CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-15 21:52:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2c0e287f8c320f3d0f1d800a0916e90d59a93ca7
securityonion/salt/elasticsearch/templates/component/ecs/process.json
Wes a59eda319e Remove security subfield
2023-07-18 19:00:50 +00:00

572 lines
17 KiB
JSON
Raw Blame History

{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-process.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"process": {
"properties": {
"args": {
"ignore_above": 1024,
"type": "keyword"
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"exists": {
"type": "boolean"
},
"signing_id": {
"ignore_above": 1024,
"type": "keyword"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"subject_name": {
"ignore_above": 1024,
"type": "keyword"
},
"team_id": {
"ignore_above": 1024,
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"type": "wildcard"
},
"elf": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"byte_order": {
"ignore_above": 1024,
"type": "keyword"
},
"cpu_type": {
"ignore_above": 1024,
"type": "keyword"
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"ignore_above": 1024,
"type": "keyword"
},
"class": {
"ignore_above": 1024,
"type": "keyword"
},
"data": {
"ignore_above": 1024,
"type": "keyword"
},
"entrypoint": {
"type": "long"
},
"object_version": {
"ignore_above": 1024,
"type": "keyword"
},
"os_abi": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_offset": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_size": {
"type": "long"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
},
"type": "nested"
},
"segments": {
"properties": {
"sections": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
},
"type": "nested"
},
"shared_libraries": {
"ignore_above": 1024,
"type": "keyword"
},
"telfhash": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"end": {
"type": "date"
},
"entity_id": {
"ignore_above": 1024,
"type": "keyword"
},
"executable": {
"ignore_above": 1024,
"type": "keyword"
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
},
"sha256": {
"ignore_above": 1024,
"type": "keyword"
},
"sha512": {
"ignore_above": 1024,
"type": "keyword"
},
"ssdeep": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"parent": {
"properties": {
"args": {
"ignore_above": 1024,
"type": "keyword"
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"ignore_above": 1024,
"type": "keyword"
},
"exists": {
"type": "boolean"
},
"signing_id": {
"ignore_above": 1024,
"type": "keyword"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"subject_name": {
"ignore_above": 1024,
"type": "keyword"
},
"team_id": {
"ignore_above": 1024,
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"type": "wildcard"
},
"elf": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"byte_order": {
"ignore_above": 1024,
"type": "keyword"
},
"cpu_type": {
"ignore_above": 1024,
"type": "keyword"
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"ignore_above": 1024,
"type": "keyword"
},
"class": {
"ignore_above": 1024,
"type": "keyword"
},
"data": {
"ignore_above": 1024,
"type": "keyword"
},
"entrypoint": {
"type": "long"
},
"object_version": {
"ignore_above": 1024,
"type": "keyword"
},
"os_abi": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_offset": {
"ignore_above": 1024,
"type": "keyword"
},
"physical_size": {
"type": "long"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
},
"type": "nested"
},
"segments": {
"properties": {
"sections": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
},
"type": "nested"
},
"shared_libraries": {
"ignore_above": 1024,
"type": "keyword"
},
"telfhash": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"end": {
"type": "date"
},
"entity_id": {
"ignore_above": 1024,
"type": "keyword"
},
"executable": {
"ignore_above": 1024,
"type": "keyword"
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1": {
"ignore_above": 1024,
"type": "keyword"
},
"sha256": {
"ignore_above": 1024,
"type": "keyword"
},
"sha512": {
"ignore_above": 1024,
"type": "keyword"
},
"ssdeep": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"pe": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"company": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"file_version": {
"ignore_above": 1024,
"type": "keyword"
},
"imphash": {
"ignore_above": 1024,
"type": "keyword"
},
"original_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"product": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"title": {
"ignore_above": 1024,
"type": "keyword"
},
"uptime": {
"type": "long"
},
"working_directory": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"pe": {
"properties": {
"architecture": {
"ignore_above": 1024,
"type": "keyword"
},
"company": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"file_version": {
"ignore_above": 1024,
"type": "keyword"
},
"imphash": {
"ignore_above": 1024,
"type": "keyword"
},
"original_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"product": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"title": {
"ignore_above": 1024,
"type": "keyword"
},
"uptime": {
"type": "long"
},
"working_directory": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink