logstash-output-elasticsearch 11.3.1-java → 11.4.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -2
- data/Gemfile +2 -1
- data/docs/index.asciidoc +3 -7
- data/lib/logstash/outputs/elasticsearch/data_stream_support.rb +1 -1
- data/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb +40 -16
- data/lib/logstash/outputs/elasticsearch/http_client/pool.rb +5 -9
- data/lib/logstash/outputs/elasticsearch/http_client.rb +1 -2
- data/lib/logstash/outputs/elasticsearch/http_client_builder.rb +3 -6
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +2196 -288
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-8x.json +2196 -288
- data/logstash-output-elasticsearch.gemspec +2 -2
- data/spec/es_spec_helper.rb +5 -1
- data/spec/fixtures/test_certs/{ca/ca.crt → ca.crt} +0 -0
- data/spec/fixtures/test_certs/{ca/ca.key → ca.key} +0 -0
- data/spec/fixtures/test_certs/test.p12 +0 -0
- data/spec/fixtures/test_certs/test_invalid.crt +36 -0
- data/spec/fixtures/test_certs/test_invalid.key +51 -0
- data/spec/fixtures/test_certs/test_invalid.p12 +0 -0
- data/spec/fixtures/test_certs/test_self_signed.crt +32 -0
- data/spec/fixtures/test_certs/test_self_signed.key +54 -0
- data/spec/fixtures/test_certs/test_self_signed.p12 +0 -0
- data/spec/integration/outputs/ilm_spec.rb +2 -1
- data/spec/integration/outputs/index_spec.rb +87 -43
- data/spec/integration/outputs/ingest_pipeline_spec.rb +2 -1
- data/spec/integration/outputs/no_es_on_startup_spec.rb +12 -6
- data/spec/integration/outputs/retry_spec.rb +2 -1
- data/spec/integration/outputs/sniffer_spec.rb +1 -1
- data/spec/unit/outputs/elasticsearch/http_client/manticore_adapter_spec.rb +6 -5
- data/spec/unit/outputs/elasticsearch/http_client/pool_spec.rb +1 -1
- data/spec/unit/outputs/elasticsearch_ssl_spec.rb +1 -1
- metadata +22 -8
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
},
|
|
16
16
|
"mappings": {
|
|
17
17
|
"_meta": {
|
|
18
|
-
"version": "1.
|
|
18
|
+
"version": "1.12.1"
|
|
19
19
|
},
|
|
20
20
|
"date_detection": false,
|
|
21
21
|
"dynamic_templates": [
|
|
@@ -81,8 +81,7 @@
|
|
|
81
81
|
"name": {
|
|
82
82
|
"fields": {
|
|
83
83
|
"text": {
|
|
84
|
-
"
|
|
85
|
-
"type": "text"
|
|
84
|
+
"type": "match_only_text"
|
|
86
85
|
}
|
|
87
86
|
},
|
|
88
87
|
"ignore_above": 1024,
|
|
@@ -194,8 +193,7 @@
|
|
|
194
193
|
"full_name": {
|
|
195
194
|
"fields": {
|
|
196
195
|
"text": {
|
|
197
|
-
"
|
|
198
|
-
"type": "text"
|
|
196
|
+
"type": "match_only_text"
|
|
199
197
|
}
|
|
200
198
|
},
|
|
201
199
|
"ignore_above": 1024,
|
|
@@ -228,8 +226,7 @@
|
|
|
228
226
|
"name": {
|
|
229
227
|
"fields": {
|
|
230
228
|
"text": {
|
|
231
|
-
"
|
|
232
|
-
"type": "text"
|
|
229
|
+
"type": "match_only_text"
|
|
233
230
|
}
|
|
234
231
|
},
|
|
235
232
|
"ignore_above": 1024,
|
|
@@ -371,8 +368,7 @@
|
|
|
371
368
|
"name": {
|
|
372
369
|
"fields": {
|
|
373
370
|
"text": {
|
|
374
|
-
"
|
|
375
|
-
"type": "text"
|
|
371
|
+
"type": "match_only_text"
|
|
376
372
|
}
|
|
377
373
|
},
|
|
378
374
|
"ignore_above": 1024,
|
|
@@ -484,8 +480,7 @@
|
|
|
484
480
|
"full_name": {
|
|
485
481
|
"fields": {
|
|
486
482
|
"text": {
|
|
487
|
-
"
|
|
488
|
-
"type": "text"
|
|
483
|
+
"type": "match_only_text"
|
|
489
484
|
}
|
|
490
485
|
},
|
|
491
486
|
"ignore_above": 1024,
|
|
@@ -518,8 +513,7 @@
|
|
|
518
513
|
"name": {
|
|
519
514
|
"fields": {
|
|
520
515
|
"text": {
|
|
521
|
-
"
|
|
522
|
-
"type": "text"
|
|
516
|
+
"type": "match_only_text"
|
|
523
517
|
}
|
|
524
518
|
},
|
|
525
519
|
"ignore_above": 1024,
|
|
@@ -537,6 +531,10 @@
|
|
|
537
531
|
"properties": {
|
|
538
532
|
"code_signature": {
|
|
539
533
|
"properties": {
|
|
534
|
+
"digest_algorithm": {
|
|
535
|
+
"ignore_above": 1024,
|
|
536
|
+
"type": "keyword"
|
|
537
|
+
},
|
|
540
538
|
"exists": {
|
|
541
539
|
"type": "boolean"
|
|
542
540
|
},
|
|
@@ -556,6 +554,9 @@
|
|
|
556
554
|
"ignore_above": 1024,
|
|
557
555
|
"type": "keyword"
|
|
558
556
|
},
|
|
557
|
+
"timestamp": {
|
|
558
|
+
"type": "date"
|
|
559
|
+
},
|
|
559
560
|
"trusted": {
|
|
560
561
|
"type": "boolean"
|
|
561
562
|
},
|
|
@@ -728,20 +729,15 @@
|
|
|
728
729
|
"type": "keyword"
|
|
729
730
|
},
|
|
730
731
|
"message": {
|
|
731
|
-
"
|
|
732
|
-
"type": "text"
|
|
732
|
+
"type": "match_only_text"
|
|
733
733
|
},
|
|
734
734
|
"stack_trace": {
|
|
735
|
-
"doc_values": false,
|
|
736
735
|
"fields": {
|
|
737
736
|
"text": {
|
|
738
|
-
"
|
|
739
|
-
"type": "text"
|
|
737
|
+
"type": "match_only_text"
|
|
740
738
|
}
|
|
741
739
|
},
|
|
742
|
-
"
|
|
743
|
-
"index": false,
|
|
744
|
-
"type": "keyword"
|
|
740
|
+
"type": "wildcard"
|
|
745
741
|
},
|
|
746
742
|
"type": {
|
|
747
743
|
"ignore_above": 1024,
|
|
@@ -755,6 +751,10 @@
|
|
|
755
751
|
"ignore_above": 1024,
|
|
756
752
|
"type": "keyword"
|
|
757
753
|
},
|
|
754
|
+
"agent_id_status": {
|
|
755
|
+
"ignore_above": 1024,
|
|
756
|
+
"type": "keyword"
|
|
757
|
+
},
|
|
758
758
|
"category": {
|
|
759
759
|
"ignore_above": 1024,
|
|
760
760
|
"type": "keyword"
|
|
@@ -797,7 +797,6 @@
|
|
|
797
797
|
},
|
|
798
798
|
"original": {
|
|
799
799
|
"doc_values": false,
|
|
800
|
-
"ignore_above": 1024,
|
|
801
800
|
"index": false,
|
|
802
801
|
"type": "keyword"
|
|
803
802
|
},
|
|
@@ -857,6 +856,10 @@
|
|
|
857
856
|
},
|
|
858
857
|
"code_signature": {
|
|
859
858
|
"properties": {
|
|
859
|
+
"digest_algorithm": {
|
|
860
|
+
"ignore_above": 1024,
|
|
861
|
+
"type": "keyword"
|
|
862
|
+
},
|
|
860
863
|
"exists": {
|
|
861
864
|
"type": "boolean"
|
|
862
865
|
},
|
|
@@ -876,6 +879,9 @@
|
|
|
876
879
|
"ignore_above": 1024,
|
|
877
880
|
"type": "keyword"
|
|
878
881
|
},
|
|
882
|
+
"timestamp": {
|
|
883
|
+
"type": "date"
|
|
884
|
+
},
|
|
879
885
|
"trusted": {
|
|
880
886
|
"type": "boolean"
|
|
881
887
|
},
|
|
@@ -902,10 +908,131 @@
|
|
|
902
908
|
"ignore_above": 1,
|
|
903
909
|
"type": "keyword"
|
|
904
910
|
},
|
|
911
|
+
"elf": {
|
|
912
|
+
"properties": {
|
|
913
|
+
"architecture": {
|
|
914
|
+
"ignore_above": 1024,
|
|
915
|
+
"type": "keyword"
|
|
916
|
+
},
|
|
917
|
+
"byte_order": {
|
|
918
|
+
"ignore_above": 1024,
|
|
919
|
+
"type": "keyword"
|
|
920
|
+
},
|
|
921
|
+
"cpu_type": {
|
|
922
|
+
"ignore_above": 1024,
|
|
923
|
+
"type": "keyword"
|
|
924
|
+
},
|
|
925
|
+
"creation_date": {
|
|
926
|
+
"type": "date"
|
|
927
|
+
},
|
|
928
|
+
"exports": {
|
|
929
|
+
"type": "flattened"
|
|
930
|
+
},
|
|
931
|
+
"header": {
|
|
932
|
+
"properties": {
|
|
933
|
+
"abi_version": {
|
|
934
|
+
"ignore_above": 1024,
|
|
935
|
+
"type": "keyword"
|
|
936
|
+
},
|
|
937
|
+
"class": {
|
|
938
|
+
"ignore_above": 1024,
|
|
939
|
+
"type": "keyword"
|
|
940
|
+
},
|
|
941
|
+
"data": {
|
|
942
|
+
"ignore_above": 1024,
|
|
943
|
+
"type": "keyword"
|
|
944
|
+
},
|
|
945
|
+
"entrypoint": {
|
|
946
|
+
"type": "long"
|
|
947
|
+
},
|
|
948
|
+
"object_version": {
|
|
949
|
+
"ignore_above": 1024,
|
|
950
|
+
"type": "keyword"
|
|
951
|
+
},
|
|
952
|
+
"os_abi": {
|
|
953
|
+
"ignore_above": 1024,
|
|
954
|
+
"type": "keyword"
|
|
955
|
+
},
|
|
956
|
+
"type": {
|
|
957
|
+
"ignore_above": 1024,
|
|
958
|
+
"type": "keyword"
|
|
959
|
+
},
|
|
960
|
+
"version": {
|
|
961
|
+
"ignore_above": 1024,
|
|
962
|
+
"type": "keyword"
|
|
963
|
+
}
|
|
964
|
+
}
|
|
965
|
+
},
|
|
966
|
+
"imports": {
|
|
967
|
+
"type": "flattened"
|
|
968
|
+
},
|
|
969
|
+
"sections": {
|
|
970
|
+
"properties": {
|
|
971
|
+
"chi2": {
|
|
972
|
+
"type": "long"
|
|
973
|
+
},
|
|
974
|
+
"entropy": {
|
|
975
|
+
"type": "long"
|
|
976
|
+
},
|
|
977
|
+
"flags": {
|
|
978
|
+
"ignore_above": 1024,
|
|
979
|
+
"type": "keyword"
|
|
980
|
+
},
|
|
981
|
+
"name": {
|
|
982
|
+
"ignore_above": 1024,
|
|
983
|
+
"type": "keyword"
|
|
984
|
+
},
|
|
985
|
+
"physical_offset": {
|
|
986
|
+
"ignore_above": 1024,
|
|
987
|
+
"type": "keyword"
|
|
988
|
+
},
|
|
989
|
+
"physical_size": {
|
|
990
|
+
"type": "long"
|
|
991
|
+
},
|
|
992
|
+
"type": {
|
|
993
|
+
"ignore_above": 1024,
|
|
994
|
+
"type": "keyword"
|
|
995
|
+
},
|
|
996
|
+
"virtual_address": {
|
|
997
|
+
"type": "long"
|
|
998
|
+
},
|
|
999
|
+
"virtual_size": {
|
|
1000
|
+
"type": "long"
|
|
1001
|
+
}
|
|
1002
|
+
},
|
|
1003
|
+
"type": "nested"
|
|
1004
|
+
},
|
|
1005
|
+
"segments": {
|
|
1006
|
+
"properties": {
|
|
1007
|
+
"sections": {
|
|
1008
|
+
"ignore_above": 1024,
|
|
1009
|
+
"type": "keyword"
|
|
1010
|
+
},
|
|
1011
|
+
"type": {
|
|
1012
|
+
"ignore_above": 1024,
|
|
1013
|
+
"type": "keyword"
|
|
1014
|
+
}
|
|
1015
|
+
},
|
|
1016
|
+
"type": "nested"
|
|
1017
|
+
},
|
|
1018
|
+
"shared_libraries": {
|
|
1019
|
+
"ignore_above": 1024,
|
|
1020
|
+
"type": "keyword"
|
|
1021
|
+
},
|
|
1022
|
+
"telfhash": {
|
|
1023
|
+
"ignore_above": 1024,
|
|
1024
|
+
"type": "keyword"
|
|
1025
|
+
}
|
|
1026
|
+
}
|
|
1027
|
+
},
|
|
905
1028
|
"extension": {
|
|
906
1029
|
"ignore_above": 1024,
|
|
907
1030
|
"type": "keyword"
|
|
908
1031
|
},
|
|
1032
|
+
"fork_name": {
|
|
1033
|
+
"ignore_above": 1024,
|
|
1034
|
+
"type": "keyword"
|
|
1035
|
+
},
|
|
909
1036
|
"gid": {
|
|
910
1037
|
"ignore_above": 1024,
|
|
911
1038
|
"type": "keyword"
|
|
@@ -964,8 +1091,7 @@
|
|
|
964
1091
|
"path": {
|
|
965
1092
|
"fields": {
|
|
966
1093
|
"text": {
|
|
967
|
-
"
|
|
968
|
-
"type": "text"
|
|
1094
|
+
"type": "match_only_text"
|
|
969
1095
|
}
|
|
970
1096
|
},
|
|
971
1097
|
"ignore_above": 1024,
|
|
@@ -1009,8 +1135,7 @@
|
|
|
1009
1135
|
"target_path": {
|
|
1010
1136
|
"fields": {
|
|
1011
1137
|
"text": {
|
|
1012
|
-
"
|
|
1013
|
-
"type": "text"
|
|
1138
|
+
"type": "match_only_text"
|
|
1014
1139
|
}
|
|
1015
1140
|
},
|
|
1016
1141
|
"ignore_above": 1024,
|
|
@@ -1283,8 +1408,7 @@
|
|
|
1283
1408
|
"full": {
|
|
1284
1409
|
"fields": {
|
|
1285
1410
|
"text": {
|
|
1286
|
-
"
|
|
1287
|
-
"type": "text"
|
|
1411
|
+
"type": "match_only_text"
|
|
1288
1412
|
}
|
|
1289
1413
|
},
