{ "_meta": { "documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html", "ecs_version": "1.12.2" }, "template": { "mappings": { "properties": { "sophos": { "properties": { "xg": { "properties": { "Configuration": { "type": "float" }, "Mode": { "ignore_above": 1024, "type": "keyword" }, "PHPSESSID": { "ignore_above": 1024, "type": "keyword" }, "Reports": { "type": "float" }, "Signature": { "type": "float" }, "SysLog_SERVER_NAME": { "ignore_above": 1024, "type": "keyword" }, "Temp": { "type": "float" }, "action": { "ignore_above": 1024, "type": "keyword" }, "activityname": { "ignore_above": 1024, "type": "keyword" }, "ap": { "ignore_above": 1024, "type": "keyword" }, "app_is_cloud": { "ignore_above": 1024, "type": "keyword" }, "appfilter_policy_id": { "type": "long" }, "application": { "ignore_above": 1024, "type": "keyword" }, "application_category": { "ignore_above": 1024, "type": "keyword" }, "application_filter_policy": { "type": "long" }, "application_name": { "ignore_above": 1024, "type": "keyword" }, "application_risk": { "ignore_above": 1024, "type": "keyword" }, "application_technology": { "ignore_above": 1024, "type": "keyword" }, "appresolvedby": { "ignore_above": 1024, "type": "keyword" }, "auth_client": { "ignore_above": 1024, "type": "keyword" }, "auth_mechanism": { "ignore_above": 1024, "type": "keyword" }, "av_policy_name": { "ignore_above": 1024, "type": "keyword" }, "backup_mode": { "ignore_above": 1024, "type": "keyword" }, "branch_name": { "ignore_above": 1024, "type": "keyword" }, "category": { "ignore_above": 1024, "type": "keyword" }, "category_type": { "ignore_above": 1024, "type": "keyword" }, "classification": { "ignore_above": 1024, "type": "keyword" }, "client_host_name": { "ignore_above": 1024, "type": "keyword" }, "client_physical_address": { "ignore_above": 1024, "type": "keyword" }, "clients_conn_ssid": { "ignore_above": 1024, "type": "keyword" }, "collisions": { "type": "long" }, "con_id": { "type": "long" }, "conn_id": { "type": "long" }, "connectionname": { "ignore_above": 1024, "type": "keyword" }, "connectiontype": { "ignore_above": 1024, "type": "keyword" }, "connevent": { "ignore_above": 1024, "type": "keyword" }, "connid": { "ignore_above": 1024, "type": "keyword" }, "contenttype": { "ignore_above": 1024, "type": "keyword" }, "context_match": { "ignore_above": 1024, "type": "keyword" }, "context_prefix": { "ignore_above": 1024, "type": "keyword" }, "context_suffix": { "ignore_above": 1024, "type": "keyword" }, "cookie": { "ignore_above": 1024, "type": "keyword" }, "date": { "type": "date" }, "destinationip": { "type": "ip" }, "device": { "ignore_above": 1024, "type": "keyword" }, "device_id": { "ignore_above": 1024, "type": "keyword" }, "device_name": { "ignore_above": 1024, "type": "keyword" }, "dictionary_name": { "ignore_above": 1024, "type": "keyword" }, "dir_disp": { "ignore_above": 1024, "type": "keyword" }, "direction": { "ignore_above": 1024, "type": "keyword" }, "domainname": { "ignore_above": 1024, "type": "keyword" }, "download_file_name": { "ignore_above": 1024, "type": "keyword" }, "download_file_type": { "ignore_above": 1024, "type": "keyword" }, "dst_country_code": { "ignore_above": 1024, "type": "keyword" }, "dst_domainname": { "ignore_above": 1024, "type": "keyword" }, "dst_ip": { "type": "ip" }, "dst_port": { "type": "long" }, "dstdomain": { "ignore_above": 