logstash-output-opensearch 1.3.0-java → 2.0.0-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/COMPATIBILITY.md +5 -3
  4. data/README.md +51 -34
  5. data/docs/ecs_compatibility.md +42 -0
  6. data/lib/logstash/outputs/opensearch/http_client/manticore_adapter.rb +27 -12
  7. data/lib/logstash/outputs/opensearch/http_client/pool.rb +11 -2
  8. data/lib/logstash/outputs/opensearch/http_client.rb +10 -3
  9. data/lib/logstash/outputs/opensearch/http_client_builder.rb +4 -2
  10. data/lib/logstash/outputs/opensearch/template_manager.rb +6 -5
  11. data/lib/logstash/outputs/opensearch/templates/ecs-disabled/1x_index.json +66 -0
  12. data/lib/logstash/outputs/opensearch/templates/ecs-disabled/2x_index.json +66 -0
  13. data/lib/logstash/outputs/opensearch/templates/ecs-disabled/7x_index.json +66 -0
  14. data/lib/logstash/outputs/opensearch/templates/ecs-v1/1x.json +3629 -0
  15. data/lib/logstash/outputs/opensearch/templates/ecs-v1/1x_index.json +3631 -0
  16. data/lib/logstash/outputs/opensearch/templates/ecs-v1/2x.json +3629 -0
  17. data/lib/logstash/outputs/opensearch/templates/ecs-v1/2x_index.json +3631 -0
  18. data/lib/logstash/outputs/opensearch/templates/ecs-v1/7x.json +3629 -0
  19. data/lib/logstash/outputs/opensearch/templates/ecs-v1/7x_index.json +3631 -0
  20. data/lib/logstash/outputs/opensearch/templates/ecs-v8/1x_index.json +5254 -0
  21. data/lib/logstash/outputs/opensearch/templates/ecs-v8/2x_index.json +5254 -0
  22. data/lib/logstash/outputs/opensearch/templates/ecs-v8/7x_index.json +5254 -0
  23. data/lib/logstash/outputs/opensearch.rb +7 -0
  24. data/logstash-output-opensearch.gemspec +2 -2
  25. data/spec/unit/outputs/opensearch/http_client/manticore_adapter_spec.rb +13 -0
  26. data/spec/unit/outputs/opensearch/http_client_spec.rb +20 -0
  27. data/spec/unit/outputs/opensearch/template_manager_spec.rb +8 -20
  28. data.tar.gz.sig +0 -0
  29. metadata +31 -23
  30. metadata.gz.sig +0 -0
@@ -0,0 +1,3631 @@
1
+ {
2
+ "index_patterns": [
3
+ "ecs-logstash-*"
4
+ ],
5
+ "priority": 10,
6
+ "template": {
7
+ "settings": {
8
+ "index": {
9
+ "mapping": {
10
+ "total_fields": {
11
+ "limit": 10000
12
+ }
13
+ },
14
+ "refresh_interval": "5s"
15
+ }
16
+ },
17
+ "mappings": {
18
+ "_meta": {
19
+ "version": "1.9.0"
20
+ },
21
+ "date_detection": false,
22
+ "dynamic_templates": [
23
+ {
24
+ "strings_as_keyword": {
25
+ "mapping": {
26
+ "ignore_above": 1024,
27
+ "type": "keyword"
28
+ },
29
+ "match_mapping_type": "string"
30
+ }
31
+ }
32
+ ],
33
+ "properties": {
34
+ "@timestamp": {
35
+ "type": "date"
36
+ },
37
+ "agent": {
38
+ "properties": {
39
+ "build": {
40
+ "properties": {
41
+ "original": {
42
+ "ignore_above": 1024,
43
+ "type": "keyword"
44
+ }
45
+ }
46
+ },
47
+ "ephemeral_id": {
48
+ "ignore_above": 1024,
49
+ "type": "keyword"
50
+ },
51
+ "id": {
52
+ "ignore_above": 1024,
53
+ "type": "keyword"
54
+ },
55
+ "name": {
56
+ "ignore_above": 1024,
57
+ "type": "keyword"
58
+ },
59
+ "type": {
60
+ "ignore_above": 1024,
61
+ "type": "keyword"
62
+ },
63
+ "version": {
64
+ "ignore_above": 1024,
65
+ "type": "keyword"
66
+ }
67
+ }
68
+ },
69
+ "client": {
70
+ "properties": {
71
+ "address": {
72
+ "ignore_above": 1024,
73
+ "type": "keyword"
74
+ },
75
+ "as": {
76
+ "properties": {
77
+ "number": {
78
+ "type": "long"
79
+ },
80
+ "organization": {
81
+ "properties": {
82
+ "name": {
83
+ "fields": {
84
+ "text": {
85
+ "norms": false,
86
+ "type": "text"
87
+ }
88
+ },
89
+ "ignore_above": 1024,
90
+ "type": "keyword"
91
+ }
92
+ }
93
+ }
94
+ }
95
+ },
96
+ "bytes": {
97
+ "type": "long"
98
+ },
99
+ "domain": {
100
+ "ignore_above": 1024,
101
+ "type": "keyword"
102
+ },
103
+ "geo": {
104
+ "properties": {
105
+ "city_name": {
106
+ "ignore_above": 1024,
107
+ "type": "keyword"
108
+ },
109
+ "continent_code": {
110
+ "ignore_above": 1024,
111
+ "type": "keyword"
112
+ },
113
+ "continent_name": {
114
+ "ignore_above": 1024,
115
+ "type": "keyword"
116
+ },
117
+ "country_iso_code": {
118
+ "ignore_above": 1024,
119
+ "type": "keyword"
120
+ },
121
+ "country_name": {
122
+ "ignore_above": 1024,
123
+ "type": "keyword"
124
+ },
125
+ "location": {
126
+ "type": "geo_point"
127
+ },
128
+ "name": {
129
+ "ignore_above": 1024,
130
+ "type": "keyword"
131
+ },
132
+ "postal_code": {
133
+ "ignore_above": 1024,
134
+ "type": "keyword"
135
+ },
136
+ "region_iso_code": {
137
+ "ignore_above": 1024,
138
+ "type": "keyword"
139
+ },
140
+ "region_name": {
141
+ "ignore_above": 1024,
142
+ "type": "keyword"
143
+ },
144
+ "timezone": {
145
+ "ignore_above": 1024,
146
+ "type": "keyword"
147
+ }
148
+ }
149
+ },
150
+ "ip": {
151
+ "type": "ip"
152
+ },
153
+ "mac": {
154
+ "ignore_above": 1024,
155
+ "type": "keyword"
156
+ },
157
+ "nat": {
158
+ "properties": {
159
+ "ip": {
160
+ "type": "ip"
161
+ },
162
+ "port": {
163
+ "type": "long"
164
+ }
165
+ }
166
+ },
167
+ "packets": {
168
+ "type": "long"
169
+ },
170
+ "port": {
171
+ "type": "long"
172
+ },
173
+ "registered_domain": {
174
+ "ignore_above": 1024,
175
+ "type": "keyword"
176
+ },
177
+ "subdomain": {
178
+ "ignore_above": 1024,
179
+ "type": "keyword"
180
+ },
181
+ "top_level_domain": {
182
+ "ignore_above": 1024,
183
+ "type": "keyword"
184
+ },
185
+ "user": {
186
+ "properties": {
187
+ "domain": {
188
+ "ignore_above": 1024,
189
+ "type": "keyword"
190
+ },
191
+ "email": {
192
+ "ignore_above": 1024,
193
+ "type": "keyword"
194
+ },
195
+ "full_name": {
196
+ "fields": {
197
+ "text": {
198
+ "norms": false,
199
+ "type": "text"
200
+ }
201
+ },
202
+ "ignore_above": 1024,
203
+ "type": "keyword"
204
+ },
205
+ "group": {
206
+ "properties": {
207
+ "domain": {
208
+ "ignore_above": 1024,
209
+ "type": "keyword"
210
+ },
211
+ "id": {
212
+ "ignore_above": 1024,
213
+ "type": "keyword"
214
+ },
215
+ "name": {
216
+ "ignore_above": 1024,
217
+ "type": "keyword"
218
+ }
219
+ }
220
+ },
221
+ "hash": {
222
+ "ignore_above": 1024,
223
+ "type": "keyword"
224
+ },
225
+ "id": {
226
+ "ignore_above": 1024,
227
+ "type": "keyword"
228
+ },
229
+ "name": {
230
+ "fields": {
231
+ "text": {
232
+ "norms": false,
233
+ "type": "text"
234
+ }
235
+ },
236
+ "ignore_above": 1024,
237
+ "type": "keyword"
238
+ },
239
+ "roles": {
240
+ "ignore_above": 1024,
241
+ "type": "keyword"
242
+ }
243
+ }
244
+ }
245
+ }
246
+ },
247
+ "cloud": {
248
+ "properties": {
249
+ "account": {
250
+ "properties": {
251
+ "id": {
252
+ "ignore_above": 1024,
253
+ "type": "keyword"
254
+ },
255
+ "name": {
256
+ "ignore_above": 1024,
257
+ "type": "keyword"
258
+ }
259
+ }
260
+ },
261
+ "availability_zone": {
262
+ "ignore_above": 1024,
263
+ "type": "keyword"
264
+ },
265
+ "instance": {
266
+ "properties": {
267
+ "id": {
268
+ "ignore_above": 1024,
269
+ "type": "keyword"
270
+ },
271
+ "name": {
272
+ "ignore_above": 1024,
273
+ "type": "keyword"
274
+ }
275
+ }
276
+ },
277
+ "machine": {
278
+ "properties": {
279
+ "type": {
280
+ "ignore_above": 1024,
281
+ "type": "keyword"
282
+ }
283
+ }
284
+ },
285
+ "project": {
286
+ "properties": {
287
+ "id": {
288
+ "ignore_above": 1024,
289
+ "type": "keyword"
290
+ },
291
+ "name": {
292
+ "ignore_above": 1024,
293
+ "type": "keyword"
294
+ }
295
+ }
296
+ },
297
+ "provider": {
298
+ "ignore_above": 1024,
299
+ "type": "keyword"
300
+ },
301
+ "region": {
302
+ "ignore_above": 1024,
303
+ "type": "keyword"
304
+ },
305
+ "service": {
306
+ "properties": {
307
+ "name": {
308
+ "ignore_above": 1024,
309
+ "type": "keyword"
310
+ }
311
+ }
312
+ }
313
+ }
314
+ },
315
+ "container": {
316
+ "properties": {
317
+ "id": {
318
+ "ignore_above": 1024,
319
+ "type": "keyword"
320
+ },
321
+ "image": {
322
+ "properties": {
323
+ "name": {
324
+ "ignore_above": 1024,
325
+ "type": "keyword"
326
+ },
327
+ "tag": {
328
+ "ignore_above": 1024,
329
+ "type": "keyword"
330
+ }
331
+ }
332
+ },
333
+ "labels": {
334
+ "type": "object"
335
+ },
336
+ "name": {
337
+ "ignore_above": 1024,
338
+ "type": "keyword"
339
+ },
340
+ "runtime": {
341
+ "ignore_above": 1024,
342
+ "type": "keyword"
343
+ }
344
+ }
345
+ },
346
+ "destination": {
347
+ "properties": {
348
+ "address": {
349
+ "ignore_above": 1024,
350
+ "type": "keyword"
351
+ },
352
+ "as": {
353
+ "properties": {
354
+ "number": {
355
+ "type": "long"
356
+ },
357
+ "organization": {
358
+ "properties": {
359
+ "name": {
360
+ "fields": {
361
+ "text": {
362
+ "norms": false,
363
+ "type": "text"
364
+ }
365
+ },
366
+ "ignore_above": 1024,
367
+ "type": "keyword"
368
+ }
369
+ }
370
+ }
371
+ }
372
+ },
373
+ "bytes": {
374
+ "type": "long"
375
+ },
376
+ "domain": {
377
+ "ignore_above": 1024,
378
+ "type": "keyword"
379
+ },
380
+ "geo": {
381
+ "properties": {
382
+ "city_name": {
383
+ "ignore_above": 1024,
384
+ "type": "keyword"
385
+ },
386
+ "continent_code": {
387
+ "ignore_above": 1024,
388
+ "type": "keyword"
389
+ },
390
+ "continent_name": {
391