|
|
1290
1414
|
"ignore_above": 1024,
|
|
@@ -1297,8 +1421,7 @@
|
|
|
1297
1421
|
"name": {
|
|
1298
1422
|
"fields": {
|
|
1299
1423
|
"text": {
|
|
1300
|
-
"
|
|
1301
|
-
"type": "text"
|
|
1424
|
+
"type": "match_only_text"
|
|
1302
1425
|
}
|
|
1303
1426
|
},
|
|
1304
1427
|
"ignore_above": 1024,
|
|
@@ -1338,8 +1461,7 @@
|
|
|
1338
1461
|
"full_name": {
|
|
1339
1462
|
"fields": {
|
|
1340
1463
|
"text": {
|
|
1341
|
-
"
|
|
1342
|
-
"type": "text"
|
|
1464
|
+
"type": "match_only_text"
|
|
1343
1465
|
}
|
|
1344
1466
|
},
|
|
1345
1467
|
"ignore_above": 1024,
|
|
@@ -1372,8 +1494,7 @@
|
|
|
1372
1494
|
"name": {
|
|
1373
1495
|
"fields": {
|
|
1374
1496
|
"text": {
|
|
1375
|
-
"
|
|
1376
|
-
"type": "text"
|
|
1497
|
+
"type": "match_only_text"
|
|
1377
1498
|
}
|
|
1378
1499
|
},
|
|
1379
1500
|
"ignore_above": 1024,
|
|
@@ -1399,12 +1520,10 @@
|
|
|
1399
1520
|
"content": {
|
|
1400
1521
|
"fields": {
|
|
1401
1522
|
"text": {
|
|
1402
|
-
"
|
|
1403
|
-
"type": "text"
|
|
1523
|
+
"type": "match_only_text"
|
|
1404
1524
|
}
|
|
1405
1525
|
},
|
|
1406
|
-
"
|
|
1407
|
-
"type": "keyword"
|
|
1526
|
+
"type": "wildcard"
|
|
1408
1527
|
}
|
|
1409
1528
|
}
|
|
1410
1529
|
},
|
|
@@ -1439,12 +1558,10 @@
|
|
|
1439
1558
|
"content": {
|
|
1440
1559
|
"fields": {
|
|
1441
1560
|
"text": {
|
|
1442
|
-
"
|
|
1443
|
-
"type": "text"
|
|
1561
|
+
"type": "match_only_text"
|
|
1444
1562
|
}
|
|
1445
1563
|
},
|
|
1446
|
-
"
|
|
1447
|
-
"type": "keyword"
|
|
1564
|
+
"type": "wildcard"
|
|
1448
1565
|
}
|
|
1449
1566
|
}
|
|
1450
1567
|
},
|
|
@@ -1508,7 +1625,6 @@
|
|
|
1508
1625
|
},
|
|
1509
1626
|
"original": {
|
|
1510
1627
|
"doc_values": false,
|
|
1511
|
-
"ignore_above": 1024,
|
|
1512
1628
|
"index": false,
|
|
1513
1629
|
"type": "keyword"
|
|
1514
1630
|
},
|
|
@@ -1545,8 +1661,7 @@
|
|
|
1545
1661
|
}
|
|
1546
1662
|
},
|
|
1547
1663
|
"message": {
|
|
1548
|
-
"
|
|
1549
|
-
"type": "text"
|
|
1664
|
+
"type": "match_only_text"
|
|
1550
1665
|
},
|
|
1551
1666
|
"network": {
|
|
1552
1667
|
"properties": {
|
|
@@ -1769,8 +1884,7 @@
|
|
|
1769
1884
|
"full": {
|
|
1770
1885
|
"fields": {
|
|
1771
1886
|
"text": {
|
|
1772
|
-
"
|
|
1773
|
-
"type": "text"
|
|
1887
|
+
"type": "match_only_text"
|
|
1774
1888
|
}
|
|
1775
1889
|
},
|
|
1776
1890
|
"ignore_above": 1024,
|
|
@@ -1783,8 +1897,7 @@
|
|
|
1783
1897
|
"name": {
|
|
1784
1898
|
"fields": {
|
|
1785
1899
|
"text": {
|
|
1786
|
-
"
|
|
1787
|
-
"type": "text"
|
|
1900
|
+
"type": "match_only_text"
|
|
1788
1901
|
}
|
|
1789
1902
|
},
|
|
1790
1903
|
"ignore_above": 1024,
|
|
@@ -1883,8 +1996,7 @@
|
|
|
1883
1996
|
"name": {
|
|
1884
1997
|
"fields": {
|
|
1885
1998
|
"text": {
|
|
1886
|
-
"
|
|
1887
|
-
"type": "text"
|
|
1999
|
+
"type": "match_only_text"
|
|
1888
2000
|
}
|
|
1889
2001
|
},
|
|
1890
2002
|
"ignore_above": 1024,
|
|
@@ -1957,6 +2069,10 @@
|
|
|
1957
2069
|
},
|
|
1958
2070
|
"code_signature": {
|
|
1959
2071
|
"properties": {
|
|
2072
|
+
"digest_algorithm": {
|
|
2073
|
+
"ignore_above": 1024,
|
|
2074
|
+
"type": "keyword"
|
|
2075
|
+
},
|
|
1960
2076
|
"exists": {
|
|
1961
2077
|
"type": "boolean"
|
|
1962
2078
|
},
|
|
@@ -1976,6 +2092,9 @@
|
|
|
1976
2092
|
"ignore_above": 1024,
|
|
1977
2093
|
"type": "keyword"
|
|
1978
2094
|
},
|
|
2095
|
+
"timestamp": {
|
|
2096
|
+
"type": "date"
|
|
2097
|
+
},
|
|
1979
2098
|
"trusted": {
|
|
1980
2099
|
"type": "boolean"
|
|
1981
2100
|
},
|
|
@@ -1987,12 +2106,130 @@
|
|
|
1987
2106
|
"command_line": {
|
|
1988
2107
|
"fields": {
|
|
1989
2108
|
"text": {
|
|
1990
|
-
"
|
|
1991
|
-
"type": "text"
|
|
2109
|
+
"type": "match_only_text"
|
|
1992
2110
|
}
|
|
1993
2111
|
},
|
|
1994
|
-
"
|
|
1995
|
-
|
|
2112
|
+
"type": "wildcard"
|
|
2113
|
+
},
|
|
2114
|
+
"elf": {
|
|
2115
|
+
"properties": {
|
|
2116
|
+
"architecture": {
|
|
2117
|
+
"ignore_above": 1024,
|
|
2118
|
+
"type": "keyword"
|
|
2119
|
+
},
|
|
2120
|
+
"byte_order": {
|
|
2121
|
+
"ignore_above": 1024,
|
|
2122
|
+
"type": "keyword"
|
|
2123
|
+
},
|
|
2124
|
+
"cpu_type": {
|
|
2125
|
+
"ignore_above": 1024,
|
|
2126
|
+
"type": "keyword"
|
|
2127
|
+
},
|
|
2128
|
+
"creation_date": {
|
|
2129
|
+
"type": "date"
|
|
2130
|
+
},
|
|
2131
|
+
"exports": {
|
|
2132
|
+
"type": "flattened"
|
|
2133
|
+
},
|
|
2134
|
+
"header": {
|
|
2135
|
+
"properties": {
|
|
2136
|
+
"abi_version": {
|
|
2137
|
+
"ignore_above": 1024,
|
|
2138
|
+
"type": "keyword"
|
|
2139
|
+
},
|
|
2140
|
+
"class": {
|
|
2141
|
+
"ignore_above": 1024,
|
|
2142
|
+
"type": "keyword"
|
|
2143
|
+
},
|
|
2144
|
+
"data": {
|
|
2145
|
+
"ignore_above": 1024,
|
|
2146
|
+
"type": "keyword"
|
|
2147
|
+
},
|
|
2148
|
+
"entrypoint": {
|
|
2149
|
+
"type": "long"
|
|
2150
|
+
},
|
|
2151
|
+
"object_version": {
|
|
2152
|
+
"ignore_above": 1024,
|
|
2153
|
+
"type": "keyword"
|
|
2154
|
+
},
|
|
2155
|
+
"os_abi": {
|
|
2156
|
+
"ignore_above": 1024,
|
|
2157
|
+
"type": "keyword"
|
|
2158
|
+
},
|
|
2159
|
+
"type": {
|
|
2160
|
+
"ignore_above": 1024,
|
|
2161
|
+
"type": "keyword"
|
|
2162
|
+
},
|
|
2163
|
+
"version": {
|
|
2164
|
+
"ignore_above": 1024,
|
|
2165
|
+
"type": "keyword"
|
|
2166
|
+
}
|
|
2167
|
+
}
|
|
2168
|
+
},
|
|
2169
|
+
"imports": {
|
|
2170
|
+
"type": "flattened"
|
|
2171
|
+
},
|
|
2172
|
+
"sections": {
|
|
2173
|
+
"properties": {
|
|
2174
|
+
"chi2": {
|
|
2175
|
+
"type": "long"
|
|
2176
|
+
},
|
|
2177
|
+
"entropy": {
|
|
2178
|
+
"type": "long"
|
|
2179
|
+
},
|
|
2180
|
+
"flags": {
|
|
2181
|
+
"ignore_above": 1024,
|
|
2182
|
+
"type": "keyword"
|
|
2183
|
+
},
|
|
2184
|
+
"name": {
|
|
2185
|
+
"ignore_above": 1024,
|
|
2186
|
+
"type": "keyword"
|
|
2187
|
+
},
|
|
2188
|
+
"physical_offset": {
|
|
2189
|
+
"ignore_above": 1024,
|
|
2190
|
+
"type": "keyword"
|
|
2191
|
+
},
|
|
2192
|
+
"physical_size": {
|
|
2193
|
+
"type": "long"
|
|
2194
|
+
},
|
|
2195
|
+
"type": {
|
|
2196
|
+
"ignore_above": 1024,
|
|
2197
|
+
"type": "keyword"
|
|
2198
|
+
},
|
|
2199
|
+
"virtual_address": {
|
|
2200
|
+
"type": "long"
|
|
2201
|
+
},
|
|
2202
|
+
"virtual_size": {
|
|
2203
|
+
"type": "long"
|
|
2204
|
+
}
|
|
2205
|
+
},
|
|
2206
|
+
"type": "nested"
|
|
2207
|
+
},
|
|
2208
|
+
"segments": {
|
|
2209
|
+
"properties": {
|
|
2210
|
+
"sections": {
|
|
2211
|
+
"ignore_above": 1024,
|
|
2212
|
+
"type": "keyword"
|
|
2213
|
+
},
|
|
2214
|
+
"type": {
|
|
2215
|
+
"ignore_above": 1024,
|
|
2216
|
+
"type": "keyword"
|
|
2217
|
+
}
|
|
2218
|
+
},
|
|
2219
|
+
"type": "nested"
|
|
2220
|
+
},
|
|
2221
|
+
"shared_libraries": {
|
|
2222
|
+
"ignore_above": 1024,
|
|
2223
|
+
"type": "keyword"
|
|
2224
|
+
},
|
|
2225
|
+
"telfhash": {
|
|
2226
|
+
"ignore_above": 1024,
|
|
2227
|
+
"type": "keyword"
|
|
2228
|
+
}
|
|
2229
|
+
}
|
|
2230
|
+
},
|
|
2231
|
+
"end": {
|
|
2232
|
+
"type": "date"
|
|
1996
2233
|
},
|
|
1997
2234
|
"entity_id": {
|
|
1998
2235
|
"ignore_above": 1024,
|
|
@@ -2001,8 +2238,7 @@
|
|
|
2001
2238
|
"executable": {
|
|
2002
2239
|
"fields": {
|
|
2003
2240
|
"text": {
|
|
2004
|
-
"
|
|
2005
|
-
"type": "text"
|
|
2241
|
+
"type": "match_only_text"
|
|
2006
2242
|
}
|
|
2007
2243
|
},
|
|
2008
2244
|
"ignore_above": 1024,
|
|
@@ -2038,8 +2274,7 @@
|
|
|
2038
2274
|
"name": {
|
|
2039
2275
|
"fields": {
|
|
2040
2276
|
"text": {
|
|
2041
|
-
"
|
|
2042
|
-
"type": "text"
|
|
2277
|
+
"type": "match_only_text"
|
|
2043
2278
|
}
|
|
2044
2279
|
},
|
|
2045
2280
|
"ignore_above": 1024,
|
|
@@ -2056,6 +2291,10 @@
|
|
|
2056
2291
|
},
|
|
2057
2292
|
"code_signature": {
|
|
2058
2293
|
"properties": {
|
|
2294
|
+
"digest_algorithm": {
|
|
2295
|
+
"ignore_above": 1024,
|
|
2296
|
+
"type": "keyword"
|
|
2297
|
+
},
|
|
2059
2298
|
"exists": {
|
|
2060
2299
|
"type": "boolean"
|
|
2061
2300
|
},
|
|
@@ -2075,6 +2314,9 @@
|
|
|
2075
2314
|
"ignore_above": 1024,
|
|
2076
2315
|
"type": "keyword"
|
|
2077
2316
|
},
|
|
2317
|
+
"timestamp": {
|
|
2318
|
+
"type": "date"
|
|
2319
|
+
},
|
|
2078
2320
|
"trusted": {
|
|
2079
2321
|
"type": "boolean"
|
|
2080
2322
|
},
|
|
@@ -2086,72 +2328,188 @@
|
|
|
2086
2328
|
"command_line": {
|
|
2087
2329
|
"fields": {
|
|
2088
2330
|
"text": {
|
|
2089
|
-
"
|
|
2090
|
-
"type": "text"
|
|
2091
|
-
}
|
|
2092
|
-
},
|
|
2093
|
-
"ignore_above": 1024,
|
|
2094
|
-
"type": "keyword"
|
|
2095
|
-
},
|
|
2096
|
-
"entity_id": {
|
|
2097
|
-
"ignore_above": 1024,
|
|
2098
|
-
"type": "keyword"
|
|
2099
|
-
},
|
|
2100
|
-
"executable": {
|
|
2101
|
-
"fields": {
|
|
2102
|
-
"text": {
|
|
2103
|
-
"norms": false,
|
|
2104
|
-
"type": "text"
|
|
2331
|
+
"type": "match_only_text"
|
|
2105
2332
|
}
|
|
2106
2333
|
},
|
|
2107
|
-
"
|
|
2108
|
-
"type": "keyword"
|
|
2109
|
-
},
|
|
2110
|
-
"exit_code": {
|
|
2111
|
-
"type": "long"
|
|
2334
|
+
"type": "wildcard"
|
|
2112
2335
|
},
|
|
2113
|
-
"
|
|
2336
|
+
"elf": {
|
|
2114
2337
|
"properties": {
|
|
2115
|
-
"
|
|
2338
|
+
"architecture": {
|
|
2116
2339
|
"ignore_above": 1024,
|
|
2117
2340
|
"type": "keyword"
|
|
2118
2341
|
},
|
|
2119
|
-
"
|
|
2342
|
+
"byte_order": {
|
|
2120
2343
|
"ignore_above": 1024,
|
|
2121
2344
|
"type": "keyword"
|
|
2122
2345
|
},
|
|
2123
|
-
"
|
|
2346
|
+
"cpu_type": {
|
|
2124
2347
|
"ignore_above": 1024,
|
|
2125
2348
|
"type": "keyword"
|
|
2126
2349
|
},
|
|
2127
|
-
"
|
|
2128
|
-
"
|
|
2129
|
-
"type": "keyword"
|
|
2350
|
+
"creation_date": {
|
|
2351
|
+
"type": "date"
|
|
2130
2352
|
},
|
|
2131
|
-
"
|
|
2132
|
-
"
|
|
2133
|
-
"type": "keyword"
|
|
2134
|
-
}
|
|
2135
|
-
}
|
|
2136
|
-
},
|
|
2137
|
-
"name": {
|
|
2138
|
-
"fields": {
|
|
2139
|
-
"text": {
|
|
2140
|
-
"norms": false,
|
|
2141
|
-
"type": "text"
|
|
2142
|
-
}
|
|
2143
|
-
},
|
|
2144
|
-
"ignore_above": 1024,
|
|
2145
|
-
"type": "keyword"
|
|
2146
|
-
},
|
|
2147
|
-
"pe": {
|
|
2148
|
-
"properties": {
|
|
2149
|
-
"architecture": {
|
|
2150
|
-
"ignore_above": 1024,
|
|
2151
|
-
"type": "keyword"
|
|
2353
|
+
"exports": {
|
|
2354
|
+
"type": "flattened"
|
|
2152
2355
|
},
|
|
2153
|
-
"
|
|
2154
|
-
"
|
|
2356
|
+
"header": {
|
|
2357
|
+
"properties": {
|
|
2358
|
+
"abi_version": {
|
|
2359
|
+
"ignore_above": 1024,
|
|
2360
|
+
"type": "keyword"
|
|
2361
|
+
},
|
|
2362
|
+
"class": {
|
|
2363
|
+
"ignore_above": 1024,
|
|
2364
|
+
"type": "keyword"
|
|
2365
|
+
},
|
|
2366
|
+
"data": {
|
|
2367
|
+
"ignore_above": 1024,
|
|
2368
|
+
"type": "keyword"
|
|
2369
|
+
},
|
|
2370
|
+
"entrypoint": {
|
|
2371
|
+
"type": "long"
|
|
2372
|
+
},
|
|
2373
|
+
"object_version": {
|
|
2374
|
+
"ignore_above": 1024,
|
|
2375
|
+
"type": "keyword"
|
|
2376
|
+
},
|
|
2377
|
+
"os_abi": {
|
|
2378
|
+
"ignore_above": 1024,
|
|
2379
|
+
"type": "keyword"
|
|
2380
|
+
},
|
|
2381
|
+
"type": {
|
|
2382
|
+
"ignore_above": 1024,
|
|
2383
|
+
"type": "keyword"
|
|
2384
|
+
},
|
|
2385
|
+
"version": {
|
|
2386
|
+
"ignore_above": 1024,
|
|
2387
|
+
"type": "keyword"
|
|
2388
|
+
}
|
|
2389
|
+
}
|
|
2390
|
+
},
|
|
2391
|
+
"imports": {
|
|
2392
|
+
"type": "flattened"
|
|
2393
|
+
},
|
|
2394
|
+
"sections": {
|
|
2395
|
+
"properties": {
|
|
2396
|
+
"chi2": {
|
|
2397
|
+
"type": "long"
|
|
2398
|
+
},
|
|
2399
|
+
"entropy": {
|
|
2400
|
+
"type": "long"
|
|
2401
|
+
},
|
|
2402
|
+
"flags": {
|
|
2403
|
+
"ignore_above": 1024,
|
|
2404
|
+
"type": "keyword"
|
|
2405
|
+
},
|
|
2406
|
+
"name": {
|
|
2407
|
+
"ignore_above": 1024,
|
|
2408
|
+
"type": "keyword"
|
|
2409
|
+
},
|
|
2410
|
+
"physical_offset": {
|
|
2411
|
+
"ignore_above": 1024,
|
|
2412
|
+
"type": "keyword"
|
|
2413
|
+
},
|
|
2414
|
+
"physical_size": {
|
|
2415
|
+
"type": "long"
|
|
2416
|
+
},
|
|
2417
|
+
"type": {
|
|
2418
|
+
"ignore_above": 1024,
|
|
2419
|
+
"type": "keyword"
|
|
2420
|
+
},
|
|
2421
|
+
"virtual_address": {
|
|
2422
|
+
"type": "long"
|
|
2423
|
+
},
|
|
2424
|
+
"virtual_size": {
|
|
2425
|
+
"type": "long"
|
|
2426
|
+
}
|
|
2427
|
+
},
|
|
2428
|
+
"type": "nested"
|
|
2429
|
+
},
|
|
2430
|
+
"segments": {
|
|
2431
|
+
"properties": {
|
|
2432
|
+
"sections": {
|
|
2433
|
+
"ignore_above": 1024,
|
|
2434
|
+
"type": "keyword"
|
|
2435
|
+
},
|
|
2436
|
+
"type": {
|
|
2437
|
+
"ignore_above": 1024,
|
|
2438
|
+
"type": "keyword"
|
|
2439
|
+
}
|
|
2440
|
+
},
|
|
2441
|
+
"type": "nested"
|
|
2442
|
+
},
|
|
2443
|
+
"shared_libraries": {
|
|
2444
|
+
"ignore_above": 1024,
|
|
2445
|
+
"type": "keyword"
|
|
2446
|
+
},
|
|
2447
|
+
"telfhash": {
|
|
2448
|
+
"ignore_above": 1024,
|
|
2449
|
+
"type": "keyword"
|
|
2450
|
+
}
|
|
2451
|
+
}
|
|
2452
|
+
},
|
|
2453
|
+
"end": {
|
|
2454
|
+
"type": "date"
|
|
2455
|
+
},
|
|
2456
|
+
"entity_id": {
|
|
2457
|
+
"ignore_above": 1024,
|
|
2458
|
+
"type": "keyword"
|
|
2459
|
+
},
|
|
2460
|
+
"executable": {
|
|
2461
|
+
"fields": {
|
|
2462
|
+
"text": {
|
|
2463
|
+
"type": "match_only_text"
|
|
2464
|
+
}
|
|
2465
|
+
},
|
|
2466
|
+
"ignore_above": 1024,
|
|
2467
|
+
"type": "keyword"
|
|
2468
|
+
},
|
|
2469
|
+
"exit_code": {
|
|
2470
|
+
"type": "long"
|
|
2471
|
+
},
|
|
2472
|
+
"hash": {
|
|
2473
|
+
"properties": {
|
|
2474
|
+
"md5": {
|
|
2475
|
+
"ignore_above": 1024,
|
|
2476
|
+
"type": "keyword"
|
|
2477
|
+
},
|
|
2478
|
+
"sha1": {
|
|
2479
|
+
"ignore_above": 1024,
|
|
2480
|
+
"type": "keyword"
|
|
2481
|
+
},
|
|
2482
|
+
"sha256": {
|
|
2483
|
+
"ignore_above": 1024,
|
|
2484
|
+
"type": "keyword"
|
|
2485
|
+
},
|
|
2486
|
+
"sha512": {
|
|
2487
|
+
"ignore_above": 1024,
|
|
2488
|
+
"type": "keyword"
|
|
2489
|
+
},
|
|
2490
|
+
"ssdeep": {
|
|
2491
|
+
"ignore_above": 1024,
|
|
2492
|
+
"type": "keyword"
|
|
2493
|
+
}
|
|
2494
|
+
}
|
|
2495
|
+
},
|
|
2496
|
+
"name": {
|
|
2497
|
+
"fields": {
|
|
2498
|
+
"text": {
|
|
2499
|
+
"type": "match_only_text"
|
|
2500
|
+
}
|
|
2501
|
+
},
|
|
2502
|
+
"ignore_above": 1024,
|
|
2503
|
+
"type": "keyword"
|
|
2504
|
+
},
|
|
2505
|
+
"pe": {
|
|
2506
|
+
"properties": {
|
|
2507
|
+
"architecture": {
|
|
2508
|
+
"ignore_above": 1024,
|
|
2509
|
+
"type": "keyword"
|
|
2510
|
+
},
|
|
2511
|
+
"company": {
|
|
2512
|
+
"ignore_above": 1024,
|
|
2155
2513
|
"type": "keyword"
|
|
2156
2514
|
},
|
|
2157
2515
|
"description": {
|
|
@@ -2202,8 +2560,7 @@
|
|
|
2202
2560
|
"title": {
|
|
2203
2561
|
"fields": {
|
|
2204
2562
|
"text": {
|
|
2205
|
-
"
|
|
2206
|
-
"type": "text"
|
|
2563
|
+
"type": "match_only_text"
|
|
2207
2564
|
}
|
|
2208
2565
|
},
|
|
2209
2566
|
"ignore_above": 1024,
|
|
@@ -2215,8 +2572,7 @@
|
|
|
2215
2572
|
"working_directory": {
|
|
2216
2573
|
"fields": {
|
|
2217
2574
|
"text": {
|
|
2218
|
-
"
|
|
2219
|
-
"type": "text"
|
|
2575
|
+
"type": "match_only_text"
|
|
2220
2576
|
}
|
|
2221
2577
|
},
|
|
2222
2578
|
"ignore_above": 1024,
|
|
@@ -2282,8 +2638,7 @@
|
|
|
2282
2638
|
"title": {
|
|
2283
2639
|
"fields": {
|
|
2284
2640
|
"text": {
|
|
2285
|
-
"
|
|
2286
|
-
"type": "text"
|
|
2641
|
+
"type": "match_only_text"
|
|
2287
2642
|
}
|
|
2288
2643
|
},
|
|
2289
2644
|
"ignore_above": 1024,
|
|
@@ -2295,8 +2650,7 @@
|
|
|
2295
2650
|
"working_directory": {
|
|
2296
2651
|
"fields": {
|
|
2297
2652
|
"text": {
|
|
2298
|
-
"
|
|
2299
|
-
"type": "text"
|
|
2653
|
+
"type": "match_only_text"
|
|
2300
2654
|
}
|
|
2301
2655
|
},
|
|
2302
2656
|
"ignore_above": 1024,
|
|
@@ -2313,8 +2667,7 @@
|
|
|
2313
2667
|
"type": "keyword"
|
|
2314
2668
|
},
|
|
2315
2669
|
"strings": {
|
|
2316
|
-
"
|
|
2317
|
-
"type": "keyword"
|
|
2670
|
+
"type": "wildcard"
|
|
2318
2671
|
},
|
|
2319
2672
|
"type": {
|
|
2320
2673
|
"ignore_above": 1024,
|
|
@@ -2419,8 +2772,7 @@
|
|
|
2419
2772
|
"name": {
|
|
2420
2773
|
"fields": {
|
|
2421
2774
|
"text": {
|
|
2422
|
-
"
|
|
2423
|
-
"type": "text"
|
|
2775
|
+
"type": "match_only_text"
|
|
2424
2776
|
}
|
|
2425
2777
|
},
|
|
2426
2778
|
"ignore_above": 1024,
|
|
@@ -2532,8 +2884,7 @@
|
|
|
2532
2884
|
"full_name": {
|
|
2533
2885
|
"fields": {
|
|
2534
2886
|
"text": {
|
|
2535
|
-
"
|
|
2536
|
-
"type": "text"
|
|
2887
|
+
"type": "match_only_text"
|
|
2537
2888
|
}
|
|
2538
2889
|
},
|
|
2539
2890
|
"ignore_above": 1024,
|
|
@@ -2566,8 +2917,7 @@
|
|
|
2566
2917
|
"name": {
|
|
2567
2918
|
"fields": {
|
|
2568
2919
|
"text": {
|
|
2569
|
-
"
|
|
2570
|
-
"type": "text"
|
|
2920
|
+
"type": "match_only_text"
|
|
2571
2921
|
}
|
|
2572
2922
|
},
|
|
2573
2923
|
"ignore_above": 1024,
|
|
@@ -2583,6 +2933,14 @@
|
|
|
2583
2933
|
},
|
|
2584
2934
|
"service": {
|
|
2585
2935
|
"properties": {
|
|
2936
|
+
"address": {
|
|
2937
|
+
"ignore_above": 1024,
|
|
2938
|
+
"type": "keyword"
|
|
2939
|
+
},
|
|
2940
|
+
"environment": {
|
|
2941
|
+
"ignore_above": 1024,
|
|
2942
|
+
"type": "keyword"
|
|
2943
|
+
},
|
|
2586
2944
|
"ephemeral_id": {
|
|
2587
2945
|
"ignore_above": 1024,
|
|
2588
2946
|
"type": "keyword"
|
|
@@ -2633,8 +2991,7 @@
|
|
|
2633
2991
|
"name": {
|
|
2634
2992
|
"fields": {
|
|
2635
2993
|
"text": {
|
|
2636
|
-
"
|
|
2637
|
-
"type": "text"
|
|
2994
|
+
"type": "match_only_text"
|
|
2638
2995
|
}
|
|
2639
2996
|
},
|
|
2640
2997
|
"ignore_above": 1024,
|
|
@@ -2746,8 +3103,7 @@
|
|
|
2746
3103
|
"full_name": {
|
|
2747
3104
|
"fields": {
|
|
2748
3105
|
"text": {
|
|
2749
|
-
"
|
|
2750
|
-
"type": "text"
|
|
3106
|
+
"type": "match_only_text"
|
|
2751
3107
|
}
|
|
2752
3108
|
},
|
|
2753
3109
|
"ignore_above": 1024,
|
|
@@ -2780,8 +3136,7 @@
|
|
|
2780
3136
|
"name": {
|
|
2781
3137
|
"fields": {
|
|
2782
3138
|
"text": {
|
|
2783
|
-
"
|
|
2784
|
-
"type": "text"
|
|
3139
|
+
"type": "match_only_text"
|
|
2785
3140
|
}
|
|
2786
3141
|
},
|
|
2787
3142
|
"ignore_above": 1024,
|
|
@@ -2809,139 +3164,1709 @@
|
|
|
2809
3164
|
},
|
|
2810
3165
|
"threat": {
|
|
2811
3166
|
"properties": {
|
|
2812
|
-
"
|
|
2813
|
-
"ignore_above": 1024,
|
|
2814
|
-
"type": "keyword"
|
|
2815
|
-
},
|
|
2816
|
-
"tactic": {
|
|
2817
|
-
"properties": {
|
|
2818
|
-
"id": {
|
|
2819
|
-
"ignore_above": 1024,
|
|
2820
|
-
"type": "keyword"
|
|
2821
|
-
},
|
|
2822
|
-
"name": {
|
|
2823
|
-
"ignore_above": 1024,
|
|
2824
|
-
"type": "keyword"
|
|
2825
|
-
},
|
|
2826
|
-
"reference": {
|
|
2827
|
-
"ignore_above": 1024,
|
|
2828
|
-
"type": "keyword"
|
|
2829
|
-
}
|
|
2830
|
-
}
|
|
2831
|
-
},
|
|
2832
|
-
"technique": {
|
|
3167
|
+
"enrichments": {
|
|
2833
3168
|
"properties": {
|
|
2834
|
-
"
|
|
2835
|
-
"ignore_above": 1024,
|
|
2836
|
-
"type": "keyword"
|
|
2837
|
-
},
|
|
2838
|
-
"name": {
|
|
2839
|
-
"fields": {
|
|
2840
|
-
"text": {
|
|
2841
|
-
"norms": false,
|
|
2842
|
-
"type": "text"
|
|
2843
|
-
}
|
|
2844
|
-
},
|
|
2845
|
-
"ignore_above": 1024,
|
|
2846
|
-
"type": "keyword"
|
|
2847
|
-
},
|
|
2848
|
-
"reference": {
|
|
2849
|
-
"ignore_above": 1024,
|
|
2850
|
-
"type": "keyword"
|
|
2851
|
-
},
|
|
2852
|
-
"subtechnique": {
|
|
3169
|
+
"indicator": {
|
|
2853
3170
|
"properties": {
|
|
2854
|
-
"
|
|
2855
|
-
"
|
|
2856
|
-
|
|
2857
|
-
|
|
2858
|
-
|
|
2859
|
-
|
|
2860
|
-
|
|
2861
|
-
|
|
2862
|
-
|
|
3171
|
+
"as": {
|
|
3172
|
+
"properties": {
|
|
3173
|
+
"number": {
|
|
3174
|
+
"type": "long"
|
|
3175
|
+
},
|
|
3176
|
+
"organization": {
|
|
3177
|
+
"properties": {
|
|
3178
|
+
"name": {
|
|
3179
|
+
"fields": {
|
|
3180
|
+
"text": {
|
|
3181
|
+
"type": "match_only_text"
|
|
3182
|
+
}
|
|
3183
|
+
},
|
|
3184
|
+
"ignore_above": 1024,
|
|
3185
|
+
"type": "keyword"
|
|
3186
|
+
}
|
|
3187
|
+
}
|
|
2863
3188
|
}
|
|
2864
|
-
}
|
|
2865
|
-
"ignore_above": 1024,
|
|
2866
|
-
"type": "keyword"
|
|
2867
|
-
},
|
|
2868
|
-
"reference": {
|
|
2869
|
-
"ignore_above": 1024,
|
|
2870
|
-
"type": "keyword"
|
|
2871
|
-
}
|
|
2872
|
-
}
|
|
2873
|
-
}
|
|
2874
|
-
}
|
|
2875
|
-
}
|
|
2876
|
-
}
|
|
2877
|
-
},
|
|
2878
|
-
"tls": {
|
|
2879
|
-
"properties": {
|
|
2880
|
-
"cipher": {
|
|
2881
|
-
"ignore_above": 1024,
|
|
2882
|
-
"type": "keyword"
|
|
2883
|
-
},
|
|
2884
|
-
"client": {
|
|
2885
|
-
"properties": {
|
|