1024, "type": "keyword" }, "dstzone": { "ignore_above": 1024, "type": "keyword" }, "dstzonetype": { "ignore_above": 1024, "type": "keyword" }, "duration": { "type": "long" }, "email_subject": { "ignore_above": 1024, "type": "keyword" }, "ep_uuid": { "ignore_above": 1024, "type": "keyword" }, "eventid": { "ignore_above": 1024, "type": "keyword" }, "eventtime": { "type": "date" }, "eventtype": { "ignore_above": 1024, "type": "keyword" }, "exceptions": { "ignore_above": 1024, "type": "keyword" }, "execution_path": { "ignore_above": 1024, "type": "keyword" }, "extra": { "ignore_above": 1024, "type": "keyword" }, "file_name": { "ignore_above": 1024, "type": "keyword" }, "file_path": { "ignore_above": 1024, "type": "keyword" }, "file_size": { "type": "long" }, "filename": { "ignore_above": 1024, "type": "keyword" }, "filepath": { "ignore_above": 1024, "type": "keyword" }, "filesize": { "type": "long" }, "free": { "type": "long" }, "from_email_address": { "ignore_above": 1024, "type": "keyword" }, "ftp_direction": { "ignore_above": 1024, "type": "keyword" }, "ftp_url": { "ignore_above": 1024, "type": "keyword" }, "ftpcommand": { "ignore_above": 1024, "type": "keyword" }, "fw_rule_id": { "type": "long" }, "hb_health": { "ignore_above": 1024, "type": "keyword" }, "host": { "ignore_above": 1024, "type": "keyword" }, "httpresponsecode": { "type": "long" }, "iap": { "ignore_above": 1024, "type": "keyword" }, "icmp_code": { "ignore_above": 1024, "type": "keyword" }, "icmp_type": { "ignore_above": 1024, "type": "keyword" }, "idle_cpu": { "type": "float" }, "idp_policy_id": { "type": "long" }, "idp_policy_name": { "ignore_above": 1024, "type": "keyword" }, "in_interface": { "ignore_above": 1024, "type": "keyword" }, "interface": { "ignore_above": 1024, "type": "keyword" }, "ipaddress": { "ignore_above": 1024, "type": "keyword" }, "ips_policy_id": { "type": "long" }, "localgateway": { "ignore_above": 1024, "type": "keyword" }, "localnetwork": { "ignore_above": 1024, "type": "keyword" }, "log_component": { "ignore_above": 1024, "type": "keyword" }, "log_id": { "ignore_above": 1024, "type": "keyword" }, "log_subtype": { "ignore_above": 1024, "type": "keyword" }, "log_type": { "ignore_above": 1024, "type": "keyword" }, "login_user": { "ignore_above": 1024, "type": "keyword" }, "mailid": { "ignore_above": 1024, "type": "keyword" }, "mailsize": { "type": "long" }, "message": { "ignore_above": 1024, "type": "keyword" }, "message_id": { "ignore_above": 1024, "type": "keyword" }, "newversion": { "ignore_above": 1024, "type": "keyword" }, "oldversion": { "ignore_above": 1024, "type": "keyword" }, "out_interface": { "ignore_above": 1024, "type": "keyword" }, "override_authorizer": { "ignore_above": 1024, "type": "keyword" }, "override_name": { "ignore_above": 1024, "type": "keyword" }, "override_token": { "ignore_above": 1024, "type": "keyword" }, "platform": { "ignore_above": 1024, "type": "keyword" }, "policy_type": { "ignore_above": 1024, "type": "keyword" }, "priority": { "ignore_above": 1024, "type": "keyword" }, "protocol": { "ignore_above": 1024, "type": "keyword" }, "quarantine": { "ignore_above": 1024, "type": "keyword" }, "quarantine_reason": { "ignore_above": 1024, "type": "keyword" }, "querystring": { "ignore_above": 1024, "type": "keyword" }, "raw_data": { "ignore_above": 1024, "type": "keyword" }, "reason": { "ignore_above": 