CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-15 21:52:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a60e55e5cd009b1a0c6e455f061a375376e60dd7
securityonion/salt/elasticsearch/templates/component/ecs/checkpoint.json
Wes a59eda319e Remove security subfield
2023-07-18 19:00:50 +00:00

1615 lines
44 KiB
JSON
Raw Blame History

{
"_meta": {
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
"ecs_version": "1.12.2"
},
"template": {
"mappings": {
"properties": {
"checkpoint": {
"properties": {
"action_reason": {
"type": "long"
},
"action_reason_msg": {
"ignore_above": 1024,
"type": "keyword"
},
"additional_info": {
"ignore_above": 1024,
"type": "keyword"
},
"additional_ip": {
"ignore_above": 1024,
"type": "keyword"
},
"additional_rdata": {
"ignore_above": 1024,
"type": "keyword"
},
"alert": {
"ignore_above": 1024,
"type": "keyword"
},
"allocated_ports": {
"type": "long"
},
"analyzed_on": {
"ignore_above": 1024,
"type": "keyword"
},
"answer_rdata": {
"ignore_above": 1024,
"type": "keyword"
},
"anti_virus_type": {
"ignore_above": 1024,
"type": "keyword"
},
"app_desc": {
"ignore_above": 1024,
"type": "keyword"
},
"app_id": {
"type": "long"
},
"app_package": {
"ignore_above": 1024,
"type": "keyword"
},
"app_properties": {
"ignore_above": 1024,
"type": "keyword"
},
"app_repackaged": {
"ignore_above": 1024,
"type": "keyword"
},
"app_risk": {
"ignore_above": 1024,
"type": "keyword"
},
"app_severity": {
"ignore_above": 1024,
"type": "keyword"
},
"app_sid_id": {
"ignore_above": 1024,
"type": "keyword"
},
"app_sig_id": {
"ignore_above": 1024,
"type": "keyword"
},
"app_version": {
"ignore_above": 1024,
"type": "keyword"
},
"appi_name": {
"ignore_above": 1024,
"type": "keyword"
},
"arrival_time": {
"ignore_above": 1024,
"type": "keyword"
},
"attachments_num": {
"type": "long"
},
"attack_status": {
"ignore_above": 1024,
"type": "keyword"
},
"audit_status": {
"ignore_above": 1024,
"type": "keyword"
},
"auth_method": {
"ignore_above": 1024,
"type": "keyword"
},
"authority_rdata": {
"ignore_above": 1024,
"type": "keyword"
},
"authorization": {
"ignore_above": 1024,
"type": "keyword"
},
"bcc": {
"ignore_above": 1024,
"type": "keyword"
},
"blade_name": {
"ignore_above": 1024,
"type": "keyword"
},
"broker_publisher": {
"type": "ip"
},
"browse_time": {
"ignore_above": 1024,
"type": "keyword"
},
"c_bytes": {
"type": "long"
},
"calc_desc": {
"ignore_above": 1024,
"type": "keyword"
},
"capacity": {
"type": "long"
},
"capture_uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"category": {
"ignore_above": 1024,
"type": "keyword"
},
"cc": {
"ignore_above": 1024,
"type": "keyword"
},
"certificate_resource": {
"ignore_above": 1024,
"type": "keyword"
},
"certificate_validation": {
"ignore_above": 1024,
"type": "keyword"
},
"cgnet": {
"ignore_above": 1024,
"type": "keyword"
},
"chunk_type": {
"ignore_above": 1024,
"type": "keyword"
},
"client_name": {
"ignore_above": 1024,
"type": "keyword"
},
"client_type": {
"ignore_above": 1024,
"type": "keyword"
},
"client_type_os": {
"ignore_above": 1024,
"type": "keyword"
},
"client_version": {
"ignore_above": 1024,
"type": "keyword"
},
"cluster_info": {
"ignore_above": 1024,
"type": "keyword"
},
"community": {
"ignore_above": 1024,
"type": "keyword"
},
"confidence_level": {
"type": "long"
},
"connection_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"connectivity_level": {
"ignore_above": 1024,
"type": "keyword"
},
"connectivity_state": {
"ignore_above": 1024,
"type": "keyword"
},
"conns_amount": {
"type": "long"
},
"content_disposition": {
"ignore_above": 1024,
"type": "keyword"
},
"content_length": {
"ignore_above": 1024,
"type": "keyword"
},
"content_risk": {
"type": "long"
},
"content_type": {
"ignore_above": 1024,
"type": "keyword"
},
"context_num": {
"type": "long"
},
"cookie": {
"ignore_above": 1024,
"type": "keyword"
},
"cookieI": {
"ignore_above": 1024,
"type": "keyword"
},
"cookieR": {
"ignore_above": 1024,
"type": "keyword"
},
"cp_message": {
"type": "long"
},
"cvpn_category": {
"ignore_above": 1024,
"type": "keyword"
},
"cvpn_resource": {
"ignore_above": 1024,
"type": "keyword"
},
"data_type_name": {
"ignore_above": 1024,
"type": "keyword"
},
"dce-rpc_interface_uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"delivery_time": {
"ignore_above": 1024,
"type": "keyword"
},
"desc": {
"ignore_above": 1024,
"type": "keyword"
},
"description": {
"ignore_above": 1024,
"type": "keyword"
},
"destination_object": {
"ignore_above": 1024,
"type": "keyword"
},
"detected_on": {
"ignore_above": 1024,
"type": "keyword"
},
"developer_certificate_name": {
"ignore_above": 1024,
"type": "keyword"
},
"diameter_app_ID": {
"type": "long"
},
"diameter_cmd_code": {
"type": "long"
},
"diameter_msg_type": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_action_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_additional_action": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_categories": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_data_type_name": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_data_type_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_fingerprint_files_number": {
"type": "long"
},
"dlp_fingerprint_long_status": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_fingerprint_short_status": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_incident_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_recipients": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_related_incident_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_relevant_data_types": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_repository_directories_number": {
"type": "long"
},
"dlp_repository_files_number": {
"type": "long"
},
"dlp_repository_id": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_repository_not_scanned_directories_percentage": {
"type": "long"
},
"dlp_repository_reached_directories_number": {
"type": "long"
},
"dlp_repository_root_path": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_repository_scan_progress": {
"type": "long"
},
"dlp_repository_scanned_directories_number": {
"type": "long"
},
"dlp_repository_scanned_files_number": {
"type": "long"
},
"dlp_repository_scanned_total_size": {
"type": "long"
},
"dlp_repository_skipped_files_number": {
"type": "long"
},
"dlp_repository_total_size": {
"type": "long"
},
"dlp_repository_unreachable_directories_number": {
"type": "long"
},
"dlp_rule_name": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_subject": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_template_score": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_transint": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_violation_description": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_watermark_profile": {
"ignore_above": 1024,
"type": "keyword"
},
"dlp_word_list": {
"ignore_above": 1024,
"type": "keyword"
},
"dns_query": {
"ignore_above": 1024,
"type": "keyword"
},
"drop_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"dropped_file_hash": {
"ignore_above": 1024,
"type": "keyword"
},
"dropped_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"dropped_file_type": {
"ignore_above": 1024,
"type": "keyword"
},
"dropped_file_verdict": {
"ignore_above": 1024,
"type": "keyword"
},
"dropped_incoming": {
"type": "long"
},
"dropped_outgoing": {
"type": "long"
},
"dropped_total": {
"type": "long"
},
"drops_amount": {
"type": "long"
},
"dst_country": {
"ignore_above": 1024,
"type": "keyword"
},
"dst_phone_number": {
"ignore_above": 1024,
"type": "keyword"
},
"dst_user_name": {
"ignore_above": 1024,
"type": "keyword"
},
"dstkeyid": {
"ignore_above": 1024,
"type": "keyword"
},
"duplicate": {
"ignore_above": 1024,
"type": "keyword"
},
"duration": {
"ignore_above": 1024,
"type": "keyword"
},
"elapsed": {
"ignore_above": 1024,
"type": "keyword"
},
"email_content": {
"ignore_above": 1024,
"type": "keyword"
},
"email_control": {
"ignore_above": 1024,
"type": "keyword"
},
"email_control_analysis": {
"ignore_above": 1024,
"type": "keyword"
},
"email_headers": {
"ignore_above": 1024,
"type": "keyword"
},
"email_id": {
"ignore_above": 1024,
"type": "keyword"
},
"email_message_id": {
"ignore_above": 1024,
"type": "keyword"
},
"email_queue_id": {
"ignore_above": 1024,
"type": "keyword"
},
"email_queue_name": {
"ignore_above": 1024,
"type": "keyword"
},
"email_recipients_num": {
"type": "long"
},
"email_session_id": {
"ignore_above": 1024,
"type": "keyword"
},
"email_spam_category": {
"ignore_above": 1024,
"type": "keyword"
},
"email_spool_id": {
"ignore_above": 1024,
"type": "keyword"
},
"email_status": {
"ignore_above": 1024,
"type": "keyword"
},
"email_subject": {
"ignore_above": 1024,
"type": "keyword"
},
"emulated_on": {
"ignore_above": 1024,
"type": "keyword"
},
"encryption_failure": {
"ignore_above": 1024,
"type": "keyword"
},
"end_time": {
"ignore_above": 1024,
"type": "keyword"
},
"end_user_firewall_type": {
"ignore_above": 1024,
"type": "keyword"
},
"esod_access_status": {
"ignore_above": 1024,
"type": "keyword"
},
"esod_associated_policies": {
"ignore_above": 1024,
"type": "keyword"
},
"esod_noncompliance_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"esod_rule_action": {
"ignore_above": 1024,
"type": "keyword"
},
"esod_rule_name": {
"ignore_above": 1024,
"type": "keyword"
},
"esod_rule_type": {
"ignore_above": 1024,
"type": "keyword"
},
"esod_scan_status": {
"ignore_above": 1024,
"type": "keyword"
},
"event_count": {
"type": "long"
},
"expire_time": {
"ignore_above": 1024,
"type": "keyword"
},
"extension_version": {
"ignore_above": 1024,
"type": "keyword"
},
"extracted_file_hash": {
"ignore_above": 1024,
"type": "keyword"
},
"extracted_file_names": {
"ignore_above": 1024,
"type": "keyword"
},
"extracted_file_type": {
"ignore_above": 1024,
"type": "keyword"
},
"extracted_file_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"extracted_file_verdict": {
"ignore_above": 1024,
"type": "keyword"
},
"failure_impact": {
"ignore_above": 1024,
"type": "keyword"
},
"failure_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"file_direction": {
"ignore_above": 1024,
"type": "keyword"
},
"file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"files_names": {
"ignore_above": 1024,
"type": "keyword"
},
"first_hit_time": {
"type": "long"
},
"frequency": {
"ignore_above": 1024,
"type": "keyword"
},
"fs-proto": {
"ignore_above": 1024,
"type": "keyword"
},
"ftp_user": {
"ignore_above": 1024,
"type": "keyword"
},
"fw_message": {
"ignore_above": 1024,
"type": "keyword"
},
"fw_subproduct": {
"ignore_above": 1024,
"type": "keyword"
},
"hide_ip": {
"type": "ip"
},
"hit": {
"type": "long"
},
"host_time": {
"ignore_above": 1024,
"type": "keyword"
},
"http_host": {
"ignore_above": 1024,
"type": "keyword"
},
"http_location": {
"ignore_above": 1024,
"type": "keyword"
},
"http_server": {
"ignore_above": 1024,
"type": "keyword"
},
"https_inspection_action": {
"ignore_above": 1024,
"type": "keyword"
},
"https_inspection_rule_id": {
"ignore_above": 1024,
"type": "keyword"
},
"https_inspection_rule_name": {
"ignore_above": 1024,
"type": "keyword"
},
"https_validation": {
"ignore_above": 1024,
"type": "keyword"
},
"icap_more_info": {
"type": "long"
},
"icap_server_name": {
"ignore_above": 1024,
"type": "keyword"
},
"icap_server_service": {
"ignore_above": 1024,
"type": "keyword"
},
"icap_service_id": {
"type": "long"
},
"icmp": {
"ignore_above": 1024,
"type": "keyword"
},
"icmp_code": {
"type": "long"
},
"icmp_type": {
"type": "long"
},
"id": {
"type": "long"
},
"identity_type": {
"ignore_above": 1024,
"type": "keyword"
},
"ike": {
"ignore_above": 1024,
"type": "keyword"
},
"ike_ids": {
"ignore_above": 1024,
"type": "keyword"
},
"impacted_files": {
"ignore_above": 1024,
"type": "keyword"
},
"incident_extension": {
"ignore_above": 1024,
"type": "keyword"
},
"indicator_description": {
"ignore_above": 1024,
"type": "keyword"
},
"indicator_name": {
"ignore_above": 1024,
"type": "keyword"
},
"indicator_reference": {
"ignore_above": 1024,
"type": "keyword"
},
"indicator_uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"info": {
"ignore_above": 1024,
"type": "keyword"
},
"information": {
"ignore_above": 1024,
"type": "keyword"
},
"inspection_category": {
"ignore_above": 1024,
"type": "keyword"
},
"inspection_item": {
"ignore_above": 1024,
"type": "keyword"
},
"inspection_profile": {
"ignore_above": 1024,
"type": "keyword"
},
"inspection_settings_log": {
"ignore_above": 1024,
"type": "keyword"
},
"installed_products": {
"ignore_above": 1024,
"type": "keyword"
},
"int_end": {
"type": "long"
},
"int_start": {
"type": "long"
},
"integrity_av_invoke_type": {
"ignore_above": 1024,
"type": "keyword"
},
"interface_name": {
"ignore_above": 1024,
"type": "keyword"
},
"internal_error": {
"ignore_above": 1024,
"type": "keyword"
},
"invalid_file_size": {
"type": "long"
},
"ip_option": {
"type": "long"
},
"isp_link": {
"ignore_above": 1024,
"type": "keyword"
},
"last_hit_time": {
"type": "long"
},
"last_rematch_time": {
"ignore_above": 1024,
"type": "keyword"
},
"layer_name": {
"ignore_above": 1024,
"type": "keyword"
},
"layer_uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"limit_applied": {
"type": "long"
},
"limit_requested": {
"type": "long"
},
"link_probing_status_update": {
"ignore_above": 1024,
"type": "keyword"
},
"links_num": {
"type": "long"
},
"log_delay": {
"type": "long"
},
"log_id": {
"type": "long"
},
"logid": {
"ignore_above": 1024,
"type": "keyword"
},
"long_desc": {
"ignore_above": 1024,
"type": "keyword"
},
"machine": {
"ignore_above": 1024,
"type": "keyword"
},
"malware_family": {
"ignore_above": 1024,
"type": "keyword"
},
"match_fk": {
"type": "long"
},
"match_id": {
"type": "long"
},
"matched_file": {
"ignore_above": 1024,
"type": "keyword"
},
"matched_file_percentage": {
"type": "long"
},
"matched_file_text_segments": {
"type": "long"
},
"media_type": {
"ignore_above": 1024,
"type": "keyword"
},
"message": {
"ignore_above": 1024,
"type": "keyword"
},
"message_info": {
"ignore_above": 1024,
"type": "keyword"
},
"message_size": {
"type": "long"
},
"method": {
"ignore_above": 1024,
"type": "keyword"
},
"methods": {
"ignore_above": 1024,
"type": "keyword"
},
"mime_from": {
"ignore_above": 1024,
"type": "keyword"
},
"mime_to": {
"ignore_above": 1024,
"type": "keyword"
},
"mirror_and_decrypt_type": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_collection": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_command_and_control": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_credential_access": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_defense_evasion": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_discovery": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_execution": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_exfiltration": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_impact": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_initial_access": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_lateral_movement": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_persistence": {
"ignore_above": 1024,
"type": "keyword"
},
"mitre_privilege_escalation": {
"ignore_above": 1024,
"type": "keyword"
},
"monitor_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"msgid": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"nat46": {
"ignore_above": 1024,
