From 60a0204975219013cd6d45a7f4d6dc918890da5c Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 27 Jan 2022 11:02:47 -0500 Subject: [PATCH] Revert changes to common template --- .../so/so-common-template.json.jinja | 26909 +--------------- 1 file changed, 347 insertions(+), 26562 deletions(-) diff --git a/salt/elasticsearch/templates/so/so-common-template.json.jinja b/salt/elasticsearch/templates/so/so-common-template.json.jinja index cd3e8dea6..4a41cba8a 100644 --- a/salt/elasticsearch/templates/so/so-common-template.json.jinja +++ b/salt/elasticsearch/templates/so/so-common-template.json.jinja @@ -10,980 +10,11 @@ "number_of_shards":1, "index.refresh_interval":"{{ REFRESH }}", "index.routing.allocation.require.box_type":"hot", - "index.mapping.total_fields.limit": "10000", - "index.max_docvalue_fields_search": 200, - "index.query" : { - "default_field": [ - "message", - "tags", - "agent.ephemeral_id", - "agent.id", - "agent.name", - "agent.type", - "agent.version", - "as.organization.name", - "client.address", - "client.as.organization.name", - "client.domain", - "client.geo.city_name", - "client.geo.continent_name", - "client.geo.country_iso_code", - "client.geo.country_name", - "client.geo.name", - "client.geo.region_iso_code", - "client.geo.region_name", - "client.mac", - "client.registered_domain", - "client.top_level_domain", - "client.user.domain", - "client.user.email", - "client.user.full_name", - "client.user.group.domain", - "client.user.group.id", - "client.user.group.name", - "client.user.hash", - "client.user.id", - "client.user.name", - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "container.id", - "container.image.name", - "container.image.tag", - "container.name", - "container.runtime", - "destination.address", - "destination.as.organization.name", - "destination.domain", - "destination.geo.city_name", - "destination.geo.continent_name", - "destination.geo.country_iso_code", - "destination.geo.country_name", - "destination.geo.name", - "destination.geo.region_iso_code", - "destination.geo.region_name", - "destination.mac", - "destination.registered_domain", - "destination.top_level_domain", - "destination.user.domain", - "destination.user.email", - "destination.user.full_name", - "destination.user.group.domain", - "destination.user.group.id", - "destination.user.group.name", - "destination.user.hash", - "destination.user.id", - "destination.user.name", - "dns.answers.class", - "dns.answers.data", - "dns.answers.name", - "dns.answers.type", - "dns.header_flags", - "dns.id", - "dns.op_code", - "dns.question.class", - "dns.question.name", - "dns.question.registered_domain", - "dns.question.subdomain", - "dns.question.top_level_domain", - "dns.question.type", - "dns.response_code", - "dns.type", - "ecs.version", - "error.code", - "error.id", - "error.message", - "error.stack_trace", - "error.type", - "event.action", - "event.category", - "event.code", - "event.dataset", - "event.hash", - "event.id", - "event.kind", - "event.module", - "event.outcome", - "event.provider", - "event.timezone", - "event.type", - "file.device", - "file.directory", - "file.extension", - "file.gid", - "file.group", - "file.hash.md5", - "file.hash.sha1", - "file.hash.sha256", - "file.hash.sha512", - "file.inode", - "file.mode", - "file.name", - "file.owner", - "file.path", - "file.target_path", - "file.type", - "file.uid", - "geo.city_name", - "geo.continent_name", - "geo.country_iso_code", - "geo.country_name", - "geo.name", - "geo.region_iso_code", - "geo.region_name", - "group.domain", - "group.id", - "group.name", - "hash.md5", - "hash.sha1", - "hash.sha256", - "hash.sha512", - "host.architecture", - "host.geo.city_name", - "host.geo.continent_name", - "host.geo.country_iso_code", - "host.geo.country_name", - "host.geo.name", - "host.geo.region_iso_code", - "host.geo.region_name", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.full", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.user.domain", - "host.user.email", - "host.user.full_name", - "host.user.group.domain", - "host.user.group.id", - "host.user.group.name", - "host.user.hash", - "host.user.id", - "host.user.name", - "http.request.body.content", - "http.request.method", - "http.request.referrer", - "http.response.body.content", - "http.version", - "log.level", - "log.logger", - "log.origin.file.name", - "log.origin.function", - "log.syslog.facility.name", - "log.syslog.severity.name", - "network.application", - "network.community_id", - "network.direction", - "network.iana_number", - "network.name", - "network.protocol", - "network.transport", - "network.type", - "observer.geo.city_name", - "observer.geo.continent_name", - "observer.geo.country_iso_code", - "observer.geo.country_name", - "observer.geo.name", - "observer.geo.region_iso_code", - "observer.geo.region_name", - "observer.hostname", - "observer.mac", - "observer.name", - "observer.os.family", - "observer.os.full", - "observer.os.kernel", - "observer.os.name", - "observer.os.platform", - "observer.os.version", - "observer.product", - "observer.serial_number", - "observer.type", - "observer.vendor", - "observer.version", - "organization.id", - "organization.name", - "os.family", - "os.full", - "os.kernel", - "os.name", - "os.platform", - "os.version", - "package.architecture", - "package.checksum", - "package.description", - "package.install_scope", - "package.license", - "package.name", - "package.path", - "package.version", - "process.args", - "process.executable", - "process.hash.md5", - "process.hash.sha1", - "process.hash.sha256", - "process.hash.sha512", - "process.name", - "process.thread.name", - "process.title", - "process.working_directory", - "server.address", - "server.as.organization.name", - "server.domain", - "server.geo.city_name", - "server.geo.continent_name", - "server.geo.country_iso_code", - "server.geo.country_name", - "server.geo.name", - "server.geo.region_iso_code", - "server.geo.region_name", - "server.mac", - "server.registered_domain", - "server.top_level_domain", - "server.user.domain", - "server.user.email", - "server.user.full_name", - "server.user.group.domain", - "server.user.group.id", - "server.user.group.name", - "server.user.hash", - "server.user.id", - "server.user.name", - "service.ephemeral_id", - "service.id", - "service.name", - "service.node.name", - "service.state", - "service.type", - "service.version", - "source.address", - "source.as.organization.name", - "source.domain", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.name", - "source.geo.region_iso_code", - "source.geo.region_name", - "source.mac", - "source.registered_domain", - "source.top_level_domain", - "source.user.domain", - "source.user.email", - "source.user.full_name", - "source.user.group.domain", - "source.user.group.id", - "source.user.group.name", - "source.user.hash", - "source.user.id", - "source.user.name", - "threat.framework", - "threat.tactic.id", - "threat.tactic.name", - "threat.tactic.reference", - "threat.technique.id", - "threat.technique.name", - "threat.technique.reference", - "trace.id", - "transaction.id", - "url.domain", - "url.extension", - "url.fragment", - "url.full", - "url.original", - "url.password", - "url.path", - "url.query", - "url.registered_domain", - "url.scheme", - "url.top_level_domain", - "url.username", - "user.domain", - "user.email", - "user.full_name", - "user.group.domain", - "user.group.id", - "user.group.name", - "user.hash", - "user.id", - "user.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.original.text", - "user_agent.original", - "user_agent.os.family", - "user_agent.os.full", - "user_agent.os.kernel", - "user_agent.os.name", - "user_agent.os.platform", - "user_agent.os.version", - "user_agent.version", - "agent.hostname", - "timeseries.instance", - "cloud.image.id", - "host.os.build", - "host.os.codename", - "kubernetes.pod.name", - "kubernetes.pod.uid", - "kubernetes.namespace", - "kubernetes.node.name", - "kubernetes.node.hostname", - "kubernetes.replicaset.name", - "kubernetes.deployment.name", - "kubernetes.statefulset.name", - "kubernetes.container.name", - "jolokia.agent.version", - "jolokia.agent.id", - "jolokia.server.product", - "jolokia.server.version", - "jolokia.server.vendor", - "jolokia.url", - "log.source.address", - "stream", - "input.type", - "syslog.severity_label", - "syslog.facility_label", - "process.program", - "log.flags", - "user_agent.os.full_name", - "fileset.name", - "icmp.code", - "icmp.type", - "igmp.type", - "azure.eventhub", - "azure.consumer_group", - "kafka.topic", - "kafka.key", - "activemq.caller", - "activemq.thread", - "activemq.user", - "activemq.log.stack_trace", - "apache.access.ssl.protocol", - "apache.access.ssl.cipher", - "apache.error.module", - "user.terminal", - "user.audit.id", - "user.audit.name", - "user.audit.group.id", - "user.audit.group.name", - "user.filesystem.id", - "user.filesystem.name", - "user.filesystem.group.id", - "user.filesystem.group.name", - "user.owner.id", - "user.owner.name", - "user.owner.group.id", - "user.owner.group.name", - "user.saved.id", - "user.saved.name", - "user.saved.group.id", - "user.saved.group.name", - "auditd.log.old_auid", - "auditd.log.new_auid", - "auditd.log.old_ses", - "auditd.log.new_ses", - "auditd.log.items", - "auditd.log.item", - "auditd.log.tty", - "auditd.log.a0", - "bucket.name", - "bucket.arn", - "object.key", - "azure.subscription_id", - "azure.correlation_id", - "azure.tenant_id", - "azure.resource.id", - "azure.resource.group", - "azure.resource.provider", - "azure.resource.namespace", - "azure.resource.name", - "azure.resource.authorization_rule", - "cisco.asa.message_id", - "cisco.asa.suffix", - "cisco.asa.source_interface", - "cisco.asa.destination_interface", - "cisco.asa.rule_name", - "cisco.asa.source_username", - "cisco.asa.destination_username", - "cisco.asa.threat_level", - "cisco.asa.threat_category", - "cisco.asa.connection_id", - "cisco.ftd.message_id", - "cisco.ftd.suffix", - "cisco.ftd.source_interface", - "cisco.ftd.destination_interface", - "cisco.ftd.rule_name", - "cisco.ftd.source_username", - "cisco.ftd.destination_username", - "cisco.ftd.threat_level", - "cisco.ftd.threat_category", - "cisco.ftd.connection_id", - "cisco.ios.access_list", - "cisco.ios.facility", - "cisco.umbrella.identities", - "cisco.umbrella.categories", - "cisco.umbrella.policy_identity_type", - "cisco.umbrella.identity_types", - "cisco.umbrella.blocked_categories", - "cisco.umbrella.content_type", - "cisco.umbrella.sha_sha256", - "cisco.umbrella.av_detections", - "cisco.umbrella.puas", - "cisco.umbrella.amp_disposition", - "cisco.umbrella.amp_malware_name", - "cisco.umbrella.amp_score", - "cisco.umbrella.datacenter", - "cisco.umbrella.origin_id", - "coredns.id", - "coredns.query.class", - "coredns.query.name", - "coredns.query.type", - "coredns.response.code", - "coredns.response.flags", - "cef.version", - "cef.device.vendor", - "cef.device.product", - "cef.device.version", - "cef.device.event_class_id", - "cef.severity", - "cef.name", - "source.service.name", - "destination.service.name", - "elasticsearch.component", - "elasticsearch.cluster.uuid", - "elasticsearch.cluster.name", - "elasticsearch.node.id", - "elasticsearch.node.name", - "elasticsearch.index.name", - "elasticsearch.index.id", - "elasticsearch.shard.id", - "elasticsearch.audit.layer", - "elasticsearch.audit.event_type", - "elasticsearch.audit.origin.type", - "elasticsearch.audit.realm", - "elasticsearch.audit.user.realm", - "elasticsearch.audit.user.roles", - "elasticsearch.audit.user.run_as.name", - "elasticsearch.audit.user.run_as.realm", - "elasticsearch.audit.component", - "elasticsearch.audit.action", - "elasticsearch.audit.url.params", - "elasticsearch.audit.indices", - "elasticsearch.audit.request.id", - "elasticsearch.audit.request.name", - "elasticsearch.audit.message", - "elasticsearch.gc.phase.name", - "elasticsearch.gc.tags", - "elasticsearch.slowlog.logger", - "elasticsearch.slowlog.took", - "elasticsearch.slowlog.types", - "elasticsearch.slowlog.stats", - "elasticsearch.slowlog.search_type", - "elasticsearch.slowlog.source_query", - "elasticsearch.slowlog.extra_source", - "elasticsearch.slowlog.total_hits", - "elasticsearch.slowlog.total_shards", - "elasticsearch.slowlog.routing", - "elasticsearch.slowlog.id", - "elasticsearch.slowlog.type", - "elasticsearch.slowlog.source", - "envoyproxy.log_type", - "envoyproxy.response_flags", - "envoyproxy.request_id", - "envoyproxy.authority", - "envoyproxy.proxy_type", - "fortinet.file.hash.crc32", - "gcp.destination.instance.project_id", - "gcp.destination.instance.region", - "gcp.destination.instance.zone", - "gcp.destination.vpc.project_id", - "gcp.destination.vpc.vpc_name", - "gcp.destination.vpc.subnetwork_name", - "gcp.source.instance.project_id", - "gcp.source.instance.region", - "gcp.source.instance.zone", - "gcp.source.vpc.project_id", - "gcp.source.vpc.vpc_name", - "gcp.source.vpc.subnetwork_name", - "gcp.audit.type", - "gcp.audit.authentication_info.principal_email", - "gcp.audit.authentication_info.authority_selector", - "gcp.audit.method_name", - "gcp.audit.request.proto_name", - "gcp.audit.request.filter", - "gcp.audit.request.name", - "gcp.audit.request.resource_name", - "gcp.audit.request_metadata.caller_supplied_user_agent", - "gcp.audit.response.proto_name", - "gcp.audit.response.details.group", - "gcp.audit.response.details.kind", - "gcp.audit.response.details.name", - "gcp.audit.response.details.uid", - "gcp.audit.response.status", - "gcp.audit.resource_name", - "gcp.audit.resource_location.current_locations", - "gcp.audit.service_name", - "gcp.audit.status.message", - "gcp.firewall.rule_details.action", - "gcp.firewall.rule_details.direction", - "gcp.firewall.rule_details.reference", - "gcp.firewall.rule_details.source_range", - "gcp.firewall.rule_details.destination_range", - "gcp.firewall.rule_details.source_tag", - "gcp.firewall.rule_details.target_tag", - "gcp.firewall.rule_details.source_service_account", - "gcp.firewall.rule_details.target_service_account", - "gcp.vpcflow.reporter", - "haproxy.frontend_name", - "haproxy.backend_name", - "haproxy.server_name", - "haproxy.bind_name", - "haproxy.error_message", - "haproxy.source", - "haproxy.termination_state", - "haproxy.mode", - "haproxy.http.response.captured_cookie", - "haproxy.http.response.captured_headers", - "haproxy.http.request.captured_cookie", - "haproxy.http.request.captured_headers", - "haproxy.http.request.raw_request_line", - "ibmmq.errorlog.installation", - "ibmmq.errorlog.qmgr", - "ibmmq.errorlog.arithinsert", - "ibmmq.errorlog.commentinsert", - "ibmmq.errorlog.errordescription", - "ibmmq.errorlog.explanation", - "ibmmq.errorlog.action", - "ibmmq.errorlog.code", - "icinga.debug.facility", - "icinga.main.facility", - "icinga.startup.facility", - "iis.access.site_name", - "iis.access.server_name", - "iis.access.cookie", - "iis.error.reason_phrase", - "iis.error.queue_name", - "iptables.fragment_flags", - "iptables.input_device", - "iptables.output_device", - "iptables.tcp.flags", - "iptables.ubiquiti.input_zone", - "iptables.ubiquiti.output_zone", - "iptables.ubiquiti.rule_number", - "iptables.ubiquiti.rule_set", - "kafka.log.component", - "kafka.log.class", - "kafka.log.thread", - "kafka.log.trace.class", - "kafka.log.trace.message", - "kibana.session_id", - "kibana.space_id", - "kibana.saved_object.type", - "kibana.saved_object.id", - "kibana.add_to_spaces", - "kibana.delete_from_spaces", - "kibana.authentication_provider", - "kibana.authentication_type", - "kibana.authentication_realm", - "kibana.lookup_realm", - "kibana.log.tags", - "kibana.log.state", - "logstash.log.module", - "logstash.log.thread.text", - "logstash.log.thread", - "logstash.log.log_event.action", - "logstash.log.pipeline_id", - "logstash.slowlog.module", - "logstash.slowlog.thread.text", - "logstash.slowlog.thread", - "logstash.slowlog.event.text", - "logstash.slowlog.event", - "logstash.slowlog.plugin_name", - "logstash.slowlog.plugin_type", - "logstash.slowlog.plugin_params.text", - "logstash.slowlog.plugin_params", - "misp.attack_pattern.id", - "misp.attack_pattern.name", - "misp.attack_pattern.description", - "misp.attack_pattern.kill_chain_phases", - "misp.campaign.id", - "misp.campaign.name", - "misp.campaign.description", - "misp.campaign.aliases", - "misp.campaign.objective", - "misp.course_of_action.id", - "misp.course_of_action.name", - "misp.course_of_action.description", - "misp.identity.id", - "misp.identity.name", - "misp.identity.description", - "misp.identity.identity_class", - "misp.identity.labels", - "misp.identity.sectors", - "misp.identity.contact_information", - "misp.intrusion_set.id", - "misp.intrusion_set.name", - "misp.intrusion_set.description", - "misp.intrusion_set.aliases", - "misp.intrusion_set.goals", - "misp.intrusion_set.resource_level", - "misp.intrusion_set.primary_motivation", - "misp.intrusion_set.secondary_motivations", - "misp.malware.id", - "misp.malware.name", - "misp.malware.description", - "misp.malware.labels", - "misp.malware.kill_chain_phases", - "misp.note.id", - "misp.note.summary", - "misp.note.description", - "misp.note.authors", - "misp.note.object_refs", - "misp.threat_indicator.labels", - "misp.threat_indicator.id", - "misp.threat_indicator.version", - "misp.threat_indicator.type", - "misp.threat_indicator.description", - "misp.threat_indicator.feed", - "misp.threat_indicator.severity", - "misp.threat_indicator.confidence", - "misp.threat_indicator.kill_chain_phases", - "misp.threat_indicator.mitre_tactic", - "misp.threat_indicator.mitre_technique", - "misp.threat_indicator.attack_pattern", - "misp.threat_indicator.attack_pattern_kql", - "misp.threat_indicator.intrusion_set", - "misp.threat_indicator.campaign", - "misp.threat_indicator.threat_actor", - "misp.observed_data.id", - "misp.observed_data.objects", - "misp.report.id", - "misp.report.labels", - "misp.report.name", - "misp.report.description", - "misp.report.object_refs", - "misp.threat_actor.id", - "misp.threat_actor.labels", - "misp.threat_actor.name", - "misp.threat_actor.description", - "misp.threat_actor.aliases", - "misp.threat_actor.roles", - "misp.threat_actor.goals", - "misp.threat_actor.sophistication", - "misp.threat_actor.resource_level", - "misp.threat_actor.primary_motivation", - "misp.threat_actor.secondary_motivations", - "misp.threat_actor.personal_motivations", - "misp.tool.id", - "misp.tool.labels", - "misp.tool.name", - "misp.tool.description", - "misp.tool.tool_version", - "misp.tool.kill_chain_phases", - "misp.vulnerability.id", - "misp.vulnerability.name", - "misp.vulnerability.description", - "mongodb.log.component", - "mongodb.log.context", - "mssql.log.origin", - "mysql.slowlog.query", - "mysql.slowlog.schema", - "mysql.slowlog.current_user", - "mysql.slowlog.last_errno", - "mysql.slowlog.killed", - "mysql.slowlog.log_slow_rate_type", - "mysql.slowlog.log_slow_rate_limit", - "mysql.slowlog.innodb.trx_id", - "nats.log.msg.type", - "nats.log.msg.subject", - "nats.log.msg.reply_to", - "nats.log.msg.error.message", - "nats.log.msg.queue_group", - "netflow.type", - "netflow.exporter.address", - "netflow.source_mac_address", - "netflow.post_destination_mac_address", - "netflow.destination_mac_address", - "netflow.post_source_mac_address", - "netflow.interface_name", - "netflow.interface_description", - "netflow.sampler_name", - "netflow.application_description", - "netflow.application_name", - "netflow.class_name", - "netflow.wlan_ssid", - "netflow.vr_fname", - "netflow.metro_evc_id", - "netflow.nat_pool_name", - "netflow.p2p_technology", - "netflow.tunnel_technology", - "netflow.encrypted_technology", - "netflow.observation_domain_name", - "netflow.selector_name", - "netflow.information_element_description", - "netflow.information_element_name", - "netflow.virtual_station_interface_name", - "netflow.virtual_station_name", - "netflow.sta_mac_address", - "netflow.wtp_mac_address", - "netflow.user_name", - "netflow.application_category_name", - "netflow.application_sub_category_name", - "netflow.application_group_name", - "netflow.dot1q_customer_source_mac_address", - "netflow.dot1q_customer_destination_mac_address", - "netflow.mib_context_name", - "netflow.mib_object_name", - "netflow.mib_object_description", - "netflow.mib_object_syntax", - "netflow.mib_module_name", - "netflow.mobile_imsi", - "netflow.mobile_msisdn", - "netflow.http_request_method", - "netflow.http_request_host", - "netflow.http_request_target", - "netflow.http_message_version", - "netflow.http_user_agent", - "netflow.http_content_type", - "netflow.http_reason_phrase", - "nginx.ingress_controller.upstream_address_list", - "nginx.ingress_controller.upstream.response.length_list", - "nginx.ingress_controller.upstream.response.time_list", - "nginx.ingress_controller.upstream.response.status_code_list", - "nginx.ingress_controller.upstream.name", - "nginx.ingress_controller.upstream.alternative_name", - "nginx.ingress_controller.http.request.id", - "oracle.database_audit.status", - "oracle.database_audit.session_id", - "oracle.database_audit.client.terminal", - "oracle.database_audit.client.address", - "oracle.database_audit.client.user", - "oracle.database_audit.database.user", - "oracle.database_audit.privilege", - "oracle.database_audit.entry.id", - "oracle.database_audit.database.host", - "oracle.database_audit.action", - "oracle.database_audit.action_number", - "oracle.database_audit.database.id", - "osquery.result.name", - "osquery.result.action", - "osquery.result.host_identifier", - "osquery.result.calendar_time", - "panw.panos.ruleset", - "panw.panos.source.zone", - "panw.panos.source.interface", - "panw.panos.destination.zone", - "panw.panos.destination.interface", - "panw.panos.endreason", - "panw.panos.network.pcap_id", - "panw.panos.network.nat.community_id", - "panw.panos.file.hash", - "panw.panos.url.category", - "panw.panos.flow_id", - "panw.panos.threat.resource", - "panw.panos.threat.id", - "panw.panos.threat.name", - "panw.panos.action", - "panw.panos.type", - "panw.panos.sub_type", - "postgresql.log.timestamp", - "postgresql.log.client_addr", - "postgresql.log.client_port", - "postgresql.log.session_id", - "postgresql.log.database", - "postgresql.log.query", - "postgresql.log.query_step", - "postgresql.log.query_name", - "postgresql.log.command_tag", - "postgresql.log.virtual_transaction_id", - "postgresql.log.sql_state_code", - "postgresql.log.detail", - "postgresql.log.hint", - "postgresql.log.internal_query", - "postgresql.log.context", - "postgresql.log.location", - "postgresql.log.application_name", - "postgresql.log.backend_type", - "rabbitmq.log.pid", - "redis.log.role", - "redis.slowlog.cmd", - "redis.slowlog.key", - "redis.slowlog.args", - "santa.action", - "santa.decision", - "santa.reason", - "santa.mode", - "santa.disk.volume", - "santa.disk.bus", - "santa.disk.serial", - "santa.disk.bsdname", - "santa.disk.model", - "santa.disk.fs", - "santa.disk.mount", - "santa.certificate.common_name", - "santa.certificate.sha256", - "snyk.related.projects", - "snyk.audit.org_id", - "snyk.audit.project_id", - "snyk.vulnerabilities.cvss3", - "snyk.vulnerabilities.exploit_maturity", - "snyk.vulnerabilities.id", - "snyk.vulnerabilities.language", - "snyk.vulnerabilities.package", - "snyk.vulnerabilities.package_manager", - "snyk.vulnerabilities.jira_issue_url", - "snyk.vulnerabilities.reachability", - "snyk.vulnerabilities.title", - "snyk.vulnerabilities.type", - "snyk.vulnerabilities.unique_severities_list", - "snyk.vulnerabilities.version", - "snyk.vulnerabilities.credit", - "snyk.vulnerabilities.identifiers.alternative", - "snyk.vulnerabilities.identifiers.cwe", - "suricata.eve.event_type", - "suricata.eve.app_proto_orig", - "suricata.eve.tcp.tcp_flags", - "suricata.eve.tcp.tcp_flags_tc", - "suricata.eve.tcp.state", - "suricata.eve.tcp.tcp_flags_ts", - "suricata.eve.fileinfo.sha1", - "suricata.eve.fileinfo.state", - "suricata.eve.fileinfo.sha256", - "suricata.eve.fileinfo.md5", - "suricata.eve.dns.type", - "suricata.eve.dns.rrtype", - "suricata.eve.dns.rrname", - "suricata.eve.dns.rdata", - "suricata.eve.dns.rcode", - "suricata.eve.flow_id", - "suricata.eve.email.status", - "suricata.eve.http.redirect", - "suricata.eve.http.protocol", - "suricata.eve.http.http_content_type", - "suricata.eve.in_iface", - "suricata.eve.alert.category", - "suricata.eve.alert.signature", - "suricata.eve.alert.protocols", - "suricata.eve.alert.attack_target", - "suricata.eve.alert.capec_id", - "suricata.eve.alert.cwe_id", - "suricata.eve.alert.malware", - "suricata.eve.alert.cve", - "suricata.eve.alert.cvss_v2_base", - "suricata.eve.alert.cvss_v2_temporal", - "suricata.eve.alert.cvss_v3_base", - "suricata.eve.alert.cvss_v3_temporal", - "suricata.eve.alert.priority", - "suricata.eve.alert.hostile", - "suricata.eve.alert.infected", - "suricata.eve.alert.classtype", - "suricata.eve.alert.rule_source", - "suricata.eve.alert.sid", - "suricata.eve.alert.affected_product", - "suricata.eve.alert.deployment", - "suricata.eve.alert.former_category", - "suricata.eve.alert.mitre_tool_id", - "suricata.eve.alert.performance_impact", - "suricata.eve.alert.signature_severity", - "suricata.eve.alert.tag", - "suricata.eve.ssh.client.proto_version", - "suricata.eve.ssh.client.software_version", - "suricata.eve.ssh.server.proto_version", - "suricata.eve.ssh.server.software_version", - "suricata.eve.tls.issuerdn", - "suricata.eve.tls.sni", - "suricata.eve.tls.version", - "suricata.eve.tls.fingerprint", - "suricata.eve.tls.serial", - "suricata.eve.tls.subject", - "suricata.eve.app_proto_ts", - "suricata.eve.flow.state", - "suricata.eve.flow.reason", - "suricata.eve.app_proto_tc", - "suricata.eve.smtp.rcpt_to", - "suricata.eve.smtp.mail_from", - "suricata.eve.smtp.helo", - "suricata.eve.app_proto_expected", - "system.auth.ssh.method", - "system.auth.ssh.signature", - "system.auth.ssh.event", - "system.auth.sudo.error", - "system.auth.sudo.tty", - "system.auth.sudo.pwd", - "system.auth.sudo.user", - "system.auth.sudo.command", - "system.auth.useradd.home", - "system.auth.useradd.shell", - "traefik.access.user_identifier", - "traefik.access.frontend_name", - "traefik.access.backend_url", - "zeek.session_id", - "zeek.capture_loss.peer", - "zeek.dns.trans_id", - "zeek.dns.query", - "zeek.dns.qclass_name", - "zeek.dns.qtype_name", - "zeek.dns.rcode_name", - "zeek.dns.answers", - "zeek.files.fuid", - "zeek.files.session_ids", - "zeek.files.source", - "zeek.files.analyzers", - "zeek.files.mime_type", - "zeek.files.filename", - "zeek.files.parent_fuid", - "zeek.files.md5", - "zeek.files.sha1", - "zeek.files.sha256", - "zeek.files.extracted", - "zeek.http.status_msg", - "zeek.http.info_msg", - "zeek.http.tags", - "zeek.http.password", - "zeek.http.proxied", - "zeek.http.client_header_names", - "zeek.http.server_header_names", - "zeek.http.orig_fuids", - "zeek.http.orig_mime_types", - "zeek.http.orig_filenames", - "zeek.http.resp_fuids", - "zeek.http.resp_mime_types", - "zeek.http.resp_filenames", - "zeek.notice.connection_id", - "zeek.notice.icmp_id", - "zeek.notice.file.id", - "zeek.notice.file.parent_id", - "zeek.notice.file.source", - "zeek.notice.file.mime_type", - "zeek.notice.fuid", - "zeek.notice.note", - "zeek.notice.msg", - "zeek.notice.sub", - "zeek.notice.peer_name", - "zeek.notice.peer_descr", - "zeek.notice.actions", - "zeek.notice.email_body_sections", - "zeek.notice.email_delay_tokens", - "zeek.notice.identifier", - "zookeeper.audit.session", - "zookeeper.audit.znode", - "zookeeper.audit.znode_type", - "zookeeper.audit.acl", - "zookeeper.audit.result", - "zookeeper.audit.user", - "fields.*" - ] - }, + "index.mapping.total_fields.limit": "1500", +{%- if INDEX_SORTING is sameas true %} + "index.sort.field": "@timestamp", + "index.sort.order": "desc", +{%- endif %} "analysis": { "analyzer": { "es_security_analyzer": { @@ -1038,15 +69,6 @@ } } }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - }, { "port": { "path_match": "*.port", @@ -1080,97 +102,7 @@ } } } - }, - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "*", - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "*", - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "*", - "path_match": "kubernetes.selectors.*" - } - }, - { - "docker.attrs": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.attrs.*" - } - }, - { - "azure.activitylogs.identity.claims.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "*", - "path_match": "azure.activitylogs.identity.claims.*" - } - }, - { - "kibana.log.meta": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "kibana.log.meta.*" - } - }], + }], "properties":{ "@timestamp":{ "type":"date" @@ -1178,8 +110,12 @@ "@version":{ "type":"keyword" }, + "osquery":{ + "type":"object", + "dynamic":true + }, "geoip":{ - "dynamic":false, + "dynamic":true, "properties":{ "ip":{ "type":"ip" @@ -1196,7 +132,7 @@ } }, "destination_geo":{ - "dynamic":false, + "dynamic":true, "properties":{ "ip":{ "type":"ip" @@ -1213,7 +149,7 @@ } }, "source_geo":{ - "dynamic":false, + "dynamic":true, "properties":{ "ip":{ "type":"ip" @@ -1229,6882 +165,85 @@ } } }, - "activemq": { - "properties": { - "caller": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "stack_trace": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "thread": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } + "agent":{ + "type":"object", + "dynamic": true }, - "agent": { - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - - "type": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - } - } + "as":{ + "type":"object", + "dynamic": true }, "alert":{ - "type":"object", - "dynamic": true + "type":"object", + "dynamic": true }, - "apache": { - "properties": { - "access": { - "properties": { - "ssl": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "error": { - "properties": { - "module": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "client":{ + "type":"object", + "dynamic": true }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "cloud":{ + "type":"object", + "dynamic": true }, - "auditd": { - "properties": { - "log": { - "properties": { - "a0": { - "ignore_above": 1024, - "type": "keyword" - }, - "addr": { - "type": "ip" - }, - "item": { - "ignore_above": 1024, - "type": "keyword" - }, - "items": { - "ignore_above": 1024, - "type": "keyword" - }, - "laddr": { - "type": "ip" - }, - "lport": { - "type": "long" - }, - "new_auid": { - "ignore_above": 1024, - "type": "keyword" - }, - "new_ses": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_auid": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_ses": { - "ignore_above": 1024, - "type": "keyword" - }, - "rport": { - "type": "long" - }, - "sequence": { - "type": "long" - }, - "tty": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "aws": { - "properties": { - "cloudtrail": { - "properties": { - "additional_eventdata": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "console_login": { - "properties": { - "additional_eventdata": { - "properties": { - "login_to": { - "ignore_above": 1024, - "type": "keyword" - }, - "mfa_used": { - "type": "boolean" - }, - "mobile_version": { - "type": "boolean" - } - } - } - } - }, - "digest": { - "properties": { - "end_time": { - "type": "date" - }, - "log_files": { - "type": "nested" - }, - "newest_event_time": { - "type": "date" - }, - "oldest_event_time": { - "type": "date" - }, - "previous_hash_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "previous_s3_bucket": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_fingerprint": { - "ignore_above": 1024, - "type": "keyword" - }, - "s3_bucket": { - "ignore_above": 1024, - "type": "keyword" - }, - "s3_object": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "start_time": { - "type": "date" - } - } - }, - "error_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "error_message": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "flattened": { - "properties": { - "additional_eventdata": { - "type": "flattened" - }, - "request_parameters": { - "type": "flattened" - }, - "response_elements": { - "type": "flattened" - }, - "service_event_details": { - "type": "flattened" - } - } - }, - "insight_details": { - "type": "flattened" - }, - "management_event": { - "ignore_above": 1024, - "type": "keyword" - }, - "read_only": { - "ignore_above": 1024, - "type": "keyword" - }, - "recipient_account_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_parameters": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "resources": { - "properties": { - "account_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "arn": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response_elements": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "service_event_details": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "shared_event_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_identity": { - "properties": { - "access_key_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "arn": { - "ignore_above": 1024, - "type": "keyword" - }, - "invoked_by": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_context": { - "properties": { - "creation_date": { - "type": "date" - }, - "mfa_authenticated": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_issuer": { - "properties": { - "account_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "arn": { - "ignore_above": 1024, - "type": "keyword" - }, - "principal_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vpc_endpoint_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cloudwatch": { - "properties": { - "message": { - "norms": false, - "type": "text" - } - } - }, - "ec2": { - "properties": { - "ip_address": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "elb": { - "properties": { - "action_executed": { - "ignore_above": 1024, - "type": "keyword" - }, - "backend": { - "properties": { - "http": { - "properties": { - "response": { - "properties": { - "status_code": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "ip": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "backend_processing_time": { - "properties": { - "sec": { - "type": "float" - } - } - }, - "chosen_cert": { - "properties": { - "arn": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_time": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "error": { - "properties": { - "reason": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "incoming_tls_alert": { - "ignore_above": 1024, - "type": "keyword" - }, - "listener": { - "ignore_above": 1024, - "type": "keyword" - }, - "matched_rule_priority": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "redirect_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_processing_time": { - "properties": { - "sec": { - "type": "float" - } - } - }, - "response_processing_time": { - "properties": { - "sec": { - "type": "float" - } - } - }, - "ssl_cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssl_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_group": { - "properties": { - "arn": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "target_port": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_status_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "tls_handshake_time": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "tls_named_group": { - "ignore_above": 1024, - "type": "keyword" - }, - "trace_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "s3access": { - "properties": { - "authentication_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "bucket": { - "ignore_above": 1024, - "type": "keyword" - }, - "bucket_owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes_sent": { - "type": "long" - }, - "cipher_suite": { - "ignore_above": 1024, - "type": "keyword" - }, - "error_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_header": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_status": { - "type": "long" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "object_size": { - "type": "long" - }, - "operation": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "remote_ip": { - "type": "ip" - }, - "request_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_uri": { - "ignore_above": 1024, - "type": "keyword" - }, - "requester": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "tls_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "total_time": { - "type": "long" - }, - "turn_around_time": { - "type": "long" - }, - "user_agent": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vpcflow": { - "properties": { - "account_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "instance_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "interface_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "pkt_dstaddr": { - "type": "ip" - }, - "pkt_srcaddr": { - "type": "ip" - }, - "subnet_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_flags_array": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "vpc_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "aws-cloudwatch": { - "properties": { - "ingestion_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_group": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_stream": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "azure": { - "properties": { - "activitylogs": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "identity": { - "properties": { - "authorization": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "evidence": { - "properties": { - "principal_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "principal_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - }, - "role_assignment_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "role_assignment_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "role_definition_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scope": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "claims": { - "properties": { - "*": { - "type": "object" - } - } - }, - "claims_initiated_by_user": { - "properties": { - "fullname": { - "ignore_above": 1024, - "type": "keyword" - }, - "givenname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "schema": { - "ignore_above": 1024, - "type": "keyword" - }, - "surname": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "operation_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "properties": { - "type": "flattened" - }, - "result_signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "result_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "auditlogs": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "identity": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "properties": { - "properties": { - "activity_datetime": { - "type": "date" - }, - "activity_display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "correlation_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "initiated_by": { - "properties": { - "app": { - "properties": { - "appId": { - "ignore_above": 1024, - "type": "keyword" - }, - "displayName": { - "ignore_above": 1024, - "type": "keyword" - }, - "servicePrincipalId": { - "ignore_above": 1024, - "type": "keyword" - }, - "servicePrincipalName": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "displayName": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ipAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "userPrincipalName": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "logged_by_service": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "result_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_resources": { - "properties": { - "*": { - "properties": { - "display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "modified_properties": { - "properties": { - "*": { - "properties": { - "display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "new_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_value": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_principal_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "result_signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "tenant_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "consumer_group": { - "ignore_above": 1024, - "type": "keyword" - }, - "correlation_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "enqueued_time": { - "type": "date" - }, - "eventhub": { - "ignore_above": 1024, - "type": "keyword" - }, - "offset": { - "type": "long" - }, - "partition_id": { - "type": "long" - }, - "platformlogs": { - "properties": { - "ActivityId": { - "ignore_above": 1024, - "type": "keyword" - }, - "Caller": { - "ignore_above": 1024, - "type": "keyword" - }, - "Cloud": { - "ignore_above": 1024, - "type": "keyword" - }, - "Environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "EventTimeString": { - "ignore_above": 1024, - "type": "keyword" - }, - "ScaleUnit": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "ccpNamespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "properties": { - "type": "flattened" - }, - "result_signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "result_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resource": { - "properties": { - "authorization_rule": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sequence_number": { - "type": "long" - }, - "signinlogs": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "identity": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "properties": { - "properties": { - "app_display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "authentication_processing_details": { - "type": "flattened" - }, - "authentication_requirement": { - "ignore_above": 1024, - "type": "keyword" - }, - "authentication_requirement_policies": { - "ignore_above": 1024, - "type": "keyword" - }, - "autonomous_system_number": { - "type": "long" - }, - "client_app_used": { - "ignore_above": 1024, - "type": "keyword" - }, - "conditional_access_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "correlation_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "cross_tenant_access_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_detail": { - "properties": { - "browser": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "operating_system": { - "ignore_above": 1024, - "type": "keyword" - }, - "trust_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "flagged_for_review": { - "type": "boolean" - }, - "home_tenant_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_interactive": { - "type": "boolean" - }, - "is_tenant_restricted": { - "type": "boolean" - }, - "original_request_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "processing_time_ms": { - "type": "float" - }, - "resource_display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource_tenant_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_detail": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_event_types": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_event_types_v2": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_level_aggregated": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_level_during_signin": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "service_principal_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "service_principal_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sso_extension_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "properties": { - "error_code": { - "type": "long" - } - } - }, - "token_issuer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "token_issuer_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_principal_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "result_description": { - "ignore_above": 1024, - "type": "keyword" - }, - "result_signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "result_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "tenant_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "subscription_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "tenant_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "barracuda":{ - "type":"object", - "dynamic": true - }, - "bluecoat":{ - "type":"object", - "dynamic": true - }, - "bucket": { - "properties": { - "arn": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cef": { - "properties": { - "device": { - "properties": { - "event_class_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "extensions": { - "properties": { - "Reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentAddress": { - "type": "ip" - }, - "agentDnsDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentHostName": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentId": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentMacAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentNtDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentReceiptTime": { - "type": "date" - }, - "agentTimeZone": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentTranslatedAddress": { - "type": "ip" - }, - "agentTranslatedZoneExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentTranslatedZoneURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentType": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentVersion": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentZoneExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "agentZoneURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "applicationProtocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "baseEventCount": { - "type": "long" - }, - "bytesIn": { - "type": "long" - }, - "bytesOut": { - "type": "long" - }, - "categoryBehavior": { - "ignore_above": 1024, - "type": "keyword" - }, - "categoryDeviceGroup": { - "ignore_above": 1024, - "type": "keyword" - }, - "categoryDeviceType": { - "ignore_above": 1024, - "type": "keyword" - }, - "categoryObject": { - "ignore_above": 1024, - "type": "keyword" - }, - "categoryOutcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "categorySignificance": { - "ignore_above": 1024, - "type": "keyword" - }, - "categoryTechnique": { - "ignore_above": 1024, - "type": "keyword" - }, - "cp_app_risk": { - "ignore_above": 1024, - "type": "keyword" - }, - "cp_severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "customerExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "customerURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationAddress": { - "type": "ip" - }, - "destinationDnsDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationGeoLatitude": { - "type": "double" - }, - "destinationGeoLongitude": { - "type": "double" - }, - "destinationHostName": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationMacAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationNtDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationPort": { - "type": "long" - }, - "destinationProcessId": { - "type": "long" - }, - "destinationProcessName": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationServiceName": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationTranslatedAddress": { - "type": "ip" - }, - "destinationTranslatedPort": { - "type": "long" - }, - "destinationTranslatedZoneExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationTranslatedZoneURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationUserId": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationUserName": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationUserPrivileges": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationZoneExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "destinationZoneURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceAction": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceAddress": { - "type": "ip" - }, - "deviceCustomDate1": { - "type": "date" - }, - "deviceCustomDate1Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomDate2": { - "type": "date" - }, - "deviceCustomDate2Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomFloatingPoint1": { - "type": "double" - }, - "deviceCustomFloatingPoint1Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomFloatingPoint2": { - "type": "double" - }, - "deviceCustomFloatingPoint2Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomFloatingPoint3": { - "type": "double" - }, - "deviceCustomFloatingPoint3Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomFloatingPoint4": { - "type": "double" - }, - "deviceCustomFloatingPoint4Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomIPv6Address1": { - "type": "ip" - }, - "deviceCustomIPv6Address1Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomIPv6Address2": { - "type": "ip" - }, - "deviceCustomIPv6Address2Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomIPv6Address3": { - "type": "ip" - }, - "deviceCustomIPv6Address3Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomIPv6Address4": { - "type": "ip" - }, - "deviceCustomIPv6Address4Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomNumber1": { - "type": "long" - }, - "deviceCustomNumber1Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomNumber2": { - "type": "long" - }, - "deviceCustomNumber2Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomNumber3": { - "type": "long" - }, - "deviceCustomNumber3Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString1": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString1Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString2": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString2Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString3": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString3Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString4": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString4Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString5": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString5Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString6": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceCustomString6Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceDirection": { - "type": "long" - }, - "deviceDnsDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceEventCategory": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceExternalId": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceFacility": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceFlexNumber1": { - "type": "long" - }, - "deviceFlexNumber1Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceFlexNumber2": { - "type": "long" - }, - "deviceFlexNumber2Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceHostName": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceInboundInterface": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceMacAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceNtDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceOutboundInterface": { - "ignore_above": 1024, - "type": "keyword" - }, - "devicePayloadId": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceProcessId": { - "type": "long" - }, - "deviceProcessName": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceReceiptTime": { - "type": "date" - }, - "deviceTimeZone": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceTranslatedAddress": { - "type": "ip" - }, - "deviceTranslatedZoneExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceTranslatedZoneURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceZoneExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceZoneURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "endTime": { - "type": "date" - }, - "eventId": { - "type": "long" - }, - "eventOutcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "externalId": { - "ignore_above": 1024, - "type": "keyword" - }, - "fileCreateTime": { - "type": "date" - }, - "fileHash": { - "ignore_above": 1024, - "type": "keyword" - }, - "fileId": { - "ignore_above": 1024, - "type": "keyword" - }, - "fileModificationTime": { - "type": "date" - }, - "filePath": { - "ignore_above": 1024, - "type": "keyword" - }, - "filePermission": { - "ignore_above": 1024, - "type": "keyword" - }, - "fileSize": { - "type": "long" - }, - "fileType": { - "ignore_above": 1024, - "type": "keyword" - }, - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "flexDate1": { - "type": "date" - }, - "flexDate1Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "flexString1": { - "ignore_above": 1024, - "type": "keyword" - }, - "flexString1Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "flexString2": { - "ignore_above": 1024, - "type": "keyword" - }, - "flexString2Label": { - "ignore_above": 1024, - "type": "keyword" - }, - "ifname": { - "ignore_above": 1024, - "type": "keyword" - }, - "inzone": { - "ignore_above": 1024, - "type": "keyword" - }, - "layer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "layer_uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "logid": { - "ignore_above": 1024, - "type": "keyword" - }, - "loguid": { - "ignore_above": 1024, - "type": "keyword" - }, - "managerReceiptTime": { - "type": "date" - }, - "match_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat_addtnl_rulenum": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat_rulenum": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldFileCreateTime": { - "type": "date" - }, - "oldFileHash": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldFileId": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldFileModificationTime": { - "type": "date" - }, - "oldFileName": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldFilePath": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldFilePermission": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldFileSize": { - "type": "long" - }, - "oldFileType": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "ignore_above": 1024, - "type": "keyword" - }, - "originsicname": { - "ignore_above": 1024, - "type": "keyword" - }, - "outzone": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_rule": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "rawEvent": { - "ignore_above": 1024, - "type": "keyword" - }, - "requestClientApplication": { - "ignore_above": 1024, - "type": "keyword" - }, - "requestContext": { - "ignore_above": 1024, - "type": "keyword" - }, - "requestCookies": { - "ignore_above": 1024, - "type": "keyword" - }, - "requestMethod": { - "ignore_above": 1024, - "type": "keyword" - }, - "requestUrl": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_action": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequencenum": { - "ignore_above": 1024, - "type": "keyword" - }, - "service_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceAddress": { - "type": "ip" - }, - "sourceDnsDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceGeoLatitude": { - "type": "double" - }, - "sourceGeoLongitude": { - "type": "double" - }, - "sourceHostName": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceMacAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceNtDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourcePort": { - "type": "long" - }, - "sourceProcessId": { - "type": "long" - }, - "sourceProcessName": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceServiceName": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceTranslatedAddress": { - "type": "ip" - }, - "sourceTranslatedPort": { - "type": "long" - }, - "sourceTranslatedZoneExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceTranslatedZoneURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceUserId": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceUserName": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceUserPrivileges": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceZoneExternalID": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceZoneURI": { - "ignore_above": 1024, - "type": "keyword" - }, - "startTime": { - "type": "date" - }, - "transportProtocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "type": "long" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "checkpoint": { - "properties": { - "action_reason": { - "type": "long" - }, - "action_reason_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "additional_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "additional_ip": { - "ignore_above": 1024, - "type": "keyword" - }, - "additional_rdata": { - "ignore_above": 1024, - "type": "keyword" - }, - "alert": { - "ignore_above": 1024, - "type": "keyword" - }, - "allocated_ports": { - "type": "long" - }, - "analyzed_on": { - "ignore_above": 1024, - "type": "keyword" - }, - "answer_rdata": { - "ignore_above": 1024, - "type": "keyword" - }, - "anti_virus_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_id": { - "type": "long" - }, - "app_package": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_properties": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_repackaged": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_risk": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_sid_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_sig_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "appi_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "arrival_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "attachments_num": { - "type": "long" - }, - "attack_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "audit_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "auth_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "authority_rdata": { - "ignore_above": 1024, - "type": "keyword" - }, - "authorization": { - "ignore_above": 1024, - "type": "keyword" - }, - "bcc": { - "ignore_above": 1024, - "type": "keyword" - }, - "blade_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "broker_publisher": { - "type": "ip" - }, - "browse_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "c_bytes": { - "type": "long" - }, - "calc_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "capacity": { - "type": "long" - }, - "capture_uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "cc": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_validation": { - "ignore_above": 1024, - "type": "keyword" - }, - "cgnet": { - "ignore_above": 1024, - "type": "keyword" - }, - "chunk_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_type_os": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "community": { - "ignore_above": 1024, - "type": "keyword" - }, - "confidence_level": { - "type": "long" - }, - "connection_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "connectivity_level": { - "ignore_above": 1024, - "type": "keyword" - }, - "connectivity_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "conns_amount": { - "type": "long" - }, - "content_disposition": { - "ignore_above": 1024, - "type": "keyword" - }, - "content_length": { - "ignore_above": 1024, - "type": "keyword" - }, - "content_risk": { - "type": "long" - }, - "content_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_num": { - "type": "long" - }, - "cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "cookieI": { - "ignore_above": 1024, - "type": "keyword" - }, - "cookieR": { - "ignore_above": 1024, - "type": "keyword" - }, - "cp_message": { - "type": "long" - }, - "cvpn_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "cvpn_resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "data_type_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dce-rpc_interface_uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "delivery_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_object": { - "ignore_above": 1024, - "type": "keyword" - }, - "detected_on": { - "ignore_above": 1024, - "type": "keyword" - }, - "developer_certificate_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "diameter_app_ID": { - "type": "long" - }, - "diameter_cmd_code": { - "type": "long" - }, - "diameter_msg_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_action_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_additional_action": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_categories": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_data_type_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_data_type_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_fingerprint_files_number": { - "type": "long" - }, - "dlp_fingerprint_long_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_fingerprint_short_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_incident_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_recipients": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_related_incident_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_relevant_data_types": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_repository_directories_number": { - "type": "long" - }, - "dlp_repository_files_number": { - "type": "long" - }, - "dlp_repository_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_repository_not_scanned_directories_percentage": { - "type": "long" - }, - "dlp_repository_reached_directories_number": { - "type": "long" - }, - "dlp_repository_root_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_repository_scan_progress": { - "type": "long" - }, - "dlp_repository_scanned_directories_number": { - "type": "long" - }, - "dlp_repository_scanned_files_number": { - "type": "long" - }, - "dlp_repository_scanned_total_size": { - "type": "long" - }, - "dlp_repository_skipped_files_number": { - "type": "long" - }, - "dlp_repository_total_size": { - "type": "long" - }, - "dlp_repository_unreachable_directories_number": { - "type": "long" - }, - "dlp_rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_template_score": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_transint": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_violation_description": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_watermark_profile": { - "ignore_above": 1024, - "type": "keyword" - }, - "dlp_word_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns_query": { - "ignore_above": 1024, - "type": "keyword" - }, - "drop_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "dropped_file_hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "dropped_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dropped_file_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dropped_file_verdict": { - "ignore_above": 1024, - "type": "keyword" - }, - "dropped_incoming": { - "type": "long" - }, - "dropped_outgoing": { - "type": "long" - }, - "dropped_total": { - "type": "long" - }, - "drops_amount": { - "type": "long" - }, - "dst_country": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_phone_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstkeyid": { - "ignore_above": 1024, - "type": "keyword" - }, - "duplicate": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "ignore_above": 1024, - "type": "keyword" - }, - "elapsed": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_content": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_control": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_control_analysis": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_headers": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_queue_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_queue_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_recipients_num": { - "type": "long" - }, - "email_session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_spam_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_spool_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "emulated_on": { - "ignore_above": 1024, - "type": "keyword" - }, - "encryption_failure": { - "ignore_above": 1024, - "type": "keyword" - }, - "end_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "end_user_firewall_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "esod_access_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "esod_associated_policies": { - "ignore_above": 1024, - "type": "keyword" - }, - "esod_noncompliance_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "esod_rule_action": { - "ignore_above": 1024, - "type": "keyword" - }, - "esod_rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "esod_rule_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "esod_scan_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_count": { - "type": "long" - }, - "expire_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "extracted_file_hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "extracted_file_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "extracted_file_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "extracted_file_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "extracted_file_verdict": { - "ignore_above": 1024, - "type": "keyword" - }, - "failure_impact": { - "ignore_above": 1024, - "type": "keyword" - }, - "failure_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "files_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "first_hit_time": { - "type": "long" - }, - "frequency": { - "ignore_above": 1024, - "type": "keyword" - }, - "fs-proto": { - "ignore_above": 1024, - "type": "keyword" - }, - "ftp_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "fw_message": { - "ignore_above": 1024, - "type": "keyword" - }, - "fw_subproduct": { - "ignore_above": 1024, - "type": "keyword" - }, - "hide_ip": { - "type": "ip" - }, - "hit": { - "type": "long" - }, - "host_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_location": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_server": { - "ignore_above": 1024, - "type": "keyword" - }, - "https_inspection_action": { - "ignore_above": 1024, - "type": "keyword" - }, - "https_inspection_rule_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "https_inspection_rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "https_validation": { - "ignore_above": 1024, - "type": "keyword" - }, - "icap_more_info": { - "type": "long" - }, - "icap_server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "icap_server_service": { - "ignore_above": 1024, - "type": "keyword" - }, - "icap_service_id": { - "type": "long" - }, - "icmp": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_code": { - "type": "long" - }, - "icmp_type": { - "type": "long" - }, - "id": { - "type": "long" - }, - "identity_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "ike": { - "ignore_above": 1024, - "type": "keyword" - }, - "ike_ids": { - "ignore_above": 1024, - "type": "keyword" - }, - "impacted_files": { - "ignore_above": 1024, - "type": "keyword" - }, - "incident_extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicator_description": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicator_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicator_reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicator_uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "info": { - "ignore_above": 1024, - "type": "keyword" - }, - "information": { - "ignore_above": 1024, - "type": "keyword" - }, - "inspection_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "inspection_item": { - "ignore_above": 1024, - "type": "keyword" - }, - "inspection_profile": { - "ignore_above": 1024, - "type": "keyword" - }, - "inspection_settings_log": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed_products": { - "ignore_above": 1024, - "type": "keyword" - }, - "int_end": { - "type": "long" - }, - "int_start": { - "type": "long" - }, - "integrity_av_invoke_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "interface_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "internal_error": { - "ignore_above": 1024, - "type": "keyword" - }, - "invalid_file_size": { - "type": "long" - }, - "ip_option": { - "type": "long" - }, - "isp_link": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_hit_time": { - "type": "long" - }, - "last_rematch_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "layer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "layer_uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "limit_applied": { - "type": "long" - }, - "limit_requested": { - "type": "long" - }, - "link_probing_status_update": { - "ignore_above": 1024, - "type": "keyword" - }, - "links_num": { - "type": "long" - }, - "log_delay": { - "type": "long" - }, - "log_id": { - "type": "long" - }, - "logid": { - "ignore_above": 1024, - "type": "keyword" - }, - "long_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "machine": { - "ignore_above": 1024, - "type": "keyword" - }, - "malware_family": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_fk": { - "type": "long" - }, - "match_id": { - "type": "long" - }, - "matched_file": { - "ignore_above": 