+ "ignore_above": 1024,
392
+ "type": "keyword"
393
+ },
394
+ "country_iso_code": {
395
+ "ignore_above": 1024,
396
+ "type": "keyword"
397
+ },
398
+ "country_name": {
399
+ "ignore_above": 1024,
400
+ "type": "keyword"
401
+ },
402
+ "location": {
403
+ "type": "geo_point"
404
+ },
405
+ "name": {
406
+ "ignore_above": 1024,
407
+ "type": "keyword"
408
+ },
409
+ "postal_code": {
410
+ "ignore_above": 1024,
411
+ "type": "keyword"
412
+ },
413
+ "region_iso_code": {
414
+ "ignore_above": 1024,
415
+ "type": "keyword"
416
+ },
417
+ "region_name": {
418
+ "ignore_above": 1024,
419
+ "type": "keyword"
420
+ },
421
+ "timezone": {
422
+ "ignore_above": 1024,
423
+ "type": "keyword"
424
+ }
425
+ }
426
+ },
427
+ "ip": {
428
+ "type": "ip"
429
+ },
430
+ "mac": {
431
+ "ignore_above": 1024,
432
+ "type": "keyword"
433
+ },
434
+ "nat": {
435
+ "properties": {
436
+ "ip": {
437
+ "type": "ip"
438
+ },
439
+ "port": {
440
+ "type": "long"
441
+ }
442
+ }
443
+ },
444
+ "packets": {
445
+ "type": "long"
446
+ },
447
+ "port": {
448
+ "type": "long"
449
+ },
450
+ "registered_domain": {
451
+ "ignore_above": 1024,
452
+ "type": "keyword"
453
+ },
454
+ "subdomain": {
455
+ "ignore_above": 1024,
456
+ "type": "keyword"
457
+ },
458
+ "top_level_domain": {
459
+ "ignore_above": 1024,
460
+ "type": "keyword"
461
+ },
462
+ "user": {
463
+ "properties": {
464
+ "domain": {
465
+ "ignore_above": 1024,
466
+ "type": "keyword"
467
+ },
468
+ "email": {
469
+ "ignore_above": 1024,
470
+ "type": "keyword"
471
+ },
472
+ "full_name": {
473
+ "fields": {
474
+ "text": {
475
+ "norms": false,
476
+ "type": "text"
477
+ }
478
+ },
479
+ "ignore_above": 1024,
480
+ "type": "keyword"
481
+ },
482
+ "group": {
483
+ "properties": {
484
+ "domain": {
485
+ "ignore_above": 1024,
486
+ "type": "keyword"
487
+ },
488
+ "id": {
489
+ "ignore_above": 1024,
490
+ "type": "keyword"
491
+ },
492
+ "name": {
493
+ "ignore_above": 1024,
494
+ "type": "keyword"
495
+ }
496
+ }
497
+ },
498
+ "hash": {
499
+ "ignore_above": 1024,
500
+ "type": "keyword"
501
+ },
502
+ "id": {
503
+ "ignore_above": 1024,
504
+ "type": "keyword"
505
+ },
506
+ "name": {
507
+ "fields": {
508
+ "text": {
509
+ "norms": false,
510
+ "type": "text"
511
+ }
512
+ },
513
+ "ignore_above": 1024,
514
+ "type": "keyword"
515
+ },
516
+ "roles": {
517
+ "ignore_above": 1024,
518
+ "type": "keyword"
519
+ }
520
+ }
521
+ }
522
+ }
523
+ },
524
+ "dll": {
525
+ "properties": {
526
+ "code_signature": {
527
+ "properties": {
528
+ "exists": {
529
+ "type": "boolean"
530
+ },
531
+ "signing_id": {
532
+ "ignore_above": 1024,
533
+ "type": "keyword"
534
+ },
535
+ "status": {
536
+ "ignore_above": 1024,
537
+ "type": "keyword"
538
+ },
539
+ "subject_name": {
540
+ "ignore_above": 1024,
541
+ "type": "keyword"
542
+ },
543
+ "team_id": {
544
+ "ignore_above": 1024,
545
+ "type": "keyword"
546
+ },
547
+ "trusted": {
548
+ "type": "boolean"
549
+ },
550
+ "valid": {
551
+ "type": "boolean"
552
+ }
553
+ }
554
+ },
555
+ "hash": {
556
+ "properties": {
557
+ "md5": {
558
+ "ignore_above": 1024,
559
+ "type": "keyword"
560
+ },
561
+ "sha1": {
562
+ "ignore_above": 1024,
563
+ "type": "keyword"
564
+ },
565
+ "sha256": {
566
+ "ignore_above": 1024,
567
+ "type": "keyword"
568
+ },
569
+ "sha512": {
570
+ "ignore_above": 1024,
571
+ "type": "keyword"
572
+ },
573
+ "ssdeep": {
574
+ "ignore_above": 1024,
575
+ "type": "keyword"
576
+ }
577
+ }
578
+ },
579
+ "name": {
580
+ "ignore_above": 1024,
581
+ "type": "keyword"
582
+ },
583
+ "path": {
584
+ "ignore_above": 1024,
585
+ "type": "keyword"
586
+ },
587
+ "pe": {
588
+ "properties": {
589
+ "architecture": {
590
+ "ignore_above": 1024,
591
+ "type": "keyword"
592
+ },
593
+ "company": {
594
+ "ignore_above": 1024,
595
+ "type": "keyword"
596
+ },
597
+ "description": {
598
+ "ignore_above": 1024,
599
+ "type": "keyword"
600
+ },
601
+ "file_version": {
602
+ "ignore_above": 1024,
603
+ "type": "keyword"
604
+ },
605
+ "imphash": {
606
+ "ignore_above": 1024,
607
+ "type": "keyword"
608
+ },
609
+ "original_file_name": {
610
+ "ignore_above": 1024,
611
+ "type": "keyword"
612
+ },
613
+ "product": {
614
+ "ignore_above": 1024,
615
+ "type": "keyword"
616
+ }
617
+ }
618
+ }
619
+ }
620
+ },
621
+ "dns": {
622
+ "properties": {
623
+ "answers": {
624
+ "properties": {
625
+ "class": {
626
+ "ignore_above": 1024,
627
+ "type": "keyword"
628
+ },
629
+ "data": {
630
+ "ignore_above": 1024,
631
+ "type": "keyword"
632
+ },
633
+ "name": {
634
+ "ignore_above": 1024,
635
+ "type": "keyword"
636
+ },
637
+ "ttl": {
638
+ "type": "long"
639
+ },
640
+ "type": {
641
+ "ignore_above": 1024,
642
+ "type": "keyword"
643
+ }
644
+ },
645
+ "type": "object"
646
+ },
647
+ "header_flags": {
648
+ "ignore_above": 1024,
649
+ "type": "keyword"
650
+ },
651
+ "id": {
652
+ "ignore_above": 1024,
653
+ "type": "keyword"
654
+ },
655
+ "op_code": {
656
+ "ignore_above": 1024,
657
+ "type": "keyword"
658
+ },
659
+ "question": {
660
+ "properties": {
661
+ "class": {
662
+ "ignore_above": 1024,
663
+ "type": "keyword"
664
+ },
665
+ "name": {
666
+ "ignore_above": 1024,
667
+ "type": "keyword"
668
+ },
669
+ "registered_domain": {
670
+ "ignore_above": 1024,
671
+ "type": "keyword"
672
+ },
673
+ "subdomain": {
674
+ "ignore_above": 1024,
675
+ "type": "keyword"
676
+ },
677
+ "top_level_domain": {
678
+ "ignore_above": 1024,
679
+ "type": "keyword"
680
+ },
681
+ "type": {
682
+ "ignore_above": 1024,
683
+ "type": "keyword"
684
+ }
685
+ }
686
+ },
687
+ "resolved_ip": {
688
+ "type": "ip"
689
+ },
690
+ "response_code": {
691
+ "ignore_above": 1024,
692
+ "type": "keyword"
693
+ },
694
+ "type": {
695
+ "ignore_above": 1024,
696
+ "type": "keyword"
697
+ }
698
+ }
699
+ },
700
+ "ecs": {
701
+ "properties": {
702
+ "version": {
703
+ "ignore_above": 1024,
704
+ "type": "keyword"
705
+ }
706
+ }
707
+ },
708
+ "error": {
709
+ "properties": {
710
+ "code": {
711
+ "ignore_above": 1024,
712
+ "type": "keyword"
713
+ },
714
+ "id": {
715
+ "ignore_above": 1024,
716
+ "type": "keyword"
717
+ },
718
+ "message": {
719
+ "norms": false,
720
+ "type": "text"
721
+ },
722
+ "stack_trace": {
723
+ "doc_values": false,
724
+ "fields": {
725
+ "text": {
726
+ "norms": false,
727
+ "type": "text"
728
+ }
729
+ },
730
+ "ignore_above": 1024,
731
+ "index": false,
732
+ "type": "keyword"
733
+ },
734
+ "type": {
735
+ "ignore_above": 1024,
736
+ "type": "keyword"
737
+ }
738
+ }
739
+ },
740
+ "event": {
741
+ "properties": {
742
+ "action": {
743
+ "ignore_above": 1024,
744
+ "type": "keyword"
745
+ },
746
+ "category": {
747
+ "ignore_above": 1024,
748
+ "type": "keyword"
749
+ },
750
+ "code": {
751
+ "ignore_above": 1024,
752
+ "type": "keyword"
753
+ },
754
+ "created": {
755
+ "type": "date"
756
+ },
757
+ "dataset": {
758
+ "ignore_above": 1024,
759
+ "type": "keyword"
760
+ },
761
+ "duration": {
762
+ "type": "long"
763
+ },
764
+ "end": {
765
+ "type": "date"
766
+ },
767
+ "hash": {
768
+ "ignore_above": 1024,
769
+ "type": "keyword"
770
+ },
771
+ "id": {
772
+ "ignore_above": 1024,
773
+ "type": "keyword"
774
+ },
775
+ "ingested": {
776
+ "type": "date"
777
+ },
778
+ "kind": {
779
+ "ignore_above": 1024,
780
+ "type": "keyword"
781
+ },
782
+ "module": {
783
+ "ignore_above": 1024,
784
+ "type": "keyword"
785
+ },
786
+ "original": {
787
+ "doc_values": false,
788
+ "ignore_above": 1024,
789
+ "index": false,
790
+ "type": "keyword"
791
+ },
792
+ "outcome": {
793
+ "ignore_above": 1024,
794
+ "type": "keyword"
795
+ },
796
+ "provider": {
797
+ "ignore_above": 1024,
798
+ "type": "keyword"
799
+ },
800
+ "reason": {
801
+ "ignore_above": 1024,
802
+ "type": "keyword"
803
+ },
804
+ "reference": {
805
+ "ignore_above": 1024,
806
+ "type": "keyword"
807
+ },
808
+ "risk_score": {
809
+ "type": "float"
810
+ },
811
+ "risk_score_norm": {
812
+ "type": "float"
813
+ },
814
+ "sequence": {
815
+ "type": "long"
816
+ },
817
+ "severity": {
818
+ "type": "long"
819
+ },
820
+ "start": {
821
+ "type": "date"
822
+ },
823
+ "timezone": {
824
+ "ignore_above": 1024,
825
+ "type": "keyword"
826
+ },
827
+ "type": {
828
+ "ignore_above": 1024,
829
+ "type": "keyword"
830
+ },
831
+ "url": {
832
+ "ignore_above": 1024,
833
+ "type": "keyword"
834
+ }
835
+ }
836
+ },
837
+ "file": {
838
+ "properties": {
839
+ "accessed": {
840
+ "type": "date"
841
+ },
842
+ "attributes": {
843
+ "ignore_above": 1024,
844
+ "type": "keyword"
845
+ },
846
+ "code_signature": {
847
+ "properties": {
848
+ "exists": {
849
+ "type": "boolean"
850
+ },
851
+ "signing_id": {
852
+ "ignore_above": 1024,
853
+ "type": "keyword"
854
+ },
855
+ "status": {
856
+ "ignore_above": 1024,
857
+ "type": "keyword"
858
+ },
859
+ "subject_name": {
860
+ "ignore_above": 1024,
861
+ "type": "keyword"
862
+ },
863
+ "team_id": {
864
+ "ignore_above": 1024,
865
+ "type": "keyword"
866
+ },
867
+ "trusted": {
868
+ "type": "boolean"
869
+ },
870
+ "valid": {
871
+ "type": "boolean"
872
+ }
873
+ }
874
+ },
875
+ "created": {
876
+ "type": "date"
877
+ },
878
+ "ctime": {
879
+ "type": "date"
880
+ },
881
+ "device": {
882
+ "ignore_above": 1024,
883
+ "type": "keyword"
884
+ },
885
+ "directory": {
886
+ "ignore_above": 1024,
887
+ "type": "keyword"
888
+ },
889
+ "drive_letter": {
890
+ "ignore_above": 1,
891
+ "type": "keyword"
892
+ },
893
+ "extension": {
894
+ "ignore_above": 1024,
895
+ "type": "keyword"
896
+ },
897
+ "gid": {
898
+ "ignore_above": 1024,
899
+ "type": "keyword"
900
+ },
901
+ "group": {
902
+ "ignore_above": 1024,
903
+ "type": "keyword"
904
+ },
905
+ "hash": {
906
+ "properties": {
907
+ "md5": {
908
+ "ignore_above": 1024,
909
+ "type": "keyword"
910
+ },
911
+ "sha1": {
912
+ "ignore_above": 1024,
913
+ "type": "keyword"
914
+ },
915
+ "sha256": {
916
+ "ignore_above": 1024,
917
+ "type": "keyword"
918
+ },
919
+ "sha512": {
920
+ "ignore_above": 1024,
921
+ "type": "keyword"
922
+ },
923
+ "ssdeep": {
924
+ "ignore_above": 1024,
925
+ "type": "keyword"
926
+ }
927
+ }
928
+ },
929
+ "inode": {
930
+ "ignore_above": 1024,
931
+ "type": "keyword"
932
+ },
933
+ "mime_type": {
934
+ "ignore_above": 1024,
935
+ "type": "keyword"
936
+ },
937
+ "mode": {
938
+ "ignore_above": 1024,
939
+ "type": "keyword"
940
+ },
941
+ "mtime": {
942
+ "type": "date"
943
+ },
944
+ "name": {
945
+ "ignore_above": 1024,
946
+ "type": "keyword"
947
+ },
948
+ "owner": {
949
+ "ignore_above": 1024,
950
+ "type": "keyword"
951
+ },
952
+ "path": {
953
+ "fields": {
954
+ "text": {
955
+ "norms": false,
956
+ "type": "text"
957
+ }
958
+ },
959
+ "ignore_above": 1024,
960
+ "type": "keyword"
961
+ },
962
+ "pe": {
963
+ "properties": {
964
+ "architecture": {
965
+ "ignore_above": 1024,
966
+ "type": "keyword"
967
+ },
968
+ "company": {
969
+ "ignore_above": 1024,
970
+ "type": "keyword"
971
+ },
972
+ "description": {
973
+ "ignore_above": 1024,
974
+ "type": "keyword"
975
+ },
976
+ "file_version": {
977
+ "ignore_above": 1024,
978
+ "type": "keyword"
979
+ },
980
+ "imphash": {
981
+ "ignore_above": 1024,
982
+ "type": "keyword"
983
+ },
984
+ "original_file_name": {
985
+ "ignore_above": 1024,
986
+ "type": "keyword"
987
+ },
988
+ "product": {
989
+ "ignore_above": 1024,
990
+ "type": "keyword"
991
+ }
992
+ }
993
+ },
994
+ "size": {
995
+ "type": "long"
996
+ },
997
+ "target_path": {
998
+ "fields": {
999
+ "text": {
1000
+ "norms": false,
1001
+ "type": "text"
1002
+ }
1003
+ },
1004
+ "ignore_above": 1024,
1005
+ "type": "keyword"
1006
+ },
1007
+ "type": {
1008
+ "ignore_above": 1024,
1009
+ "type": "keyword"
1010
+ },
1011
+ "uid": {
1012
+ "ignore_above": 1024,
1013
+ "type": "keyword"
1014
+ },
1015
+ "x509": {
1016
+ "properties": {
1017
+ "alternative_names": {
1018
+ "ignore_above": 1024,
1019
+ "type": "keyword"
1020
+ },
1021
+ "issuer": {
1022
+ "properties": {
1023
+ "common_name": {
1024
+ "ignore_above": 1024,
1025
+ "type": "keyword"
1026
+ },
1027
+ "country": {
1028
+ "ignore_above": 1024,
1029
+ "type": "keyword"
1030
+ },
1031
+ "distinguished_name": {
1032
+ "ignore_above": 1024,
1033
+ "type": "keyword"
1034
+ },
1035
+ "locality": {
1036
+ "ignore_above": 1024,
1037
+ "type": "keyword"
1038
+ },
1039
+ "organization": {
1040
+ "ignore_above": 1024,
1041
+ "type": "keyword"
1042
+ },
1043
+ "organizational_unit": {
1044
+ "ignore_above": 1024,
1045
+ "type": "keyword"
1046
+ },
1047
+ "state_or_province": {
1048
+ "ignore_above": 1024,
1049
+ "type": "keyword"
1050
+ }
1051
+ }
1052
+ },
1053
+ "not_after": {
1054
+ "type": "date"
1055
+ },
1056
+ "not_before": {
1057
+ "type": "date"
1058
+ },
1059
+ "public_key_algorithm": {
1060
+ "ignore_above": 1024,
1061
+ "type": "keyword"
1062
+ },
1063
+ "public_key_curve": {
1064
+ "ignore_above": 1024,
1065
+ "type": "keyword"
1066
+ },
1067
+ "public_key_exponent": {
1068
+ "doc_values": false,
1069
+ "index": false,
1070
+ "type": "long"
1071
+ },
1072
+ "public_key_size": {
1073
+ "type": "long"
1074
+ },
1075
+ "serial_number": {
1076
+ "ignore_above": 1024,
1077
+ "type": "keyword"
1078
+ },
1079
+ "signature_algorithm": {
1080
+ "ignore_above": 1024,
1081
+ "type": "keyword"
1082
+ },
1083
+ "subject": {
1084
+ "properties": {
1085
+ "common_name": {
1086
+ "ignore_above": 1024,
1087
+ "type": "keyword"
1088
+ },
1089
+ "country": {
1090
+ "ignore_above": 1024,
1091
+ "type": "keyword"
1092
+ },
1093
+ "distinguished_name": {
1094
+ "ignore_above": 1024,
1095
+ "type": "keyword"
1096
+ },
1097
+ "locality": {
1098
+ "ignore_above": 1024,
1099
+ "type": "keyword"
1100
+ },
1101
+ "organization": {
1102
+ "ignore_above": 1024,
1103
+ "type": "keyword"
1104
+ },
1105
+ "organizational_unit": {
1106
+ "ignore_above": 1024,
1107
+ "type": "keyword"
1108
+ },
1109
+ "state_or_province": {
1110
+ "ignore_above": 1024,
1111
+ "type": "keyword"
1112
+ }
1113
+ }
1114
+ },
1115
+ "version_number": {
1116
+ "ignore_above": 1024,
1117
+ "type": "keyword"
1118
+ }
1119
+ }
1120
+ }
1121
+ }
1122
+ },
1123
+ "group": {
1124
+ "properties": {
1125
+ "domain": {
1126
+ "ignore_above": 1024,
1127
+ "type": "keyword"
1128
+ },
1129
+ "id": {
1130
+ "ignore_above": 1024,
1131
+ "type": "keyword"
1132
+ },
1133
+ "name": {
1134
+ "ignore_above": 1024,
1135
+ "type": "keyword"
1136
+ }
1137
+ }
1138
+ },
1139
+ "host": {
1140
+ "properties": {
1141
+ "architecture": {
1142
+ "ignore_above": 1024,
1143
+ "type": "keyword"
1144
+ },
1145
+ "cpu": {
1146
+ "properties": {
1147
+ "usage": {
1148
+ "scaling_factor": 1000,
1149
+ "type": "scaled_float"
1150
+ }
1151
+ }
1152
+ },
1153
+ "disk": {
1154
+ "properties": {
1155
+ "read": {
1156
+ "properties": {
1157
+ "bytes": {
1158
+ "type": "long"
1159
+ }
1160
+ }
1161
+ },
1162
+ "write": {
1163
+ "properties": {
1164
+ "bytes": {
1165
+ "type": "long"
1166
+ }
1167
+ }
1168
+ }
1169
+ }
1170
+ },
1171
+ "domain": {
1172
+ "ignore_above": 1024,
1173
+ "type": "keyword"
1174
+ },
1175
+ "geo": {
1176
+ "properties": {
1177
+ "city_name": {
1178
+ "ignore_above": 1024,
1179
+ "type": "keyword"
1180
+ },
1181
+ "continent_code": {
1182
+ "ignore_above": 1024,
1183
+ "type": "keyword"
1184
+ },
1185
+ "continent_name": {
1186
+ "ignore_above": 1024,
1187
+ "type": "keyword"
1188
+ },
1189
+ "country_iso_code": {
1190
+ "ignore_above": 1024,
1191
+ "type": "keyword"
1192
+ },
1193
+ "country_name": {
1194
+ "ignore_above": 1024,
1195
+ "type": "keyword"
1196
+ },
1197
+ "location": {
1198
+ "type": "geo_point"
1199
+ },
1200
+ "name": {
1201
+ "ignore_above": 1024,
1202
+ "type": "keyword"
1203
+ },
1204
+ "postal_code": {
1205
+ "ignore_above": 1024,
1206
+ "type": "keyword"
1207
+ },
1208
+ "region_iso_code": {
1209
+ "ignore_above": 1024,
1210
+ "type": "keyword"
1211
+ },
1212
+ "region_name": {
1213
+ "ignore_above": 1024,
1214
+ "type": "keyword"
1215
+ },
1216
+ "timezone": {
1217
+ "ignore_above": 1024,
1218
+ "type": "keyword"
1219
+ }
1220
+ }
1221
+ },
1222
+ "hostname": {
1223
+ "ignore_above": 1024,
1224
+ "type": "keyword"
1225
+ },
1226
+ "id": {
1227
+ "ignore_above": 1024,
1228
+ "type": "keyword"
1229
+ },
1230
+ "ip": {
1231
+ "type": "ip"
1232
+ },
1233
+ "mac": {
1234
+ "ignore_above": 1024,
1235
+ "type": "keyword"
1236
+ },
1237
+ "name": {
1238
+ "ignore_above": 1024,
1239
+ "type": "keyword"
1240
+ },
1241
+ "network": {
1242
+ "properties": {
1243
+ "egress": {
1244
+ "properties": {
1245
+ "bytes": {
1246
+ "type": "long"
1247
+ },
1248
+ "packets": {
1249
+ "type": "long"
1250
+ }
1251
+ }
1252
+ },
1253
+ "ingress": {
1254
+ "properties": {
1255
+ "bytes": {
1256
+ "type": "long"
1257
+ },
1258
+ "packets": {
1259
+ "type": "long"
1260
+ }
1261
+ }
1262
+ }
1263
+ }
1264
+ },
1265
+ "os": {
1266
+ "properties": {
1267
+ "family": {
1268
+ "ignore_above": 1024,
1269
+ "type": "keyword"
1270
+ },
1271
+ "full": {
1272
+ "fields": {
1273
+ "text": {
1274
+ "norms": false,
1275
+ "type": "text"
1276
+ }
1277
+ },
1278
+ "ignore_above": 1024,
1279
+ "type": "keyword"
1280
+ },
1281
+ "kernel": {
1282
+ "ignore_above": 1024,
1283
+ "type": "keyword"
1284
+ },
1285
+ "name": {
1286
+ "fields": {
1287
+ "text": {
1288
+ "norms": false,
1289
+ "type": "text"
1290
+ }
1291
+ },
1292
+ "ignore_above": 1024,
1293
+ "type": "keyword"
1294
+ },
1295
+ "platform": {
1296
+ "ignore_above": 1024,
1297
+ "type": "keyword"
1298
+ },
1299
+ "type": {
1300
+ "ignore_above": 1024,
1301
+ "type": "keyword"
1302
+ },
1303
+ "version": {
1304
+ "ignore_above": 1024,
1305
+ "type": "keyword"
1306
+ }
1307
+ }
1308
+ },
1309
+ "type": {
1310
+ "ignore_above": 1024,
1311
+ "type": "keyword"
1312
+ },
1313
+ "uptime": {
1314
+ "type": "long"
1315
+ },
1316
+ "user": {
1317
+ "properties": {
1318
+ "domain": {
1319
+ "ignore_above": 1024,
1320
+ "type": "keyword"
1321
+ },
1322
+ "email": {
1323
+ "ignore_above": 1024,
1324
+ "type": "keyword"
1325
+ },
1326
+ "full_name": {
1327
+ "fields": {
1328
+ "text": {
1329
+ "norms": false,
1330
+ "type": "text"
1331
+ }
1332
+ },
1333
+ "ignore_above": 1024,
1334
+ "type": "keyword"
1335
+ },
1336
+ "group": {
1337
+ "properties": {
1338
+ "domain": {
1339
+ "ignore_above": 1024,
1340
+ "type": "keyword"
1341
+ },
1342
+ "id": {
1343
+ "ignore_above": 1024,
1344
+ "type": "keyword"
1345
+ },
1346
+ "name": {
1347
+ "ignore_above": 1024,
1348
+ "type": "keyword"
1349
+ }
1350
+ }
1351
+ },
1352
+ "hash": {
1353
+ "ignore_above": 1024,
1354
+ "type": "keyword"
1355
+ },
1356
+ "id": {
1357
+ "ignore_above": 1024,
1358
+ "type": "keyword"
1359
+ },
1360
+ "name": {
1361
+ "fields": {
1362
+ "text": {
1363
+ "norms": false,
1364
+ "type": "text"
1365
+ }
1366
+ },
1367
+ "ignore_above": 1024,
1368
+ "type": "keyword"
1369
+ },
1370
+ "roles": {
1371
+ "ignore_above": 1024,
1372
+ "type": "keyword"
1373
+ }
1374
+ }
1375
+ }
1376
+ }
1377
+ },
1378
+ "http": {
1379
+ "properties": {
1380
+ "request": {
1381
+ "properties": {
1382
+ "body": {
1383
+ "properties": {
1384
+ "bytes": {
1385
+ "type": "long"
1386
+ },
1387
+ "content": {
1388
+ "fields": {
1389
+ "text": {
1390
+ "norms": false,
1391
+ "type": "text"
1392
+ }
1393
+ },
1394
+ "ignore_above": 1024,
1395
+ "type": "keyword"
1396
+ }
1397
+ }
1398
+ },
1399
+ "bytes": {
1400
+ "type": "long"
1401
+ },
1402
+ "id": {
1403
+ "ignore_above": 1024,
1404
+ "type": "keyword"
1405
+ },
1406
+ "method": {
1407
+ "ignore_above": 1024,
1408
+ "type": "keyword"
1409
+ },
1410
+ "mime_type": {
1411
+ "ignore_above": 1024,
1412
+ "type": "keyword"
1413
+ },
1414
+ "referrer": {
1415
+ "ignore_above": 1024,
1416
+ "type": "keyword"
1417
+ }
1418
+ }
1419
+ },
1420
+ "response": {
1421
+ "properties": {
1422
+ "body": {
1423
+ "properties": {
1424
+ "bytes": {
1425
+ "type": "long"
1426
+ },
1427
+ "content": {
1428
+ "fields": {
1429
+ "text": {
1430
+ "norms": false,
1431
+ "type": "text"
1432
+ }
1433
+ },
1434
+ "ignore_above": 1024,
1435
+ "type": "keyword"
1436
+ }
1437
+ }
1438
+ },
1439
+ "bytes": {
1440
+ "type": "long"
1441
+ },
1442
+ "mime_type": {
1443
+ "ignore_above": 1024,
1444
+ "type": "keyword"
1445
+ },
1446
+ "status_code": {
1447
+ "type": "long"
1448
+ }
1449
+ }
1450
+ },
1451
+ "version": {
1452
+ "ignore_above": 1024,
1453
+ "type": "keyword"
1454
+ }
1455
+ }
1456
+ },
1457
+ "labels": {
1458
+ "type": "object"
1459
+ },
1460
+ "log": {
1461
+ "properties": {
1462
+ "file": {
1463
+ "properties": {
1464
+ "path": {
1465
+ "ignore_above": 1024,
1466
+ "type": "keyword"
1467
+ }
1468
+ }
1469
+ },
1470
+ "level": {
1471
+ "ignore_above": 1024,
1472
+ "type": "keyword"
1473
+ },
1474
+ "logger": {
1475
+ "ignore_above": 1024,
1476
+ "type": "keyword"
1477
+ },
1478
+ "origin": {
1479
+ "properties": {
1480
+ "file": {
1481
+ "properties": {
1482
+ "line": {
1483
+ "type": "integer"
1484
+ },
1485
+ "name": {
1486
+ "ignore_above": 1024,
1487
+ "type": "keyword"
1488
+ }
1489
+ }
1490
+ },
1491
+ "function": {
1492
+ "ignore_above": 1024,
1493
+ "type": "keyword"
1494
+ }
1495
+ }
1496
+ },
1497
+ "original": {
1498
+ "doc_values": false,
1499
+ "ignore_above": 1024,
1500
+ "index": false,
1501
+ "type": "keyword"
1502
+ },
1503
+ "syslog": {
1504
+ "properties": {
1505
+ "facility": {
1506
+ "properties": {
1507
+ "code": {
1508
+ "type": "long"
1509
+ },
1510
+ "name": {
1511
+ "ignore_above": 1024,
1512
+ "type": "keyword"
1513
+ }
1514
+ }
1515
+ },
1516
+ "priority": {
1517
+ "type": "long"
1518
+ },
1519
+ "severity": {
1520
+ "properties": {
1521
+ "code": {
1522
+ "type": "long"
1523
+ },
1524
+ "name": {
1525
+ "ignore_above": 1024,
1526
+ "type": "keyword"
1527
+ }
1528
+ }
1529
+ }
1530
+ },
1531
+ "type": "object"
1532
+ }
1533
+ }
1534
+ },
1535
+ "message": {
1536
+ "norms": false,
1537
+ "type": "text"
1538
+ },
1539
+ "network": {
1540
+ "properties": {
1541
+ "application": {
1542
+ "ignore_above": 1024,
1543
+ "type": "keyword"
1544
+ },
1545
+ "bytes": {
1546
+ "type": "long"
1547
+ },
1548
+ "community_id": {
1549
+ "ignore_above": 1024,
1550
+ "type": "keyword"
1551
+ },
1552
+ "direction": {
1553
+ "ignore_above": 1024,
1554
+ "type": "keyword"
1555
+ },
1556
+ "forwarded_ip": {
1557
+ "type": "ip"
1558
+ },
1559
+ "iana_number": {
1560
+ "ignore_above": 1024,
1561
+ "type": "keyword"
1562
+ },
1563
+ "inner": {
1564
+ "properties": {
1565
+ "vlan": {
1566
+ "properties": {
1567
+ "id": {
1568
+ "ignore_above": 1024,
1569
+ "type": "keyword"
1570
+ },
1571
+ "name": {
1572
+ "ignore_above": 1024,
1573
+ "type": "keyword"
1574
+ }
1575
+ }
1576
+ }
1577
+ },
1578
+ "type": "object"
1579
+ },
1580
+ "name": {
1581
+ "ignore_above": 1024,
1582
+ "type": "keyword"
1583
+ },
1584
+ "packets": {
1585
+ "type": "long"
1586
+ },
1587
+ "protocol": {
1588
+ "ignore_above": 1024,
1589
+ "type": "keyword"
1590
+ },
1591
+ "transport": {
1592
+ "ignore_above": 1024,
1593
+ "type": "keyword"
1594
+ },
1595
+ "type": {
1596
+ "ignore_above": 1024,
1597
+ "type": "keyword"
1598
+ },
1599
+ "vlan": {
1600
+ "properties": {
1601
+ "id": {
1602
+ "ignore_above": 1024,
1603
+ "type": "keyword"
1604
+ },
1605
+ "name": {
1606
+ "ignore_above": 1024,
1607
+ "type": "keyword"
1608
+ }
1609
+ }
1610
+ }
1611
+ }
1612
+ },
1613
+ "observer": {
1614
+ "properties": {
1615
+ "egress": {
1616
+ "properties": {
1617
+ "interface": {
1618
+ "properties": {
1619
+ "alias": {
1620
+ "ignore_above": 1024,
1621
+ "type": "keyword"
1622
+ },
1623
+ "id": {
1624
+ "ignore_above": 1024,
1625
+ "type": "keyword"
1626
+ },
1627
+ "name": {
1628
+ "ignore_above": 1024,
1629
+ "type": "keyword"
1630
+ }
1631
+ }
1632
+ },
1633
+ "vlan": {
1634
+ "properties": {
1635
+ "id": {
1636
+ "ignore_above": 1024,
1637
+ "type": "keyword"
1638
+ },
1639
+ "name": {
1640
+ "ignore_above": 1024,
1641
+ "type": "keyword"
1642
+ }
1643
+ }
1644
+ },
1645
+ "zone": {
1646
+ "ignore_above": 1024,
1647
+ "type": "keyword"
1648
+ }
1649
+ },
1650
+ "type": "object"
1651
+ },
1652
+ "geo": {
1653
+ "properties": {
1654
+ "city_name": {
1655
+ "ignore_above": 1024,
1656
+ "type": "keyword"
1657
+ },
1658
+ "continent_code": {
1659
+ "ignore_above": 1024,
1660
+ "type": "keyword"
1661
+ },
1662
+ "continent_name": {
1663
+ "ignore_above": 1024,
1664
+ "type": "keyword"
1665
+ },
1666
+ "country_iso_code": {
1667
+ "ignore_above": 1024,
1668
+ "type": "keyword"
1669
+ },
1670
+ "country_name": {
1671
+ "ignore_above": 1024,
1672
+ "type": "keyword"
1673
+ },
1674
+ "location": {
1675
+ "type": "geo_point"
1676
+ },
1677
+ "name": {
1678
+ "ignore_above": 1024,
1679
+ "type": "keyword"
1680
+ },
1681
+ "postal_code": {
1682
+ "ignore_above": 1024,
1683
+ "type": "keyword"
1684
+ },
1685
+ "region_iso_code": {
1686
+ "ignore_above": 1024,
1687
+ "type": "keyword"
1688
+ },
1689
+ "region_name": {
1690
+ "ignore_above": 1024,
1691
+ "type": "keyword"
1692
+ },
1693
+ "timezone": {
1694
+ "ignore_above": 1024,
1695
+ "type": "keyword"
1696
+ }
1697
+ }
1698
+ },
1699
+ "hostname": {
1700
+ "ignore_above": 1024,
1701
+ "type": "keyword"
1702
+ },
1703
+ "ingress": {
1704
+ "properties": {
1705
+ "interface": {
1706
+ "properties": {
1707
+ "alias": {
1708
+ "ignore_above": 1024,
1709
+ "type": "keyword"
1710
+ },
1711
+ "id": {
1712
+ "ignore_above": 1024,
1713
+ "type": "keyword"
1714
+ },
1715
+ "name": {
1716
+ "ignore_above": 1024,
1717
+ "type": "keyword"
1718
+ }
1719
+ }
1720
+ },
1721
+ "vlan": {
1722
+ "properties": {
1723
+ "id": {
1724
+ "ignore_above": 1024,
1725
+ "type": "keyword"
1726
+ },
1727
+ "name": {
1728
+ "ignore_above": 1024,
1729
+ "type": "keyword"
1730
+ }
1731
+ }
1732
+ },
1733
+ "zone": {
1734
+ "ignore_above": 1024,
1735
+ "type": "keyword"
1736
+ }
1737
+ },
1738
+ "type": "object"
1739
+ },
1740
+ "ip": {
1741
+ "type": "ip"
1742
+ },
1743
+ "mac": {
1744
+ "ignore_above": 1024,
1745
+ "type": "keyword"
1746
+ },
1747
+ "name": {
1748
+ "ignore_above": 1024,
1749
+ "type": "keyword"
1750
+ },
1751
+ "os": {
1752
+ "properties": {
1753
+ "family": {
1754
+ "ignore_above": 1024,
1755
+ "type": "keyword"
1756
+ },
1757
+ "full": {
1758
+ "fields": {
1759
+ "text": {
1760
+ "norms": false,
1761
+ "type": "text"
1762
+ }
1763
+ },
1764
+ "ignore_above": 1024,
1765
+ "type": "keyword"
1766
+ },
1767
+ "kernel": {
1768
+ "ignore_above": 1024,
1769
+ "type": "keyword"
1770
+ },
1771
+ "name": {
1772
+ "fields": {
1773
+ "text": {
1774
+ "norms": false,
1775
+ "type": "text"
1776
+ }
1777
+ },
1778
+ "ignore_above": 1024,
1779
+ "type": "keyword"
1780
+ },
1781
+ "platform": {
1782
+ "ignore_above": 1024,
1783
+ "type": "keyword"
1784
+ },
1785
+ "type": {
1786
+ "ignore_above": 1024,
1787
+ "type": "keyword"
1788
+ },
1789
+ "version": {
1790
+ "ignore_above": 1024,
1791
+ "type": "keyword"
1792
+ }
1793
+ }
1794
+ },
1795
+ "product": {
1796
+ "ignore_above": 1024,
1797
+ "type": "keyword"
1798
+ },
1799
+ "serial_number": {
1800
+ "ignore_above": 1024,
1801
+ "type": "keyword"
1802
+ },
1803
+ "type": {
1804
+ "ignore_above": 1024,
1805
+ "type": "keyword"
1806
+ },
1807
+ "vendor": {
1808
+ "ignore_above": 1024,
1809
+ "type": "keyword"
1810
+ },
1811
+ "version": {
1812
+ "ignore_above": 1024,
1813
+ "type": "keyword"
1814
+ }
1815
+ }
1816
+ },
1817
+ "organization": {
1818
+ "properties": {
1819
+ "id": {
1820
+ "ignore_above": 1024,
1821
+ "type": "keyword"
1822
+ },
1823
+ "name": {
1824
+ "fields": {
1825
+ "text": {
1826
+ "norms": false,
1827
+ "type": "text"
1828
+ }
1829
+ },
1830
+ "ignore_above": 1024,
1831
+ "type": "keyword"
1832
+ }
1833
+ }
1834
+ },
1835
+ "package": {
1836
+ "properties": {
1837
+ "architecture": {
1838
+ "ignore_above": 1024,
1839
+ "type": "keyword"
1840
+ },
1841
+ "build_version": {
1842
+ "ignore_above": 1024,
1843
+ "type": "keyword"
1844
+ },
1845
+ "checksum": {
1846
+ "ignore_above": 1024,
1847
+ "type": "keyword"
1848
+ },
1849
+ "description": {
1850
+ "ignore_above": 1024,
1851
+ "type": "keyword"
1852
+ },
1853
+ "install_scope": {
1854
+ "ignore_above": 1024,
1855
+ "type": "keyword"
1856
+ },
1857
+ "installed": {
1858
+ "type": "date"
1859
+ },
1860
+ "license": {
1861
+ "ignore_above": 1024,
1862
+ "type": "keyword"
1863
+ },
1864
+ "name": {
1865
+ "ignore_above": 1024,
1866
+ "type": "keyword"
1867
+ },
1868
+ "path": {
1869
+ "ignore_above": 1024,
1870
+ "type": "keyword"
1871
+ },
1872
+ "reference": {
1873
+ "ignore_above": 1024,
1874
+ "type": "keyword"
1875
+ },
1876
+ "size": {
1877
+ "type": "long"
1878
+ },
1879
+ "type": {
1880
+ "ignore_above": 1024,
1881
+ "type": "keyword"
1882
+ },
1883
+ "version": {
1884
+ "ignore_above": 1024,
1885
+ "type": "keyword"
1886
+ }
1887
+ }
1888
+ },
1889
+ "process": {
1890
+ "properties": {
1891
+ "args": {
1892
+ "ignore_above": 1024,
1893
+ "type": "keyword"
1894
+ },
1895
+ "args_count": {
1896
+ "type": "long"
1897
+ },
1898
+ "code_signature": {
1899
+ "properties": {
1900
+ "exists": {
1901
+ "type": "boolean"
1902
+ },
1903
+ "signing_id": {
1904
+ "ignore_above": 1024,
1905
+ "type": "keyword"
1906
+ },
1907
+ "status": {
1908
+ "ignore_above": 1024,
1909
+ "type": "keyword"
1910
+ },
1911
+ "subject_name": {
1912
+ "ignore_above": 1024,
1913
+ "type": "keyword"
1914
+ },
1915
+ "team_id": {
1916
+ "ignore_above": 1024,
1917
+ "type": "keyword"
1918
+ },
1919
+ "trusted": {
1920
+ "type": "boolean"
1921
+ },
1922
+ "valid": {
1923
+ "type": "boolean"
1924
+ }
1925
+ }
1926
+ },
1927
+ "command_line": {
1928
+ "fields": {
1929
+ "text": {
1930
+ "norms": false,
1931
+ "type": "text"
1932
+ }
1933
+ },
1934
+ "ignore_above": 1024,
1935
+ "type": "keyword"
1936
+ },
1937
+ "entity_id": {
1938
+ "ignore_above": 1024,
1939
+ "type": "keyword"
1940
+ },
1941
+ "executable": {
1942
+ "fields": {
1943
+ "text": {
1944
+ "norms": false,
1945
+ "type": "text"
1946
+ }
1947
+ },
1948
+ "ignore_above": 1024,
1949
+ "type": "keyword"
1950
+ },
1951
+ "exit_code": {
1952
+ "type": "long"
1953
+ },
1954
+ "hash": {
1955
+ "properties": {
1956
+ "md5": {
1957
+ "ignore_above": 1024,
1958
+ "type": "keyword"
1959
+ },
1960
+ "sha1": {
1961
+ "ignore_above": 1024,
1962
+ "type": "keyword"
1963
+ },
1964
+ "sha256": {
1965
+ "ignore_above": 1024,
1966
+ "type": "keyword"
1967
+ },
1968
+ "sha512": {
1969
+ "ignore_above": 1024,
1970
+ "type": "keyword"
1971
+ },
1972
+ "ssdeep": {
1973
+ "ignore_above": 1024,
1974
+ "type": "keyword"
1975
+ }
1976
+ }
1977
+ },
1978
+ "name": {
1979
+ "fields": {
1980
+ "text": {
1981
+ "norms": false,
1982
+ "type": "text"
1983
+ }
1984
+ },
1985
+ "ignore_above": 1024,
1986
+ "type": "keyword"
1987
+ },
1988
+ "parent": {
1989
+ "properties": {
1990
+ "args": {
1991
+ "ignore_above": 1024,
1992
+ "type": "keyword"
1993
+ },
1994
+ "args_count": {
1995
+ "type": "long"
1996
+ },
1997
+ "code_signature": {
1998
+ "properties": {
1999
+ "exists": {
2000
+ "type": "boolean"
2001
+ },
2002
+ "signing_id": {
2003
+ "ignore_above": 1024,
2004
+ "type": "keyword"
2005
+ },
2006
+ "status": {
2007
+ "ignore_above": 1024,
2008
+ "type": "keyword"
2009
+ },
2010
+ "subject_name": {
2011
+ "ignore_above": 1024,
2012
+ "type": "keyword"
2013
+ },
2014
+ "team_id": {
2015
+ "ignore_above": 1024,
2016
+ "type": "keyword"
2017
+ },
2018
+ "trusted": {
2019
+ "type": "boolean"
2020
+ },
2021
+ "valid": {
2022
+ "type": "boolean"
2023
+ }
2024
+ }
2025
+ },
2026
+ "command_line": {
2027
+ "fields": {
2028
+ "text": {
2029
+ "norms": false,
2030
+ "type": "text"
2031
+ }
2032
+ },
2033
+ "ignore_above": 1024,
2034
+ "type": "keyword"
2035
+ },
2036
+ "entity_id": {
2037
+ "ignore_above": 1024,
2038
+ "type": "keyword"
2039
+ },
2040
+ "executable": {
2041
+ "fields": {
2042
+ "text": {
2043
+ "norms": false,
2044
+ "type": "text"
2045
+ }
2046
+ },
2047
+ "ignore_above": 1024,
2048
+ "type": "keyword"
2049
+ },
2050
+ "exit_code": {
2051
+ "type": "long"
2052
+ },
2053
+ "hash": {
2054
+ "properties": {
2055
+ "md5": {
2056
+ "ignore_above": 1024,
2057
+ "type": "keyword"
2058
+ },
2059
+ "sha1": {
2060
+ "ignore_above": 1024,
2061
+ "type": "keyword"
2062
+ },
2063
+ "sha256": {
2064
+ "ignore_above": 1024,
2065
+ "type": "keyword"
2066
+ },
2067
+ "sha512": {
2068
+ "ignore_above": 1024,
2069
+ "type": "keyword"
2070
+ },
2071
+ "ssdeep": {
2072
+ "ignore_above": 1024,
2073
+ "type": "keyword"
2074
+ }
2075
+ }
2076
+ },
2077
+ "name": {
2078
+ "fields": {
2079
+ "text": {
2080
+ "norms": false,
2081
+ "type": "text"
2082
+ }
2083
+ },
2084
+ "ignore_above": 1024,
2085
+ "type": "keyword"
2086
+ },
2087
+ "pe": {
2088
+ "properties": {
2089
+ "architecture": {
2090
+ "ignore_above": 1024,
2091
+ "type": "keyword"
2092
+ },
2093
+ "company": {
2094
+ "ignore_above": 1024,
2095
+ "type": "keyword"
2096
+ },
2097
+ "description": {
2098
+ "ignore_above": 1024,
2099
+ "type": "keyword"
2100
+ },
2101
+ "file_version": {
2102
+ "ignore_above": 1024,
2103
+ "type": "keyword"
2104
+ },
2105
+ "imphash": {
2106
+ "ignore_above": 1024,
2107
+ "type": "keyword"
2108
+ },
2109
+ "original_file_name": {
2110
+ "ignore_above": 1024,
2111
+ "type": "keyword"
2112
+ },
2113
+ "product": {
2114
+ "ignore_above": 1024,
2115
+ "type": "keyword"
2116
+ }
2117
+ }
2118
+ },
2119
+ "pgid": {
2120
+ "type": "long"
2121
+ },
2122
+ "pid": {
2123
+ "type": "long"
2124
+ },
2125
+ "ppid": {
2126
+ "type": "long"
2127
+ },
2128
+ "start": {
2129
+ "type": "date"
2130
+ },
2131
+ "thread": {
2132
+ "properties": {
2133
+ "id": {
2134
+ "type": "long"
2135
+ },
2136
+ "name": {
2137
+ "ignore_above": 1024,
2138
+ "type": "keyword"
2139
+ }
2140
+ }
2141
+ },
2142
+ "title": {
2143
+ "fields": {
2144
+ "text": {
2145
+ "norms": false,
2146
+ "type": "text"
2147
+ }
2148
+ },
2149
+ "ignore_above": 1024,
2150
+ "type": "keyword"
2151
+ },
2152
+ "uptime": {
2153
+ "type": "long"
2154
+ },
2155
+ "working_directory": {
2156
+ "fields": {
2157
+ "text": {
2158
+ "norms": false,
2159
+ "type": "text"
2160
+ }
2161
+ },
2162
+ "ignore_above": 1024,
2163
+ "type": "keyword"
2164
+ }
2165
+ }
2166
+ },
2167
+ "pe": {
2168
+ "properties": {
2169
+ "architecture": {
2170
+ "ignore_above": 1024,
2171
+ "type": "keyword"
2172
+ },
2173
+ "company": {
2174
+ "ignore_above": 1024,
2175
+ "type": "keyword"
2176
+ },
2177
+ "description": {
2178
+ "ignore_above": 1024,
2179
+ "type": "keyword"
2180
+ },
2181
+ "file_version": {
2182
+ "ignore_above": 1024,
2183
+ "type": "keyword"
2184
+ },
2185
+ "imphash": {
2186
+ "ignore_above": 1024,
2187
+ "type": "keyword"
2188
+ },
2189
+ "original_file_name": {
2190
+ "ignore_above": 1024,
2191
+ "type": "keyword"
2192
+ },
2193
+ "product": {
2194
+ "ignore_above": 1024,
2195
+ "type": "keyword"
2196
+ }
2197
+ }
2198
+ },
2199
+ "pgid": {
2200
+ "type": "long"
2201
+ },
2202
+ "pid": {
2203
+ "type": "long"
2204
+ },
2205
+ "ppid": {
2206
+ "type": "long"
2207
+ },
2208
+ "start": {
2209
+ "type": "date"
2210
+ },
2211
+ "thread": {
2212
+ "properties": {
2213
+ "id": {
2214
+ "type": "long"
2215
+ },
2216
+ "name": {
2217
+ "ignore_above": 1024,
2218
+ "type": "keyword"
2219
+ }
2220
+ }
2221
+ },
2222
+ "title": {
2223
+ "fields": {
2224
+ "text": {
2225
+ "norms": false,
2226
+ "type": "text"
2227
+ }
2228
+ },
2229
+ "ignore_above": 1024,
2230
+ "type": "keyword"
2231
+ },
2232
+ "uptime": {
2233
+ "type": "long"
2234
+ },
2235
+ "working_directory": {
2236
+ "fields": {
2237
+ "text": {
2238
+ "norms": false,
2239
+ "type": "text"
2240
+ }
2241
+ },
2242
+ "ignore_above": 1024,
2243
+ "type": "keyword"
2244
+ }
2245
+ }
2246
+ },
2247
+ "registry": {
2248
+ "properties": {
2249
+ "data": {
2250
+ "properties": {
2251
+ "bytes": {
2252
+ "ignore_above": 1024,
2253
+ "type": "keyword"
2254
+ },
2255
+ "strings": {
2256
+ "ignore_above": 1024,
2257
+ "type": "keyword"
2258
+ },
2259
+ "type": {
2260
+ "ignore_above": 1024,
2261
+ "type": "keyword"
2262
+ }
2263
+ }
2264
+ },
2265
+ "hive": {
2266
+ "ignore_above": 1024,
2267
+ "type": "keyword"
2268
+ },
2269
+ "key": {
2270
+ "ignore_above": 1024,
2271
+ "type": "keyword"
2272
+ },
2273
+ "path": {
2274
+ "ignore_above": 1024,
2275
+ "type": "keyword"
2276
+ },
2277
+ "value": {
2278
+ "ignore_above": 1024,
2279
+ "type": "keyword"
2280
+ }
2281
+ }
2282
+ },
2283
+ "related": {
2284
+ "properties": {
2285
+ "hash": {
2286
+ "ignore_above": 1024,
2287
+ "type": "keyword"
2288
+ },
2289
+ "hosts": {
2290
+ "ignore_above": 1024,
2291
+ "type": "keyword"
2292
+ },
2293
+ "ip": {
2294
+ "type": "ip"
2295
+ },
2296
+ "user": {
2297
+ "ignore_above": 1024,
2298
+ "type": "keyword"
2299
+ }
2300
+ }
2301
+ },
2302
+ "rule": {
2303
+ "properties": {
2304
+ "author": {
2305
+ "ignore_above": 1024,
2306
+ "type": "keyword"
2307
+ },
2308
+ "category": {
2309
+ "ignore_above": 1024,
2310
+ "type": "keyword"
2311
+ },
2312
+ "description": {
2313
+ "ignore_above": 1024,
2314
+ "type": "keyword"
2315
+ },
2316
+ "id": {
2317
+ "ignore_above": 1024,
2318
+ "type": "keyword"
2319
+ },
2320
+ "license": {
2321
+ "ignore_above": 1024,
2322
+ "type": "keyword"
2323
+ },
2324
+ "name": {
2325
+ "ignore_above": 1024,
2326
+ "type": "keyword"
2327
+ },
2328
+ "reference": {
2329
+ "ignore_above": 1024,
2330
+ "type": "keyword"
2331
+ },
2332
+ "ruleset": {
2333
+ "ignore_above": 1024,
2334
+ "type": "keyword"
2335
+ },
2336
+ "uuid": {
2337
+ "ignore_above": 1024,
2338
+ "type": "keyword"
2339
+ },
2340
+ "version": {
2341
+ "ignore_above": 1024,
2342
+ "type": "keyword"
2343
+ }
2344
+ }
2345
+ },
2346
+ "server": {
2347
+ "properties": {
2348
+ "address": {
2349
+ "ignore_above": 1024,
2350
+ "type": "keyword"
2351
+ },
2352
+ "as": {
2353
+ "properties": {
2354
+ "number": {
2355
+ "type": "long"
2356
+ },
2357
+ "organization": {
2358
+ "properties": {
2359
+ "name": {
2360
+ "fields": {
2361
+ "text": {
2362
+ "norms": false,
2363
+ "type": "text"
2364
+ }
2365
+ },
2366
+ "ignore_above": 1024,
2367
+ "type": "keyword"
2368
+ }
2369
+ }
2370
+ }
2371
+ }
2372
+ },
2373
+ "bytes": {
2374
+ "type": "long"
2375
+ },
2376
+ "domain": {
2377
+ "ignore_above": 1024,
2378
+ "type": "keyword"
2379
+ },
2380
+ "geo": {
2381
+ "properties": {
2382
+ "city_name": {
2383
+ "ignore_above": 1024,
2384
+ "type": "keyword"
2385
+ },
2386
+ "continent_code": {
2387
+ "ignore_above": 1024,
2388
+ "type": "keyword"
2389
+ },
2390
+ "continent_name": {
2391
+ "ignore_above": 1024,
2392
+ "type": "keyword"
2393
+ },
2394
+ "country_iso_code": {
2395
+ "ignore_above": 1024,
2396
+ "type": "keyword"
2397
+ },
2398
+ "country_name": {
2399
+ "ignore_above": 1024,
2400
+ "type": "keyword"
2401
+ },
2402
+ "location": {
2403
+ "type": "geo_point"
2404
+ },
2405
+ "name": {
2406
+ "ignore_above": 1024,
2407
+ "type": "keyword"
2408
+ },
2409
+ "postal_code": {
2410
+ "ignore_above": 1024,
2411
+ "type": "keyword"
2412
+ },
2413
+ "region_iso_code": {
2414
+ "ignore_above": 1024,
2415
+ "type": "keyword"
2416
+ },
2417
+ "region_name": {
2418
+ "ignore_above": 1024,
2419
+ "type": "keyword"
2420
+ },
2421
+ "timezone": {
2422
+ "ignore_above": 1024,
2423
+ "type": "keyword"
2424
+ }
2425
+ }
2426
+ },
2427
+ "ip": {
2428
+ "type": "ip"
2429
+ },
2430
+ "mac": {
2431
+ "ignore_above": 1024,
2432
+ "type": "keyword"
2433
+ },
2434
+ "nat": {
2435
+ "properties": {
2436
+ "ip": {
2437
+ "type": "ip"
2438
+ },
2439
+ "port": {
2440
+ "type": "long"
2441
+ }
2442
+ }
2443
+ },
2444
+ "packets": {
2445
+ "type": "long"
2446
+ },
2447
+ "port": {
2448
+ "type": "long"
2449
+ },
2450
+ "registered_domain": {
2451
+ "ignore_above": 1024,
2452
+ "type": "keyword"
2453
+ },
2454
+ "subdomain": {
2455
+ "ignore_above": 1024,
2456
+ "type": "keyword"
2457
+ },
2458
+ "top_level_domain": {
2459
+ "ignore_above": 1024,
2460
+ "type": "keyword"
2461
+ },
2462
+ "user": {
2463
+ "properties": {
2464
+ "domain": {
2465
+ "ignore_above": 1024,
2466
+ "type": "keyword"
2467
+ },
2468
+ "email": {
2469
+ "ignore_above": 1024,
2470
+ "type": "keyword"
2471
+ },
2472
+ "full_name": {
2473
+ "fields": {
2474
+ "text": {
2475
+ "norms": false,
2476
+ "type": "text"
2477
+ }
2478
+ },
2479
+ "ignore_above": 1024,
2480
+ "type": "keyword"
2481
+ },
2482
+ "group": {
2483
+ "properties": {
2484
+ "domain": {
2485
+ "ignore_above": 1024,
2486
+ "type": "keyword"
2487
+ },
2488
+ "id": {
2489
+ "ignore_above": 1024,
2490
+ "type": "keyword"
2491
+ },
2492
+ "name": {
2493
+ "ignore_above": 1024,
2494
+ "type": "keyword"
2495
+ }
2496
+ }
2497
+ },
2498
+ "hash": {
2499
+ "ignore_above": 1024,
2500
+ "type": "keyword"
2501
+ },
2502
+ "id": {
2503
+ "ignore_above": 1024,
2504
+ "type": "keyword"
2505
+ },
2506
+ "name": {
2507
+ "fields": {
2508
+ "text": {
2509
+ "norms": false,
2510
+ "type": "text"
2511
+ }
2512
+ },
2513
+ "ignore_above": 1024,
2514
+ "type": "keyword"
2515
+ },
2516
+ "roles": {
2517
+ "ignore_above": 1024,
2518
+ "type": "keyword"
2519
+ }
2520
+ }
2521
+ }
2522
+ }
2523
+ },
2524
+ "service": {
2525
+ "properties": {
2526
+ "ephemeral_id": {
2527
+ "ignore_above": 1024,
2528
+ "type": "keyword"
2529
+ },
2530
+ "id": {
2531
+ "ignore_above": 1024,
2532
+ "type": "keyword"
2533
+ },
2534
+ "name": {
2535
+ "ignore_above": 1024,
2536
+ "type": "keyword"
2537
+ },
2538
+ "node": {
2539
+ "properties": {
2540
+ "name": {
2541
+ "ignore_above": 1024,
2542
+ "type": "keyword"
2543
+ }
2544
+ }
2545
+ },
2546
+ "state": {
2547
+ "ignore_above": 1024,
2548
+ "type": "keyword"
2549
+ },
2550
+ "type": {
2551
+ "ignore_above": 1024,
2552
+ "type": "keyword"
2553
+ },
2554
+ "version": {
2555
+ "ignore_above": 1024,
2556
+ "type": "keyword"
2557
+ }
2558
+ }
2559
+ },
2560
+ "source": {
2561
+ "properties": {
2562
+ "address": {
2563
+ "ignore_above": 1024,
2564
+ "type": "keyword"
2565
+ },
2566
+ "as": {
2567
+ "properties": {
2568
+ "number": {
2569
+ "type": "long"
2570
+ },
2571
+ "organization": {
2572
+ "properties": {
2573
+ "name": {
2574
+ "fields": {
2575
+ "text": {
2576
+ "norms": false,
2577
+ "type": "text"
2578
+ }
2579
+ },
2580
+ "ignore_above": 1024,
2581
+ "type": "keyword"
2582
+ }
2583
+ }
2584
+ }
2585
+ }
2586
+ },
2587
+ "bytes": {
2588
+ "type": "long"
2589
+ },
2590
+ "domain": {
2591
+ "ignore_above": 1024,
2592
+ "type": "keyword"
2593
+ },
2594
+ "geo": {
2595
+ "properties": {
2596
+ "city_name": {
2597
+ "ignore_above": 1024,
2598
+ "type": "keyword"
2599
+ },
2600
+ "continent_code": {
2601
+ "ignore_above": 1024,
2602
+ "type": "keyword"
2603
+ },
2604
+ "continent_name": {
2605
+ "ignore_above": 1024,
2606
+ "type": "keyword"
2607
+ },
2608
+ "country_iso_code": {
2609
+ "ignore_above": 1024,
2610
+ "type": "keyword"
2611
+ },
2612
+ "country_name": {
2613
+ "ignore_above": 1024,
2614
+ "type": "keyword"
2615
+ },
2616
+ "location": {
2617
+ "type": "geo_point"
2618
+ },
2619
+ "name": {
2620
+ "ignore_above": 1024,
2621
+ "type": "keyword"
2622
+ },
2623
+ "postal_code": {
2624
+ "ignore_above": 1024,
2625
+ "type": "keyword"
2626
+ },
2627
+ "region_iso_code": {
2628
+ "ignore_above": 1024,
2629
+ "type": "keyword"
2630
+ },
2631
+ "region_name": {
2632
+ "ignore_above": 1024,
2633
+ "type": "keyword"
2634
+ },
2635
+ "timezone": {
2636
+ "ignore_above": 1024,
2637
+ "type": "keyword"
2638
+ }
2639
+ }
2640
+ },
2641
+ "ip": {
2642
+ "type": "ip"
2643
+ },
2644
+ "mac": {
2645
+ "ignore_above": 1024,
2646
+ "type": "keyword"
2647
+ },
2648
+ "nat": {
2649
+ "properties": {
2650
+ "ip": {
2651
+ "type": "ip"
2652
+ },
2653
+ "port": {
2654
+ "type": "long"
2655
+ }
2656
+ }
2657
+ },
2658
+ "packets": {
2659
+ "type": "long"
2660
+ },
2661
+ "port": {
2662
+ "type": "long"
2663
+ },
2664
+ "registered_domain": {
2665
+ "ignore_above": 1024,
2666
+ "type": "keyword"
2667
+ },
2668
+ "subdomain": {
2669
+ "ignore_above": 1024,
2670
+ "type": "keyword"
2671
+ },
2672
+ "top_level_domain": {
2673
+ "ignore_above": 1024,
2674
+ "type": "keyword"
2675
+ },
2676
+ "user": {
2677
+ "properties": {
2678
+ "domain": {
2679
+ "ignore_above": 1024,
2680
+ "type": "keyword"
2681
+ },
2682
+ "email": {
2683
+ "ignore_above": 1024,
2684
+ "type": "keyword"
2685
+ },
2686
+ "full_name": {
2687
+ "fields": {
2688
+ "text": {
2689
+ "norms": false,
2690
+ "type": "text"
2691
+ }
2692
+ },
2693
+ "ignore_above": 1024,
2694
+ "type": "keyword"
2695
+ },
2696
+ "group": {
2697
+ "properties": {
2698
+ "domain": {
2699
+ "ignore_above": 1024,
2700
+ "type": "keyword"
2701
+ },
2702
+ "id": {
2703
+ "ignore_above": 1024,
2704
+ "type": "keyword"
2705
+ },
2706
+ "name": {
2707
+ "ignore_above": 1024,
2708
+ "type": "keyword"
2709
+ }
2710
+ }
2711
+ },
2712
+ "hash": {
2713
+ "ignore_above": 1024,
2714
+ "type": "keyword"
2715
+ },
2716
+ "id": {
2717
+ "ignore_above": 1024,
2718
+ "type": "keyword"
2719
+ },
2720
+ "name": {
2721
+ "fields": {
2722
+ "text": {
2723
+ "norms": false,
2724
+ "type": "text"
2725
+ }
2726
+ },
2727
+ "ignore_above": 1024,
2728
+ "type": "keyword"
2729
+ },
2730
+ "roles": {
2731
+ "ignore_above": 1024,
2732
+ "type": "keyword"
2733
+ }
2734
+ }
2735
+ }
2736
+ }
2737
+ },
2738
+ "span": {
2739
+ "properties": {
2740
+ "id": {
2741
+ "ignore_above": 1024,
2742
+ "type": "keyword"
2743
+ }
2744
+ }
2745
+ },
2746
+ "tags": {
2747
+ "ignore_above": 1024,
2748
+ "type": "keyword"
2749
+ },
2750
+ "threat": {
2751
+ "properties": {
2752
+ "framework": {
2753
+ "ignore_above": 1024,
2754
+ "type": "keyword"
2755
+ },
2756
+ "tactic": {
2757
+ "properties": {
2758
+ "id": {
2759
+ "ignore_above": 1024,
2760
+ "type": "keyword"
2761
+ },
2762
+ "name": {
2763
+ "ignore_above": 1024,
2764
+ "type": "keyword"
2765
+ },
2766
+ "reference": {
2767
+ "ignore_above": 1024,
2768
+ "type": "keyword"
2769
+ }
2770
+ }
2771
+ },
2772
+ "technique": {
2773
+ "properties": {
2774
+ "id": {
2775
+ "ignore_above": 1024,
2776
+ "type": "keyword"
2777
+ },
2778
+ "name": {
2779
+ "fields": {
2780
+ "text": {
2781
+ "norms": false,
2782
+ "type": "text"
2783
+ }
2784
+ },
2785
+ "ignore_above": 1024,
2786
+ "type": "keyword"
2787
+ },
2788
+ "reference": {
2789
+ "ignore_above": 1024,
2790
+ "type": "keyword"
2791
+ },
2792
+ "subtechnique": {
2793
+ "properties": {
2794
+ "id": {
2795
+ "ignore_above": 1024,
2796
+ "type": "keyword"
2797
+ },
2798
+ "name": {
2799
+ "fields": {
2800
+ "text": {
2801
+ "norms": false,
2802
+ "type": "text"
2803
+ }
2804
+ },
2805
+ "ignore_above": 1024,
2806
+ "type": "keyword"
2807
+ },
2808
+ "reference": {
2809
+ "ignore_above": 1024,
2810
+ "type": "keyword"
2811
+ }
2812
+ }
2813
+ }
2814
+ }
2815
+ }
2816
+ }
2817
+ },
2818
+ "tls": {
2819
+ "properties": {
2820
+ "cipher": {
2821
+ "ignore_above": 1024,
2822
+ "type": "keyword"
2823
+ },
2824
+ "client": {
2825
+ "properties": {
2826
+ "certificate": {
2827
+ "ignore_above": 1024,
2828
+ "type": "keyword"
2829
+ },
2830
+ "certificate_chain": {
2831
+ "ignore_above": 1024,
2832
+ "type": "keyword"
2833
+ },
2834
+ "hash": {
2835
+ "properties": {
2836
+ "md5": {
2837
+ "ignore_above": 1024,
2838
+ "type": "keyword"
2839
+ },
2840
+ "sha1": {
2841
+ "ignore_above": 1024,
2842
+ "type": "keyword"
2843
+ },
2844
+ "sha256": {
2845
+ "ignore_above": 1024,
2846
+ "type": "keyword"
2847
+ }
2848
+ }
2849
+ },
2850
+ "issuer": {
2851
+ "ignore_above": 1024,
2852
+ "type": "keyword"
2853
+ },
2854
+ "ja3": {
2855
+ "ignore_above": 1024,
2856
+ "type": "keyword"
2857
+ },
2858
+ "not_after": {
2859
+ "type": "date"
2860
+ },
2861
+ "not_before": {
2862
+ "type": "date"
2863
+ },
2864
+ "server_name": {
2865
+ "ignore_above": 1024,
2866
+ "type": "keyword"
2867
+ },
2868
+ "subject": {
2869
+ "ignore_above": 1024,
2870
+ "type": "keyword"
2871
+ },
2872
+ "supported_ciphers": {
2873
+ "ignore_above": 1024,
2874
+ "type": "keyword"
2875
+ },
2876
+ "x509": {
2877
+ "properties": {
2878
+ "alternative_names": {
2879
+ "ignore_above": 1024,
2880
+ "type": "keyword"
2881
+ },
2882
+ "issuer": {
2883
+ "properties": {
2884
+ "common_name": {
2885
+ "ignore_above": 1024,
2886
+ "type": "keyword"
2887
+ },
2888
+ "country": {
2889
+ "ignore_above": 1024,
2890
+ "type": "keyword"
2891
+ },
2892
+ "distinguished_name": {
2893
+ "ignore_above": 1024,
2894
+ "type": "keyword"
2895
+ },
2896
+ "locality": {
2897
+ "ignore_above": 1024,
2898
+ "type": "keyword"
2899
+ },
2900
+ "organization": {
2901
+ "ignore_above": 1024,
2902
+ "type": "keyword"
2903
+ },
2904
+ "organizational_unit": {
2905
+ "ignore_above": 1024,
2906
+ "type": "keyword"
2907
+ },
2908
+ "state_or_province": {
2909
+ "ignore_above": 1024,
2910
+ "type": "keyword"
2911
+ }
2912
+ }
2913
+ },
2914
+ "not_after": {
2915
+ "type": "date"
2916
+ },
2917
+ "not_before": {
2918
+ "type": "date"
2919
+ },
2920
+ "public_key_algorithm": {
2921
+ "ignore_above": 1024,
2922
+ "type": "keyword"
2923
+ },
2924
+ "public_key_curve": {
2925
+ "ignore_above": 1024,
2926
+ "type": "keyword"
2927
+ },
2928
+ "public_key_exponent": {
2929
+ "doc_values": false,
2930
+ "index": false,
2931
+ "type": "long"
2932
+ },
2933
+ "public_key_size": {
2934
+ "type": "long"
2935
+ },
2936
+ "serial_number": {
2937
+ "ignore_above": 1024,
2938
+ "type": "keyword"
2939
+ },
2940
+ "signature_algorithm": {
2941
+ "ignore_above": 1024,
2942
+ "type": "keyword"
2943
+ },
2944
+ "subject": {
2945
+ "properties": {
2946
+ "common_name": {
2947
+ "ignore_above": 1024,
2948
+ "type": "keyword"
2949
+ },
2950
+ "country": {
2951
+ "ignore_above": 1024,
2952
+ "type": "keyword"
2953
+ },
2954
+ "distinguished_name": {
2955
+ "ignore_above": 1024,
2956
+ "type": "keyword"
2957
+ },
2958
+ "locality": {
2959
+ "ignore_above": 1024,
2960
+ "type": "keyword"
2961
+ },
2962
+ "organization": {
2963
+ "ignore_above": 1024,
2964
+ "type": "keyword"
2965
+ },
2966
+ "organizational_unit": {
2967
+ "ignore_above": 1024,
2968
+ "type": "keyword"
2969
+ },
2970
+ "state_or_province": {
2971
+ "ignore_above": 1024,
2972
+ "type": "keyword"
2973
+ }
2974
+ }
2975
+ },
2976
+ "version_number": {
2977
+ "ignore_above": 1024,
2978
+ "type": "keyword"
2979
+ }
2980
+ }
2981
+ }
2982
+ }
2983
+ },
2984
+ "curve": {
2985
+ "ignore_above": 1024,
2986
+ "type": "keyword"
2987
+ },
2988
+ "established": {
2989
+ "type": "boolean"
2990
+ },
2991
+ "next_protocol": {
2992
+ "ignore_above": 1024,
2993
+ "type": "keyword"
2994
+ },
2995
+ "resumed": {
2996
+ "type": "boolean"
2997
+ },
2998
+ "server": {
2999
+ "properties": {
3000
+ "certificate": {
3001
+ "ignore_above": 1024,
3002
+ "type": "keyword"
3003
+ },
3004
+ "certificate_chain": {
3005
+ "ignore_above": 1024,
3006
+ "type": "keyword"
3007
+ },
3008
+ "hash": {
3009
+ "properties": {
3010
+ "md5": {
3011
+ "ignore_above": 1024,
3012
+ "type": "keyword"
3013
+ },
3014
+ "sha1": {
3015
+ "ignore_above": 1024,
3016
+ "type": "keyword"
3017
+ },
3018
+ "sha256": {
3019
+ "ignore_above": 1024,
3020
+ "type": "keyword"
3021
+ }
3022
+ }
3023
+ },
3024
+ "issuer": {
3025
+ "ignore_above": 1024,
3026
+ "type": "keyword"
3027
+ },
3028
+ "ja3s": {
3029
+ "ignore_above": 1024,
3030
+ "type": "keyword"
3031
+ },
3032
+ "not_after": {
3033
+ "type": "date"
3034
+ },
3035
+ "not_before": {
3036
+ "type": "date"
3037
+ },
3038
+ "subject": {
3039
+ "ignore_above": 1024,
3040
+ "type": "keyword"
3041
+ },
3042
+ "x509": {
3043
+ "properties": {
3044
+ "alternative_names": {
3045
+ "ignore_above": 1024,
3046
+ "type": "keyword"
3047
+ },
3048
+ "issuer": {
3049
+ "properties": {
3050
+ "common_name": {
3051
+ "ignore_above": 1024,
3052
+ "type": "keyword"
3053
+ },
3054
+ "country": {
3055
+ "ignore_above": 1024,
3056
+ "type": "keyword"
3057
+ },
3058
+ "distinguished_name": {
3059
+ "ignore_above": 1024,
3060
+ "type": "keyword"
3061
+ },
3062
+ "locality": {
3063
+ "ignore_above": 1024,
3064
+ "type": "keyword"
3065
+ },
3066
+ "organization": {
3067
+ "ignore_above": 1024,
3068
+ "type": "keyword"
3069
+ },
3070
+ "organizational_unit": {
3071
+ "ignore_above": 1024,
3072
+ "type": "keyword"
3073
+ },
3074
+ "state_or_province": {
3075
+ "ignore_above": 1024,
3076
+ "type": "keyword"
3077
+ }
3078
+ }
3079
+ },
3080
+ "not_after": {
3081
+ "type": "date"
3082
+ },
3083
+ "not_before": {
3084
+ "type": "date"
3085
+ },
3086
+ "public_key_algorithm": {
3087
+ "ignore_above": 1024,
3088
+ "type": "keyword"
3089
+ },
3090
+ "public_key_curve": {
3091
+ "ignore_above": 1024,
3092
+ "type": "keyword"
3093
+ },
3094
+ "public_key_exponent": {
3095
+ "doc_values": false,
3096
+ "index": false,
3097
+ "type": "long"
3098
+ },
3099
+ "public_key_size": {
3100
+ "type": "long"
3101
+ },
3102
+ "serial_number": {
3103
+ "ignore_above": 1024,
3104
+ "type": "keyword"
3105
+ },
3106
+ "signature_algorithm": {
3107
+ "ignore_above": 1024,
3108
+ "type": "keyword"
3109
+ },
3110
+ "subject": {
3111
+ "properties": {
3112
+ "common_name": {
3113
+ "ignore_above": 1024,
3114
+ "type": "keyword"
3115
+ },
3116
+ "country": {
3117
+ "ignore_above": 1024,
3118
+ "type": "keyword"
3119
+ },
3120
+ "distinguished_name": {
3121
+ "ignore_above": 1024,
3122
+ "type": "keyword"
3123
+ },
3124
+ "locality": {
3125
+ "ignore_above": 1024,
3126
+ "type": "keyword"
3127
+ },
3128
+ "organization": {
3129
+ "ignore_above": 1024,
3130
+ "type": "keyword"
3131
+ },
3132
+ "organizational_unit": {
3133
+ "ignore_above": 1024,
3134
+ "type": "keyword"
3135
+ },
3136
+ "state_or_province": {
3137
+ "ignore_above": 1024,
3138
+ "type": "keyword"
3139
+ }
3140
+ }
3141
+ },
3142
+ "version_number": {
3143
+ "ignore_above": 1024,
3144
+ "type": "keyword"
3145
+ }
3146
+ }
3147
+ }
3148
+ }
3149
+ },
3150
+ "version": {
3151
+ "ignore_above": 1024,
3152
+ "type": "keyword"
3153
+ },
3154
+ "version_protocol": {
3155
+ "ignore_above": 1024,
3156
+ "type": "keyword"
3157
+ }
3158
+ }
3159
+ },
3160
+ "trace": {
3161
+ "properties": {
3162
+ "id": {
3163
+ "ignore_above": 1024,
3164
+ "type": "keyword"
3165
+ }
3166
+ }
3167
+ },
3168
+ "transaction": {
3169
+ "properties": {
3170
+ "id": {
3171
+ "ignore_above": 1024,
3172
+ "type": "keyword"
3173
+ }
3174
+ }
3175
+ },
3176
+ "url": {
3177
+ "properties": {
3178
+ "domain": {
3179
+ "ignore_above": 1024,
3180
+ "type": "keyword"
3181
+ },
3182
+ "extension": {
3183
+ "ignore_above": 1024,
3184
+ "type": "keyword"
3185
+ },
3186
+ "fragment": {
3187
+ "ignore_above": 1024,
3188
+ "type": "keyword"
3189
+ },
3190
+ "full": {
3191
+ "fields": {
3192
+ "text": {
3193
+ "norms": false,
3194
+ "type": "text"
3195
+ }
3196
+ },
3197
+ "ignore_above": 1024,
3198
+ "type": "keyword"
3199
+ },
3200
+ "original": {
3201
+ "fields": {
3202
+ "text": {
3203
+ "norms": false,
3204
+ "type": "text"
3205
+ }
3206
+ },
3207
+ "ignore_above": 1024,
3208
+ "type": "keyword"
3209
+ },
3210
+ "password": {
3211
+ "ignore_above": 1024,
3212
+ "type": "keyword"
3213
+ },
3214
+ "path": {
3215
+ "ignore_above": 1024,
3216
+ "type": "keyword"
3217
+ },
3218
+ "port": {
3219
+ "type": "long"
3220
+ },
3221
+ "query": {
3222
+ "ignore_above": 1024,
3223
+ "type": "keyword"
3224
+ },
3225
+ "registered_domain": {
3226
+ "ignore_above": 1024,
3227
+ "type": "keyword"
3228
+ },
3229
+ "scheme": {
3230
+ "ignore_above": 1024,
3231
+ "type": "keyword"
3232
+ },
3233
+ "subdomain": {
3234
+ "ignore_above": 1024,
3235
+ "type": "keyword"
3236
+ },
3237
+ "top_level_domain": {
3238
+ "ignore_above": 1024,
3239
+ "type": "keyword"
3240
+ },
3241
+ "username": {
3242
+ "ignore_above": 1024,
3243
+ "type": "keyword"
3244
+ }
3245
+ }
3246
+ },
3247
+ "user": {
3248
+ "properties": {
3249
+ "changes": {
3250
+ "properties": {
3251
+ "domain": {
3252
+ "ignore_above": 1024,
3253
+ "type": "keyword"
3254
+ },
3255
+ "email": {
3256
+ "ignore_above": 1024,
3257
+ "type": "keyword"
3258
+ },
3259
+ "full_name": {
3260
+ "fields": {
3261
+ "text": {
3262
+ "norms": false,
3263
+ "type": "text"
3264
+ }
3265
+ },
3266
+ "ignore_above": 1024,
3267
+ "type": "keyword"
3268
+ },
3269
+ "group": {
3270
+ "properties": {
3271
+ "domain": {
3272
+ "ignore_above": 1024,
3273
+ "type": "keyword"
3274
+ },
3275
+ "id": {
3276
+ "ignore_above": 1024,
3277
+ "type": "keyword"
3278
+ },
3279
+ "name": {
3280
+ "ignore_above": 1024,
3281
+ "type": "keyword"
3282
+ }
3283
+ }
3284
+ },
3285
+ "hash": {
3286
+ "ignore_above": 1024,
3287
+ "type": "keyword"
3288
+ },
3289
+ "id": {
3290
+ "ignore_above": 1024,
3291
+ "type": "keyword"
3292
+ },
3293
+ "name": {
3294
+ "fields": {
3295
+ "text": {
3296
+ "norms": false,
3297
+ "type": "text"
3298
+ }
3299
+ },
3300
+ "ignore_above": 1024,
3301
+ "type": "keyword"
3302
+ },
3303
+ "roles": {
3304
+ "ignore_above": 1024,
3305
+ "type": "keyword"
3306
+ }
3307
+ }
3308
+ },
3309
+ "domain": {
3310
+ "ignore_above": 1024,
3311
+ "type": "keyword"
3312
+ },
3313
+ "effective": {
3314
+ "properties": {
3315
+ "domain": {
3316
+ "ignore_above": 1024,
3317
+ "type": "keyword"
3318
+ },
3319
+ "email": {
3320
+ "ignore_above": 1024,
3321
+ "type": "keyword"
3322
+ },
3323
+ "full_name": {
3324
+ "fields": {
3325
+ "text": {
3326
+ "norms": false,
3327
+ "type": "text"
3328
+ }
3329
+ },
3330
+ "ignore_above": 1024,
3331
+ "type": "keyword"
3332
+ },
3333
+ "group": {
3334
+ "properties": {
3335
+ "domain": {
3336
+ "ignore_above": 1024,
3337
+ "type": "keyword"
3338
+ },
3339
+ "id": {
3340
+ "ignore_above": 1024,
3341
+ "type": "keyword"
3342
+ },
3343
+ "name": {
3344
+ "ignore_above": 1024,
3345
+ "type": "keyword"
3346
+ }
3347
+ }
3348
+ },
3349
+ "hash": {
3350
+ "ignore_above": 1024,
3351
+ "type": "keyword"
3352
+ },
3353
+ "id": {
3354
+ "ignore_above": 1024,
3355
+ "type": "keyword"
3356
+ },
3357
+ "name": {
3358
+ "fields": {
3359
+ "text": {
3360
+ "norms": false,
3361
+ "type": "text"
3362
+ }
3363
+ },
3364
+ "ignore_above": 1024,
3365
+ "type": "keyword"
3366
+ },
3367
+ "roles": {
3368
+ "ignore_above": 1024,
3369
+ "type": "keyword"
3370
+ }
3371
+ }
3372
+ },
3373
+ "email": {
3374
+ "ignore_above": 1024,
3375
+ "type": "keyword"
3376
+ },
3377
+ "full_name": {
3378
+ "fields": {
3379
+ "text": {
3380
+ "norms": false,
3381
+ "type": "text"
3382
+ }
3383
+ },
3384
+ "ignore_above": 1024,
3385
+ "type": "keyword"
3386
+ },
3387
+ "group": {
3388
+ "properties": {
3389
+ "domain": {
3390
+ "ignore_above": 1024,
3391
+ "type": "keyword"
3392
+ },
3393
+ "id": {
3394
+ "ignore_above": 1024,
3395
+ "type": "keyword"
3396
+ },
3397
+ "name": {
3398
+ "ignore_above": 1024,
3399
+ "type": "keyword"
3400
+ }
3401
+ }
3402
+ },
3403
+ "hash": {
3404
+ "ignore_above": 1024,
3405
+ "type": "keyword"
3406
+ },
3407
+ "id": {
3408
+ "ignore_above": 1024,
3409
+ "type": "keyword"
3410
+ },
3411
+ "name": {
3412
+ "fields": {
3413
+ "text": {
3414
+ "norms": false,
3415
+ "type": "text"
3416
+ }
3417
+ },
3418
+ "ignore_above": 1024,
3419
+ "type": "keyword"
3420
+ },
3421
+ "roles": {
3422
+ "ignore_above": 1024,
3423
+ "type": "keyword"
3424
+ },
3425
+ "target": {
3426
+ "properties": {
3427
+ "domain": {
3428
+ "ignore_above": 1024,
3429
+ "type": "keyword"
3430
+ },
3431
+ "email": {
3432
+ "ignore_above": 1024,
3433
+ "type": "keyword"
3434
+ },
3435
+ "full_name": {
3436
+ "fields": {
3437
+ "text": {
3438
+ "norms": false,
3439
+ "type": "text"
3440
+ }
3441
+ },
3442
+ "ignore_above": 1024,
3443
+ "type": "keyword"
3444
+ },
3445
+ "group": {
3446
+ "properties": {
3447
+ "domain": {
3448
+ "ignore_above": 1024,
3449
+ "type": "keyword"
3450
+ },
3451
+ "id": {
3452
+ "ignore_above": 1024,
3453
+ "type": "keyword"
3454
+ },
3455
+ "name": {
3456
+ "ignore_above": 1024,
3457
+ "type": "keyword"
3458
+ }
3459
+ }
3460
+ },
3461
+ "hash": {
3462
+ "ignore_above": 1024,
3463
+ "type": "keyword"
3464
+ },
3465
+ "id": {
3466
+ "ignore_above": 1024,
3467
+ "type": "keyword"
3468
+ },
3469
+ "name": {
3470
+ "fields": {
3471
+ "text": {
3472
+ "norms": false,
3473
+ "type": "text"
3474
+ }
3475
+ },
3476
+ "ignore_above": 1024,
3477
+ "type": "keyword"
3478
+ },
3479
+ "roles": {
3480
+ "ignore_above": 1024,
3481
+ "type": "keyword"
3482
+ }
3483
+ }
3484
+ }
3485
+ }
3486
+ },
3487
+ "user_agent": {
3488
+ "properties": {
3489
+ "device": {
3490
+ "properties": {
3491
+ "name": {
3492
+ "ignore_above": 1024,
3493
+ "type": "keyword"
3494
+ }
3495
+ }
3496
+ },
3497
+ "name": {
3498
+ "ignore_above": 1024,
3499
+ "type": "keyword"
3500
+ },
3501
+ "original": {
3502
+ "fields": {
3503
+ "text": {
3504
+ "norms": false,
3505
+ "type": "text"
3506
+ }
3507
+ },
3508
+ "ignore_above": 1024,
3509
+ "type": "keyword"
3510
+ },
3511
+ "os": {
3512
+ "properties": {
3513
+ "family": {
3514
+ "ignore_above": 1024,
3515
+ "type": "keyword"
3516
+ },
3517
+ "full": {
3518
+ "fields": {
3519
+ "text": {
3520
+ "norms": false,
3521
+ "type": "text"
3522
+ }
3523
+ },
3524
+ "ignore_above": 1024,
3525
+ "type": "keyword"
3526
+ },
3527
+ "kernel": {
3528
+ "ignore_above": 1024,
3529
+ "type": "keyword"
3530
+ },
3531
+ "name": {
3532
+ "fields": {
3533
+ "text": {
3534
+ "norms": false,
3535
+ "type": "text"
3536
+ }
3537
+ },
3538
+ "ignore_above": 1024,
3539
+ "type": "keyword"
3540
+ },
3541
+ "platform": {
3542
+ "ignore_above": 1024,
3543
+ "type": "keyword"
3544
+ },
3545
+ "type": {
3546
+ "ignore_above": 1024,
3547
+ "type": "keyword"
3548
+ },
3549
+ "version": {
3550
+ "ignore_above": 1024,
3551
+ "type": "keyword"
3552
+ }
3553
+ }
3554
+ },
3555
+ "version": {
3556
+ "ignore_above": 1024,
3557
+ "type": "keyword"
3558
+ }
3559
+ }
3560
+ },
3561
+ "vulnerability": {
3562
+ "properties": {
3563
+ "category": {
3564
+ "ignore_above": 1024,
3565
+ "type": "keyword"
3566
+ },
3567
+ "classification": {
3568
+ "ignore_above": 1024,
3569
+ "type": "keyword"
3570
+ },
3571
+ "description": {
3572
+ "fields": {
3573
+ "text": {
3574
+ "norms": false,
3575
+ "type": "text"
3576
+ }
3577
+ },
3578
+ "ignore_above": 1024,
3579
+ "type": "keyword"
3580
+ },
3581
+ "enumeration": {
3582
+ "ignore_above": 1024,
3583
+ "type": "keyword"
3584
+ },
3585
+ "id": {
3586
+ "ignore_above": 1024,
3587
+ "type": "keyword"
3588
+ },
3589
+ "reference": {
3590
+ "ignore_above": 1024,
3591
+ "type": "keyword"
3592
+ },
3593
+ "report_id": {
3594
+ "ignore_above": 1024,
3595
+ "type": "keyword"
3596
+ },
3597
+ "scanner": {
3598
+ "properties": {
3599
+ "vendor": {
3600
+ "ignore_above": 1024,
3601
+ "type": "keyword"
3602
+ }
3603
+ }
3604
+ },
3605
+ "score": {
3606
+ "properties": {
3607
+ "base": {
3608
+ "type": "float"
3609
+ },
3610
+ "environmental": {
3611
+ "type": "float"
3612
+ },
3613
+ "temporal": {
3614
+ "type": "float"
3615
+ },
3616
+ "version": {
3617
+ "ignore_above": 1024,
3618
+ "type": "keyword"
3619
+ }
3620
+ }
3621
+ },
3622
+ "severity": {
3623
+ "ignore_above": 1024,
3624
+ "type": "keyword"
3625
+ }
3626
+ }
3627
+ }
3628
+ }
3629
+ }
3630
+ }
3631
+ }