CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
83e1e3efdca373b913b81a0826f6f15182b0d8ba
securityonion/salt/elasticsearch/templates/component/ecs/sophos.json
Wes a59eda319e Remove security subfield
2023-07-18 19:00:50 +00:00

722 lines
22 KiB
JSON
Raw Blame History

{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"sophos": {
"properties": {
"xg": {
"properties": {
"Configuration": {
"type": "float"
},
"Mode": {
"ignore_above": 1024,
"type": "keyword"
},
"PHPSESSID": {
"ignore_above": 1024,
"type": "keyword"
},
"Reports": {
"type": "float"
},
"Signature": {
"type": "float"
},
"SysLog_SERVER_NAME": {
"ignore_above": 1024,
"type": "keyword"
},
"Temp": {
"type": "float"
},
"action": {
"ignore_above": 1024,
"type": "keyword"
},
"activityname": {
"ignore_above": 1024,
"type": "keyword"
},
"ap": {
"ignore_above": 1024,
"type": "keyword"
},
"app_is_cloud": {
"ignore_above": 1024,
"type": "keyword"
},
"appfilter_policy_id": {
"type": "long"
},
"application": {
"ignore_above": 1024,
"type": "keyword"
},
"application_category": {
"ignore_above": 1024,
"type": "keyword"
},
"application_filter_policy": {
"type": "long"
},
"application_name": {
"ignore_above": 1024,
"type": "keyword"
},
"application_risk": {
"ignore_above": 1024,
"type": "keyword"
},
"application_technology": {
"ignore_above": 1024,
"type": "keyword"
},
"appresolvedby": {
"ignore_above": 1024,
"type": "keyword"
},
"auth_client": {
"ignore_above": 1024,
"type": "keyword"
},
"auth_mechanism": {
"ignore_above": 1024,
"type": "keyword"
},
"av_policy_name": {
"ignore_above": 1024,
"type": "keyword"
},
"backup_mode": {
"ignore_above": 1024,
"type": "keyword"
},
"branch_name": {
"ignore_above": 1024,
"type": "keyword"
},
"category": {
"ignore_above": 1024,
"type": "keyword"
},
"category_type": {
"ignore_above": 1024,
"type": "keyword"
},
"classification": {
"ignore_above": 1024,
"type": "keyword"
},
"client_host_name": {
"ignore_above": 1024,
"type": "keyword"
},
"client_physical_address": {
"ignore_above": 1024,
"type": "keyword"
},
"clients_conn_ssid": {
"ignore_above": 1024,
"type": "keyword"
},
"collisions": {
"type": "long"
},
"con_id": {
"type": "long"
},
"conn_id": {
"type": "long"
},
"connectionname": {
"ignore_above": 1024,
"type": "keyword"
},
"connectiontype": {
"ignore_above": 1024,
"type": "keyword"
},
"connevent": {
"ignore_above": 1024,
"type": "keyword"
},
"connid": {
"ignore_above": 1024,
"type": "keyword"
},
"contenttype": {
"ignore_above": 1024,
"type": "keyword"
},
"context_match": {
"ignore_above": 1024,
"type": "keyword"
},
"context_prefix": {
"ignore_above": 1024,
"type": "keyword"
},
"context_suffix": {
"ignore_above": 1024,
"type": "keyword"
},
"cookie": {
"ignore_above": 1024,
"type": "keyword"
},
"date": {
"type": "date"
},
"destinationip": {
"type": "ip"
},
"device": {
"ignore_above": 1024,
"type": "keyword"
},
"device_id": {
"ignore_above": 1024,
"type": "keyword"
},
"device_name": {
"ignore_above": 1024,
"type": "keyword"
},
"dictionary_name": {
"ignore_above": 1024,
"type": "keyword"
},
"dir_disp": {
"ignore_above": 1024,
"type": "keyword"
},
"direction": {
"ignore_above": 1024,
"type": "keyword"
},
"domainname": {
"ignore_above": 1024,
"type": "keyword"
},
"download_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"download_file_type": {
"ignore_above": 1024,
"type": "keyword"
},
"dst_country_code": {
"ignore_above": 1024,
"type": "keyword"
},
"dst_domainname": {
