logstash-output-opensearch 2.0.0-java → 2.0.1-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/MAINTAINERS.md +9 -69
  4. data/README.md +1 -1
  5. data/RELEASING.md +5 -1
  6. data/lib/logstash/outputs/opensearch/http_client.rb +18 -3
  7. data/logstash-output-opensearch.gemspec +1 -1
  8. data.tar.gz.sig +0 -0
  9. metadata +15 -22
  10. metadata.gz.sig +0 -0
  11. data/lib/logstash/outputs/opensearch/templates/ecs-v1/1x.json +0 -3629
  12. data/lib/logstash/outputs/opensearch/templates/ecs-v1/1x_index.json +0 -3631
  13. data/lib/logstash/outputs/opensearch/templates/ecs-v1/2x.json +0 -3629
  14. data/lib/logstash/outputs/opensearch/templates/ecs-v1/2x_index.json +0 -3631
  15. data/lib/logstash/outputs/opensearch/templates/ecs-v1/7x.json +0 -3629
  16. data/lib/logstash/outputs/opensearch/templates/ecs-v1/7x_index.json +0 -3631
data/lib/logstash/outputs/opensearch/templates/ecs-v1/1x.json DELETED
@@ -1,3629 +0,0 @@
1
- {
2
- "index_patterns": [
3
- "ecs-logstash-*"
4
- ],
5
- "mappings": {
6
- "_meta": {
7
- "version": "1.9.0"
8
- },
9
- "date_detection": false,
10
- "dynamic_templates": [
11
- {
12
- "strings_as_keyword": {
13
- "mapping": {
14
- "ignore_above": 1024,
15
- "type": "keyword"
16
- },
17
- "match_mapping_type": "string"
18
- }
19
- }
20
- ],
21
- "properties": {
22
- "@timestamp": {
23
- "type": "date"
24
- },
25
- "agent": {
26
- "properties": {
27
- "build": {
28
- "properties": {
29
- "original": {
30
- "ignore_above": 1024,
31
- "type": "keyword"
32
- }
33
- }
34
- },
35
- "ephemeral_id": {
36
- "ignore_above": 1024,
37
- "type": "keyword"
38
- },
39
- "id": {
40
- "ignore_above": 1024,
41
- "type": "keyword"
42
- },
43
- "name": {
44
- "ignore_above": 1024,
45
- "type": "keyword"
46
- },
47
- "type": {
48
- "ignore_above": 1024,
49
- "type": "keyword"
50
- },
51
- "version": {
52
- "ignore_above": 1024,
53
- "type": "keyword"
54
- }
55
- }
56
- },
57
- "client": {
58
- "properties": {
59
- "address": {
60
- "ignore_above": 1024,
61
- "type": "keyword"
62
- },
63
- "as": {
64
- "properties": {
65
- "number": {
66
- "type": "long"
67
- },
68
- "organization": {
69
- "properties": {
70
- "name": {
71
- "fields": {
72
- "text": {
73
- "norms": false,
74
- "type": "text"
75
- }
76
- },
77
- "ignore_above": 1024,
78
- "type": "keyword"
79
- }
80
- }
81
- }
82
- }
83
- },
84
- "bytes": {
85
- "type": "long"
86
- },
87
- "domain": {
88
- "ignore_above": 1024,
89
- "type": "keyword"
90
- },
91
- "geo": {
92
- "properties": {
93
- "city_name": {
94
- "ignore_above": 1024,
95
- "type": "keyword"
96
- },
97
- "continent_code": {
98
- "ignore_above": 1024,
99
- "type": "keyword"
100
- },
101
- "continent_name": {
102
- "ignore_above": 1024,
103
- "type": "keyword"
104
- },
105
- "country_iso_code": {
106
- "ignore_above": 1024,
107
- "type": "keyword"
108
- },
109
- "country_name": {
110
- "ignore_above": 1024,
111
- "type": "keyword"
112
- },
113
- "location": {
114
- "type": "geo_point"
115
- },
116
- "name": {
117
- "ignore_above": 1024,
118
- "type": "keyword"
119
- },
120
- "postal_code": {
121
- "ignore_above": 1024,
122
- "type": "keyword"
123
- },
124
- "region_iso_code": {
125
- "ignore_above": 1024,
126
- "type": "keyword"
127
- },
128
- "region_name": {
129
- "ignore_above": 1024,
130
- "type": "keyword"
131
- },
132
- "timezone": {
133
- "ignore_above": 1024,
134
- "type": "keyword"
135
- }
136
- }
137
- },
138
- "ip": {
139
- "type": "ip"
140
- },
141
- "mac": {
142
- "ignore_above": 1024,
143
- "type": "keyword"
144
- },
145
- "nat": {
146
- "properties": {
147
- "ip": {
148
- "type": "ip"
149
- },
150
- "port": {
151
- "type": "long"
152
- }
153
- }
154
- },
155
- "packets": {
156
- "type": "long"
157
- },
158
- "port": {
159
- "type": "long"
160
- },
161
- "registered_domain": {
162
- "ignore_above": 1024,
163
- "type": "keyword"
164
- },
165
- "subdomain": {
166
- "ignore_above": 1024,
167
- "type": "keyword"
168
- },
169
- "top_level_domain": {
170
- "ignore_above": 1024,
171
- "type": "keyword"
172
- },
173
- "user": {
174
- "properties": {
175
- "domain": {
176
- "ignore_above": 1024,
177
- "type": "keyword"
178
- },
179
- "email": {
180
- "ignore_above": 1024,
181
- "type": "keyword"
182
- },
183
- "full_name": {
184
- "fields": {
185
- "text": {
186
- "norms": false,
187
- "type": "text"
188
- }
189
- },
190
- "ignore_above": 1024,
191
- "type": "keyword"
192
- },
193
- "group": {
194
- "properties": {
195
- "domain": {
196
- "ignore_above": 1024,
197
- "type": "keyword"
198
- },
199
- "id": {
200
- "ignore_above": 1024,
201
- "type": "keyword"
202
- },
203
- "name": {
204
- "ignore_above": 1024,
205
- "type": "keyword"
206
- }
207
- }
208
- },
209
- "hash": {
210
- "ignore_above": 1024,
211
- "type": "keyword"
212
- },
213
- "id": {
214
- "ignore_above": 1024,
215
- "type": "keyword"
216
- },
217
- "name": {
218
- "fields": {
219
- "text": {
220
- "norms": false,
221
- "type": "text"
222
- }
223
- },
224
- "ignore_above": 1024,
225
- "type": "keyword"
226
- },
227
- "roles": {
228
- "ignore_above": 1024,
229
- "type": "keyword"
230
- }
231
- }
232
- }
233
- }
234
- },
235
- "cloud": {
236
- "properties": {
237
- "account": {
238
- "properties": {
239
- "id": {
240
- "ignore_above": 1024,
241
- "type": "keyword"
242
- },
243
- "name": {
244
- "ignore_above": 1024,
245
- "type": "keyword"
246
- }
247
- }
248
- },
249
- "availability_zone": {
250
- "ignore_above": 1024,
251
- "type": "keyword"
252
- },
253
- "instance": {
254
- "properties": {
255
- "id": {
256
- "ignore_above": 1024,
257
- "type": "keyword"
258
- },
259
- "name": {
260
- "ignore_above": 1024,
261
- "type": "keyword"
262
- }
263
- }
264
- },
265
- "machine": {
266
- "properties": {
267
- "type": {
268
- "ignore_above": 1024,
269
- "type": "keyword"
270
- }
271
- }
272
- },
273
- "project": {
274
- "properties": {
275
- "id": {
276
- "ignore_above": 1024,
277
- "type": "keyword"
278
- },
279
- "name": {
280
- "ignore_above": 1024,
281
- "type": "keyword"
282
- }
283
- }
284
- },
285
- "provider": {
286
- "ignore_above": 1024,
287
- "type": "keyword"
288
- },
289
- "region": {
290
- "ignore_above": 1024,
291
- "type": "keyword"
292
- },
293
- "service": {
294
- "properties": {
295
- "name": {
296
- "ignore_above": 1024,
297
- "type": "keyword"
298
- }
299
- }
300
- }
301
- }
302
- },
303
- "container": {
304
- "properties": {
305
- "id": {
306
- "ignore_above": 1024,
307
- "type": "keyword"
308
- },
309
- "image": {
310
- "properties": {
311
- "name": {
312
- "ignore_above": 1024,
313
- "type": "keyword"
314
- },
315
- "tag": {
316
- "ignore_above": 1024,
317
- "type": "keyword"
318
- }
319
- }
320
- },
321
- "labels": {
322
- "type": "object"
323
- },
324
- "name": {
325
- "ignore_above": 1024,
326
- "type": "keyword"
327
- },
328
- "runtime": {
329
- "ignore_above": 1024,
330
- "type": "keyword"
331
- }
332
- }
333
- },
334
- "destination": {
335
- "properties": {
336
- "address": {
337
- "ignore_above": 1024,
338
- "type": "keyword"
339
- },
340
- "as": {
341
- "properties": {
342
- "number": {
343
- "type": "long"
344
- },
345
- "organization": {
346
- "properties": {
347
- "name": {
348
- "fields": {
349
- "text": {
350
- "norms": false,
351
- "type": "text"
352
- }
353
- },
354
- "ignore_above": 1024,
355
- "type": "keyword"
356
- }
357
- }
358
- }
359
- }
360
- },
361
- "bytes": {
362
- "type": "long"
363
- },
364
- "domain": {
365
- "ignore_above": 1024,
366
- "type": "keyword"
367
- },
368
- "geo": {
369
- "properties": {
370
- "city_name": {
371
- "ignore_above": 1024,
372
- "type": "keyword"
373
- },
374
- "continent_code": {
375
- "ignore_above": 1024,
376
- "type": "keyword"
377
- },
378
- "continent_name": {
379
- "ignore_above": 1024,
380
- "type": "keyword"
381
- },
382
- "country_iso_code": {
383
- "ignore_above": 1024,
384
- "type": "keyword"
385
- },
386
- "country_name": {
387
- "ignore_above": 1024,
388
- "type": "keyword"
389
- },
390
- "location": {
391
- "type": "geo_point"
392
- },
393
- "name": {
394
- "ignore_above": 1024,
395
- "type": "keyword"
396
- },
397
- "postal_code": {
398
- "ignore_above": 1024,
399
- "type": "keyword"
400
- },
401
- "region_iso_code": {
402
- "ignore_above": 1024,
403
- "type": "keyword"
404
- },
405
- "region_name": {
406
- "ignore_above": 1024,
407
- "type": "keyword"
408
- },
409
- "timezone": {
410
- "ignore_above": 1024,
411
- "type": "keyword"
412
- }
413
- }
414
- },
415
- "ip": {
416
- "type": "ip"
417
- },
418
- "mac": {
419
- "ignore_above": 1024,
420
- "type": "keyword"
421
- },
422
- "nat": {
423
- "properties": {
424
- "ip": {
425
- "type": "ip"
426
- },
427
- "port": {
428
- "type": "long"
429
- }
430
- }
431
- },
432
- "packets": {
433
- "type": "long"
434
- },
435
- "port": {
436
- "type": "long"
437
- },
438
- "registered_domain": {
439
- "ignore_above": 1024,
440
- "type": "keyword"
441
- },
442
- "subdomain": {
443
- "ignore_above": 1024,
444
- "type": "keyword"
445
- },
446
- "top_level_domain": {
447
- "ignore_above": 1024,
448
- "type": "keyword"
449
- },
450
- "user": {
451
- "properties": {
452
- "domain": {
453
- "ignore_above": 1024,
454
- "type": "keyword"
455
- },
456
- "email": {
457
- "ignore_above": 1024,
458
- "type": "keyword"
459
- },
460
- "full_name": {
461
- "fields": {
462
- "text": {
463
- "norms": false,
464
- "type": "text"
465
- }
466
- },
467
- "ignore_above": 1024,
468
- "type": "keyword"
469
- },
470
- "group": {
471
- "properties": {
472
- "domain": {
473
- "ignore_above": 1024,
474
- "type": "keyword"
475
- },
476
- "id": {
477
- "ignore_above": 1024,
478
- "type": "keyword"
479
- },
480
- "name": {
481
- "ignore_above": 1024,
482
- "type": "keyword"
483
- }
484
- }
485
- },
486
- "hash": {
487
- "ignore_above": 1024,
488
- "type": "keyword"
489
- },
490
- "id": {
491
- "ignore_above": 1024,
492
- "type": "keyword"
493
- },
494
- "name": {
495
- "fields": {
496
- "text": {
497
- "norms": false,
498
- "type": "text"
499
- }
500
- },
501
- "ignore_above": 1024,
502
- "type": "keyword"
503
- },
504
- "roles": {
505
- "ignore_above": 1024,
506
- "type": "keyword"
507
- }
508
- }
509
- }
510
- }
511
- },
512
- "dll": {
513
- "properties": {
514
- "code_signature": {
515
- "properties": {
516
- "exists": {
517
- "type": "boolean"
518
- },
519
- "signing_id": {
520
- "ignore_above": 1024,
521
- "type": "keyword"
522
- },
523
- "status": {
524
- "ignore_above": 1024,
525
- "type": "keyword"
526
- },
527
- "subject_name": {
528
- "ignore_above": 1024,
529
- "type": "keyword"
530
- },
531
- "team_id": {
532
- "ignore_above": 1024,
533
- "type": "keyword"
534
- },
535
- "trusted": {
536
- "type": "boolean"
537
- },
538
- "valid": {
539
- "type": "boolean"
540
- }
541
- }
542
- },
543
- "hash": {
544
- "properties": {
545
- "md5": {
546
- "ignore_above": 1024,
547
- "type": "keyword"
548
- },
549
- "sha1": {
550
- "ignore_above": 1024,
551
- "type": "keyword"
552
- },
553
- "sha256": {
554
- "ignore_above": 1024,
555
- "type": "keyword"
556
- },
557
- "sha512": {
558
- "ignore_above": 1024,
559
- "type": "keyword"
560
- },
561
- "ssdeep": {
562
- "ignore_above": 1024,
563
- "type": "keyword"
564
- }
565
- }
566
- },
567
- "name": {
568
- "ignore_above": 1024,
569
- "type": "keyword"
570
- },
571
- "path": {
572
- "ignore_above": 1024,
573
- "type": "keyword"
574
- },
575
- "pe": {
576
- "properties": {
577
- "architecture": {
578
- "ignore_above": 1024,
579
- "type": "keyword"
580
- },
581
- "company": {
582
- "ignore_above": 1024,
583
- "type": "keyword"
584
- },
585
- "description": {
586
- "ignore_above": 1024,
587
- "type": "keyword"
588
- },
589
- "file_version": {
590
- "ignore_above": 1024,
591
- "type": "keyword"
592
- },
593
- "imphash": {
594
- "ignore_above": 1024,
595
- "type": "keyword"
596
- },
597
- "original_file_name": {
598
- "ignore_above": 1024,
599
- "type": "keyword"
600
- },
601
- "product": {
602
- "ignore_above": 1024,
603
- "type": "keyword"
604
- }
605
- }
606
- }
607
- }
608
- },
609
- "dns": {
610
- "properties": {
611
- "answers": {
612
- "properties": {
613
- "class": {
614
- "ignore_above": 1024,
615
- "type": "keyword"
616
- },
617
- "data": {
618
- "ignore_above": 1024,
619
- "type": "keyword"
620
- },
621
- "name": {
622
- "ignore_above": 1024,
623
- "type": "keyword"
624
- },
625
- "ttl": {
626
- "type": "long"
627
- },
628
- "type": {
629
- "ignore_above": 1024,
630
- "type": "keyword"
631
- }
632
- },
633
- "type": "object"
634
- },
635
- "header_flags": {
636
- "ignore_above": 1024,
637
- "type": "keyword"
638
- },
639
- "id": {
640
- "ignore_above": 1024,
641
- "type": "keyword"
642
- },
643
- "op_code": {
644
- "ignore_above": 1024,
645
- "type": "keyword"
646
- },
647
- "question": {
648
- "properties": {
649
- "class": {
650
- "ignore_above": 1024,
651
- "type": "keyword"
652
- },
653
- "name": {
654
- "ignore_above": 1024,
655
- "type": "keyword"
656
- },
657
- "registered_domain": {
658
- "ignore_above": 1024,
659
- "type": "keyword"
660
- },
661
- "subdomain": {
662
- "ignore_above": 1024,
663
- "type": "keyword"
664
- },
665
- "top_level_domain": {
666
- "ignore_above": 1024,
667
- "type": "keyword"
668
- },
669
- "type": {
670
- "ignore_above": 1024,
671
- "type": "keyword"
672
- }
673
- }
674
- },
675
- "resolved_ip": {
676
- "type": "ip"
677
- },
678
- "response_code": {
679
- "ignore_above": 1024,
680
- "type": "keyword"
681
- },
682
- "type": {
683
- "ignore_above": 1024,
684
- "type": "keyword"
685
- }
686
- }
687
- },
688
- "ecs": {
689
- "properties": {
690
- "version": {
691
- "ignore_above": 1024,
692
- "type": "keyword"
693
- }
694
- }
695
- },
696
- "error": {
697
- "properties": {
698
- "code": {
699
- "ignore_above": 1024,
700
- "type": "keyword"
701
- },
702
- "id": {
703
- "ignore_above": 1024,
704
- "type": "keyword"
705
- },
706
- "message": {
707
- "norms": false,
708
- "type": "text"
709
- },
710
- "stack_trace": {
711
- "doc_values": false,
712
- "fields": {
713
- "text": {
714
- "norms": false,
715
- "type": "text"
716
- }
717
- },
718
- "ignore_above": 1024,
719
- "index": false,
720
- "type": "keyword"
721
- },
722
- "type": {
723
- "ignore_above": 1024,
724
- "type": "keyword"
725
- }
726
- }
727
- },
728
- "event": {
729
- "properties": {
730
- "action": {
731
- "ignore_above": 1024,
732
- "type": "keyword"
733
- },
734
- "category": {
735
- "ignore_above": 1024,
736
- "type": "keyword"
737
- },
738
- "code": {
739
- "ignore_above": 1024,
740
- "type": "keyword"
741
- },
742
- "created": {
743
- "type": "date"
744
- },
745
- "dataset": {
746
- "ignore_above": 1024,
747
- "type": "keyword"
748
- },
749
- "duration": {
750
- "type": "long"
751
- },
752
- "end": {
753
- "type": "date"
754
- },
755
- "hash": {
756
- "ignore_above": 1024,
757
- "type": "keyword"
758
- },
759
- "id": {
760
- "ignore_above": 1024,
761
- "type": "keyword"
762
- },
763
- "ingested": {
764
- "type": "date"
765
- },
766
- "kind": {
767
- "ignore_above": 1024,
768
- "type": "keyword"
769
- },
770
- "module": {
771
- "ignore_above": 1024,
772
- "type": "keyword"
773
- },
774
- "original": {
775
- "doc_values": false,
776
- "ignore_above": 1024,
777
- "index": false,
778
- "type": "keyword"
779
- },
780
- "outcome": {
781
- "ignore_above": 1024,
782
- "type": "keyword"
783
- },
784
- "provider": {
785
- "ignore_above": 1024,
786
- "type": "keyword"
787
- },
788
- "reason": {
789
- "ignore_above": 1024,
790
- "type": "keyword"
791
- },
792
- "reference": {
793
- "ignore_above": 1024,
794
- "type": "keyword"
795
- },
796
- "risk_score": {
797
- "type": "float"
798
- },
799
- "risk_score_norm": {
800
- "type": "float"
801
- },
802
- "sequence": {
803
- "type": "long"
804
- },
805
- "severity": {
806
- "type": "long"
807
- },
808
- "start": {
809
- "type": "date"
810
- },
811
- "timezone": {
812
- "ignore_above": 1024,
813
- "type": "keyword"
814
- },
815
- "type": {
816
- "ignore_above": 1024,
817
- "type": "keyword"
818
- },
819
- "url": {
820
- "ignore_above": 1024,
821
- "type": "keyword"
822
- }
823
- }
824
- },
825
- "file": {
826
- "properties": {
827
- "accessed": {
828
- "type": "date"
829
- },
830
- "attributes": {
831
- "ignore_above": 1024,
832
- "type": "keyword"
833
- },
834
- "code_signature": {
835
- "properties": {
836
- "exists": {
837
- "type": "boolean"
838
- },
839
- "signing_id": {
840
- "ignore_above": 1024,
841
- "type": "keyword"
842
- },
843
- "status": {
844
- "ignore_above": 1024,
845
- "type": "keyword"
846
- },
847
- "subject_name": {
848
- "ignore_above": 1024,
849
- "type": "keyword"
850
- },
851
- "team_id": {
852
- "ignore_above": 1024,
853
- "type": "keyword"
854
- },
855
- "trusted": {
856
- "type": "boolean"
857
- },
858
- "valid": {
859
- "type": "boolean"
860
- }
861
- }
862
- },
863
- "created": {
864
- "type": "date"
865
- },
866
- "ctime": {
867
- "type": "date"
868
- },
869
- "device": {
870
- "ignore_above": 1024,
871
- "type": "keyword"
872
- },
873
- "directory": {
874
- "ignore_above": 1024,
875
- "type": "keyword"
876
- },
877
- "drive_letter": {
878
- "ignore_above": 1,
879
- "type": "keyword"
880
- },
881
- "extension": {
882
- "ignore_above": 1024,
883
- "type": "keyword"
884
- },
885
- "gid": {
886
- "ignore_above": 1024,
887
- "type": "keyword"
888
- },
889
- "group": {
890
- "ignore_above": 1024,
891
- "type": "keyword"
892
- },
893
- "hash": {
894
- "properties": {
895
- "md5": {
896
- "ignore_above": 1024,
897
- "type": "keyword"
898
- },
899
- "sha1": {
900
- "ignore_above": 1024,
901
- "type": "keyword"
902
- },
903
- "sha256": {
904
- "ignore_above": 1024,
905
- "type": "keyword"
906
- },
907
- "sha512": {
908
- "ignore_above": 1024,
909
- "type": "keyword"
910
- },
911
- "ssdeep": {
912
- "ignore_above": 1024,
913
- "type": "keyword"
914
- }
915
- }
916
- },
917
- "inode": {
918
- "ignore_above": 1024,
919
- "type": "keyword"
920
- },
921
- "mime_type": {
922
- "ignore_above": 1024,
923
- "type": "keyword"
924
- },
925
- "mode": {
926
- "ignore_above": 1024,
927
- "type": "keyword"
928
- },
929
- "mtime": {
930
- "type": "date"
931
- },
932
- "name": {
933
- "ignore_above": 1024,
934
- "type": "keyword"
935
- },
936
- "owner": {
937
- "ignore_above": 1024,
938
- "type": "keyword"
939
- },
940
- "path": {
941
- "fields": {
942
- "text": {
943
- "norms": false,
944
- "type": "text"
945
- }
946
- },
947
- "ignore_above": 1024,
948
- "type": "keyword"
949
- },
950
- "pe": {
951
- "properties": {
952
- "architecture": {
953
- "ignore_above": 1024,
954
- "type": "keyword"
955
- },
956
- "company": {
957
- "ignore_above": 1024,
958
- "type": "keyword"
959
- },
960
- "description": {
961
- "ignore_above": 1024,
962
- "type": "keyword"
963
- },
964
- "file_version": {
965
- "ignore_above": 1024,
966
- "type": "keyword"
967
- },
968
- "imphash": {
969
- "ignore_above": 1024,
970
- "type": "keyword"
971
- },
972
- "original_file_name": {
973
- "ignore_above": 1024,
974
- "type": "keyword"
975
- },
976
- "product": {
977
- "ignore_above": 1024,
978
- "type": "keyword"
979
- }
980
- }
981
- },
982
- "size": {
983
- "type": "long"
984
- },
985
- "target_path": {
986
- "fields": {
987
- "text": {
988
- "norms": false,
989
- "type": "text"
990
- }
991
- },
992
- "ignore_above": 1024,
993
- "type": "keyword"
994
- },
995
- "type": {
996
- "ignore_above": 1024,
997
- "type": "keyword"
998
- },
999
- "uid": {
1000
- "ignore_above": 1024,
1001
- "type": "keyword"
1002
- },
1003
- "x509": {
1004
- "properties": {
1005
- "alternative_names": {
1006
- "ignore_above": 1024,
1007
- "type": "keyword"
1008
- },
1009
- "issuer": {
1010
- "properties": {
1011
- "common_name": {
1012
- "ignore_above": 1024,
1013
- "type": "keyword"
1014
- },
1015
- "country": {
1016
- "ignore_above": 1024,
1017
- "type": "keyword"
1018
- },
1019
- "distinguished_name": {
1020
- "ignore_above": 1024,
1021
- "type": "keyword"
1022
- },
1023
- "locality": {
1024
- "ignore_above": 1024,
1025
- "type": "keyword"
1026
- },
1027
- "organization": {
1028
- "ignore_above": 1024,
1029
- "type": "keyword"
1030
- },
1031
- "organizational_unit": {
1032
- "ignore_above": 1024,
1033
- "type": "keyword"
1034
- },
1035
- "state_or_province": {
1036
- "ignore_above": 1024,
1037
- "type": "keyword"
1038
- }
1039
- }
1040
- },
1041
- "not_after": {
1042
- "type": "date"
1043
- },
1044
- "not_before": {
1045
- "type": "date"
1046
- },
1047
- "public_key_algorithm": {
1048
- "ignore_above": 1024,
1049
- "type": "keyword"
1050
- },
1051
- "public_key_curve": {
1052
- "ignore_above": 1024,
1053
- "type": "keyword"
1054
- },
1055
- "public_key_exponent": {
1056
- "doc_values": false,
1057
- "index": false,
1058
- "type": "long"
1059
- },
1060
- "public_key_size": {
1061
- "type": "long"
1062
- },
1063
- "serial_number": {
1064
- "ignore_above": 1024,
1065
- "type": "keyword"
1066
- },
1067
- "signature_algorithm": {
1068
- "ignore_above": 1024,
1069
- "type": "keyword"
1070
- },
1071
- "subject": {
1072
- "properties": {
1073
- "common_name": {
1074
- "ignore_above": 1024,
1075
- "type": "keyword"
1076
- },
1077
- "country": {
1078
- "ignore_above": 1024,
1079
- "type": "keyword"
1080
- },
1081
- "distinguished_name": {
1082
- "ignore_above": 1024,
1083
- "type": "keyword"
1084
- },
1085
- "locality": {
1086
- "ignore_above": 1024,
1087
- "type": "keyword"
1088
- },
1089
- "organization": {
1090
- "ignore_above": 1024,
1091
- "type": "keyword"
1092
- },
1093
- "organizational_unit": {
1094
- "ignore_above": 1024,
1095
- "type": "keyword"
1096
- },
1097
- "state_or_province": {
1098
- "ignore_above": 1024,
1099
- "type": "keyword"
1100
- }
1101
- }
1102
- },
1103
- "version_number": {
1104
- "ignore_above": 1024,
1105
- "type": "keyword"
1106
- }
1107
- }
1108
- }
1109
- }
1110
- },
1111
- "group": {
1112
- "properties": {
1113
- "domain": {
1114
- "ignore_above": 1024,
1115
- "type": "keyword"
1116
- },
1117
- "id": {
1118
- "ignore_above": 1024,
1119
- "type": "keyword"
1120
- },
1121
- "name": {
1122
- "ignore_above": 1024,
1123
- "type": "keyword"
1124
- }
1125
- }
1126
- },
1127
- "host": {
1128
- "properties": {
1129
- "architecture": {
1130
- "ignore_above": 1024,
1131
- "type": "keyword"
1132
- },
1133
- "cpu": {
1134
- "properties": {
1135
- "usage": {
1136
- "scaling_factor": 1000,
1137
- "type": "scaled_float"
1138
- }
1139
- }
1140
- },
1141
- "disk": {
1142
- "properties": {
1143
- "read": {
1144
- "properties": {
1145
- "bytes": {
1146
- "type": "long"
1147
- }
1148
- }
1149
- },
1150
- "write": {
1151
- "properties": {
1152
- "bytes": {
1153
- "type": "long"
1154
- }
1155
- }
1156
- }
1157
- }
1158
- },
1159
- "domain": {
1160
- "ignore_above": 1024,
1161
- "type": "keyword"
1162
- },
1163
- "geo": {
1164
- "properties": {
1165
- "city_name": {
1166
- "ignore_above": 1024,
1167
- "type": "keyword"
1168
- },
1169
- "continent_code": {
1170
- "ignore_above": 1024,
1171
- "type": "keyword"
1172
- },
1173
- "continent_name": {
1174
- "ignore_above": 1024,
1175
- "type": "keyword"
1176
- },
1177
- "country_iso_code": {
1178
- "ignore_above": 1024,
1179
- "type": "keyword"
1180
- },
1181
- "country_name": {
1182
- "ignore_above": 1024,
1183
- "type": "keyword"
1184
- },
1185
- "location": {
1186
- "type": "geo_point"
1187
- },
1188
- "name": {
1189
- "ignore_above": 1024,
1190
- "type": "keyword"
1191
- },
1192
- "postal_code": {
1193
- "ignore_above": 1024,
1194
- "type": "keyword"
1195
- },
1196
- "region_iso_code": {
1197
- "ignore_above": 1024,
1198
- "type": "keyword"
1199
- },
1200
- "region_name": {
1201
- "ignore_above": 1024,
1202
- "type": "keyword"
1203
- },
1204
- "timezone": {
1205
- "ignore_above": 1024,
1206
- "type": "keyword"
1207
- }
1208
- }
1209
- },
1210
- "hostname": {
1211
- "ignore_above": 1024,
1212
- "type": "keyword"
1213
- },
1214
- "id": {
1215
- "ignore_above": 1024,
1216
- "type": "keyword"
1217
- },
1218
- "ip": {
1219
- "type": "ip"
1220
- },
1221
- "mac": {
1222
- "ignore_above": 1024,
1223
- "type": "keyword"
1224
- },
1225
- "name": {
1226
- "ignore_above": 1024,
1227
- "type": "keyword"
1228
- },
1229
- "network": {
1230
- "properties": {
1231
- "egress": {
1232
- "properties": {
1233
- "bytes": {
1234
- "type": "long"
1235
- },
1236
- "packets": {
1237
- "type": "long"
1238
- }
1239
- }
1240
- },
1241
- "ingress": {
1242
- "properties": {
1243
- "bytes": {
1244
- "type": "long"
1245
- },
1246
- "packets": {
1247
- "type": "long"
1248
- }
1249
- }
1250
- }
1251
- }
1252
- },
1253
- "os": {
1254
- "properties": {
1255
- "family": {
1256
- "ignore_above": 1024,
1257
- "type": "keyword"
1258
- },
1259
- "full": {
1260
- "fields": {
1261
- "text": {
1262
- "norms": false,
1263
- "type": "text"
1264
- }
1265
- },
1266
- "ignore_above": 1024,
1267
- "type": "keyword"
1268
- },
1269
- "kernel": {
1270
- "ignore_above": 1024,
1271
- "type": "keyword"
1272
- },
1273
- "name": {
1274
- "fields": {
1275
- "text": {
1276
- "norms": false,
1277
- "type": "text"
1278
- }
1279
- },
1280
- "ignore_above": 1024,
1281
- "type": "keyword"
1282
- },
1283
- "platform": {
1284
- "ignore_above": 1024,
1285
- "type": "keyword"
1286
- },
1287
- "type": {
1288
- "ignore_above": 1024,
1289
- "type": "keyword"
1290
- },
1291
- "version": {
1292
- "ignore_above": 1024,
1293
- "type": "keyword"
1294
- }
1295
- }
1296
- },
1297
- "type": {
1298
- "ignore_above": 1024,
1299
- "type": "keyword"
1300
- },
1301
- "uptime": {
1302
- "type": "long"
1303
- },
1304
- "user": {
1305
- "properties": {
1306
- "domain": {
1307
- "ignore_above": 1024,
1308
- "type": "keyword"
1309
- },
1310
- "email": {
1311
- "ignore_above": 1024,
1312
- "type": "keyword"
1313
- },
1314
- "full_name": {
1315
- "fields": {
1316
- "text": {
1317
- "norms": false,
1318
- "type": "text"
1319
- }
1320
- },
1321
- "ignore_above": 1024,
1322
- "type": "keyword"
1323
- },
1324
- "group": {
1325
- "properties": {
1326
- "domain": {
1327
- "ignore_above": 1024,
1328
- "type": "keyword"
1329
- },
1330
- "id": {
1331
- "ignore_above": 1024,
1332
- "type": "keyword"
1333
- },
1334
- "name": {
1335
- "ignore_above": 1024,
1336
- "type": "keyword"
1337
- }
1338
- }
1339
- },
1340
- "hash": {
1341
- "ignore_above": 1024,
1342
- "type": "keyword"
1343
- },
1344
- "id": {
1345
- "ignore_above": 1024,
1346
- "type": "keyword"
1347
- },
1348
- "name": {
1349
- "fields": {
1350
- "text": {
1351
- "norms": false,
1352
- "type": "text"
1353
- }
1354
- },
1355
- "ignore_above": 1024,
1356
- "type": "keyword"
1357
- },
1358
- "roles": {
1359
- "ignore_above": 1024,
1360
- "type": "keyword"
1361
- }
1362
- }
1363
- }
1364
- }
1365
- },
1366
- "http": {
1367
- "properties": {
1368
- "request": {
1369
- "properties": {
1370
- "body": {
1371
- "properties": {
1372
- "bytes": {
1373
- "type": "long"
1374
- },
1375
- "content": {
1376
- "fields": {
1377
- "text": {
1378
- "norms": false,
1379
- "type": "text"
1380
- }
1381
- },
1382
- "ignore_above": 1024,
1383
- "type": "keyword"
1384
- }
1385
- }
1386
- },
1387
- "bytes": {
1388
- "type": "long"
1389
- },
1390
- "id": {
1391
- "ignore_above": 1024,
1392
- "type": "keyword"
1393
- },
1394
- "method": {
1395
- "ignore_above": 1024,
1396
- "type": "keyword"
1397
- },
1398
- "mime_type": {
1399
- "ignore_above": 1024,
1400
- "type": "keyword"
1401
- },
1402
- "referrer": {
1403
- "ignore_above": 1024,
1404
- "type": "keyword"
1405
- }
1406
- }
1407
- },
1408
- "response": {
1409
- "properties": {
1410
- "body": {
1411
- "properties": {
1412
- "bytes": {
1413
- "type": "long"
1414
- },
1415
- "content": {
1416
- "fields": {
1417
- "text": {
1418
- "norms": false,
1419
- "type": "text"
1420
- }
1421
- },
1422
- "ignore_above": 1024,
1423
- "type": "keyword"
1424
- }
1425
- }
1426
- },
1427
- "bytes": {
1428
- "type": "long"
1429
- },
1430
- "mime_type": {
1431
- "ignore_above": 1024,
1432
- "type": "keyword"
1433
- },
1434
- "status_code": {
1435
- "type": "long"
1436
- }
1437
- }
1438
- },
1439
- "version": {
1440
- "ignore_above": 1024,
1441
- "type": "keyword"
1442
- }
1443
- }
1444
- },
1445
- "labels": {
1446
- "type": "object"
1447
- },
1448
- "log": {
1449
- "properties": {
1450
- "file": {
1451
- "properties": {
1452
- "path": {
1453
- "ignore_above": 1024,
1454
- "type": "keyword"
1455
- }
1456
- }
1457
- },
1458
- "level": {
1459
- "ignore_above": 1024,
1460
- "type": "keyword"
1461
- },
1462
- "logger": {
1463
- "ignore_above": 1024,
1464
- "type": "keyword"
1465
- },
1466
- "origin": {
1467
- "properties": {
1468
- "file": {
1469
- "properties": {
1470
- "line": {
1471
- "type": "integer"
1472
- },
1473
- "name": {
1474
- "ignore_above": 1024,
1475
- "type": "keyword"
1476
- }
1477
- }
1478
- },
1479
- "function": {
1480
- "ignore_above": 1024,
1481
- "type": "keyword"
1482
- }
1483
- }
1484
- },
1485
- "original": {
1486
- "doc_values": false,
1487
- "ignore_above": 1024,
1488
- "index": false,
1489
- "type": "keyword"
1490
- },
1491
- "syslog": {
1492
- "properties": {
1493
- "facility": {
1494
- "properties": {
1495
- "code": {
1496
- "type": "long"
1497
- },
1498
- "name": {
1499
- "ignore_above": 1024,
1500
- "type": "keyword"
1501
- }
1502
- }
1503
- },
1504
- "priority": {
1505
- "type": "long"
1506
- },
1507
- "severity": {
1508
- "properties": {
1509
- "code": {
1510
- "type": "long"
1511
- },
1512
- "name": {
1513
- "ignore_above": 1024,
1514
- "type": "keyword"
1515
- }
1516
- }
1517
- }
1518
- },
1519
- "type": "object"
1520
- }
1521
- }
1522
- },
1523
- "message": {
1524
- "norms": false,
1525
- "type": "text"
1526
- },
1527
- "network": {
1528
- "properties": {
1529
- "application": {
1530
- "ignore_above": 1024,
1531
- "type": "keyword"
1532
- },
1533
- "bytes": {
1534
- "type": "long"
1535
- },
1536
- "community_id": {
1537
- "ignore_above": 1024,
1538
- "type": "keyword"
1539
- },
1540
- "direction": {
1541
- "ignore_above": 1024,
1542
- "type": "keyword"
1543
- },
1544
- "forwarded_ip": {
1545
- "type": "ip"
1546
- },
1547
- "iana_number": {
1548
- "ignore_above": 1024,
1549
- "type": "keyword"
1550
- },
1551
- "inner": {
1552
- "properties": {
1553
- "vlan": {
1554
- "properties": {
1555
- "id": {
1556
- "ignore_above": 1024,
1557
- "type": "keyword"
1558
- },
1559
- "name": {
1560
- "ignore_above": 1024,
1561
- "type": "keyword"
1562
- }
1563
- }
1564
- }
1565
- },
1566
- "type": "object"
1567
- },
1568
- "name": {
1569
- "ignore_above": 1024,
1570
- "type": "keyword"
1571
- },
1572
- "packets": {
1573
- "type": "long"
1574
- },
1575
- "protocol": {
1576
- "ignore_above": 1024,
1577
- "type": "keyword"
1578
- },
1579
- "transport": {
1580
- "ignore_above": 1024,
1581
- "type": "keyword"
1582
- },
1583
- "type": {
1584
- "ignore_above": 1024,
1585
- "type": "keyword"
1586
- },
1587
- "vlan": {
1588
- "properties": {
1589
- "id": {
1590
- "ignore_above": 1024,
1591
- "type": "keyword"
1592
- },
1593
- "name": {
1594
- "ignore_above": 1024,
1595
- "type": "keyword"
1596
- }
1597
- }
1598
- }
1599
- }
1600
- },
1601
- "observer": {
1602
- "properties": {
1603
- "egress": {
1604
- "properties": {
1605
- "interface": {
1606
- "properties": {
1607
- "alias": {
1608
- "ignore_above": 1024,
1609
- "type": "keyword"
1610
- },
1611
- "id": {
1612
- "ignore_above": 1024,
1613
- "type": "keyword"
1614
- },
1615
- "name": {
1616
- "ignore_above": 1024,
1617
- "type": "keyword"
1618
- }
1619
- }
1620
- },
1621
- "vlan": {
1622
- "properties": {
1623
- "id": {
1624
- "ignore_above": 1024,
1625
- "type": "keyword"
1626
- },
1627
- "name": {
1628
- "ignore_above": 1024,
1629
- "type": "keyword"
1630
- }
1631
- }
1632
- },
1633
- "zone": {
1634
- "ignore_above": 1024,
1635
- "type": "keyword"
1636
- }
1637
- },
1638
- "type": "object"
1639
- },
1640
- "geo": {
1641
- "properties": {
1642
- "city_name": {
1643
- "ignore_above": 1024,
1644
- "type": "keyword"
1645
- },
1646
- "continent_code": {
1647
- "ignore_above": 1024,
1648
- "type": "keyword"
1649
- },
1650
- "continent_name": {
1651
- "ignore_above": 1024,
1652
- "type": "keyword"
1653
- },
1654
- "country_iso_code": {
1655
- "ignore_above": 1024,
1656
- "type": "keyword"
1657
- },
1658
- "country_name": {
1659
- "ignore_above": 1024,
1660
- "type": "keyword"
1661
- },
1662
- "location": {
1663
- "type": "geo_point"
1664
- },
1665
- "name": {
1666
- "ignore_above": 1024,
1667
- "type": "keyword"
1668
- },
1669
- "postal_code": {
1670
- "ignore_above": 1024,
1671
- "type": "keyword"
1672
- },
1673
- "region_iso_code": {
1674
- "ignore_above": 1024,
1675
- "type": "keyword"
1676
- },
1677
- "region_name": {
1678
- "ignore_above": 1024,
1679
- "type": "keyword"
1680
- },
1681
- "timezone": {
1682
- "ignore_above": 1024,
1683
- "type": "keyword"
1684
- }
1685
- }
1686
- },
1687
- "hostname": {
1688
- "ignore_above": 1024,
1689
- "type": "keyword"
1690
- },
1691
- "ingress": {
1692
- "properties": {
1693
- "interface": {
1694
- "properties": {
1695
- "alias": {
1696
- "ignore_above": 1024,
1697
- "type": "keyword"
1698
- },
1699
- "id": {
1700
- "ignore_above": 1024,
1701
- "type": "keyword"
1702
- },
1703
- "name": {
1704
- "ignore_above": 1024,
1705
- "type": "keyword"
1706
- }
1707
- }
1708
- },
1709
- "vlan": {
1710
- "properties": {
1711
- "id": {
1712
- "ignore_above": 1024,
1713
- "type": "keyword"
1714
- },
1715
- "name": {
1716
- "ignore_above": 1024,
1717
- "type": "keyword"
1718
- }
1719
- }
1720
- },
1721
- "zone": {
1722
- "ignore_above": 1024,
1723
- "type": "keyword"
1724
- }
1725
- },
1726
- "type": "object"
1727
- },
1728
- "ip": {
1729
- "type": "ip"
1730
- },
1731
- "mac": {
1732
- "ignore_above": 1024,
1733
- "type": "keyword"
1734
- },
1735
- "name": {
1736
- "ignore_above": 1024,
1737
- "type": "keyword"
1738
- },
1739
- "os": {
1740
- "properties": {
1741
- "family": {
1742
- "ignore_above": 1024,
1743
- "type": "keyword"
1744
- },
1745
- "full": {
1746
- "fields": {
1747
- "text": {
1748
- "norms": false,
1749
- "type": "text"
1750
- }
1751
- },
1752
- "ignore_above": 1024,
1753
- "type": "keyword"
1754
- },
1755
- "kernel": {
1756
- "ignore_above": 1024,
1757
- "type": "keyword"
1758
- },
1759
- "name": {
1760
- "fields": {
1761
- "text": {
1762
- "norms": false,
1763
- "type": "text"
1764
- }
1765
- },
1766
- "ignore_above": 1024,
1767
- "type": "keyword"
1768
- },
1769
- "platform": {
1770
- "ignore_above": 1024,
1771
- "type": "keyword"
1772
- },
1773
- "type": {
1774
- "ignore_above": 1024,
1775
- "type": "keyword"
1776
- },
1777
- "version": {
1778
- "ignore_above": 1024,
1779
- "type": "keyword"
1780
- }
1781
- }
1782
- },
1783
- "product": {
1784
- "ignore_above": 1024,
1785
- "type": "keyword"
1786
- },
1787
- "serial_number": {
1788
- "ignore_above": 1024,
1789
- "type": "keyword"
1790
- },
1791
- "type": {
1792
- "ignore_above": 1024,
1793
- "type": "keyword"
1794
- },
1795
- "vendor": {
1796
- "ignore_above": 1024,
1797
- "type": "keyword"
1798
- },
1799
- "version": {
1800
- "ignore_above": 1024,
1801
- "type": "keyword"
1802
- }
1803
- }
1804
- },
1805
- "organization": {
1806
- "properties": {
1807
- "id": {
1808
- "ignore_above": 1024,
1809
- "type": "keyword"
1810
- },
1811
- "name": {
1812
- "fields": {
1813
- "text": {
1814
- "norms": false,
1815
- "type": "text"
1816
- }
1817
- },
1818
- "ignore_above": 1024,
1819
- "type": "keyword"
1820
- }
1821
- }
1822
- },
1823
- "package": {
1824
- "properties": {
1825
- "architecture": {
1826
- "ignore_above": 1024,
1827
- "type": "keyword"
1828
- },
1829
- "build_version": {
1830
- "ignore_above": 1024,
1831
- "type": "keyword"
1832
- },
1833
- "checksum": {
1834
- "ignore_above": 1024,
1835
- "type": "keyword"
1836
- },
1837
- "description": {
1838
- "ignore_above": 1024,
1839
- "type": "keyword"
1840
- },
1841
- "install_scope": {
1842
- "ignore_above": 1024,
1843
- "type": "keyword"
1844
- },
1845
- "installed": {
1846
- "type": "date"
1847
- },
1848
- "license": {
1849
- "ignore_above": 1024,
1850
- "type": "keyword"
1851
- },
1852
- "name": {
1853
- "ignore_above": 1024,
1854
- "type": "keyword"
1855
- },
1856
- "path": {
1857
- "ignore_above": 1024,
1858
- "type": "keyword"
1859
- },
1860
- "reference": {
1861
- "ignore_above": 1024,
1862
- "type": "keyword"
1863
- },
1864
- "size": {
1865
- "type": "long"
1866
- },
1867
- "type": {
1868
- "ignore_above": 1024,
1869
- "type": "keyword"
1870
- },
1871
- "version": {
1872
- "ignore_above": 1024,
1873
- "type": "keyword"
1874
- }
1875
- }
1876
- },
1877
- "process": {
1878
- "properties": {
1879
- "args": {
1880
- "ignore_above": 1024,
1881
- "type": "keyword"
1882
- },
1883
- "args_count": {
1884
- "type": "long"
1885
- },
1886
- "code_signature": {
1887
- "properties": {
1888
- "exists": {
1889
- "type": "boolean"
1890
- },
1891
- "signing_id": {
1892
- "ignore_above": 1024,
1893
- "type": "keyword"
1894
- },
1895
- "status": {
1896
- "ignore_above": 1024,
1897
- "type": "keyword"
1898
- },
1899
- "subject_name": {
1900
- "ignore_above": 1024,
1901
- "type": "keyword"
1902
- },
1903
- "team_id": {
1904
- "ignore_above": 1024,
1905
- "type": "keyword"
1906
- },
1907
- "trusted": {
1908
- "type": "boolean"
1909
- },
1910
- "valid": {
1911
- "type": "boolean"
1912
- }
1913
- }
1914
- },
1915
- "command_line": {
1916
- "fields": {
1917
- "text": {
1918
- "norms": false,
1919
- "type": "text"
1920
- }
1921
- },
1922
- "ignore_above": 1024,
1923
- "type": "keyword"
1924
- },
1925
- "entity_id": {
1926
- "ignore_above": 1024,
1927
- "type": "keyword"
1928
- },
1929
- "executable": {
1930
- "fields": {
1931
- "text": {
1932
- "norms": false,
1933
- "type": "text"
1934
- }
1935
- },
1936
- "ignore_above": 1024,
1937
- "type": "keyword"
1938
- },
1939
- "exit_code": {
1940
- "type": "long"
1941
- },
1942
- "hash": {
1943
- "properties": {
1944
- "md5": {
1945
- "ignore_above": 1024,
1946
- "type": "keyword"
1947
- },
1948
- "sha1": {
1949
- "ignore_above": 1024,
1950
- "type": "keyword"
1951
- },
1952
- "sha256": {
1953
- "ignore_above": 1024,
1954
- "type": "keyword"
1955
- },
1956
- "sha512": {
1957
- "ignore_above": 1024,
1958
- "type": "keyword"
1959
- },
1960
- "ssdeep": {
1961
- "ignore_above": 1024,
1962
- "type": "keyword"
1963
- }
1964
- }
1965
- },
1966
- "name": {
1967
- "fields": {
1968
- "text": {
1969
- "norms": false,
1970
- "type": "text"
1971
- }
1972
- },
1973
- "ignore_above": 1024,
1974
- "type": "keyword"
1975
- },
1976
- "parent": {
1977
- "properties": {
1978
- "args": {
1979
- "ignore_above": 1024,
1980
- "type": "keyword"
1981
- },
1982
- "args_count": {
1983
- "type": "long"
1984
- },
1985
- "code_signature": {
1986
- "properties": {
1987
- "exists": {
1988
- "type": "boolean"
1989
- },
1990
- "signing_id": {
1991
- "ignore_above": 1024,
1992
- "type": "keyword"
1993
- },
1994
- "status": {
1995
- "ignore_above": 1024,
1996
- "type": "keyword"
1997
- },
1998
- "subject_name": {
1999
- "ignore_above": 1024,
2000
- "type": "keyword"
2001
- },
2002
- "team_id": {
2003
- "ignore_above": 1024,
2004
- "type": "keyword"
2005
- },
2006
- "trusted": {
2007
- "type": "boolean"
2008
- },
2009
- "valid": {
2010
- "type": "boolean"
2011
- }
2012
- }
2013
- },
2014
- "command_line": {
2015
- "fields": {
2016
- "text": {
2017
- "norms": false,
2018
- "type": "text"
2019
- }
2020
- },
2021
- "ignore_above": 1024,
2022
- "type": "keyword"
2023
- },
2024
- "entity_id": {
2025
- "ignore_above": 1024,
2026
- "type": "keyword"
2027
- },
2028
- "executable": {
2029
- "fields": {
2030
- "text": {
2031
- "norms": false,
2032
- "type": "text"
2033
- }
2034
- },
2035
- "ignore_above": 1024,
2036
- "type": "keyword"
2037
- },
2038
- "exit_code": {
2039
- "type": "long"
2040
- },
2041
- "hash": {
2042
- "properties": {
2043
- "md5": {
2044
- "ignore_above": 1024,
2045
- "type": "keyword"
2046
- },
2047
- "sha1": {
2048
- "ignore_above": 1024,
2049
- "type": "keyword"
2050
- },
2051
- "sha256": {
2052
- "ignore_above": 1024,
2053
- "type": "keyword"
2054
- },
2055
- "sha512": {
2056
- "ignore_above": 1024,
2057
- "type": "keyword"
2058
- },
2059
- "ssdeep": {
2060
- "ignore_above": 1024,
2061
- "type": "keyword"
2062
- }
2063
- }
2064
- },
2065
- "name": {
2066
- "fields": {
2067
- "text": {
2068
- "norms": false,
2069
- "type": "text"
2070
- }
2071
- },
2072
- "ignore_above": 1024,
2073
- "type": "keyword"
2074
- },
2075
- "pe": {
2076
- "properties": {
2077
- "architecture": {
2078
- "ignore_above": 1024,
2079
- "type": "keyword"
2080
- },
2081
- "company": {
2082
- "ignore_above": 1024,
2083
- "type": "keyword"
2084
- },
2085
- "description": {
2086
- "ignore_above": 1024,
2087
- "type": "keyword"
2088
- },
2089
- "file_version": {
2090
- "ignore_above": 1024,
2091
- "type": "keyword"
2092
- },
2093
- "imphash": {
2094
- "ignore_above": 1024,
2095
- "type": "keyword"
2096
- },
2097
- "original_file_name": {
2098
- "ignore_above": 1024,
2099
- "type": "keyword"
2100
- },
2101
- "product": {
2102
- "ignore_above": 1024,
2103
- "type": "keyword"
2104
- }
2105
- }
2106
- },
2107
- "pgid": {
2108
- "type": "long"
2109
- },
2110
- "pid": {
2111
- "type": "long"
2112
- },
2113
- "ppid": {
2114
- "type": "long"
2115
- },
2116
- "start": {
2117
- "type": "date"
2118
- },
2119
- "thread": {
2120
- "properties": {
2121
- "id": {
2122
- "type": "long"
2123
- },
2124
- "name": {
2125
- "ignore_above": 1024,
2126
- "type": "keyword"
2127
- }
2128
- }
2129
- },
2130
- "title": {
2131
- "fields": {
2132
- "text": {
2133
- "norms": false,
2134
- "type": "text"
2135
- }
2136
- },
2137
- "ignore_above": 1024,
2138
- "type": "keyword"
2139
- },
2140
- "uptime": {
2141
- "type": "long"
2142
- },
2143
- "working_directory": {
2144
- "fields": {
2145
- "text": {
2146
- "norms": false,
2147
- "type": "text"
2148
- }
2149
- },
2150
- "ignore_above": 1024,
2151
- "type": "keyword"
2152
- }
2153
- }
2154
- },
2155
- "pe": {
2156
- "properties": {
2157
- "architecture": {
2158
- "ignore_above": 1024,
2159
- "type": "keyword"
2160
- },
2161
- "company": {
2162
- "ignore_above": 1024,
2163
- "type": "keyword"
2164
- },
2165
- "description": {
2166
- "ignore_above": 1024,
2167
- "type": "keyword"
2168
- },
2169
- "file_version": {
2170
- "ignore_above": 1024,
2171
- "type": "keyword"
2172
- },
2173
- "imphash": {
2174
- "ignore_above": 1024,
2175
- "type": "keyword"
2176
- },
2177
- "original_file_name": {
2178
- "ignore_above": 1024,
2179
- "type": "keyword"
2180
- },
2181
- "product": {
2182
- "ignore_above": 1024,
2183
- "type": "keyword"
2184
- }
2185
- }
2186
- },
2187
- "pgid": {
2188
- "type": "long"
2189
- },
2190
- "pid": {
2191
- "type": "long"
2192
- },
2193
- "ppid": {
2194
- "type": "long"
2195
- },
2196
- "start": {
2197
- "type": "date"
2198
- },
2199
- "thread": {
2200
- "properties": {
2201
- "id": {
2202
- "type": "long"
2203
- },
2204
- "name": {
2205
- "ignore_above": 1024,
2206
- "type": "keyword"
2207
- }
2208
- }
2209
- },
2210
- "title": {
2211
- "fields": {
2212
- "text": {
2213
- "norms": false,
2214
- "type": "text"
2215
- }
2216
- },
2217
- "ignore_above": 1024,
2218
- "type": "keyword"
2219
- },
2220
- "uptime": {
2221
- "type": "long"
2222
- },
2223
- "working_directory": {
2224
- "fields": {
2225
- "text": {
2226
- "norms": false,
2227
- "type": "text"
2228
- }
2229
- },
2230
- "ignore_above": 1024,
2231
- "type": "keyword"
2232
- }
2233
- }
2234
- },
2235
- "registry": {
2236
- "properties": {
2237
- "data": {
2238
- "properties": {
2239
- "bytes": {
2240
- "ignore_above": 1024,
2241
- "type": "keyword"
2242
- },
2243
- "strings": {
2244
- "ignore_above": 1024,
2245
- "type": "keyword"
2246
- },
2247
- "type": {
2248
- "ignore_above": 1024,
2249
- "type": "keyword"
2250
- }
2251
- }
2252
- },
2253
- "hive": {
2254
- "ignore_above": 1024,
2255
- "type": "keyword"
2256
- },
2257
- "key": {
2258
- "ignore_above": 1024,
2259
- "type": "keyword"
2260
- },
2261
- "path": {
2262
- "ignore_above": 1024,
2263
- "type": "keyword"
2264
- },
2265
- "value": {
2266
- "ignore_above": 1024,
2267
- "type": "keyword"
2268
- }
2269
- }
2270
- },
2271
- "related": {
2272
- "properties": {
2273
- "hash": {
2274
- "ignore_above": 1024,
2275
- "type": "keyword"
2276
- },
2277
- "hosts": {
2278
- "ignore_above": 1024,
2279
- "type": "keyword"
2280
- },
2281
- "ip": {
2282
