mirror of
https://github.com/ntop/ntopng.git
synced 2026-05-02 17:00:10 +00:00
5609 lines
150 KiB
JSON
5609 lines
150 KiB
JSON
{
|
|
"order" : 1,
|
|
"index_patterns" : [
|
|
"ntopng-*"
|
|
],
|
|
"settings" : {
|
|
"index" : {
|
|
"mapping" : {
|
|
"total_fields" : {
|
|
"limit" : "10000"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"mappings" : {
|
|
"dynamic_templates" : [
|
|
{
|
|
"strings_as_keyword" : {
|
|
"mapping" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"match_mapping_type" : "string"
|
|
}
|
|
}
|
|
],
|
|
"date_detection" : false,
|
|
"properties" : {
|
|
"container" : {
|
|
"properties" : {
|
|
"image" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"type" : "keyword"
|
|
},
|
|
"tag" : {
|
|
"ignore_above" : 1024,
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"type" : "keyword"
|
|
},
|
|
"runtime" : {
|
|
"ignore_above" : 1024,
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"ignore_above" : 1024,
|
|
"type" : "keyword"
|
|
},
|
|
"labels" : {
|
|
"type" : "object"
|
|
}
|
|
}
|
|
},
|
|
"server" : {
|
|
"properties" : {
|
|
"nat" : {
|
|
"properties" : {
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
}
|
|
}
|
|
},
|
|
"address" : {
|
|
"type" : "keyword",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"top_level_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"mac" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"packets" : {
|
|
"type" : "long"
|
|
},
|
|
"geo" : {
|
|
"properties" : {
|
|
"continent_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"region_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"city_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"location" : {
|
|
"type" : "geo_point"
|
|
},
|
|
"region_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"as" : {
|
|
"properties" : {
|
|
"number" : {
|
|
"type" : "long"
|
|
},
|
|
"organization" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"registered_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"subdomain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"user" : {
|
|
"properties" : {
|
|
"full_name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"roles" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"email" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"group" : {
|
|
"properties" : {
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"agent" : {
|
|
"properties" : {
|
|
"build" : {
|
|
"properties" : {
|
|
"original" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ephemeral_id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"log" : {
|
|
"properties" : {
|
|
"file" : {
|
|
"properties" : {
|
|
"path" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"level" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"logger" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"origin" : {
|
|
"properties" : {
|
|
"file" : {
|
|
"properties" : {
|
|
"line" : {
|
|
"type" : "long"
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"function" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"syslog" : {
|
|
"type" : "object",
|
|
"properties" : {
|
|
"severity" : {
|
|
"properties" : {
|
|
"code" : {
|
|
"type" : "long"
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"priority" : {
|
|
"type" : "long"
|
|
},
|
|
"facility" : {
|
|
"properties" : {
|
|
"code" : {
|
|
"type" : "long"
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"destination" : {
|
|
"properties" : {
|
|
"nat" : {
|
|
"properties" : {
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
}
|
|
}
|
|
},
|
|
"address" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"top_level_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"mac" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"packets" : {
|
|
"type" : "long"
|
|
},
|
|
"geo" : {
|
|
"properties" : {
|
|
"continent_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"region_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"city_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"location" : {
|
|
"type" : "geo_point"
|
|
},
|
|
"region_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"as" : {
|
|
"properties" : {
|
|
"number" : {
|
|
"type" : "long"
|
|
},
|
|
"organization" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"registered_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"subdomain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"user" : {
|
|
"properties" : {
|
|
"full_name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"roles" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"email" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"group" : {
|
|
"properties" : {
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"rule" : {
|
|
"properties" : {
|
|
"reference" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"license" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"author" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ruleset" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"description" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"category" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"uuid" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"source" : {
|
|
"properties" : {
|
|
"nat" : {
|
|
"properties" : {
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
}
|
|
}
|
|
},
|
|
"address" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"top_level_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"mac" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"packets" : {
|
|
"type" : "long"
|
|
},
|
|
"geo" : {
|
|
"properties" : {
|
|
"continent_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"region_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"city_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"location" : {
|
|
"type" : "geo_point"
|
|
},
|
|
"region_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"as" : {
|
|
"properties" : {
|
|
"number" : {
|
|
"type" : "long"
|
|
},
|
|
"organization" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"registered_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"subdomain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"user" : {
|
|
"properties" : {
|
|
"full_name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"roles" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"email" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"group" : {
|
|
"properties" : {
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"error" : {
|
|
"properties" : {
|
|
"code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"stack_trace" : {
|
|
"ignore_above" : 1024,
|
|
"index" : false,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword",
|
|
"doc_values" : false
|
|
},
|
|
"message" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"network" : {
|
|
"properties" : {
|
|
"transport" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"inner" : {
|
|
"type" : "object",
|
|
"properties" : {
|
|
"vlan" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"packets" : {
|
|
"type" : "long"
|
|
},
|
|
"community_id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"forwarded_ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"protocol" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 256
|
|
}
|
|
}
|
|
},
|
|
"category" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
|
|
"application" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"vlan" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"iana_number" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"direction" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"cloud" : {
|
|
"properties" : {
|
|
"availability_zone" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"instance" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"provider" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"machine" : {
|
|
"properties" : {
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"project" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"region" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"account" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"observer" : {
|
|
"properties" : {
|
|
"product" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"os" : {
|
|
"properties" : {
|
|
"kernel" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"family" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"platform" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"full" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"serial_number" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"mac" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"egress" : {
|
|
"type" : "object",
|
|
"properties" : {
|
|
"vlan" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"zone" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"interface" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"alias" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"geo" : {
|
|
"properties" : {
|
|
"continent_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"region_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"city_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"location" : {
|
|
"type" : "geo_point"
|
|
},
|
|
"region_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"ingress" : {
|
|
"type" : "object",
|
|
"properties" : {
|
|
"vlan" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"zone" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"interface" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"alias" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"hostname" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"vendor" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"trace" : {
|
|
"properties" : {
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"file" : {
|
|
"properties" : {
|
|
"extension" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"gid" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"drive_letter" : {
|
|
"ignore_above" : 1,
|
|
"type" : "keyword"
|
|
},
|
|
"accessed" : {
|
|
"type" : "date"
|
|
},
|
|
"mtime" : {
|
|
"type" : "date"
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"directory" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"inode" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"mode" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"path" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"uid" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"code_signature" : {
|
|
"properties" : {
|
|
"valid" : {
|
|
"type" : "boolean"
|
|
},
|
|
"trusted" : {
|
|
"type" : "boolean"
|
|
},
|
|
"subject_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"exists" : {
|
|
"type" : "boolean"
|
|
},
|
|
"status" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"ctime" : {
|
|
"type" : "date"
|
|
},
|
|
"group" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"owner" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"created" : {
|
|
"type" : "date"
|
|
},
|
|
"target_path" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"x509" : {
|
|
"properties" : {
|
|
"not_after" : {
|
|
"type" : "date"
|
|
},
|
|
"public_key_exponent" : {
|
|
"index" : false,
|
|
"type" : "long",
|
|
"doc_values" : false
|
|
},
|
|
"not_before" : {
|
|
"type" : "date"
|
|
},
|
|
"subject" : {
|
|
"properties" : {
|
|
"country" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"state_or_province" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organization" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"distinguished_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"locality" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"common_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organizational_unit" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"public_key_algorithm" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"public_key_curve" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"signature_algorithm" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"public_key_size" : {
|
|
"type" : "long"
|
|
},
|
|
"serial_number" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version_number" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"alternative_names" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"issuer" : {
|
|
"properties" : {
|
|
"country" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"state_or_province" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organization" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"distinguished_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"locality" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"common_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organizational_unit" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"size" : {
|
|
"type" : "long"
|
|
},
|
|
"mime_type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"pe" : {
|
|
"properties" : {
|
|
"file_version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"product" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"imphash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"description" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"company" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"original_file_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"architecture" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"attributes" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"device" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"properties" : {
|
|
"sha1" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha256" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha512" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"md5" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"ecs" : {
|
|
"properties" : {
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"related" : {
|
|
"properties" : {
|
|
"hosts" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"user" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"host" : {
|
|
"properties" : {
|
|
"geo" : {
|
|
"properties" : {
|
|
"continent_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"region_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"city_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"location" : {
|
|
"type" : "geo_point"
|
|
},
|
|
"region_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"hostname" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"os" : {
|
|
"properties" : {
|
|
"kernel" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"family" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"platform" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"full" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"user" : {
|
|
"properties" : {
|
|
"full_name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"roles" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"email" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"group" : {
|
|
"properties" : {
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"mac" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"architecture" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"uptime" : {
|
|
"type" : "long"
|
|
}
|
|
}
|
|
},
|
|
"client" : {
|
|
"properties" : {
|
|
"nat" : {
|
|
"properties" : {
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
}
|
|
}
|
|
},
|
|
"address" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"top_level_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"mac" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"packets" : {
|
|
"type" : "long"
|
|
},
|
|
"is_attacker" : {
|
|
"type" : "boolean"
|
|
},
|
|
"is_victim" : {
|
|
"type" : "boolean"
|
|
},
|
|
"blacklisted" : {
|
|
"type" : "boolean"
|
|
},
|
|
"geo" : {
|
|
"properties" : {
|
|
"continent_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"region_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"city_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_iso_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"country_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"location" : {
|
|
"type" : "geo_point"
|
|
},
|
|
"region_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"as" : {
|
|
"properties" : {
|
|
"number" : {
|
|
"type" : "long"
|
|
},
|
|
"organization" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"registered_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"subdomain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"user" : {
|
|
"properties" : {
|
|
"full_name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"roles" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"email" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"group" : {
|
|
"properties" : {
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"event" : {
|
|
"properties" : {
|
|
"reason" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"timezone" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"duration" : {
|
|
"type" : "long"
|
|
},
|
|
"reference" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ingested" : {
|
|
"type" : "date"
|
|
},
|
|
"provider" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"action" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"end" : {
|
|
"type" : "date"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"outcome" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"severity" : {
|
|
"type" : "long"
|
|
},
|
|
"risk_score" : {
|
|
"type" : "float"
|
|
},
|
|
"created" : {
|
|
"type" : "date"
|
|
},
|
|
"kind" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"module" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 256
|
|
}
|
|
}
|
|
},
|
|
"start" : {
|
|
"type" : "date"
|
|
},
|
|
"url" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sequence" : {
|
|
"type" : "long"
|
|
},
|
|
"risk_score_norm" : {
|
|
"type" : "float"
|
|
},
|
|
"category" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 256
|
|
}
|
|
}
|
|
},
|
|
"dataset" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 256
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"user_agent" : {
|
|
"properties" : {
|
|
"original" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"os" : {
|
|
"properties" : {
|
|
"kernel" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"family" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"platform" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"full" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"device" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"group" : {
|
|
"properties" : {
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"registry" : {
|
|
"properties" : {
|
|
"hive" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"path" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"data" : {
|
|
"properties" : {
|
|
"strings" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"bytes" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"value" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"key" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"process" : {
|
|
"properties" : {
|
|
"parent" : {
|
|
"properties" : {
|
|
"pgid" : {
|
|
"type" : "long"
|
|
},
|
|
"start" : {
|
|
"type" : "date"
|
|
},
|
|
"pid" : {
|
|
"type" : "long"
|
|
},
|
|
"working_directory" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"thread" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "long"
|
|
}
|
|
}
|
|
},
|
|
"entity_id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"title" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"executable" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"ppid" : {
|
|
"type" : "long"
|
|
},
|
|
"uptime" : {
|
|
"type" : "long"
|
|
},
|
|
"args" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"code_signature" : {
|
|
"properties" : {
|
|
"valid" : {
|
|
"type" : "boolean"
|
|
},
|
|
"trusted" : {
|
|
"type" : "boolean"
|
|
},
|
|
"subject_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"exists" : {
|
|
"type" : "boolean"
|
|
},
|
|
"status" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"pe" : {
|
|
"properties" : {
|
|
"file_version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"product" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"imphash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"description" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"company" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"original_file_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"architecture" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"exit_code" : {
|
|
"type" : "long"
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"args_count" : {
|
|
"type" : "long"
|
|
},
|
|
"command_line" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"hash" : {
|
|
"properties" : {
|
|
"sha1" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha256" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha512" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"md5" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"pgid" : {
|
|
"type" : "long"
|
|
},
|
|
"start" : {
|
|
"type" : "date"
|
|
},
|
|
"pid" : {
|
|
"type" : "long"
|
|
},
|
|
"working_directory" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"thread" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "long"
|
|
}
|
|
}
|
|
},
|
|
"entity_id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"title" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"executable" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"ppid" : {
|
|
"type" : "long"
|
|
},
|
|
"uptime" : {
|
|
"type" : "long"
|
|
},
|
|
"args" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"code_signature" : {
|
|
"properties" : {
|
|
"valid" : {
|
|
"type" : "boolean"
|
|
},
|
|
"trusted" : {
|
|
"type" : "boolean"
|
|
},
|
|
"subject_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"exists" : {
|
|
"type" : "boolean"
|
|
},
|
|
"status" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"pe" : {
|
|
"properties" : {
|
|
"file_version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"product" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"imphash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"description" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"company" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"original_file_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"architecture" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"exit_code" : {
|
|
"type" : "long"
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"args_count" : {
|
|
"type" : "long"
|
|
},
|
|
"command_line" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"hash" : {
|
|
"properties" : {
|
|
"sha1" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha256" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha512" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"md5" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"package" : {
|
|
"properties" : {
|
|
"installed" : {
|
|
"type" : "date"
|
|
},
|
|
"build_version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"description" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"reference" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"license" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"path" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"install_scope" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"size" : {
|
|
"type" : "long"
|
|
},
|
|
"checksum" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"architecture" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"dll" : {
|
|
"properties" : {
|
|
"path" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"code_signature" : {
|
|
"properties" : {
|
|
"valid" : {
|
|
"type" : "boolean"
|
|
},
|
|
"trusted" : {
|
|
"type" : "boolean"
|
|
},
|
|
"subject_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"exists" : {
|
|
"type" : "boolean"
|
|
},
|
|
"status" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"pe" : {
|
|
"properties" : {
|
|
"file_version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"product" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"imphash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"description" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"company" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"original_file_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"architecture" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"properties" : {
|
|
"sha1" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha256" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha512" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"md5" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"dns" : {
|
|
"properties" : {
|
|
"op_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"resolved_ip" : {
|
|
"type" : "ip"
|
|
},
|
|
"response_code" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"question" : {
|
|
"properties" : {
|
|
"registered_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"top_level_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"subdomain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"class" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"answers" : {
|
|
"type" : "object",
|
|
"properties" : {
|
|
"data" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"class" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ttl" : {
|
|
"type" : "long"
|
|
}
|
|
}
|
|
},
|
|
"header_flags" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"vulnerability" : {
|
|
"properties" : {
|
|
"reference" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"severity" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"score" : {
|
|
"properties" : {
|
|
"environmental" : {
|
|
"type" : "float"
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"temporal" : {
|
|
"type" : "float"
|
|
},
|
|
"base" : {
|
|
"type" : "float"
|
|
}
|
|
}
|
|
},
|
|
"report_id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"scanner" : {
|
|
"properties" : {
|
|
"vendor" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"description" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"category" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"classification" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"enumeration" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"message" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
},
|
|
"url" : {
|
|
"properties" : {
|
|
"extension" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"original" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"scheme" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"top_level_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"query" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"path" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"fragment" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"password" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"registered_domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"port" : {
|
|
"type" : "long"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"subdomain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"full" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"username" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"labels" : {
|
|
"type" : "object"
|
|
},
|
|
"tags" : {
|
|
"ignore_above" : 1024,
|
|
"type" : "keyword"
|
|
},
|
|
"@timestamp" : {
|
|
"type" : "date"
|
|
},
|
|
"service" : {
|
|
"properties" : {
|
|
"node" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"state" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ephemeral_id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"organization" : {
|
|
"properties" : {
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"http" : {
|
|
"properties" : {
|
|
"request" : {
|
|
"properties" : {
|
|
"referrer" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"method" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"mime_type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"body" : {
|
|
"properties" : {
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"content" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"response" : {
|
|
"properties" : {
|
|
"status_code" : {
|
|
"type" : "long"
|
|
},
|
|
"mime_type" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"body" : {
|
|
"properties" : {
|
|
"bytes" : {
|
|
"type" : "long"
|
|
},
|
|
"content" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"tls" : {
|
|
"properties" : {
|
|
"cipher" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"established" : {
|
|
"type" : "boolean"
|
|
},
|
|
"server" : {
|
|
"properties" : {
|
|
"not_after" : {
|
|
"type" : "date"
|
|
},
|
|
"is_attacker" : {
|
|
"type" : "boolean"
|
|
},
|
|
"is_victim" : {
|
|
"type" : "boolean"
|
|
},
|
|
"blacklisted" : {
|
|
"type" : "boolean"
|
|
},
|
|
"x509" : {
|
|
"properties" : {
|
|
"not_after" : {
|
|
"type" : "date"
|
|
},
|
|
"public_key_exponent" : {
|
|
"index" : false,
|
|
"type" : "long",
|
|
"doc_values" : false
|
|
},
|
|
"not_before" : {
|
|
"type" : "date"
|
|
},
|
|
"subject" : {
|
|
"properties" : {
|
|
"country" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"state_or_province" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organization" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"distinguished_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"locality" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"common_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organizational_unit" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"public_key_algorithm" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"public_key_curve" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"signature_algorithm" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"public_key_size" : {
|
|
"type" : "long"
|
|
},
|
|
"serial_number" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version_number" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"alternative_names" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"issuer" : {
|
|
"properties" : {
|
|
"country" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"state_or_province" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organization" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"distinguished_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"locality" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"common_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organizational_unit" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"ja3s" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"not_before" : {
|
|
"type" : "date"
|
|
},
|
|
"subject" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"certificate" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"certificate_chain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"properties" : {
|
|
"sha1" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha256" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"md5" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"issuer" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"curve" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"client" : {
|
|
"properties" : {
|
|
"not_after" : {
|
|
"type" : "date"
|
|
},
|
|
"server_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"x509" : {
|
|
"properties" : {
|
|
"not_after" : {
|
|
"type" : "date"
|
|
},
|
|
"public_key_exponent" : {
|
|
"index" : false,
|
|
"type" : "long",
|
|
"doc_values" : false
|
|
},
|
|
"not_before" : {
|
|
"type" : "date"
|
|
},
|
|
"subject" : {
|
|
"properties" : {
|
|
"country" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"state_or_province" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organization" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"distinguished_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"locality" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"common_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organizational_unit" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"public_key_algorithm" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"public_key_curve" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"signature_algorithm" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"public_key_size" : {
|
|
"type" : "long"
|
|
},
|
|
"serial_number" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version_number" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"alternative_names" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"issuer" : {
|
|
"properties" : {
|
|
"country" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"state_or_province" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organization" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"distinguished_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"locality" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"common_name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"organizational_unit" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"not_before" : {
|
|
"type" : "date"
|
|
},
|
|
"subject" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"supported_ciphers" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"certificate" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"ja3" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"certificate_chain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"properties" : {
|
|
"sha1" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"sha256" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"md5" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"issuer" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"next_protocol" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"resumed" : {
|
|
"type" : "boolean"
|
|
},
|
|
"version" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"version_protocol" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"threat" : {
|
|
"properties" : {
|
|
"framework" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"technique" : {
|
|
"properties" : {
|
|
"reference" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"subtechnique" : {
|
|
"properties" : {
|
|
"reference" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"tactic" : {
|
|
"properties" : {
|
|
"reference" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"user" : {
|
|
"properties" : {
|
|
"full_name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"roles" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"ignore_above" : 1024,
|
|
"fields" : {
|
|
"text" : {
|
|
"norms" : false,
|
|
"type" : "text"
|
|
}
|
|
},
|
|
"type" : "keyword"
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"email" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"hash" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"group" : {
|
|
"properties" : {
|
|
"domain" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"name" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
},
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"transaction" : {
|
|
"properties" : {
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"span" : {
|
|
"properties" : {
|
|
"id" : {
|
|
"type" : "text",
|
|
"fields" : {
|
|
"keyword" : {
|
|
"type" : "keyword",
|
|
"ignore_above" : 1024
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"aliases" : { }
|
|
}
|
|
|