diff --git a/salt/elasticsearch/templates/so/so-common-template.json.jinja b/salt/elasticsearch/templates/so/so-common-template.json.jinja index b460b42ea..54ba21b55 100644 --- a/salt/elasticsearch/templates/so/so-common-template.json.jinja +++ b/salt/elasticsearch/templates/so/so-common-template.json.jinja @@ -10,11 +10,7 @@ "number_of_shards":1, "index.refresh_interval":"{{ REFRESH }}", "index.routing.allocation.require.box_type":"hot", - "index.mapping.total_fields.limit": "1500", -{%- if INDEX_SORTING is sameas true %} - "index.sort.field": "@timestamp", - "index.sort.order": "desc", -{%- endif %} + "index.mapping.total_fields.limit": "10000", "analysis": { "analyzer": { "es_security_analyzer": { @@ -379,7 +375,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -4617,7 +4613,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -4729,7 +4725,7 @@ "full_name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -4762,7 +4758,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -4774,7 +4770,7 @@ } } } - } + } }, "cloud": { "properties": { @@ -5644,7 +5640,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -5764,7 +5760,7 @@ "full_name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -5797,7 +5793,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -5808,9 +5804,8 @@ "type": "keyword" } } - } - - } + } + } }, "dhcp":{ "type":"object", @@ -6509,12 +6504,12 @@ "type": "keyword" }, "message": { - "type": "match_only_text" + "type": "text" }, "stack_trace": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -6945,7 +6940,7 @@ "path": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -6989,7 +6984,7 @@ "target_path": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -9790,22 +9785,6 @@ } } }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, "gsuite": { "properties": { "actor": { @@ -10544,6 +10523,22 @@ } } }, + "group": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, "haproxy": { "properties": { "backend_name": { @@ -10835,7 +10830,7 @@ "full": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -10848,7 +10843,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -10888,7 +10883,7 @@ "full_name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -10921,7 +10916,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" }, "keyword": { "type": "keyword" @@ -12141,7 +12136,7 @@ "fields":{ "keyword":{ "type":"keyword", - "ignore_above": 32766 + "ignore_above": 32766 } } }, @@ -15367,7 +15362,7 @@ "full": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -15380,7 +15375,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -15831,7 +15826,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -15848,7 +15843,7 @@ "full": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -15861,7 +15856,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -16466,7 +16461,7 @@ "command_line": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -16599,7 +16594,7 @@ "executable": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -16635,7 +16630,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -16689,7 +16684,7 @@ "command_line": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -16822,7 +16817,7 @@ "executable": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -16858,7 +16853,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -16922,7 +16917,7 @@ "title": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -16934,7 +16929,7 @@ "working_directory": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -17004,7 +16999,7 @@ "title": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -17016,7 +17011,7 @@ "working_directory": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -17157,2700 +17152,6 @@ "type":"object", "dynamic": true }, - "rsa": { - "properties": { - "counters": { - "properties": { - "dclass_c1": { - "type": "long" - }, - "dclass_c1_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "dclass_c2": { - "type": "long" - }, - "dclass_c2_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "dclass_c3": { - "type": "long" - }, - "dclass_c3_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "dclass_r1": { - "ignore_above": 1024, - "type": "keyword" - }, - "dclass_r1_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "dclass_r2": { - "ignore_above": 1024, - "type": "keyword" - }, - "dclass_r2_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "dclass_r3": { - "ignore_above": 1024, - "type": "keyword" - }, - "dclass_r3_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_counter": { - "type": "long" - } - } - }, - "crypto": { - "properties": { - "cert_ca": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_common": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_error": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_host_cat": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_host_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_keysize": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_serial": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "cert_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "cipher_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "cipher_size_dst": { - "type": "long" - }, - "cipher_size_src": { - "type": "long" - }, - "cipher_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "crypto": { - "ignore_above": 1024, - "type": "keyword" - }, - "d_certauth": { - "ignore_above": 1024, - "type": "keyword" - }, - "https_insact": { - "ignore_above": 1024, - "type": "keyword" - }, - "https_valid": { - "ignore_above": 1024, - "type": "keyword" - }, - "ike": { - "ignore_above": 1024, - "type": "keyword" - }, - "ike_cookie1": { - "ignore_above": 1024, - "type": "keyword" - }, - "ike_cookie2": { - "ignore_above": 1024, - "type": "keyword" - }, - "peer": { - "ignore_above": 