2886
|
-
"certificate": {
|
|
2887
|
-
"ignore_above": 1024,
|
|
2888
|
-
"type": "keyword"
|
|
2889
|
-
},
|
|
2890
|
-
"certificate_chain": {
|
|
2891
|
-
"ignore_above": 1024,
|
|
2892
|
-
"type": "keyword"
|
|
2893
|
-
},
|
|
2894
|
-
"hash": {
|
|
2895
|
-
"properties": {
|
|
2896
|
-
"md5": {
|
|
2897
|
-
"ignore_above": 1024,
|
|
2898
|
-
"type": "keyword"
|
|
3189
|
+
}
|
|
2899
3190
|
},
|
|
2900
|
-
"
|
|
3191
|
+
"confidence": {
|
|
2901
3192
|
"ignore_above": 1024,
|
|
2902
3193
|
"type": "keyword"
|
|
2903
3194
|
},
|
|
2904
|
-
"
|
|
2905
|
-
"ignore_above": 1024,
|
|
2906
|
-
"type": "keyword"
|
|
2907
|
-
}
|
|
2908
|
-
}
|
|
2909
|
-
},
|
|
2910
|
-
"issuer": {
|
|
2911
|
-
"ignore_above": 1024,
|
|
2912
|
-
"type": "keyword"
|
|
2913
|
-
},
|
|
2914
|
-
"ja3": {
|
|
2915
|
-
"ignore_above": 1024,
|
|
2916
|
-
"type": "keyword"
|
|
2917
|
-
},
|
|
2918
|
-
"not_after": {
|
|
2919
|
-
"type": "date"
|
|
2920
|
-
},
|
|
2921
|
-
"not_before": {
|
|
2922
|
-
"type": "date"
|
|
2923
|
-
},
|
|
2924
|
-
"server_name": {
|
|
2925
|
-
"ignore_above": 1024,
|
|
2926
|
-
"type": "keyword"
|
|
2927
|
-
},
|
|
2928
|
-
"subject": {
|
|
2929
|
-
"ignore_above": 1024,
|
|
2930
|
-
"type": "keyword"
|
|
2931
|
-
},
|
|
2932
|
-
"supported_ciphers": {
|
|
2933
|
-
"ignore_above": 1024,
|
|
2934
|
-
"type": "keyword"
|
|
2935
|
-
},
|
|
2936
|
-
"x509": {
|
|
2937
|
-
"properties": {
|
|
2938
|
-
"alternative_names": {
|
|
3195
|
+
"description": {
|
|
2939
3196
|
"ignore_above": 1024,
|
|
2940
3197
|
"type": "keyword"
|
|
2941
3198
|
},
|
|
2942
|
-
"
|
|
3199
|
+
"email": {
|
|
2943
3200
|
"properties": {
|
|
2944
|
-
"
|
|
3201
|
+
"address": {
|
|
3202
|
+
"ignore_above": 1024,
|
|
3203
|
+
"type": "keyword"
|
|
3204
|
+
}
|
|
3205
|
+
}
|
|
3206
|
+
},
|
|
3207
|
+
"file": {
|
|
3208
|
+
"properties": {
|
|
3209
|
+
"accessed": {
|
|
3210
|
+
"type": "date"
|
|
3211
|
+
},
|
|
3212
|
+
"attributes": {
|
|
3213
|
+
"ignore_above": 1024,
|
|
3214
|
+
"type": "keyword"
|
|
3215
|
+
},
|
|
3216
|
+
"code_signature": {
|
|
3217
|
+
"properties": {
|
|
3218
|
+
"digest_algorithm": {
|
|
3219
|
+
"ignore_above": 1024,
|
|
3220
|
+
"type": "keyword"
|
|
3221
|
+
},
|
|
3222
|
+
"exists": {
|
|
3223
|
+
"type": "boolean"
|
|
3224
|
+
},
|
|
3225
|
+
"signing_id": {
|
|
3226
|
+
"ignore_above": 1024,
|
|
3227
|
+
"type": "keyword"
|
|
3228
|
+
},
|
|
3229
|
+
"status": {
|
|
3230
|
+
"ignore_above": 1024,
|
|
3231
|
+
"type": "keyword"
|
|
3232
|
+
},
|
|
3233
|
+
"subject_name": {
|
|
3234
|
+
"ignore_above": 1024,
|
|
3235
|
+
"type": "keyword"
|
|
3236
|
+
},
|
|
3237
|
+
"team_id": {
|
|
3238
|
+
"ignore_above": 1024,
|
|
3239
|
+
"type": "keyword"
|
|
3240
|
+
},
|
|
3241
|
+
"timestamp": {
|
|
3242
|
+
"type": "date"
|
|
3243
|
+
},
|
|
3244
|
+
"trusted": {
|
|
3245
|
+
"type": "boolean"
|
|
3246
|
+
},
|
|
3247
|
+
"valid": {
|
|
3248
|
+
"type": "boolean"
|
|
3249
|
+
}
|
|
3250
|
+
}
|
|
3251
|
+
},
|
|
3252
|
+
"created": {
|
|
3253
|
+
"type": "date"
|
|
3254
|
+
},
|
|
3255
|
+
"ctime": {
|
|
3256
|
+
"type": "date"
|
|
3257
|
+
},
|
|
3258
|
+
"device": {
|
|
3259
|
+
"ignore_above": 1024,
|
|
3260
|
+
"type": "keyword"
|
|
3261
|
+
},
|
|
3262
|
+
"directory": {
|
|
3263
|
+
"ignore_above": 1024,
|
|
3264
|
+
"type": "keyword"
|
|
3265
|
+
},
|
|
3266
|
+
"drive_letter": {
|
|
3267
|
+
"ignore_above": 1,
|
|
3268
|
+
"type": "keyword"
|
|
3269
|
+
},
|
|
3270
|
+
"elf": {
|
|
3271
|
+
"properties": {
|
|
3272
|
+
"architecture": {
|
|
3273
|
+
"ignore_above": 1024,
|
|
3274
|
+
"type": "keyword"
|
|
3275
|
+
},
|
|
3276
|
+
"byte_order": {
|
|
3277
|
+
"ignore_above": 1024,
|
|
3278
|
+
"type": "keyword"
|
|
3279
|
+
},
|
|
3280
|
+
"cpu_type": {
|
|
3281
|
+
"ignore_above": 1024,
|
|
3282
|
+
"type": "keyword"
|
|
3283
|
+
},
|
|
3284
|
+
"creation_date": {
|
|
3285
|
+
"type": "date"
|
|
3286
|
+
},
|
|
3287
|
+
"exports": {
|
|
3288
|
+
"type": "flattened"
|
|
3289
|
+
},
|
|
3290
|
+
"header": {
|
|
3291
|
+
"properties": {
|
|
3292
|
+
"abi_version": {
|
|
3293
|
+
"ignore_above": 1024,
|
|
3294
|
+
"type": "keyword"
|
|
3295
|
+
},
|
|
3296
|
+
"class": {
|
|
3297
|
+
"ignore_above": 1024,
|
|
3298
|
+
"type": "keyword"
|
|
3299
|
+
},
|
|
3300
|
+
"data": {
|
|
3301
|
+
"ignore_above": 1024,
|
|
3302
|
+
"type": "keyword"
|
|
3303
|
+
},
|
|
3304
|
+
"entrypoint": {
|
|
3305
|
+
"type": "long"
|
|
3306
|
+
},
|
|
3307
|
+
"object_version": {
|
|
3308
|
+
"ignore_above": 1024,
|
|
3309
|
+
"type": "keyword"
|
|
3310
|
+
},
|
|
3311
|
+
"os_abi": {
|
|
3312
|
+
"ignore_above": 1024,
|
|
3313
|
+
"type": "keyword"
|
|
3314
|
+
},
|
|
3315
|
+
"type": {
|
|
3316
|
+
"ignore_above": 1024,
|
|
3317
|
+
"type": "keyword"
|
|
3318
|
+
},
|
|
3319
|
+
"version": {
|
|
3320
|
+
"ignore_above": 1024,
|
|
3321
|
+
"type": "keyword"
|
|
3322
|
+
}
|
|
3323
|
+
}
|
|
3324
|
+
},
|
|
3325
|
+
"imports": {
|
|
3326
|
+
"type": "flattened"
|
|
3327
|
+
},
|
|
3328
|
+
"sections": {
|
|
3329
|
+
"properties": {
|
|
3330
|
+
"chi2": {
|
|
3331
|
+
"type": "long"
|
|
3332
|
+
},
|
|
3333
|
+
"entropy": {
|
|
3334
|
+
"type": "long"
|
|
3335
|
+
},
|
|
3336
|
+
"flags": {
|
|
3337
|
+
"ignore_above": 1024,
|
|
3338
|
+
"type": "keyword"
|
|
3339
|
+
},
|
|
3340
|
+
"name": {
|
|
3341
|
+
"ignore_above": 1024,
|
|
3342
|
+
"type": "keyword"
|
|
3343
|
+
},
|
|
3344
|
+
"physical_offset": {
|
|
3345
|
+
"ignore_above": 1024,
|
|
3346
|
+
"type": "keyword"
|
|
3347
|
+
},
|
|
3348
|
+
"physical_size": {
|
|
3349
|
+
"type": "long"
|
|
3350
|
+
},
|
|
3351
|
+
"type": {
|
|
3352
|
+
"ignore_above": 1024,
|
|
3353
|
+
"type": "keyword"
|
|
3354
|
+
},
|
|
3355
|
+
"virtual_address": {
|
|
3356
|
+
"type": "long"
|
|
3357
|
+
},
|
|
3358
|
+
"virtual_size": {
|
|
3359
|
+
"type": "long"
|
|
3360
|
+
}
|
|
3361
|
+
},
|
|
3362
|
+
"type": "nested"
|
|
3363
|
+
},
|
|
3364
|
+
"segments": {
|
|
3365
|
+
"properties": {
|
|
3366
|
+
"sections": {
|
|
3367
|
+
"ignore_above": 1024,
|
|
3368
|
+
"type": "keyword"
|
|
3369
|
+
},
|
|
3370
|
+
"type": {
|
|
3371
|
+
"ignore_above": 1024,
|
|
3372
|
+
"type": "keyword"
|
|
3373
|
+
}
|
|
3374
|
+
},
|
|
3375
|
+
"type": "nested"
|
|
3376
|
+
},
|
|
3377
|
+
"shared_libraries": {
|
|
3378
|
+
"ignore_above": 1024,
|
|
3379
|
+
"type": "keyword"
|
|
3380
|
+
},
|
|
3381
|
+
"telfhash": {
|
|
3382
|
+
"ignore_above": 1024,
|
|
3383
|
+
"type": "keyword"
|
|
3384
|
+
}
|
|
3385
|
+
}
|
|
3386
|
+
},
|
|
3387
|
+
"extension": {
|
|
3388
|
+
"ignore_above": 1024,
|
|
3389
|
+
"type": "keyword"
|
|
3390
|
+
},
|
|
3391
|
+
"fork_name": {
|
|
3392
|
+
"ignore_above": 1024,
|
|
3393
|
+
"type": "keyword"
|
|
3394
|
+
},
|
|
3395
|
+
"gid": {
|
|
3396
|
+
"ignore_above": 1024,
|
|
3397
|
+
"type": "keyword"
|
|
3398
|
+
},
|
|
3399
|
+
"group": {
|
|
3400
|
+
"ignore_above": 1024,
|
|
3401
|
+
"type": "keyword"
|
|
3402
|
+
},
|
|
3403
|
+
"hash": {
|
|
3404
|
+
"properties": {
|
|
3405
|
+
"md5": {
|
|
3406
|
+
"ignore_above": 1024,
|
|
3407
|
+
"type": "keyword"
|
|
3408
|
+
},
|
|
3409
|
+
"sha1": {
|
|
3410
|
+
"ignore_above": 1024,
|
|
3411
|
+
"type": "keyword"
|
|
3412
|
+
},
|
|
3413
|
+
"sha256": {
|
|
3414
|
+
"ignore_above": 1024,
|
|
3415
|
+
"type": "keyword"
|
|
3416
|
+
},
|
|
3417
|
+
"sha512": {
|
|
3418
|
+
"ignore_above": 1024,
|
|
3419
|
+
"type": "keyword"
|
|
3420
|
+
},
|
|
3421
|
+
"ssdeep": {
|
|
3422
|
+
"ignore_above": 1024,
|
|
3423
|
+
"type": "keyword"
|
|
3424
|
+
}
|
|
3425
|
+
}
|
|
3426
|
+
},
|
|
3427
|
+
"inode": {
|
|
3428
|
+
"ignore_above": 1024,
|
|
3429
|
+
"type": "keyword"
|
|
3430
|
+
},
|
|
3431
|
+
"mime_type": {
|
|
3432
|
+
"ignore_above": 1024,
|
|
3433
|
+
"type": "keyword"
|
|
3434
|
+
},
|
|
3435
|
+
"mode": {
|
|
3436
|
+
"ignore_above": 1024,
|
|
3437
|
+
"type": "keyword"
|
|
3438
|
+
},
|
|
3439
|
+
"mtime": {
|
|
3440
|
+
"type": "date"
|
|
3441
|
+
},
|
|
3442
|
+
"name": {
|
|
3443
|
+
"ignore_above": 1024,
|
|
3444
|
+
"type": "keyword"
|
|
3445
|
+
},
|
|
3446
|
+
"owner": {
|
|
3447
|
+
"ignore_above": 1024,
|
|
3448
|
+
"type": "keyword"
|
|
3449
|
+
},
|
|
3450
|
+
"path": {
|
|
3451
|
+
"fields": {
|
|
3452
|
+
"text": {
|
|
3453
|
+
"type": "match_only_text"
|
|
3454
|
+
}
|
|
3455
|
+
},
|
|
3456
|
+
"ignore_above": 1024,
|
|
3457
|
+
"type": "keyword"
|
|
3458
|
+
},
|
|
3459
|
+
"pe": {
|
|
3460
|
+
"properties": {
|
|
3461
|
+
"architecture": {
|
|
3462
|
+
"ignore_above": 1024,
|
|
3463
|
+
"type": "keyword"
|
|
3464
|
+
},
|
|
3465
|
+
"company": {
|
|
3466
|
+
"ignore_above": 1024,
|
|
3467
|
+
"type": "keyword"
|
|
3468
|
+
},
|
|
3469
|
+
"description": {
|
|
3470
|
+
"ignore_above": 1024,
|
|
3471
|
+
"type": "keyword"
|
|
3472
|
+
},
|
|
3473
|
+
"file_version": {
|
|
3474
|
+
"ignore_above": 1024,
|
|
3475
|
+
"type": "keyword"
|
|
3476
|
+
},
|
|
3477
|
+
"imphash": {
|
|
3478
|
+
"ignore_above": 1024,
|
|
3479
|
+
"type": "keyword"
|
|
3480
|
+
},
|
|
3481
|
+
"original_file_name": {
|
|
3482
|
+
"ignore_above": 1024,
|
|
3483
|
+
"type": "keyword"
|
|
3484
|
+
},
|
|
3485
|
+
"product": {
|
|
3486
|
+
"ignore_above": 1024,
|
|
3487
|
+
"type": "keyword"
|
|
3488
|
+
}
|
|
3489
|
+
}
|
|
3490
|
+
},
|
|
3491
|
+
"size": {
|
|
3492
|
+
"type": "long"
|
|
3493
|
+
},
|
|
3494
|
+
"target_path": {
|
|
3495
|
+
"fields": {
|
|
3496
|
+
"text": {
|
|
3497
|
+
"type": "match_only_text"
|
|
3498
|
+
}
|
|
3499
|
+
},
|
|
3500
|
+
"ignore_above": 1024,
|
|
3501
|
+
"type": "keyword"
|
|
3502
|
+
},
|
|
3503
|
+
"type": {
|
|
3504
|
+
"ignore_above": 1024,
|
|
3505
|
+
"type": "keyword"
|
|
3506
|
+
},
|
|
3507
|
+
"uid": {
|
|
3508
|
+
"ignore_above": 1024,
|
|
3509
|
+
"type": "keyword"
|
|
3510
|
+
},
|
|
3511
|
+
"x509": {
|
|
3512
|
+
"properties": {
|
|
3513
|
+
"alternative_names": {
|
|
3514
|
+
"ignore_above": 1024,
|
|
3515
|
+
"type": "keyword"
|
|
3516
|
+
},
|
|
3517
|
+
"issuer": {
|
|
3518
|
+
"properties": {
|
|
3519
|
+
"common_name": {
|
|
3520
|
+
"ignore_above": 1024,
|
|
3521
|
+
"type": "keyword"
|
|
3522
|
+
},
|
|
3523
|
+
"country": {
|
|
3524
|
+
"ignore_above": 1024,
|
|
3525
|
+
"type": "keyword"
|
|
3526
|
+
},
|
|
3527
|
+
"distinguished_name": {
|
|
3528
|
+
"ignore_above": 1024,
|
|
3529
|
+
"type": "keyword"
|
|
3530
|
+
},
|
|
3531
|
+
"locality": {
|
|
3532
|
+
"ignore_above": 1024,
|
|
3533
|
+
"type": "keyword"
|
|
3534
|
+
},
|
|
3535
|
+
"organization": {
|
|
3536
|
+
"ignore_above": 1024,
|
|
3537
|
+
"type": "keyword"
|
|
3538
|
+
},
|
|
3539
|
+
"organizational_unit": {
|
|
3540
|
+
"ignore_above": 1024,
|
|
3541
|
+
"type": "keyword"
|
|
3542
|
+
},
|
|
3543
|
+
"state_or_province": {
|
|
3544
|
+
"ignore_above": 1024,
|
|
3545
|
+
"type": "keyword"
|
|
3546
|
+
}
|
|
3547
|
+
}
|
|
3548
|
+
},
|
|
3549
|
+
"not_after": {
|
|
3550
|
+
"type": "date"
|
|
3551
|
+
},
|
|
3552
|
+
"not_before": {
|
|
3553
|
+
"type": "date"
|
|
3554
|
+
},
|
|
3555
|
+
"public_key_algorithm": {
|
|
3556
|
+
"ignore_above": 1024,
|
|
3557
|
+
"type": "keyword"
|
|
3558
|
+
},
|
|
3559
|
+
"public_key_curve": {
|
|
3560
|
+
"ignore_above": 1024,
|
|
3561
|
+
"type": "keyword"
|
|
3562
|
+
},
|
|
3563
|
+
"public_key_exponent": {
|
|
3564
|
+
"doc_values": false,
|
|
3565
|
+
"index": false,
|
|
3566
|
+
"type": "long"
|
|
3567
|
+
},
|
|
3568
|
+
"public_key_size": {
|
|
3569
|
+
"type": "long"
|
|
3570
|
+
},
|
|
3571
|
+
"serial_number": {
|
|
3572
|
+
"ignore_above": 1024,
|
|
3573
|
+
"type": "keyword"
|
|
3574
|
+
},
|
|
3575
|
+
"signature_algorithm": {
|
|
3576
|
+
"ignore_above": 1024,
|
|
3577
|
+
"type": "keyword"
|
|
3578
|
+
},
|
|
3579
|
+
"subject": {
|
|
3580
|
+
"properties": {
|
|
3581
|
+
"common_name": {
|
|
3582
|
+
"ignore_above": 1024,
|
|
3583
|
+
"type": "keyword"
|
|
3584
|
+
},
|
|
3585
|
+
"country": {
|
|
3586
|
+
"ignore_above": 1024,
|
|
3587
|
+
"type": "keyword"
|
|
3588
|
+
},
|
|
3589
|
+
"distinguished_name": {
|
|
3590
|
+
"ignore_above": 1024,
|
|
3591
|
+
"type": "keyword"
|
|
3592
|
+
},
|
|
3593
|
+
"locality": {
|
|
3594
|
+
"ignore_above": 1024,
|
|
3595
|
+
"type": "keyword"
|
|
3596
|
+
},
|
|
3597
|
+
"organization": {
|
|
3598
|
+
"ignore_above": 1024,
|
|
3599
|
+
"type": "keyword"
|
|
3600
|
+
},
|
|
3601
|
+
"organizational_unit": {
|
|
3602
|
+
"ignore_above": 1024,
|
|
3603
|
+
"type": "keyword"
|
|
3604
|
+
},
|
|
3605
|
+
"state_or_province": {
|
|
3606
|
+
"ignore_above": 1024,
|
|
3607
|
+
"type": "keyword"
|
|
3608
|
+
}
|
|
3609
|
+
}
|
|
3610
|
+
},
|
|
3611
|
+
"version_number": {
|
|
3612
|
+
"ignore_above": 1024,
|
|
3613
|
+
"type": "keyword"
|
|
3614
|
+
}
|
|
3615
|
+
}
|
|
3616
|
+
}
|
|
3617
|
+
}
|
|
3618
|
+
},
|
|
3619
|
+
"first_seen": {
|
|
3620
|
+
"type": "date"
|
|
3621
|
+
},
|
|
3622
|
+
"geo": {
|
|
3623
|
+
"properties": {
|
|
3624
|
+
"city_name": {
|
|
3625
|
+
"ignore_above": 1024,
|
|
3626
|
+
"type": "keyword"
|
|
3627
|
+
},
|
|
3628
|
+
"continent_code": {
|
|
3629
|
+
"ignore_above": 1024,
|
|
3630
|
+
"type": "keyword"
|
|
3631
|
+
},
|
|
3632
|
+
"continent_name": {
|
|
3633
|
+
"ignore_above": 1024,
|
|
3634
|
+
"type": "keyword"
|
|
3635
|
+
},
|
|
3636
|
+
"country_iso_code": {
|
|
3637
|
+
"ignore_above": 1024,
|
|
3638
|
+
"type": "keyword"
|
|
3639
|
+
},
|
|
3640
|
+
"country_name": {
|
|
3641
|
+
"ignore_above": 1024,
|
|
3642
|
+
"type": "keyword"
|
|
3643
|
+
},
|
|
3644
|
+
"location": {
|
|
3645
|
+
"type": "geo_point"
|
|
3646
|
+
},
|
|
3647
|
+
"name": {
|
|
3648
|
+
"ignore_above": 1024,
|
|
3649
|
+
"type": "keyword"
|
|
3650
|
+
},
|
|
3651
|
+
"postal_code": {
|
|
3652
|
+
"ignore_above": 1024,
|
|
3653
|
+
"type": "keyword"
|
|
3654
|
+
},
|
|
3655
|
+
"region_iso_code": {
|
|
3656
|
+
"ignore_above": 1024,
|
|
3657
|
+
"type": "keyword"
|
|
3658
|
+
},
|
|
3659
|
+
"region_name": {
|
|
3660
|
+
"ignore_above": 1024,
|
|
3661
|
+
"type": "keyword"
|
|
3662
|
+
},
|
|
3663
|
+
"timezone": {
|
|
3664
|
+
"ignore_above": 1024,
|
|
3665
|
+
"type": "keyword"
|
|
3666
|
+
}
|
|
3667
|
+
}
|
|
3668
|
+
},
|
|
3669
|
+
"ip": {
|
|
3670
|
+
"type": "ip"
|
|
3671
|
+
},
|
|
3672
|
+
"last_seen": {
|
|
3673
|
+
"type": "date"
|
|
3674
|
+
},
|
|
3675
|
+
"marking": {
|
|
3676
|
+
"properties": {
|
|
3677
|
+
"tlp": {
|
|
3678
|
+
"ignore_above": 1024,
|
|
3679
|
+
"type": "keyword"
|
|
3680
|
+
}
|
|
3681
|
+
}
|
|
3682
|
+
},
|
|
3683
|
+
"modified_at": {
|
|
3684
|
+
"type": "date"
|
|
3685
|
+
},
|
|
3686
|
+
"port": {
|
|
3687
|
+
"type": "long"
|
|
3688
|
+
},
|
|
3689
|
+
"provider": {
|
|
3690
|
+
"ignore_above": 1024,
|
|
3691
|
+
"type": "keyword"
|
|
3692
|
+
},
|
|
3693
|
+
"reference": {
|
|
3694
|
+
"ignore_above": 1024,
|
|
3695
|
+
"type": "keyword"
|
|
3696
|
+
},
|
|
3697
|
+
"registry": {
|
|
3698
|
+
"properties": {
|
|
3699
|
+
"data": {
|
|
3700
|
+
"properties": {
|
|
3701
|
+
"bytes": {
|
|
3702
|
+
"ignore_above": 1024,
|
|
3703
|
+
"type": "keyword"
|
|
3704
|
+
},
|
|
3705
|
+
"strings": {
|
|
3706
|
+
"type": "wildcard"
|
|
3707
|
+
},
|
|
3708
|
+
"type": {
|
|
3709
|
+
"ignore_above": 1024,
|
|
3710
|
+
"type": "keyword"
|
|
3711
|
+
}
|
|
3712
|
+
}
|
|
3713
|
+
},
|
|
3714
|
+
"hive": {
|
|
3715
|
+
"ignore_above": 1024,
|
|
3716
|
+
"type": "keyword"
|
|
3717
|
+
},
|
|
3718
|
+
"key": {
|
|
3719
|
+
"ignore_above": 1024,
|
|
3720
|
+
"type": "keyword"
|
|
3721
|
+
},
|
|
3722
|
+
"path": {
|
|
3723
|
+
"ignore_above": 1024,
|
|
3724
|
+
"type": "keyword"
|
|
3725
|
+
},
|
|
3726
|
+
"value": {
|
|
3727
|
+
"ignore_above": 1024,
|
|
3728
|
+
"type": "keyword"
|
|
3729
|
+
}
|
|
3730
|
+
}
|
|
3731
|
+
},
|
|
3732
|
+
"scanner_stats": {
|
|
3733
|
+
"type": "long"
|
|
3734
|
+
},
|
|
3735
|
+
"sightings": {
|
|
3736
|
+
"type": "long"
|
|
3737
|
+
},
|
|
3738
|
+
"type": {
|
|
3739
|
+
"ignore_above": 1024,
|
|
3740
|
+
"type": "keyword"
|
|
3741
|
+
},
|
|
3742
|
+
"url": {
|
|
3743
|
+
"properties": {
|
|
3744
|
+
"domain": {
|
|
3745
|
+
"ignore_above": 1024,
|
|
3746
|
+
"type": "keyword"
|
|
3747
|
+
},
|
|
3748
|
+
"extension": {
|
|
3749
|
+
"ignore_above": 1024,
|
|
3750
|
+
"type": "keyword"
|
|
3751
|
+
},
|
|
3752
|
+
"fragment": {
|
|
3753
|
+
"ignore_above": 1024,
|
|
3754
|
+
"type": "keyword"
|
|
3755
|
+
},
|
|
3756
|
+
"full": {
|
|
3757
|
+
"fields": {
|
|
3758
|
+
"text": {
|
|
3759
|
+
"type": "match_only_text"
|
|
3760
|
+
}
|
|
3761
|
+
},
|
|
3762
|
+
"type": "wildcard"
|
|
3763
|
+
},
|
|
3764
|
+
"original": {
|
|
3765
|
+
"fields": {
|
|
3766
|
+
"text": {
|
|
3767
|
+
"type": "match_only_text"
|
|
3768
|
+
}
|
|
3769
|
+
},
|
|
3770
|
+
"type": "wildcard"
|
|
3771
|
+
},
|
|
3772
|
+
"password": {
|
|
3773
|
+
"ignore_above": 1024,
|
|
3774
|
+
"type": "keyword"
|
|
3775
|
+
},
|
|
3776
|
+
"path": {
|
|
3777
|
+
"type": "wildcard"
|
|
3778
|
+
},
|
|
3779
|
+
"port": {
|
|
3780
|
+
"type": "long"
|
|
3781
|
+
},
|
|
3782
|
+
"query": {
|
|
3783
|
+
"ignore_above": 1024,
|
|
3784
|
+
"type": "keyword"
|
|
3785
|
+
},
|
|
3786
|
+
"registered_domain": {
|
|
3787
|
+
"ignore_above": 1024,
|
|
3788
|
+
"type": "keyword"
|
|
3789
|
+
},
|
|
3790
|
+
"scheme": {
|
|
3791
|
+
"ignore_above": 1024,
|
|
3792
|
+
"type": "keyword"
|
|
3793
|
+
},
|
|
3794
|
+
"subdomain": {
|
|
3795
|
+
"ignore_above": 1024,
|
|
3796
|
+
"type": "keyword"
|
|
3797
|
+
},
|
|
3798
|
+
"top_level_domain": {
|
|
3799
|
+
"ignore_above": 1024,
|
|
3800
|
+
"type": "keyword"
|
|
3801
|
+
},
|
|
3802
|
+
"username": {
|
|
3803
|
+
"ignore_above": 1024,
|
|
3804
|
+
"type": "keyword"
|
|
3805
|
+
}
|
|
3806
|
+
}
|
|
3807
|
+
},
|
|
3808
|
+
"x509": {
|
|
3809
|
+
"properties": {
|
|
3810
|
+
"alternative_names": {
|
|
3811
|
+
"ignore_above": 1024,
|
|
3812
|
+
"type": "keyword"
|
|
3813
|
+
},
|
|
3814
|
+
"issuer": {
|
|
3815
|
+
"properties": {
|
|
3816
|
+
"common_name": {
|
|
3817
|
+
"ignore_above": 1024,
|
|
3818
|
+
"type": "keyword"
|
|
3819
|
+
},
|
|
3820
|
+
"country": {
|
|
3821
|
+
"ignore_above": 1024,
|
|
3822
|
+
"type": "keyword"
|
|
3823
|
+
},
|
|
3824
|
+
"distinguished_name": {
|
|
3825
|
+
"ignore_above": 1024,
|
|
3826
|
+
"type": "keyword"
|
|
3827
|
+
},
|
|
3828
|
+
"locality": {
|
|
3829
|
+
"ignore_above": 1024,
|
|
3830
|
+
"type": "keyword"
|
|
3831
|
+
},
|
|
3832
|
+
"organization": {
|
|
3833
|
+
"ignore_above": 1024,
|
|
3834
|
+
"type": "keyword"
|
|
3835
|
+
},
|
|
3836
|
+
"organizational_unit": {
|
|
3837
|
+
"ignore_above": 1024,
|
|
3838
|
+
"type": "keyword"
|
|
3839
|
+
},
|
|
3840
|
+
"state_or_province": {
|
|
3841
|
+
"ignore_above": 1024,
|
|
3842
|
+
"type": "keyword"
|
|
3843
|
+
}
|
|
3844
|
+
}
|
|
3845
|
+
},
|
|
3846
|
+
"not_after": {
|
|
3847
|
+
"type": "date"
|
|
3848
|
+
},
|
|
3849
|
+
"not_before": {
|
|
3850
|
+
"type": "date"
|
|
3851
|
+
},
|
|
3852
|
+
"public_key_algorithm": {
|
|
3853
|
+
"ignore_above": 1024,
|
|
3854
|
+
"type": "keyword"
|
|
3855
|
+
},
|
|
3856
|
+
"public_key_curve": {
|
|
3857
|
+
"ignore_above": 1024,
|
|
3858
|
+
"type": "keyword"
|
|
3859
|
+
},
|
|
3860
|
+
"public_key_exponent": {
|
|
3861
|
+
"doc_values": false,
|
|
3862
|
+
"index": false,
|
|
3863
|
+
"type": "long"
|
|
3864
|
+
},
|
|
3865
|
+
"public_key_size": {
|
|
3866
|
+
"type": "long"
|
|
3867
|
+
},
|
|
3868
|
+
"serial_number": {
|
|
3869
|
+
"ignore_above": 1024,
|
|
3870
|
+
"type": "keyword"
|
|
3871
|
+
},
|
|
3872
|
+
"signature_algorithm": {
|
|
3873
|
+
"ignore_above": 1024,
|
|
3874
|
+
"type": "keyword"
|
|
3875
|
+
},
|
|
3876
|
+
"subject": {
|
|
3877
|
+
"properties": {
|
|
3878
|
+
"common_name": {
|
|
3879
|
+
"ignore_above": 1024,
|
|
3880
|
+
"type": "keyword"
|
|
3881
|
+
},
|
|
3882
|
+
"country": {
|
|
3883
|
+
"ignore_above": 1024,
|
|
3884
|
+
"type": "keyword"
|
|
3885
|
+
},
|
|
3886
|
+
"distinguished_name": {
|
|
3887
|
+
"ignore_above": 1024,
|
|
3888
|
+
"type": "keyword"
|
|
3889
|
+
},
|
|
3890
|
+
"locality": {
|
|
3891
|
+
"ignore_above": 1024,
|
|
3892
|
+
"type": "keyword"
|
|
3893
|
+
},
|
|
3894
|
+
"organization": {
|
|
3895
|
+
"ignore_above": 1024,
|
|
3896
|
+
"type": "keyword"
|
|
3897
|
+
},
|
|
3898
|
+
"organizational_unit": {
|
|
3899
|
+
"ignore_above": 1024,
|
|
3900
|
+
"type": "keyword"
|
|
3901
|
+
},
|
|
3902
|
+
"state_or_province": {
|
|
3903
|
+
"ignore_above": 1024,
|
|
3904
|
+
"type": "keyword"
|
|
3905
|
+
}
|
|
3906
|
+
}
|
|
3907
|
+
},
|
|
3908
|
+
"version_number": {
|
|
3909
|
+
"ignore_above": 1024,
|
|
3910
|
+
"type": "keyword"
|
|
3911
|
+
}
|
|
3912
|
+
}
|
|
3913
|
+
}
|
|
3914
|
+
},
|
|
3915
|
+
"type": "object"
|
|
3916
|
+
},
|
|
3917
|
+
"matched": {
|
|
3918
|
+
"properties": {
|
|
3919
|
+
"atomic": {
|
|
3920
|
+
"ignore_above": 1024,
|
|
3921
|
+
"type": "keyword"
|
|
3922
|
+
},
|
|
3923
|
+
"field": {
|
|
3924
|
+
"ignore_above": 1024,
|
|
3925
|
+
"type": "keyword"
|
|
3926
|
+
},
|
|
3927
|
+
"id": {
|
|
3928
|
+
"ignore_above": 1024,
|
|
3929
|
+
"type": "keyword"
|
|
3930
|
+
},
|
|
3931
|
+
"index": {
|
|
3932
|
+
"ignore_above": 1024,
|
|
3933
|
+
"type": "keyword"
|
|
3934
|
+
},
|
|
3935
|
+
"type": {
|
|
3936
|
+
"ignore_above": 1024,
|
|
3937
|
+
"type": "keyword"
|
|
3938
|
+
}
|
|
3939
|
+
}
|
|
3940
|
+
}
|
|
3941
|
+
},
|
|
3942
|
+
"type": "nested"
|
|
3943
|
+
},
|
|
3944
|
+
"framework": {
|
|
3945
|
+
"ignore_above": 1024,
|
|
3946
|
+
"type": "keyword"
|
|
3947
|
+
},
|
|
3948
|
+
"group": {
|
|
3949
|
+
"properties": {
|
|
3950
|
+
"alias": {
|
|
3951
|
+
"ignore_above": 1024,
|
|
3952
|
+
"type": "keyword"
|
|
3953
|
+
},
|
|
3954
|
+
"id": {
|
|
3955
|
+
"ignore_above": 1024,
|
|
3956
|
+
"type": "keyword"
|
|
3957
|
+
},
|
|
3958
|
+
"name": {
|
|
3959
|
+
"ignore_above": 1024,
|
|
3960
|
+
"type": "keyword"
|
|
3961
|
+
},
|
|
3962
|
+
"reference": {
|
|
3963
|
+
"ignore_above": 1024,
|
|
3964
|
+
"type": "keyword"
|
|
3965
|
+
}
|
|
3966
|
+
}
|
|
3967
|
+
},
|
|
3968
|
+
"indicator": {
|
|
3969
|
+
"properties": {
|
|
3970
|
+
"as": {
|
|
3971
|
+
"properties": {
|
|
3972
|
+
"number": {
|
|
3973
|
+
"type": "long"
|
|
3974
|
+
},
|
|
3975
|
+
"organization": {
|
|
3976
|
+
"properties": {
|
|
3977
|
+
"name": {
|
|
3978
|
+
"fields": {
|
|
3979
|
+
"text": {
|
|
3980
|
+
"type": "match_only_text"
|
|
3981
|
+
}
|
|
3982
|
+
},
|
|
3983
|
+
"ignore_above": 1024,
|
|
3984
|
+
"type": "keyword"
|
|
3985
|
+
}
|
|
3986
|
+
}
|
|
3987
|
+
}
|
|
3988
|
+
}
|
|
3989
|
+
},
|
|
3990
|
+
"confidence": {
|
|
3991
|
+
"ignore_above": 1024,
|
|
3992
|
+
"type": "keyword"
|
|
3993
|
+
},
|
|
3994
|
+
"description": {
|
|
3995
|
+
"ignore_above": 1024,
|
|
3996
|
+
"type": "keyword"
|
|
3997
|
+
},
|
|
3998
|
+
"email": {
|
|
3999
|
+
"properties": {
|
|
4000
|
+
"address": {
|
|
4001
|
+
"ignore_above": 1024,
|
|
4002
|
+
"type": "keyword"
|
|
4003
|
+
}
|
|
4004
|
+
}
|
|
4005
|
+
},
|
|
4006
|
+
"file": {
|
|
4007
|
+
"properties": {
|
|
4008
|
+
"accessed": {
|
|
4009
|
+
"type": "date"
|
|
4010
|
+
},
|
|
4011
|
+
"attributes": {
|
|
4012
|
+
"ignore_above": 1024,
|
|
4013
|
+
"type": "keyword"
|
|
4014
|
+
},
|
|
4015
|
+
"code_signature": {
|
|
4016
|
+
"properties": {
|
|
4017
|
+
"digest_algorithm": {
|
|
4018
|
+
"ignore_above": 1024,
|
|
4019
|
+
"type": "keyword"
|
|
4020
|
+
},
|
|
4021
|
+
"exists": {
|
|
4022
|
+
"type": "boolean"
|
|
4023
|
+
},
|
|
4024
|
+
"signing_id": {
|
|
4025
|
+
"ignore_above": 1024,
|
|
4026
|
+
"type": "keyword"
|
|
4027
|
+
},
|
|
4028
|
+
"status": {
|
|
4029
|
+
"ignore_above": 1024,
|
|
4030
|
+
"type": "keyword"
|
|
4031
|
+
},
|
|
4032
|
+
"subject_name": {
|
|
4033
|
+
"ignore_above": 1024,
|
|
4034
|
+
"type": "keyword"
|
|
4035
|
+
},
|
|
4036
|
+
"team_id": {
|
|
4037
|
+
"ignore_above": 1024,
|
|
4038
|
+
"type": "keyword"
|
|
4039
|
+
},
|
|
4040
|
+
"timestamp": {
|
|
4041
|
+
"type": "date"
|
|
4042
|
+
},
|
|
4043
|
+
"trusted": {
|
|
4044
|
+
"type": "boolean"
|
|
4045
|
+
},
|
|
4046
|
+
"valid": {
|
|
4047
|
+
"type": "boolean"
|
|
4048
|
+
}
|
|
4049
|
+
}
|
|
4050
|
+
},
|
|
4051
|
+
"created": {
|
|
4052
|
+
"type": "date"
|
|
4053
|
+
},
|
|
4054
|
+
"ctime": {
|
|
4055
|
+
"type": "date"
|
|
4056
|
+
},
|
|
4057
|
+
"device": {
|
|
4058
|
+
"ignore_above": 1024,
|
|
4059
|
+
"type": "keyword"
|
|
4060
|
+
},
|
|
4061
|
+
"directory": {
|
|
4062
|
+
"ignore_above": 1024,
|
|
4063
|
+
"type": "keyword"
|
|
4064
|
+
},
|
|
4065
|
+
"drive_letter": {
|
|
4066
|
+
"ignore_above": 1,
|
|
4067
|
+
"type": "keyword"
|
|
4068
|
+
},
|
|
4069
|
+
"elf": {
|
|
4070
|
+
"properties": {
|
|
4071
|
+
"architecture": {
|
|
4072
|
+
"ignore_above": 1024,
|
|
4073
|
+
"type": "keyword"
|
|
4074
|
+
},
|
|
4075
|
+
"byte_order": {
|
|
4076
|
+
"ignore_above": 1024,
|
|
4077
|
+
"type": "keyword"
|
|
4078
|
+
},
|
|
4079
|
+
"cpu_type": {
|
|
4080
|
+
"ignore_above": 1024,
|
|
4081
|
+
"type": "keyword"
|
|
4082
|
+
},
|
|
4083
|
+
"creation_date": {
|
|
4084
|
+
"type": "date"
|
|
4085
|
+
},
|
|
4086
|
+
"exports": {
|
|
4087
|
+
"type": "flattened"
|
|
4088
|
+
},
|
|
4089
|
+
"header": {
|
|
4090
|
+
"properties": {
|
|
4091
|
+
"abi_version": {
|
|
4092
|
+
"ignore_above": 1024,
|
|
4093
|
+
"type": "keyword"
|
|
4094
|
+
},
|
|
4095
|
+
"class": {
|
|
4096
|
+
"ignore_above": 1024,
|
|
4097
|
+
"type": "keyword"
|
|
4098
|
+
},
|
|
4099
|
+
"data": {
|
|
4100
|
+
"ignore_above": 1024,
|
|
4101
|
+
"type": "keyword"
|
|
4102
|
+
},
|
|
4103
|
+
"entrypoint": {
|
|
4104
|
+
"type": "long"
|
|
4105
|
+
},
|
|
4106
|
+
"object_version": {
|
|
4107
|
+
"ignore_above": 1024,
|
|
4108
|
+
"type": "keyword"
|
|
4109
|
+
},
|
|
4110
|
+
"os_abi": {
|
|
4111
|
+
"ignore_above": 1024,
|
|
4112
|
+
"type": "keyword"
|
|
4113
|
+
},
|
|
4114
|
+
"type": {
|
|
4115
|
+
"ignore_above": 1024,
|
|
4116
|
+
"type": "keyword"
|
|
4117
|
+
},
|
|
4118
|
+
"version": {
|
|
4119
|
+
"ignore_above": 1024,
|
|
4120
|
+
"type": "keyword"
|
|
4121
|
+
}
|
|
4122
|
+
}
|
|
4123
|
+
},
|
|
4124
|
+
"imports": {
|
|
4125
|
+
"type": "flattened"
|
|
4126
|
+
},
|
|
4127
|
+
"sections": {
|
|
4128
|
+
"properties": {
|
|
4129
|
+
"chi2": {
|
|
4130
|
+
"type": "long"
|
|
4131
|
+
},
|
|
4132
|
+
"entropy": {
|
|
4133
|
+
"type": "long"
|
|
4134
|
+
},
|
|
4135
|
+
"flags": {
|
|
4136
|
+
"ignore_above": 1024,
|
|
4137
|
+
"type": "keyword"
|
|
4138
|
+
},
|
|
4139
|
+
"name": {
|
|
4140
|
+
"ignore_above": 1024,
|
|
4141
|
+
"type": "keyword"
|
|
4142
|
+
},
|
|
4143
|
+
"physical_offset": {
|
|
4144
|
+
"ignore_above": 1024,
|
|
4145
|
+
"type": "keyword"
|
|
4146
|
+
},
|
|
4147
|
+
"physical_size": {
|
|
4148
|
+
"type": "long"
|
|
4149
|
+
},
|
|
4150
|
+
"type": {
|
|
4151
|
+
"ignore_above": 1024,
|
|
4152
|
+
"type": "keyword"
|
|
4153
|
+
},
|
|
4154
|
+
"virtual_address": {
|
|
4155
|
+
"type": "long"
|
|
4156
|
+
},
|
|
4157
|
+
"virtual_size": {
|
|
4158
|
+
"type": "long"
|
|
4159
|
+
}
|
|
4160
|
+
},
|
|
4161
|
+
"type": "nested"
|
|
4162
|
+
},
|
|
4163
|
+
"segments": {
|
|
4164
|
+
"properties": {
|
|
4165
|
+
"sections": {
|
|
4166
|
+
"ignore_above": 1024,
|
|
4167
|
+
"type": "keyword"
|
|
4168
|
+
},
|
|
4169
|
+
"type": {
|
|
4170
|
+
"ignore_above": 1024,
|
|
4171
|
+
"type": "keyword"
|
|
4172
|
+
}
|
|
4173
|
+
},
|
|
4174
|
+
"type": "nested"
|
|
4175
|
+
},
|
|
4176
|
+
"shared_libraries": {
|
|
4177
|
+
"ignore_above": 1024,
|
|
4178
|
+
"type": "keyword"
|
|
4179
|
+
},
|
|
4180
|
+
"telfhash": {
|
|
4181
|
+
"ignore_above": 1024,
|
|
4182
|
+
"type": "keyword"
|
|
4183
|
+
}
|
|
4184
|
+
}
|
|
4185
|
+
},
|
|
4186
|
+
"extension": {
|
|
4187
|
+
"ignore_above": 1024,
|
|
4188
|
+
"type": "keyword"
|
|
4189
|
+
},
|
|
4190
|
+
"fork_name": {
|
|
4191
|
+
"ignore_above": 1024,
|
|
4192
|
+
"type": "keyword"
|
|
4193
|
+
},
|
|
4194
|
+
"gid": {
|
|
4195
|
+
"ignore_above": 1024,
|
|
4196
|
+
"type": "keyword"
|
|
4197
|
+
},
|
|
4198
|
+
"group": {
|
|
4199
|
+
"ignore_above": 1024,
|
|
4200
|
+
"type": "keyword"
|
|
4201
|
+
},
|
|
4202
|
+
"hash": {
|
|
4203
|
+
"properties": {
|
|
4204
|
+
"md5": {
|
|
4205
|
+
"ignore_above": 1024,
|
|
4206
|
+
"type": "keyword"
|
|
4207
|
+
},
|
|
4208
|
+
"sha1": {
|
|
4209
|
+
"ignore_above": 1024,
|
|
4210
|
+
"type": "keyword"
|
|
4211
|
+
},
|
|
4212
|
+
"sha256": {
|
|
4213
|
+
"ignore_above": 1024,
|
|
4214
|
+
"type": "keyword"
|
|
4215
|
+
},
|
|
4216
|
+
"sha512": {
|
|
4217
|
+
"ignore_above": 1024,
|
|
4218
|
+
"type": "keyword"
|
|
4219
|
+
},
|
|
4220
|
+
"ssdeep": {
|
|
4221
|
+
"ignore_above": 1024,
|
|
4222
|
+
"type": "keyword"
|
|
4223
|
+
}
|
|
4224
|
+
}
|
|
4225
|
+
},
|
|
4226
|
+
"inode": {
|
|
4227
|
+
"ignore_above": 1024,
|
|
4228
|
+
"type": "keyword"
|
|
4229
|
+
},
|
|
4230
|
+
"mime_type": {
|
|
4231
|
+
"ignore_above": 1024,
|
|
4232
|
+
"type": "keyword"
|
|
4233
|
+
},
|
|
4234
|
+
"mode": {
|
|
4235
|
+
"ignore_above": 1024,
|
|
4236
|
+
"type": "keyword"
|
|
4237
|
+
},
|
|
4238
|
+
"mtime": {
|
|
4239
|
+
"type": "date"
|
|
4240
|
+
},
|
|
4241
|
+
"name": {
|
|
4242
|
+
"ignore_above": 1024,
|
|
4243
|
+
"type": "keyword"
|
|
4244
|
+
},
|
|
4245
|
+
"owner": {
|
|
4246
|
+
"ignore_above": 1024,
|
|
4247
|
+
"type": "keyword"
|
|
4248
|
+
},
|
|
4249
|
+
"path": {
|
|
4250
|
+
"fields": {
|
|
4251
|
+
"text": {
|
|
4252
|
+
"type": "match_only_text"
|
|
4253
|
+
}
|
|
4254
|
+
},
|
|
4255
|
+
"ignore_above": 1024,
|
|
4256
|
+
"type": "keyword"
|
|
4257
|
+
},
|
|
4258
|
+
"pe": {
|
|
4259
|
+
"properties": {
|
|
4260
|
+
"architecture": {
|
|
4261
|
+
"ignore_above": 1024,
|
|
4262
|
+
"type": "keyword"
|
|
4263
|
+
},
|
|
4264
|
+
"company": {
|
|
4265
|
+
"ignore_above": 1024,
|
|
4266
|
+
"type": "keyword"
|
|
4267
|
+
},
|
|
4268
|
+
"description": {
|
|
4269
|
+
"ignore_above": 1024,
|
|
4270
|
+
"type": "keyword"
|
|
4271
|
+
},
|
|
4272
|
+
"file_version": {
|
|
4273
|
+
"ignore_above": 1024,
|
|
4274
|
+
"type": "keyword"
|
|
4275
|
+
},
|
|
4276
|
+
"imphash": {