1024, - "type": "keyword" - }, - "matched_file_percentage": { - "type": "long" - }, - "matched_file_text_segments": { - "type": "long" - }, - "media_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "message_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "message_size": { - "type": "long" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "methods": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_from": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_to": { - "ignore_above": 1024, - "type": "keyword" - }, - "mirror_and_decrypt_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_collection": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_command_and_control": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_credential_access": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_defense_evasion": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_discovery": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_execution": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_exfiltration": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_impact": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_initial_access": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_lateral_movement": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_persistence": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_privilege_escalation": { - "ignore_above": 1024, - "type": "keyword" - }, - "monitor_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "msgid": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat46": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat_addtnl_rulenum": { - "type": "long" - }, - "nat_exhausted_pool": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat_rulenum": { - "type": "long" - }, - "needs_browse_time": { - "type": "long" - }, - "next_hop_ip": { - "ignore_above": 1024, - "type": "keyword" - }, - "next_scheduled_scan_date": { - "ignore_above": 1024, - "type": "keyword" - }, - "number_of_errors": { - "type": "long" - }, - "objecttable": { - "ignore_above": 1024, - "type": "keyword" - }, - "objecttype": { - "ignore_above": 1024, - "type": "keyword" - }, - "observable_comment": { - "ignore_above": 1024, - "type": "keyword" - }, - "observable_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "observable_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin_sic_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_queue_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "outgoing_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "packet_amount": { - "type": "long" - }, - "packet_capture_unique_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_file_hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_file_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_process_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_rule": { - "type": "long" - }, - "peer_gateway": { - "type": "ip" - }, - "peer_ip": { - "ignore_above": 1024, - "type": "keyword" - }, - "peer_ip_probing_status_update": { - "ignore_above": 1024, - "type": "keyword" - }, - "performance_impact": { - "type": "long" - }, - "policy_mgmt": { - "ignore_above": 1024, - "type": "keyword" - }, - "policy_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ports_usage": { - "type": "long" - }, - "ppp": { - "ignore_above": 1024, - "type": "keyword" - }, - "precise_error": { - "ignore_above": 1024, - "type": "keyword" - }, - "process_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "properties": { - "ignore_above": 1024, - "type": "keyword" - }, - "protection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "protection_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "protection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "proxy_machine_name": { - "type": "long" - }, - "proxy_src_ip": { - "type": "ip" - }, - "proxy_user_dn": { - "ignore_above": 1024, - "type": "keyword" - }, - "proxy_user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "question_rdata": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer_parent_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer_self_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_ip-phones": { - "ignore_above": 1024, - "type": "keyword" - }, - "reject_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "reject_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "rematch_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "remediated_files": { - "ignore_above": 1024, - "type": "keyword" - }, - "reply_status": { - "type": "long" - }, - "risk": { - "ignore_above": 1024, - "type": "keyword" - }, - "rpc_prog": { - "type": "long" - }, - "rule": { - "type": "long" - }, - "rule_action": { - "ignore_above": 1024, - "type": "keyword" - }, - "rulebase_id": { - "type": "long" - }, - "scan_direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "scan_hosts_day": { - "type": "long" - }, - "scan_hosts_hour": { - "type": "long" - }, - "scan_hosts_week": { - "type": "long" - }, - "scan_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scan_mail": { - "type": "long" - }, - "scan_result": { - "ignore_above": 1024, - "type": "keyword" - }, - "scan_results": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "scrub_activity": { - "ignore_above": 1024, - "type": "keyword" - }, - "scrub_download_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "scrub_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "scrub_total_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "scrubbed_content": { - "ignore_above": 1024, - "type": "keyword" - }, - "sctp_association_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "sctp_error": { - "ignore_above": 1024, - "type": "keyword" - }, - "scv_message_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "scv_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "securexl_message": { - "ignore_above": 1024, - "type": "keyword" - }, - "sensor_mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "short_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "sig_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "similar_communication": { - "ignore_above": 1024, - "type": "keyword" - }, - "similar_hashes": { - "ignore_above": 1024, - "type": "keyword" - }, - "similar_strings": { - "ignore_above": 1024, - "type": "keyword" - }, - "similiar_iocs": { - "ignore_above": 1024, - "type": "keyword" - }, - "sip_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "site_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_object": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_os": { - "ignore_above": 1024, - "type": "keyword" - }, - "special_properties": { - "type": "long" - }, - "specific_data_type_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "speed": { - "type": "long" - }, - "spyware_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "spyware_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "spyware_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_country": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_phone_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_user_dn": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "srckeyid": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_update": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_policy_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_policy_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "subs_exp": { - "type": "date" - }, - "subscriber": { - "type": "ip" - }, - "summary": { - "ignore_above": 1024, - "type": "keyword" - }, - "suppressed_logs": { - "type": "long" - }, - "sync": { - "ignore_above": 1024, - "type": "keyword" - }, - "sys_message": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_end_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_packet_out_of_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "te_verdict_determined_by": { - "ignore_above": 1024, - "type": "keyword" - }, - "termination_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "ticket_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "tls_server_host_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_archive_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "total_attachments": { - "type": "long" - }, - "triggered_by": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "unique_detected_day": { - "type": "long" - }, - "unique_detected_hour": { - "type": "long" - }, - "unique_detected_week": { - "type": "long" - }, - "update_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_agent": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "verdict": { - "ignore_above": 1024, - "type": "keyword" - }, - "via": { - "ignore_above": 1024, - "type": "keyword" - }, - "virus_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_attach_action_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_attach_sz": { - "type": "long" - }, - "voip_call_dir": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_call_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_call_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_call_term_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_config": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_duration": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_est_codec": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_exp": { - "type": "long" - }, - "voip_from_user_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_log_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_media_codec": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_media_ipp": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_media_port": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_reason_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_reg_int": { - "type": "long" - }, - "voip_reg_ipp": { - "type": "long" - }, - "voip_reg_period": { - "type": "long" - }, - "voip_reg_server": { - "type": "ip" - }, - "voip_reg_user_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_reject_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "voip_to_user_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vpn_feature_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "watermark": { - "ignore_above": 1024, - "type": "keyword" - }, - "web_server_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "word_list": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cisco": { - "properties": { - "amp": { - "properties": { - "bp_data": { - "type": "flattened" - }, - "cloud_ioc": { - "properties": { - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "short_description": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "command_line": { - "properties": { - "arguments": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "computer": { - "properties": { - "active": { - "type": "boolean" - }, - "connector_guid": { - "ignore_above": 1024, - "type": "keyword" - }, - "external_ip": { - "type": "ip" - }, - "network_addresses": { - "type": "flattened" - } - } - }, - "connector_guid": { - "ignore_above": 1024, - "type": "keyword" - }, - "detection": { - "ignore_above": 1024, - "type": "keyword" - }, - "detection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "error": { - "properties": { - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "error_code": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event_type_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "file": { - "properties": { - "archived_file": { - "properties": { - "disposition": { - "ignore_above": 1024, - "type": "keyword" - }, - "identity": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "attack_details": { - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "attacked_module": { - "ignore_above": 1024, - "type": "keyword" - }, - "base_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicators": { - "type": "flattened" - }, - "suspicious_files": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "disposition": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "disposition": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "group_guids": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_tactics": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_techniques": { - "ignore_above": 1024, - "type": "keyword" - }, - "network_info": { - "properties": { - "disposition": { - "ignore_above": 1024, - "type": "keyword" - }, - "nfm": { - "properties": { - "direction": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "parent": { - "properties": { - "disposition": { - "ignore_above": 1024, - "type": "keyword" - }, - "identify": { - "properties": { - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "identity": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "related": { - "properties": { - "cve": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scan": { - "properties": { - "clean": { - "type": "boolean" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "malicious_detections": { - "type": "long" - }, - "scanned_files": { - "type": "long" - }, - "scanned_paths": { - "type": "long" - }, - "scanned_processes": { - "type": "long" - } - } - }, - "tactics": { - "type": "flattened" - }, - "techniques": { - "type": "flattened" - }, - "threat_hunting": { - "properties": { - "incident_end_time": { - "type": "date" - }, - "incident_hunt_guid": { - "ignore_above": 1024, - "type": "keyword" - }, - "incident_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "incident_remediation": { - "ignore_above": 1024, - "type": "keyword" - }, - "incident_report_guid": { - "ignore_above": 1024, - "type": "keyword" - }, - "incident_start_time": { - "type": "date" - }, - "incident_summary": { - "ignore_above": 1024, - "type": "keyword" - }, - "incident_title": { - "ignore_above": 1024, - "type": "keyword" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "tactics": { - "type": "flattened" - }, - "techniques": { - "type": "flattened" - } - } - }, - "timestamp_nanoseconds": { - "type": "date" - }, - "vulnerabilities": { - "type": "flattened" - } - } - }, - "asa": { - "properties": { - "assigned_ip": { - "type": "ip" - }, - "burst": { - "properties": { - "avg_rate": { - "ignore_above": 1024, - "type": "keyword" - }, - "configured_avg_rate": { - "ignore_above": 1024, - "type": "keyword" - }, - "configured_rate": { - "ignore_above": 1024, - "type": "keyword" - }, - "cumulative_count": { - "ignore_above": 1024, - "type": "keyword" - }, - "current_rate": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "object": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "command_line_arguments": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dap_records": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_code": { - "type": "short" - }, - "icmp_type": { - "type": "short" - }, - "mapped_destination_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "mapped_destination_ip": { - "type": "ip" - }, - "mapped_destination_port": { - "type": "long" - }, - "mapped_source_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "mapped_source_ip": { - "type": "ip" - }, - "mapped_source_port": { - "type": "long" - }, - "message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "privilege": { - "properties": { - "new": { - "ignore_above": 1024, - "type": "keyword" - }, - "old": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "suffix": { - "ignore_above": 1024, - "type": "keyword" - }, - "termination_initiator": { - "ignore_above": 1024, - "type": "keyword" - }, - "termination_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_level": { - "ignore_above": 1024, - "type": "keyword" - }, - "tunnel_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "webvpn": { - "properties": { - "group_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "ftd": { - "properties": { - "connection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dap_records": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_code": { - "type": "short" - }, - "icmp_type": { - "type": "short" - }, - "mapped_destination_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "mapped_destination_ip": { - "type": "ip" - }, - "mapped_destination_port": { - "type": "long" - }, - "mapped_source_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "mapped_source_ip": { - "type": "ip" - }, - "mapped_source_port": { - "type": "long" - }, - "message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "security": { - "type": "object" - }, - "source_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "suffix": { - "ignore_above": 1024, - "type": "keyword" - }, - "termination_initiator": { - "ignore_above": 1024, - "type": "keyword" - }, - "termination_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_level": { - "ignore_above": 1024, - "type": "keyword" - }, - "webvpn": { - "properties": { - "group_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "ios": { - "properties": { - "access_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "facility": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "umbrella": { - "properties": { - "amp_disposition": { - "ignore_above": 1024, - "type": "keyword" - }, - "amp_malware_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "amp_score": { - "ignore_above": 1024, - "type": "keyword" - }, - "av_detections": { - "ignore_above": 1024, - "type": "keyword" - }, - "blocked_categories": { - "ignore_above": 1024, - "type": "keyword" - }, - "categories": { - "ignore_above": 1024, - "type": "keyword" - }, - "content_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "datacenter": { - "ignore_above": 1024, - "type": "keyword" - }, - "identities": { - "ignore_above": 1024, - "type": "keyword" - }, - "identity_types": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "policy_identity_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "puas": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha_sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "client": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } + "code_signature":{ + "type":"object", + "dynamic": true }, "connection":{ - "type":"object", - "dynamic": true - }, - "container": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } + "type":"object", + "dynamic": true }, - "coredns": { - "properties": { - "dnssec_ok": { - "type": "boolean" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - } - } - } - } - }, - "crowdstrike": { - "properties": { - "event": { - "properties": { - "AuditKeyValues": { - "type": "nested" - }, - "CommandLine": { - "ignore_above": 1024, - "type": "keyword" - }, - "Commands": { - "ignore_above": 1024, - "type": "keyword" - }, - "ComputerName": { - "ignore_above": 1024, - "type": "keyword" - }, - "ConnectionDirection": { - "ignore_above": 1024, - "type": "keyword" - }, - "CustomerId": { - "ignore_above": 1024, - "type": "keyword" - }, - "DetectDescription": { - "ignore_above": 1024, - "type": "keyword" - }, - "DetectId": { - "ignore_above": 1024, - "type": "keyword" - }, - "DetectName": { - "ignore_above": 1024, - "type": "keyword" - }, - "DeviceId": { - "ignore_above": 1024, - "type": "keyword" - }, - "EndTimestamp": { - "type": "date" - }, - "EventType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ExecutablesWritten": { - "type": "nested" - }, - "FalconHostLink": { - "ignore_above": 1024, - "type": "keyword" - }, - "FileName": { - "ignore_above": 1024, - "type": "keyword" - }, - "FilePath": { - "ignore_above": 1024, - "type": "keyword" - }, - "FineScore": { - "type": "float" - }, - "Flags": { - "properties": { - "Audit": { - "type": "boolean" - }, - "Log": { - "type": "boolean" - }, - "Monitor": { - "type": "boolean" - } - } - }, - "GrandparentCommandLine": { - "ignore_above": 1024, - "type": "keyword" - }, - "GrandparentImageFileName": { - "ignore_above": 1024, - "type": "keyword" - }, - "HostName": { - "ignore_above": 1024, - "type": "keyword" - }, - "HostnameField": { - "ignore_above": 1024, - "type": "keyword" - }, - "ICMPCode": { - "ignore_above": 1024, - "type": "keyword" - }, - "ICMPType": { - "ignore_above": 1024, - "type": "keyword" - }, - "IOCType": { - "ignore_above": 1024, - "type": "keyword" - }, - "IOCValue": { - "ignore_above": 1024, - "type": "keyword" - }, - "ImageFileName": { - "ignore_above": 1024, - "type": "keyword" - }, - "IncidentEndTime": { - "type": "date" - }, - "IncidentStartTime": { - "type": "date" - }, - "Ipv": { - "ignore_above": 1024, - "type": "keyword" - }, - "LateralMovement": { - "type": "long" - }, - "LocalAddress": { - "type": "ip" - }, - "LocalIP": { - "ignore_above": 1024, - "type": "keyword" - }, - "LocalPort": { - "type": "long" - }, - "MACAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "MD5String": { - "ignore_above": 1024, - "type": "keyword" - }, - "MachineDomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "MatchCount": { - "type": "long" - }, - "MatchCountSinceLastReport": { - "type": "long" - }, - "NetworkProfile": { - "ignore_above": 1024, - "type": "keyword" - }, - "Objective": { - "ignore_above": 1024, - "type": "keyword" - }, - "OperationName": { - "ignore_above": 1024, - "type": "keyword" - }, - "PID": { - "type": "long" - }, - "ParentCommandLine": { - "ignore_above": 1024, - "type": "keyword" - }, - "ParentImageFileName": { - "ignore_above": 1024, - "type": "keyword" - }, - "ParentProcessId": { - "type": "long" - }, - "PatternDispositionDescription": { - "ignore_above": 1024, - "type": "keyword" - }, - "PatternDispositionFlags": { - "type": "object" - }, - "PatternDispositionValue": { - "type": "long" - }, - "PolicyID": { - "ignore_above": 1024, - "type": "keyword" - }, - "PolicyName": { - "ignore_above": 1024, - "type": "keyword" - }, - "ProcessEndTime": { - "type": "date" - }, - "ProcessId": { - "type": "long" - }, - "ProcessStartTime": { - "type": "date" - }, - "Protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "RemoteAddress": { - "type": "ip" - }, - "RemotePort": { - "type": "long" - }, - "RuleAction": { - "ignore_above": 1024, - "type": "keyword" - }, - "RuleDescription": { - "ignore_above": 1024, - "type": "keyword" - }, - "RuleFamilyID": { - "ignore_above": 1024, - "type": "keyword" - }, - "RuleGroupName": { - "ignore_above": 1024, - "type": "keyword" - }, - "RuleId": { - "ignore_above": 1024, - "type": "keyword" - }, - "RuleName": { - "ignore_above": 1024, - "type": "keyword" - }, - "SHA1String": { - "ignore_above": 1024, - "type": "keyword" - }, - "SHA256String": { - "ignore_above": 1024, - "type": "keyword" - }, - "SensorId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ServiceName": { - "ignore_above": 1024, - "type": "keyword" - }, - "SessionId": { - "ignore_above": 1024, - "type": "keyword" - }, - "Severity": { - "type": "long" - }, - "SeverityName": { - "ignore_above": 1024, - "type": "keyword" - }, - "StartTimestamp": { - "type": "date" - }, - "State": { - "ignore_above": 1024, - "type": "keyword" - }, - "Status": { - "ignore_above": 1024, - "type": "keyword" - }, - "Success": { - "type": "boolean" - }, - "Tactic": { - "ignore_above": 1024, - "type": "keyword" - }, - "Technique": { - "ignore_above": 1024, - "type": "keyword" - }, - "Timestamp": { - "type": "date" - }, - "TreeID": { - "ignore_above": 1024, - "type": "keyword" - }, - "UTCTimestamp": { - "type": "date" - }, - "UserId": { - "ignore_above": 1024, - "type": "keyword" - }, - "UserIp": { - "ignore_above": 1024, - "type": "keyword" - }, - "UserName": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "metadata": { - "properties": { - "customerIDString": { - "ignore_above": 1024, - "type": "keyword" - }, - "eventCreationTime": { - "type": "date" - }, - "eventType": { - "ignore_above": 1024, - "type": "keyword" - }, - "offset": { - "type": "long" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cyberarkpas": { - "properties": { - "audit": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "ca_properties": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpm_disabled": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpm_error_details": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpm_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "customer": { - "ignore_above": 1024, - "type": "keyword" - }, - "database": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dual_account_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "group_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "in_process": { - "ignore_above": 1024, - "type": "keyword" - }, - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_fail_date": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_success_change": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_success_reconciliation": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_success_verification": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_task": { - "ignore_above": 1024, - "type": "keyword" - }, - "logon_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "other": { - "type": "flattened" - }, - "policy_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "ignore_above": 1024, - "type": "keyword" - }, - "privcloud": { - "ignore_above": 1024, - "type": "keyword" - }, - "reset_immediately": { - "ignore_above": 1024, - "type": "keyword" - }, - "retries_count": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_dn": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "extra_details": { - "properties": { - "ad_process_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ad_process_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_component_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "logon_account": { - "ignore_above": 1024, - "type": "keyword" - }, - "managed_account": { - "ignore_above": 1024, - "type": "keyword" - }, - "other": { - "type": "flattened" - }, - "process_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "process_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "psmid": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_duration": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "ignore_above": 1024, - "type": "keyword" - }, - "gateway_station": { - "type": "ip" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "iso_timestamp": { - "type": "date" - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "doc_values": false, - "ignore_above": 4096, - "index": false, - "type": "keyword" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "pvwa_details": { - "type": "flattened" - }, - "raw": { - "doc_values": false, - "ignore_above": 4096, - "index": false, - "type": "keyword" - }, - "reason": { - "norms": false, - "type": "text" - }, - "rfc5424": { - "type": "boolean" - }, - "safe": { - "ignore_above": 1024, - "type": "keyword" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "station": { - "type": "ip" - }, - "target_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cylance":{ - "type":"object", - "dynamic": true + "container":{ + "type":"object", + "dynamic": true }, "data":{ - "type":"object", - "dynamic": true - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } + "type":"object", + "dynamic": true }, "dce_rpc":{ "type":"object", "dynamic": true }, - "destination": { - "dynamic": false, - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip":{ - "type":"ip" - }, - "latitude":{ - "type":"half_float" - }, - "longitude":{ - "type":"half_float" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "destination":{ + "type":"object", + "dynamic": true }, "dhcp":{ "type":"object", "dynamic": true }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, "dnp3":{ "type":"object", "dynamic": true }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "attrs": { - "type": "object" - }, - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "elasticsearch": { - "properties": { - "audit": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "indices": { - "ignore_above": 1024, - "type": "keyword" - }, - "invalidate": { - "properties": { - "apikeys": { - "properties": { - "owned_by_authenticated_user": { - "type": "boolean" - } - } - } - } - }, - "layer": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - }, - "origin": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "realm": { - "ignore_above": 1024, - "type": "keyword" - }, - "request": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "properties": { - "params": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "realm": { - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "run_as": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "realm": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "gc": { - "properties": { - "heap": { - "properties": { - "size_kb": { - "type": "long" - }, - "used_kb": { - "type": "long" - } - } - }, - "jvm_runtime_sec": { - "type": "float" - }, - "old_gen": { - "properties": { - "size_kb": { - "type": "long" - }, - "used_kb": { - "type": "long" - } - } - }, - "phase": { - "properties": { - "class_unload_time_sec": { - "type": "float" - }, - "cpu_time": { - "properties": { - "real_sec": { - "type": "float" - }, - "sys_sec": { - "type": "float" - }, - "user_sec": { - "type": "float" - } - } - }, - "duration_sec": { - "type": "float" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "parallel_rescan_time_sec": { - "type": "float" - }, - "scrub_string_table_time_sec": { - "type": "float" - }, - "scrub_symbol_table_time_sec": { - "type": "float" - }, - "weak_refs_processing_time_sec": { - "type": "float" - } - } - }, - "stopping_threads_time_sec": { - "type": "float" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threads_total_stop_time_sec": { - "type": "float" - }, - "young_gen": { - "properties": { - "size_kb": { - "type": "long" - }, - "used_kb": { - "type": "long" - } - } - } - } - }, - "index": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "node": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "gc": { - "properties": { - "collection_duration": { - "properties": { - "ms": { - "type": "float" - } - } - }, - "observation_duration": { - "properties": { - "ms": { - "type": "float" - } - } - }, - "overhead_seq": { - "type": "long" - }, - "young": { - "properties": { - "one": { - "type": "long" - }, - "two": { - "type": "long" - } - } - } - } - }, - "stacktrace": { - "ignore_above": 1024, - "index": false, - "type": "keyword" - } - } - }, - "shard": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "slowlog": { - "properties": { - "extra_source": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "routing": { - "ignore_above": 1024, - "type": "keyword" - }, - "search_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_query": { - "ignore_above": 1024, - "type": "keyword" - }, - "stats": { - "ignore_above": 1024, - "type": "keyword" - }, - "took": { - "ignore_above": 1024, - "type": "keyword" - }, - "total_hits": { - "ignore_above": 1024, - "type": "keyword" - }, - "total_shards": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "types": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "dns":{ + "type":"object", + "dynamic": true }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "envoyproxy": { - "properties": { - "authority": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "proxy_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "response_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "upstream_service_time": { - "type": "long" - } - } - }, - "error": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "type": "text" - }, - "stack_trace": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } + "dll":{ + "type":"object", + "dynamic": true }, - "event": { - "properties": { - "acknowledged": { - "type": "boolean", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "escalated": { - "type": "boolean", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "original": { - "doc_values": false, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "severity_label": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } + "ecs":{ + "type":"object", + "dynamic": true + }, + "error":{ + "type":"object", + "dynamic": true + }, + "event":{ + "type":"object", + "dynamic": true }, "event_data":{ "type":"object", "dynamic": true - }, - "f5":{ - "type":"object", - "dynamic": true - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fork_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "fileset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } + }, + "file":{ + "type":"object", + "dynamic": true }, "flow":{ "type":"object", @@ -8114,4042 +253,30 @@ "type":"object", "dynamic": true }, - "forcepoint": { - "properties": { - "virus_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "fortinet": { - "properties": { - "file": { - "properties": { - "hash": { - "properties": { - "crc32": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "firewall": { - "properties": { - "acct_stat": { - "ignore_above": 1024, - "type": "keyword" - }, - "acktime": { - "ignore_above": 1024, - "type": "keyword" - }, - "act": { - "ignore_above": 1024, - "type": "keyword" - }, - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "activity": { - "ignore_above": 1024, - "type": "keyword" - }, - "addr": { - "type": "ip" - }, - "addr_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "addrgrp": { - "ignore_above": 1024, - "type": "keyword" - }, - "adgroup": { - "ignore_above": 1024, - "type": "keyword" - }, - "admin": { - "ignore_above": 1024, - "type": "keyword" - }, - "age": { - "type": "long" - }, - "agent": { - "ignore_above": 1024, - "type": "keyword" - }, - "alarmid": { - "type": "long" - }, - "alert": { - "ignore_above": 1024, - "type": "keyword" - }, - "analyticscksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "analyticssubmit": { - "ignore_above": 1024, - "type": "keyword" - }, - "ap": { - "ignore_above": 1024, - "type": "keyword" - }, - "app-type": { - "ignore_above": 1024, - "type": "keyword" - }, - "appact": { - "ignore_above": 1024, - "type": "keyword" - }, - "appid": { - "type": "long" - }, - "applist": { - "ignore_above": 1024, - "type": "keyword" - }, - "apprisk": { - "ignore_above": 1024, - "type": "keyword" - }, - "apscan": { - "ignore_above": 1024, - "type": "keyword" - }, - "apsn": { - "ignore_above": 1024, - "type": "keyword" - }, - "apstatus": { - "ignore_above": 1024, - "type": "keyword" - }, - "aptype": { - "ignore_above": 1024, - "type": "keyword" - }, - "assigned": { - "type": "ip" - }, - "assignip": { - "type": "ip" - }, - "attachment": { - "ignore_above": 1024, - "type": "keyword" - }, - "attack": { - "ignore_above": 1024, - "type": "keyword" - }, - "attackcontext": { - "ignore_above": 1024, - "type": "keyword" - }, - "attackcontextid": { - "ignore_above": 1024, - "type": "keyword" - }, - "attackid": { - "type": "long" - }, - "auditid": { - "type": "long" - }, - "auditscore": { - "ignore_above": 