1024, - "type": "keyword" - }, - "peer_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "s_certauth": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "sig_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssl_ver_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssl_ver_src": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "db": { - "properties": { - "database": { - "ignore_above": 1024, - "type": "keyword" - }, - "db_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "db_pid": { - "type": "long" - }, - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "instance": { - "ignore_above": 1024, - "type": "keyword" - }, - "lread": { - "type": "long" - }, - "lwrite": { - "type": "long" - }, - "permissions": { - "ignore_above": 1024, - "type": "keyword" - }, - "pread": { - "type": "long" - }, - "table_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "transact_id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "properties": { - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "email_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "trans_from": { - "ignore_above": 1024, - "type": "keyword" - }, - "trans_to": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "endpoint": { - "properties": { - "host_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "registry_key": { - "ignore_above": 1024, - "type": "keyword" - }, - "registry_value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "attachment": { - "ignore_above": 1024, - "type": "keyword" - }, - "binary": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_entropy": { - "type": "double" - }, - "file_vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "filename_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "filename_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "filename_tmp": { - "ignore_above": 1024, - "type": "keyword" - }, - "filesystem": { - "ignore_above": 1024, - "type": "keyword" - }, - "privilege": { - "ignore_above": 1024, - "type": "keyword" - }, - "task_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "healthcare": { - "properties": { - "patient_fname": { - "ignore_above": 1024, - "type": "keyword" - }, - "patient_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "patient_lname": { - "ignore_above": 1024, - "type": "keyword" - }, - "patient_mname": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "identity": { - "properties": { - "accesses": { - "ignore_above": 1024, - "type": "keyword" - }, - "auth_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "dn": { - "ignore_above": 1024, - "type": "keyword" - }, - "dn_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "dn_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "federated_idp": { - "ignore_above": 1024, - "type": "keyword" - }, - "federated_sp": { - "ignore_above": 1024, - "type": "keyword" - }, - "firstname": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_role": { - "ignore_above": 1024, - "type": "keyword" - }, - "lastname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ldap": { - "ignore_above": 1024, - "type": "keyword" - }, - "ldap_query": { - "ignore_above": 1024, - "type": "keyword" - }, - "ldap_response": { - "ignore_above": 1024, - "type": "keyword" - }, - "logon_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "logon_type_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "middlename": { - "ignore_above": 1024, - "type": "keyword" - }, - "org": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "profile": { - "ignore_above": 1024, - "type": "keyword" - }, - "realm": { - "ignore_above": 1024, - "type": "keyword" - }, - "service_account": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_dept": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_role": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_sid_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_sid_src": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "internal": { - "properties": { - "audit_class": { - "ignore_above": 1024, - "type": "keyword" - }, - "cid": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "dead": { - "type": "long" - }, - "device_class": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_group": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_ip": { - "type": "ip" - }, - "device_ipv6": { - "type": "ip" - }, - "device_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_type_id": { - "type": "long" - }, - "did": { - "ignore_above": 1024, - "type": "keyword" - }, - "entropy_req": { - "type": "long" - }, - "entropy_res": { - "type": "long" - }, - "entry": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "feed_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "feed_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "feed_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "forward_ip": { - "type": "ip" - }, - "forward_ipv6": { - "type": "ip" - }, - "hcode": { - "ignore_above": 1024, - "type": "keyword" - }, - "header_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "inode": { - "type": "long" - }, - "lc_cid": { - "ignore_above": 1024, - "type": "keyword" - }, - "lc_ctime": { - "type": "date" - }, - "level": { - "type": "long" - }, - "mcb_req": { - "type": "long" - }, - "mcb_res": { - "type": "long" - }, - "mcbc_req": { - "type": "long" - }, - "mcbc_res": { - "type": "long" - }, - "medium": { - "type": "long" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, - "messageid": { - "ignore_above": 1024, - "type": "keyword" - }, - "msg": { - "ignore_above": 1024, - "type": "keyword" - }, - "msg_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "msg_vid": { - "ignore_above": 1024, - "type": "keyword" - }, - "node_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "nwe_callback_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "obj_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "obj_server": { - "ignore_above": 1024, - "type": "keyword" - }, - "obj_val": { - "ignore_above": 1024, - "type": "keyword" - }, - "parse_error": { - "ignore_above": 1024, - "type": "keyword" - }, - "payload_req": { - "type": "long" - }, - "payload_res": { - "type": "long" - }, - "process_vid_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "process_vid_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource_class": { - "ignore_above": 1024, - "type": "keyword" - }, - "rid": { - "type": "long" - }, - "session_split": { - "ignore_above": 1024, - "type": "keyword" - }, - "site": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "sourcefile": { - "ignore_above": 1024, - "type": "keyword" - }, - "statement": { - "ignore_above": 1024, - "type": "keyword" - }, - "time": { - "type": "date" - }, - "ubc_req": { - "type": "long" - }, - "ubc_res": { - "type": "long" - }, - "word": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "investigations": { - "properties": { - "analysis_file": { - "ignore_above": 1024, - "type": "keyword" - }, - "analysis_service": { - "ignore_above": 1024, - "type": "keyword" - }, - "analysis_session": { - "ignore_above": 1024, - "type": "keyword" - }, - "boc": { - "ignore_above": 1024, - "type": "keyword" - }, - "ec_activity": { - "ignore_above": 1024, - "type": "keyword" - }, - "ec_outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "ec_subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "ec_theme": { - "ignore_above": 1024, - "type": "keyword" - }, - "eoc": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_cat": { - "type": "long" - }, - "event_cat_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_vcat": { - "ignore_above": 1024, - "type": "keyword" - }, - "inv_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "inv_context": { - "ignore_above": 1024, - "type": "keyword" - }, - "ioc": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "misc": { - "properties": { - "OS": { - "ignore_above": 1024, - "type": "keyword" - }, - "acl_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "acl_op": { - "ignore_above": 1024, - "type": "keyword" - }, - "acl_pos": { - "ignore_above": 1024, - "type": "keyword" - }, - "acl_table": { - "ignore_above": 1024, - "type": "keyword" - }, - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "admin": { - "ignore_above": 1024, - "type": "keyword" - }, - "agent_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "alarm_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "alarmname": { - "ignore_above": 1024, - "type": "keyword" - }, - "alert_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "app_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "audit": { - "ignore_above": 1024, - "type": "keyword" - }, - "audit_object": { - "ignore_above": 1024, - "type": "keyword" - }, - "auditdata": { - "ignore_above": 1024, - "type": "keyword" - }, - "autorun_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "benchmark": { - "ignore_above": 1024, - "type": "keyword" - }, - "bypass": { - "ignore_above": 1024, - "type": "keyword" - }, - "cache": { - "ignore_above": 1024, - "type": "keyword" - }, - "cache_hit": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "cc_number": { - "type": "long" - }, - "cefversion": { - "ignore_above": 1024, - "type": "keyword" - }, - "cfg_attr": { - "ignore_above": 1024, - "type": "keyword" - }, - "cfg_obj": { - "ignore_above": 1024, - "type": "keyword" - }, - "cfg_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "change_attrib": { - "ignore_above": 1024, - "type": "keyword" - }, - "change_new": { - "ignore_above": 1024, - "type": "keyword" - }, - "change_old": { - "ignore_above": 1024, - "type": "keyword" - }, - "changes": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "ignore_above": 1024, - "type": "keyword" - }, - "client_ip": { - "ignore_above": 1024, - "type": "keyword" - }, - "clustermembers": { - "ignore_above": 1024, - "type": "keyword" - }, - "cmd": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_acttimeout": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_asn_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_bgpv4nxthop": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_ctr_dst_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_dst_tos": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_dst_vlan": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_engine_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_engine_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_f_switch": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_flowsampid": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_flowsampintv": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_flowsampmode": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_inacttimeout": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_inpermbyts": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_inpermpckts": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_invalid": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_ip_proto_ver": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_ipv4_ident": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_l_switch": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_log_did": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_log_rid": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_max_ttl": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_maxpcktlen": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_min_ttl": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_minpcktlen": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_1": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_10": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_2": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_3": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_4": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_5": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_6": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_7": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_8": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mpls_lbl_9": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mplstoplabel": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mplstoplabip": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mul_dst_byt": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_mul_dst_pks": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_muligmptype": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_sampalgo": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_sampint": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_seqctr": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_spackets": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_src_tos": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_src_vlan": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_sysuptime": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_template_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_totbytsexp": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_totflowexp": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_totpcktsexp": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_unixnanosecs": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_v6flowlabel": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_v6optheaders": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "command": { - "ignore_above": 1024, - "type": "keyword" - }, - "comments": { - "ignore_above": 1024, - "type": "keyword" - }, - "comp_class": { - "ignore_above": 1024, - "type": "keyword" - }, - "comp_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "comp_rbytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "comp_sbytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "comp_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "content": { - "ignore_above": 1024, - "type": "keyword" - }, - "content_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "content_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "context": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "context_target": { - "ignore_above": 1024, - "type": "keyword" - }, - "count": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu": { - "type": "long" - }, - "cpu_data": { - "ignore_above": 1024, - "type": "keyword" - }, - "criticality": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_agency_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_analyzedby": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_av_other": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_av_primary": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_av_secondary": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_bgpv6nxthop": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_bit9status": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_context": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_control": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_data": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_datecret": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_dst_tld": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_eth_dst_ven": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_eth_src_ven": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_event_uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_filetype": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_fld": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_if_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_if_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_ip_next_hop": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_ipv4dstpre": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_ipv4srcpre": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_lifetime": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_log_medium": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_loginname": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_modulescore": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_modulesign": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_opswatresult": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_payload": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_registrant": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_registrar": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_represult": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_rpayload": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_sampler_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_sourcemodule": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_streams": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_targetmodule": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_v6nxthop": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_whois_server": { - "ignore_above": 1024, - "type": "keyword" - }, - "cs_yararesult": { - "ignore_above": 1024, - "type": "keyword" - }, - "cve": { - "ignore_above": 1024, - "type": "keyword" - }, - "data_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "device_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "devvendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "disposition": { - "ignore_above": 1024, - "type": "keyword" - }, - "distance": { - "ignore_above": 1024, - "type": "keyword" - }, - "doc_number": { - "type": "long" - }, - "dstburb": { - "ignore_above": 1024, - "type": "keyword" - }, - "edomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "edomaub": { - "ignore_above": 1024, - "type": "keyword" - }, - "ein_number": { - "type": "long" - }, - "error": { - "ignore_above": 1024, - "type": "keyword" - }, - "euid": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_computer": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_log": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_source": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_user": { - "ignore_above": 1024, - "type": "keyword" - }, - "expected_val": { - "ignore_above": 1024, - "type": "keyword" - }, - "facility": { - "ignore_above": 1024, - "type": "keyword" - }, - "facilityname": { - "ignore_above": 1024, - "type": "keyword" - }, - "fcatnum": { - "ignore_above": 1024, - "type": "keyword" - }, - "filter": { - "ignore_above": 1024, - "type": "keyword" - }, - "finterface": { - "ignore_above": 1024, - "type": "keyword" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "forensic_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "found": { - "ignore_above": 1024, - "type": "keyword" - }, - "fresult": { - "type": "long" - }, - "gaddr": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "group_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "group_object": { - "ignore_above": 1024, - "type": "keyword" - }, - "hardware_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id3": { - "ignore_above": 1024, - "type": "keyword" - }, - "im_buddyid": { - "ignore_above": 1024, - "type": "keyword" - }, - "im_buddyname": { - "ignore_above": 1024, - "type": "keyword" - }, - "im_client": { - "ignore_above": 1024, - "type": "keyword" - }, - "im_croomid": { - "ignore_above": 1024, - "type": "keyword" - }, - "im_croomtype": { - "ignore_above": 1024, - "type": "keyword" - }, - "im_members": { - "ignore_above": 1024, - "type": "keyword" - }, - "im_userid": { - "ignore_above": 1024, - "type": "keyword" - }, - "im_username": { - "ignore_above": 1024, - "type": "keyword" - }, - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "inout": { - "ignore_above": 1024, - "type": "keyword" - }, - "ipkt": { - "ignore_above": 1024, - "type": "keyword" - }, - "ipscat": { - "ignore_above": 1024, - "type": "keyword" - }, - "ipspri": { - "ignore_above": 1024, - "type": "keyword" - }, - "job_num": { - "ignore_above": 1024, - "type": "keyword" - }, - "jobname": { - "ignore_above": 1024, - "type": "keyword" - }, - "language": { - "ignore_above": 1024, - "type": "keyword" - }, - "latitude": { - "ignore_above": 1024, - "type": "keyword" - }, - "library": { - "ignore_above": 1024, - "type": "keyword" - }, - "lifetime": { - "type": "long" - }, - "linenum": { - "ignore_above": 1024, - "type": "keyword" - }, - "link": { - "ignore_above": 1024, - "type": "keyword" - }, - "list_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "listnum": { - "ignore_above": 1024, - "type": "keyword" - }, - "load_data": { - "ignore_above": 1024, - "type": "keyword" - }, - "location_floor": { - "ignore_above": 1024, - "type": "keyword" - }, - "location_mark": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_session_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_session_id1": { - "ignore_above": 1024, - "type": "keyword" - }, - "log_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "logid": { - "ignore_above": 1024, - "type": "keyword" - }, - "logip": { - "ignore_above": 1024, - "type": "keyword" - }, - "logname": { - "ignore_above": 1024, - "type": "keyword" - }, - "longitude": { - "ignore_above": 1024, - "type": "keyword" - }, - "lport": { - "ignore_above": 1024, - "type": "keyword" - }, - "mail_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "match": { - "ignore_above": 1024, - "type": "keyword" - }, - "mbug_data": { - "ignore_above": 1024, - "type": "keyword" - }, - "message_body": { - "ignore_above": 1024, - "type": "keyword" - }, - "misc": { - "ignore_above": 1024, - "type": "keyword" - }, - "misc_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "msgIdPart1": { - "ignore_above": 1024, - "type": "keyword" - }, - "msgIdPart2": { - "ignore_above": 1024, - "type": "keyword" - }, - "msgIdPart3": { - "ignore_above": 1024, - "type": "keyword" - }, - "msgIdPart4": { - "ignore_above": 1024, - "type": "keyword" - }, - "msg_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "msgid": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "netsessid": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "ignore_above": 1024, - "type": "keyword" - }, - "ntype": { - "ignore_above": 1024, - "type": "keyword" - }, - "num": { - "ignore_above": 1024, - "type": "keyword" - }, - "number": { - "ignore_above": 1024, - "type": "keyword" - }, - "number1": { - "ignore_above": 1024, - "type": "keyword" - }, - "number2": { - "ignore_above": 1024, - "type": "keyword" - }, - "nwwn": { - "ignore_above": 1024, - "type": "keyword" - }, - "obj_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "obj_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "object": { - "ignore_above": 1024, - "type": "keyword" - }, - "observed_val": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation": { - "ignore_above": 1024, - "type": "keyword" - }, - "operation_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "opkt": { - "ignore_above": 1024, - "type": "keyword" - }, - "orig_from": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_action": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_filter": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_group_object": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_msgid": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_msgid1": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_msgid2": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_result1": { - "ignore_above": 1024, - "type": "keyword" - }, - "param": { - "ignore_above": 1024, - "type": "keyword" - }, - "param_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "param_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_node": { - "ignore_above": 1024, - "type": "keyword" - }, - "password_chg": { - "ignore_above": 1024, - "type": "keyword" - }, - "password_expire": { - "ignore_above": 1024, - "type": "keyword" - }, - "payload_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "payload_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "permgranted": { - "ignore_above": 1024, - "type": "keyword" - }, - "permwanted": { - "ignore_above": 1024, - "type": "keyword" - }, - "pgid": { - "ignore_above": 1024, - "type": "keyword" - }, - "phone": { - "ignore_above": 1024, - "type": "keyword" - }, - "pid": { - "ignore_above": 1024, - "type": "keyword" - }, - "policy": { - "ignore_above": 1024, - "type": "keyword" - }, - "policyUUID": { - "ignore_above": 1024, - "type": "keyword" - }, - "policy_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "policy_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "policy_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "policy_waiver": { - "ignore_above": 1024, - "type": "keyword" - }, - "pool_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "pool_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "port_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "priority": { - "ignore_above": 1024, - "type": "keyword" - }, - "process_id_val": { - "ignore_above": 1024, - "type": "keyword" - }, - "prog_asp_num": { - "ignore_above": 1024, - "type": "keyword" - }, - "program": { - "ignore_above": 1024, - "type": "keyword" - }, - "real_data": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "rec_asp_device": { - "ignore_above": 1024, - "type": "keyword" - }, - "rec_asp_num": { - "ignore_above": 1024, - "type": "keyword" - }, - "rec_library": { - "ignore_above": 1024, - "type": "keyword" - }, - "recordnum": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference_id1": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference_id2": { - "ignore_above": 1024, - "type": "keyword" - }, - "result": { - "ignore_above": 1024, - "type": "keyword" - }, - "result_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_info": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_num": { - "type": "double" - }, - "risk_num_comm": { - "type": "double" - }, - "risk_num_next": { - "type": "double" - }, - "risk_num_sand": { - "type": "double" - }, - "risk_num_static": { - "type": "double" - }, - "risk_suspicious": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_warning": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruid": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_group": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_template": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "sburb": { - "ignore_above": 1024, - "type": "keyword" - }, - "sdomain_fld": { - "ignore_above": 1024, - "type": "keyword" - }, - "search_text": { - "ignore_above": 1024, - "type": "keyword" - }, - "sec": { - "ignore_above": 1024, - "type": "keyword" - }, - "second": { - "ignore_above": 1024, - "type": "keyword" - }, - "sensor": { - "ignore_above": 1024, - "type": "keyword" - }, - "sensorname": { - "ignore_above": 1024, - "type": "keyword" - }, - "seqnum": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "session": { - "ignore_above": 1024, - "type": "keyword" - }, - "sessiontype": { - "ignore_above": 1024, - "type": "keyword" - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - }, - "sigUUID": { - "ignore_above": 1024, - "type": "keyword" - }, - "sig_id": { - "type": "long" - }, - "sig_id1": { - "type": "long" - }, - "sig_id_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "sig_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "sigcat": { - "ignore_above": 1024, - "type": "keyword" - }, - "snmp_oid": { - "ignore_above": 1024, - "type": "keyword" - }, - "snmp_value": { - "ignore_above": 1024, - "type": "keyword" - }, - "space": { - "ignore_above": 1024, - "type": "keyword" - }, - "space1": { - "ignore_above": 1024, - "type": "keyword" - }, - "spi": { - "ignore_above": 1024, - "type": "keyword" - }, - "spi_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "spi_src": { - "ignore_above": 1024, - "type": "keyword" - }, - "sql": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcburb": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcdom": { - "ignore_above": 1024, - "type": "keyword" - }, - "srcservice": { - "ignore_above": 1024, - "type": "keyword" - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "status1": { - "ignore_above": 1024, - "type": "keyword" - }, - "streams": { - "type": "long" - }, - "subcategory": { - "ignore_above": 1024, - "type": "keyword" - }, - "svcno": { - "ignore_above": 1024, - "type": "keyword" - }, - "system": { - "ignore_above": 1024, - "type": "keyword" - }, - "tbdstr1": { - "ignore_above": 1024, - "type": "keyword" - }, - "tbdstr2": { - "ignore_above": 1024, - "type": "keyword" - }, - "tcp_flags": { - "type": "long" - }, - "terminal": { - "ignore_above": 1024, - "type": "keyword" - }, - "tgtdom": { - "ignore_above": 1024, - "type": "keyword" - }, - "tgtdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "threshold": { - "ignore_above": 1024, - "type": "keyword" - }, - "tos": { - "type": "long" - }, - "trigger_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "trigger_val": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "type1": { - "ignore_above": 1024, - "type": "keyword" - }, - "udb_class": { - "ignore_above": 1024, - "type": "keyword" - }, - "url_fld": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_div": { - "ignore_above": 1024, - "type": "keyword" - }, - "userid": { - "ignore_above": 1024, - "type": "keyword" - }, - "username_fld": { - "ignore_above": 1024, - "type": "keyword" - }, - "utcstamp": { - "ignore_above": 1024, - "type": "keyword" - }, - "v_instafname": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "virt_data": { - "ignore_above": 1024, - "type": "keyword" - }, - "virusname": { - "ignore_above": 1024, - "type": "keyword" - }, - "vm_target": { - "ignore_above": 1024, - "type": "keyword" - }, - "vpnid": { - "ignore_above": 1024, - "type": "keyword" - }, - "vsys": { - "ignore_above": 1024, - "type": "keyword" - }, - "vuln_ref": { - "ignore_above": 1024, - "type": "keyword" - }, - "workspace": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "network": { - "properties": { - "ad_computer_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "addr": { - "ignore_above": 1024, - "type": "keyword" - }, - "alias_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "dinterface": { - "ignore_above": 1024, - "type": "keyword" - }, - "dmask": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns_a_record": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns_cname_record": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns_opcode": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns_ptr_record": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns_resp": { - "ignore_above": 1024, - "type": "keyword" - }, - "dns_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "domain1": { - "ignore_above": 1024, - "type": "keyword" - }, - "eth_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "eth_type": { - "type": "long" - }, - "faddr": { - "ignore_above": 1024, - "type": "keyword" - }, - "fhost": { - "ignore_above": 1024, - "type": "keyword" - }, - "fport": { - "ignore_above": 1024, - "type": "keyword" - }, - "gateway": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_orig": { - "ignore_above": 1024, - "type": "keyword" - }, - "host_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "icmp_code": { - "type": "long" - }, - "icmp_type": { - "type": "long" - }, - "interface": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip_proto": { - "type": "long" - }, - "laddr": { - "ignore_above": 1024, - "type": "keyword" - }, - "lhost": { - "ignore_above": 1024, - "type": "keyword" - }, - "linterface": { - "ignore_above": 1024, - "type": "keyword" - }, - "mask": { - "ignore_above": 1024, - "type": "keyword" - }, - "netname": { - "ignore_above": 1024, - "type": "keyword" - }, - "network_port": { - "type": "long" - }, - "network_service": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "ignore_above": 1024, - "type": "keyword" - }, - "packet_length": { - "ignore_above": 1024, - "type": "keyword" - }, - "paddr": { - "type": "ip" - }, - "phost": { - "ignore_above": 1024, - "type": "keyword" - }, - "port": { - "type": "long" - }, - "protocol_detail": { - "ignore_above": 1024, - "type": "keyword" - }, - "remote_domain_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "rpayload": { - "ignore_above": 1024, - "type": "keyword" - }, - "sinterface": { - "ignore_above": 1024, - "type": "keyword" - }, - "smask": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "type": "long" - }, - "vlan_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "zone_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "zone_src": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "physical": { - "properties": { - "org_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "org_src": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "storage": { - "properties": { - "disk_volume": { - "ignore_above": 1024, - "type": "keyword" - }, - "lun": { - "ignore_above": 1024, - "type": "keyword" - }, - "pwwn": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "threat": { - "properties": { - "alert": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_category": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_desc": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat_source": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "time": { - "properties": { - "date": { - "ignore_above": 1024, - "type": "keyword" - }, - "datetime": { - "ignore_above": 1024, - "type": "keyword" - }, - "day": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration_time": { - "type": "double" - }, - "effective_time": { - "type": "date" - }, - "endtime": { - "type": "date" - }, - "event_queue_time": { - "type": "date" - }, - "event_time": { - "type": "date" - }, - "event_time_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "eventtime": { - "ignore_above": 1024, - "type": "keyword" - }, - "expire_time": { - "type": "date" - }, - "expire_time_str": { - "ignore_above": 1024, - "type": "keyword" - }, - "gmtdate": { - "ignore_above": 1024, - "type": "keyword" - }, - "gmttime": { - "ignore_above": 1024, - "type": "keyword" - }, - "hour": { - "ignore_above": 1024, - "type": "keyword" - }, - "min": { - "ignore_above": 1024, - "type": "keyword" - }, - "month": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_date": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_month": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_time1": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_time2": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_year": { - "ignore_above": 1024, - "type": "keyword" - }, - "process_time": { - "ignore_above": 1024, - "type": "keyword" - }, - "recorded_time": { - "type": "date" - }, - "stamp": { - "type": "date" - }, - "starttime": { - "type": "date" - }, - "timestamp": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "tzone": { - "ignore_above": 1024, - "type": "keyword" - }, - "year": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "web": { - "properties": { - "alias_host": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_asn_dst": { - "ignore_above": 1024, - "type": "keyword" - }, - "cn_rpackets": { - "ignore_above": 1024, - "type": "keyword" - }, - "fqdn": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_url": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_user_agent": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_web_cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_web_method": { - "ignore_above": 1024, - "type": "keyword" - }, - "p_web_referer": { - "ignore_above": 1024, - "type": "keyword" - }, - "remote_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "reputation_num": { - "type": "double" - }, - "urlpage": { - "ignore_above": 1024, - "type": "keyword" - }, - "urlroot": { - "ignore_above": 1024, - "type": "keyword" - }, - "web_cookie": { - "ignore_above": 1024, - "type": "keyword" - }, - "web_extension_tmp": { - "ignore_above": 1024, - "type": "keyword" - }, - "web_page": { - "ignore_above": 1024, - "type": "keyword" - }, - "web_ref_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "web_ref_page": { - "ignore_above": 1024, - "type": "keyword" - }, - "web_ref_query": { - "ignore_above": 1024, - "type": "keyword" - }, - "web_ref_root": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "wireless": { - "properties": { - "access_point": { - "ignore_above": 1024, - "type": "keyword" - }, - "wlan_channel": { - "type": "long" - }, - "wlan_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "wlan_ssid": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, "rule": { "properties": { "author": { @@ -19998,7 +17299,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -20053,7 +17354,6 @@ "type": "keyword" }, "region_name": { - "ignore_above": 1024, "type": "keyword" }, "timezone": { @@ -20106,15 +17406,15 @@ "email": { "ignore_above": 1024, "type": "keyword" - }, + }, "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" + "fields": { + "text": { + "type": "text" + } + }, + "ignore_above": 1024, + "type": "keyword" }, "group": { "properties": { @@ -20129,8 +17429,7 @@ "name": { "ignore_above": 1024, "type": "keyword" - } - } + }} }, "hash": { "ignore_above": 1024, @@ -20143,7 +17442,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -20156,63 +17455,63 @@ } } } - }, - "service":{ - "type":"object", - "dynamic": true, - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" + }, + "service": { + "type":"object", + "dynamic": true, + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "environment": { + "ignore_above": 1024, + "type": "keyword" + }, + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword", + "fields" : { + "keyword": { + "type": "keyword" + } } - } - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" + }, + "node": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword", - "fields": { - "keyword": { - "type": "keyword" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword", + "fields": { + "keyword": { + "type": "keyword" + } } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" } - } - }, + }, "sip":{ "type":"object", "dynamic": true @@ -20243,10 +17542,6 @@ "org_id": { "ignore_above": 1024, "type": "keyword" - }, - "project_id": { - "ignore_above": 1024, - "type": "keyword" } } }, @@ -20787,7 +18082,7 @@ "type": "keyword" }, "oldversion": { - "ignore_above": 1024, + "ignore_above" : 1024, "type": "keyword" }, "out_interface": { @@ -20810,6 +18105,7 @@ "ignore_above": 1024, "type": "keyword" }, + "policy_type": { "ignore_above": 1024, "type": "keyword" @@ -21113,7 +18409,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -21233,7 +18529,7 @@ "full_name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -21266,7 +18562,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -21521,6 +18817,7 @@ } }, "flow": { + "properties": { "age": { "type": "long" @@ -22139,8 +19436,8 @@ "type": "long" } } - } - } + } + } }, "syslog": { "properties": { @@ -22248,7 +19545,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -22378,6 +19675,7 @@ "ignore_above": 1024, "type": "keyword" }, + "os_abi": { "ignore_above": 1024, "type": "keyword" @@ -22520,7 +19818,7 @@ "path": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -22564,7 +19862,7 @@ "target_path": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -22721,7 +20019,7 @@ "full": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -22730,7 +20028,7 @@ "original": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -22945,7 +20243,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -23217,7 +20515,7 @@ "path": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -23261,7 +20559,7 @@ "target_path": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -23418,7 +20716,7 @@ "full": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -23427,7 +20725,7 @@ "original": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -23631,7 +20929,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -23650,7 +20948,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -24988,7 +22286,7 @@ "full": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -24997,7 +22295,7 @@ "original": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25079,7 +22377,7 @@ "full_name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25112,7 +22410,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25141,7 +22439,7 @@ "full_name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25174,7 +22472,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25217,7 +22515,7 @@ "full_name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25250,7 +22548,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25321,7 +22619,7 @@ "full_name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25354,7 +22652,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25408,7 +22706,7 @@ "full": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25425,7 +22723,7 @@ "name": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25476,7 +22774,7 @@ "description": { "fields": { "text": { - "type": "match_only_text" + "type": "text" } }, "ignore_above": 1024, @@ -25532,9 +22830,8 @@ "wazuh":{ "type":"object", "dynamic": true - } - }, - "winlog":{ + }, + "winlog":{ "type":"object", "dynamic": true, "properties":{ @@ -28608,9 +25905,10 @@ } } }, - "zcaler":{ + "zscaler":{ "type":"object", "dynamic": true } + } + } } -}