|
|
4277
|
+
"ignore_above": 1024,
|
|
4278
|
+
"type": "keyword"
|
|
4279
|
+
},
|
|
4280
|
+
"original_file_name": {
|
|
4281
|
+
"ignore_above": 1024,
|
|
4282
|
+
"type": "keyword"
|
|
4283
|
+
},
|
|
4284
|
+
"product": {
|
|
4285
|
+
"ignore_above": 1024,
|
|
4286
|
+
"type": "keyword"
|
|
4287
|
+
}
|
|
4288
|
+
}
|
|
4289
|
+
},
|
|
4290
|
+
"size": {
|
|
4291
|
+
"type": "long"
|
|
4292
|
+
},
|
|
4293
|
+
"target_path": {
|
|
4294
|
+
"fields": {
|
|
4295
|
+
"text": {
|
|
4296
|
+
"type": "match_only_text"
|
|
4297
|
+
}
|
|
4298
|
+
},
|
|
4299
|
+
"ignore_above": 1024,
|
|
4300
|
+
"type": "keyword"
|
|
4301
|
+
},
|
|
4302
|
+
"type": {
|
|
4303
|
+
"ignore_above": 1024,
|
|
4304
|
+
"type": "keyword"
|
|
4305
|
+
},
|
|
4306
|
+
"uid": {
|
|
4307
|
+
"ignore_above": 1024,
|
|
4308
|
+
"type": "keyword"
|
|
4309
|
+
},
|
|
4310
|
+
"x509": {
|
|
4311
|
+
"properties": {
|
|
4312
|
+
"alternative_names": {
|
|
4313
|
+
"ignore_above": 1024,
|
|
4314
|
+
"type": "keyword"
|
|
4315
|
+
},
|
|
4316
|
+
"issuer": {
|
|
4317
|
+
"properties": {
|
|
4318
|
+
"common_name": {
|
|
4319
|
+
"ignore_above": 1024,
|
|
4320
|
+
"type": "keyword"
|
|
4321
|
+
},
|
|
4322
|
+
"country": {
|
|
4323
|
+
"ignore_above": 1024,
|
|
4324
|
+
"type": "keyword"
|
|
4325
|
+
},
|
|
4326
|
+
"distinguished_name": {
|
|
4327
|
+
"ignore_above": 1024,
|
|
4328
|
+
"type": "keyword"
|
|
4329
|
+
},
|
|
4330
|
+
"locality": {
|
|
4331
|
+
"ignore_above": 1024,
|
|
4332
|
+
"type": "keyword"
|
|
4333
|
+
},
|
|
4334
|
+
"organization": {
|
|
4335
|
+
"ignore_above": 1024,
|
|
4336
|
+
"type": "keyword"
|
|
4337
|
+
},
|
|
4338
|
+
"organizational_unit": {
|
|
4339
|
+
"ignore_above": 1024,
|
|
4340
|
+
"type": "keyword"
|
|
4341
|
+
},
|
|
4342
|
+
"state_or_province": {
|
|
4343
|
+
"ignore_above": 1024,
|
|
4344
|
+
"type": "keyword"
|
|
4345
|
+
}
|
|
4346
|
+
}
|
|
4347
|
+
},
|
|
4348
|
+
"not_after": {
|
|
4349
|
+
"type": "date"
|
|
4350
|
+
},
|
|
4351
|
+
"not_before": {
|
|
4352
|
+
"type": "date"
|
|
4353
|
+
},
|
|
4354
|
+
"public_key_algorithm": {
|
|
4355
|
+
"ignore_above": 1024,
|
|
4356
|
+
"type": "keyword"
|
|
4357
|
+
},
|
|
4358
|
+
"public_key_curve": {
|
|
4359
|
+
"ignore_above": 1024,
|
|
4360
|
+
"type": "keyword"
|
|
4361
|
+
},
|
|
4362
|
+
"public_key_exponent": {
|
|
4363
|
+
"doc_values": false,
|
|
4364
|
+
"index": false,
|
|
4365
|
+
"type": "long"
|
|
4366
|
+
},
|
|
4367
|
+
"public_key_size": {
|
|
4368
|
+
"type": "long"
|
|
4369
|
+
},
|
|
4370
|
+
"serial_number": {
|
|
4371
|
+
"ignore_above": 1024,
|
|
4372
|
+
"type": "keyword"
|
|
4373
|
+
},
|
|
4374
|
+
"signature_algorithm": {
|
|
4375
|
+
"ignore_above": 1024,
|
|
4376
|
+
"type": "keyword"
|
|
4377
|
+
},
|
|
4378
|
+
"subject": {
|
|
4379
|
+
"properties": {
|
|
4380
|
+
"common_name": {
|
|
4381
|
+
"ignore_above": 1024,
|
|
4382
|
+
"type": "keyword"
|
|
4383
|
+
},
|
|
4384
|
+
"country": {
|
|
4385
|
+
"ignore_above": 1024,
|
|
4386
|
+
"type": "keyword"
|
|
4387
|
+
},
|
|
4388
|
+
"distinguished_name": {
|
|
4389
|
+
"ignore_above": 1024,
|
|
4390
|
+
"type": "keyword"
|
|
4391
|
+
},
|
|
4392
|
+
"locality": {
|
|
4393
|
+
"ignore_above": 1024,
|
|
4394
|
+
"type": "keyword"
|
|
4395
|
+
},
|
|
4396
|
+
"organization": {
|
|
4397
|
+
"ignore_above": 1024,
|
|
4398
|
+
"type": "keyword"
|
|
4399
|
+
},
|
|
4400
|
+
"organizational_unit": {
|
|
4401
|
+
"ignore_above": 1024,
|
|
4402
|
+
"type": "keyword"
|
|
4403
|
+
},
|
|
4404
|
+
"state_or_province": {
|
|
4405
|
+
"ignore_above": 1024,
|
|
4406
|
+
"type": "keyword"
|
|
4407
|
+
}
|
|
4408
|
+
}
|
|
4409
|
+
},
|
|
4410
|
+
"version_number": {
|
|
4411
|
+
"ignore_above": 1024,
|
|
4412
|
+
"type": "keyword"
|
|
4413
|
+
}
|
|
4414
|
+
}
|
|
4415
|
+
}
|
|
4416
|
+
}
|
|
4417
|
+
},
|
|
4418
|
+
"first_seen": {
|
|
4419
|
+
"type": "date"
|
|
4420
|
+
},
|
|
4421
|
+
"geo": {
|
|
4422
|
+
"properties": {
|
|
4423
|
+
"city_name": {
|
|
4424
|
+
"ignore_above": 1024,
|
|
4425
|
+
"type": "keyword"
|
|
4426
|
+
},
|
|
4427
|
+
"continent_code": {
|
|
4428
|
+
"ignore_above": 1024,
|
|
4429
|
+
"type": "keyword"
|
|
4430
|
+
},
|
|
4431
|
+
"continent_name": {
|
|
4432
|
+
"ignore_above": 1024,
|
|
4433
|
+
"type": "keyword"
|
|
4434
|
+
},
|
|
4435
|
+
"country_iso_code": {
|
|
4436
|
+
"ignore_above": 1024,
|
|
4437
|
+
"type": "keyword"
|
|
4438
|
+
},
|
|
4439
|
+
"country_name": {
|
|
4440
|
+
"ignore_above": 1024,
|
|
4441
|
+
"type": "keyword"
|
|
4442
|
+
},
|
|
4443
|
+
"location": {
|
|
4444
|
+
"type": "geo_point"
|
|
4445
|
+
},
|
|
4446
|
+
"name": {
|
|
4447
|
+
"ignore_above": 1024,
|
|
4448
|
+
"type": "keyword"
|
|
4449
|
+
},
|
|
4450
|
+
"postal_code": {
|
|
4451
|
+
"ignore_above": 1024,
|
|
4452
|
+
"type": "keyword"
|
|
4453
|
+
},
|
|
4454
|
+
"region_iso_code": {
|
|
4455
|
+
"ignore_above": 1024,
|
|
4456
|
+
"type": "keyword"
|
|
4457
|
+
},
|
|
4458
|
+
"region_name": {
|
|
4459
|
+
"ignore_above": 1024,
|
|
4460
|
+
"type": "keyword"
|
|
4461
|
+
},
|
|
4462
|
+
"timezone": {
|
|
4463
|
+
"ignore_above": 1024,
|
|
4464
|
+
"type": "keyword"
|
|
4465
|
+
}
|
|
4466
|
+
}
|
|
4467
|
+
},
|
|
4468
|
+
"ip": {
|
|
4469
|
+
"type": "ip"
|
|
4470
|
+
},
|
|
4471
|
+
"last_seen": {
|
|
4472
|
+
"type": "date"
|
|
4473
|
+
},
|
|
4474
|
+
"marking": {
|
|
4475
|
+
"properties": {
|
|
4476
|
+
"tlp": {
|
|
4477
|
+
"ignore_above": 1024,
|
|
4478
|
+
"type": "keyword"
|
|
4479
|
+
}
|
|
4480
|
+
}
|
|
4481
|
+
},
|
|
4482
|
+
"modified_at": {
|
|
4483
|
+
"type": "date"
|
|
4484
|
+
},
|
|
4485
|
+
"port": {
|
|
4486
|
+
"type": "long"
|
|
4487
|
+
},
|
|
4488
|
+
"provider": {
|
|
4489
|
+
"ignore_above": 1024,
|
|
4490
|
+
"type": "keyword"
|
|
4491
|
+
},
|
|
4492
|
+
"reference": {
|
|
4493
|
+
"ignore_above": 1024,
|
|
4494
|
+
"type": "keyword"
|
|
4495
|
+
},
|
|
4496
|
+
"registry": {
|
|
4497
|
+
"properties": {
|
|
4498
|
+
"data": {
|
|
4499
|
+
"properties": {
|
|
4500
|
+
"bytes": {
|
|
4501
|
+
"ignore_above": 1024,
|
|
4502
|
+
"type": "keyword"
|
|
4503
|
+
},
|
|
4504
|
+
"strings": {
|
|
4505
|
+
"type": "wildcard"
|
|
4506
|
+
},
|
|
4507
|
+
"type": {
|
|
4508
|
+
"ignore_above": 1024,
|
|
4509
|
+
"type": "keyword"
|
|
4510
|
+
}
|
|
4511
|
+
}
|
|
4512
|
+
},
|
|
4513
|
+
"hive": {
|
|
4514
|
+
"ignore_above": 1024,
|
|
4515
|
+
"type": "keyword"
|
|
4516
|
+
},
|
|
4517
|
+
"key": {
|
|
4518
|
+
"ignore_above": 1024,
|
|
4519
|
+
"type": "keyword"
|
|
4520
|
+
},
|
|
4521
|
+
"path": {
|
|
4522
|
+
"ignore_above": 1024,
|
|
4523
|
+
"type": "keyword"
|
|
4524
|
+
},
|
|
4525
|
+
"value": {
|
|
4526
|
+
"ignore_above": 1024,
|
|
4527
|
+
"type": "keyword"
|
|
4528
|
+
}
|
|
4529
|
+
}
|
|
4530
|
+
},
|
|
4531
|
+
"scanner_stats": {
|
|
4532
|
+
"type": "long"
|
|
4533
|
+
},
|
|
4534
|
+
"sightings": {
|
|
4535
|
+
"type": "long"
|
|
4536
|
+
},
|
|
4537
|
+
"type": {
|
|
4538
|
+
"ignore_above": 1024,
|
|
4539
|
+
"type": "keyword"
|
|
4540
|
+
},
|
|
4541
|
+
"url": {
|
|
4542
|
+
"properties": {
|
|
4543
|
+
"domain": {
|
|
4544
|
+
"ignore_above": 1024,
|
|
4545
|
+
"type": "keyword"
|
|
4546
|
+
},
|
|
4547
|
+
"extension": {
|
|
4548
|
+
"ignore_above": 1024,
|
|
4549
|
+
"type": "keyword"
|
|
4550
|
+
},
|
|
4551
|
+
"fragment": {
|
|
4552
|
+
"ignore_above": 1024,
|
|
4553
|
+
"type": "keyword"
|
|
4554
|
+
},
|
|
4555
|
+
"full": {
|
|
4556
|
+
"fields": {
|
|
4557
|
+
"text": {
|
|
4558
|
+
"type": "match_only_text"
|
|
4559
|
+
}
|
|
4560
|
+
},
|
|
4561
|
+
"type": "wildcard"
|
|
4562
|
+
},
|
|
4563
|
+
"original": {
|
|
4564
|
+
"fields": {
|
|
4565
|
+
"text": {
|
|
4566
|
+
"type": "match_only_text"
|
|
4567
|
+
}
|
|
4568
|
+
},
|
|
4569
|
+
"type": "wildcard"
|
|
4570
|
+
},
|
|
4571
|
+
"password": {
|
|
4572
|
+
"ignore_above": 1024,
|
|
4573
|
+
"type": "keyword"
|
|
4574
|
+
},
|
|
4575
|
+
"path": {
|
|
4576
|
+
"type": "wildcard"
|
|
4577
|
+
},
|
|
4578
|
+
"port": {
|
|
4579
|
+
"type": "long"
|
|
4580
|
+
},
|
|
4581
|
+
"query": {
|
|
4582
|
+
"ignore_above": 1024,
|
|
4583
|
+
"type": "keyword"
|
|
4584
|
+
},
|
|
4585
|
+
"registered_domain": {
|
|
4586
|
+
"ignore_above": 1024,
|
|
4587
|
+
"type": "keyword"
|
|
4588
|
+
},
|
|
4589
|
+
"scheme": {
|
|
4590
|
+
"ignore_above": 1024,
|
|
4591
|
+
"type": "keyword"
|
|
4592
|
+
},
|
|
4593
|
+
"subdomain": {
|
|
4594
|
+
"ignore_above": 1024,
|
|
4595
|
+
"type": "keyword"
|
|
4596
|
+
},
|
|
4597
|
+
"top_level_domain": {
|
|
4598
|
+
"ignore_above": 1024,
|
|
4599
|
+
"type": "keyword"
|
|
4600
|
+
},
|
|
4601
|
+
"username": {
|
|
4602
|
+
"ignore_above": 1024,
|
|
4603
|
+
"type": "keyword"
|
|
4604
|
+
}
|
|
4605
|
+
}
|
|
4606
|
+
},
|
|
4607
|
+
"x509": {
|
|
4608
|
+
"properties": {
|
|
4609
|
+
"alternative_names": {
|
|
4610
|
+
"ignore_above": 1024,
|
|
4611
|
+
"type": "keyword"
|
|
4612
|
+
},
|
|
4613
|
+
"issuer": {
|
|
4614
|
+
"properties": {
|
|
4615
|
+
"common_name": {
|
|
4616
|
+
"ignore_above": 1024,
|
|
4617
|
+
"type": "keyword"
|
|
4618
|
+
},
|
|
4619
|
+
"country": {
|
|
4620
|
+
"ignore_above": 1024,
|
|
4621
|
+
"type": "keyword"
|
|
4622
|
+
},
|
|
4623
|
+
"distinguished_name": {
|
|
4624
|
+
"ignore_above": 1024,
|
|
4625
|
+
"type": "keyword"
|
|
4626
|
+
},
|
|
4627
|
+
"locality": {
|
|
4628
|
+
"ignore_above": 1024,
|
|
4629
|
+
"type": "keyword"
|
|
4630
|
+
},
|
|
4631
|
+
"organization": {
|
|
4632
|
+
"ignore_above": 1024,
|
|
4633
|
+
"type": "keyword"
|
|
4634
|
+
},
|
|
4635
|
+
"organizational_unit": {
|
|
4636
|
+
"ignore_above": 1024,
|
|
4637
|
+
"type": "keyword"
|
|
4638
|
+
},
|
|
4639
|
+
"state_or_province": {
|
|
4640
|
+
"ignore_above": 1024,
|
|
4641
|
+
"type": "keyword"
|
|
4642
|
+
}
|
|
4643
|
+
}
|
|
4644
|
+
},
|
|
4645
|
+
"not_after": {
|
|
4646
|
+
"type": "date"
|
|
4647
|
+
},
|
|
4648
|
+
"not_before": {
|
|
4649
|
+
"type": "date"
|
|
4650
|
+
},
|
|
4651
|
+
"public_key_algorithm": {
|
|
4652
|
+
"ignore_above": 1024,
|
|
4653
|
+
"type": "keyword"
|
|
4654
|
+
},
|
|
4655
|
+
"public_key_curve": {
|
|
4656
|
+
"ignore_above": 1024,
|
|
4657
|
+
"type": "keyword"
|
|
4658
|
+
},
|
|
4659
|
+
"public_key_exponent": {
|
|
4660
|
+
"doc_values": false,
|
|
4661
|
+
"index": false,
|
|
4662
|
+
"type": "long"
|
|
4663
|
+
},
|
|
4664
|
+
"public_key_size": {
|
|
4665
|
+
"type": "long"
|
|
4666
|
+
},
|
|
4667
|
+
"serial_number": {
|
|
4668
|
+
"ignore_above": 1024,
|
|
4669
|
+
"type": "keyword"
|
|
4670
|
+
},
|
|
4671
|
+
"signature_algorithm": {
|
|
4672
|
+
"ignore_above": 1024,
|
|
4673
|
+
"type": "keyword"
|
|
4674
|
+
},
|
|
4675
|
+
"subject": {
|
|
4676
|
+
"properties": {
|
|
4677
|
+
"common_name": {
|
|
4678
|
+
"ignore_above": 1024,
|
|
4679
|
+
"type": "keyword"
|
|
4680
|
+
},
|
|
4681
|
+
"country": {
|
|
4682
|
+
"ignore_above": 1024,
|
|
4683
|
+
"type": "keyword"
|
|
4684
|
+
},
|
|
4685
|
+
"distinguished_name": {
|
|
4686
|
+
"ignore_above": 1024,
|
|
4687
|
+
"type": "keyword"
|
|
4688
|
+
},
|
|
4689
|
+
"locality": {
|
|
4690
|
+
"ignore_above": 1024,
|
|
4691
|
+
"type": "keyword"
|
|
4692
|
+
},
|
|
4693
|
+
"organization": {
|
|
4694
|
+
"ignore_above": 1024,
|
|
4695
|
+
"type": "keyword"
|
|
4696
|
+
},
|
|
4697
|
+
"organizational_unit": {
|
|
4698
|
+
"ignore_above": 1024,
|
|
4699
|
+
"type": "keyword"
|
|
4700
|
+
},
|
|
4701
|
+
"state_or_province": {
|
|
4702
|
+
"ignore_above": 1024,
|
|
4703
|
+
"type": "keyword"
|
|
4704
|
+
}
|
|
4705
|
+
}
|
|
4706
|
+
},
|
|
4707
|
+
"version_number": {
|
|
4708
|
+
"ignore_above": 1024,
|
|
4709
|
+
"type": "keyword"
|
|
4710
|
+
}
|
|
4711
|
+
}
|
|
4712
|
+
}
|
|
4713
|
+
}
|
|
4714
|
+
},
|
|
4715
|
+
"software": {
|
|
4716
|
+
"properties": {
|
|
4717
|
+
"alias": {
|
|
4718
|
+
"ignore_above": 1024,
|
|
4719
|
+
"type": "keyword"
|
|
4720
|
+
},
|
|
4721
|
+
"id": {
|
|
4722
|
+
"ignore_above": 1024,
|
|
4723
|
+
"type": "keyword"
|
|
4724
|
+
},
|
|
4725
|
+
"name": {
|
|
4726
|
+
"ignore_above": 1024,
|
|
4727
|
+
"type": "keyword"
|
|
4728
|
+
},
|
|
4729
|
+
"platforms": {
|
|
4730
|
+
"ignore_above": 1024,
|
|
4731
|
+
"type": "keyword"
|
|
4732
|
+
},
|
|
4733
|
+
"reference": {
|
|
4734
|
+
"ignore_above": 1024,
|
|
4735
|
+
"type": "keyword"
|
|
4736
|
+
},
|
|
4737
|
+
"type": {
|
|
4738
|
+
"ignore_above": 1024,
|
|
4739
|
+
"type": "keyword"
|
|
4740
|
+
}
|
|
4741
|
+
}
|
|
4742
|
+
},
|
|
4743
|
+
"tactic": {
|
|
4744
|
+
"properties": {
|
|
4745
|
+
"id": {
|
|
4746
|
+
"ignore_above": 1024,
|
|
4747
|
+
"type": "keyword"
|
|
4748
|
+
},
|
|
4749
|
+
"name": {
|
|
4750
|
+
"ignore_above": 1024,
|
|
4751
|
+
"type": "keyword"
|
|
4752
|
+
},
|
|
4753
|
+
"reference": {
|
|
4754
|
+
"ignore_above": 1024,
|
|
4755
|
+
"type": "keyword"
|
|
4756
|
+
}
|
|
4757
|
+
}
|
|
4758
|
+
},
|
|
4759
|
+
"technique": {
|
|
4760
|
+
"properties": {
|
|
4761
|
+
"id": {
|
|
4762
|
+
"ignore_above": 1024,
|
|
4763
|
+
"type": "keyword"
|
|
4764
|
+
},
|
|
4765
|
+
"name": {
|
|
4766
|
+
"fields": {
|
|
4767
|
+
"text": {
|
|
4768
|
+
"type": "match_only_text"
|
|
4769
|
+
}
|
|
4770
|
+
},
|
|
4771
|
+
"ignore_above": 1024,
|
|
4772
|
+
"type": "keyword"
|
|
4773
|
+
},
|
|
4774
|
+
"reference": {
|
|
4775
|
+
"ignore_above": 1024,
|
|
4776
|
+
"type": "keyword"
|
|
4777
|
+
},
|
|
4778
|
+
"subtechnique": {
|
|
4779
|
+
"properties": {
|
|
4780
|
+
"id": {
|
|
4781
|
+
"ignore_above": 1024,
|
|
4782
|
+
"type": "keyword"
|
|
4783
|
+
},
|
|
4784
|
+
"name": {
|
|
4785
|
+
"fields": {
|
|
4786
|
+
"text": {
|
|
4787
|
+
"type": "match_only_text"
|
|
4788
|
+
}
|
|
4789
|
+
},
|
|
4790
|
+
"ignore_above": 1024,
|
|
4791
|
+
"type": "keyword"
|
|
4792
|
+
},
|
|
4793
|
+
"reference": {
|
|
4794
|
+
"ignore_above": 1024,
|
|
4795
|
+
"type": "keyword"
|
|
4796
|
+
}
|
|
4797
|
+
}
|
|
4798
|
+
}
|
|
4799
|
+
}
|
|
4800
|
+
}
|
|
4801
|
+
}
|
|
4802
|
+
},
|
|
4803
|
+
"tls": {
|
|
4804
|
+
"properties": {
|
|
4805
|
+
"cipher": {
|
|
4806
|
+
"ignore_above": 1024,
|
|
4807
|
+
"type": "keyword"
|
|
4808
|
+
},
|
|
4809
|
+
"client": {
|
|
4810
|
+
"properties": {
|
|
4811
|
+
"certificate": {
|
|
4812
|
+
"ignore_above": 1024,
|
|
4813
|
+
"type": "keyword"
|
|
4814
|
+
},
|
|
4815
|
+
"certificate_chain": {
|
|
4816
|
+
"ignore_above": 1024,
|
|
4817
|
+
"type": "keyword"
|
|
4818
|
+
},
|
|
4819
|
+
"hash": {
|
|
4820
|
+
"properties": {
|
|
4821
|
+
"md5": {
|
|
4822
|
+
"ignore_above": 1024,
|
|
4823
|
+
"type": "keyword"
|
|
4824
|
+
},
|
|
4825
|
+
"sha1": {
|
|
4826
|
+
"ignore_above": 1024,
|
|
4827
|
+
"type": "keyword"
|
|
4828
|
+
},
|
|
4829
|
+
"sha256": {
|
|
4830
|
+
"ignore_above": 1024,
|
|
4831
|
+
"type": "keyword"
|
|
4832
|
+
}
|
|
4833
|
+
}
|
|
4834
|
+
},
|
|
4835
|
+
"issuer": {
|
|
4836
|
+
"ignore_above": 1024,
|
|
4837
|
+
"type": "keyword"
|
|
4838
|
+
},
|
|
4839
|
+
"ja3": {
|
|
4840
|
+
"ignore_above": 1024,
|
|
4841
|
+
"type": "keyword"
|
|
4842
|
+
},
|
|
4843
|
+
"not_after": {
|
|
4844
|
+
"type": "date"
|
|
4845
|
+
},
|
|
4846
|
+
"not_before": {
|
|
4847
|
+
"type": "date"
|
|
4848
|
+
},
|
|
4849
|
+
"server_name": {
|
|
4850
|
+
"ignore_above": 1024,
|
|
4851
|
+
"type": "keyword"
|
|
4852
|
+
},
|
|
4853
|
+
"subject": {
|
|
4854
|
+
"ignore_above": 1024,
|
|
4855
|
+
"type": "keyword"
|
|
4856
|
+
},
|
|
4857
|
+
"supported_ciphers": {
|
|
4858
|
+
"ignore_above": 1024,
|
|
4859
|
+
"type": "keyword"
|
|
4860
|
+
},
|
|
4861
|
+
"x509": {
|
|
4862
|
+
"properties": {
|
|
4863
|
+
"alternative_names": {
|
|
4864
|
+
"ignore_above": 1024,
|
|
4865
|
+
"type": "keyword"
|
|
4866
|
+
},
|
|
4867
|
+
"issuer": {
|
|
4868
|
+
"properties": {
|
|
4869
|
+
"common_name": {
|
|
2945
4870
|
"ignore_above": 1024,
|
|
2946
4871
|
"type": "keyword"
|
|
2947
4872
|
},
|
|
@@ -3250,30 +5175,25 @@
|
|
|
3250
5175
|
"full": {
|
|
3251
5176
|
"fields": {
|
|
3252
5177
|
"text": {
|
|
3253
|
-
"
|
|
3254
|
-
"type": "text"
|
|
5178
|
+
"type": "match_only_text"
|
|
3255
5179
|
}
|
|
3256
5180
|
},
|
|
3257
|
-
"
|
|
3258
|
-
"type": "keyword"
|
|
5181
|
+
"type": "wildcard"
|
|
3259
5182
|
},
|
|
3260
5183
|
"original": {
|
|
3261
5184
|
"fields": {
|
|
3262
5185
|
"text": {
|
|
3263
|
-
"
|
|
3264
|
-
"type": "text"
|
|
5186
|
+
"type": "match_only_text"
|
|
3265
5187
|
}
|
|
3266
5188
|
},
|
|
3267
|
-
"
|
|
3268
|
-
"type": "keyword"
|
|
5189
|
+
"type": "wildcard"
|
|
3269
5190
|
},
|
|
3270
5191
|
"password": {
|
|
3271
5192
|
"ignore_above": 1024,
|
|
3272
5193
|
"type": "keyword"
|
|
3273
5194
|
},
|
|
3274
5195
|
"path": {
|
|
3275
|
-
"
|
|
3276
|
-
"type": "keyword"
|
|
5196
|
+
"type": "wildcard"
|
|
3277
5197
|
},
|
|
3278
5198
|
"port": {
|
|
3279
5199
|
"type": "long"
|
|
@@ -3319,8 +5239,7 @@
|
|
|
3319
5239
|
"full_name": {
|
|
3320
5240
|
"fields": {
|
|
3321
5241
|
"text": {
|
|
3322
|
-
"
|
|
3323
|
-
"type": "text"
|
|
5242
|
+
"type": "match_only_text"
|
|
3324
5243
|
}
|
|
3325
5244
|
},
|
|
3326
5245
|
"ignore_above": 1024,
|
|
@@ -3353,8 +5272,7 @@
|
|
|
3353
5272
|
"name": {
|
|
3354
5273
|
"fields": {
|
|
3355
5274
|
"text": {
|
|
3356
|
-
"
|
|
3357
|
-
"type": "text"
|
|
5275
|
+
"type": "match_only_text"
|
|
3358
5276
|
}
|
|
3359
5277
|
},
|
|
3360
5278
|
"ignore_above": 1024,
|
|
@@ -3383,8 +5301,7 @@
|
|
|
3383
5301
|
"full_name": {
|
|
3384
5302
|
"fields": {
|
|
3385
5303
|
"text": {
|
|
3386
|
-
"
|
|
3387
|
-
"type": "text"
|
|
5304
|
+
"type": "match_only_text"
|
|
3388
5305
|
}
|
|
3389
5306
|
},
|
|
3390
5307
|
"ignore_above": 1024,
|
|
@@ -3417,8 +5334,7 @@
|
|
|
3417
5334
|
"name": {
|
|
3418
5335
|
"fields": {
|
|
3419
5336
|
"text": {
|
|
3420
|
-
"
|
|
3421
|
-
"type": "text"
|
|
5337
|
+
"type": "match_only_text"
|
|
3422
5338
|
}
|
|
3423
5339
|
},
|
|
3424
5340
|
"ignore_above": 1024,
|
|
@@ -3437,8 +5353,7 @@
|
|
|
3437
5353
|
"full_name": {
|
|
3438
5354
|
"fields": {
|
|
3439
5355
|
"text": {
|
|
3440
|
-
"
|
|
3441
|
-
"type": "text"
|
|
5356
|
+
"type": "match_only_text"
|
|
3442
5357
|
}
|
|
3443
5358
|
},
|
|
3444
5359
|
"ignore_above": 1024,
|
|
@@ -3471,8 +5386,7 @@
|
|
|
3471
5386
|
"name": {
|
|
3472
5387
|
"fields": {
|
|
3473
5388
|
"text": {
|
|
3474
|
-
"
|
|
3475
|
-
"type": "text"
|
|
5389
|
+
"type": "match_only_text"
|
|
3476
5390
|
}
|
|
3477
5391
|
},
|
|
3478
5392
|
"ignore_above": 1024,
|
|
@@ -3495,8 +5409,7 @@
|
|
|
3495
5409
|
"full_name": {
|
|
3496
5410
|
"fields": {
|
|
3497
5411
|
"text": {
|
|
3498
|
-
"
|
|
3499
|
-
"type": "text"
|
|
5412
|
+
"type": "match_only_text"
|
|
3500
5413
|
}
|
|
3501
5414
|
},
|
|
3502
5415
|
"ignore_above": 1024,
|
|
@@ -3529,8 +5442,7 @@
|
|
|
3529
5442
|
"name": {
|
|
3530
5443
|
"fields": {
|
|
3531
5444
|
"text": {
|
|
3532
|
-
"
|
|
3533
|
-
"type": "text"
|
|
5445
|
+
"type": "match_only_text"
|
|
3534
5446
|
}
|
|
3535
5447
|
},
|
|
3536
5448
|
"ignore_above": 1024,
|
|
@@ -3561,8 +5473,7 @@
|
|
|
3561
5473
|
"original": {
|
|
3562
5474
|
"fields": {
|
|
3563
5475
|
"text": {
|
|
3564
|
-
"
|
|
3565
|
-
"type": "text"
|
|
5476
|
+
"type": "match_only_text"
|
|
3566
5477
|
}
|
|
3567
5478
|
},
|
|
3568
5479
|
"ignore_above": 1024,
|
|
@@ -3577,8 +5488,7 @@
|
|
|
3577
5488
|
"full": {
|
|
3578
5489
|
"fields": {
|
|
3579
5490
|
"text": {
|
|
3580
|
-
"
|
|
3581
|
-
"type": "text"
|
|
5491
|
+
"type": "match_only_text"
|
|
3582
5492
|
}
|
|
3583
5493
|
},
|
|
3584
5494
|
"ignore_above": 1024,
|
|
@@ -3591,8 +5501,7 @@
|
|
|
3591
5501
|
"name": {
|
|
3592
5502
|
"fields": {
|
|
3593
5503
|
"text": {
|
|
3594
|
-
"
|
|
3595
|
-
"type": "text"
|
|
5504
|
+
"type": "match_only_text"
|
|
3596
5505
|
}
|
|
3597
5506
|
},
|
|
3598
5507
|
"ignore_above": 1024,
|
|
@@ -3631,8 +5540,7 @@
|
|
|
3631
5540
|
"description": {
|
|
3632
5541
|
"fields": {
|
|
3633
5542
|
"text": {
|
|
3634
|
-
"
|
|
3635
|
-
"type": "text"
|
|
5543
|
+
"type": "match_only_text"
|
|
3636
5544
|
}
|
|
3637
5545
|
},
|
|
3638
5546
|
"ignore_above": 1024,
|