1024, - "type": "keyword" - }, - "audittime": { - "type": "long" - }, - "authgrp": { - "ignore_above": 1024, - "type": "keyword" - }, - "authid": { - "ignore_above": 1024, - "type": "keyword" - }, - "authproto": { - "ignore_above": 1024, - "type": "keyword" - }, - "authserver": { - "ignore_above": 1024, - "type": "keyword" - }, - "bandwidth": { - "ignore_above": 1024, - "type": "keyword" - }, - "banned_rule": { - "ignore_above": 1024, - "type": "keyword" - }, - "banned_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "banword": { - "ignore_above": 1024, - "type": "keyword" - }, - "botnetdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "botnetip": { - "type": "ip" - }, - "bssid": { - "ignore_above": 1024, - "type": "keyword" - }, - "call_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "carrier_ep": { - "ignore_above": 1024, - "type": "keyword" - }, - "cat": { - "type": "long" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "cc": { - "ignore_above": 1024, - "type": "keyword" - }, - "cdrcontent": { - "ignore_above": 1024, - "type": "keyword" - }, - "centralnatid": { - "type": "long" - }, - "cert": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert-type": { - "ignore_above": 1024, - "type": "keyword" - }, - "certhash": { - "ignore_above": 1024, - "type": "keyword" - }, - "cfgattr": { - "ignore_above": 1024, - "type": "keyword" - }, - "cfgobj": { - "ignore_above": 1024, - "type": "keyword" - }, - "cfgpath": { - "ignore_above": 1024, - "type": "keyword" - }, - "cfgtid": { - "ignore_above": 1024, - "type": "keyword" - }, - "cfgtxpower": { - "type": "long" - }, - "channel": { - "type": "long" - }, - "channeltype": { - "ignore_above": 1024, - "type": "keyword" - }, - "chassisid": { - "type": "long" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "chgheaders": { - "ignore_above": 1024, - "type": "keyword" - }, - "cldobjid": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_addr": { - "ignore_above": 1024, - "type": "keyword" - }, - "cloudaction": { - "ignore_above": 1024, - "type": "keyword" - }, - "clouduser": { - "ignore_above": 1024, - "type": "keyword" - }, - "column": { - "type": "long" - }, - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "community": { - "ignore_above": 1024, - "type": "keyword" - }, - "configcountry": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "conserve": { - "ignore_above": 1024, - "type": "keyword" - }, - "constraint": { - "ignore_above": 1024, - "type": "keyword" - }, - "contentdisarmed": { - "ignore_above": 1024, - "type": "keyword" - }, - "contenttype": { - "ignore_above": 1024, - "type": "keyword" - }, - "cookies": { - "ignore_above": 1024, - "type": "keyword" - }, - "count": { - "type": "long" - }, - "countapp": { - "type": "long" - }, - "countav": { - "type": "long" - }, - "countcifs": { - "type": "long" - }, - "countdlp": { - "type": "long" - }, - "countdns": { - "type": "long" - }, - "countemail": { - "type": "long" - }, - "countff": { - "type": "long" - }, - "countips": { - "type": "long" - }, - "countssh": { - "type": "long" - }, - "countssl": { - "type": "long" - }, - "countwaf": { - "type": "long" - }, - "countweb": { - "type": "long" - }, - "cpu": { - "type": "long" - }, - "craction": { - "type": "long" - }, - "criticalcount": { - "type": "long" - }, - "crl": { - "ignore_above": 1024, - "type": "keyword" - }, - "crlevel": { - "ignore_above": 1024, - "type": "keyword" - }, - "crscore": { - "type": "long" - }, - "cveid": { - "ignore_above": 1024, - "type": "keyword" - }, - "daemon": { - "ignore_above": 1024, - "type": "keyword" - }, - "datarange": { - "ignore_above": 1024, - "type": "keyword" - }, - "date": { - "ignore_above": 1024, - "type": "keyword" - }, - "ddnsserver": { - "type": "ip" - }, - "desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "detectionmethod": { - "ignore_above": 1024, - "type": "keyword" - }, - "devcategory": { - "ignore_above": 1024, - "type": "keyword" - }, - "devintfname": { - "ignore_above": 1024, - "type": "keyword" - }, - "devtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "dhcp_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "dintf": { - "ignore_above": 1024, - "type": "keyword" - }, - "disk": { - "ignore_above": 1024, - "type": "keyword" - }, - "disklograte": { - "type": "long" - }, - "dlpextra": { - "ignore_above": 1024, - "type": "keyword" - }, - "docsource": { - "ignore_above": 1024, - "type": "keyword" - }, - "domainctrlauthstate": { - "type": "long" - }, - "domainctrlauthtype": { - "type": "long" - }, - "domainctrldomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "domainctrlip": { - "type": "ip" - }, - "domainctrlname": { - "ignore_above": 1024, - "type": "keyword" - }, - "domainctrlprotocoltype": { - "type": "long" - }, - "domainctrlusername": { - "ignore_above": 1024, - "type": "keyword" - }, - "domainfilteridx": { - "type": "long" - }, - "domainfilterlist": { - "ignore_above": 1024, - "type": "keyword" - }, - "ds": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_int": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstcountry": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstdevcategory": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstdevtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstfamily": { - "ignore_above": 1024, - "type": "keyword" - }, - "dsthwvendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "dsthwversion": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstinetsvc": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstintfrole": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstosname": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstosversion": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstserver": { - "type": "long" - }, - "dstssid": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstswversion": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstunauthusersource": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstuuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "duid": { - "ignore_above": 1024, - "type": "keyword" - }, - "eapolcnt": { - "type": "long" - }, - "eapoltype": { - "ignore_above": 1024, - "type": "keyword" - }, - "encrypt": { - "type": "long" - }, - "encryption": { - "ignore_above": 1024, - "type": "keyword" - }, - "epoch": { - "type": "long" - }, - "espauth": { - "ignore_above": 1024, - "type": "keyword" - }, - "esptransform": { - "ignore_above": 1024, - "type": "keyword" - }, - "eventtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "exch": { - "ignore_above": 1024, - "type": "keyword" - }, - "exchange": { - "ignore_above": 1024, - "type": "keyword" - }, - "expectedsignature": { - "ignore_above": 1024, - "type": "keyword" - }, - "expiry": { - "ignore_above": 1024, - "type": "keyword" - }, - "fams_pause": { - "type": "long" - }, - "fazlograte": { - "type": "long" - }, - "fctemssn": { - "ignore_above": 1024, - "type": "keyword" - }, - "fctuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "field": { - "ignore_above": 1024, - "type": "keyword" - }, - "filefilter": { - "ignore_above": 1024, - "type": "keyword" - }, - "filehashsrc": { - "ignore_above": 1024, - "type": "keyword" - }, - "filtercat": { - "ignore_above": 1024, - "type": "keyword" - }, - "filteridx": { - "type": "long" - }, - "filtername": { - "ignore_above": 1024, - "type": "keyword" - }, - "filtertype": { - "ignore_above": 1024, - "type": "keyword" - }, - "fortiguardresp": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwardedfor": { - "ignore_above": 1024, - "type": "keyword" - }, - "fqdn": { - "ignore_above": 1024, - "type": "keyword" - }, - "frametype": { - "ignore_above": 1024, - "type": "keyword" - }, - "freediskstorage": { - "type": "long" - }, - "from": { - "ignore_above": 1024, - "type": "keyword" - }, - "from_vcluster": { - "type": "long" - }, - "fsaverdict": { - "ignore_above": 1024, - "type": "keyword" - }, - "fwserver_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "gateway": { - "type": "ip" - }, - "green": { - "ignore_above": 1024, - "type": "keyword" - }, - "groupid": { - "type": "long" - }, - "ha-prio": { - "type": "long" - }, - "ha_group": { - "ignore_above": 1024, - "type": "keyword" - }, - "ha_role": { - "ignore_above": 1024, - "type": "keyword" - }, - "handshake": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hbdn_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "highcount": { - "type": "long" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "iaid": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmpcode": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmpid": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmptype": { - "ignore_above": 1024, - "type": "keyword" - }, - "identifier": { - "type": "long" - }, - "in_spi": { - "ignore_above": 1024, - "type": "keyword" - }, - "incidentserialno": { - "type": "long" - }, - "infected": { - "type": "long" - }, - "infectedfilelevel": { - "type": "long" - }, - "informationsource": { - "ignore_above": 1024, - "type": "keyword" - }, - "init": { - "ignore_above": 1024, - "type": "keyword" - }, - "initiator": { - "ignore_above": 1024, - "type": "keyword" - }, - "interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "intf": { - "ignore_above": 1024, - "type": "keyword" - }, - "invalidmac": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "iptype": { - "ignore_above": 1024, - "type": "keyword" - }, - "keyword": { - "ignore_above": 1024, - "type": "keyword" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "lanin": { - "type": "long" - }, - "lanout": { - "type": "long" - }, - "lease": { - "type": "long" - }, - "license_limit": { - "ignore_above": 1024, - "type": "keyword" - }, - "limit": { - "type": "long" - }, - "line": { - "ignore_above": 1024, - "type": "keyword" - }, - "live": { - "type": "long" - }, - "local": { - "type": "ip" - }, - "log": { - "ignore_above": 1024, - "type": "keyword" - }, - "login": { - "ignore_above": 1024, - "type": "keyword" - }, - "lowcount": { - "type": "long" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "malform_data": { - "type": "long" - }, - "malform_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "manuf": { - "ignore_above": 1024, - "type": "keyword" - }, - "masterdstmac": { - "ignore_above": 1024, - "type": "keyword" - }, - "mastersrcmac": { - "ignore_above": 1024, - "type": "keyword" - }, - "mediumcount": { - "type": "long" - }, - "mem": { - "type": "long" - }, - "meshmode": { - "ignore_above": 1024, - "type": "keyword" - }, - "message_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mgmtcnt": { - "type": "long" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "monitor-name": { - "ignore_above": 1024, - "type": "keyword" - }, - "monitor-type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mpsk": { - "ignore_above": 1024, - "type": "keyword" - }, - "msgproto": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtu": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "ignore_above": 1024, - "type": "keyword" - }, - "netid": { - "ignore_above": 1024, - "type": "keyword" - }, - "new_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "new_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "newchannel": { - "type": "long" - }, - "newchassisid": { - "type": "long" - }, - "newslot": { - "type": "long" - }, - "nextstat": { - "type": "long" - }, - "nf_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "noise": { - "type": "long" - }, - "old_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldchannel": { - "type": "long" - }, - "oldchassisid": { - "type": "long" - }, - "oldslot": { - "type": "long" - }, - "oldsn": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldwprof": { - "ignore_above": 1024, - "type": "keyword" - }, - "onwire": { - "ignore_above": 1024, - "type": "keyword" - }, - "opercountry": { - "ignore_above": 1024, - "type": "keyword" - }, - "opertxpower": { - "type": "long" - }, - "osname": { - "ignore_above": 1024, - "type": "keyword" - }, - "osversion": { - "ignore_above": 1024, - "type": "keyword" - }, - "out_spi": { - "ignore_above": 1024, - "type": "keyword" - }, - "outintf": { - "ignore_above": 1024, - "type": "keyword" - }, - "passedcount": { - "type": "long" - }, - "passwd": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "peer": { - "ignore_above": 1024, - "type": "keyword" - }, - "peer_notif": { - "ignore_above": 1024, - "type": "keyword" - }, - "phase2_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "phone": { - "ignore_above": 1024, - "type": "keyword" - }, - "pid": { - "type": "long" - }, - "policytype": { - "ignore_above": 1024, - "type": "keyword" - }, - "poolname": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "portbegin": { - "type": "long" - }, - "portend": { - "type": "long" - }, - "probeproto": { - "ignore_above": 1024, - "type": "keyword" - }, - "process": { - "ignore_above": 1024, - "type": "keyword" - }, - "processtime": { - "type": "long" - }, - "profile": { - "ignore_above": 1024, - "type": "keyword" - }, - "profile_vd": { - "ignore_above": 1024, - "type": "keyword" - }, - "profilegroup": { - "ignore_above": 1024, - "type": "keyword" - }, - "profiletype": { - "ignore_above": 1024, - "type": "keyword" - }, - "qtypeval": { - "type": "long" - }, - "quarskip": { - "ignore_above": 1024, - "type": "keyword" - }, - "quotaexceeded": { - "ignore_above": 1024, - "type": "keyword" - }, - "quotamax": { - "type": "long" - }, - "quotatype": { - "ignore_above": 1024, - "type": "keyword" - }, - "quotaused": { - "type": "long" - }, - "radioband": { - "ignore_above": 1024, - "type": "keyword" - }, - "radioid": { - "type": "long" - }, - "radioidclosest": { - "type": "long" - }, - "radioiddetected": { - "type": "long" - }, - "rate": { - "ignore_above": 1024, - "type": "keyword" - }, - "rawdata": { - "ignore_above": 1024, - "type": "keyword" - }, - "rawdataid": { - "ignore_above": 1024, - "type": "keyword" - }, - "rcvddelta": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "received": { - "type": "long" - }, - "receivedsignature": { - "ignore_above": 1024, - "type": "keyword" - }, - "red": { - "ignore_above": 1024, - "type": "keyword" - }, - "referralurl": { - "ignore_above": 1024, - "type": "keyword" - }, - "remote": { - "type": "ip" - }, - "remotewtptime": { - "ignore_above": 1024, - "type": "keyword" - }, - "reporttype": { - "ignore_above": 1024, - "type": "keyword" - }, - "reqtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - }, - "rssi": { - "type": "long" - }, - "rsso_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruledata": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruletype": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanned": { - "type": "long" - }, - "scantime": { - "type": "long" - }, - "scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "security": { - "ignore_above": 1024, - "type": "keyword" - }, - "sensitivity": { - "ignore_above": 1024, - "type": "keyword" - }, - "sensor": { - "ignore_above": 1024, - "type": "keyword" - }, - "sentdelta": { - "ignore_above": 1024, - "type": "keyword" - }, - "seq": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial": { - "ignore_above": 1024, - "type": "keyword" - }, - "serialno": { - "ignore_above": 1024, - "type": "keyword" - }, - "server": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sessionid": { - "type": "long" - }, - "setuprate": { - "type": "long" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "shaperdroprcvdbyte": { - "type": "long" - }, - "shaperdropsentbyte": { - "type": "long" - }, - "shaperperipdropbyte": { - "type": "long" - }, - "shaperperipname": { - "ignore_above": 1024, - "type": "keyword" - }, - "shaperrcvdname": { - "ignore_above": 1024, - "type": "keyword" - }, - "shapersentname": { - "ignore_above": 1024, - "type": "keyword" - }, - "shapingpolicyid": { - "type": "long" - }, - "signal": { - "type": "long" - }, - "size": { - "type": "long" - }, - "slot": { - "type": "long" - }, - "sn": { - "ignore_above": 1024, - "type": "keyword" - }, - "snclosest": { - "ignore_above": 1024, - "type": "keyword" - }, - "sndetected": { - "ignore_above": 1024, - "type": "keyword" - }, - "snmeshparent": { - "ignore_above": 1024, - "type": "keyword" - }, - "spi": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_int": { - "ignore_above": 1024, - "type": "keyword" - }, - "srccountry": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcfamily": { - "ignore_above": 1024, - "type": "keyword" - }, - "srchwvendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "srchwversion": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcinetsvc": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcintfrole": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcname": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcserver": { - "type": "long" - }, - "srcssid": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcswversion": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcuuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "sscname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssid": { - "ignore_above": 1024, - "type": "keyword" - }, - "sslaction": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssllocal": { - "ignore_above": 1024, - "type": "keyword" - }, - "sslremote": { - "ignore_above": 1024, - "type": "keyword" - }, - "stacount": { - "type": "long" - }, - "stage": { - "ignore_above": 1024, - "type": "keyword" - }, - "stamac": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "stitch": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "submodule": { - "ignore_above": 1024, - "type": "keyword" - }, - "subservice": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "suspicious": { - "type": "long" - }, - "switchproto": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "sync_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "sysuptime": { - "ignore_above": 1024, - "type": "keyword" - }, - "tamac": { - "ignore_above": 1024, - "type": "keyword" - }, - "threattype": { - "ignore_above": 1024, - "type": "keyword" - }, - "time": { - "ignore_above": 1024, - "type": "keyword" - }, - "to": { - "ignore_above": 1024, - "type": "keyword" - }, - "to_vcluster": { - "type": "long" - }, - "total": { - "type": "long" - }, - "totalsession": { - "type": "long" - }, - "trace_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "trandisp": { - "ignore_above": 1024, - "type": "keyword" - }, - "transid": { - "type": "long" - }, - "translationid": { - "ignore_above": 1024, - "type": "keyword" - }, - "trigger": { - "ignore_above": 1024, - "type": "keyword" - }, - "trueclntip": { - "type": "ip" - }, - "tunnelid": { - "type": "long" - }, - "tunnelip": { - "type": "ip" - }, - "tunneltype": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "ui": { - "ignore_above": 1024, - "type": "keyword" - }, - "unauthusersource": { - "ignore_above": 1024, - "type": "keyword" - }, - "unit": { - "type": "long" - }, - "urlfilteridx": { - "type": "long" - }, - "urlfilterlist": { - "ignore_above": 1024, - "type": "keyword" - }, - "urlsource": { - "ignore_above": 1024, - "type": "keyword" - }, - "urltype": { - "ignore_above": 1024, - "type": "keyword" - }, - "used": { - "type": "long" - }, - "used_for_type": { - "type": "long" - }, - "utmaction": { - "ignore_above": 1024, - "type": "keyword" - }, - "utmref": { - "ignore_above": 1024, - "type": "keyword" - }, - "vap": { - "ignore_above": 1024, - "type": "keyword" - }, - "vapmode": { - "ignore_above": 1024, - "type": "keyword" - }, - "vcluster": { - "type": "long" - }, - "vcluster_member": { - "type": "long" - }, - "vcluster_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "vd": { - "ignore_above": 1024, - "type": "keyword" - }, - "vdname": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendorurl": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "vip": { - "ignore_above": 1024, - "type": "keyword" - }, - "virus": { - "ignore_above": 1024, - "type": "keyword" - }, - "virusid": { - "type": "long" - }, - "voip_proto": { - "ignore_above": 1024, - "type": "keyword" - }, - "vpn": { - "ignore_above": 1024, - "type": "keyword" - }, - "vpntunnel": { - "ignore_above": 1024, - "type": "keyword" - }, - "vpntype": { - "ignore_above": 1024, - "type": "keyword" - }, - "vrf": { - "type": "long" - }, - "vulncat": { - "ignore_above": 1024, - "type": "keyword" - }, - "vulnid": { - "type": "long" - }, - "vulnname": { - "ignore_above": 1024, - "type": "keyword" - }, - "vwlid": { - "type": "long" - }, - "vwlquality": { - "ignore_above": 1024, - "type": "keyword" - }, - "vwlservice": { - "ignore_above": 1024, - "type": "keyword" - }, - "vwpvlanid": { - "type": "long" - }, - "wanin": { - "type": "long" - }, - "wanoptapptype": { - "ignore_above": 1024, - "type": "keyword" - }, - "wanout": { - "type": "long" - }, - "weakwepiv": { - "ignore_above": 1024, - "type": "keyword" - }, - "xauthgroup": { - "ignore_above": 1024, - "type": "keyword" - }, - "xauthuser": { - "ignore_above": 1024, - "type": "keyword" - }, - "xid": { - "type": "long" - } - } - } - } + "geo":{ + "type":"object", + "dynamic": true }, - "gcp": { - "properties": { - "audit": { - "properties": { - "authentication_info": { - "properties": { - "authority_selector": { - "ignore_above": 1024, - "type": "keyword" - }, - "principal_email": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "method_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "num_response_items": { - "type": "long" - }, - "request": { - "properties": { - "filter": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "proto_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "request_metadata": { - "properties": { - "caller_ip": { - "type": "ip" - }, - "caller_supplied_user_agent": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resource_location": { - "properties": { - "current_locations": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resource_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "response": { - "properties": { - "details": { - "properties": { - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "proto_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "properties": { - "code": { - "type": "long" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "destination": { - "properties": { - "instance": { - "properties": { - "project_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vpc": { - "properties": { - "project_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "subnetwork_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "vpc_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "firewall": { - "properties": { - "rule_details": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_range": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "priority": { - "type": "long" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_range": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_service_account": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_tag": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_service_account": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "source": { - "properties": { - "instance": { - "properties": { - "project_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vpc": { - "properties": { - "project_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "subnetwork_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "vpc_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "vpcflow": { - "properties": { - "reporter": { - "ignore_above": 1024, - "type": "keyword" - }, - "rtt": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "google_workspace": { - "properties": { - "actor": { - "properties": { - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "admin": { - "properties": { - "alert": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "api": { - "properties": { - "client": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scopes": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "application": { - "properties": { - "asp_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "edition": { - "ignore_above": 1024, - "type": "keyword" - }, - "enabled": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "licences_order_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "licences_purchased": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "package_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bulk_upload": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "chrome_licenses": { - "properties": { - "allowed": { - "ignore_above": 1024, - "type": "keyword" - }, - "enabled": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "chrome_os": { - "properties": { - "session_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "device": { - "properties": { - "command_details": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "distribution": { - "properties": { - "entity": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "domain": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "secondary_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "properties": { - "log_search_filter": { - "properties": { - "end_date": { - "type": "date" - }, - "message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "recipient": { - "properties": { - "ip": { - "type": "ip" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sender": { - "properties": { - "ip": { - "type": "ip" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "start_date": { - "type": "date" - } - } - }, - "quarantine_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email_dump": { - "properties": { - "include_deleted": { - "type": "boolean" - }, - "package_content": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email_monitor": { - "properties": { - "dest_email": { - "ignore_above": 1024, - "type": "keyword" - }, - "level": { - "properties": { - "chat": { - "ignore_above": 1024, - "type": "keyword" - }, - "draft": { - "ignore_above": 1024, - "type": "keyword" - }, - "incoming": { - "ignore_above": 1024, - "type": "keyword" - }, - "outgoing": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "field": { - "ignore_above": 1024, - "type": "keyword" - }, - "gateway": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "allowed_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "priorities": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "info_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "managed_configuration": { - "ignore_above": 1024, - "type": "keyword" - }, - "mdm": { - "properties": { - "token": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "mobile": { - "properties": { - "action": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "certificate": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "company_owned_devices": { - "type": "long" - } - } - }, - "new_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "non_featured_services_selection": { - "ignore_above": 1024, - "type": "keyword" - }, - "oauth2": { - "properties": { - "application": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "old_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "org_unit": { - "properties": { - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "print_server": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "printer": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "privilege": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sku": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "request": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resource": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "role": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "setting": { - "properties": { - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "birthdate": { - "type": "date" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "nickname": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_defined_setting": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "verification_method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "drive": { - "properties": { - "added_role": { - "ignore_above": 1024, - "type": "keyword" - }, - "billable": { - "type": "boolean" - }, - "destination_folder_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_folder_title": { - "ignore_above": 1024, - "type": "keyword" - }, - "file": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_shared_drive": { - "type": "boolean" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "membership_change_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "new_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_visibility": { - "ignore_above": 1024, - "type": "keyword" - }, - "originating_app_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "primary_event": { - "type": "boolean" - }, - "removed_role": { - "ignore_above": 1024, - "type": "keyword" - }, - "shared_drive_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "shared_drive_settings_change_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "sheets_import_range_recipient_doc": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_folder_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_folder_title": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "visibility": { - "ignore_above": 1024, - "type": "keyword" - }, - "visibility_change": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "groups": { - "properties": { - "acl_permission": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "member": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "moderation_action": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "new_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "setting": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "login": { - "properties": { - "affected_email_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "challenge_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "failure_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_second_factor": { - "type": "boolean" - }, - "is_suspicious": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "saml": { - "properties": { - "application_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "failure_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "initiated_by": { - "ignore_above": 1024, - "type": "keyword" - }, - "orgunit_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "second_level_status_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "gsuite": { - "properties": { - "actor": { - "properties": { - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "admin": { - "properties": { - "alert": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "api": { - "properties": { - "client": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scopes": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "application": { - "properties": { - "asp_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "edition": { - "ignore_above": 1024, - "type": "keyword" - }, - "enabled": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "licences_order_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "licences_purchased": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "package_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bulk_upload": { - "properties": { - "failed": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "chrome_licenses": { - "properties": { - "allowed": { - "ignore_above": 1024, - "type": "keyword" - }, - "enabled": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "chrome_os": { - "properties": { - "session_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "device": { - "properties": { - "command_details": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "distribution": { - "properties": { - "entity": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "domain": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "secondary_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "properties": { - "log_search_filter": { - "properties": { - "end_date": { - "type": "date" - }, - "message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "recipient": { - "properties": { - "ip": { - "type": "ip" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sender": { - "properties": { - "ip": { - "type": "ip" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "start_date": { - "type": "date" - } - } - }, - "quarantine_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email_dump": { - "properties": { - "include_deleted": { - "type": "boolean" - }, - "package_content": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email_monitor": { - "properties": { - "dest_email": { - "ignore_above": 1024, - "type": "keyword" - }, - "level": { - "properties": { - "chat": { - "ignore_above": 1024, - "type": "keyword" - }, - "draft": { - "ignore_above": 1024, - "type": "keyword" - }, - "incoming": { - "ignore_above": 1024, - "type": "keyword" - }, - "outgoing": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "field": { - "ignore_above": 1024, - "type": "keyword" - }, - "gateway": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "allowed_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "priorities": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "info_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "managed_configuration": { - "ignore_above": 1024, - "type": "keyword" - }, - "mdm": { - "properties": { - "token": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "mobile": { - "properties": { - "action": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "certificate": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "company_owned_devices": { - "type": "long" - } - } - }, - "new_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "non_featured_services_selection": { - "ignore_above": 1024, - "type": "keyword" - }, - "oauth2": { - "properties": { - "application": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "old_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "org_unit": { - "properties": { - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "print_server": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "printer": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "privilege": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sku": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "request": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resource": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "role": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "setting": { - "properties": { - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "birthdate": { - "type": "date" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "nickname": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_defined_setting": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "verification_method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "drive": { - "properties": { - "added_role": { - "ignore_above": 1024, - "type": "keyword" - }, - "billable": { - "type": "boolean" - }, - "destination_folder_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_folder_title": { - "ignore_above": 1024, - "type": "keyword" - }, - "file": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_shared_drive": { - "type": "boolean" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "membership_change_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "new_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_visibility": { - "ignore_above": 1024, - "type": "keyword" - }, - "originating_app_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "primary_event": { - "type": "boolean" - }, - "removed_role": { - "ignore_above": 1024, - "type": "keyword" - }, - "shared_drive_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "shared_drive_settings_change_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "sheets_import_range_recipient_doc": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_folder_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_folder_title": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "visibility": { - "ignore_above": 1024, - "type": "keyword" - }, - "visibility_change": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "groups": { - "properties": { - "acl_permission": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "member": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "message": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "moderation_action": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "new_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "old_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "setting": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "login": { - "properties": { - "affected_email_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "challenge_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "failure_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_second_factor": { - "type": "boolean" - }, - "is_suspicious": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "saml": { - "properties": { - "application_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "failure_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "initiated_by": { - "ignore_above": 1024, - "type": "keyword" - }, - "orgunit_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "second_level_status_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "group":{ + "type":"object", + "dynamic": true }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } + "hash":{ + "type":"object", + "dynamic": true }, - "haproxy": { - "properties": { - "backend_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "backend_queue": { - "type": "long" - }, - "bind_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes_read": { - "type": "long" - }, - "connection_wait_time_ms": { - "type": "long" - }, - "connections": { - "properties": { - "active": { - "type": "long" - }, - "backend": { - "type": "long" - }, - "frontend": { - "type": "long" - }, - "retries": { - "type": "long" - }, - "server": { - "type": "long" - } - } - }, - "error_message": { - "norms": false, - "type": "text" - }, - "frontend_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "http": { - "properties": { - "request": { - "properties": { - "captured_cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "captured_headers": { - "ignore_above": 1024, - "type": "keyword" - }, - "raw_request_line": { - "ignore_above": 1024, - "type": "keyword" - }, - "time_wait_ms": { - "type": "long" - }, - "time_wait_without_data_ms": { - "type": "long" - } - } - }, - "response": { - "properties": { - "captured_cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "captured_headers": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "server_queue": { - "type": "long" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp": { - "properties": { - "connection_waiting_time_ms": { - "type": "long" - } - } - }, - "termination_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "time_backend_connect": { - "type": "long" - }, - "time_queue": { - "type": "long" - }, - "total_waiting_time_ms": { - "type": "long" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - }, - "keyword": { - "type": "keyword" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "host":{ + "type":"object", + "dynamic": true }, "http":{ "type":"object", - "dynamic": true, - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "bytes": { - "type": "long" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } + "dynamic": true }, - "ibmmq": { - "properties": { - "errorlog": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "arithinsert": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "commentinsert": { - "ignore_above": 1024, - "type": "keyword" - }, - "errordescription": { - "norms": false, - "type": "text" - }, - "explanation": { - "ignore_above": 1024, - "type": "keyword" - }, - "installation": { - "ignore_above": 1024, - "type": "keyword" - }, - "qmgr": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "icinga": { - "properties": { - "debug": { - "properties": { - "facility": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "main": { - "properties": { - "facility": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "startup": { - "properties": { - "facility": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "icmp": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "igmp": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "iis": { - "properties": { - "access": { - "properties": { - "cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "site_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_status": { - "type": "long" - }, - "win32_status": { - "type": "long" - } - } - }, - "error": { - "properties": { - "queue_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason_phrase": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "imperva":{ - "type":"object", - "dynamic": true - }, "import":{ "type":"object", "dynamic": true }, - "infoblox":{ - "type":"object", - "dynamic": true - }, "ingest":{ "type":"object", "dynamic": true, @@ -12159,15 +286,7 @@ } } }, - "input": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "intel":{ + "intel":{ "type":"object", "dynamic": true, "properties":{ @@ -12181,3584 +300,56 @@ } } }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip":{ - "type":"object", - "dynamic": true - }, - "iptables": { - "properties": { - "ether_type": { - "type": "long" - }, - "flow_label": { - "type": "long" - }, - "fragment_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment_offset": { - "type": "long" - }, - "icmp": { - "properties": { - "code": { - "type": "long" - }, - "id": { - "type": "long" - }, - "parameter": { - "type": "long" - }, - "redirect": { - "type": "ip" - }, - "seq": { - "type": "long" - }, - "type": { - "type": "long" - } - } - }, - "id": { - "type": "long" - }, - "incomplete_bytes": { - "type": "long" - }, - "input_device": { - "ignore_above": 1024, - "type": "keyword" - }, - "length": { - "type": "long" - }, - "output_device": { - "ignore_above": 1024, - "type": "keyword" - }, - "precedence_bits": { - "type": "short" - }, - "tcp": { - "properties": { - "ack": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "reserved_bits": { - "type": "short" - }, - "seq": { - "type": "long" - }, - "window": { - "type": "long" - } - } - }, - "tos": { - "type": "long" - }, - "ttl": { - "type": "long" - }, - "ubiquiti": { - "properties": { - "input_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "output_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_set": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "udp": { - "properties": { - "length": { - "type": "long" - } - } - } - } - }, - "irc":{ + "interface":{ "type":"object", "dynamic": true }, - "jolokia": { - "properties": { - "agent": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "secured": { - "type": "boolean" - }, - "server": { - "properties": { - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "juniper": { - "properties": { - "srx": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "action_detail": { - "ignore_above": 1024, - "type": "keyword" - }, - "alert": { - "ignore_above": 1024, - "type": "keyword" - }, - "apbr_rule_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_characteristics": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_sub_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "attack_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_ip": { - "type": "ip" - }, - "connection_hit_rate": { - "type": "long" - }, - "connection_tag": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_hit_rate": { - "type": "long" - }, - "context_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_value_hit_rate": { - "type": "long" - }, - "ddos_application_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dscp_value": { - "type": "long" - }, - "dst_nat_rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_nat_rule_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_vrf_grp": { - "ignore_above": 1024, - "type": "keyword" - }, - "elapsed_time": { - "type": "date" - }, - "encrypted": { - "ignore_above": 1024, - "type": "keyword" - }, - "epoch_time": { - "type": "date" - }, - "error_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "error_message": { - "ignore_above": 1024, - "type": "keyword" - }, - "export_id": { - "type": "long" - }, - "feed_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_hash_lookup": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_type": { - "type": "long" - }, - "inbound_bytes": { - "type": "long" - }, - "inbound_packets": { - "type": "long" - }, - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "logical_system_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "malware_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "message_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat_connection_tag": { - "ignore_above": 1024, - "type": "keyword" - }, - "nested_application": { - "ignore_above": 1024, - "type": "keyword" - }, - "obj": { - "ignore_above": 1024, - "type": "keyword" - }, - "occur_count": { - "type": "long" - }, - "outbound_bytes": { - "type": "long" - }, - "outbound_packets": { - "type": "long" - }, - "packet_log_id": { - "type": "long" - }, - "peer_destination_address": { - "type": "ip" - }, - "peer_destination_port": { - "type": "long" - }, - "peer_session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "peer_source_address": { - "type": "ip" - }, - "peer_source_port": { - "type": "long" - }, - "policy_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "process": { - "ignore_above": 1024, - "type": "keyword" - }, - "profile": { - "ignore_above": 1024, - "type": "keyword" - }, - "profile_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "repeat_count": { - "type": "long" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "routing_instance": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleebase_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sample_sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "secure_web_proxy_session_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "service_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id_32": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_nat_rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_nat_rule_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_vrf_grp": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - }, - "temporary_filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "tenant_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "th": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "time_count": { - "type": "long" - }, - "time_period": { - "type": "long" - }, - "time_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uplink_rx_bytes": { - "type": "long" - }, - "uplink_tx_bytes": { - "type": "long" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - }, - "verdict_number": { - "type": "long" - }, - "verdict_source": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "kafka": { - "properties": { - "block_timestamp": { - "type": "date" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "thread": { - "ignore_above": 1024, - "type": "keyword" - }, - "trace": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "norms": false, - "type": "text" - } - } - } - } - }, - "offset": { - "type": "long" - }, - "partition": { - "type": "long" - }, - "topic": { - "ignore_above": 1024, - "type": "keyword" - } - } + "ip":{ + "type":"object", + "dynamic": true + }, + "irc":{ + "type":"object", + "dynamic": true }, "kerberos":{ "type":"object", "dynamic": true }, - "kibana": { - "properties": { - "add_to_spaces": { - "ignore_above": 1024, - "type": "keyword" - }, - "authentication_provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "authentication_realm": { - "ignore_above": 1024, - "type": "keyword" - }, - "authentication_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "delete_from_spaces": { - "ignore_above": 1024, - "type": "keyword" - }, - "log": { - "properties": { - "meta": { - "type": "object" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "lookup_realm": { - "ignore_above": 1024, - "type": "keyword" - }, - "saved_object": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "space_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kubernetes": { - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "type": "object" - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "level": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "offset": { - "type": "long" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "doc_values": false, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "source": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "object" - } - } + "log":{ + "type":"object", + "dynamic": true }, "logscan": { "type": "object", "dynamic": true }, - "logstash": { - "properties": { - "log": { - "properties": { - "log_event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "pipeline_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "thread": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "slowlog": { - "properties": { - "event": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "plugin_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "plugin_params": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "plugin_params_object": { - "type": "object" - }, - "plugin_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "thread": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "took_in_millis": { - "type": "long" - } - } - } - } - }, "manager":{ "type":"object", "dynamic": true }, - "message":{ + "message":{ "type":"text", "fields":{ "keyword":{ "type":"keyword", - "ignore_above": 32766 + "ignore_above": 32766 } } }, - "metadata": { - "type": "flattened" - }, - "microsoft": { - "properties": { - "defender_atp": { - "properties": { - "assignedTo": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "determination": { - "ignore_above": 1024, - "type": "keyword" - }, - "evidence": { - "properties": { - "aadUserId": { - "ignore_above": 1024, - "type": "keyword" - }, - "accountName": { - "ignore_above": 1024, - "type": "keyword" - }, - "domainName": { - "ignore_above": 1024, - "type": "keyword" - }, - "entityType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ipAddress": { - "type": "ip" - }, - "userPrincipalName": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "incidentId": { - "ignore_above": 1024, - "type": "keyword" - }, - "investigationId": { - "ignore_above": 1024, - "type": "keyword" - }, - "investigationState": { - "ignore_above": 1024, - "type": "keyword" - }, - "lastUpdateTime": { - "type": "date" - }, - "rbacGroupName": { - "ignore_above": 1024, - "type": "keyword" - }, - "resolvedTime": { - "type": "date" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "threatFamilyName": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "m365_defender": { - "properties": { - "alerts": { - "properties": { - "actorName": { - "ignore_above": 1024, - "type": "keyword" - }, - "assignedTo": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "creationTime": { - "type": "date" - }, - "detectionSource": { - "ignore_above": 1024, - "type": "keyword" - }, - "determination": { - "ignore_above": 1024, - "type": "keyword" - }, - "devices": { - "type": "flattened" - }, - "entities": { - "properties": { - "accountName": { - "ignore_above": 1024, - "type": "keyword" - }, - "clusterBy": { - "ignore_above": 1024, - "type": "keyword" - }, - "deliveryAction": { - "ignore_above": 1024, - "type": "keyword" - }, - "deviceId": { - "ignore_above": 1024, - "type": "keyword" - }, - "entityType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ipAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "mailboxAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "mailboxDisplayName": { - "ignore_above": 1024, - "type": "keyword" - }, - "recipient": { - "ignore_above": 1024, - "type": "keyword" - }, - "registryHive": { - "ignore_above": 1024, - "type": "keyword" - }, - "registryKey": { - "ignore_above": 1024, - "type": "keyword" - }, - "registryValueType": { - "ignore_above": 1024, - "type": "keyword" - }, - "securityGroupId": { - "ignore_above": 1024, - "type": "keyword" - }, - "securityGroupName": { - "ignore_above": 1024, - "type": "keyword" - }, - "sender": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "incidentId": { - "ignore_above": 1024, - "type": "keyword" - }, - "investigationId": { - "ignore_above": 1024, - "type": "keyword" - }, - "investigationState": { - "ignore_above": 1024, - "type": "keyword" - }, - "lastUpdatedTime": { - "type": "date" - }, - "mitreTechniques": { - "ignore_above": 1024, - "type": "keyword" - }, - "resolvedTime": { - "type": "date" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "threatFamilyName": { - "ignore_above": 1024, - "type": "keyword" - }, - "userSid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "assignedTo": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "determination": { - "ignore_above": 1024, - "type": "keyword" - }, - "incidentId": { - "ignore_above": 1024, - "type": "keyword" - }, - "incidentName": { - "ignore_above": 1024, - "type": "keyword" - }, - "investigationState": { - "ignore_above": 1024, - "type": "keyword" - }, - "redirectIncidentId": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "misp": { - "properties": { - "attack_pattern": { - "properties": { - "description": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "kill_chain_phases": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "campaign": { - "properties": { - "aliases": { - "norms": false, - "type": "text" - }, - "description": { - "norms": false, - "type": "text" - }, - "first_seen": { - "type": "date" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_seen": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "objective": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "course_of_action": { - "properties": { - "description": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "identity": { - "properties": { - "contact_information": { - "norms": false, - "type": "text" - }, - "description": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "identity_class": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sectors": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "intrusion_set": { - "properties": { - "aliases": { - "norms": false, - "type": "text" - }, - "description": { - "norms": false, - "type": "text" - }, - "first_seen": { - "type": "date" - }, - "goals": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_seen": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "primary_motivation": { - "norms": false, - "type": "text" - }, - "resource_level": { - "norms": false, - "type": "text" - }, - "secondary_motivations": { - "norms": false, - "type": "text" - } - } - }, - "malware": { - "properties": { - "description": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "kill_chain_phases": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "note": { - "properties": { - "authors": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "object_refs": { - "ignore_above": 1024, - "type": "keyword" - }, - "summary": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "observed_data": { - "properties": { - "first_observed": { - "type": "date" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_observed": { - "type": "date" - }, - "number_observed": { - "type": "long" - }, - "objects": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "report": { - "properties": { - "description": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "object_refs": { - "norms": false, - "type": "text" - }, - "published": { - "type": "date" - } - } - }, - "threat_actor": { - "properties": { - "aliases": { - "norms": false, - "type": "text" - }, - "description": { - "norms": false, - "type": "text" - }, - "goals": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "personal_motivations": { - "norms": false, - "type": "text" - }, - "primary_motivation": { - "norms": false, - "type": "text" - }, - "resource_level": { - "norms": false, - "type": "text" - }, - "roles": { - "norms": false, - "type": "text" - }, - "secondary_motivations": { - "norms": false, - "type": "text" - }, - "sophistication": { - "norms": false, - "type": "text" - } - } - }, - "threat_indicator": { - "properties": { - "attack_pattern": { - "ignore_above": 1024, - "type": "keyword" - }, - "attack_pattern_kql": { - "ignore_above": 1024, - "type": "keyword" - }, - "campaign": { - "ignore_above": 1024, - "type": "keyword" - }, - "confidence": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "norms": false, - "type": "text" - }, - "feed": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "intrusion_set": { - "ignore_above": 1024, - "type": "keyword" - }, - "kill_chain_phases": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_tactic": { - "ignore_above": 1024, - "type": "keyword" - }, - "mitre_technique": { - "ignore_above": 1024, - "type": "keyword" - }, - "negate": { - "type": "boolean" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_actor": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "valid_from": { - "type": "date" - }, - "valid_until": { - "type": "date" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tool": { - "properties": { - "description": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "kill_chain_phases": { - "norms": false, - "type": "text" - }, - "labels": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tool_version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "description": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, "modbus":{ "type":"object", "dynamic": true }, - "mongodb": { - "properties": { - "log": { - "properties": { - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "context": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "type": "long" - } - } - } - } - }, - "mssql": { - "properties": { - "log": { - "properties": { - "origin": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "mysql": { - "properties": { - "slowlog": { - "properties": { - "bytes_received": { - "type": "long" - }, - "bytes_sent": { - "type": "long" - }, - "current_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "filesort": { - "type": "boolean" - }, - "filesort_on_disk": { - "type": "boolean" - }, - "full_join": { - "type": "boolean" - }, - "full_scan": { - "type": "boolean" - }, - "innodb": { - "properties": { - "io_r_bytes": { - "type": "long" - }, - "io_r_ops": { - "type": "long" - }, - "io_r_wait": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "pages_distinct": { - "type": "long" - }, - "queue_wait": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "rec_lock_wait": { - "properties": { - "sec": { - "type": "long" - } - } - }, - "trx_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "killed": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_errno": { - "ignore_above": 1024, - "type": "keyword" - }, - "lock_time": { - "properties": { - "sec": { - "type": "float" - } - } - }, - "log_slow_rate_limit": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_slow_rate_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "merge_passes": { - "type": "long" - }, - "priority_queue": { - "type": "boolean" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "query_cache_hit": { - "type": "boolean" - }, - "read_first": { - "type": "long" - }, - "read_key": { - "type": "long" - }, - "read_last": { - "type": "long" - }, - "read_next": { - "type": "long" - }, - "read_prev": { - "type": "long" - }, - "read_rnd": { - "type": "long" - }, - "read_rnd_next": { - "type": "long" - }, - "rows_affected": { - "type": "long" - }, - "rows_examined": { - "type": "long" - }, - "rows_sent": { - "type": "long" - }, - "schema": { - "ignore_above": 1024, - "type": "keyword" - }, - "sort_merge_passes": { - "type": "long" - }, - "sort_range_count": { - "type": "long" - }, - "sort_rows": { - "type": "long" - }, - "sort_scan_count": { - "type": "long" - }, - "tmp_disk_tables": { - "type": "long" - }, - "tmp_table": { - "type": "boolean" - }, - "tmp_table_on_disk": { - "type": "boolean" - }, - "tmp_table_sizes": { - "type": "long" - }, - "tmp_tables": { - "type": "long" - } - } - }, - "thread_id": { - "type": "long" - } - } - }, - "mysqlenterprise": { - "properties": { - "audit": { - "properties": { - "account": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_data": { - "properties": { - "connection_attributes": { - "type": "flattened" - }, - "connection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "db": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "type": "long" - } - } - }, - "connection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "general_data": { - "properties": { - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "sql_command": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "login": { - "properties": { - "os": { - "ignore_above": 1024, - "type": "keyword" - }, - "proxy": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "shutdown_data": { - "properties": { - "server_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "startup_data": { - "properties": { - "mysql_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "server_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "table_access_data": { - "properties": { - "db": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "sql_command": { - "ignore_above": 1024, - "type": "keyword" - }, - "table": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "nats": { - "properties": { - "log": { - "properties": { - "client": { - "properties": { - "id": { - "type": "long" - } - } - }, - "msg": { - "properties": { - "bytes": { - "type": "long" - }, - "error": { - "properties": { - "message": { - "norms": false, - "type": "text" - } - } - }, - "max_messages": { - "type": "long" - }, - "queue_group": { - "norms": false, - "type": "text" - }, - "reply_to": { - "ignore_above": 1024, - "type": "keyword" - }, - "sid": { - "type": "long" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } + "mysql":{ + "type":"object", + "dynamic": true }, - "netflow": { - "properties": { - "absolute_error": { - "type": "double" - }, - "address_pool_high_threshold": { - "type": "long" - }, - "address_pool_low_threshold": { - "type": "long" - }, - "address_port_mapping_high_threshold": { - "type": "long" - }, - "address_port_mapping_low_threshold": { - "type": "long" - }, - "address_port_mapping_per_user_high_threshold": { - "type": "long" - }, - "anonymization_flags": { - "type": "long" - }, - "anonymization_technique": { - "type": "long" - }, - "application_category_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_description": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_group_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_id": { - "type": "short" - }, - "application_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_sub_category_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "bgp_destination_as_number": { - "type": "long" - }, - "bgp_next_adjacent_as_number": { - "type": "long" - }, - "bgp_next_hop_ipv4_address": { - "type": "ip" - }, - "bgp_next_hop_ipv6_address": { - "type": "ip" - }, - "bgp_prev_adjacent_as_number": { - "type": "long" - }, - "bgp_source_as_number": { - "type": "long" - }, - "bgp_validity_state": { - "type": "short" - }, - "biflow_direction": { - "type": "short" - }, - "class_id": { - "type": "long" - }, - "class_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification_engine_id": { - "type": "short" - }, - "collection_time_milliseconds": { - "type": "date" - }, - "collector_certificate": { - "type": "short" - }, - "collector_ipv4_address": { - "type": "ip" - }, - "collector_ipv6_address": { - "type": "ip" - }, - "collector_transport_port": { - "type": "long" - }, - "common_properties_id": { - "type": "long" - }, - "confidence_level": { - "type": "double" - }, - "connection_sum_duration_seconds": { - "type": "long" - }, - "connection_transaction_id": { - "type": "long" - }, - "data_link_frame_section": { - "type": "short" - }, - "data_link_frame_size": { - "type": "long" - }, - "data_link_frame_type": { - "type": "long" - }, - "data_records_reliability": { - "type": "boolean" - }, - "delta_flow_count": { - "type": "long" - }, - "destination_ipv4_address": { - "type": "ip" - }, - "destination_ipv4_prefix": { - "type": "ip" - }, - "destination_ipv4_prefix_length": { - "type": "short" - }, - "destination_ipv6_address": { - "type": "ip" - }, - "destination_ipv6_prefix": { - "type": "ip" - }, - "destination_ipv6_prefix_length": { - "type": "short" - }, - "destination_mac_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_transport_port": { - "type": "long" - }, - "digest_hash_value": { - "type": "long" - }, - "distinct_count_of_destination_ip_address": { - "type": "long" - }, - "distinct_count_of_destination_ipv4_address": { - "type": "long" - }, - "distinct_count_of_destination_ipv6_address": { - "type": "long" - }, - "distinct_count_of_source_ip_address": { - "type": "long" - }, - "distinct_count_of_source_ipv4_address": { - "type": "long" - }, - "distinct_count_of_source_ipv6_address": { - "type": "long" - }, - "dot1q_customer_dei": { - "type": "boolean" - }, - "dot1q_customer_destination_mac_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "dot1q_customer_priority": { - "type": "short" - }, - "dot1q_customer_source_mac_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "dot1q_customer_vlan_id": { - "type": "long" - }, - "dot1q_dei": { - "type": "boolean" - }, - "dot1q_priority": { - "type": "short" - }, - "dot1q_service_instance_id": { - "type": "long" - }, - "dot1q_service_instance_priority": { - "type": "short" - }, - "dot1q_service_instance_tag": { - "type": "short" - }, - "dot1q_vlan_id": { - "type": "long" - }, - "dropped_layer2_octet_delta_count": { - "type": "long" - }, - "dropped_layer2_octet_total_count": { - "type": "long" - }, - "dropped_octet_delta_count": { - "type": "long" - }, - "dropped_octet_total_count": { - "type": "long" - }, - "dropped_packet_delta_count": { - "type": "long" - }, - "dropped_packet_total_count": { - "type": "long" - }, - "dst_traffic_index": { - "type": "long" - }, - "egress_broadcast_packet_total_count": { - "type": "long" - }, - "egress_interface": { - "type": "long" - }, - "egress_interface_type": { - "type": "long" - }, - "egress_physical_interface": { - "type": "long" - }, - "egress_unicast_packet_total_count": { - "type": "long" - }, - "egress_vrfid": { - "type": "long" - }, - "encrypted_technology": { - "ignore_above": 1024, - "type": "keyword" - }, - "engine_id": { - "type": "short" - }, - "engine_type": { - "type": "short" - }, - "ethernet_header_length": { - "type": "short" - }, - "ethernet_payload_length": { - "type": "long" - }, - "ethernet_total_length": { - "type": "long" - }, - "ethernet_type": { - "type": "long" - }, - "export_interface": { - "type": "long" - }, - "export_protocol_version": { - "type": "short" - }, - "export_sctp_stream_id": { - "type": "long" - }, - "export_transport_protocol": { - "type": "short" - }, - "exported_flow_record_total_count": { - "type": "long" - }, - "exported_message_total_count": { - "type": "long" - }, - "exported_octet_total_count": { - "type": "long" - }, - "exporter": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_id": { - "type": "long" - }, - "timestamp": { - "type": "date" - }, - "uptime_millis": { - "type": "long" - }, - "version": { - "type": "long" - } - } - }, - "exporter_certificate": { - "type": "short" - }, - "exporter_ipv4_address": { - "type": "ip" - }, - "exporter_ipv6_address": { - "type": "ip" - }, - "exporter_transport_port": { - "type": "long" - }, - "exporting_process_id": { - "type": "long" - }, - "external_address_realm": { - "type": "short" - }, - "firewall_event": { - "type": "short" - }, - "flags_and_sampler_id": { - "type": "long" - }, - "flow_active_timeout": { - "type": "long" - }, - "flow_direction": { - "type": "short" - }, - "flow_duration_microseconds": { - "type": "long" - }, - "flow_duration_milliseconds": { - "type": "long" - }, - "flow_end_delta_microseconds": { - "type": "long" - }, - "flow_end_microseconds": { - "type": "date" - }, - "flow_end_milliseconds": { - "type": "date" - }, - "flow_end_nanoseconds": { - "type": "date" - }, - "flow_end_reason": { - "type": "short" - }, - "flow_end_seconds": { - "type": "date" - }, - "flow_end_sys_up_time": { - "type": "long" - }, - "flow_id": { - "type": "long" - }, - "flow_idle_timeout": { - "type": "long" - }, - "flow_key_indicator": { - "type": "long" - }, - "flow_label_ipv6": { - "type": "long" - }, - "flow_sampling_time_interval": { - "type": "long" - }, - "flow_sampling_time_spacing": { - "type": "long" - }, - "flow_selected_flow_delta_count": { - "type": "long" - }, - "flow_selected_octet_delta_count": { - "type": "long" - }, - "flow_selected_packet_delta_count": { - "type": "long" - }, - "flow_selector_algorithm": { - "type": "long" - }, - "flow_start_delta_microseconds": { - "type": "long" - }, - "flow_start_microseconds": { - "type": "date" - }, - "flow_start_milliseconds": { - "type": "date" - }, - "flow_start_nanoseconds": { - "type": "date" - }, - "flow_start_seconds": { - "type": "date" - }, - "flow_start_sys_up_time": { - "type": "long" - }, - "forwarding_status": { - "type": "short" - }, - "fragment_flags": { - "type": "short" - }, - "fragment_identification": { - "type": "long" - }, - "fragment_offset": { - "type": "long" - }, - "global_address_mapping_high_threshold": { - "type": "long" - }, - "gre_key": { - "type": "long" - }, - "hash_digest_output": { - "type": "boolean" - }, - "hash_flow_domain": { - "type": "long" - }, - "hash_initialiser_value": { - "type": "long" - }, - "hash_ip_payload_offset": { - "type": "long" - }, - "hash_ip_payload_size": { - "type": "long" - }, - "hash_output_range_max": { - "type": "long" - }, - "hash_output_range_min": { - "type": "long" - }, - "hash_selected_range_max": { - "type": "long" - }, - "hash_selected_range_min": { - "type": "long" - }, - "http_content_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_message_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_reason_phrase": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_request_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_request_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_request_target": { - "ignore_above": 1024, - "type": "keyword" - }, - "http_status_code": { - "type": "long" - }, - "http_user_agent": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_code_ipv4": { - "type": "short" - }, - "icmp_code_ipv6": { - "type": "short" - }, - "icmp_type_code_ipv4": { - "type": "long" - }, - "icmp_type_code_ipv6": { - "type": "long" - }, - "icmp_type_ipv4": { - "type": "short" - }, - "icmp_type_ipv6": { - "type": "short" - }, - "igmp_type": { - "type": "short" - }, - "ignored_data_record_total_count": { - "type": "long" - }, - "ignored_layer2_frame_total_count": { - "type": "long" - }, - "ignored_layer2_octet_total_count": { - "type": "long" - }, - "ignored_octet_total_count": { - "type": "long" - }, - "ignored_packet_total_count": { - "type": "long" - }, - "information_element_data_type": { - "type": "short" - }, - "information_element_description": { - "ignore_above": 1024, - "type": "keyword" - }, - "information_element_id": { - "type": "long" - }, - "information_element_index": { - "type": "long" - }, - "information_element_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "information_element_range_begin": { - "type": "long" - }, - "information_element_range_end": { - "type": "long" - }, - "information_element_semantics": { - "type": "short" - }, - "information_element_units": { - "type": "long" - }, - "ingress_broadcast_packet_total_count": { - "type": "long" - }, - "ingress_interface": { - "type": "long" - }, - "ingress_interface_type": { - "type": "long" - }, - "ingress_multicast_packet_total_count": { - "type": "long" - }, - "ingress_physical_interface": { - "type": "long" - }, - "ingress_unicast_packet_total_count": { - "type": "long" - }, - "ingress_vrfid": { - "type": "long" - }, - "initiator_octets": { - "type": "long" - }, - "initiator_packets": { - "type": "long" - }, - "interface_description": { - "ignore_above": 1024, - "type": "keyword" - }, - "interface_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "intermediate_process_id": { - "type": "long" - }, - "internal_address_realm": { - "type": "short" - }, - "ip_class_of_service": { - "type": "short" - }, - "ip_diff_serv_code_point": { - "type": "short" - }, - "ip_header_length": { - "type": "short" - }, - "ip_header_packet_section": { - "type": "short" - }, - "ip_next_hop_ipv4_address": { - "type": "ip" - }, - "ip_next_hop_ipv6_address": { - "type": "ip" - }, - "ip_payload_length": { - "type": "long" - }, - "ip_payload_packet_section": { - "type": "short" - }, - "ip_precedence": { - "type": "short" - }, - "ip_sec_spi": { - "type": "long" - }, - "ip_total_length": { - "type": "long" - }, - "ip_ttl": { - "type": "short" - }, - "ip_version": { - "type": "short" - }, - "ipv4_ihl": { - "type": "short" - }, - "ipv4_options": { - "type": "long" - }, - "ipv4_router_sc": { - "type": "ip" - }, - "ipv6_extension_headers": { - "type": "long" - }, - "is_multicast": { - "type": "short" - }, - "layer2_frame_delta_count": { - "type": "long" - }, - "layer2_frame_total_count": { - "type": "long" - }, - "layer2_octet_delta_count": { - "type": "long" - }, - "layer2_octet_delta_sum_of_squares": { - "type": "long" - }, - "layer2_octet_total_count": { - "type": "long" - }, - "layer2_octet_total_sum_of_squares": { - "type": "long" - }, - "layer2_segment_id": { - "type": "long" - }, - "layer2packet_section_data": { - "type": "short" - }, - "layer2packet_section_offset": { - "type": "long" - }, - "layer2packet_section_size": { - "type": "long" - }, - "line_card_id": { - "type": "long" - }, - "lower_ci_limit": { - "type": "double" - }, - "max_bib_entries": { - "type": "long" - }, - "max_entries_per_user": { - "type": "long" - }, - "max_export_seconds": { - "type": "date" - }, - "max_flow_end_microseconds": { - "type": "date" - }, - "max_flow_end_milliseconds": { - "type": "date" - }, - "max_flow_end_nanoseconds": { - "type": "date" - }, - "max_flow_end_seconds": { - "type": "date" - }, - "max_fragments_pending_reassembly": { - "type": "long" - }, - "max_session_entries": { - "type": "long" - }, - "max_subscribers": { - "type": "long" - }, - "maximum_ip_total_length": { - "type": "long" - }, - "maximum_layer2_total_length": { - "type": "long" - }, - "maximum_ttl": { - "type": "short" - }, - "message_md5_checksum": { - "type": "short" - }, - "message_scope": { - "type": "short" - }, - "metering_process_id": { - "type": "long" - }, - "metro_evc_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "metro_evc_type": { - "type": "short" - }, - "mib_capture_time_semantics": { - "type": "short" - }, - "mib_context_engine_id": { - "type": "short" - }, - "mib_context_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "mib_index_indicator": { - "type": "long" - }, - "mib_module_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "mib_object_description": { - "ignore_above": 1024, - "type": "keyword" - }, - "mib_object_identifier": { - "type": "short" - }, - "mib_object_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "mib_object_syntax": { - "ignore_above": 1024, - "type": "keyword" - }, - "mib_object_value_bits": { - "type": "short" - }, - "mib_object_value_counter": { - "type": "long" - }, - "mib_object_value_gauge": { - "type": "long" - }, - "mib_object_value_integer": { - "type": "long" - }, - "mib_object_value_ip_address": { - "type": "ip" - }, - "mib_object_value_octet_string": { - "type": "short" - }, - "mib_object_value_oid": { - "type": "short" - }, - "mib_object_value_time_ticks": { - "type": "long" - }, - "mib_object_value_unsigned": { - "type": "long" - }, - "mib_sub_identifier": { - "type": "long" - }, - "min_export_seconds": { - "type": "date" - }, - "min_flow_start_microseconds": { - "type": "date" - }, - "min_flow_start_milliseconds": { - "type": "date" - }, - "min_flow_start_nanoseconds": { - "type": "date" - }, - "min_flow_start_seconds": { - "type": "date" - }, - "minimum_ip_total_length": { - "type": "long" - }, - "minimum_layer2_total_length": { - "type": "long" - }, - "minimum_ttl": { - "type": "short" - }, - "mobile_imsi": { - "ignore_above": 1024, - "type": "keyword" - }, - "mobile_msisdn": { - "ignore_above": 1024, - "type": "keyword" - }, - "monitoring_interval_end_milli_seconds": { - "type": "date" - }, - "monitoring_interval_start_milli_seconds": { - "type": "date" - }, - "mpls_label_stack_depth": { - "type": "long" - }, - "mpls_label_stack_length": { - "type": "long" - }, - "mpls_label_stack_section": { - "type": "short" - }, - "mpls_label_stack_section10": { - "type": "short" - }, - "mpls_label_stack_section2": { - "type": "short" - }, - "mpls_label_stack_section3": { - "type": "short" - }, - "mpls_label_stack_section4": { - "type": "short" - }, - "mpls_label_stack_section5": { - "type": "short" - }, - "mpls_label_stack_section6": { - "type": "short" - }, - "mpls_label_stack_section7": { - "type": "short" - }, - "mpls_label_stack_section8": { - "type": "short" - }, - "mpls_label_stack_section9": { - "type": "short" - }, - "mpls_payload_length": { - "type": "long" - }, - "mpls_payload_packet_section": { - "type": "short" - }, - "mpls_top_label_exp": { - "type": "short" - }, - "mpls_top_label_ipv4_address": { - "type": "ip" - }, - "mpls_top_label_ipv6_address": { - "type": "ip" - }, - "mpls_top_label_prefix_length": { - "type": "short" - }, - "mpls_top_label_stack_section": { - "type": "short" - }, - "mpls_top_label_ttl": { - "type": "short" - }, - "mpls_top_label_type": { - "type": "short" - }, - "mpls_vpn_route_distinguisher": { - "type": "short" - }, - "multicast_replication_factor": { - "type": "long" - }, - "nat_event": { - "type": "short" - }, - "nat_instance_id": { - "type": "long" - }, - "nat_originating_address_realm": { - "type": "short" - }, - "nat_pool_id": { - "type": "long" - }, - "nat_pool_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat_quota_exceeded_event": { - "type": "long" - }, - "nat_threshold_event": { - "type": "long" - }, - "nat_type": { - "type": "short" - }, - "new_connection_delta_count": { - "type": "long" - }, - "next_header_ipv6": { - "type": "short" - }, - "not_sent_flow_total_count": { - "type": "long" - }, - "not_sent_layer2_octet_total_count": { - "type": "long" - }, - "not_sent_octet_total_count": { - "type": "long" - }, - "not_sent_packet_total_count": { - "type": "long" - }, - "observation_domain_id": { - "type": "long" - }, - "observation_domain_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "observation_point_id": { - "type": "long" - }, - "observation_point_type": { - "type": "short" - }, - "observation_time_microseconds": { - "type": "date" - }, - "observation_time_milliseconds": { - "type": "date" - }, - "observation_time_nanoseconds": { - "type": "date" - }, - "observation_time_seconds": { - "type": "date" - }, - "observed_flow_total_count": { - "type": "long" - }, - "octet_delta_count": { - "type": "long" - }, - "octet_delta_sum_of_squares": { - "type": "long" - }, - "octet_total_count": { - "type": "long" - }, - "octet_total_sum_of_squares": { - "type": "long" - }, - "opaque_octets": { - "type": "short" - }, - "original_exporter_ipv4_address": { - "type": "ip" - }, - "original_exporter_ipv6_address": { - "type": "ip" - }, - "original_flows_completed": { - "type": "long" - }, - "original_flows_initiated": { - "type": "long" - }, - "original_flows_present": { - "type": "long" - }, - "original_observation_domain_id": { - "type": "long" - }, - "p2p_technology": { - "ignore_above": 1024, - "type": "keyword" - }, - "packet_delta_count": { - "type": "long" - }, - "packet_total_count": { - "type": "long" - }, - "padding_octets": { - "type": "short" - }, - "payload_length_ipv6": { - "type": "long" - }, - "port_id": { - "type": "long" - }, - "port_range_end": { - "type": "long" - }, - "port_range_num_ports": { - "type": "long" - }, - "port_range_start": { - "type": "long" - }, - "port_range_step_size": { - "type": "long" - }, - "post_destination_mac_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "post_dot1q_customer_vlan_id": { - "type": "long" - }, - "post_dot1q_vlan_id": { - "type": "long" - }, - "post_ip_class_of_service": { - "type": "short" - }, - "post_ip_diff_serv_code_point": { - "type": "short" - }, - "post_ip_precedence": { - "type": "short" - }, - "post_layer2_octet_delta_count": { - "type": "long" - }, - "post_layer2_octet_total_count": { - "type": "long" - }, - "post_mcast_layer2_octet_delta_count": { - "type": "long" - }, - "post_mcast_layer2_octet_total_count": { - "type": "long" - }, - "post_mcast_octet_delta_count": { - "type": "long" - }, - "post_mcast_octet_total_count": { - "type": "long" - }, - "post_mcast_packet_delta_count": { - "type": "long" - }, - "post_mcast_packet_total_count": { - "type": "long" - }, - "post_mpls_top_label_exp": { - "type": "short" - }, - "post_napt_destination_transport_port": { - "type": "long" - }, - "post_napt_source_transport_port": { - "type": "long" - }, - "post_nat_destination_ipv4_address": { - "type": "ip" - }, - "post_nat_destination_ipv6_address": { - "type": "ip" - }, - "post_nat_source_ipv4_address": { - "type": "ip" - }, - "post_nat_source_ipv6_address": { - "type": "ip" - }, - "post_octet_delta_count": { - "type": "long" - }, - "post_octet_total_count": { - "type": "long" - }, - "post_packet_delta_count": { - "type": "long" - }, - "post_packet_total_count": { - "type": "long" - }, - "post_source_mac_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "post_vlan_id": { - "type": "long" - }, - "private_enterprise_number": { - "type": "long" - }, - "protocol_identifier": { - "type": "short" - }, - "pseudo_wire_control_word": { - "type": "long" - }, - "pseudo_wire_destination_ipv4_address": { - "type": "ip" - }, - "pseudo_wire_id": { - "type": "long" - }, - "pseudo_wire_type": { - "type": "long" - }, - "relative_error": { - "type": "double" - }, - "responder_octets": { - "type": "long" - }, - "responder_packets": { - "type": "long" - }, - "rfc3550_jitter_microseconds": { - "type": "long" - }, - "rfc3550_jitter_milliseconds": { - "type": "long" - }, - "rfc3550_jitter_nanoseconds": { - "type": "long" - }, - "rtp_sequence_number": { - "type": "long" - }, - "sampler_id": { - "type": "short" - }, - "sampler_mode": { - "type": "short" - }, - "sampler_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sampler_random_interval": { - "type": "long" - }, - "sampling_algorithm": { - "type": "short" - }, - "sampling_flow_interval": { - "type": "long" - }, - "sampling_flow_spacing": { - "type": "long" - }, - "sampling_interval": { - "type": "long" - }, - "sampling_packet_interval": { - "type": "long" - }, - "sampling_packet_space": { - "type": "long" - }, - "sampling_population": { - "type": "long" - }, - "sampling_probability": { - "type": "double" - }, - "sampling_size": { - "type": "long" - }, - "sampling_time_interval": { - "type": "long" - }, - "sampling_time_space": { - "type": "long" - }, - "section_exported_octets": { - "type": "long" - }, - "section_offset": { - "type": "long" - }, - "selection_sequence_id": { - "type": "long" - }, - "selector_algorithm": { - "type": "long" - }, - "selector_id": { - "type": "long" - }, - "selector_id_total_flows_observed": { - "type": "long" - }, - "selector_id_total_flows_selected": { - "type": "long" - }, - "selector_id_total_pkts_observed": { - "type": "long" - }, - "selector_id_total_pkts_selected": { - "type": "long" - }, - "selector_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_scope": { - "type": "short" - }, - "source_ipv4_address": { - "type": "ip" - }, - "source_ipv4_prefix": { - "type": "ip" - }, - "source_ipv4_prefix_length": { - "type": "short" - }, - "source_ipv6_address": { - "type": "ip" - }, - "source_ipv6_prefix": { - "type": "ip" - }, - "source_ipv6_prefix_length": { - "type": "short" - }, - "source_mac_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_transport_port": { - "type": "long" - }, - "source_transport_ports_limit": { - "type": "long" - }, - "src_traffic_index": { - "type": "long" - }, - "sta_ipv4_address": { - "type": "ip" - }, - "sta_mac_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "system_init_time_milliseconds": { - "type": "date" - }, - "tcp_ack_total_count": { - "type": "long" - }, - "tcp_acknowledgement_number": { - "type": "long" - }, - "tcp_control_bits": { - "type": "long" - }, - "tcp_destination_port": { - "type": "long" - }, - "tcp_fin_total_count": { - "type": "long" - }, - "tcp_header_length": { - "type": "short" - }, - "tcp_options": { - "type": "long" - }, - "tcp_psh_total_count": { - "type": "long" - }, - "tcp_rst_total_count": { - "type": "long" - }, - "tcp_sequence_number": { - "type": "long" - }, - "tcp_source_port": { - "type": "long" - }, - "tcp_syn_total_count": { - "type": "long" - }, - "tcp_urg_total_count": { - "type": "long" - }, - "tcp_urgent_pointer": { - "type": "long" - }, - "tcp_window_scale": { - "type": "long" - }, - "tcp_window_size": { - "type": "long" - }, - "template_id": { - "type": "long" - }, - "total_length_ipv4": { - "type": "long" - }, - "transport_octet_delta_count": { - "type": "long" - }, - "transport_packet_delta_count": { - "type": "long" - }, - "tunnel_technology": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "udp_destination_port": { - "type": "long" - }, - "udp_message_length": { - "type": "long" - }, - "udp_source_port": { - "type": "long" - }, - "upper_ci_limit": { - "type": "double" - }, - "user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "value_distribution_method": { - "type": "short" - }, - "virtual_station_interface_id": { - "type": "short" - }, - "virtual_station_interface_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_station_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_station_uuid": { - "type": "short" - }, - "vlan_id": { - "type": "long" - }, - "vpn_identifier": { - "type": "short" - }, - "vr_fname": { - "ignore_above": 1024, - "type": "keyword" - }, - "wlan_channel_id": { - "type": "short" - }, - "wlan_ssid": { - "ignore_above": 1024, - "type": "keyword" - }, - "wtp_mac_address": { - "ignore_above": 1024, - "type": "keyword" - } - } + "network":{ + "type":"object", + "dynamic": true }, - "netscout":{ - "type":"object", - "dynamic": true - }, - "network": { - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "object" - }, - "interface": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "nginx": { - "properties": { - "error": { - "properties": { - "connection_id": { - "type": "long" - } - } - }, - "ingress_controller": { - "properties": { - "http": { - "properties": { - "request": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "length": { - "type": "long" - }, - "time": { - "type": "double" - } - } - } - } - }, - "upstream": { - "properties": { - "alternative_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "response": { - "properties": { - "length": { - "type": "long" - }, - "length_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - }, - "status_code_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "time": { - "type": "double" - }, - "time_list": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "upstream_address_list": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "notice":{ + "notice":{ "type":"object", "dynamic": true }, @@ -15766,2381 +357,45 @@ "type":"object", "dynamic": true }, - "o365": { - "properties": { - "audit": { - "properties": { - "AADGroupId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ActorContextId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ActorIpAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "ActorUserId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ActorYammerUserId": { - "ignore_above": 1024, - "type": "keyword" - }, - "AlertEntityId": { - "ignore_above": 1024, - "type": "keyword" - }, - "AlertId": { - "ignore_above": 1024, - "type": "keyword" - }, - "AlertType": { - "ignore_above": 1024, - "type": "keyword" - }, - "AppId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ApplicationDisplayName": { - "ignore_above": 1024, - "type": "keyword" - }, - "ApplicationId": { - "ignore_above": 1024, - "type": "keyword" - }, - "AzureActiveDirectoryEventType": { - "ignore_above": 1024, - "type": "keyword" - }, - "Category": { - "ignore_above": 1024, - "type": "keyword" - }, - "ClientAppId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ClientIP": { - "ignore_above": 1024, - "type": "keyword" - }, - "ClientIPAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "ClientInfoString": { - "ignore_above": 1024, - "type": "keyword" - }, - "Comments": { - "norms": false, - "type": "text" - }, - "CommunicationType": { - "ignore_above": 1024, - "type": "keyword" - }, - "CorrelationId": { - "ignore_above": 1024, - "type": "keyword" - }, - "CreationTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "CustomUniqueId": { - "ignore_above": 1024, - "type": "keyword" - }, - "Data": { - "ignore_above": 1024, - "type": "keyword" - }, - "DataType": { - "ignore_above": 1024, - "type": "keyword" - }, - "DoNotDistributeEvent": { - "type": "boolean" - }, - "EntityType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ErrorNumber": { - "ignore_above": 1024, - "type": "keyword" - }, - "EventData": { - "ignore_above": 1024, - "type": "keyword" - }, - "EventSource": { - "ignore_above": 1024, - "type": "keyword" - }, - "ExceptionInfo": { - "properties": { - "*": { - "type": "object" - } - } - }, - "ExchangeMetaData": { - "properties": { - "*": { - "type": "object" - } - } - }, - "ExtendedProperties": { - "properties": { - "*": { - "type": "object" - } - } - }, - "ExternalAccess": { - "ignore_above": 1024, - "type": "keyword" - }, - "FromApp": { - "type": "boolean" - }, - "GroupName": { - "ignore_above": 1024, - "type": "keyword" - }, - "Id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ImplicitShare": { - "ignore_above": 1024, - "type": "keyword" - }, - "IncidentId": { - "ignore_above": 1024, - "type": "keyword" - }, - "InterSystemsId": { - "ignore_above": 1024, - "type": "keyword" - }, - "InternalLogonType": { - "ignore_above": 1024, - "type": "keyword" - }, - "IntraSystemId": { - "ignore_above": 1024, - "type": "keyword" - }, - "IsDocLib": { - "type": "boolean" - }, - "Item": { - "properties": { - "*": { - "properties": { - "*": { - "type": "object" - } - }, - "type": "object" - } - } - }, - "ItemCount": { - "type": "long" - }, - "ItemName": { - "ignore_above": 1024, - "type": "keyword" - }, - "ItemType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ListBaseTemplateType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ListBaseType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ListColor": { - "ignore_above": 1024, - "type": "keyword" - }, - "ListIcon": { - "ignore_above": 1024, - "type": "keyword" - }, - "ListId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ListItemUniqueId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ListTitle": { - "ignore_above": 1024, - "type": "keyword" - }, - "LogonError": { - "ignore_above": 1024, - "type": "keyword" - }, - "LogonType": { - "ignore_above": 1024, - "type": "keyword" - }, - "LogonUserSid": { - "ignore_above": 1024, - "type": "keyword" - }, - "MailboxGuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "MailboxOwnerMasterAccountSid": { - "ignore_above": 1024, - "type": "keyword" - }, - "MailboxOwnerSid": { - "ignore_above": 1024, - "type": "keyword" - }, - "MailboxOwnerUPN": { - "ignore_above": 1024, - "type": "keyword" - }, - "Members": { - "properties": { - "*": { - "type": "object" - } - } - }, - "ModifiedProperties": { - "properties": { - "*": { - "properties": { - "*": { - "type": "object" - } - } - } - } - }, - "Name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ObjectId": { - "ignore_above": 1024, - "type": "keyword" - }, - "Operation": { - "ignore_above": 1024, - "type": "keyword" - }, - "OrganizationId": { - "ignore_above": 1024, - "type": "keyword" - }, - "OrganizationName": { - "ignore_above": 1024, - "type": "keyword" - }, - "OriginatingServer": { - "ignore_above": 1024, - "type": "keyword" - }, - "Parameters": { - "properties": { - "*": { - "type": "object" - } - } - }, - "PolicyId": { - "ignore_above": 1024, - "type": "keyword" - }, - "RecordType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ResultStatus": { - "ignore_above": 1024, - "type": "keyword" - }, - "SensitiveInfoDetectionIsIncluded": { - "ignore_above": 1024, - "type": "keyword" - }, - "SessionId": { - "ignore_above": 1024, - "type": "keyword" - }, - "Severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "SharePointMetaData": { - "properties": { - "*": { - "type": "object" - } - } - }, - "Site": { - "ignore_above": 1024, - "type": "keyword" - }, - "SiteUrl": { - "ignore_above": 1024, - "type": "keyword" - }, - "Source": { - "ignore_above": 1024, - "type": "keyword" - }, - "SourceFileExtension": { - "ignore_above": 1024, - "type": "keyword" - }, - "SourceFileName": { - "ignore_above": 1024, - "type": "keyword" - }, - "SourceRelativeUrl": { - "ignore_above": 1024, - "type": "keyword" - }, - "Status": { - "ignore_above": 1024, - "type": "keyword" - }, - "SupportTicketId": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetContextId": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetUserOrGroupName": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetUserOrGroupType": { - "ignore_above": 1024, - "type": "keyword" - }, - "TeamGuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "TeamName": { - "ignore_above": 1024, - "type": "keyword" - }, - "TemplateTypeId": { - "ignore_above": 1024, - "type": "keyword" - }, - "UniqueSharingId": { - "ignore_above": 1024, - "type": "keyword" - }, - "UserAgent": { - "ignore_above": 1024, - "type": "keyword" - }, - "UserId": { - "ignore_above": 1024, - "type": "keyword" - }, - "UserKey": { - "ignore_above": 1024, - "type": "keyword" - }, - "UserType": { - "ignore_above": 1024, - "type": "keyword" - }, - "Version": { - "ignore_above": 1024, - "type": "keyword" - }, - "WebId": { - "ignore_above": 1024, - "type": "keyword" - }, - "Workload": { - "ignore_above": 1024, - "type": "keyword" - }, - "YammerNetworkId": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "observer":{ + "type":"object", + "dynamic": true }, - "object": { - "properties": { - "key": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "observer": { - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "okta": { - "properties": { - "actor": { - "properties": { - "alternate_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "display_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "authentication_context": { - "properties": { - "authentication_provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "authentication_step": { - "type": "long" - }, - "credential_provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "credential_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "external_session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "interface": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "properties": { - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user_agent": { - "properties": { - "browser": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "ignore_above": 1024, - "type": "keyword" - }, - "raw_user_agent": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "debug_context": { - "properties": { - "debug_data": { - "properties": { - "device_fingerprint": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "request_uri": { - "ignore_above": 1024, - "type": "keyword" - }, - "suspicious_activity": { - "properties": { - "browser": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_city": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_country": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_ip": { - "type": "ip" - }, - "event_latitude": { - "type": "float" - }, - "event_longitude": { - "type": "float" - }, - "event_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_transaction_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - } - } - }, - "threat_suspected": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "display_message": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "outcome": { - "properties": { - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "request": { - "properties": { - "ip_chain": { - "properties": { - "geographical_context": { - "properties": { - "city": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "geolocation": { - "type": "geo_point" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "security_context": { - "properties": { - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_proxy": { - "type": "boolean" - }, - "isp": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "type": "flattened" - }, - "transaction": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "oracle": { - "properties": { - "database_audit": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "action_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "terminal": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "database": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "entry": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "length": { - "type": "long" - }, - "privilege": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } + "organization":{ + "type":"object", + "dynamic": true }, - "osquery": { - "properties": { - "result": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "calendar_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "unix_time": { - "type": "long" - } - } - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "panw": { - "properties": { - "panos": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "actionflags": { - "ignore_above": 1024, - "type": "keyword" - }, - "attempted_gateways": { - "ignore_above": 1024, - "type": "keyword" - }, - "auth_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_os": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_os_ver": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_ver": { - "ignore_above": 1024, - "type": "keyword" - }, - "connect_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "datasource": { - "ignore_above": 1024, - "type": "keyword" - }, - "datasourcename": { - "ignore_above": 1024, - "type": "keyword" - }, - "datasourcetype": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination": { - "properties": { - "interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "device_group_hierarchy": { - "properties": { - "level_1": { - "ignore_above": 1024, - "type": "keyword" - }, - "level_2": { - "ignore_above": 1024, - "type": "keyword" - }, - "level_3": { - "ignore_above": 1024, - "type": "keyword" - }, - "level_4": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "endreason": { - "ignore_above": 1024, - "type": "keyword" - }, - "error": { - "ignore_above": 1024, - "type": "keyword" - }, - "error_code": { - "type": "long" - }, - "factorcompletiontime": { - "type": "date" - }, - "factorno": { - "type": "long" - }, - "factortype": { - "ignore_above": 1024, - "type": "keyword" - }, - "file": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "flow_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "gateway": { - "ignore_above": 1024, - "type": "keyword" - }, - "matchname": { - "ignore_above": 1024, - "type": "keyword" - }, - "matchtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "nat": { - "properties": { - "community_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pcap_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "ignore_above": 1024, - "type": "keyword" - }, - "repeatcnt": { - "type": "long" - }, - "response_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "selection_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence_number": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "source": { - "properties": { - "interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "stage": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "timeout": { - "type": "long" - }, - "tunnel_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "ugflags": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "virtual_sys": { - "ignore_above": 1024, - "type": "keyword" - }, - "vsys_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "vsys_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pensando": { - "properties": { - "dfw": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_id": { - "type": "long" - }, - "destination_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_port": { - "type": "long" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id": { - "type": "long" - }, - "session_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_port": { - "type": "long" - }, - "timestamp": { - "type": "date" - } - } - } - } - }, - "postgresql": { - "properties": { - "log": { - "properties": { - "application_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "backend_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_addr": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_port": { - "ignore_above": 1024, - "type": "keyword" - }, - "command_tag": { - "ignore_above": 1024, - "type": "keyword" - }, - "context": { - "ignore_above": 1024, - "type": "keyword" - }, - "core_id": { - "path": "postgresql.log.session_line_number", - "type": "alias" - }, - "database": { - "ignore_above": 1024, - "type": "keyword" - }, - "detail": { - "ignore_above": 1024, - "type": "keyword" - }, - "error": { - "properties": { - "code": { - "path": "postgresql.log.sql_state_code", - "type": "alias" - } - } - }, - "hint": { - "ignore_above": 1024, - "type": "keyword" - }, - "internal_query": { - "ignore_above": 1024, - "type": "keyword" - }, - "internal_query_pos": { - "type": "long" - }, - "location": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "query_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "query_pos": { - "type": "long" - }, - "query_step": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_line_number": { - "type": "long" - }, - "session_start_time": { - "type": "date" - }, - "sql_state_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "ignore_above": 1024, - "type": "keyword" - }, - "transaction_id": { - "type": "long" - }, - "virtual_transaction_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "process": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "end": { - "type": "date" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "end": { - "type": "date" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "ppid": { - "type": "long", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "program": { - "ignore_above": 1024, - "type": "keyword" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } + "os":{ + "type":"object", + "dynamic": true + }, + "package":{ + "type":"object", + "dynamic": true + }, + "pe":{ + "type":"object", + "dynamic": true + }, + "process":{ + "type":"object", + "dynamic": true }, - "proofpoint":{ - "type":"object", - "dynamic": true - }, "radius":{ "type":"object", "dynamic": true }, - "radware":{ - "type":"object", - "dynamic": true - }, "rdp":{ "type":"object", "dynamic": true }, - "rabbitmq": { - "properties": { - "log": { - "properties": { - "pid": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "redis": { - "properties": { - "log": { - "properties": { - "role": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "slowlog": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "cmd": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "properties": { - "us": { - "type": "long" - } - } - }, - "id": { - "type": "long" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "registry":{ + "type":"object", + "dynamic": true }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "wildcard" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } + "related":{ + "type":"object", + "dynamic": true }, "request":{ "type":"object", @@ -18154,366 +409,35 @@ "type":"object", "dynamic": true }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "score": { - "type": "long" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } + "rule":{ + "type":"object", + "dynamic":true, + "properties":{ + "score":{ + "type":"long" + }, + "uuid":{ + "type":"keyword" } + } }, - "santa": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "decision": { - "ignore_above": 1024, - "type": "keyword" - }, - "disk": { - "properties": { - "bsdname": { - "ignore_above": 1024, - "type": "keyword" - }, - "bus": { - "ignore_above": 1024, - "type": "keyword" - }, - "fs": { - "ignore_above": 1024, - "type": "keyword" - }, - "model": { - "ignore_above": 1024, - "type": "keyword" - }, - "mount": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial": { - "ignore_above": 1024, - "type": "keyword" - }, - "volume": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scan":{ + "scan":{ "type":"object", "dynamic": true, "properties":{ "exiftool":{ "type":"text" - }, - "pe":{ - "properties":{ - "sections":{ - "properties":{ - "entropy":{ - "type": "float" - } - } - } - } - } + } } }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }} - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "type":"object", - "dynamic": true, - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields" : { - "keyword": { - "type": "keyword" - } - } - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, + "server":{ + "type":"object", + "dynamic": true + }, + "service":{ + "type":"object", + "dynamic": true + }, "sip":{ "type":"object", "dynamic": true @@ -18530,143 +454,6 @@ "type":"object", "dynamic": true }, - "snort":{ - "type":"object", - "dynamic": true - }, - "snyk": { - "properties": { - "audit": { - "properties": { - "content": { - "type": "flattened" - }, - "org_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "projects": { - "type": "flattened" - }, - "related": { - "properties": { - "projects": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerabilities": { - "properties": { - "credit": { - "ignore_above": 1024, - "type": "keyword" - }, - "cvss3": { - "ignore_above": 1024, - "type": "keyword" - }, - "disclosure_time": { - "type": "date" - }, - "exploit_maturity": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "identifiers": { - "properties": { - "alternative": { - "ignore_above": 1024, - "type": "keyword" - }, - "cwe": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "introduced_date": { - "type": "date" - }, - "is_fixed": { - "type": "boolean" - }, - "is_ignored": { - "type": "boolean" - }, - "is_patchable": { - "type": "boolean" - }, - "is_patched": { - "type": "boolean" - }, - "is_pinnable": { - "type": "boolean" - }, - "is_upgradable": { - "type": "boolean" - }, - "jira_issue_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_severity": { - "type": "long" - }, - "package": { - "ignore_above": 1024, - "type": "keyword" - }, - "package_manager": { - "ignore_above": 1024, - "type": "keyword" - }, - "patches": { - "type": "flattened" - }, - "priority_score": { - "type": "long" - }, - "publication_time": { - "type": "date" - }, - "reachability": { - "ignore_above": 1024, - "type": "keyword" - }, - "semver": { - "type": "flattened" - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "unique_severities_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, "socks":{ "type":"object", "dynamic": true @@ -18675,922 +462,10 @@ "type":"object", "dynamic": true }, - "sonicwall":{ - "type":"object", - "dynamic": true - }, - "sophos": { - "properties": { - "xg": { - "properties": { - "Configuration": { - "type": "float" - }, - "Mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "PHPSESSID": { - "ignore_above": 1024, - "type": "keyword" - }, - "Reports": { - "type": "float" - }, - "Signature": { - "type": "float" - }, - "SysLog_SERVER_NAME": { - "ignore_above": 1024, - "type": "keyword" - }, - "Temp": { - "type": "float" - }, - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "activityname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ap": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_is_cloud": { - "ignore_above": 1024, - "type": "keyword" - }, - "appfilter_policy_id": { - "type": "long" - }, - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_filter_policy": { - "type": "long" - }, - "application_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_risk": { - "ignore_above": 1024, - "type": "keyword" - }, - "application_technology": { - "ignore_above": 1024, - "type": "keyword" - }, - "appresolvedby": { - "ignore_above": 1024, - "type": "keyword" - }, - "auth_client": { - "ignore_above": 1024, - "type": "keyword" - }, - "auth_mechanism": { - "ignore_above": 1024, - "type": "keyword" - }, - "av_policy_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "backup_mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "branch_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "category_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_host_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_physical_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "clients_conn_ssid": { - "ignore_above": 1024, - "type": "keyword" - }, - "collisions": { - "type": "long" - }, - "con_id": { - "type": "long" - }, - "conn_id": { - "type": "long" - }, - "connectionname": { - "ignore_above": 1024, - "type": "keyword" - }, - "connectiontype": { - "ignore_above": 1024, - "type": "keyword" - }, - "connevent": { - "ignore_above": 1024, - "type": "keyword" - }, - "connid": { - "ignore_above": 1024, - "type": "keyword" - }, - "contenttype": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_match": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_prefix": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_suffix": { - "ignore_above": 1024, - "type": "keyword" - }, - "cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "date": { - "type": "date" - }, - "destinationip": { - "type": "ip" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dictionary_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "dir_disp": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "domainname": { - "ignore_above": 1024, - "type": "keyword" - }, - "download_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "download_file_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_country_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_domainname": { - "ignore_above": 1024, - "type": "keyword" - }, - "dst_ip": { - "type": "ip" - }, - "dst_port": { - "type": "long" - }, - "dstdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstzone": { - "ignore_above": 1024, - "type": "keyword" - }, - "dstzonetype": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "email_subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "ep_uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "eventid": { - "ignore_above": 1024, - "type": "keyword" - }, - "eventtime": { - "type": "date" - }, - "eventtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "exceptions": { - "ignore_above": 1024, - "type": "keyword" - }, - "execution_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "extra": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_size": { - "type": "long" - }, - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "filepath": { - "ignore_above": 1024, - "type": "keyword" - }, - "filesize": { - "type": "long" - }, - "free": { - "type": "long" - }, - "from_email_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "ftp_direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "ftp_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "ftpcommand": { - "ignore_above": 1024, - "type": "keyword" - }, - "fw_rule_id": { - "type": "long" - }, - "hb_health": { - "ignore_above": 1024, - "type": "keyword" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "httpresponsecode": { - "type": "long" - }, - "iap": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "idle_cpu": { - "type": "float" - }, - "idp_policy_id": { - "type": "long" - }, - "idp_policy_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "in_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "ipaddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "ips_policy_id": { - "type": "long" - }, - "localgateway": { - "ignore_above": 1024, - "type": "keyword" - }, - "localnetwork": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_component": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_subtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "login_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "mailid": { - "ignore_above": 1024, - "type": "keyword" - }, - "mailsize": { - "type": "long" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "newversion": { - "ignore_above": 1024, - "type": "keyword" - }, - "oldversion": { - "ignore_above" : 1024, - "type": "keyword" - }, - "out_interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "override_authorizer": { - "ignore_above": 1024, - "type": "keyword" - }, - "override_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "override_token": { - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - - "policy_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "priority": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "quarantine": { - "ignore_above": 1024, - "type": "keyword" - }, - "quarantine_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "querystring": { - "ignore_above": 1024, - "type": "keyword" - }, - "raw_data": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "received_pkts": { - "type": "long" - }, - "receiveddrops": { - "type": "long" - }, - "receivederrors": { - "ignore_above": 1024, - "type": "keyword" - }, - "receivedkbits": { - "type": "long" - }, - "recv_bytes": { - "type": "long" - }, - "red_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "referer": { - "ignore_above": 1024, - "type": "keyword" - }, - "remote_ip": { - "type": "ip" - }, - "remotenetwork": { - "ignore_above": 1024, - "type": "keyword" - }, - "responsetime": { - "type": "long" - }, - "rule_priority": { - "ignore_above": 1024, - "type": "keyword" - }, - "sent_bytes": { - "type": "long" - }, - "sent_pkts": { - "type": "long" - }, - "server": { - "ignore_above": 1024, - "type": "keyword" - }, - "sessionid": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1sum": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "site_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "sourceip": { - "type": "ip" - }, - "spamaction": { - "ignore_above": 1024, - "type": "keyword" - }, - "sqli": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_country_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_domainname": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_ip": { - "type": "ip" - }, - "src_mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "src_port": { - "type": "long" - }, - "srczone": { - "ignore_above": 1024, - "type": "keyword" - }, - "srczonetype": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssid": { - "ignore_above": 1024, - "type": "keyword" - }, - "start_time": { - "type": "date" - }, - "starttime": { - "type": "date" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "system_cpu": { - "type": "float" - }, - "target": { - "ignore_above": 1024, - "type": "keyword" - }, - "threatname": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "to_email_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "total_memory": { - "type": "long" - }, - "trans_dst_ip": { - "type": "ip" - }, - "trans_dst_port": { - "type": "long" - }, - "trans_src_ip": { - "type": "ip" - }, - "trans_src_port": { - "type": "long" - }, - "transaction_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "transactionid": { - "ignore_above": 1024, - "type": "keyword" - }, - "transmitteddrops": { - "type": "long" - }, - "transmittederrors": { - "ignore_above": 1024, - "type": "keyword" - }, - "transmittedkbits": { - "type": "long" - }, - "unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "updatedip": { - "type": "ip" - }, - "upload_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "upload_file_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "used": { - "type": "long" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_cpu": { - "type": "float" - }, - "user_gp": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_group": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "users": { - "ignore_above": 1024, - "type": "keyword" - }, - "vconn_id": { - "type": "long" - }, - "virus": { - "ignore_above": 1024, - "type": "keyword" - }, - "website": { - "ignore_above": 1024, - "type": "keyword" - }, - "xss": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "source":{ + "type":"object", + "dynamic": true }, - "source": { - "dynamic": false, - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "squid":{ - "type":"object", - "dynamic": true - }, "ssh":{ "type":"object", "dynamic": true @@ -19599,7319 +474,229 @@ "type":"object", "dynamic": true }, - "stream": { - "ignore_above": 1024, - "type": "keyword" + "syslog":{ + "type":"object", + "dynamic": true }, - "suricata": { - "properties": { - "eve": { - "properties": { - "alert": { - "properties": { - "affected_product": { - "ignore_above": 1024, - "type": "keyword" - }, - "attack_target": { - "ignore_above": 1024, - "type": "keyword" - }, - "capec_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "cve": { - "ignore_above": 1024, - "type": "keyword" - }, - "cvss_v2_base": { - "ignore_above": 1024, - "type": "keyword" - }, - "cvss_v2_temporal": { - "ignore_above": 1024, - "type": "keyword" - }, - "cvss_v3_base": { - "ignore_above": 1024, - "type": "keyword" - }, - "cvss_v3_temporal": { - "ignore_above": 1024, - "type": "keyword" - }, - "cwe_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "deployment": { - "ignore_above": 1024, - "type": "keyword" - }, - "former_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "type": "long" - }, - "hostile": { - "ignore_above": 1024, - "type": "keyword" - }, - "infected": { - "ignore_above": 1024, - "type": "keyword" - }, - "malware": { - "ignore_above": 1024, - "type": "keyword" - }, - "metadata": { - "type": "flattened" - }, - "mitre_tool_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "performance_impact": { - "ignore_above": 1024, - "type": "keyword" - }, - "priority": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocols": { - "ignore_above": 1024, - "type": "keyword" - }, - "rev": { - "type": "long" - }, - "rule_source": { - "ignore_above": 1024, - "type": "keyword" - }, - "sid": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_id": { - "type": "long" - }, - "signature_severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - }, - "updated_at": { - "type": "date" - } - } - }, - "app_proto_expected": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_proto_orig": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_proto_tc": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_proto_ts": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns": { - "properties": { - "id": { - "type": "long" - }, - "rcode": { - "ignore_above": 1024, - "type": "keyword" - }, - "rdata": { - "ignore_above": 1024, - "type": "keyword" - }, - "rrname": { - "ignore_above": 1024, - "type": "keyword" - }, - "rrtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "tx_id": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "properties": { - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "fileinfo": { - "properties": { - "gaps": { - "type": "boolean" - }, - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "stored": { - "type": "boolean" - }, - "tx_id": { - "type": "long" - } - } - }, - "flow": { - - "properties": { - "age": { - "type": "long" - }, - "alerted": { - "type": "boolean" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "flow_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "http": { - "properties": { - "http_content_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "redirect": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "icmp_code": { - "type": "long" - }, - "icmp_type": { - "type": "long" - }, - "in_iface": { - "ignore_above": 1024, - "type": "keyword" - }, - "pcap_cnt": { - "type": "long" - }, - "smtp": { - "properties": { - "helo": { - "ignore_above": 1024, - "type": "keyword" - }, - "mail_from": { - "ignore_above": 1024, - "type": "keyword" - }, - "rcpt_to": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ssh": { - "properties": { - "client": { - "properties": { - "proto_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "software_version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "proto_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "software_version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "stats": { - "properties": { - "app_layer": { - "properties": { - "flow": { - "properties": { - "dcerpc_tcp": { - "type": "long" - }, - "dcerpc_udp": { - "type": "long" - }, - "dns_tcp": { - "type": "long" - }, - "dns_udp": { - "type": "long" - }, - "failed_tcp": { - "type": "long" - }, - "failed_udp": { - "type": "long" - }, - "ftp": { - "type": "long" - }, - "http": { - "type": "long" - }, - "imap": { - "type": "long" - }, - "msn": { - "type": "long" - }, - "smb": { - "type": "long" - }, - "smtp": { - "type": "long" - }, - "ssh": { - "type": "long" - }, - "tls": { - "type": "long" - } - } - }, - "tx": { - "properties": { - "dcerpc_tcp": { - "type": "long" - }, - "dcerpc_udp": { - "type": "long" - }, - "dns_tcp": { - "type": "long" - }, - "dns_udp": { - "type": "long" - }, - "ftp": { - "type": "long" - }, - "http": { - "type": "long" - }, - "smb": { - "type": "long" - }, - "smtp": { - "type": "long" - }, - "ssh": { - "type": "long" - }, - "tls": { - "type": "long" - } - } - } - } - }, - "capture": { - "properties": { - "kernel_drops": { - "type": "long" - }, - "kernel_ifdrops": { - "type": "long" - }, - "kernel_packets": { - "type": "long" - } - } - }, - "decoder": { - "properties": { - "avg_pkt_size": { - "type": "long" - }, - "bytes": { - "type": "long" - }, - "dce": { - "properties": { - "pkt_too_small": { - "type": "long" - } - } - }, - "erspan": { - "type": "long" - }, - "ethernet": { - "type": "long" - }, - "gre": { - "type": "long" - }, - "icmpv4": { - "type": "long" - }, - "icmpv6": { - "type": "long" - }, - "ieee8021ah": { - "type": "long" - }, - "invalid": { - "type": "long" - }, - "ipraw": { - "properties": { - "invalid_ip_version": { - "type": "long" - } - } - }, - "ipv4": { - "type": "long" - }, - "ipv4_in_ipv6": { - "type": "long" - }, - "ipv6": { - "type": "long" - }, - "ipv6_in_ipv6": { - "type": "long" - }, - "ltnull": { - "properties": { - "pkt_too_small": { - "type": "long" - }, - "unsupported_type": { - "type": "long" - } - } - }, - "max_pkt_size": { - "type": "long" - }, - "mpls": { - "type": "long" - }, - "null": { - "type": "long" - }, - "pkts": { - "type": "long" - }, - "ppp": { - "type": "long" - }, - "pppoe": { - "type": "long" - }, - "raw": { - "type": "long" - }, - "sctp": { - "type": "long" - }, - "sll": { - "type": "long" - }, - "tcp": { - "type": "long" - }, - "teredo": { - "type": "long" - }, - "udp": { - "type": "long" - }, - "vlan": { - "type": "long" - }, - "vlan_qinq": { - "type": "long" - } - } - }, - "defrag": { - "properties": { - "ipv4": { - "properties": { - "fragments": { - "type": "long" - }, - "reassembled": { - "type": "long" - }, - "timeouts": { - "type": "long" - } - } - }, - "ipv6": { - "properties": { - "fragments": { - "type": "long" - }, - "reassembled": { - "type": "long" - }, - "timeouts": { - "type": "long" - } - } - }, - "max_frag_hits": { - "type": "long" - } - } - }, - "detect": { - "properties": { - "alert": { - "type": "long" - } - } - }, - "dns": { - "properties": { - "memcap_global": { - "type": "long" - }, - "memcap_state": { - "type": "long" - }, - "memuse": { - "type": "long" - } - } - }, - "file_store": { - "properties": { - "open_files": { - "type": "long" - } - } - }, - "flow": { - "properties": { - "emerg_mode_entered": { - "type": "long" - }, - "emerg_mode_over": { - "type": "long" - }, - "icmpv4": { - "type": "long" - }, - "icmpv6": { - "type": "long" - }, - "memcap": { - "type": "long" - }, - "memuse": { - "type": "long" - }, - "spare": { - "type": "long" - }, - "tcp": { - "type": "long" - }, - "tcp_reuse": { - "type": "long" - }, - "udp": { - "type": "long" - } - } - }, - "flow_mgr": { - "properties": { - "bypassed_pruned": { - "type": "long" - }, - "closed_pruned": { - "type": "long" - }, - "est_pruned": { - "type": "long" - }, - "flows_checked": { - "type": "long" - }, - "flows_notimeout": { - "type": "long" - }, - "flows_removed": { - "type": "long" - }, - "flows_timeout": { - "type": "long" - }, - "flows_timeout_inuse": { - "type": "long" - }, - "new_pruned": { - "type": "long" - }, - "rows_busy": { - "type": "long" - }, - "rows_checked": { - "type": "long" - }, - "rows_empty": { - "type": "long" - }, - "rows_maxlen": { - "type": "long" - }, - "rows_skipped": { - "type": "long" - } - } - }, - "http": { - "properties": { - "memcap": { - "type": "long" - }, - "memuse": { - "type": "long" - } - } - }, - "tcp": { - "properties": { - "insert_data_normal_fail": { - "type": "long" - }, - "insert_data_overlap_fail": { - "type": "long" - }, - "insert_list_fail": { - "type": "long" - }, - "invalid_checksum": { - "type": "long" - }, - "memuse": { - "type": "long" - }, - "no_flow": { - "type": "long" - }, - "overlap": { - "type": "long" - }, - "overlap_diff_data": { - "type": "long" - }, - "pseudo": { - "type": "long" - }, - "pseudo_failed": { - "type": "long" - }, - "reassembly_gap": { - "type": "long" - }, - "reassembly_memuse": { - "type": "long" - }, - "rst": { - "type": "long" - }, - "segment_memcap_drop": { - "type": "long" - }, - "sessions": { - "type": "long" - }, - "ssn_memcap_drop": { - "type": "long" - }, - "stream_depth_reached": { - "type": "long" - }, - "syn": { - "type": "long" - }, - "synack": { - "type": "long" - } - } - }, - "uptime": { - "type": "long" - } - } - }, - "tcp": { - "properties": { - "ack": { - "type": "boolean" - }, - "fin": { - "type": "boolean" - }, - "psh": { - "type": "boolean" - }, - "rst": { - "type": "boolean" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "syn": { - "type": "boolean" - }, - "tcp_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_flags_tc": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_flags_ts": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tls": { - "properties": { - "fingerprint": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuerdn": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "string": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ja3s": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "string": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "notafter": { - "type": "date" - }, - "notbefore": { - "type": "date" - }, - "serial": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_resumed": { - "type": "boolean" - }, - "sni": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tx_id": { - "type": "long" - } - } - } - } - }, - "syslog": { - "properties": { - "facility": { - "type": "long" - }, - "facility_label": { - "ignore_above": 1024, - "type": "keyword" - }, - "priority": { - "type": "long" - }, - "severity_label": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "system": { - "properties": { - "auth": { - "properties": { - "ssh": { - "properties": { - "dropped_ip": { - "type": "ip" - }, - "event": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sudo": { - "properties": { - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "error": { - "ignore_above": 1024, - "type": "keyword" - }, - "pwd": { - "ignore_above": 1024, - "type": "keyword" - }, - "tty": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "useradd": { - "properties": { - "home": { - "ignore_above": 1024, - "type": "keyword" - }, - "shell": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" + "tags":{ + "type":"text", + "fields":{ + "keyword":{ + "type":"keyword" } } }, - "threat": { - "properties": { - "enrichments": { - "properties": { - "indicator": { - "properties": { - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "confidence": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fork_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "first_seen": { - "type": "date" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "last_seen": { - "type": "date" - }, - "marking": { - "properties": { - "tlp": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "modified_at": { - "type": "date" - }, - "port": { - "type": "long" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "wildcard" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scanner_stats": { - "type": "long" - }, - "sightings": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "original": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "object" - }, - "matched": { - "properties": { - "atomic": { - "ignore_above": 1024, - "type": "keyword" - }, - "field": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "nested" - }, - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "indicator": { - "properties": { - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "confidence": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fork_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "first_seen": { - "type": "date" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "last_seen": { - "type": "date" - }, - "marking": { - "properties": { - "tlp": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "modified_at": { - "type": "date" - }, - "port": { - "type": "long" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "wildcard" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scanner_stats": { - "type": "long" - }, - "sightings": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "original": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "software": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platforms": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "threatintel": { - "properties": { - "abusemalware": { - "properties": { - "file_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "urlhaus_download": { - "ignore_above": 1024, - "type": "keyword" - }, - "virustotal": { - "properties": { - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "percent": { - "type": "float" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "abuseurl": { - "properties": { - "blacklists": { - "properties": { - "spamhaus_dbl": { - "ignore_above": 1024, - "type": "keyword" - }, - "surbl": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "larted": { - "type": "boolean" - }, - "reporter": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "ignore_above": 1024, - "type": "keyword" - }, - "url_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "urlhaus_reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "anomali": { - "properties": { - "content": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicator": { - "ignore_above": 1024, - "type": "keyword" - }, - "labels": { - "ignore_above": 1024, - "type": "keyword" - }, - "modified": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "object_marking_refs": { - "ignore_above": 1024, - "type": "keyword" - }, - "pattern": { - "ignore_above": 1024, - "type": "keyword" - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "valid_from": { - "type": "date" - } - } - }, - "anomalithreatstream": { - "properties": { - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "confidence": { - "type": "short" - }, - "detail2": { - "norms": false, - "type": "text" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "import_session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "itype": { - "ignore_above": 1024, - "type": "keyword" - }, - "maltype": { - "ignore_above": 1024, - "type": "wildcard" - }, - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource_uri": { - "ignore_above": 1024, - "type": "keyword" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "source_feed_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "trusted_circle_ids": { - "ignore_above": 1024, - "type": "keyword" - }, - "update_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "value_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "indicator": { - "properties": { - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "confidence": { - "ignore_above": 1024, - "type": "keyword" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha384": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - }, - "tlsh": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "imphash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "first_seen": { - "type": "date" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "last_seen": { - "type": "date" - }, - "marking": { - "properties": { - "tlp": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "matched": { - "properties": { - "atomic": { - "ignore_above": 1024, - "type": "keyword" - }, - "field": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "registry": { - "properties": { - "data": { - "properties": { - "strings": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scanner_stats": { - "type": "long" - }, - "sightings": { - "type": "long" - }, - "signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "malwarebazaar": { - "properties": { - "anonymous": { - "type": "long" - }, - "code_sign": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "intelligence": { - "properties": { - "downloads": { - "type": "long" - }, - "mail": { - "properties": { - "Generic": { - "ignore_above": 1024, - "type": "keyword" - }, - "IT": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "uploads": { - "type": "long" - } - } - }, - "signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "misp": { - "properties": { - "attribute": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "comment": { - "ignore_above": 1024, - "type": "keyword" - }, - "deleted": { - "type": "boolean" - }, - "disable_correlation": { - "type": "boolean" - }, - "distribution": { - "type": "long" - }, - "event_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "object_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "object_relation": { - "ignore_above": 1024, - "type": "keyword" - }, - "sharing_group_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "to_ids": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "attribute_count": { - "type": "long" - }, - "context": { - "properties": { - "attribute": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "comment": { - "ignore_above": 1024, - "type": "keyword" - }, - "deleted": { - "type": "boolean" - }, - "disable_correlation": { - "type": "boolean" - }, - "distribution": { - "type": "long" - }, - "event_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "object_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "object_relation": { - "ignore_above": 1024, - "type": "keyword" - }, - "sharing_group_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "to_ids": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "date": { - "type": "date" - }, - "disable_correlation": { - "type": "boolean" - }, - "distribution": { - "ignore_above": 1024, - "type": "keyword" - }, - "extends_uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "info": { - "ignore_above": 1024, - "type": "keyword" - }, - "locked": { - "type": "boolean" - }, - "org": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "local": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "org_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "orgc": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "local": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "orgc_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "proposal_email_lock": { - "type": "boolean" - }, - "publish_timestamp": { - "type": "date" - }, - "published": { - "type": "boolean" - }, - "sharing_group_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_level_id": { - "type": "long" - }, - "timestamp": { - "type": "date" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "otx": { - "properties": { - "content": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicator": { - "ignore_above": 1024, - "type": "keyword" - }, - "title": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "recordedfuture": { - "properties": { - "entity": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "intelCard": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip_range": { - "type": "ip_range" - }, - "risk": { - "properties": { - "criticality": { - "type": "byte" - }, - "criticalityLabel": { - "ignore_above": 1024, - "type": "keyword" - }, - "evidenceDetails": { - "type": "flattened" - }, - "riskString": { - "ignore_above": 1024, - "type": "keyword" - }, - "riskSummary": { - "fields": { - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "rules": { - "type": "long" - }, - "score": { - "type": "short" - } - } - } - } - } - } + "threat":{ + "type":"object", + "dynamic": true }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } + "tls":{ + "type":"object", + "dynamic": true }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tomcat":{ - "type":"object", - "dynamic": true - }, - "trace": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "traefik": { - "properties": { - "access": { - "properties": { - "backend_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "frontend_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "geoip": { - "properties": { - "city_name": { - "path": "source.geo.city_name", - "type": "alias" - }, - "continent_name": { - "path": "source.geo.continent_name", - "type": "alias" - }, - "country_iso_code": { - "path": "source.geo.country_iso_code", - "type": "alias" - }, - "location": { - "path": "source.geo.location", - "type": "alias" - }, - "region_iso_code": { - "path": "source.geo.region_iso_code", - "type": "alias" - }, - "region_name": { - "path": "source.geo.region_name", - "type": "alias" - } - } - }, - "request_count": { - "type": "long" - }, - "user_agent": { - "properties": { - "name": { - "path": "user_agent.name", - "type": "alias" - }, - "original": { - "path": "user_agent.original", - "type": "alias" - }, - "os": { - "path": "user_agent.os.full_name", - "type": "alias" - }, - "os_name": { - "path": "user_agent.os.name", - "type": "alias" - } - } - }, - "user_identifier": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "transaction": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } + "trace":{ + "type":"object", + "dynamic": true }, "tunnel":{ "type":"object", "dynamic": true }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "original": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } + "user":{ + "type":"object", + "dynamic": true }, - "user": { - "properties": { - "audit": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "filesystem": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "saved": { - "properties": { - "group": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "terminal": { - "ignore_above": 1024, - "type": "keyword" - } - } + "user_agent":{ + "type":"object", + "dynamic": true }, - "user_agent": { - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "keyword": { - "type": "keyword" - }, - "text": { - "norms": false, - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } + "version":{ + "type":"object", + "dynamic": true }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } + "vlan":{ + "type":"object", + "dynamic": true }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "type": "text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } + "vulnerability":{ + "type":"object", + "dynamic": true }, - "wazuh":{ - "type":"object", - "dynamic": true - }, - "winlog":{ - "type":"object", - "dynamic": true, - "properties":{ - "event_id":{ - "type":"long" - }, - "event_data":{ - "type":"object" - }, - "version":{ - "type":"long" - } - } + "weird":{ + "type":"object", + "dynamic": true }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } + "winlog":{ + "type":"object", + "dynamic": true, + "properties":{ + "event_id":{ + "type":"long" + }, + "event_data":{ + "type":"object" + }, + "version":{ + "type":"long" } + } }, - "zeek": { - "properties": { - "capture_loss": { - "properties": { - "acks": { - "type": "long" - }, - "gaps": { - "type": "long" - }, - "peer": { - "ignore_above": 1024, - "type": "keyword" - }, - "percent_lost": { - "type": "double" - }, - "ts_delta": { - "type": "long" - } - } - }, - "connection": { - "properties": { - "history": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp": { - "properties": { - "code": { - "type": "long" - }, - "type": { - "type": "long" - } - } - }, - "inner_vlan": { - "type": "long" - }, - "local_orig": { - "type": "boolean" - }, - "local_resp": { - "type": "boolean" - }, - "missed_bytes": { - "type": "long" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_message": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "type": "long" - } - } - }, - "dce_rpc": { - "properties": { - "endpoint": { - "ignore_above": 1024, - "type": "keyword" - }, - "named_pipe": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation": { - "ignore_above": 1024, - "type": "keyword" - }, - "rtt": { - "type": "long" - } - } - }, - "dhcp": { - "properties": { - "address": { - "properties": { - "assigned": { - "type": "ip" - }, - "client": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "requested": { - "type": "ip" - }, - "server": { - "type": "ip" - } - } - }, - "client_fqdn": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "double" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "properties": { - "circuit": { - "ignore_above": 1024, - "type": "keyword" - }, - "remote_agent": { - "ignore_above": 1024, - "type": "keyword" - }, - "subscriber": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "lease_time": { - "type": "long" - }, - "msg": { - "properties": { - "client": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "type": "ip" - }, - "server": { - "ignore_above": 1024, - "type": "keyword" - }, - "types": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "software": { - "properties": { - "client": { - "ignore_above": 1024, - "type": "keyword" - }, - "server": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dnp3": { - "properties": { - "function": { - "properties": { - "reply": { - "ignore_above": 1024, - "type": "keyword" - }, - "request": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "type": "long" - } - } - }, - "dns": { - "properties": { - "AA": { - "type": "boolean" - }, - "RA": { - "type": "boolean" - }, - "RD": { - "type": "boolean" - }, - "TC": { - "type": "boolean" - }, - "TTLs": { - "type": "double" - }, - "answers": { - "ignore_above": 1024, - "type": "keyword" - }, - "qclass": { - "type": "long" - }, - "qclass_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "qtype": { - "type": "long" - }, - "qtype_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "rcode": { - "type": "long" - }, - "rcode_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "rejected": { - "type": "boolean" - }, - "rtt": { - "type": "double" - }, - "saw_query": { - "type": "boolean" - }, - "saw_reply": { - "type": "boolean" - }, - "total_answers": { - "type": "long" - }, - "total_replies": { - "type": "long" - }, - "trans_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "dpd": { - "properties": { - "analyzer": { - "ignore_above": 1024, - "type": "keyword" - }, - "failure_reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "packet_segment": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "files": { - "properties": { - "analyzers": { - "ignore_above": 1024, - "type": "keyword" - }, - "depth": { - "type": "long" - }, - "duration": { - "type": "double" - }, - "entropy": { - "type": "double" - }, - "extracted": { - "ignore_above": 1024, - "type": "keyword" - }, - "extracted_cutoff": { - "type": "boolean" - }, - "extracted_size": { - "type": "long" - }, - "filename": { - "ignore_above": 1024, - "type": "keyword" - }, - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_orig": { - "type": "boolean" - }, - "local_orig": { - "type": "boolean" - }, - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "missing_bytes": { - "type": "long" - }, - "overflow_bytes": { - "type": "long" - }, - "parent_fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "rx_host": { - "type": "ip" - }, - "seen_bytes": { - "type": "long" - }, - "session_ids": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - }, - "timedout": { - "type": "boolean" - }, - "total_bytes": { - "type": "long" - }, - "tx_host": { - "type": "ip" - } - } - }, - "ftp": { - "properties": { - "arg": { - "ignore_above": 1024, - "type": "keyword" - }, - "capture_password": { - "type": "boolean" - }, - "cmdarg": { - "properties": { - "arg": { - "ignore_above": 1024, - "type": "keyword" - }, - "cmd": { - "ignore_above": 1024, - "type": "keyword" - }, - "seq": { - "type": "long" - } - } - }, - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "cwd": { - "ignore_above": 1024, - "type": "keyword" - }, - "data_channel": { - "properties": { - "originating_host": { - "type": "ip" - }, - "passive": { - "type": "boolean" - }, - "response_host": { - "type": "ip" - }, - "response_port": { - "type": "long" - } - } - }, - "file": { - "properties": { - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - } - } - }, - "last_auth_requested": { - "ignore_above": 1024, - "type": "keyword" - }, - "passive": { - "type": "boolean" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "pending_commands": { - "type": "long" - }, - "reply": { - "properties": { - "code": { - "type": "long" - }, - "msg": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "http": { - "properties": { - "captured_password": { - "type": "boolean" - }, - "client_header_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "info_code": { - "type": "long" - }, - "info_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "orig_filenames": { - "ignore_above": 1024, - "type": "keyword" - }, - "orig_fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "orig_mime_depth": { - "type": "long" - }, - "orig_mime_types": { - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "proxied": { - "ignore_above": 1024, - "type": "keyword" - }, - "range_request": { - "type": "boolean" - }, - "resp_filenames": { - "ignore_above": 1024, - "type": "keyword" - }, - "resp_fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "resp_mime_depth": { - "type": "long" - }, - "resp_mime_types": { - "ignore_above": 1024, - "type": "keyword" - }, - "server_header_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "trans_depth": { - "type": "long" - } - } - }, - "intel": { - "properties": { - "file_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "matched": { - "ignore_above": 1024, - "type": "keyword" - }, - "seen": { - "properties": { - "conn": { - "ignore_above": 1024, - "type": "keyword" - }, - "f": { - "type": "object" - }, - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicator": { - "ignore_above": 1024, - "type": "keyword" - }, - "indicator_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "where": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sources": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "irc": { - "properties": { - "addl": { - "ignore_above": 1024, - "type": "keyword" - }, - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "dcc": { - "properties": { - "file": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - } - } - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "nick": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kerberos": { - "properties": { - "cert": { - "properties": { - "client": { - "properties": { - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "ignore_above": 1024, - "type": "keyword" - }, - "error": { - "properties": { - "code": { - "type": "long" - }, - "msg": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "forwardable": { - "type": "boolean" - }, - "renewable": { - "type": "boolean" - }, - "request_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "ignore_above": 1024, - "type": "keyword" - }, - "success": { - "type": "boolean" - }, - "ticket": { - "properties": { - "auth": { - "ignore_above": 1024, - "type": "keyword" - }, - "new": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "valid": { - "properties": { - "days": { - "type": "long" - }, - "from": { - "type": "date" - }, - "until": { - "type": "date" - } - } - } - } - }, - "modbus": { - "properties": { - "exception": { - "ignore_above": 1024, - "type": "keyword" - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - }, - "track_address": { - "type": "long" - } - } - }, - "mysql": { - "properties": { - "arg": { - "ignore_above": 1024, - "type": "keyword" - }, - "cmd": { - "ignore_above": 1024, - "type": "keyword" - }, - "response": { - "ignore_above": 1024, - "type": "keyword" - }, - "rows": { - "type": "long" - }, - "success": { - "type": "boolean" - } - } - }, - "notice": { - "properties": { - "actions": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "dropped": { - "type": "boolean" - }, - "email_body_sections": { - "norms": false, - "type": "text" - }, - "email_delay_tokens": { - "ignore_above": 1024, - "type": "keyword" - }, - "false": { - "type": "long" - }, - "ffile": { - "properties": { - "total_bytes": { - "type": "long" - } - } - }, - "file": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_orig": { - "type": "boolean" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "missing_bytes": { - "type": "long" - }, - "overflow_bytes": { - "type": "long" - }, - "parent_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "seen_bytes": { - "type": "long" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "fuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "note": { - "ignore_above": 1024, - "type": "keyword" - }, - "peer_descr": { - "norms": false, - "type": "text" - }, - "peer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub": { - "ignore_above": 1024, - "type": "keyword" - }, - "suppress_for": { - "type": "double" - } - } - }, - "ntlm": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "server": { - "properties": { - "name": { - "properties": { - "dns": { - "ignore_above": 1024, - "type": "keyword" - }, - "netbios": { - "ignore_above": 1024, - "type": "keyword" - }, - "tree": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "success": { - "type": "boolean" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ntp": { - "properties": { - "mode": { - "type": "long" - }, - "num_exts": { - "type": "long" - }, - "org_time": { - "type": "date" - }, - "poll": { - "type": "double" - }, - "precision": { - "type": "double" - }, - "rec_time": { - "type": "date" - }, - "ref_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ref_time": { - "type": "date" - }, - "root_delay": { - "type": "double" - }, - "root_disp": { - "type": "double" - }, - "stratum": { - "type": "long" - }, - "version": { - "type": "long" - }, - "xmt_time": { - "type": "date" - } - } - }, - "ocsp": { - "properties": { - "file_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "revoke": { - "properties": { - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "time": { - "type": "date" - } - } - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "update": { - "properties": { - "next": { - "type": "date" - }, - "this": { - "type": "date" - } - } - } - } - }, - "pe": { - "properties": { - "client": { - "ignore_above": 1024, - "type": "keyword" - }, - "compile_time": { - "type": "date" - }, - "has_cert_table": { - "type": "boolean" - }, - "has_debug_data": { - "type": "boolean" - }, - "has_export_table": { - "type": "boolean" - }, - "has_import_table": { - "type": "boolean" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_64bit": { - "type": "boolean" - }, - "is_exe": { - "type": "boolean" - }, - "machine": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "ignore_above": 1024, - "type": "keyword" - }, - "section_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "subsystem": { - "ignore_above": 1024, - "type": "keyword" - }, - "uses_aslr": { - "type": "boolean" - }, - "uses_code_integrity": { - "type": "boolean" - }, - "uses_dep": { - "type": "boolean" - }, - "uses_seh": { - "type": "boolean" - } - } - }, - "radius": { - "properties": { - "connect_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "framed_addr": { - "type": "ip" - }, - "logged": { - "type": "boolean" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "remote_ip": { - "type": "ip" - }, - "reply_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rdp": { - "properties": { - "cert": { - "properties": { - "count": { - "type": "long" - }, - "permanent": { - "type": "boolean" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "client": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "desktop": { - "properties": { - "color_depth": { - "ignore_above": 1024, - "type": "keyword" - }, - "height": { - "type": "long" - }, - "width": { - "type": "long" - } - } - }, - "done": { - "type": "boolean" - }, - "encryption": { - "properties": { - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "keyboard_layout": { - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "security_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssl": { - "type": "boolean" - } - } - }, - "rfb": { - "properties": { - "auth": { - "properties": { - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "success": { - "type": "boolean" - } - } - }, - "desktop_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "height": { - "type": "long" - }, - "share_flag": { - "type": "boolean" - }, - "version": { - "properties": { - "client": { - "properties": { - "major": { - "ignore_above": 1024, - "type": "keyword" - }, - "minor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "major": { - "ignore_above": 1024, - "type": "keyword" - }, - "minor": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "width": { - "type": "long" - } - } - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature": { - "properties": { - "event_msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_count": { - "type": "long" - }, - "note": { - "ignore_above": 1024, - "type": "keyword" - }, - "sig_count": { - "type": "long" - }, - "sig_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_msg": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sip": { - "properties": { - "call_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "content_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "date": { - "ignore_above": 1024, - "type": "keyword" - }, - "reply_to": { - "ignore_above": 1024, - "type": "keyword" - }, - "request": { - "properties": { - "body_length": { - "type": "long" - }, - "from": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "to": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body_length": { - "type": "long" - }, - "from": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "to": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sequence": { - "properties": { - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "number": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "status": { - "properties": { - "code": { - "type": "long" - }, - "msg": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "transaction_depth": { - "type": "long" - }, - "uri": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_agent": { - "ignore_above": 1024, - "type": "keyword" - }, - "warning": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "smb_cmd": { - "properties": { - "argument": { - "ignore_above": 1024, - "type": "keyword" - }, - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "file": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "host": { - "properties": { - "rx": { - "type": "ip" - }, - "tx": { - "type": "ip" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rtt": { - "type": "double" - }, - "smb1_offered_dialects": { - "ignore_above": 1024, - "type": "keyword" - }, - "smb2_offered_dialects": { - "type": "long" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_command": { - "ignore_above": 1024, - "type": "keyword" - }, - "tree": { - "ignore_above": 1024, - "type": "keyword" - }, - "tree_service": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "smb_files": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "fid": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "previous_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "times": { - "properties": { - "accessed": { - "type": "date" - }, - "changed": { - "type": "date" - }, - "created": { - "type": "date" - }, - "modified": { - "type": "date" - } - } - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "smb_mapping": { - "properties": { - "native_file_system": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "ignore_above": 1024, - "type": "keyword" - }, - "share_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "smtp": { - "properties": { - "cc": { - "ignore_above": 1024, - "type": "keyword" - }, - "date": { - "type": "date" - }, - "first_received": { - "ignore_above": 1024, - "type": "keyword" - }, - "from": { - "ignore_above": 1024, - "type": "keyword" - }, - "fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "has_client_activity": { - "type": "boolean" - }, - "helo": { - "ignore_above": 1024, - "type": "keyword" - }, - "in_reply_to": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_webmail": { - "type": "boolean" - }, - "last_reply": { - "ignore_above": 1024, - "type": "keyword" - }, - "mail_from": { - "ignore_above": 1024, - "type": "keyword" - }, - "msg_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "type": "ip" - }, - "process_received_from": { - "type": "boolean" - }, - "rcpt_to": { - "ignore_above": 1024, - "type": "keyword" - }, - "reply_to": { - "ignore_above": 1024, - "type": "keyword" - }, - "second_received": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "tls": { - "type": "boolean" - }, - "to": { - "ignore_above": 1024, - "type": "keyword" - }, - "transaction_depth": { - "type": "long" - }, - "user_agent": { - "ignore_above": 1024, - "type": "keyword" - }, - "x_originating_ip": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "snmp": { - "properties": { - "community": { - "ignore_above": 1024, - "type": "keyword" - }, - "display_string": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "double" - }, - "get": { - "properties": { - "bulk_requests": { - "type": "long" - }, - "requests": { - "type": "long" - }, - "responses": { - "type": "long" - } - } - }, - "set": { - "properties": { - "requests": { - "type": "long" - } - } - }, - "up_since": { - "type": "date" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "socks": { - "properties": { - "bound": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - } - } - }, - "capture_password": { - "type": "boolean" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "request": { - "properties": { - "host": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - } - } - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "type": "long" - } - } - }, - "ssh": { - "properties": { - "algorithm": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "compression": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "key_exchange": { - "ignore_above": 1024, - "type": "keyword" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "auth": { - "properties": { - "attempts": { - "type": "long" - }, - "success": { - "type": "boolean" - } - } - }, - "client": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "server": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "type": "long" - } - } - }, - "ssl": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "cert_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_chain_fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "last_alert": { - "ignore_above": 1024, - "type": "keyword" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "cert_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_chain_fuids": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "validation": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "stats": { - "properties": { - "bytes": { - "properties": { - "received": { - "type": "long" - } - } - }, - "connections": { - "properties": { - "icmp": { - "properties": { - "active": { - "type": "long" - }, - "count": { - "type": "long" - } - } - }, - "tcp": { - "properties": { - "active": { - "type": "long" - }, - "count": { - "type": "long" - } - } - }, - "udp": { - "properties": { - "active": { - "type": "long" - }, - "count": { - "type": "long" - } - } - } - } - }, - "dns_requests": { - "properties": { - "active": { - "type": "long" - }, - "count": { - "type": "long" - } - } - }, - "events": { - "properties": { - "processed": { - "type": "long" - }, - "queued": { - "type": "long" - } - } - }, - "files": { - "properties": { - "active": { - "type": "long" - }, - "count": { - "type": "long" - } - } - }, - "memory": { - "type": "long" - }, - "packets": { - "properties": { - "dropped": { - "type": "long" - }, - "processed": { - "type": "long" - }, - "received": { - "type": "long" - } - } - }, - "peer": { - "ignore_above": 1024, - "type": "keyword" - }, - "reassembly_size": { - "properties": { - "file": { - "type": "long" - }, - "frag": { - "type": "long" - }, - "tcp": { - "type": "long" - }, - "unknown": { - "type": "long" - } - } - }, - "timers": { - "properties": { - "active": { - "type": "long" - }, - "count": { - "type": "long" - } - } - }, - "timestamp_lag": { - "type": "long" - } - } - }, - "syslog": { - "properties": { - "facility": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tunnel": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "weird": { - "properties": { - "additional_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "notice": { - "type": "boolean" - }, - "peer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "basic_constraints": { - "properties": { - "certificate_authority": { - "type": "boolean" - }, - "path_length": { - "type": "long" - } - } - }, - "certificate": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "exponent": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "key": { - "properties": { - "algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "length": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "serial": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "valid": { - "properties": { - "from": { - "type": "date" - }, - "until": { - "type": "date" - } - } - }, - "version": { - "type": "long" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_cert": { - "type": "boolean" - }, - "san": { - "properties": { - "dns": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "other_fields": { - "type": "boolean" - }, - "uri": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } + "x509":{ + "type":"object", + "dynamic": true }, - "zookeeper": { - "properties": { - "audit": { - "properties": { - "acl": { - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "session": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - }, - "znode": { - "ignore_above": 1024, - "type": "keyword" - }, - "znode_type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "suricata":{ + "type":"object", + "dynamic": true }, - "zoom": { - "properties": { - "account": { - "properties": { - "account_alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "account_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "account_support_email": { - "ignore_above": 1024, - "type": "keyword" - }, - "account_support_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner_email": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "account_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "chat_channel": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "chat_message": { - "properties": { - "channel_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "channel_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "contact_email": { - "ignore_above": 1024, - "type": "keyword" - }, - "contact_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "creation_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "master_account_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "meeting": { - "properties": { - "duration": { - "type": "long" - }, - "host_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "issues": { - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "start_time": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "topic": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "old_values": { - "type": "flattened" - }, - "operator": { - "ignore_above": 1024, - "type": "keyword" - }, - "operator_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "participant": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "join_time": { - "type": "date" - }, - "leave_time": { - "type": "date" - }, - "sharing_details": { - "properties": { - "content": { - "ignore_above": 1024, - "type": "keyword" - }, - "date_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_link": { - "ignore_above": 1024, - "type": "keyword" - }, - "link_source": { - "ignore_above": 1024, - "type": "keyword" - }, - "source": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "phone": { - "properties": { - "answer_start_time": { - "type": "date" - }, - "call_end_time": { - "type": "date" - }, - "call_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "callee": { - "properties": { - "device_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "number_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "phone_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "caller": { - "properties": { - "device_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "number_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "phone_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "connected_start_time": { - "type": "date" - }, - "date_time": { - "type": "date" - }, - "download_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ringing_start_time": { - "type": "date" - }, - "user_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "recording": { - "properties": { - "duration": { - "type": "long" - }, - "host_email": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "recording_count": { - "type": "long" - }, - "recording_file": { - "properties": { - "recording_end": { - "type": "date" - }, - "recording_start": { - "type": "date" - } - } - }, - "share_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "start_time": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "topic": { - "ignore_above": 1024, - "type": "keyword" - }, - "total_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "registrant": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "city": { - "ignore_above": 1024, - "type": "keyword" - }, - "comments": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "first_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "industry": { - "ignore_above": 1024, - "type": "keyword" - }, - "job_title": { - "ignore_above": 1024, - "type": "keyword" - }, - "join_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "no_of_employees": { - "ignore_above": 1024, - "type": "keyword" - }, - "org": { - "ignore_above": 1024, - "type": "keyword" - }, - "phone": { - "ignore_above": 1024, - "type": "keyword" - }, - "purchasing_time_frame": { - "ignore_above": 1024, - "type": "keyword" - }, - "role_in_purchase_process": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "zip": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "settings": { - "type": "flattened" - }, - "sub_account_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "user": { - "properties": { - "client_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "dept": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "first_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "ignore_above": 1024, - "type": "keyword" - }, - "last_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "personal_notes": { - "ignore_above": 1024, - "type": "keyword" - }, - "phone_country": { - "ignore_above": 1024, - "type": "keyword" - }, - "phone_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "pic_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "pmi": { - "ignore_above": 1024, - "type": "keyword" - }, - "presence_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "role": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "use_pmi": { - "type": "boolean" - }, - "vanity_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "webinar": { - "properties": { - "agenda": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "host_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "issues": { - "ignore_above": 1024, - "type": "keyword" - }, - "join_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "start_time": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "topic": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zoomroom": { - "properties": { - "alert_kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "alert_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "calendar_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "calendar_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "change_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "component": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "issue": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource_email": { - "ignore_above": 1024, - "type": "keyword" - }, - "room_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } + "zeek":{ + "type":"object", + "dynamic": true }, - "zscaler":{ - "type":"object", - "dynamic": true + "aws":{ + "type":"object", + "dynamic": true + }, + "azure":{ + "type":"object", + "dynamic": true + }, + "barracuda":{ + "type":"object", + "dynamic": true + }, + "bluecoat":{ + "type":"object", + "dynamic": true + }, + "cef":{ + "type":"object", + "dynamic": true + }, + "checkpoint":{ + "type":"object", + "dynamic": true + }, + "cisco":{ + "type":"object", + "dynamic": true + }, + "cyberark":{ + "type":"object", + "dynamic": true + }, + "cylance":{ + "type":"object", + "dynamic": true + }, + "f5":{ + "type":"object", + "dynamic": true + }, + "fortinet":{ + "type":"object", + "dynamic": true + }, + "gcp":{ + "type":"object", + "dynamic": true + }, + "google_workspace":{ + "type":"object", + "dynamic": true + }, + "imperva":{ + "type":"object", + "dynamic": true + }, + "infoblox":{ + "type":"object", + "dynamic": true + }, + "juniper":{ + "type":"object", + "dynamic": true + }, + "microsoft":{ + "type":"object", + "dynamic": true + }, + "misp":{ + "type":"object", + "dynamic": true + }, + "netflow":{ + "type":"object", + "dynamic": true + }, + "netscout":{ + "type":"object", + "dynamic": true + }, + "o365":{ + "type":"object", + "dynamic": true + }, + "okta":{ + "type":"object", + "dynamic": true + }, + "proofpoint":{ + "type":"object", + "dynamic": true + }, + "radware":{ + "type":"object", + "dynamic": true + }, + "snort":{ + "type":"object", + "dynamic": true + }, + "snyk":{ + "type":"object", + "dynamic": true + }, + "sonicwall":{ + "type":"object", + "dynamic": true + }, + "sophos":{ + "type":"object", + "dynamic": true + }, + "squid":{ + "type":"object", + "dynamic": true + }, + "tomcat":{ + "type":"object", + "dynamic": true + }, + "zcaler":{ + "type":"object", + "dynamic": true + }, + "elasticsearch":{ + "type":"object", + "dynamic": true + }, + "kibana":{ + "type":"object", + "dynamic": true + }, + "logstash":{ + "type":"object", + "dynamic": true + }, + "redis":{ + "type":"object", + "dynamic": true + }, + "wazuh":{ + "type":"object", + "dynamic": true } - } - } + } } +}