1024, "type": "keyword" }, "received_pkts": { "type": "long" }, "receiveddrops": { "type": "long" }, "receivederrors": { "ignore_above": 1024, "type": "keyword" }, "receivedkbits": { "type": "long" }, "recv_bytes": { "type": "long" }, "red_id": { "ignore_above": 1024, "type": "keyword" }, "referer": { "ignore_above": 1024, "type": "keyword" }, "remote_ip": { "type": "ip" }, "remotenetwork": { "ignore_above": 1024, "type": "keyword" }, "responsetime": { "type": "long" }, "rule_priority": { "ignore_above": 1024, "type": "keyword" }, "sent_bytes": { "type": "long" }, "sent_pkts": { "type": "long" }, "server": { "ignore_above": 1024, "type": "keyword" }, "sessionid": { "ignore_above": 1024, "type": "keyword" }, "sha1sum": { "ignore_above": 1024, "type": "keyword" }, "signature_id": { "ignore_above": 1024, "type": "keyword" }, "signature_msg": { "ignore_above": 1024, "type": "keyword" }, "site_category": { "ignore_above": 1024, "type": "keyword" }, "source": { "ignore_above": 1024, "type": "keyword" }, "sourceip": { "type": "ip" }, "spamaction": { "ignore_above": 1024, "type": "keyword" }, "sqli": { "ignore_above": 1024, "type": "keyword" }, "src_country_code": { "ignore_above": 1024, "type": "keyword" }, "src_domainname": { "ignore_above": 1024, "type": "keyword" }, "src_ip": { "type": "ip" }, "src_mac": { "ignore_above": 1024, "type": "keyword" }, "src_port": { "type": "long" }, "srczone": { "ignore_above": 1024, "type": "keyword" }, "srczonetype": { "ignore_above": 1024, "type": "keyword" }, "ssid": { "ignore_above": 1024, "type": "keyword" }, "start_time": { "type": "date" }, "starttime": { "type": "date" }, "status": { "ignore_above": 1024, "type": "keyword" }, "status_code": { "ignore_above": 1024, "type": "keyword" }, "subject": { "ignore_above": 1024, "type": "keyword" }, "system_cpu": { "type": "float" }, "target": { "ignore_above": 1024, "type": "keyword" }, "threatname": { "ignore_above": 1024, "type": "keyword" }, "timestamp": { "type": "date" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "to_email_address": { "ignore_above": 1024, "type": "keyword" }, "total_memory": { "type": "long" }, "trans_dst_ip": { "type": "ip" }, "trans_dst_port": { "type": "long" }, "trans_src_ip": { "type": "ip" }, "trans_src_port": { "type": "long" }, "transaction_id": { "ignore_above": 1024, "type": "keyword" }, "transactionid": { "ignore_above": 1024, "type": "keyword" }, "transmitteddrops": { "type": "long" }, "transmittederrors": { "ignore_above": 1024, "type": "keyword" }, "transmittedkbits": { "type": "long" }, "unit": { "ignore_above": 1024, "type": "keyword" }, "updatedip": { "type": "ip" }, "upload_file_name": { "ignore_above": 1024, "type": "keyword" }, "upload_file_type": { "ignore_above": 1024, "type": "keyword" }, "url": { "ignore_above": 1024, "type": "keyword" }, "used": { "type": "long" }, "user": { "ignore_above": 1024, "type": "keyword" }, "user_cpu": { "type": "float" }, "user_gp": { "ignore_above": 1024, "type": "keyword" }, "user_group": { "ignore_above": 1024, "type": "keyword" }, "user_name": { "ignore_above": 1024, "type": "keyword" }, "users": { "ignore_above": 1024, "type": "keyword" }, "vconn_id": { "type": "long" }, "virus": { "ignore_above": 1024, "type": "keyword" }, "website": { "ignore_above": 1024, "type": "keyword" }, "xss": { "ignore_above": 1024, "type": "keyword" } } } } } } } } }