- "type": "ip"
2283
- },
2284
- "user": {
2285
- "ignore_above": 1024,
2286
- "type": "keyword"
2287
- }
2288
- }
2289
- },
2290
- "rule": {
2291
- "properties": {
2292
- "author": {
2293
- "ignore_above": 1024,
2294
- "type": "keyword"
2295
- },
2296
- "category": {
2297
- "ignore_above": 1024,
2298
- "type": "keyword"
2299
- },
2300
- "description": {
2301
- "ignore_above": 1024,
2302
- "type": "keyword"
2303
- },
2304
- "id": {
2305
- "ignore_above": 1024,
2306
- "type": "keyword"
2307
- },
2308
- "license": {
2309
- "ignore_above": 1024,
2310
- "type": "keyword"
2311
- },
2312
- "name": {
2313
- "ignore_above": 1024,
2314
- "type": "keyword"
2315
- },
2316
- "reference": {
2317
- "ignore_above": 1024,
2318
- "type": "keyword"
2319
- },
2320
- "ruleset": {
2321
- "ignore_above": 1024,
2322
- "type": "keyword"
2323
- },
2324
- "uuid": {
2325
- "ignore_above": 1024,
2326
- "type": "keyword"
2327
- },
2328
- "version": {
2329
- "ignore_above": 1024,
2330
- "type": "keyword"
2331
- }
2332
- }
2333
- },
2334
- "server": {
2335
- "properties": {
2336
- "address": {
2337
- "ignore_above": 1024,
2338
- "type": "keyword"
2339
- },
2340
- "as": {
2341
- "properties": {
2342
- "number": {
2343
- "type": "long"
2344
- },
2345
- "organization": {
2346
- "properties": {
2347
- "name": {
2348
- "fields": {
2349
- "text": {
2350
- "norms": false,
2351
- "type": "text"
2352
- }
2353
- },
2354
- "ignore_above": 1024,
2355
- "type": "keyword"
2356
- }
2357
- }
2358
- }
2359
- }
2360
- },
2361
- "bytes": {
2362
- "type": "long"
2363
- },
2364
- "domain": {
2365
- "ignore_above": 1024,
2366
- "type": "keyword"
2367
- },
2368
- "geo": {
2369
- "properties": {
2370
- "city_name": {
2371
- "ignore_above": 1024,
2372
- "type": "keyword"
2373
- },
2374
- "continent_code": {
2375
- "ignore_above": 1024,
2376
- "type": "keyword"
2377
- },
2378
- "continent_name": {
2379
- "ignore_above": 1024,
2380
- "type": "keyword"
2381
- },
2382
- "country_iso_code": {
2383
- "ignore_above": 1024,
2384
- "type": "keyword"
2385
- },
2386
- "country_name": {
2387
- "ignore_above": 1024,
2388
- "type": "keyword"
2389
- },
2390
- "location": {
2391
- "type": "geo_point"
2392
- },
2393
- "name": {
2394
- "ignore_above": 1024,
2395
- "type": "keyword"
2396
- },
2397
- "postal_code": {
2398
- "ignore_above": 1024,
2399
- "type": "keyword"
2400
- },
2401
- "region_iso_code": {
2402
- "ignore_above": 1024,
2403
- "type": "keyword"
2404
- },
2405
- "region_name": {
2406
- "ignore_above": 1024,
2407
- "type": "keyword"
2408
- },
2409
- "timezone": {
2410
- "ignore_above": 1024,
2411
- "type": "keyword"
2412
- }
2413
- }
2414
- },
2415
- "ip": {
2416
- "type": "ip"
2417
- },
2418
- "mac": {
2419
- "ignore_above": 1024,
2420
- "type": "keyword"
2421
- },
2422
- "nat": {
2423
- "properties": {
2424
- "ip": {
2425
- "type": "ip"
2426
- },
2427
- "port": {
2428
- "type": "long"
2429
- }
2430
- }
2431
- },
2432
- "packets": {
2433
- "type": "long"
2434
- },
2435
- "port": {
2436
- "type": "long"
2437
- },
2438
- "registered_domain": {
2439
- "ignore_above": 1024,
2440
- "type": "keyword"
2441
- },
2442
- "subdomain": {
2443
- "ignore_above": 1024,
2444
- "type": "keyword"
2445
- },
2446
- "top_level_domain": {
2447
- "ignore_above": 1024,
2448
- "type": "keyword"
2449
- },
2450
- "user": {
2451
- "properties": {
2452
- "domain": {
2453
- "ignore_above": 1024,
2454
- "type": "keyword"
2455
- },
2456
- "email": {
2457
- "ignore_above": 1024,
2458
- "type": "keyword"
2459
- },
2460
- "full_name": {
2461
- "fields": {
2462
- "text": {
2463
- "norms": false,
2464
- "type": "text"
2465
- }
2466
- },
2467
- "ignore_above": 1024,
2468
- "type": "keyword"
2469
- },
2470
- "group": {
2471
- "properties": {
2472
- "domain": {
2473
- "ignore_above": 1024,
2474
- "type": "keyword"
2475
- },
2476
- "id": {
2477
- "ignore_above": 1024,
2478
- "type": "keyword"
2479
- },
2480
- "name": {
2481
- "ignore_above": 1024,
2482
- "type": "keyword"
2483
- }
2484
- }
2485
- },
2486
- "hash": {
2487
- "ignore_above": 1024,
2488
- "type": "keyword"
2489
- },
2490
- "id": {
2491
- "ignore_above": 1024,
2492
- "type": "keyword"
2493
- },
2494
- "name": {
2495
- "fields": {
2496
- "text": {
2497
- "norms": false,
2498
- "type": "text"
2499
- }
2500
- },
2501
- "ignore_above": 1024,
2502
- "type": "keyword"
2503
- },
2504
- "roles": {
2505
- "ignore_above": 1024,
2506
- "type": "keyword"
2507
- }
2508
- }
2509
- }
2510
- }
2511
- },
2512
- "service": {
2513
- "properties": {
2514
- "ephemeral_id": {
2515
- "ignore_above": 1024,
2516
- "type": "keyword"
2517
- },
2518
- "id": {
2519
- "ignore_above": 1024,
2520
- "type": "keyword"
2521
- },
2522
- "name": {
2523
- "ignore_above": 1024,
2524
- "type": "keyword"
2525
- },
2526
- "node": {
2527
- "properties": {
2528
- "name": {
2529
- "ignore_above": 1024,
2530
- "type": "keyword"
2531
- }
2532
- }
2533
- },
2534
- "state": {
2535
- "ignore_above": 1024,
2536
- "type": "keyword"
2537
- },
2538
- "type": {
2539
- "ignore_above": 1024,
2540
- "type": "keyword"
2541
- },
2542
- "version": {
2543
- "ignore_above": 1024,
2544
- "type": "keyword"
2545
- }
2546
- }
2547
- },
2548
- "source": {
2549
- "properties": {
2550
- "address": {
2551
- "ignore_above": 1024,
2552
- "type": "keyword"
2553
- },
2554
- "as": {
2555
- "properties": {
2556
- "number": {
2557
- "type": "long"
2558
- },
2559
- "organization": {
2560
- "properties": {
2561
- "name": {
2562
- "fields": {
2563
- "text": {
2564
- "norms": false,
2565
- "type": "text"
2566
- }
2567
- },
2568
- "ignore_above": 1024,
2569
- "type": "keyword"
2570
- }
2571
- }
2572
- }
2573
- }
2574
- },
2575
- "bytes": {
2576
- "type": "long"
2577
- },
2578
- "domain": {
2579
- "ignore_above": 1024,
2580
- "type": "keyword"
2581
- },
2582
- "geo": {
2583
- "properties": {
2584
- "city_name": {
2585
- "ignore_above": 1024,
2586
- "type": "keyword"
2587
- },
2588
- "continent_code": {
2589
- "ignore_above": 1024,
2590
- "type": "keyword"
2591
- },
2592
- "continent_name": {
2593
- "ignore_above": 1024,
2594
- "type": "keyword"
2595
- },
2596
- "country_iso_code": {
2597
- "ignore_above": 1024,
2598
- "type": "keyword"
2599
- },
2600
- "country_name": {
2601
- "ignore_above": 1024,
2602
- "type": "keyword"
2603
- },
2604
- "location": {
2605
- "type": "geo_point"
2606
- },
2607
- "name": {
2608
- "ignore_above": 1024,
2609
- "type": "keyword"
2610
- },
2611
- "postal_code": {
2612
- "ignore_above": 1024,
2613
- "type": "keyword"
2614
- },
2615
- "region_iso_code": {
2616
- "ignore_above": 1024,
2617
- "type": "keyword"
2618
- },
2619
- "region_name": {
2620
- "ignore_above": 1024,
2621
- "type": "keyword"
2622
- },
2623
- "timezone": {
2624
- "ignore_above": 1024,
2625
- "type": "keyword"
2626
- }
2627
- }
2628
- },
2629
- "ip": {
2630
- "type": "ip"
2631
- },
2632
- "mac": {
2633
- "ignore_above": 1024,
2634
- "type": "keyword"
2635
- },
2636
- "nat": {
2637
- "properties": {
2638
- "ip": {
2639
- "type": "ip"
2640
- },
2641
- "port": {
2642
- "type": "long"
2643
- }
2644
- }
2645
- },
2646
- "packets": {
2647
- "type": "long"
2648
- },
2649
- "port": {
2650
- "type": "long"
2651
- },
2652
- "registered_domain": {
2653
- "ignore_above": 1024,
2654
- "type": "keyword"
2655
- },
2656
- "subdomain": {
2657
- "ignore_above": 1024,
2658
- "type": "keyword"
2659
- },
2660
- "top_level_domain": {
2661
- "ignore_above": 1024,
2662
- "type": "keyword"
2663
- },
2664
- "user": {
2665
- "properties": {
2666
- "domain": {
2667
- "ignore_above": 1024,
2668
- "type": "keyword"
2669
- },
2670
- "email": {
2671
- "ignore_above": 1024,
2672
- "type": "keyword"
2673
- },
2674
- "full_name": {
2675
- "fields": {
2676
- "text": {
2677
- "norms": false,
2678
- "type": "text"
2679
- }
2680
- },
2681
- "ignore_above": 1024,
2682
- "type": "keyword"
2683
- },
2684
- "group": {
2685
- "properties": {
2686
- "domain": {
2687
- "ignore_above": 1024,
2688
- "type": "keyword"
2689
- },
2690
- "id": {
2691
- "ignore_above": 1024,
2692
- "type": "keyword"
2693
- },
2694
- "name": {
2695
- "ignore_above": 1024,
2696
- "type": "keyword"
2697
- }
2698
- }
2699
- },
2700
- "hash": {
2701
- "ignore_above": 1024,
2702
- "type": "keyword"
2703
- },
2704
- "id": {
2705
- "ignore_above": 1024,
2706
- "type": "keyword"
2707
- },
2708
- "name": {
2709
- "fields": {
2710
- "text": {
2711
- "norms": false,
2712
- "type": "text"
2713
- }
2714
- },
2715
- "ignore_above": 1024,
2716
- "type": "keyword"
2717
- },
2718
- "roles": {
2719
- "ignore_above": 1024,
2720
- "type": "keyword"
2721
- }
2722
- }
2723
- }
2724
- }
2725
- },
2726
- "span": {
2727
- "properties": {
2728
- "id": {
2729
- "ignore_above": 1024,
2730
- "type": "keyword"
2731
- }
2732
- }
2733
- },
2734
- "tags": {
2735
- "ignore_above": 1024,
2736
- "type": "keyword"
2737
- },
2738
- "threat": {
2739
- "properties": {
2740
- "framework": {
2741
- "ignore_above": 1024,
2742
- "type": "keyword"
2743
- },
2744
- "tactic": {
2745
- "properties": {
2746
- "id": {
2747
- "ignore_above": 1024,
2748
- "type": "keyword"
2749
- },
2750
- "name": {
2751
- "ignore_above": 1024,
2752
- "type": "keyword"
2753
- },
2754
- "reference": {
2755
- "ignore_above": 1024,
2756
- "type": "keyword"
2757
- }
2758
- }
2759
- },
2760
- "technique": {
2761
- "properties": {
2762
- "id": {
2763
- "ignore_above": 1024,
2764
- "type": "keyword"
2765
- },
2766
- "name": {
2767
- "fields": {
2768
- "text": {
2769
- "norms": false,
2770
- "type": "text"
2771
- }
2772
- },
2773
- "ignore_above": 1024,
2774
- "type": "keyword"
2775
- },
2776
- "reference": {
2777
- "ignore_above": 1024,
2778
- "type": "keyword"
2779
- },
2780
- "subtechnique": {
2781
- "properties": {
2782
- "id": {
2783
- "ignore_above": 1024,
2784
- "type": "keyword"
2785
- },
2786
- "name": {
2787
- "fields": {
2788
- "text": {
2789
- "norms": false,
2790
- "type": "text"
2791
- }
2792
- },
2793
- "ignore_above": 1024,
2794
- "type": "keyword"
2795
- },
2796
- "reference": {
2797
- "ignore_above": 1024,
2798
- "type": "keyword"
2799
- }
2800
- }
2801
- }
2802
- }
2803
- }
2804
- }
2805
- },
2806
- "tls": {
2807
- "properties": {
2808
- "cipher": {
2809
- "ignore_above": 1024,
2810
- "type": "keyword"
2811
- },
2812
- "client": {
2813
- "properties": {
2814
- "certificate": {
2815
- "ignore_above": 1024,
2816
- "type": "keyword"
2817
- },
2818
- "certificate_chain": {
2819
- "ignore_above": 1024,
2820
- "type": "keyword"
2821
- },
2822
- "hash": {
2823
- "properties": {
2824
- "md5": {
2825
- "ignore_above": 1024,
2826
- "type": "keyword"
2827
- },
2828
- "sha1": {
2829
- "ignore_above": 1024,
2830
- "type": "keyword"
2831
- },
2832
- "sha256": {
2833
- "ignore_above": 1024,
2834
- "type": "keyword"
2835
- }
2836
- }
2837
- },
2838
- "issuer": {
2839
- "ignore_above": 1024,
2840
- "type": "keyword"
2841
- },
2842
- "ja3": {
2843
- "ignore_above": 1024,
2844
- "type": "keyword"
2845
- },
2846
- "not_after": {
2847
- "type": "date"
2848
- },
2849
- "not_before": {
2850
- "type": "date"
2851
- },
2852
- "server_name": {
2853
- "ignore_above": 1024,
2854
- "type": "keyword"
2855
- },
2856
- "subject": {
2857
- "ignore_above": 1024,
2858
- "type": "keyword"
2859
- },
2860
- "supported_ciphers": {
2861
- "ignore_above": 1024,
2862
- "type": "keyword"
2863
- },
2864
- "x509": {
2865
- "properties": {
2866
- "alternative_names": {
2867
- "ignore_above": 1024,
2868
- "type": "keyword"
2869
- },
2870
- "issuer": {
2871
- "properties": {
2872
- "common_name": {
2873
- "ignore_above": 1024,
2874
- "type": "keyword"
2875
- },
2876
- "country": {
2877
- "ignore_above": 1024,
2878
- "type": "keyword"
2879
- },
2880
- "distinguished_name": {
2881
- "ignore_above": 1024,
2882
- "type": "keyword"
2883
- },
2884
- "locality": {
2885
- "ignore_above": 1024,
2886
- "type": "keyword"
2887
- },
2888
- "organization": {
2889
- "ignore_above": 1024,
2890
- "type": "keyword"
2891
- },
2892
- "organizational_unit": {
2893
- "ignore_above": 1024,
2894
- "type": "keyword"
2895
- },
2896
- "state_or_province": {
2897
- "ignore_above": 1024,
2898
- "type": "keyword"
2899
- }
2900
- }
2901
- },
2902
- "not_after": {
2903
- "type": "date"
2904
- },
2905
- "not_before": {
2906
- "type": "date"
2907
- },
2908
- "public_key_algorithm": {
2909
- "ignore_above": 1024,
2910
- "type": "keyword"
2911
- },
2912
- "public_key_curve": {
2913
- "ignore_above": 1024,
2914
- "type": "keyword"
2915
- },
2916
- "public_key_exponent": {
2917
- "doc_values": false,
2918
- "index": false,
2919
- "type": "long"
2920
- },
2921
- "public_key_size": {
2922
- "type": "long"
2923
- },
2924
- "serial_number": {
2925
- "ignore_above": 1024,
2926
- "type": "keyword"
2927
- },
2928
- "signature_algorithm": {
2929
- "ignore_above": 1024,
2930
- "type": "keyword"
2931
- },
2932
- "subject": {
2933
- "properties": {
2934
- "common_name": {
2935
- "ignore_above": 1024,
2936
- "type": "keyword"
2937
- },
2938
- "country": {
2939
- "ignore_above": 1024,
2940
- "type": "keyword"
2941
- },
2942
- "distinguished_name": {
2943
- "ignore_above": 1024,
2944
- "type": "keyword"
2945
- },
2946
- "locality": {
2947
- "ignore_above": 1024,
2948
- "type": "keyword"
2949
- },
2950
- "organization": {
2951
- "ignore_above": 1024,
2952
- "type": "keyword"
2953
- },
2954
- "organizational_unit": {
2955
- "ignore_above": 1024,
2956
- "type": "keyword"
2957
- },
2958
- "state_or_province": {
2959
- "ignore_above": 1024,
2960
- "type": "keyword"
2961
- }
2962
- }
2963
- },
2964
- "version_number": {
2965
- "ignore_above": 1024,
2966
- "type": "keyword"
2967
- }
2968
- }
2969
- }
2970
- }
2971
- },
2972
- "curve": {
2973
- "ignore_above": 1024,
2974
- "type": "keyword"
2975
- },
2976
- "established": {
2977
- "type": "boolean"
2978
- },
2979
- "next_protocol": {
2980
- "ignore_above": 1024,
2981
- "type": "keyword"
2982
- },
2983
- "resumed": {
2984
- "type": "boolean"
2985
- },
2986
- "server": {
2987
- "properties": {
2988
- "certificate": {
2989
- "ignore_above": 1024,
2990
- "type": "keyword"
2991
- },
2992
- "certificate_chain": {
2993
- "ignore_above": 1024,
2994
- "type": "keyword"
2995
- },
2996
- "hash": {
2997
- "properties": {
2998
- "md5": {
2999
- "ignore_above": 1024,
3000
- "type": "keyword"
3001
- },
3002
- "sha1": {
3003
- "ignore_above": 1024,
3004
- "type": "keyword"
3005
- },
3006
- "sha256": {
3007
- "ignore_above": 1024,
3008
- "type": "keyword"
3009
- }
3010
- }
3011
- },
3012
- "issuer": {
3013
- "ignore_above": 1024,
3014
- "type": "keyword"
3015
- },
3016
- "ja3s": {
3017
- "ignore_above": 1024,
3018
- "type": "keyword"
3019
- },
3020
- "not_after": {
3021
- "type": "date"
3022
- },
3023
- "not_before": {
3024
- "type": "date"
3025
- },
3026
- "subject": {
3027
- "ignore_above": 1024,
3028
- "type": "keyword"
3029
- },
3030
- "x509": {
3031
- "properties": {
3032
- "alternative_names": {
3033
- "ignore_above": 1024,
3034
- "type": "keyword"
3035
- },
3036
- "issuer": {
3037
- "properties": {
3038
- "common_name": {
3039
- "ignore_above": 1024,
3040
- "type": "keyword"
3041
- },
3042
- "country": {
3043
- "ignore_above": 1024,
3044
- "type": "keyword"
3045
- },
3046
- "distinguished_name": {
3047
- "ignore_above": 1024,
3048
- "type": "keyword"
3049
- },
3050
- "locality": {
3051
- "ignore_above": 1024,
3052
- "type": "keyword"
3053
- },
3054
- "organization": {
3055
- "ignore_above": 1024,
3056
- "type": "keyword"
3057
- },
3058
- "organizational_unit": {
3059
- "ignore_above": 1024,
3060
- "type": "keyword"
3061
- },
3062
- "state_or_province": {
3063
- "ignore_above": 1024,
3064
- "type": "keyword"
3065
- }
3066
- }
3067
- },
3068
- "not_after": {
3069
- "type": "date"
3070
- },
3071
- "not_before": {
3072
- "type": "date"
3073
- },
3074
- "public_key_algorithm": {
3075
- "ignore_above": 1024,
3076
- "type": "keyword"
3077
- },
3078
- "public_key_curve": {
3079
- "ignore_above": 1024,
3080
- "type": "keyword"
3081
- },
3082
- "public_key_exponent": {
3083
- "doc_values": false,
3084
- "index": false,
3085
- "type": "long"
3086
- },
3087
- "public_key_size": {
3088
- "type": "long"
3089
- },
3090
- "serial_number": {
3091
- "ignore_above": 1024,
3092
- "type": "keyword"
3093
- },
3094
- "signature_algorithm": {
3095
- "ignore_above": 1024,
3096
- "type": "keyword"
3097
- },
3098
- "subject": {
3099
- "properties": {
3100
- "common_name": {
3101
- "ignore_above": 1024,
3102
- "type": "keyword"
3103
- },
3104
- "country": {
3105
- "ignore_above": 1024,
3106
- "type": "keyword"
3107
- },
3108
- "distinguished_name": {
3109
- "ignore_above": 1024,
3110
- "type": "keyword"
3111
- },
3112
- "locality": {
3113
- "ignore_above": 1024,
3114
- "type": "keyword"
3115
- },
3116
- "organization": {
3117
- "ignore_above": 1024,
3118
- "type": "keyword"
3119
- },
3120
- "organizational_unit": {
3121
- "ignore_above": 1024,
3122
- "type": "keyword"
3123
- },
3124
- "state_or_province": {
3125
- "ignore_above": 1024,
3126
- "type": "keyword"
3127
- }
3128
- }
3129
- },
3130
- "version_number": {
3131
- "ignore_above": 1024,
3132
- "type": "keyword"
3133
- }
3134
- }
3135
- }
3136
- }
3137
- },
3138
- "version": {
3139
- "ignore_above": 1024,
3140
- "type": "keyword"
3141
- },
3142
- "version_protocol": {
3143
- "ignore_above": 1024,
3144
- "type": "keyword"
3145
- }
3146
- }
3147
- },
3148
- "trace": {
3149
- "properties": {
3150
- "id": {
3151
- "ignore_above": 1024,
3152
- "type": "keyword"
3153
- }
3154
- }
3155
- },
3156
- "transaction": {
3157
- "properties": {
3158
- "id": {
3159
- "ignore_above": 1024,
3160
- "type": "keyword"
3161
- }
3162
- }
3163
- },
3164
- "url": {
3165
- "properties": {
3166
- "domain": {
3167
- "ignore_above": 1024,
3168
- "type": "keyword"
3169
- },
3170
- "extension": {
3171
- "ignore_above": 1024,
3172
- "type": "keyword"
3173
- },
3174
- "fragment": {
3175
- "ignore_above": 1024,
3176
- "type": "keyword"
3177
- },
3178
- "full": {
3179
- "fields": {
3180
- "text": {
3181
- "norms": false,
3182
- "type": "text"
3183
- }
3184
- },
3185
- "ignore_above": 1024,
3186
- "type": "keyword"
3187
- },
3188
- "original": {
3189
- "fields": {
3190
- "text": {
3191
- "norms": false,
3192
- "type": "text"
3193
- }
3194
- },
3195
- "ignore_above": 1024,
3196
- "type": "keyword"
3197
- },
3198
- "password": {
3199
- "ignore_above": 1024,
3200
- "type": "keyword"
3201
- },
3202
- "path": {
3203
- "ignore_above": 1024,
3204
- "type": "keyword"
3205
- },
3206
- "port": {
3207
- "type": "long"
3208
- },
3209
- "query": {
3210
- "ignore_above": 1024,
3211
- "type": "keyword"
3212
- },
3213
- "registered_domain": {
3214
- "ignore_above": 1024,
3215
- "type": "keyword"
3216
- },
3217
- "scheme": {
3218
- "ignore_above": 1024,
3219
- "type": "keyword"
3220
- },
3221
- "subdomain": {
3222
- "ignore_above": 1024,
3223
- "type": "keyword"
3224
- },
3225
- "top_level_domain": {
3226
- "ignore_above": 1024,
3227
- "type": "keyword"
3228
- },
3229
- "username": {
3230
- "ignore_above": 1024,
3231
- "type": "keyword"
3232
- }
3233
- }
3234
- },
3235
- "user": {
3236
- "properties": {
3237
- "changes": {
3238
- "properties": {
3239
- "domain": {
3240
- "ignore_above": 1024,
3241
- "type": "keyword"
3242
- },
3243
- "email": {
3244
- "ignore_above": 1024,
3245
- "type": "keyword"
3246
- },
3247
- "full_name": {
3248
- "fields": {
3249
- "text": {
3250
- "norms": false,
3251
- "type": "text"
3252
- }
3253
- },
3254
- "ignore_above": 1024,
3255
- "type": "keyword"
3256
- },
3257
- "group": {
3258
- "properties": {
3259
- "domain": {
3260
- "ignore_above": 1024,
3261
- "type": "keyword"
3262
- },
3263
- "id": {
3264
- "ignore_above": 1024,
3265
- "type": "keyword"
3266
- },
3267
- "name": {
3268
- "ignore_above": 1024,
3269
- "type": "keyword"
3270
- }
3271
- }
3272
- },
3273
- "hash": {
3274
- "ignore_above": 1024,
3275
- "type": "keyword"
3276
- },
3277
- "id": {
3278
- "ignore_above": 1024,
3279
- "type": "keyword"
3280
- },
3281
- "name": {
3282
- "fields": {
3283
- "text": {
3284
- "norms": false,
3285
- "type": "text"
3286
- }
3287
- },
3288
- "ignore_above": 1024,
3289
- "type": "keyword"
3290
- },
3291
- "roles": {
3292
- "ignore_above": 1024,
3293
- "type": "keyword"
3294
- }
3295
- }
3296
- },
3297
- "domain": {
3298
- "ignore_above": 1024,
3299
- "type": "keyword"
3300
- },
3301
- "effective": {
3302
- "properties": {
3303
- "domain": {
3304
- "ignore_above": 1024,
3305
- "type": "keyword"
3306
- },
3307
- "email": {
3308
- "ignore_above": 1024,
3309
- "type": "keyword"
3310
- },
3311
- "full_name": {
3312
- "fields": {
3313
- "text": {
3314
- "norms": false,
3315
- "type": "text"
3316
- }
3317
- },
3318
- "ignore_above": 1024,
3319
- "type": "keyword"
3320
- },
3321
- "group": {
3322
- "properties": {
3323
- "domain": {
3324
- "ignore_above": 1024,
3325
- "type": "keyword"
3326
- },
3327
- "id": {
3328
- "ignore_above": 1024,
3329
- "type": "keyword"
3330
- },
3331
- "name": {
3332
- "ignore_above": 1024,
3333
- "type": "keyword"
3334
- }
3335
- }
3336
- },
3337
- "hash": {
3338
- "ignore_above": 1024,
3339
- "type": "keyword"
3340
- },
3341
- "id": {
3342
- "ignore_above": 1024,
3343
- "type": "keyword"
3344
- },
3345
- "name": {
3346
- "fields": {
3347
- "text": {
3348
- "norms": false,
3349
- "type": "text"
3350
- }
3351
- },
3352
- "ignore_above": 1024,
3353
- "type": "keyword"
3354
- },
3355
- "roles": {
3356
- "ignore_above": 1024,
3357
- "type": "keyword"
3358
- }
3359
- }
3360
- },
3361
- "email": {
3362
- "ignore_above": 1024,
3363
- "type": "keyword"
3364
- },
3365
- "full_name": {
3366
- "fields": {
3367
- "text": {
3368
- "norms": false,
3369
- "type": "text"
3370
- }
3371
- },
3372
- "ignore_above": 1024,
3373
- "type": "keyword"
3374
- },
3375
- "group": {
3376
- "properties": {
3377
- "domain": {
3378
- "ignore_above": 1024,
3379
- "type": "keyword"
3380
- },
3381
- "id": {
3382
- "ignore_above": 1024,
3383
- "type": "keyword"
3384
- },
3385
- "name": {
3386
- "ignore_above": 1024,
3387
- "type": "keyword"
3388
- }
3389
- }
3390
- },
3391
- "hash": {
3392
- "ignore_above": 1024,
3393
- "type": "keyword"
3394
- },
3395
- "id": {
3396
- "ignore_above": 1024,
3397
- "type": "keyword"
3398
- },
3399
- "name": {
3400
- "fields": {
3401
- "text": {
3402
- "norms": false,
3403
- "type": "text"
3404
- }
3405
- },
3406
- "ignore_above": 1024,
3407
- "type": "keyword"
3408
- },
3409
- "roles": {
3410
- "ignore_above": 1024,
3411
- "type": "keyword"
3412
- },
3413
- "target": {
3414
- "properties": {
3415
- "domain": {
3416
- "ignore_above": 1024,
3417
- "type": "keyword"
3418
- },
3419
- "email": {
3420
- "ignore_above": 1024,
3421
- "type": "keyword"
3422
- },
3423
- "full_name": {
3424
- "fields": {
3425
- "text": {
3426
- "norms": false,
3427
- "type": "text"
3428
- }
3429
- },
3430
- "ignore_above": 1024,
3431
- "type": "keyword"
3432
- },
3433
- "group": {
3434
- "properties": {
3435
- "domain": {
3436
- "ignore_above": 1024,
3437
- "type": "keyword"
3438
- },
3439
- "id": {
3440
- "ignore_above": 1024,
3441
- "type": "keyword"
3442
- },
3443
- "name": {
3444
- "ignore_above": 1024,
3445
- "type": "keyword"
3446
- }
3447
- }
3448
- },
3449
- "hash": {
3450
- "ignore_above": 1024,
3451
- "type": "keyword"
3452
- },
3453
- "id": {
3454
- "ignore_above": 1024,
3455
- "type": "keyword"
3456
- },
3457
- "name": {
3458
- "fields": {
3459
- "text": {
3460
- "norms": false,
3461
- "type": "text"
3462
- }
3463
- },
3464
- "ignore_above": 1024,
3465
- "type": "keyword"
3466
- },
3467
- "roles": {
3468
- "ignore_above": 1024,
3469
- "type": "keyword"
3470
- }
3471
- }
3472
- }
3473
- }
3474
- },
3475
- "user_agent": {
3476
- "properties": {
3477
- "device": {
3478
- "properties": {
3479
- "name": {
3480
- "ignore_above": 1024,
3481
- "type": "keyword"
3482
- }
3483
- }
3484
- },
3485
- "name": {
3486
- "ignore_above": 1024,
3487
- "type": "keyword"
3488
- },
3489
- "original": {
3490
- "fields": {
3491
- "text": {
3492
- "norms": false,
3493
- "type": "text"
3494
- }
3495
- },
3496
- "ignore_above": 1024,
3497
- "type": "keyword"
3498
- },
3499
- "os": {
3500
- "properties": {
3501
- "family": {
3502
- "ignore_above": 1024,
3503
- "type": "keyword"
3504
- },
3505
- "full": {
3506
- "fields": {
3507
- "text": {
3508
- "norms": false,
3509
- "type": "text"
3510
- }
3511
- },
3512
- "ignore_above": 1024,
3513
- "type": "keyword"
3514
- },
3515
- "kernel": {
3516
- "ignore_above": 1024,
3517
- "type": "keyword"
3518
- },
3519
- "name": {
3520
- "fields": {
3521
- "text": {
3522
- "norms": false,
3523
- "type": "text"
3524
- }
3525
- },
3526
- "ignore_above": 1024,
3527
- "type": "keyword"
3528
- },
3529
- "platform": {
3530
- "ignore_above": 1024,
3531
- "type": "keyword"
3532
- },
3533
- "type": {
3534
- "ignore_above": 1024,
3535
- "type": "keyword"
3536
- },
3537
- "version": {
3538
- "ignore_above": 1024,
3539
- "type": "keyword"
3540
- }
3541
- }
3542
- },
3543
- "version": {
3544
- "ignore_above": 1024,
3545
- "type": "keyword"
3546
- }
3547
- }
3548
- },
3549
- "vulnerability": {
3550
- "properties": {
3551
- "category": {
3552
- "ignore_above": 1024,
3553
- "type": "keyword"
3554
- },
3555
- "classification": {
3556
- "ignore_above": 1024,
3557
- "type": "keyword"
3558
- },
3559
- "description": {
3560
- "fields": {
3561
- "text": {
3562
- "norms": false,
3563
- "type": "text"
3564
- }
3565
- },
3566
- "ignore_above": 1024,
3567
- "type": "keyword"
3568
- },
3569
- "enumeration": {
3570
- "ignore_above": 1024,
3571
- "type": "keyword"
3572
- },
3573
- "id": {
3574
- "ignore_above": 1024,
3575
- "type": "keyword"
3576
- },
3577
- "reference": {
3578
- "ignore_above": 1024,
3579
- "type": "keyword"
3580
- },
3581
- "report_id": {
3582
- "ignore_above": 1024,
3583
- "type": "keyword"
3584
- },
3585
- "scanner": {
3586
- "properties": {
3587
- "vendor": {
3588
- "ignore_above": 1024,
3589
- "type": "keyword"
3590
- }
3591
- }
3592
- },
3593
- "score": {
3594
- "properties": {
3595
- "base": {
3596
- "type": "float"
3597
- },
3598
- "environmental": {
3599
- "type": "float"
3600
- },
3601
- "temporal": {
3602
- "type": "float"
3603
- },
3604
- "version": {
3605
- "ignore_above": 1024,
3606
- "type": "keyword"
3607
- }
3608
- }
3609
- },
3610
- "severity": {
3611
- "ignore_above": 1024,
3612
- "type": "keyword"
3613
- }
3614
- }
3615
- }
3616
- }
3617
- },
3618
- "order": 1,
3619
- "settings": {
3620
- "index": {
3621
- "mapping": {
3622
- "total_fields": {
3623
- "limit": 10000
3624
- }
3625
- },
3626
- "refresh_interval": "5s"
3627
- }
3628
- }
3629
- }