"ignore_above": 1024,
"type": "keyword"
},
"dst_ip": {
"type": "ip"
},
"dst_port": {
"type": "long"
},
"dstdomain": {
"ignore_above": 1024,
"type": "keyword"
},
"dstzone": {
"ignore_above": 1024,
"type": "keyword"
},
"dstzonetype": {
"ignore_above": 1024,
"type": "keyword"
},
"duration": {
"type": "long"
},
"email_subject": {
"ignore_above": 1024,
"type": "keyword"
},
"ep_uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"eventid": {
"ignore_above": 1024,
"type": "keyword"
},
"eventtime": {
"type": "date"
},
"eventtype": {
"ignore_above": 1024,
"type": "keyword"
},
"exceptions": {
"ignore_above": 1024,
"type": "keyword"
},
"execution_path": {
"ignore_above": 1024,
"type": "keyword"
},
"extra": {
"ignore_above": 1024,
"type": "keyword"
},
"file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"file_path": {
"ignore_above": 1024,
"type": "keyword"
},
"file_size": {
"type": "long"
},
"filename": {
"ignore_above": 1024,
"type": "keyword"
},
"filepath": {
"ignore_above": 1024,
"type": "keyword"
},
"filesize": {
"type": "long"
},
"free": {
"type": "long"
},
"from_email_address": {
"ignore_above": 1024,
"type": "keyword"
},
"ftp_direction": {
"ignore_above": 1024,
"type": "keyword"
},
"ftp_url": {
"ignore_above": 1024,
"type": "keyword"
},
"ftpcommand": {
"ignore_above": 1024,
"type": "keyword"
},
"fw_rule_id": {
"type": "long"
},
"hb_health": {
"ignore_above": 1024,
"type": "keyword"
},
"host": {
"ignore_above": 1024,
"type": "keyword"
},
"httpresponsecode": {
"type": "long"
},
"iap": {
"ignore_above": 1024,
"type": "keyword"
},
"icmp_code": {
"ignore_above": 1024,
"type": "keyword"
},
"icmp_type": {
"ignore_above": 1024,
"type": "keyword"
},
"idle_cpu": {
"type": "float"
},
"idp_policy_id": {
"type": "long"
},
"idp_policy_name": {
"ignore_above": 1024,
"type": "keyword"
},
"in_interface": {
"ignore_above": 1024,
"type": "keyword"
},
"interface": {
"ignore_above": 1024,
"type": "keyword"
},
"ipaddress": {
"ignore_above": 1024,
"type": "keyword"
},
"ips_policy_id": {
"type": "long"
},
"localgateway": {
"ignore_above": 1024,
"type": "keyword"
},
"localnetwork": {
"ignore_above": 1024,
"type": "keyword"
},
"log_component": {
"ignore_above": 1024,
"type": "keyword"
},
"log_id": {
"ignore_above": 1024,
"type": "keyword"
},
"log_subtype": {
"ignore_above": 1024,
"type": "keyword"
},
"log_type": {
"ignore_above": 1024,
"type": "keyword"
},
"login_user": {
"ignore_above": 1024,
"type": "keyword"
},
"mailid": {
"ignore_above": 1024,
"type": "keyword"
},
"mailsize": {
"type": "long"
},
"message": {
"ignore_above": 1024,
"type": "keyword"
},
"message_id": {
"ignore_above": 1024,
"type": "keyword"
},
"newversion": {
"ignore_above": 1024,
"type": "keyword"
},
"oldversion": {
"ignore_above": 1024,
"type": "keyword"
},
"out_interface": {
"ignore_above": 1024,
"type": "keyword"
},
"override_authorizer": {
"ignore_above": 1024,
"type": "keyword"
},
"override_name": {
"ignore_above": 1024,
"type": "keyword"
},
"override_token": {
"ignore_above": 1024,
"type": "keyword"
},
"platform": {
"ignore_above": 1024,
"type": "keyword"
},
"policy_type": {
"ignore_above": 1024,
"type": "keyword"
},
"priority": {
"ignore_above": 1024,
"type": "keyword"
},
"protocol": {
"ignore_above": 1024,
"type": "keyword"
},
"quarantine": {
"ignore_above": 1024,
"type": "keyword"
},
"quarantine_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"querystring": {
"ignore_above": 1024,
"type": "keyword"
},
"raw_data": {
"ignore_above": 1024,
"type": "keyword"
},
"reason": {
"ignore_above": 1024,
"type": "keyword"
},
"received_pkts": {
"type": "long"
},
"receiveddrops": {
"type": "long"
},
"receivederrors": {
"ignore_above": 1024,
"type": "keyword"
},
"receivedkbits": {
"type": "long"
},
"recv_bytes": {
"type": "long"
},
"red_id": {
"ignore_above": 1024,
"type": "keyword"
},
"referer": {
"ignore_above": 1024,
"type": "keyword"
},
"remote_ip": {
"type": "ip"
},
"remotenetwork": {
"ignore_above": 1024,
"type": "keyword"
},
"responsetime": {
"type": "long"
},
"rule_priority": {
"ignore_above": 1024,
"type": "keyword"
},
"sent_bytes": {
"type": "long"
},
"sent_pkts": {
"type": "long"
},
"server": {
"ignore_above": 1024,
"type": "keyword"
},
"sessionid": {
"ignore_above": 1024,
"type": "keyword"
},
"sha1sum": {
"ignore_above": 1024,
"type": "keyword"
},
"signature_id": {
"ignore_above": 1024,
"type": "keyword"
},
"signature_msg": {
"ignore_above": 1024,
"type": "keyword"
},
"site_category": {
"ignore_above": 1024,
"type": "keyword"
},
"source": {
"ignore_above": 1024,
"type": "keyword"
},
"sourceip": {
"type": "ip"
},
"spamaction": {
"ignore_above": 1024,
"type": "keyword"
},
"sqli": {
"ignore_above": 1024,
"type": "keyword"
},
"src_country_code": {
"ignore_above": 1024,
"type": "keyword"
},
"src_domainname": {
"ignore_above": 1024,
"type": "keyword"
},
"src_ip": {
"type": "ip"
},
"src_mac": {
"ignore_above": 1024,
"type": "keyword"
},
"src_port": {
"type": "long"
},
"srczone": {
"ignore_above": 1024,
"type": "keyword"
},
"srczonetype": {
"ignore_above": 1024,
"type": "keyword"
},
"ssid": {
"ignore_above": 1024,
"type": "keyword"
},
"start_time": {
"type": "date"
},
"starttime": {
"type": "date"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"status_code": {
"ignore_above": 1024,
"type": "keyword"
},
"subject": {
"ignore_above": 1024,
"type": "keyword"
},
"system_cpu": {
"type": "float"
},
"target": {
"ignore_above": 1024,
"type": "keyword"
},
"threatname": {
"ignore_above": 1024,
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"timezone": {
"ignore_above": 1024,
"type": "keyword"
},
"to_email_address": {
"ignore_above": 1024,
"type": "keyword"
},
"total_memory": {
"type": "long"
},
"trans_dst_ip": {
"type": "ip"
},
"trans_dst_port": {
"type": "long"
},
"trans_src_ip": {
"type": "ip"
},
"trans_src_port": {
"type": "long"
},
"transaction_id": {
"ignore_above": 1024,
"type": "keyword"
},
"transactionid": {
"ignore_above": 1024,
"type": "keyword"
},
"transmitteddrops": {
"type": "long"
},
"transmittederrors": {
"ignore_above": 1024,
"type": "keyword"
},
"transmittedkbits": {
"type": "long"
},
"unit": {
"ignore_above": 1024,
"type": "keyword"
},
"updatedip": {
"type": "ip"
},
"upload_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"upload_file_type": {
"ignore_above": 1024,
"type": "keyword"
},
"url": {
"ignore_above": 1024,
"type": "keyword"
},
"used": {
"type": "long"
},
"user": {
"ignore_above": 1024,
"type": "keyword"
},
"user_cpu": {
"type": "float"
},
"user_gp": {
"ignore_above": 1024,
"type": "keyword"
},
"user_group": {
"ignore_above": 1024,
"type": "keyword"
},
"user_name": {
"ignore_above": 1024,
"type": "keyword"
},
"users": {
"ignore_above": 1024,
"type": "keyword"
},
"vconn_id": {
"type": "long"
},
"virus": {
"ignore_above": 1024,
"type": "keyword"
},
"website": {
"ignore_above": 1024,
"type": "keyword"
},
"xss": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink