": {
|
|
1289
|
-
"
|
|
1290
|
-
"type": "text"
|
|
1413
|
+
"type": "match_only_text"
|
|
1291
1414
|
}
|
|
1292
1415
|
},
|
|
1293
1416
|
"ignore_above": 1024,
|
|
@@ -1327,8 +1450,7 @@
|
|
|
1327
1450
|
"full_name": {
|
|
1328
1451
|
"fields": {
|
|
1329
1452
|
"text": {
|
|
1330
|
-
"
|
|
1331
|
-
"type": "text"
|
|
1453
|
+
"type": "match_only_text"
|
|
1332
1454
|
}
|
|
1333
1455
|
},
|
|
1334
1456
|
"ignore_above": 1024,
|
|
@@ -1361,8 +1483,7 @@
|
|
|
1361
1483
|
"name": {
|
|
1362
1484
|
"fields": {
|
|
1363
1485
|
"text": {
|
|
1364
|
-
"
|
|
1365
|
-
"type": "text"
|
|
1486
|
+
"type": "match_only_text"
|
|
1366
1487
|
}
|
|
1367
1488
|
},
|
|
1368
1489
|
"ignore_above": 1024,
|
|
@@ -1388,12 +1509,10 @@
|
|
|
1388
1509
|
"content": {
|
|
1389
1510
|
"fields": {
|
|
1390
1511
|
"text": {
|
|
1391
|
-
"
|
|
1392
|
-
"type": "text"
|
|
1512
|
+
"type": "match_only_text"
|
|
1393
1513
|
}
|
|
1394
1514
|
},
|
|
1395
|
-
"
|
|
1396
|
-
"type": "keyword"
|
|
1515
|
+
"type": "wildcard"
|
|
1397
1516
|
}
|
|
1398
1517
|
}
|
|
1399
1518
|
},
|
|
@@ -1428,12 +1547,10 @@
|
|
|
1428
1547
|
"content": {
|
|
1429
1548
|
"fields": {
|
|
1430
1549
|
"text": {
|
|
1431
|
-
"
|
|
1432
|
-
"type": "text"
|
|
1550
|
+
"type": "match_only_text"
|
|
1433
1551
|
}
|
|
1434
1552
|
},
|
|
1435
|
-
"
|
|
1436
|
-
"type": "keyword"
|
|
1553
|
+
"type": "wildcard"
|
|
1437
1554
|
}
|
|
1438
1555
|
}
|
|
1439
1556
|
},
|
|
@@ -1497,7 +1614,6 @@
|
|
|
1497
1614
|
},
|
|
1498
1615
|
"original": {
|
|
1499
1616
|
"doc_values": false,
|
|
1500
|
-
"ignore_above": 1024,
|
|
1501
1617
|
"index": false,
|
|
1502
1618
|
"type": "keyword"
|
|
1503
1619
|
},
|
|
@@ -1534,8 +1650,7 @@
|
|
|
1534
1650
|
}
|
|
1535
1651
|
},
|
|
1536
1652
|
"message": {
|
|
1537
|
-
"
|
|
1538
|
-
"type": "text"
|
|
1653
|
+
"type": "match_only_text"
|
|
1539
1654
|
},
|
|
1540
1655
|
"network": {
|
|
1541
1656
|
"properties": {
|
|
@@ -1758,8 +1873,7 @@
|
|
|
1758
1873
|
"full": {
|
|
1759
1874
|
"fields": {
|
|
1760
1875
|
"text": {
|
|
1761
|
-
"
|
|
1762
|
-
"type": "text"
|
|
1876
|
+
"type": "match_only_text"
|
|
1763
1877
|
}
|
|
1764
1878
|
},
|
|
1765
1879
|
"ignore_above": 1024,
|
|
@@ -1772,8 +1886,7 @@
|
|
|
1772
1886
|
"name": {
|
|
1773
1887
|
"fields": {
|
|
1774
1888
|
"text": {
|
|
1775
|
-
"
|
|
1776
|
-
"type": "text"
|
|
1889
|
+
"type": "match_only_text"
|
|
1777
1890
|
}
|
|
1778
1891
|
},
|
|
1779
1892
|
"ignore_above": 1024,
|
|
@@ -1872,8 +1985,7 @@
|
|
|
1872
1985
|
"name": {
|
|
1873
1986
|
"fields": {
|
|
1874
1987
|
"text": {
|
|
1875
|
-
"
|
|
1876
|
-
"type": "text"
|
|
1988
|
+
"type": "match_only_text"
|
|
1877
1989
|
}
|
|
1878
1990
|
},
|
|
1879
1991
|
"ignore_above": 1024,
|
|
@@ -1946,6 +2058,10 @@
|
|
|
1946
2058
|
},
|
|
1947
2059
|
"code_signature": {
|
|
1948
2060
|
"properties": {
|
|
2061
|
+
"digest_algorithm": {
|
|
2062
|
+
"ignore_above": 1024,
|
|
2063
|
+
"type": "keyword"
|
|
2064
|
+
},
|
|
1949
2065
|
"exists": {
|
|
1950
2066
|
"type": "boolean"
|
|
1951
2067
|
},
|
|
@@ -1965,6 +2081,9 @@
|
|
|
1965
2081
|
"ignore_above": 1024,
|
|
1966
2082
|
"type": "keyword"
|
|
1967
2083
|
},
|
|
2084
|
+
"timestamp": {
|
|
2085
|
+
"type": "date"
|
|
2086
|
+
},
|
|
1968
2087
|
"trusted": {
|
|
1969
2088
|
"type": "boolean"
|
|
1970
2089
|
},
|
|
@@ -1976,12 +2095,130 @@
|
|
|
1976
2095
|
"command_line": {
|
|
1977
2096
|
"fields": {
|
|
1978
2097
|
"text": {
|
|
1979
|
-
"
|
|
1980
|
-
"type": "text"
|
|
2098
|
+
"type": "match_only_text"
|
|
1981
2099
|
}
|
|
1982
2100
|
},
|
|
1983
|
-
"
|
|
1984
|
-
|
|
2101
|
+
"type": "wildcard"
|
|
2102
|
+
},
|
|
2103
|
+
"elf": {
|
|
2104
|
+
"properties": {
|
|
2105
|
+
"architecture": {
|
|
2106
|
+
"ignore_above": 1024,
|
|
2107
|
+
"type": "keyword"
|
|
2108
|
+
},
|
|
2109
|
+
"byte_order": {
|
|
2110
|
+
"ignore_above": 1024,
|
|
2111
|
+
"type": "keyword"
|
|
2112
|
+
},
|
|
2113
|
+
"cpu_type": {
|
|
2114
|
+
"ignore_above": 1024,
|
|
2115
|
+
"type": "keyword"
|
|
2116
|
+
},
|
|
2117
|
+
"creation_date": {
|
|
2118
|
+
"type": "date"
|
|
2119
|
+
},
|
|
2120
|
+
"exports": {
|
|
2121
|
+
"type": "flattened"
|
|
2122
|
+
},
|
|
2123
|
+
"header": {
|
|
2124
|
+
"properties": {
|
|
2125
|
+
"abi_version": {
|
|
2126
|
+
"ignore_above": 1024,
|
|
2127
|
+
"type": "keyword"
|
|
2128
|
+
},
|
|
2129
|
+
"class": {
|
|
2130
|
+
"ignore_above": 1024,
|
|
2131
|
+
"type": "keyword"
|
|
2132
|
+
},
|
|
2133
|
+
"data": {
|
|
2134
|
+
"ignore_above": 1024,
|
|
2135
|
+
"type": "keyword"
|
|
2136
|
+
},
|
|
2137
|
+
"entrypoint": {
|
|
2138
|
+
"type": "long"
|
|
2139
|
+
},
|
|
2140
|
+
"object_version": {
|
|
2141
|
+
"ignore_above": 1024,
|
|
2142
|
+
"type": "keyword"
|
|
2143
|
+
},
|
|
2144
|
+
"os_abi": {
|
|
2145
|
+
"ignore_above": 1024,
|
|
2146
|
+
"type": "keyword"
|
|
2147
|
+
},
|
|
2148
|
+
"type": {
|
|
2149
|
+
"ignore_above": 1024,
|
|
2150
|
+
"type": "keyword"
|
|
2151
|
+
},
|
|
2152
|
+
"version": {
|
|
2153
|
+
"ignore_above": 1024,
|
|
2154
|
+
"type": "keyword"
|
|
2155
|
+
}
|
|
2156
|
+
}
|
|
2157
|
+
},
|
|
2158
|
+
"imports": {
|
|
2159
|
+
"type": "flattened"
|
|
2160
|
+
},
|
|
2161
|
+
"sections": {
|
|
2162
|
+
"properties": {
|
|
2163
|
+
"chi2": {
|
|
2164
|
+
"type": "long"
|
|
2165
|
+
},
|
|
2166
|
+
"entropy": {
|
|
2167
|
+
"type": "long"
|
|
2168
|
+
},
|
|
2169
|
+
"flags": {
|
|
2170
|
+
"ignore_above": 1024,
|
|
2171
|
+
"type": "keyword"
|
|
2172
|
+
},
|
|
2173
|
+
"name": {
|
|
2174
|
+
"ignore_above": 1024,
|
|
2175
|
+
"type": "keyword"
|
|
2176
|
+
},
|
|
2177
|
+
"physical_offset": {
|
|
2178
|
+
"ignore_above": 1024,
|
|
2179
|
+
"type": "keyword"
|
|
2180
|
+
},
|
|
2181
|
+
"physical_size": {
|
|
2182
|
+
"type": "long"
|
|
2183
|
+
},
|
|
2184
|
+
"type": {
|
|
2185
|
+
"ignore_above": 1024,
|
|
2186
|
+
"type": "keyword"
|
|
2187
|
+
},
|
|
2188
|
+
"virtual_address": {
|
|
2189
|
+
"type": "long"
|
|
2190
|
+
},
|
|
2191
|
+
"virtual_size": {
|
|
2192
|
+
"type": "long"
|
|
2193
|
+
}
|
|
2194
|
+
},
|
|
2195
|
+
"type": "nested"
|
|
2196
|
+
},
|
|
2197
|
+
"segments": {
|
|
2198
|
+
"properties": {
|
|
2199
|
+
"sections": {
|
|
2200
|
+
"ignore_above": 1024,
|
|
2201
|
+
"type": "keyword"
|
|
2202
|
+
},
|
|
2203
|
+
"type": {
|
|
2204
|
+
"ignore_above": 1024,
|
|
2205
|
+
"type": "keyword"
|
|
2206
|
+
}
|
|
2207
|
+
},
|
|
2208
|
+
"type": "nested"
|
|
2209
|
+
},
|
|
2210
|
+
"shared_libraries": {
|
|
2211
|
+
"ignore_above": 1024,
|
|
2212
|
+
"type": "keyword"
|
|
2213
|
+
},
|
|
2214
|
+
"telfhash": {
|
|
2215
|
+
"ignore_above": 1024,
|
|
2216
|
+
"type": "keyword"
|
|
2217
|
+
}
|
|
2218
|
+
}
|
|
2219
|
+
},
|
|
2220
|
+
"end": {
|
|
2221
|
+
"type": "date"
|
|
1985
2222
|
},
|
|
1986
2223
|
"entity_id": {
|
|
1987
2224
|
"ignore_above": 1024,
|
|
@@ -1990,8 +2227,7 @@
|
|
|
1990
2227
|
"executable": {
|
|
1991
2228
|
"fields": {
|
|
1992
2229
|
"text": {
|
|
1993
|
-
"
|
|
1994
|
-
"type": "text"
|
|
2230
|
+
"type": "match_only_text"
|
|
1995
2231
|
}
|
|
1996
2232
|
},
|
|
1997
2233
|
"ignore_above": 1024,
|
|
@@ -2027,8 +2263,7 @@
|
|
|
2027
2263
|
"name": {
|
|
2028
2264
|
"fields": {
|
|
2029
2265
|
"text": {
|
|
2030
|
-
"
|
|
2031
|
-
"type": "text"
|
|
2266
|
+
"type": "match_only_text"
|
|
2032
2267
|
}
|
|
2033
2268
|
},
|
|
2034
2269
|
"ignore_above": 1024,
|
|
@@ -2045,6 +2280,10 @@
|
|
|
2045
2280
|
},
|
|
2046
2281
|
"code_signature": {
|
|
2047
2282
|
"properties": {
|
|
2283
|
+
"digest_algorithm": {
|
|
2284
|
+
"ignore_above": 1024,
|
|
2285
|
+
"type": "keyword"
|
|
2286
|
+
},
|
|
2048
2287
|
"exists": {
|
|
2049
2288
|
"type": "boolean"
|
|
2050
2289
|
},
|
|
@@ -2064,6 +2303,9 @@
|
|
|
2064
2303
|
"ignore_above": 1024,
|
|
2065
2304
|
"type": "keyword"
|
|
2066
2305
|
},
|
|
2306
|
+
"timestamp": {
|
|
2307
|
+
"type": "date"
|
|
2308
|
+
},
|
|
2067
2309
|
"trusted": {
|
|
2068
2310
|
"type": "boolean"
|
|
2069
2311
|
},
|
|
@@ -2075,72 +2317,188 @@
|
|
|
2075
2317
|
"command_line": {
|
|
2076
2318
|
"fields": {
|
|
2077
2319
|
"text": {
|
|
2078
|
-
"
|
|
2079
|
-
"type": "text"
|
|
2080
|
-
}
|
|
2081
|
-
},
|
|
2082
|
-
"ignore_above": 1024,
|
|
2083
|
-
"type": "keyword"
|
|
2084
|
-
},
|
|
2085
|
-
"entity_id": {
|
|
2086
|
-
"ignore_above": 1024,
|
|
2087
|
-
"type": "keyword"
|
|
2088
|
-
},
|
|
2089
|
-
"executable": {
|
|
2090
|
-
"fields": {
|
|
2091
|
-
"text": {
|
|
2092
|
-
"norms": false,
|
|
2093
|
-
"type": "text"
|
|
2320
|
+
"type": "match_only_text"
|
|
2094
2321
|
}
|
|
2095
2322
|
},
|
|
2096
|
-
"
|
|
2097
|
-
"type": "keyword"
|
|
2098
|
-
},
|
|
2099
|
-
"exit_code": {
|
|
2100
|
-
"type": "long"
|
|
2323
|
+
"type": "wildcard"
|
|
2101
2324
|
},
|
|
2102
|
-
"
|
|
2325
|
+
"elf": {
|
|
2103
2326
|
"properties": {
|
|
2104
|
-
"
|
|
2327
|
+
"architecture": {
|
|
2105
2328
|
"ignore_above": 1024,
|
|
2106
2329
|
"type": "keyword"
|
|
2107
2330
|
},
|
|
2108
|
-
"
|
|
2331
|
+
"byte_order": {
|
|
2109
2332
|
"ignore_above": 1024,
|
|
2110
2333
|
"type": "keyword"
|
|
2111
2334
|
},
|
|
2112
|
-
"
|
|
2335
|
+
"cpu_type": {
|
|
2113
2336
|
"ignore_above": 1024,
|
|
2114
2337
|
"type": "keyword"
|
|
2115
2338
|
},
|
|
2116
|
-
"
|
|
2117
|
-
"
|
|
2118
|
-
"type": "keyword"
|
|
2339
|
+
"creation_date": {
|
|
2340
|
+
"type": "date"
|
|
2119
2341
|
},
|
|
2120
|
-
"
|
|
2121
|
-
"
|
|
2122
|
-
"type": "keyword"
|
|
2123
|
-
}
|
|
2124
|
-
}
|
|
2125
|
-
},
|
|
2126
|
-
"name": {
|
|
2127
|
-
"fields": {
|
|
2128
|
-
"text": {
|
|
2129
|
-
"norms": false,
|
|
2130
|
-
"type": "text"
|
|
2131
|
-
}
|
|
2132
|
-
},
|
|
2133
|
-
"ignore_above": 1024,
|
|
2134
|
-
"type": "keyword"
|
|
2135
|
-
},
|
|
2136
|
-
"pe": {
|
|
2137
|
-
"properties": {
|
|
2138
|
-
"architecture": {
|
|
2139
|
-
"ignore_above": 1024,
|
|
2140
|
-
"type": "keyword"
|
|
2342
|
+
"exports": {
|
|
2343
|
+
"type": "flattened"
|
|
2141
2344
|
},
|
|
2142
|
-
"
|
|
2143
|
-
"
|
|
2345
|
+
"header": {
|
|
2346
|
+
"properties": {
|
|
2347
|
+
"abi_version": {
|
|
2348
|
+
"ignore_above": 1024,
|
|
2349
|
+
"type": "keyword"
|
|
2350
|
+
},
|
|
2351
|
+
"class": {
|
|
2352
|
+
"ignore_above": 1024,
|
|
2353
|
+
"type": "keyword"
|
|
2354
|
+
},
|
|
2355
|
+
"data": {
|
|
2356
|
+
"ignore_above": 1024,
|
|
2357
|
+
"type": "keyword"
|
|
2358
|
+
},
|
|
2359
|
+
"entrypoint": {
|
|
2360
|
+
"type": "long"
|
|
2361
|
+
},
|
|
2362
|
+
"object_version": {
|
|
2363
|
+
"ignore_above": 1024,
|
|
2364
|
+
"type": "keyword"
|
|
2365
|
+
},
|
|
2366
|
+
"os_abi": {
|
|
2367
|
+
"ignore_above": 1024,
|
|
2368
|
+
"type": "keyword"
|
|
2369
|
+
},
|
|
2370
|
+
"type": {
|
|
2371
|
+
"ignore_above": 1024,
|
|
2372
|
+
"type": "keyword"
|
|
2373
|
+
},
|
|
2374
|
+
"version": {
|
|
2375
|
+
"ignore_above": 1024,
|
|
2376
|
+
"type": "keyword"
|
|
2377
|
+
}
|
|
2378
|
+
}
|
|
2379
|
+
},
|
|
2380
|
+
"imports": {
|
|
2381
|
+
"type": "flattened"
|
|
2382
|
+
},
|
|
2383
|
+
"sections": {
|
|
2384
|
+
"properties": {
|
|
2385
|
+
"chi2": {
|
|
2386
|
+
"type": "long"
|
|
2387
|
+
},
|
|
2388
|
+
"entropy": {
|
|
2389
|
+
"type": "long"
|
|
2390
|
+
},
|
|
2391
|
+
"flags": {
|
|
2392
|
+
"ignore_above": 1024,
|
|
2393
|
+
"type": "keyword"
|
|
2394
|
+
},
|
|
2395
|
+
"name": {
|
|
2396
|
+
"ignore_above": 1024,
|
|
2397
|
+
"type": "keyword"
|
|
2398
|
+
},
|
|
2399
|
+
"physical_offset": {
|
|
2400
|
+
"ignore_above": 1024,
|
|
2401
|
+
"type": "keyword"
|
|
2402
|
+
},
|
|
2403
|
+
"physical_size": {
|
|
2404
|
+
"type": "long"
|
|
2405
|
+
},
|
|
2406
|
+
"type": {
|
|
2407
|
+
"ignore_above": 1024,
|
|
2408
|
+
"type": "keyword"
|
|
2409
|
+
},
|
|
2410
|
+
"virtual_address": {
|
|
2411
|
+
"type": "long"
|
|
2412
|
+
},
|
|
2413
|
+
"virtual_size": {
|
|
2414
|
+
"type": "long"
|
|
2415
|
+
}
|
|
2416
|
+
},
|
|
2417
|
+
"type": "nested"
|
|
2418
|
+
},
|
|
2419
|
+
"segments": {
|
|
2420
|
+
"properties": {
|
|
2421
|
+
"sections": {
|
|
2422
|
+
"ignore_above": 1024,
|
|
2423
|
+
"type": "keyword"
|
|
2424
|
+
},
|
|
2425
|
+
"type": {
|
|
2426
|
+
"ignore_above": 1024,
|
|
2427
|
+
"type": "keyword"
|
|
2428
|
+
}
|
|
2429
|
+
},
|
|
2430
|
+
"type": "nested"
|
|
2431
|
+
},
|
|
2432
|
+
"shared_libraries": {
|
|
2433
|
+
"ignore_above": 1024,
|
|
2434
|
+
"type": "keyword"
|
|
2435
|
+
},
|
|
2436
|
+
"telfhash": {
|
|
2437
|
+
"ignore_above": 1024,
|
|
2438
|
+
"type": "keyword"
|
|
2439
|
+
}
|
|
2440
|
+
}
|
|
2441
|
+
},
|
|
2442
|
+
"end": {
|
|
2443
|
+
"type": "date"
|
|
2444
|
+
},
|
|
2445
|
+
"entity_id": {
|
|
2446
|
+
"ignore_above": 1024,
|
|
2447
|
+
"type": "keyword"
|
|
2448
|
+
},
|
|
2449
|
+
"executable": {
|
|
2450
|
+
"fields": {
|
|
2451
|
+
"text": {
|
|
2452
|
+
"type": "match_only_text"
|
|
2453
|
+
}
|
|
2454
|
+
},
|
|
2455
|
+
"ignore_above": 1024,
|
|
2456
|
+
"type": "keyword"
|
|
2457
|
+
},
|
|
2458
|
+
"exit_code": {
|
|
2459
|
+
"type": "long"
|
|
2460
|
+
},
|
|
2461
|
+
"hash": {
|
|
2462
|
+
"properties": {
|
|
2463
|
+
"md5": {
|
|
2464
|
+
"ignore_above": 1024,
|
|
2465
|
+
"type": "keyword"
|
|
2466
|
+
},
|
|
2467
|
+
"sha1": {
|
|
2468
|
+
"ignore_above": 1024,
|
|
2469
|
+
"type": "keyword"
|
|
2470
|
+
},
|
|
2471
|
+
"sha256": {
|
|
2472
|
+
"ignore_above": 1024,
|
|
2473
|
+
"type": "keyword"
|
|
2474
|
+
},
|
|
2475
|
+
"sha512": {
|
|
2476
|
+
"ignore_above": 1024,
|
|
2477
|
+
"type": "keyword"
|
|
2478
|
+
},
|
|
2479
|
+
"ssdeep": {
|
|
2480
|
+
"ignore_above": 1024,
|
|
2481
|
+
"type": "keyword"
|
|
2482
|
+
}
|
|
2483
|
+
}
|
|
2484
|
+
},
|
|
2485
|
+
"name": {
|
|
2486
|
+
"fields": {
|
|
2487
|
+
"text": {
|
|
2488
|
+
"type": "match_only_text"
|
|
2489
|
+
}
|
|
2490
|
+
},
|
|
2491
|
+
"ignore_above": 1024,
|
|
2492
|
+
"type": "keyword"
|
|
2493
|
+
},
|
|
2494
|
+
"pe": {
|
|
2495
|
+
"properties": {
|
|
2496
|
+
"architecture": {
|
|
2497
|
+
"ignore_above": 1024,
|
|
2498
|
+
"type": "keyword"
|
|
2499
|
+
},
|
|
2500
|
+
"company": {
|
|
2501
|
+
"ignore_above": 1024,
|
|
2144
2502
|
"type": "keyword"
|
|
2145
2503
|
},
|
|
2146
2504
|
"description": {
|
|
@@ -2191,8 +2549,7 @@
|
|
|
2191
2549
|
"title": {
|
|
2192
2550
|
"fields": {
|
|
2193
2551
|
"text": {
|
|
2194
|
-
"
|
|
2195
|
-
"type": "text"
|
|
2552
|
+
"type": "match_only_text"
|
|
2196
2553
|
}
|
|
2197
2554
|
},
|
|
2198
2555
|
"ignore_above": 1024,
|
|
@@ -2204,8 +2561,7 @@
|
|
|
2204
2561
|
"working_directory": {
|
|
2205
2562
|
"fields": {
|
|
2206
2563
|
"text": {
|
|
2207
|
-
"
|
|
2208
|
-
"type": "text"
|
|
2564
|
+
"type": "match_only_text"
|
|
2209
2565
|
}
|
|
2210
2566
|
},
|
|
2211
2567
|
"ignore_above": 1024,
|
|
@@ -2271,8 +2627,7 @@
|
|
|
2271
2627
|
"title": {
|
|
2272
2628
|
"fields": {
|
|
2273
2629
|
"text": {
|
|
2274
|
-
"
|
|
2275
|
-
"type": "text"
|
|
2630
|
+
"type": "match_only_text"
|
|
2276
2631
|
}
|
|
2277
2632
|
},
|
|
2278
2633
|
"ignore_above": 1024,
|
|
@@ -2284,8 +2639,7 @@
|
|
|
2284
2639
|
"working_directory": {
|
|
2285
2640
|
"fields": {
|
|
2286
2641
|
"text": {
|
|
2287
|
-
"
|
|
2288
|
-
"type": "text"
|
|
2642
|
+
"type": "match_only_text"
|
|
2289
2643
|
}
|
|
2290
2644
|
},
|
|
2291
2645
|
"ignore_above": 1024,
|
|
@@ -2302,8 +2656,7 @@
|
|
|
2302
2656
|
"type": "keyword"
|
|
2303
2657
|
},
|
|
2304
2658
|
"strings": {
|
|
2305
|
-
"
|
|
2306
|
-
"type": "keyword"
|
|
2659
|
+
"type": "wildcard"
|
|
2307
2660
|
},
|
|
2308
2661
|
"type": {
|
|
2309
2662
|
"ignore_above": 1024,
|
|
@@ -2408,8 +2761,7 @@
|
|
|
2408
2761
|
"name": {
|
|
2409
2762
|
"fields": {
|
|
2410
2763
|
"text": {
|
|
2411
|
-
"
|
|
2412
|
-
"type": "text"
|
|
2764
|
+
"type": "match_only_text"
|
|
2413
2765
|
}
|
|
2414
2766
|
},
|
|
2415
2767
|
"ignore_above": 1024,
|
|
@@ -2521,8 +2873,7 @@
|
|
|
2521
2873
|
"full_name": {
|
|
2522
2874
|
"fields": {
|
|
2523
2875
|
"text": {
|
|
2524
|
-
"
|
|
2525
|
-
"type": "text"
|
|
2876
|
+
"type": "match_only_text"
|
|
2526
2877
|
}
|
|
2527
2878
|
},
|
|
2528
2879
|
"ignore_above": 1024,
|
|
@@ -2555,8 +2906,7 @@
|
|
|
2555
2906
|
"name": {
|
|
2556
2907
|
"fields": {
|
|
2557
2908
|
"text": {
|
|
2558
|
-
"
|
|
2559
|
-
"type": "text"
|
|
2909
|
+
"type": "match_only_text"
|
|
2560
2910
|
}
|
|
2561
2911
|
},
|
|
2562
2912
|
"ignore_above": 1024,
|
|
@@ -2572,6 +2922,14 @@
|
|
|
2572
2922
|
},
|
|
2573
2923
|
"service": {
|
|
2574
2924
|
"properties": {
|
|
2925
|
+
"address": {
|
|
2926
|
+
"ignore_above": 1024,
|
|
2927
|
+
"type": "keyword"
|
|
2928
|
+
},
|
|
2929
|
+
"environment": {
|
|
2930
|
+
"ignore_above": 1024,
|
|
2931
|
+
"type": "keyword"
|
|
2932
|
+
},
|
|
2575
2933
|
"ephemeral_id": {
|
|
2576
2934
|
"ignore_above": 1024,
|
|
2577
2935
|
"type": "keyword"
|
|
@@ -2622,8 +2980,7 @@
|
|
|
2622
2980
|
"name": {
|
|
2623
2981
|
"fields": {
|
|
2624
2982
|
"text": {
|
|
2625
|
-
"
|
|
2626
|
-
"type": "text"
|
|
2983
|
+
"type": "match_only_text"
|
|
2627
2984
|
}
|
|
2628
2985
|
},
|
|
2629
2986
|
"ignore_above": 1024,
|
|
@@ -2735,8 +3092,7 @@
|
|
|
2735
3092
|
"full_name": {
|
|
2736
3093
|
"fields": {
|
|
2737
3094
|
"text": {
|
|
2738
|
-
"
|
|
2739
|
-
"type": "text"
|
|
3095
|
+
"type": "match_only_text"
|
|
2740
3096
|
}
|
|
2741
3097
|
},
|
|
2742
3098
|
"ignore_above": 1024,
|
|
@@ -2769,8 +3125,7 @@
|
|
|
2769
3125
|
"name": {
|
|
2770
3126
|
"fields": {
|
|
2771
3127
|
"text": {
|
|
2772
|
-
"
|
|
2773
|
-
"type": "text"
|
|
3128
|
+
"type": "match_only_text"
|
|
2774
3129
|
}
|
|
2775
3130
|
},
|
|
2776
3131
|
"ignore_above": 1024,
|
|
@@ -2798,139 +3153,1709 @@
|
|
|
2798
3153
|
},
|
|
2799
3154
|
"threat": {
|
|
2800
3155
|
"properties": {
|
|
2801
|
-
"
|
|
2802
|
-
"ignore_above": 1024,
|
|
2803
|
-
"type": "keyword"
|
|
2804
|
-
},
|
|
2805
|
-
"tactic": {
|
|
2806
|
-
"properties": {
|
|
2807
|
-
"id": {
|
|
2808
|
-
"ignore_above": 1024,
|
|
2809
|
-
"type": "keyword"
|
|
2810
|
-
},
|
|
2811
|
-
"name": {
|
|
2812
|
-
"ignore_above": 1024,
|
|
2813
|
-
"type": "keyword"
|
|
2814
|
-
},
|
|
2815
|
-
"reference": {
|
|
2816
|
-
"ignore_above": 1024,
|
|
2817
|
-
"type": "keyword"
|
|
2818
|
-
}
|
|
2819
|
-
}
|
|
2820
|
-
},
|
|
2821
|
-
"technique": {
|
|
3156
|
+
"enrichments": {
|
|
2822
3157
|
"properties": {
|
|
2823
|
-
"
|
|
2824
|
-
"ignore_above": 1024,
|
|
2825
|
-
"type": "keyword"
|
|
2826
|
-
},
|
|
2827
|
-
"name": {
|
|
2828
|
-
"fields": {
|
|
2829
|
-
"text": {
|
|
2830
|
-
"norms": false,
|
|
2831
|
-
"type": "text"
|
|
2832
|
-
}
|
|
2833
|
-
},
|
|
2834
|
-
"ignore_above": 1024,
|
|
2835
|
-
"type": "keyword"
|
|
2836
|
-
},
|
|
2837
|
-
"reference": {
|
|
2838
|
-
"ignore_above": 1024,
|
|
2839
|
-
"type": "keyword"
|
|
2840
|
-
},
|
|
2841
|
-
"subtechnique": {
|
|
3158
|
+
"indicator": {
|
|
2842
3159
|
"properties": {
|
|
2843
|
-
"
|
|
2844
|
-
"
|
|
2845
|
-
|
|
2846
|
-
|
|
2847
|
-
|
|
2848
|
-
|
|
2849
|
-
|
|
2850
|
-
|
|
2851
|
-
|
|
3160
|
+
"as": {
|
|
3161
|
+
"properties": {
|
|
3162
|
+
"number": {
|
|
3163
|
+
"type": "long"
|
|
3164
|
+
},
|
|
3165
|
+
"organization": {
|
|
3166
|
+
"properties": {
|
|
3167
|
+
"name": {
|
|
3168
|
+
"fields": {
|
|
3169
|
+
"text": {
|
|
3170
|
+
"type": "match_only_text"
|
|
3171
|
+
}
|
|
3172
|
+
},
|
|
3173
|
+
"ignore_above": 1024,
|
|
3174
|
+
"type": "keyword"
|
|
3175
|
+
}
|
|
3176
|
+
}
|
|
2852
3177
|
}
|
|
2853
|
-
}
|
|
2854
|
-
"ignore_above": 1024,
|
|
2855
|
-
"type": "keyword"
|
|
2856
|
-
},
|
|
2857
|
-
"reference": {
|
|
2858
|
-
"ignore_above": 1024,
|
|
2859
|
-
"type": "keyword"
|
|
2860
|
-
}
|
|
2861
|
-
}
|
|
2862
|
-
}
|
|
2863
|
-
}
|
|
2864
|
-
}
|
|
2865
|
-
}
|
|
2866
|
-
},
|
|
2867
|
-
"tls": {
|
|
2868
|
-
"properties": {
|
|
2869
|
-
"cipher": {
|
|
2870
|
-
"ignore_above": 1024,
|
|
2871
|
-
"type": "keyword"
|
|
2872
|
-
},
|
|
2873
|
-
"client": {
|
|
2874
|
-
"properties": {
|
|
2875
|
-
"certificate": {
|
|
2876
|
-
"ignore_above": 1024,
|
|
2877
|
-
"type": "keyword"
|
|
2878
|
-
},
|
|
2879
|
-
"certificate_chain": {
|
|
2880
|
-
"ignore_above": 1024,
|
|
2881
|
-
"type": "keyword"
|
|
2882
|
-
},
|
|
2883
|
-
"hash": {
|
|
2884
|
-
"properties": {
|
|
2885
|
-
"md5": {
|
|
2886
|
-
"ignore_above": 1024,
|
|
2887
|
-
"type": "keyword"
|
|
3178
|
+
}
|
|
2888
3179
|
},
|
|
2889
|
-
"
|
|
3180
|
+
"confidence": {
|
|
2890
3181
|
"ignore_above": 1024,
|
|
2891
3182
|
"type": "keyword"
|
|
2892
3183
|
},
|
|
2893
|
-
"
|
|
2894
|
-
"ignore_above": 1024,
|
|
2895
|
-
"type": "keyword"
|
|
2896
|
-
}
|
|
2897
|
-
}
|
|
2898
|
-
},
|
|
2899
|
-
"issuer": {
|
|
2900
|
-
"ignore_above": 1024,
|
|
2901
|
-
"type": "keyword"
|
|
2902
|
-
},
|
|
2903
|
-
"ja3": {
|
|
2904
|
-
"ignore_above": 1024,
|
|
2905
|
-
"type": "keyword"
|
|
2906
|
-
},
|
|
2907
|
-
"not_after": {
|
|
2908
|
-
"type": "date"
|
|
2909
|
-
},
|
|
2910
|
-
"not_before": {
|
|
2911
|
-
"type": "date"
|
|
2912
|
-
},
|
|
2913
|
-
"server_name": {
|
|
2914
|
-
"ignore_above": 1024,
|
|
2915
|
-
"type": "keyword"
|
|
2916
|
-
},
|
|
2917
|
-
"subject": {
|
|
2918
|
-
"ignore_above": 1024,
|
|
2919
|
-
"type": "keyword"
|
|
2920
|
-
},
|
|
2921
|
-
"supported_ciphers": {
|
|
2922
|
-
"ignore_above": 1024,
|
|
2923
|
-
"type": "keyword"
|
|
2924
|
-
},
|
|
2925
|
-
"x509": {
|
|
2926
|
-
"properties": {
|
|
2927
|
-
"alternative_names": {
|
|
3184
|
+
"description": {
|
|
2928
3185
|
"ignore_above": 1024,
|
|
2929
3186
|
"type": "keyword"
|
|
2930
3187
|
},
|
|
2931
|
-
"
|
|
3188
|
+
"email": {
|
|
2932
3189
|
"properties": {
|
|
2933
|
-
"
|
|
3190
|
+
"address": {
|
|
3191
|
+
"ignore_above": 1024,
|
|
3192
|
+
"type": "keyword"
|
|
3193
|
+
}
|
|
3194
|
+
}
|
|
3195
|
+
},
|
|
3196
|
+
"file": {
|
|
3197
|
+
"properties": {
|
|
3198
|
+
"accessed": {
|
|
3199
|
+
"type": "date"
|
|
3200
|
+
},
|
|
3201
|
+
"attributes": {
|
|
3202
|
+
"ignore_above": 1024,
|
|
3203
|
+
"type": "keyword"
|
|
3204
|
+
},
|
|
3205
|
+
"code_signature": {
|
|
3206
|
+
"properties": {
|
|
3207
|
+
"digest_algorithm": {
|
|
3208
|
+
"ignore_above": 1024,
|
|
3209
|
+
"type": "keyword"
|
|
3210
|
+
},
|
|
3211
|
+
"exists": {
|
|
3212
|
+
"type": "boolean"
|
|
3213
|
+
},
|
|
3214
|
+
"signing_id": {
|
|
3215
|
+
"ignore_above": 1024,
|
|
3216
|
+
"type": "keyword"
|
|
3217
|
+
},
|
|
3218
|
+
"status": {
|
|
3219
|
+
"ignore_above": 1024,
|
|
3220
|
+
"type": "keyword"
|
|
3221
|
+
},
|
|
3222
|
+
"subject_name": {
|
|
3223
|
+
"ignore_above": 1024,
|
|
3224
|
+
"type": "keyword"
|
|
3225
|
+
},
|
|
3226
|
+
"team_id": {
|
|
3227
|
+
"ignore_above": 1024,
|
|
3228
|
+
"type": "keyword"
|
|
3229
|
+
},
|
|
3230
|
+
"timestamp": {
|
|
3231
|
+
"type": "date"
|
|
3232
|
+
},
|
|
3233
|
+
"trusted": {
|
|
3234
|
+
"type": "boolean"
|
|
3235
|
+
},
|
|
3236
|
+
"valid": {
|
|
3237
|
+
"type": "boolean"
|
|
3238
|
+
}
|
|
3239
|
+
}
|
|
3240
|
+
},
|
|
3241
|
+
"created": {
|
|
3242
|
+
"type": "date"
|
|
3243
|
+
},
|
|
3244
|
+
"ctime": {
|
|
3245
|
+
"type": "date"
|
|
3246
|
+
},
|
|
3247
|
+
"device": {
|
|
3248
|
+
"ignore_above": 1024,
|
|
3249
|
+
"type": "keyword"
|
|
3250
|
+
},
|
|
3251
|
+
"directory": {
|
|
3252
|
+
"ignore_above": 1024,
|
|
3253
|
+
"type": "keyword"
|
|
3254
|
+
},
|
|
3255
|
+
"drive_letter": {
|
|
3256
|
+
"ignore_above": 1,
|
|
3257
|
+
"type": "keyword"
|
|
3258
|
+
},
|
|
3259
|
+
"elf": {
|
|
3260
|
+
"properties": {
|
|
3261
|
+
"architecture": {
|
|
3262
|
+
"ignore_above": 1024,
|
|
3263
|
+
"type": "keyword"
|
|
3264
|
+
},
|
|
3265
|
+
"byte_order": {
|
|
3266
|
+
"ignore_above": 1024,
|
|
3267
|
+
"type": "keyword"
|
|
3268
|
+
},
|
|
3269
|
+
"cpu_type": {
|
|
3270
|
+
"ignore_above": 1024,
|
|
3271
|
+
"type": "keyword"
|
|
3272
|
+
},
|
|
3273
|
+
"creation_date": {
|
|
3274
|
+
"type": "date"
|
|
3275
|
+
},
|
|
3276
|
+
"exports": {
|
|
3277
|
+
"type": "flattened"
|
|
3278
|
+
},
|
|
3279
|
+
"header": {
|
|
3280
|
+
"properties": {
|
|
3281
|
+
"abi_version": {
|
|
3282
|
+
"ignore_above": 1024,
|
|
3283
|
+
"type": "keyword"
|
|
3284
|
+
},
|
|
3285
|
+
"class": {
|
|
3286
|
+
"ignore_above": 1024,
|
|
3287
|
+
"type": "keyword"
|
|
3288
|
+
},
|
|
3289
|
+
"data": {
|
|
3290
|
+
"ignore_above": 1024,
|
|
3291
|
+
"type": "keyword"
|
|
3292
|
+
},
|
|
3293
|
+
"entrypoint": {
|
|
3294
|
+
"type": "long"
|
|
3295
|
+
},
|
|
3296
|
+
"object_version": {
|
|
3297
|
+
"ignore_above": 1024,
|
|
3298
|
+
"type": "keyword"
|
|
3299
|
+
},
|
|
3300
|
+
"os_abi": {
|
|
3301
|
+
"ignore_above": 1024,
|
|
3302
|
+
"type": "keyword"
|
|
3303
|
+
},
|
|
3304
|
+
"type": {
|
|
3305
|
+
"ignore_above": 1024,
|
|
3306
|
+
"type": "keyword"
|
|
3307
|
+
},
|
|
3308
|
+
"version": {
|
|
3309
|
+
"ignore_above": 1024,
|
|
3310
|
+
"type": "keyword"
|
|
3311
|
+
}
|
|
3312
|
+
}
|
|
3313
|
+
},
|
|
3314
|
+
"imports": {
|
|
3315
|
+
"type": "flattened"
|
|
3316
|
+
},
|
|
3317
|
+
"sections": {
|
|
3318
|
+
"properties": {
|
|
3319
|
+
"chi2": {
|
|
3320
|
+
"type": "long"
|
|
3321
|
+
},
|
|
3322
|
+
"entropy": {
|
|
3323
|
+
"type": "long"
|
|
3324
|
+
},
|
|
3325
|
+
"flags": {
|
|
3326
|
+
"ignore_above": 1024,
|
|
3327
|
+
"type": "keyword"
|
|
3328
|
+
},
|
|
3329
|
+
"name": {
|
|
3330
|
+
"ignore_above": 1024,
|
|
3331
|
+
"type": "keyword"
|
|
3332
|
+
},
|
|
3333
|
+
"physical_offset": {
|
|
3334
|
+
"ignore_above": 1024,
|
|
3335
|
+
"type": "keyword"
|
|
3336
|
+
},
|
|
3337
|
+
"physical_size": {
|
|
3338
|
+
"type": "long"
|
|
3339
|
+
},
|
|
3340
|
+
"type": {
|
|
3341
|
+
"ignore_above": 1024,
|
|
3342
|
+
"type": "keyword"
|
|
3343
|
+
},
|
|
3344
|
+
"virtual_address": {
|
|
3345
|
+
"type": "long"
|
|
3346
|
+
},
|
|
3347
|
+
"virtual_size": {
|
|
3348
|
+
"type": "long"
|
|
3349
|
+
}
|
|
3350
|
+
},
|
|
3351
|
+
"type": "nested"
|
|
3352
|
+
},
|
|
3353
|
+
"segments": {
|
|
3354
|
+
"properties": {
|
|
3355
|
+
"sections": {
|
|
3356
|
+
"ignore_above": 1024,
|
|
3357
|
+
"type": "keyword"
|
|
3358
|
+
},
|
|
3359
|
+
"type": {
|
|
3360
|
+
"ignore_above": 1024,
|
|
3361
|
+
"type": "keyword"
|
|
3362
|
+
}
|
|
3363
|
+
},
|
|
3364
|
+
"type": "nested"
|
|
3365
|
+
},
|
|
3366
|
+
"shared_libraries": {
|
|
3367
|
+
"ignore_above": 1024,
|
|
3368
|
+
"type": "keyword"
|
|
3369
|
+
},
|
|
3370
|
+
"telfhash": {
|
|
3371
|
+
"ignore_above": 1024,
|
|
3372
|
+
"type": "keyword"
|
|
3373
|
+
}
|
|
3374
|
+
}
|
|
3375
|
+
},
|
|
3376
|
+
"extension": {
|
|
3377
|
+
"ignore_above": 1024,
|
|
3378
|
+
"type": "keyword"
|
|
3379
|
+
},
|
|
3380
|
+
"fork_name": {
|
|
3381
|
+
"ignore_above": 1024,
|
|
3382
|
+
"type": "keyword"
|
|
3383
|
+
},
|
|
3384
|
+
"gid": {
|
|
3385
|
+
"ignore_above": 1024,
|
|
3386
|
+
"type": "keyword"
|
|
3387
|
+
},
|
|
3388
|
+
"group": {
|
|
3389
|
+
"ignore_above": 1024,
|
|
3390
|
+
"type": "keyword"
|
|
3391
|
+
},
|
|
3392
|
+
"hash": {
|
|
3393
|
+
"properties": {
|
|
3394
|
+
"md5": {
|
|
3395
|
+
"ignore_above": 1024,
|
|
3396
|
+
"type": "keyword"
|
|
3397
|
+
},
|
|
3398
|
+
"sha1": {
|
|
3399
|
+
"ignore_above": 1024,
|
|
3400
|
+
"type": "keyword"
|
|
3401
|
+
},
|
|
3402
|
+
"sha256": {
|
|
3403
|
+
"ignore_above": 1024,
|
|
3404
|
+
"type": "keyword"
|
|
3405
|
+
},
|
|
3406
|
+
"sha512": {
|
|
3407
|
+
"ignore_above": 1024,
|
|
3408
|
+
"type": "keyword"
|
|
3409
|
+
},
|
|
3410
|
+
"ssdeep": {
|
|
3411
|
+
"ignore_above": 1024,
|
|
3412
|
+
"type": "keyword"
|
|
3413
|
+
}
|
|
3414
|
+
}
|
|
3415
|
+
},
|
|
3416
|
+
"inode": {
|
|
3417
|
+
"ignore_above": 1024,
|
|
3418
|
+
"type": "keyword"
|
|
3419
|
+
},
|
|
3420
|
+
"mime_type": {
|
|
3421
|
+
"ignore_above": 1024,
|
|
3422
|
+
"type": "keyword"
|
|
3423
|
+
},
|
|
3424
|
+
"mode": {
|
|
3425
|
+
"ignore_above": 1024,
|
|
3426
|
+
"type": "keyword"
|
|
3427
|
+
},
|
|
3428
|
+
"mtime": {
|
|
3429
|
+
"type": "date"
|
|
3430
|
+
},
|
|
3431
|
+
"name": {
|
|
3432
|
+
"ignore_above": 1024,
|
|
3433
|
+
"type": "keyword"
|
|
3434
|
+
},
|
|
3435
|
+
"owner": {
|
|
3436
|
+
"ignore_above": 1024,
|
|
3437
|
+
"type": "keyword"
|
|
3438
|
+
},
|
|
3439
|
+
"path": {
|
|
3440
|
+
"fields": {
|
|
3441
|
+
"text": {
|
|
3442
|
+
"type": "match_only_text"
|
|
3443
|
+
}
|
|
3444
|
+
},
|
|
3445
|
+
"ignore_above": 1024,
|
|
3446
|
+
"type": "keyword"
|
|
3447
|
+
},
|
|
3448
|
+
"pe": {
|
|
3449
|
+
"properties": {
|
|
3450
|
+
"architecture": {
|
|
3451
|
+
"ignore_above": 1024,
|
|
3452
|
+
"type": "keyword"
|
|
3453
|
+
},
|
|
3454
|
+
"company": {
|
|
3455
|
+
"ignore_above": 1024,
|
|
3456
|
+
"type": "keyword"
|
|
3457
|
+
},
|
|
3458
|
+
"description": {
|
|
3459
|
+
"ignore_above": 1024,
|
|
3460
|
+
"type": "keyword"
|
|
3461
|
+
},
|
|
3462
|
+
"file_version": {
|
|
3463
|
+
"ignore_above": 1024,
|
|
3464
|
+
"type": "keyword"
|
|
3465
|
+
},
|
|
3466
|
+
"imphash": {
|
|
3467
|
+
"ignore_above": 1024,
|
|
3468
|
+
"type": "keyword"
|
|
3469
|
+
},
|
|
3470
|
+
"original_file_name": {
|
|
3471
|
+
"ignore_above": 1024,
|
|
3472
|
+
"type": "keyword"
|
|
3473
|
+
},
|
|
3474
|
+
"product": {
|
|
3475
|
+
"ignore_above": 1024,
|
|
3476
|
+
"type": "keyword"
|
|
3477
|
+
}
|
|
3478
|
+
}
|
|
3479
|
+
},
|
|
3480
|
+
"size": {
|
|
3481
|
+
"type": "long"
|
|
3482
|
+
},
|
|
3483
|
+
"target_path": {
|
|
3484
|
+
"fields": {
|
|
3485
|
+
"text": {
|
|
3486
|
+
"type": "match_only_text"
|
|
3487
|
+
}
|
|
3488
|
+
},
|
|
3489
|
+
"ignore_above": 1024,
|
|
3490
|
+
"type": "keyword"
|
|
3491
|
+
},
|
|
3492
|
+
"type": {
|
|
3493
|
+
"ignore_above": 1024,
|
|
3494
|
+
"type": "keyword"
|
|
3495
|
+
},
|
|
3496
|
+
"uid": {
|
|
3497
|
+
"ignore_above": 1024,
|
|
3498
|
+
"type": "keyword"
|
|
3499
|
+
},
|
|
3500
|
+
"x509": {
|
|
3501
|
+
"properties": {
|
|
3502
|
+
"alternative_names": {
|
|
3503
|
+
"ignore_above": 1024,
|
|
3504
|
+
"type": "keyword"
|
|
3505
|
+
},
|
|
3506
|
+
"issuer": {
|
|
3507
|
+
"properties": {
|
|
3508
|
+
"common_name": {
|
|
3509
|
+
"ignore_above": 1024,
|
|
3510
|
+
"type": "keyword"
|
|
3511
|
+
},
|
|
3512
|
+
"country": {
|
|
3513
|
+
"ignore_above": 1024,
|
|
3514
|
+
"type": "keyword"
|
|
3515
|
+
},
|
|
3516
|
+
"distinguished_name": {
|
|
3517
|
+
"ignore_above": 1024,
|
|
3518
|
+
"type": "keyword"
|
|
3519
|
+
},
|
|
3520
|
+
"locality": {
|
|
3521
|
+
"ignore_above": 1024,
|
|
3522
|
+
"type": "keyword"
|
|
3523
|
+
},
|
|
3524
|
+
"organization": {
|
|
3525
|
+
"ignore_above": 1024,
|
|
3526
|
+
"type": "keyword"
|
|
3527
|
+
},
|
|
3528
|
+
"organizational_unit": {
|
|
3529
|
+
"ignore_above": 1024,
|
|
3530
|
+
"type": "keyword"
|
|
3531
|
+
},
|
|
3532
|
+
"state_or_province": {
|
|
3533
|
+
"ignore_above": 1024,
|
|
3534
|
+
"type": "keyword"
|
|
3535
|
+
}
|
|
3536
|
+
}
|
|
3537
|
+
},
|
|
3538
|
+
"not_after": {
|
|
3539
|
+
"type": "date"
|
|
3540
|
+
},
|
|
3541
|
+
"not_before": {
|
|
3542
|
+
"type": "date"
|
|
3543
|
+
},
|
|
3544
|
+
"public_key_algorithm": {
|
|
3545
|
+
"ignore_above": 1024,
|
|
3546
|
+
"type": "keyword"
|
|
3547
|
+
},
|
|
3548
|
+
"public_key_curve": {
|
|
3549
|
+
"ignore_above": 1024,
|
|
3550
|
+
"type": "keyword"
|
|
3551
|
+
},
|
|
3552
|
+
"public_key_exponent": {
|
|
3553
|
+
"doc_values": false,
|
|
3554
|
+
"index": false,
|
|
3555
|
+
"type": "long"
|
|
3556
|
+
},
|
|
3557
|
+
"public_key_size": {
|
|
3558
|
+
"type": "long"
|
|
3559
|
+
},
|
|
3560
|
+
"serial_number": {
|
|
3561
|
+
"ignore_above": 1024,
|
|
3562
|
+
"type": "keyword"
|
|
3563
|
+
},
|
|
3564
|
+
"signature_algorithm": {
|
|
3565
|
+
"ignore_above": 1024,
|
|
3566
|
+
"type": "keyword"
|
|
3567
|
+
},
|
|
3568
|
+
"subject": {
|
|
3569
|
+
"properties": {
|
|
3570
|
+
"common_name": {
|
|
3571
|
+
"ignore_above": 1024,
|
|
3572
|
+
"type": "keyword"
|
|
3573
|
+
},
|
|
3574
|
+
"country": {
|
|
3575
|
+
"ignore_above": 1024,
|
|
3576
|
+
"type": "keyword"
|
|
3577
|
+
},
|
|
3578
|
+
"distinguished_name": {
|
|
3579
|
+
"ignore_above": 1024,
|
|
3580
|
+
"type": "keyword"
|
|
3581
|
+
},
|
|
3582
|
+
"locality": {
|
|
3583
|
+
"ignore_above": 1024,
|
|
3584
|
+
"type": "keyword"
|
|
3585
|
+
},
|
|
3586
|
+
"organization": {
|
|
3587
|
+
"ignore_above": 1024,
|
|
3588
|
+
"type": "keyword"
|
|
3589
|
+
},
|
|
3590
|
+
"organizational_unit": {
|
|
3591
|
+
"ignore_above": 1024,
|
|
3592
|
+
"type": "keyword"
|
|
3593
|
+
},
|
|
3594
|
+
"state_or_province": {
|
|
3595
|
+
"ignore_above": 1024,
|
|
3596
|
+
"type": "keyword"
|
|
3597
|
+
}
|
|
3598
|
+
}
|
|
3599
|
+
},
|
|
3600
|
+
"version_number": {
|
|
3601
|
+
"ignore_above": 1024,
|
|
3602
|
+
"type": "keyword"
|
|
3603
|
+
}
|
|
3604
|
+
}
|
|
3605
|
+
}
|
|
3606
|
+
}
|
|
3607
|
+
},
|
|
3608
|
+
"first_seen": {
|
|
3609
|
+
"type": "date"
|
|
3610
|
+
},
|
|
3611
|
+
"geo": {
|
|
3612
|
+
"properties": {
|
|
3613
|
+
"city_name": {
|
|
3614
|
+
"ignore_above": 1024,
|
|
3615
|
+
"type": "keyword"
|
|
3616
|
+
},
|
|
3617
|
+
"continent_code": {
|
|
3618
|
+
"ignore_above": 1024,
|
|
3619
|
+
"type": "keyword"
|
|
3620
|
+
},
|
|
3621
|
+
"continent_name": {
|
|
3622
|
+
"ignore_above": 1024,
|
|
3623
|
+
"type": "keyword"
|
|
3624
|
+
},
|
|
3625
|
+
"country_iso_code": {
|
|
3626
|
+
"ignore_above": 1024,
|
|
3627
|
+
"type": "keyword"
|
|
3628
|
+
},
|
|
3629
|
+
"country_name": {
|
|
3630
|
+
"ignore_above": 1024,
|
|
3631
|
+
"type": "keyword"
|
|
3632
|
+
},
|
|
3633
|
+
"location": {
|
|
3634
|
+
"type": "geo_point"
|
|
3635
|
+
},
|
|
3636
|
+
"name": {
|
|
3637
|
+
"ignore_above": 1024,
|
|
3638
|
+
"type": "keyword"
|
|
3639
|
+
},
|
|
3640
|
+
"postal_code": {
|
|
3641
|
+
"ignore_above": 1024,
|
|
3642
|
+
"type": "keyword"
|
|
3643
|
+
},
|
|
3644
|
+
"region_iso_code": {
|
|
3645
|
+
"ignore_above": 1024,
|
|
3646
|
+
"type": "keyword"
|
|
3647
|
+
},
|
|
3648
|
+
"region_name": {
|
|
3649
|
+
"ignore_above": 1024,
|
|
3650
|
+
"type": "keyword"
|
|
3651
|
+
},
|
|
3652
|
+
"timezone": {
|
|
3653
|
+
"ignore_above": 1024,
|
|
3654
|
+
"type": "keyword"
|
|
3655
|
+
}
|
|
3656
|
+
}
|
|
3657
|
+
},
|
|
3658
|
+
"ip": {
|
|
3659
|
+
"type": "ip"
|
|
3660
|
+
},
|
|
3661
|
+
"last_seen": {
|
|
3662
|
+
"type": "date"
|
|
3663
|
+
},
|
|
3664
|
+
"marking": {
|
|
3665
|
+
"properties": {
|
|
3666
|
+
"tlp": {
|
|
3667
|
+
"ignore_above": 1024,
|
|
3668
|
+
"type": "keyword"
|
|
3669
|
+
}
|
|
3670
|
+
}
|
|
3671
|
+
},
|
|
3672
|
+
"modified_at": {
|
|
3673
|
+
"type": "date"
|
|
3674
|
+
},
|
|
3675
|
+
"port": {
|
|
3676
|
+
"type": "long"
|
|
3677
|
+
},
|
|
3678
|
+
"provider": {
|
|
3679
|
+
"ignore_above": 1024,
|
|
3680
|
+
"type": "keyword"
|
|
3681
|
+
},
|
|
3682
|
+
"reference": {
|
|
3683
|
+
"ignore_above": 1024,
|
|
3684
|
+
"type": "keyword"
|
|
3685
|
+
},
|
|
3686
|
+
"registry": {
|
|
3687
|
+
"properties": {
|
|
3688
|
+
"data": {
|
|
3689
|
+
"properties": {
|
|
3690
|
+
"bytes": {
|
|
3691
|
+
"ignore_above": 1024,
|
|
3692
|
+
"type": "keyword"
|
|
3693
|
+
},
|
|
3694
|
+
"strings": {
|
|
3695
|
+
"type": "wildcard"
|
|
3696
|
+
},
|
|
3697
|
+
"type": {
|
|
3698
|
+
"ignore_above": 1024,
|
|
3699
|
+
"type": "keyword"
|
|
3700
|
+
}
|
|
3701
|
+
}
|
|
3702
|
+
},
|
|
3703
|
+
"hive": {
|
|
3704
|
+
"ignore_above": 1024,
|
|
3705
|
+
"type": "keyword"
|
|
3706
|
+
},
|
|
3707
|
+
"key": {
|
|
3708
|
+
"ignore_above": 1024,
|
|
3709
|
+
"type": "keyword"
|
|
3710
|
+
},
|
|
3711
|
+
"path": {
|
|
3712
|
+
"ignore_above": 1024,
|
|
3713
|
+
"type": "keyword"
|
|
3714
|
+
},
|
|
3715
|
+
"value": {
|
|
3716
|
+
"ignore_above": 1024,
|
|
3717
|
+
"type": "keyword"
|
|
3718
|
+
}
|
|
3719
|
+
}
|
|
3720
|
+
},
|
|
3721
|
+
"scanner_stats": {
|
|
3722
|
+
"type": "long"
|
|
3723
|
+
},
|
|
3724
|
+
"sightings": {
|
|
3725
|
+
"type": "long"
|
|
3726
|
+
},
|
|
3727
|
+
"type": {
|
|
3728
|
+
"ignore_above": 1024,
|
|
3729
|
+
"type": "keyword"
|
|
3730
|
+
},
|
|
3731
|
+
"url": {
|
|
3732
|
+
"properties": {
|
|
3733
|
+
"domain": {
|
|
3734
|
+
"ignore_above": 1024,
|
|
3735
|
+
"type": "keyword"
|
|
3736
|
+
},
|
|
3737
|
+
"extension": {
|
|
3738
|
+
"ignore_above": 1024,
|
|
3739
|
+
"type": "keyword"
|
|
3740
|
+
},
|
|
3741
|
+
"fragment": {
|
|
3742
|
+
"ignore_above": 1024,
|
|
3743
|
+
"type": "keyword"
|
|
3744
|
+
},
|
|
3745
|
+
"full": {
|
|
3746
|
+
"fields": {
|
|
3747
|
+
"text": {
|
|
3748
|
+
"type": "match_only_text"
|
|
3749
|
+
}
|
|
3750
|
+
},
|
|
3751
|
+
"type": "wildcard"
|
|
3752
|
+
},
|
|
3753
|
+
"original": {
|
|
3754
|
+
"fields": {
|
|
3755
|
+
"text": {
|
|
3756
|
+
"type": "match_only_text"
|
|
3757
|
+
}
|
|
3758
|
+
},
|
|
3759
|
+
"type": "wildcard"
|
|
3760
|
+
},
|
|
3761
|
+
"password": {
|
|
3762
|
+
"ignore_above": 1024,
|
|
3763
|
+
"type": "keyword"
|
|
3764
|
+
},
|
|
3765
|
+
"path": {
|
|
3766
|
+
"type": "wildcard"
|
|
3767
|
+
},
|
|
3768
|
+
"port": {
|
|
3769
|
+
"type": "long"
|
|
3770
|
+
},
|
|
3771
|
+
"query": {
|
|
3772
|
+
"ignore_above": 1024,
|
|
3773
|
+
"type": "keyword"
|
|
3774
|
+
},
|
|
3775
|
+
"registered_domain": {
|
|
3776
|
+
"ignore_above": 1024,
|
|
3777
|
+
"type": "keyword"
|
|
3778
|
+
},
|
|
3779
|
+
"scheme": {
|
|
3780
|
+
"ignore_above": 1024,
|
|
3781
|
+
"type": "keyword"
|
|
3782
|
+
},
|
|
3783
|
+
"subdomain": {
|
|
3784
|
+
"ignore_above": 1024,
|
|
3785
|
+
"type": "keyword"
|
|
3786
|
+
},
|
|
3787
|
+
"top_level_domain": {
|
|
3788
|
+
"ignore_above": 1024,
|
|
3789
|
+
"type": "keyword"
|
|
3790
|
+
},
|
|
3791
|
+
"username": {
|
|
3792
|
+
"ignore_above": 1024,
|
|
3793
|
+
"type": "keyword"
|
|
3794
|
+
}
|
|
3795
|
+
}
|
|
3796
|
+
},
|
|
3797
|
+
"x509": {
|
|
3798
|
+
"properties": {
|
|
3799
|
+
"alternative_names": {
|
|
3800
|
+
"ignore_above": 1024,
|
|
3801
|
+
"type": "keyword"
|
|
3802
|
+
},
|
|
3803
|
+
"issuer": {
|
|
3804
|
+
"properties": {
|
|
3805
|
+
"common_name": {
|
|
3806
|
+
"ignore_above": 1024,
|
|
3807
|
+
"type": "keyword"
|
|
3808
|
+
},
|
|
3809
|
+
"country": {
|
|
3810
|
+
"ignore_above": 1024,
|
|
3811
|
+
"type": "keyword"
|
|
3812
|
+
},
|
|
3813
|
+
"distinguished_name": {
|
|
3814
|
+
"ignore_above": 1024,
|
|
3815
|
+
"type": "keyword"
|
|
3816
|
+
},
|
|
3817
|
+
"locality": {
|
|
3818
|
+
"ignore_above": 1024,
|
|
3819
|
+
"type": "keyword"
|
|
3820
|
+
},
|
|
3821
|
+
"organization": {
|
|
3822
|
+
"ignore_above": 1024,
|
|
3823
|
+
"type": "keyword"
|
|
3824
|
+
},
|
|
3825
|
+
"organizational_unit": {
|
|
3826
|
+
"ignore_above": 1024,
|
|
3827
|
+
"type": "keyword"
|
|
3828
|
+
},
|
|
3829
|
+
"state_or_province": {
|
|
3830
|
+
"ignore_above": 1024,
|
|
3831
|
+
"type": "keyword"
|
|
3832
|
+
}
|
|
3833
|
+
}
|
|
3834
|
+
},
|
|
3835
|
+
"not_after": {
|
|
3836
|
+
"type": "date"
|
|
3837
|
+
},
|
|
3838
|
+
"not_before": {
|
|
3839
|
+
"type": "date"
|
|
3840
|
+
},
|
|
3841
|
+
"public_key_algorithm": {
|
|
3842
|
+
"ignore_above": 1024,
|
|
3843
|
+
"type": "keyword"
|
|
3844
|
+
},
|
|
3845
|
+
"public_key_curve": {
|
|
3846
|
+
"ignore_above": 1024,
|
|
3847
|
+
"type": "keyword"
|
|
3848
|
+
},
|
|
3849
|
+
"public_key_exponent": {
|
|
3850
|
+
"doc_values": false,
|
|
3851
|
+
"index": false,
|
|
3852
|
+
"type": "long"
|
|
3853
|
+
},
|
|
3854
|
+
"public_key_size": {
|
|
3855
|
+
"type": "long"
|
|
3856
|
+
},
|
|
3857
|
+
"serial_number": {
|
|
3858
|
+
"ignore_above": 1024,
|
|
3859
|
+
"type": "keyword"
|
|
3860
|
+
},
|
|
3861
|
+
"signature_algorithm": {
|
|
3862
|
+
"ignore_above": 1024,
|
|
3863
|
+
"type": "keyword"
|
|
3864
|
+
},
|
|
3865
|
+
"subject": {
|
|
3866
|
+
"properties": {
|
|
3867
|
+
"common_name": {
|
|
3868
|
+
"ignore_above": 1024,
|
|
3869
|
+
"type": "keyword"
|
|
3870
|
+
},
|
|
3871
|
+
"country": {
|
|
3872
|
+
"ignore_above": 1024,
|
|
3873
|
+
"type": "keyword"
|
|
3874
|
+
},
|
|
3875
|
+
"distinguished_name": {
|
|
3876
|
+
"ignore_above": 1024,
|
|
3877
|
+
"type": "keyword"
|
|
3878
|
+
},
|
|
3879
|
+
"locality": {
|
|
3880
|
+
"ignore_above": 1024,
|
|
3881
|
+
"type": "keyword"
|
|
3882
|
+
},
|
|
3883
|
+
"organization": {
|
|
3884
|
+
"ignore_above": 1024,
|
|
3885
|
+
"type": "keyword"
|
|
3886
|
+
},
|
|
3887
|
+
"organizational_unit": {
|
|
3888
|
+
"ignore_above": 1024,
|
|
3889
|
+
"type": "keyword"
|
|
3890
|
+
},
|
|
3891
|
+
"state_or_province": {
|
|
3892
|
+
"ignore_above": 1024,
|
|
3893
|
+
"type": "keyword"
|
|
3894
|
+
}
|
|
3895
|
+
}
|
|
3896
|
+
},
|
|
3897
|
+
"version_number": {
|
|
3898
|
+
"ignore_above": 1024,
|
|
3899
|
+
"type": "keyword"
|
|
3900
|
+
}
|
|
3901
|
+
}
|
|
3902
|
+
}
|
|
3903
|
+
},
|
|
3904
|
+
"type": "object"
|
|
3905
|
+
},
|
|
3906
|
+
"matched": {
|
|
3907
|
+
"properties": {
|
|
3908
|
+
"atomic": {
|
|
3909
|
+
"ignore_above": 1024,
|
|
3910
|
+
"type": "keyword"
|
|
3911
|
+
},
|
|
3912
|
+
"field": {
|
|
3913
|
+
"ignore_above": 1024,
|
|
3914
|
+
"type": "keyword"
|
|
3915
|
+
},
|
|
3916
|
+
"id": {
|
|
3917
|
+
"ignore_above": 1024,
|
|
3918
|
+
"type": "keyword"
|
|
3919
|
+
},
|
|
3920
|
+
"index": {
|
|
3921
|
+
"ignore_above": 1024,
|
|
3922
|
+
"type": "keyword"
|
|
3923
|
+
},
|
|
3924
|
+
"type": {
|
|
3925
|
+
"ignore_above": 1024,
|
|
3926
|
+
"type": "keyword"
|
|
3927
|
+
}
|
|
3928
|
+
}
|
|
3929
|
+
}
|
|
3930
|
+
},
|
|
3931
|
+
"type": "nested"
|
|
3932
|
+
},
|
|
3933
|
+
"framework": {
|
|
3934
|
+
"ignore_above": 1024,
|
|
3935
|
+
"type": "keyword"
|
|
3936
|
+
},
|
|
3937
|
+
"group": {
|
|
3938
|
+
"properties": {
|
|
3939
|
+
"alias": {
|
|
3940
|
+
"ignore_above": 1024,
|
|
3941
|
+
"type": "keyword"
|
|
3942
|
+
},
|
|
3943
|
+
"id": {
|
|
3944
|
+
"ignore_above": 1024,
|
|
3945
|
+
"type": "keyword"
|
|
3946
|
+
},
|
|
3947
|
+
"name": {
|
|
3948
|
+
"ignore_above": 1024,
|
|
3949
|
+
"type": "keyword"
|
|
3950
|
+
},
|
|
3951
|
+
"reference": {
|
|
3952
|
+
"ignore_above": 1024,
|
|
3953
|
+
"type": "keyword"
|
|
3954
|
+
}
|
|
3955
|
+
}
|
|
3956
|
+
},
|
|
3957
|
+
"indicator": {
|
|
3958
|
+
"properties": {
|
|
3959
|
+
"as": {
|
|
3960
|
+
"properties": {
|
|
3961
|
+
"number": {
|
|
3962
|
+
"type": "long"
|
|
3963
|
+
},
|
|
3964
|
+
"organization": {
|
|
3965
|
+
"properties": {
|
|
3966
|
+
"name": {
|
|
3967
|
+
"fields": {
|
|
3968
|
+
"text": {
|
|
3969
|
+
"type": "match_only_text"
|
|
3970
|
+
}
|
|
3971
|
+
},
|
|
3972
|
+
"ignore_above": 1024,
|
|
3973
|
+
"type": "keyword"
|
|
3974
|
+
}
|
|
3975
|
+
}
|
|
3976
|
+
}
|
|
3977
|
+
}
|
|
3978
|
+
},
|
|
3979
|
+
"confidence": {
|
|
3980
|
+
"ignore_above": 1024,
|
|
3981
|
+
"type": "keyword"
|
|
3982
|
+
},
|
|
3983
|
+
"description": {
|
|
3984
|
+
"ignore_above": 1024,
|
|
3985
|
+
"type": "keyword"
|
|
3986
|
+
},
|
|
3987
|
+
"email": {
|
|
3988
|
+
"properties": {
|
|
3989
|
+
"address": {
|
|
3990
|
+
"ignore_above": 1024,
|
|
3991
|
+
"type": "keyword"
|
|
3992
|
+
}
|
|
3993
|
+
}
|
|
3994
|
+
},
|
|
3995
|
+
"file": {
|
|
3996
|
+
"properties": {
|
|
3997
|
+
"accessed": {
|
|
3998
|
+
"type": "date"
|
|
3999
|
+
},
|
|
4000
|
+
"attributes": {
|
|
4001
|
+
"ignore_above": 1024,
|
|
4002
|
+
"type": "keyword"
|
|
4003
|
+
},
|
|
4004
|
+
"code_signature": {
|
|
4005
|
+
"properties": {
|
|
4006
|
+
"digest_algorithm": {
|
|
4007
|
+
"ignore_above": 1024,
|
|
4008
|
+
"type": "keyword"
|
|
4009
|
+
},
|
|
4010
|
+
"exists": {
|
|
4011
|
+
"type": "boolean"
|
|
4012
|
+
},
|
|
4013
|
+
"signing_id": {
|
|
4014
|
+
"ignore_above": 1024,
|
|
4015
|
+
"type": "keyword"
|
|
4016
|
+
},
|
|
4017
|
+
"status": {
|
|
4018
|
+
"ignore_above": 1024,
|
|
4019
|
+
"type": "keyword"
|
|
4020
|
+
},
|
|
4021
|
+
"subject_name": {
|
|
4022
|
+
"ignore_above": 1024,
|
|
4023
|
+
"type": "keyword"
|
|
4024
|
+
},
|
|
4025
|
+
"team_id": {
|
|
4026
|
+
"ignore_above": 1024,
|
|
4027
|
+
"type": "keyword"
|
|
4028
|
+
},
|
|
4029
|
+
"timestamp": {
|
|
4030
|
+
"type": "date"
|
|
4031
|
+
},
|
|
4032
|
+
"trusted": {
|
|
4033
|
+
"type": "boolean"
|
|
4034
|
+
},
|
|
4035
|
+
"valid": {
|
|
4036
|
+
"type": "boolean"
|
|
4037
|
+
}
|
|
4038
|
+
}
|
|
4039
|
+
},
|
|
4040
|
+
"created": {
|
|
4041
|
+
"type": "date"
|
|
4042
|
+
},
|
|
4043
|
+
"ctime": {
|
|
4044
|
+
"type": "date"
|
|
4045
|
+
},
|
|
4046
|
+
"device": {
|
|
4047
|
+
"ignore_above": 1024,
|
|
4048
|
+
"type": "keyword"
|
|
4049
|
+
},
|
|
4050
|
+
"directory": {
|
|
4051
|
+
"ignore_above": 1024,
|
|
4052
|
+
"type": "keyword"
|
|
4053
|
+
},
|
|
4054
|
+
"drive_letter": {
|
|
4055
|
+
"ignore_above": 1,
|
|
4056
|
+
"type": "keyword"
|
|
4057
|
+
},
|
|
4058
|
+
"elf": {
|
|
4059
|
+
"properties": {
|
|
4060
|
+
"architecture": {
|
|
4061
|
+
"ignore_above": 1024,
|
|
4062
|
+
"type": "keyword"
|
|
4063
|
+
},
|
|
4064
|
+
"byte_order": {
|
|
4065
|
+
"ignore_above": 1024,
|
|
4066
|
+
"type": "keyword"
|
|
4067
|
+
},
|
|
4068
|
+
"cpu_type": {
|
|
4069
|
+
"ignore_above": 1024,
|
|
4070
|
+
"type": "keyword"
|
|
4071
|
+
},
|
|
4072
|
+
"creation_date": {
|
|
4073
|
+
"type": "date"
|
|
4074
|
+
},
|
|
4075
|
+
"exports": {
|
|
4076
|
+
"type": "flattened"
|
|
4077
|
+
},
|
|
4078
|
+
"header": {
|
|
4079
|
+
"properties": {
|
|
4080
|
+
"abi_version": {
|
|
4081
|
+
"ignore_above": 1024,
|
|
4082
|
+
"type": "keyword"
|
|
4083
|
+
},
|
|
4084
|
+
"class": {
|
|
4085
|
+
"ignore_above": 1024,
|
|
4086
|
+
"type": "keyword"
|
|
4087
|
+
},
|
|
4088
|
+
"data": {
|
|
4089
|
+
"ignore_above": 1024,
|
|
4090
|
+
"type": "keyword"
|
|
4091
|
+
},
|
|
4092
|
+
"entrypoint": {
|
|
4093
|
+
"type": "long"
|
|
4094
|
+
},
|
|
4095
|
+
"object_version": {
|
|
4096
|
+
"ignore_above": 1024,
|
|
4097
|
+
"type": "keyword"
|
|
4098
|
+
},
|
|
4099
|
+
"os_abi": {
|
|
4100
|
+
"ignore_above": 1024,
|
|
4101
|
+
"type": "keyword"
|
|
4102
|
+
},
|
|
4103
|
+
"type": {
|
|
4104
|
+
"ignore_above": 1024,
|
|
4105
|
+
"type": "keyword"
|
|
4106
|
+
},
|
|
4107
|
+
"version": {
|
|
4108
|
+
"ignore_above": 1024,
|
|
4109
|
+
"type": "keyword"
|
|
4110
|
+
}
|
|
4111
|
+
}
|
|
4112
|
+
},
|
|
4113
|
+
"imports": {
|
|
4114
|
+
"type": "flattened"
|
|
4115
|
+
},
|
|
4116
|
+
"sections": {
|
|
4117
|
+
"properties": {
|
|
4118
|
+
"chi2": {
|
|
4119
|
+
"type": "long"
|
|
4120
|
+
},
|
|
4121
|
+
"entropy": {
|
|
4122
|
+
"type": "long"
|
|
4123
|
+
},
|
|
4124
|
+
"flags": {
|
|
4125
|
+
"ignore_above": 1024,
|
|
4126
|
+
"type": "keyword"
|
|
4127
|
+
},
|
|
4128
|
+
"name": {
|
|
4129
|
+
"ignore_above": 1024,
|
|
4130
|
+
"type": "keyword"
|
|
4131
|
+
},
|
|
4132
|
+
"physical_offset": {
|
|
4133
|
+
"ignore_above": 1024,
|
|
4134
|
+
"type": "keyword"
|
|
4135
|
+
},
|
|
4136
|
+
"physical_size": {
|
|
4137
|
+
"type": "long"
|
|
4138
|
+
},
|
|
4139
|
+
"type": {
|
|
4140
|
+
"ignore_above": 1024,
|
|
4141
|
+
"type": "keyword"
|
|
4142
|
+
},
|
|
4143
|
+
"virtual_address": {
|
|
4144
|
+
"type": "long"
|
|
4145
|
+
},
|
|
4146
|
+
"virtual_size": {
|
|
4147
|
+
"type": "long"
|
|
4148
|
+
}
|
|
4149
|
+
},
|
|
4150
|
+
"type": "nested"
|
|
4151
|
+
},
|
|
4152
|
+
"segments": {
|
|
4153
|
+
"properties": {
|
|
4154
|
+
"sections": {
|
|
4155
|
+
"ignore_above": 1024,
|
|
4156
|
+
"type": "keyword"
|
|
4157
|
+
},
|
|
4158
|
+
"type": {
|
|
4159
|
+
"ignore_above": 1024,
|
|
4160
|
+
"type": "keyword"
|
|
4161
|
+
}
|
|
4162
|
+
},
|
|
4163
|
+
"type": "nested"
|
|
4164
|
+
},
|
|
4165
|
+
"shared_libraries": {
|
|
4166
|
+
"ignore_above": 1024,
|
|
4167
|
+
"type": "keyword"
|
|
4168
|
+
},
|
|
4169
|
+
"telfhash": {
|
|
4170
|
+
"ignore_above": 1024,
|
|
4171
|
+
"type": "keyword"
|
|
4172
|
+
}
|
|
4173
|
+
}
|
|
4174
|
+
},
|
|
4175
|
+
"extension": {
|
|
4176
|
+
"ignore_above": 1024,
|
|
4177
|
+
"type": "keyword"
|
|
4178
|
+
},
|
|
4179
|
+
"fork_name": {
|
|
4180
|
+
"ignore_above": 1024,
|
|
4181
|
+
"type": "keyword"
|
|
4182
|
+
},
|
|
4183
|
+
"gid": {
|
|
4184
|
+
"ignore_above": 1024,
|
|
4185
|
+
"type": "keyword"
|
|
4186
|
+
},
|
|
4187
|
+
"group": {
|
|
4188
|
+
"ignore_above": 1024,
|
|
4189
|
+
"type": "keyword"
|
|
4190
|
+
},
|
|
4191
|
+
"hash": {
|
|
4192
|
+
"properties": {
|
|
4193
|
+
"md5": {
|
|
4194
|
+
"ignore_above": 1024,
|
|
4195
|
+
"type": "keyword"
|
|
4196
|
+
},
|
|
4197
|
+
"sha1": {
|
|
4198
|
+
"ignore_above": 1024,
|
|
4199
|
+
"type": "keyword"
|
|
4200
|
+
},
|
|
4201
|
+
"sha256": {
|
|
4202
|
+
"ignore_above": 1024,
|
|
4203
|
+
"type": "keyword"
|
|
4204
|
+
},
|
|
4205
|
+
"sha512": {
|
|
4206
|
+
"ignore_above": 1024,
|
|
4207
|
+
"type": "keyword"
|
|
4208
|
+
},
|
|
4209
|
+
"ssdeep": {
|
|
4210
|
+
"ignore_above": 1024,
|
|
4211
|
+
"type": "keyword"
|
|
4212
|
+
}
|
|
4213
|
+
}
|
|
4214
|
+
},
|
|
4215
|
+
"inode": {
|
|
4216
|
+
"ignore_above": 1024,
|
|
4217
|
+
"type": "keyword"
|
|
4218
|
+
},
|
|
4219
|
+
"mime_type": {
|
|
4220
|
+
"ignore_above": 1024,
|
|
4221
|
+
"type": "keyword"
|
|
4222
|
+
},
|
|
4223
|
+
"mode": {
|
|
4224
|
+
"ignore_above": 1024,
|
|
4225
|
+
"type": "keyword"
|
|
4226
|
+
},
|
|
4227
|
+
"mtime": {
|
|
4228
|
+
"type": "date"
|
|
4229
|
+
},
|
|
4230
|
+
"name": {
|
|
4231
|
+
"ignore_above": 1024,
|
|
4232
|
+
"type": "keyword"
|
|
4233
|
+
},
|
|
4234
|
+
"owner": {
|
|
4235
|
+
"ignore_above": 1024,
|
|
4236
|
+
"type": "keyword"
|
|
4237
|
+
},
|
|
4238
|
+
"path": {
|
|
4239
|
+
"fields": {
|
|
4240
|
+
"text": {
|
|
4241
|
+
"type": "match_only_text"
|
|
4242
|
+
}
|
|
4243
|
+
},
|
|
4244
|
+
"ignore_above": 1024,
|
|
4245
|
+
"type": "keyword"
|
|
4246
|
+
},
|
|
4247
|
+
"pe": {
|
|
4248
|
+
"properties": {
|
|
4249
|
+
"architecture": {
|
|
4250
|
+
"ignore_above": 1024,
|
|
4251
|
+
"type": "keyword"
|
|
4252
|
+
},
|
|
4253
|
+
"company": {
|
|
4254
|
+
"ignore_above": 1024,
|
|
4255
|
+
"type": "keyword"
|
|
4256
|
+
},
|
|
4257
|
+
"description": {
|
|
4258
|
+
"ignore_above": 1024,
|
|
4259
|
+
"type": "keyword"
|
|
4260
|
+
},
|
|
4261
|
+
"file_version": {
|
|
4262
|
+
"ignore_above": 1024,
|
|
4263
|
+
"type": "keyword"
|
|
4264
|
+
},
|
|
4265
|
+
"imphash": {
|
|
4266
|
+
"ignore_above": 1024,
|
|
4267
|
+
"type": "keyword"
|
|
4268
|
+
},
|
|
4269
|
+
"original_file_name": {
|
|
4270
|
+
"ignore_above": 1024,
|
|
4271
|
+
"type": "keyword"
|
|
4272
|
+
},
|
|
4273
|
+
"product": {
|
|
4274
|
+
"ignore_above": 1024,
|
|
4275
|
+
"type": "keyword"
|
|
4276
|
+
}
|
|
4277
|
+
}
|
|
4278
|
+
},
|
|
4279
|
+
"size": {
|
|
4280
|
+
"type": "long"
|
|
4281
|
+
},
|
|
4282
|
+
"target_path": {
|
|
4283
|
+
"fields": {
|
|
4284
|
+
"text": {
|
|
4285
|
+
"type": "match_only_text"
|
|
4286
|
+
}
|
|
4287
|
+
},
|
|
4288
|
+
"ignore_above": 1024,
|
|
4289
|
+
"type": "keyword"
|
|
4290
|
+
},
|
|
4291
|
+
"type": {
|
|
4292
|
+
"ignore_above": 1024,
|
|
4293
|
+
"type": "keyword"
|
|
4294
|
+
},
|
|
4295
|
+
"uid": {
|
|
4296
|
+
"ignore_above": 1024,
|
|
4297
|
+
"type": "keyword"
|
|
4298
|
+
},
|
|
4299
|
+
"x509": {
|
|
4300
|
+
"properties": {
|
|
4301
|
+
"alternative_names": {
|
|
4302
|
+
"ignore_above": 1024,
|
|
4303
|
+
"type": "keyword"
|
|
4304
|
+
},
|
|
4305
|
+
"issuer": {
|
|
4306
|
+
"properties": {
|
|
4307
|
+
"common_name": {
|
|
4308
|
+
"ignore_above": 1024,
|
|
4309
|
+
"type": "keyword"
|
|
4310
|
+
},
|
|
4311
|
+
"country": {
|
|
4312
|
+
"ignore_above": 1024,
|
|
4313
|
+
"type": "keyword"
|
|
4314
|
+
},
|
|
4315
|
+
"distinguished_name": {
|
|
4316
|
+
"ignore_above": 1024,
|
|
4317
|
+
"type": "keyword"
|
|
4318
|
+
},
|
|
4319
|
+
"locality": {
|
|
4320
|
+
"ignore_above": 1024,
|
|
4321
|
+
"type": "keyword"
|
|
4322
|
+
},
|
|
4323
|
+
"organization": {
|
|
4324
|
+
"ignore_above": 1024,
|
|
4325
|
+
"type": "keyword"
|
|
4326
|
+
},
|
|
4327
|
+
"organizational_unit": {
|
|
4328
|
+
"ignore_above": 1024,
|
|
4329
|
+
"type": "keyword"
|
|
4330
|
+
},
|
|
4331
|
+
"state_or_province": {
|
|
4332
|
+
"ignore_above": 1024,
|
|
4333
|
+
"type": "keyword"
|
|
4334
|
+
}
|
|
4335
|
+
}
|
|
4336
|
+
},
|
|
4337
|
+
"not_after": {
|
|
4338
|
+
"type": "date"
|
|
4339
|
+
},
|
|
4340
|
+
"not_before": {
|
|
4341
|
+
"type": "date"
|
|
4342
|
+
},
|
|
4343
|
+
"public_key_algorithm": {
|
|
4344
|
+
"ignore_above": 1024,
|
|
4345
|
+
"type": "keyword"
|
|
4346
|
+
},
|
|
4347
|
+
"public_key_curve": {
|
|
4348
|
+
"ignore_above": 1024,
|
|
4349
|
+
"type": "keyword"
|
|
4350
|
+
},
|
|
4351
|
+
"public_key_exponent": {
|
|
4352
|
+
"doc_values": false,
|
|
4353
|
+
"index": false,
|
|
4354
|
+
"type": "long"
|
|
4355
|
+
},
|
|
4356
|
+
"public_key_size": {
|
|
4357
|
+
"type": "long"
|
|
4358
|
+
},
|
|
4359
|
+
"serial_number": {
|
|
4360
|
+
"ignore_above": 1024,
|
|
4361
|
+
"type": "keyword"
|
|
4362
|
+
},
|
|
4363
|
+
"signature_algorithm": {
|
|
4364
|
+
"ignore_above": 1024,
|
|
4365
|
+
"type": "keyword"
|
|
4366
|
+
},
|
|
4367
|
+
"subject": {
|
|
4368
|
+
"properties": {
|
|
4369
|
+
"common_name": {
|
|
4370
|
+
"ignore_above": 1024,
|
|
4371
|
+
"type": "keyword"
|
|
4372
|
+
},
|
|
4373
|
+
"country": {
|
|
4374
|
+
"ignore_above": 1024,
|
|
4375
|
+
"type": "keyword"
|
|
4376
|
+
},
|
|
4377
|
+
"distinguished_name": {
|
|
4378
|
+
"ignore_above": 1024,
|
|
4379
|
+
"type": "keyword"
|
|
4380
|
+
},
|
|
4381
|
+
"locality": {
|
|
4382
|
+
"ignore_above": 1024,
|
|
4383
|
+
"type": "keyword"
|
|
4384
|
+
},
|
|
4385
|
+
"organization": {
|
|
4386
|
+
"ignore_above": 1024,
|
|
4387
|
+
"type": "keyword"
|
|
4388
|
+
},
|
|
4389
|
+
"organizational_unit": {
|
|
4390
|
+
"ignore_above": 1024,
|
|
4391
|
+
"type": "keyword"
|
|
4392
|
+
},
|
|
4393
|
+
"state_or_province": {
|
|
4394
|
+
"ignore_above": 1024,
|
|
4395
|
+
"type": "keyword"
|
|
4396
|
+
}
|
|
4397
|
+
}
|
|
4398
|
+
},
|
|
4399
|
+
"version_number": {
|
|
4400
|
+
"ignore_above": 1024,
|
|
4401
|
+
"type": "keyword"
|
|
4402
|
+
}
|
|
4403
|
+
}
|
|
4404
|
+
}
|
|
4405
|
+
}
|
|
4406
|
+
},
|
|
4407
|
+
"first_seen": {
|
|
4408
|
+
"type": "date"
|
|
4409
|
+
},
|
|
4410
|
+
"geo": {
|
|
4411
|
+
"properties": {
|
|
4412
|
+
"city_name": {
|
|
4413
|
+
"ignore_above": 1024,
|
|
4414
|
+
"type": "keyword"
|
|
4415
|
+
},
|
|
4416
|
+
"continent_code": {
|
|
4417
|
+
"ignore_above": 1024,
|
|
4418
|
+
"type": "keyword"
|
|
4419
|
+
},
|
|
4420
|
+
"continent_name": {
|
|
4421
|
+
"ignore_above": 1024,
|
|
4422
|
+
"type": "keyword"
|
|
4423
|
+
},
|
|
4424
|
+
"country_iso_code": {
|
|
4425
|
+
"ignore_above": 1024,
|
|
4426
|
+
"type": "keyword"
|
|
4427
|
+
},
|
|
4428
|
+
"country_name": {
|
|
4429
|
+
"ignore_above": 1024,
|
|
4430
|
+
"type": "keyword"
|
|
4431
|
+
},
|
|
4432
|
+
"location": {
|
|
4433
|
+
"type": "geo_point"
|
|
4434
|
+
},
|
|
4435
|
+
"name": {
|
|
4436
|
+
"ignore_above": 1024,
|
|
4437
|
+
"type": "keyword"
|
|
4438
|
+
},
|
|
4439
|
+
"postal_code": {
|
|
4440
|
+
"ignore_above": 1024,
|
|
4441
|
+
"type": "keyword"
|
|
4442
|
+
},
|
|
4443
|
+
"region_iso_code": {
|
|
4444
|
+
"ignore_above": 1024,
|
|
4445
|
+
"type": "keyword"
|
|
4446
|
+
},
|
|
4447
|
+
"region_name": {
|
|
4448
|
+
"ignore_above": 1024,
|
|
4449
|
+
"type": "keyword"
|
|
4450
|
+
},
|
|
4451
|
+
"timezone": {
|
|
4452
|
+
"ignore_above": 1024,
|
|
4453
|
+
"type": "keyword"
|
|
4454
|
+
}
|
|
4455
|
+
}
|
|
4456
|
+
},
|
|
4457
|
+
"ip": {
|
|
4458
|
+
"type": "ip"
|
|
4459
|
+
},
|
|
4460
|
+
"last_seen": {
|
|
4461
|
+
"type": "date"
|
|
4462
|
+
},
|
|
4463
|
+
"marking": {
|
|
4464
|
+
"properties": {
|
|
4465
|
+
"tlp": {
|
|
4466
|
+
"ignore_above": 1024,
|
|
4467
|
+
"type": "keyword"
|
|
4468
|
+
}
|
|
4469
|
+
}
|
|
4470
|
+
},
|
|
4471
|
+
"modified_at": {
|
|
4472
|
+
"type": "date"
|
|
4473
|
+
},
|
|
4474
|
+
"port": {
|
|
4475
|
+
"type": "long"
|
|
4476
|
+
},
|
|
4477
|
+
"provider": {
|
|
4478
|
+
"ignore_above": 1024,
|
|
4479
|
+
"type": "keyword"
|
|
4480
|
+
},
|
|
4481
|
+
"reference": {
|
|
4482
|
+
"ignore_above": 1024,
|
|
4483
|
+
"type": "keyword"
|
|
4484
|
+
},
|
|
4485
|
+
"registry": {
|
|
4486
|
+
"properties": {
|
|
4487
|
+
"data": {
|
|
4488
|
+
"properties": {
|
|
4489
|
+
"bytes": {
|
|
4490
|
+
"ignore_above": 1024,
|
|
4491
|
+
"type": "keyword"
|
|
4492
|
+
},
|
|
4493
|
+
"strings": {
|
|
4494
|
+
"type": "wildcard"
|
|
4495
|
+
},
|
|
4496
|
+
"type": {
|
|
4497
|
+
"ignore_above": 1024,
|
|
4498
|
+
"type": "keyword"
|
|
4499
|
+
}
|
|
4500
|
+
}
|
|
4501
|
+
},
|
|
4502
|
+
"hive": {
|
|
4503
|
+
"ignore_above": 1024,
|
|
4504
|
+
"type": "keyword"
|
|
4505
|
+
},
|
|
4506
|
+
"key": {
|
|
4507
|
+
"ignore_above": 1024,
|
|
4508
|
+
"type": "keyword"
|
|
4509
|
+
},
|
|
4510
|
+
"path": {
|
|
4511
|
+
"ignore_above": 1024,
|
|
4512
|
+
"type": "keyword"
|
|
4513
|
+
},
|
|
4514
|
+
"value": {
|
|
4515
|
+
"ignore_above": 1024,
|
|
4516
|
+
"type": "keyword"
|
|
4517
|
+
}
|
|
4518
|
+
}
|
|
4519
|
+
},
|
|
4520
|
+
"scanner_stats": {
|
|
4521
|
+
"type": "long"
|
|
4522
|
+
},
|
|
4523
|
+
"sightings": {
|
|
4524
|
+
"type": "long"
|
|
4525
|
+
},
|
|
4526
|
+
"type": {
|
|
4527
|
+
"ignore_above": 1024,
|
|
4528
|
+
"type": "keyword"
|
|
4529
|
+
},
|
|
4530
|
+
"url": {
|
|
4531
|
+
"properties": {
|
|
4532
|
+
"domain": {
|
|
4533
|
+
"ignore_above": 1024,
|
|
4534
|
+
"type": "keyword"
|
|
4535
|
+
},
|
|
4536
|
+
"extension": {
|
|
4537
|
+
"ignore_above": 1024,
|
|
4538
|
+
"type": "keyword"
|
|
4539
|
+
},
|
|
4540
|
+
"fragment": {
|
|
4541
|
+
"ignore_above": 1024,
|
|
4542
|
+
"type": "keyword"
|
|
4543
|
+
},
|
|
4544
|
+
"full": {
|
|
4545
|
+
"fields": {
|
|
4546
|
+
"text": {
|
|
4547
|
+
"type": "match_only_text"
|
|
4548
|
+
}
|
|
4549
|
+
},
|
|
4550
|
+
"type": "wildcard"
|
|
4551
|
+
},
|
|
4552
|
+
"original": {
|
|
4553
|
+
"fields": {
|
|
4554
|
+
"text": {
|
|
4555
|
+
"type": "match_only_text"
|
|
4556
|
+
}
|
|
4557
|
+
},
|
|
4558
|
+
"type": "wildcard"
|
|
4559
|
+
},
|
|
4560
|
+
"password": {
|
|
4561
|
+
"ignore_above": 1024,
|
|
4562
|
+
"type": "keyword"
|
|
4563
|
+
},
|
|
4564
|
+
"path": {
|
|
4565
|
+
"type": "wildcard"
|
|
4566
|
+
},
|
|
4567
|
+
"port": {
|
|
4568
|
+
"type": "long"
|
|
4569
|
+
},
|
|
4570
|
+
"query": {
|
|
4571
|
+
"ignore_above": 1024,
|
|
4572
|
+
"type": "keyword"
|
|
4573
|
+
},
|
|
4574
|
+
"registered_domain": {
|
|
4575
|
+
"ignore_above": 1024,
|
|
4576
|
+
"type": "keyword"
|
|
4577
|
+
},
|
|
4578
|
+
"scheme": {
|
|
4579
|
+
"ignore_above": 1024,
|
|
4580
|
+
"type": "keyword"
|
|
4581
|
+
},
|
|
4582
|
+
"subdomain": {
|
|
4583
|
+
"ignore_above": 1024,
|
|
4584
|
+
"type": "keyword"
|
|
4585
|
+
},
|
|
4586
|
+
"top_level_domain": {
|
|
4587
|
+
"ignore_above": 1024,
|
|
4588
|
+
"type": "keyword"
|
|
4589
|
+
},
|
|
4590
|
+
"username": {
|
|
4591
|
+
"ignore_above": 1024,
|
|
4592
|
+
"type": "keyword"
|
|
4593
|
+
}
|
|
4594
|
+
}
|
|
4595
|
+
},
|
|
4596
|
+
"x509": {
|
|
4597
|
+
"properties": {
|
|
4598
|
+
"alternative_names": {
|
|
4599
|
+
"ignore_above": 1024,
|
|
4600
|
+
"type": "keyword"
|
|
4601
|
+
},
|
|
4602
|
+
"issuer": {
|
|
4603
|
+
"properties": {
|
|
4604
|
+
"common_name": {
|
|
4605
|
+
"ignore_above": 1024,
|
|
4606
|
+
"type": "keyword"
|
|
4607
|
+
},
|
|
4608
|
+
"country": {
|
|
4609
|
+
"ignore_above": 1024,
|
|
4610
|
+
"type": "keyword"
|
|
4611
|
+
},
|
|
4612
|
+
"distinguished_name": {
|
|
4613
|
+
"ignore_above": 1024,
|
|
4614
|
+
"type": "keyword"
|
|
4615
|
+
},
|
|
4616
|
+
"locality": {
|
|
4617
|
+
"ignore_above": 1024,
|
|
4618
|
+
"type": "keyword"
|
|
4619
|
+
},
|
|
4620
|
+
"organization": {
|
|
4621
|
+
"ignore_above": 1024,
|
|
4622
|
+
"type": "keyword"
|
|
4623
|
+
},
|
|
4624
|
+
"organizational_unit": {
|
|
4625
|
+
"ignore_above": 1024,
|
|
4626
|
+
"type": "keyword"
|
|
4627
|
+
},
|
|
4628
|
+
"state_or_province": {
|
|
4629
|
+
"ignore_above": 1024,
|
|
4630
|
+
"type": "keyword"
|
|
4631
|
+
}
|
|
4632
|
+
}
|
|
4633
|
+
},
|
|
4634
|
+
"not_after": {
|
|
4635
|
+
"type": "date"
|
|
4636
|
+
},
|
|
4637
|
+
"not_before": {
|
|
4638
|
+
"type": "date"
|
|
4639
|
+
},
|
|
4640
|
+
"public_key_algorithm": {
|
|
4641
|
+
"ignore_above": 1024,
|
|
4642
|
+
"type": "keyword"
|
|
4643
|
+
},
|
|
4644
|
+
"public_key_curve": {
|
|
4645
|
+
"ignore_above": 1024,
|
|
4646
|
+
"type": "keyword"
|
|
4647
|
+
},
|
|
4648
|
+
"public_key_exponent": {
|
|
4649
|
+
"doc_values": false,
|
|
4650
|
+
"index": false,
|
|
4651
|
+
"type": "long"
|
|
4652
|
+
},
|
|
4653
|
+
"public_key_size": {
|
|
4654
|
+
"type": "long"
|
|
4655
|
+
},
|
|
4656
|
+
"serial_number": {
|
|
4657
|
+
"ignore_above": 1024,
|
|
4658
|
+
"type": "keyword"
|
|
4659
|
+
},
|
|
4660
|
+
"signature_algorithm": {
|
|
4661
|
+
"ignore_above": 1024,
|
|
4662
|
+
"type": "keyword"
|
|
4663
|
+
},
|
|
4664
|
+
"subject": {
|
|
4665
|
+
"properties": {
|
|
4666
|
+
"common_name": {
|
|
4667
|
+
"ignore_above": 1024,
|
|
4668
|
+
"type": "keyword"
|
|
4669
|
+
},
|
|
4670
|
+
"country": {
|
|
4671
|
+
"ignore_above": 1024,
|
|
4672
|
+
"type": "keyword"
|
|
4673
|
+
},
|
|
4674
|
+
"distinguished_name": {
|
|
4675
|
+
"ignore_above": 1024,
|
|
4676
|
+
"type": "keyword"
|
|
4677
|
+
},
|
|
4678
|
+
"locality": {
|
|
4679
|
+
"ignore_above": 1024,
|
|
4680
|
+
"type": "keyword"
|
|
4681
|
+
},
|
|
4682
|
+
"organization": {
|
|
4683
|
+
"ignore_above": 1024,
|
|
4684
|
+
"type": "keyword"
|
|
4685
|
+
},
|
|
4686
|
+
"organizational_unit": {
|
|
4687
|
+
"ignore_above": 1024,
|
|
4688
|
+
"type": "keyword"
|
|
4689
|
+
},
|
|
4690
|
+
"state_or_province": {
|
|
4691
|
+
"ignore_above": 1024,
|
|
4692
|
+
"type": "keyword"
|
|
4693
|
+
}
|
|
4694
|
+
}
|
|
4695
|
+
},
|
|
4696
|
+
"version_number": {
|
|
4697
|
+
"ignore_above": 1024,
|
|
4698
|
+
"type": "keyword"
|
|
4699
|
+
}
|
|
4700
|
+
}
|
|
4701
|
+
}
|
|
4702
|
+
}
|
|
4703
|
+
},
|
|
4704
|
+
"software": {
|
|
4705
|
+
"properties": {
|
|
4706
|
+
"alias": {
|
|
4707
|
+
"ignore_above": 1024,
|
|
4708
|
+
"type": "keyword"
|
|
4709
|
+
},
|
|
4710
|
+
"id": {
|
|
4711
|
+
"ignore_above": 1024,
|
|
4712
|
+
"type": "keyword"
|
|
4713
|
+
},
|
|
4714
|
+
"name": {
|
|
4715
|
+
"ignore_above": 1024,
|
|
4716
|
+
"type": "keyword"
|
|
4717
|
+
},
|
|
4718
|
+
"platforms": {
|
|
4719
|
+
"ignore_above": 1024,
|
|
4720
|
+
"type": "keyword"
|
|
4721
|
+
},
|
|
4722
|
+
"reference": {
|
|
4723
|
+
"ignore_above": 1024,
|
|
4724
|
+
"type": "keyword"
|
|
4725
|
+
},
|
|
4726
|
+
"type": {
|
|
4727
|
+
"ignore_above": 1024,
|
|
4728
|
+
"type": "keyword"
|
|
4729
|
+
}
|
|
4730
|
+
}
|
|
4731
|
+
},
|
|
4732
|
+
"tactic": {
|
|
4733
|
+
"properties": {
|
|
4734
|
+
"id": {
|
|
4735
|
+
"ignore_above": 1024,
|
|
4736
|
+
"type": "keyword"
|
|
4737
|
+
},
|
|
4738
|
+
"name": {
|
|
4739
|
+
"ignore_above": 1024,
|
|
4740
|
+
"type": "keyword"
|
|
4741
|
+
},
|
|
4742
|
+
"reference": {
|
|
4743
|
+
"ignore_above": 1024,
|
|
4744
|
+
"type": "keyword"
|
|
4745
|
+
}
|
|
4746
|
+
}
|
|
4747
|
+
},
|
|
4748
|
+
"technique": {
|
|
4749
|
+
"properties": {
|
|
4750
|
+
"id": {
|
|
4751
|
+
"ignore_above": 1024,
|
|
4752
|
+
"type": "keyword"
|
|
4753
|
+
},
|
|
4754
|
+
"name": {
|
|
4755
|
+
"fields": {
|
|
4756
|
+
"text": {
|
|
4757
|
+
"type": "match_only_text"
|
|
4758
|
+
}
|
|
4759
|
+
},
|
|
4760
|
+
"ignore_above": 1024,
|
|
4761
|
+
"type": "keyword"
|
|
4762
|
+
},
|
|
4763
|
+
"reference": {
|
|
4764
|
+
"ignore_above": 1024,
|
|
4765
|
+
"type": "keyword"
|
|
4766
|
+
},
|
|
4767
|
+
"subtechnique": {
|
|
4768
|
+
"properties": {
|
|
4769
|
+
"id": {
|
|
4770
|
+
"ignore_above": 1024,
|
|
4771
|
+
"type": "keyword"
|
|
4772
|
+
},
|
|
4773
|
+
"name": {
|
|
4774
|
+
"fields": {
|
|
4775
|
+
"text": {
|
|
4776
|
+
"type": "match_only_text"
|
|
4777
|
+
}
|
|
4778
|
+
},
|
|
4779
|
+
"ignore_above": 1024,
|
|
4780
|
+
"type": "keyword"
|
|
4781
|
+
},
|
|
4782
|
+
"reference": {
|
|
4783
|
+
"ignore_above": 1024,
|
|
4784
|
+
"type": "keyword"
|
|
4785
|
+
}
|
|
4786
|
+
}
|
|
4787
|
+
}
|
|
4788
|
+
}
|
|
4789
|
+
}
|
|
4790
|
+
}
|
|
4791
|
+
},
|
|
4792
|
+
"tls": {
|
|
4793
|
+
"properties": {
|
|
4794
|
+
"cipher": {
|
|
4795
|
+
"ignore_above": 1024,
|
|
4796
|
+
"type": "keyword"
|
|
4797
|
+
},
|
|
4798
|
+
"client": {
|
|
4799
|
+
"properties": {
|
|
4800
|
+
"certificate": {
|
|
4801
|
+
"ignore_above": 1024,
|
|
4802
|
+
"type": "keyword"
|
|
4803
|
+
},
|
|
4804
|
+
"certificate_chain": {
|
|
4805
|
+
"ignore_above": 1024,
|
|
4806
|
+
"type": "keyword"
|
|
4807
|
+
},
|
|
4808
|
+
"hash": {
|
|
4809
|
+
"properties": {
|
|
4810
|
+
"md5": {
|
|
4811
|
+
"ignore_above": 1024,
|
|
4812
|
+
"type": "keyword"
|
|
4813
|
+
},
|
|
4814
|
+
"sha1": {
|
|
4815
|
+
"ignore_above": 1024,
|
|
4816
|
+
"type": "keyword"
|
|
4817
|
+
},
|
|
4818
|
+
"sha256": {
|
|
4819
|
+
"ignore_above": 1024,
|
|
4820
|
+
"type": "keyword"
|
|
4821
|
+
}
|
|
4822
|
+
}
|
|
4823
|
+
},
|
|
4824
|
+
"issuer": {
|
|
4825
|
+
"ignore_above": 1024,
|
|
4826
|
+
"type": "keyword"
|
|
4827
|
+
},
|
|
4828
|
+
"ja3": {
|
|
4829
|
+
"ignore_above": 1024,
|
|
4830
|
+
"type": "keyword"
|
|
4831
|
+
},
|
|
4832
|
+
"not_after": {
|
|
4833
|
+
"type": "date"
|
|
4834
|
+
},
|
|
4835
|
+
"not_before": {
|
|
4836
|
+
"type": "date"
|
|
4837
|
+
},
|
|
4838
|
+
"server_name": {
|
|
4839
|
+
"ignore_above": 1024,
|
|
4840
|
+
"type": "keyword"
|
|
4841
|
+
},
|
|
4842
|
+
"subject": {
|
|
4843
|
+
"ignore_above": 1024,
|
|
4844
|
+
"type": "keyword"
|
|
4845
|
+
},
|
|
4846
|
+
"supported_ciphers": {
|
|
4847
|
+
"ignore_above": 1024,
|
|
4848
|
+
"type": "keyword"
|
|
4849
|
+
},
|
|
4850
|
+
"x509": {
|
|
4851
|
+
"properties": {
|
|
4852
|
+
"alternative_names": {
|
|
4853
|
+
"ignore_above": 1024,
|
|
4854
|
+
"type": "keyword"
|
|
4855
|
+
},
|
|
4856
|
+
"issuer": {
|
|
4857
|
+
"properties": {
|
|
4858
|
+
"common_name": {
|
|
2934
4859
|
"ignore_above": 1024,
|
|
2935
4860
|
"type": "keyword"
|
|
2936
4861
|
},
|
|
@@ -3239,30 +5164,25 @@
|
|
|
3239
5164
|
"full": {
|
|
3240
5165
|
"fields": {
|
|
3241
5166
|
"text": {
|
|
3242
|
-
"
|
|
3243
|
-
"type": "text"
|
|
5167
|
+
"type": "match_only_text"
|
|
3244
5168
|
}
|
|
3245
5169
|
},
|
|
3246
|
-
"
|
|
3247
|
-
"type": "keyword"
|
|
5170
|
+
"type": "wildcard"
|
|
3248
5171
|
},
|
|
3249
5172
|
"original": {
|
|
3250
5173
|
"fields": {
|
|
3251
5174
|
"text": {
|
|
3252
|
-
"
|
|
3253
|
-
"type": "text"
|
|
5175
|
+
"type": "match_only_text"
|
|
3254
5176
|
}
|
|
3255
5177
|
},
|
|
3256
|
-
"
|
|
3257
|
-
"type": "keyword"
|
|
5178
|
+
"type": "wildcard"
|
|
3258
5179
|
},
|
|
3259
5180
|
"password": {
|
|
3260
5181
|
"ignore_above": 1024,
|
|
3261
5182
|
"type": "keyword"
|
|
3262
5183
|
},
|
|
3263
5184
|
"path": {
|
|
3264
|
-
"
|
|
3265
|
-
"type": "keyword"
|
|
5185
|
+
"type": "wildcard"
|
|
3266
5186
|
},
|
|
3267
5187
|
"port": {
|
|
3268
5188
|
"type": "long"
|
|
@@ -3308,8 +5228,7 @@
|
|
|
3308
5228
|
"full_name": {
|
|
3309
5229
|
"fields": {
|
|
3310
5230
|
"text": {
|
|
3311
|
-
"
|
|
3312
|
-
"type": "text"
|
|
5231
|
+
"type": "match_only_text"
|
|
3313
5232
|
}
|
|
3314
5233
|
},
|
|
3315
5234
|
"ignore_above": 1024,
|
|
@@ -3342,8 +5261,7 @@
|
|
|
3342
5261
|
"name": {
|
|
3343
5262
|
"fields": {
|
|
3344
5263
|
"text": {
|
|
3345
|
-
"
|
|
3346
|
-
"type": "text"
|
|
5264
|
+
"type": "match_only_text"
|
|
3347
5265
|
}
|
|
3348
5266
|
},
|
|
3349
5267
|
"ignore_above": 1024,
|
|
@@ -3372,8 +5290,7 @@
|
|
|
3372
5290
|
"full_name": {
|
|
3373
5291
|
"fields": {
|
|
3374
5292
|
"text": {
|
|
3375
|
-
"
|
|
3376
|
-
"type": "text"
|
|
5293
|
+
"type": "match_only_text"
|
|
3377
5294
|
}
|
|
3378
5295
|
},
|
|
3379
5296
|
"ignore_above": 1024,
|
|
@@ -3406,8 +5323,7 @@
|
|
|
3406
5323
|
"name": {
|
|
3407
5324
|
"fields": {
|
|
3408
5325
|
"text": {
|
|
3409
|
-
"
|
|
3410
|
-
"type": "text"
|
|
5326
|
+
"type": "match_only_text"
|
|
3411
5327
|
}
|
|
3412
5328
|
},
|
|
3413
5329
|
"ignore_above": 1024,
|
|
@@ -3426,8 +5342,7 @@
|
|
|
3426
5342
|
"full_name": {
|
|
3427
5343
|
"fields": {
|
|
3428
5344
|
"text": {
|
|
3429
|
-
"
|
|
3430
|
-
"type": "text"
|
|
5345
|
+
"type": "match_only_text"
|
|
3431
5346
|
}
|
|
3432
5347
|
},
|
|
3433
5348
|
"ignore_above": 1024,
|
|
@@ -3460,8 +5375,7 @@
|
|
|
3460
5375
|
"name": {
|
|
3461
5376
|
"fields": {
|
|
3462
5377
|
"text": {
|
|
3463
|
-
"
|
|
3464
|
-
"type": "text"
|
|
5378
|
+
"type": "match_only_text"
|
|
3465
5379
|
}
|
|
3466
5380
|
},
|
|
3467
5381
|
"ignore_above": 1024,
|
|
@@ -3484,8 +5398,7 @@
|
|
|
3484
5398
|
"full_name": {
|
|
3485
5399
|
"fields": {
|
|
3486
5400
|
"text": {
|
|
3487
|
-
"
|
|
3488
|
-
"type": "text"
|
|
5401
|
+
"type": "match_only_text"
|
|
3489
5402
|
}
|
|
3490
5403
|
},
|
|
3491
5404
|
"ignore_above": 1024,
|
|
@@ -3518,8 +5431,7 @@
|
|
|
3518
5431
|
"name": {
|
|
3519
5432
|
"fields": {
|
|
3520
5433
|
"text": {
|
|
3521
|
-
"
|
|
3522
|
-
"type": "text"
|
|
5434
|
+
"type": "match_only_text"
|
|
3523
5435
|
}
|
|
3524
5436
|
},
|
|
3525
5437
|
"ignore_above": 1024,
|
|
@@ -3550,8 +5462,7 @@
|
|
|
3550
5462
|
"original": {
|
|
3551
5463
|
"fields": {
|
|
3552
5464
|
"text": {
|
|
3553
|
-
"
|
|
3554
|
-
"type": "text"
|
|
5465
|
+
"type": "match_only_text"
|
|
3555
5466
|
}
|
|
3556
5467
|
},
|
|
3557
5468
|
"ignore_above": 1024,
|
|
@@ -3566,8 +5477,7 @@
|
|
|
3566
5477
|
"full": {
|
|
3567
5478
|
"fields": {
|
|
3568
5479
|
"text": {
|
|
3569
|
-
"
|
|
3570
|
-
"type": "text"
|
|
5480
|
+
"type": "match_only_text"
|
|
3571
5481
|
}
|
|
3572
5482
|
},
|
|
3573
5483
|
"ignore_above": 1024,
|
|
@@ -3580,8 +5490,7 @@
|
|
|
3580
5490
|
"name": {
|
|
3581
5491
|
"fields": {
|
|
3582
5492
|
"text": {
|
|
3583
|
-
"
|
|
3584
|
-
"type": "text"
|
|
5493
|
+
"type": "match_only_text"
|
|
3585
5494
|
}
|
|
3586
5495
|
},
|
|
3587
5496
|
"ignore_above": 1024,
|
|
@@ -3620,8 +5529,7 @@
|
|
|
3620
5529
|
"description": {
|
|
3621
5530
|
"fields": {
|
|
3622
5531
|
"text": {
|
|
3623
|
-
"
|
|
3624
|
-
"type": "text"
|
|
5532
|
+
"type": "match_only_text"
|
|
3625
5533
|
}
|
|
3626
5534
|
},
|
|
3627
5535
|
"ignore_above": 1024,
|