"type": "keyword"
},
"nat_addtnl_rulenum": {
"type": "long"
},
"nat_exhausted_pool": {
"ignore_above": 1024,
"type": "keyword"
},
"nat_rulenum": {
"type": "long"
},
"needs_browse_time": {
"type": "long"
},
"next_hop_ip": {
"ignore_above": 1024,
"type": "keyword"
},
"next_scheduled_scan_date": {
"ignore_above": 1024,
"type": "keyword"
},
"number_of_errors": {
"type": "long"
},
"objecttable": {
"ignore_above": 1024,
"type": "keyword"
},
"objecttype": {
"ignore_above": 1024,
"type": "keyword"
},
"observable_comment": {
"ignore_above": 1024,
"type": "keyword"
},
"observable_id": {
"ignore_above": 1024,
"type": "keyword"
},
"observable_name": {
"ignore_above": 1024,
"type": "keyword"
},
"operation": {
"ignore_above": 1024,
"type": "keyword"
},
"operation_number": {
"ignore_above": 1024,
"type": "keyword"
},
"origin_sic_name": {
"ignore_above": 1024,
"type": "keyword"
},
"original_queue_id": {
"ignore_above": 1024,
"type": "keyword"
},
"outgoing_url": {
"ignore_above": 1024,
"type": "keyword"
},
"packet_amount": {
"type": "long"
},
"packet_capture_unique_id": {
"ignore_above": 1024,
"type": "keyword"
},
"parent_file_hash": {
"ignore_above": 1024,
"type": "keyword"
},
"parent_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"parent_file_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"parent_process_username": {
"ignore_above": 1024,
"type": "keyword"
},
"parent_rule": {
"type": "long"
},
"peer_gateway": {
"type": "ip"
},
"peer_ip": {
"ignore_above": 1024,
"type": "keyword"
},
"peer_ip_probing_status_update": {
"ignore_above": 1024,
"type": "keyword"
},
"performance_impact": {
"type": "long"
},
"policy_mgmt": {
"ignore_above": 1024,
"type": "keyword"
},
"policy_name": {
"ignore_above": 1024,
"type": "keyword"
},
"ports_usage": {
"type": "long"
},
"ppp": {
"ignore_above": 1024,
"type": "keyword"
},
"precise_error": {
"ignore_above": 1024,
"type": "keyword"
},
"process_username": {
"ignore_above": 1024,
"type": "keyword"
},
"properties": {
"ignore_above": 1024,
"type": "keyword"
},
"protection_id": {
"ignore_above": 1024,
"type": "keyword"
},
"protection_name": {
"ignore_above": 1024,
"type": "keyword"
},
"protection_type": {
"ignore_above": 1024,
"type": "keyword"
},
"protocol": {
"ignore_above": 1024,
"type": "keyword"
},
"proxy_machine_name": {
"type": "long"
},
"proxy_src_ip": {
"type": "ip"
},
"proxy_user_dn": {
"ignore_above": 1024,
"type": "keyword"
},
"proxy_user_name": {
"ignore_above": 1024,
"type": "keyword"
},
"query": {
"ignore_above": 1024,
"type": "keyword"
},
"question_rdata": {
"ignore_above": 1024,
"type": "keyword"
},
"referrer": {
"ignore_above": 1024,
"type": "keyword"
},
"referrer_parent_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"referrer_self_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"registered_ip-phones": {
"ignore_above": 1024,
"type": "keyword"
},
"reject_category": {
"ignore_above": 1024,
"type": "keyword"
},
"reject_id": {
"ignore_above": 1024,
"type": "keyword"
},
"rematch_info": {
"ignore_above": 1024,
"type": "keyword"
},
"remediated_files": {
"ignore_above": 1024,
"type": "keyword"
},
"reply_status": {
"type": "long"
},
"risk": {
"ignore_above": 1024,
"type": "keyword"
},
"rpc_prog": {
"type": "long"
},
"rule": {
"type": "long"
},
"rule_action": {
"ignore_above": 1024,
"type": "keyword"
},
"rulebase_id": {
"type": "long"
},
"scan_direction": {
"ignore_above": 1024,
"type": "keyword"
},
"scan_hosts_day": {
"type": "long"
},
"scan_hosts_hour": {
"type": "long"
},
"scan_hosts_week": {
"type": "long"
},
"scan_id": {
"ignore_above": 1024,
"type": "keyword"
},
"scan_mail": {
"type": "long"
},
"scan_result": {
"ignore_above": 1024,
"type": "keyword"
},
"scan_results": {
"ignore_above": 1024,
"type": "keyword"
},
"scheme": {
"ignore_above": 1024,
"type": "keyword"
},
"scope": {
"ignore_above": 1024,
"type": "keyword"
},
"scrub_activity": {
"ignore_above": 1024,
"type": "keyword"
},
"scrub_download_time": {
"ignore_above": 1024,
"type": "keyword"
},
"scrub_time": {
"ignore_above": 1024,
"type": "keyword"
},
"scrub_total_time": {
"ignore_above": 1024,
"type": "keyword"
},
"scrubbed_content": {
"ignore_above": 1024,
"type": "keyword"
},
"sctp_association_state": {
"ignore_above": 1024,
"type": "keyword"
},
"sctp_error": {
"ignore_above": 1024,
"type": "keyword"
},
"scv_message_info": {
"ignore_above": 1024,
"type": "keyword"
},
"scv_user": {
"ignore_above": 1024,
"type": "keyword"
},
"securexl_message": {
"ignore_above": 1024,
"type": "keyword"
},
"sensor_mode": {
"ignore_above": 1024,
"type": "keyword"
},
"session_id": {
"ignore_above": 1024,
"type": "keyword"
},
"session_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"severity": {
"ignore_above": 1024,
"type": "keyword"
},
"short_desc": {
"ignore_above": 1024,
"type": "keyword"
},
"sig_id": {
"ignore_above": 1024,
"type": "keyword"
},
"similar_communication": {
"ignore_above": 1024,
"type": "keyword"
},
"similar_hashes": {
"ignore_above": 1024,
"type": "keyword"
},
"similar_strings": {
"ignore_above": 1024,
"type": "keyword"
},
"similiar_iocs": {
"ignore_above": 1024,
"type": "keyword"
},
"sip_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"site_name": {
"ignore_above": 1024,
"type": "keyword"
},
"source_interface": {
"ignore_above": 1024,
"type": "keyword"
},
"source_object": {
"ignore_above": 1024,
"type": "keyword"
},
"source_os": {
"ignore_above": 1024,
"type": "keyword"
},
"special_properties": {
"type": "long"
},
"specific_data_type_name": {
"ignore_above": 1024,
"type": "keyword"
},
"speed": {
"type": "long"
},
"spyware_name": {
"ignore_above": 1024,
"type": "keyword"
},
"spyware_status": {
"ignore_above": 1024,
"type": "keyword"
},
"spyware_type": {
"ignore_above": 1024,
"type": "keyword"
},
"src_country": {
"ignore_above": 1024,
"type": "keyword"
},
"src_phone_number": {
"ignore_above": 1024,
"type": "keyword"
},
"src_user_dn": {
"ignore_above": 1024,
"type": "keyword"
},
"src_user_name": {
"ignore_above": 1024,
"type": "keyword"
},
"srckeyid": {
"ignore_above": 1024,
"type": "keyword"
},
"status": {
"ignore_above": 1024,
"type": "keyword"
},
"status_update": {
"ignore_above": 1024,
"type": "keyword"
},
"sub_policy_name": {
"ignore_above": 1024,
"type": "keyword"
},
"sub_policy_uid": {
"ignore_above": 1024,
"type": "keyword"
},
"subs_exp": {
"type": "date"
},
"subscriber": {
"type": "ip"
},
"summary": {
"ignore_above": 1024,
"type": "keyword"
},
"suppressed_logs": {
"type": "long"
},
"sync": {
"ignore_above": 1024,
"type": "keyword"
},
"sys_message": {
"ignore_above": 1024,
"type": "keyword"
},
"tcp_end_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"tcp_flags": {
"ignore_above": 1024,
"type": "keyword"
},
"tcp_packet_out_of_state": {
"ignore_above": 1024,
"type": "keyword"
},
"tcp_state": {
"ignore_above": 1024,
"type": "keyword"
},
"te_verdict_determined_by": {
"ignore_above": 1024,
"type": "keyword"
},
"termination_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"ticket_id": {
"ignore_above": 1024,
"type": "keyword"
},
"tls_server_host_name": {
"ignore_above": 1024,
"type": "keyword"
},
"top_archive_file_name": {
"ignore_above": 1024,
"type": "keyword"
},
"total_attachments": {
"type": "long"
},
"triggered_by": {
"ignore_above": 1024,
"type": "keyword"
},
"trusted_domain": {
"ignore_above": 1024,
"type": "keyword"
},
"unique_detected_day": {
"type": "long"
},
"unique_detected_hour": {
"type": "long"
},
"unique_detected_week": {
"type": "long"
},
"update_status": {
"ignore_above": 1024,
"type": "keyword"
},
"url": {
"ignore_above": 1024,
"type": "keyword"
},
"user": {
"ignore_above": 1024,
"type": "keyword"
},
"user_agent": {
"ignore_above": 1024,
"type": "keyword"
},
"user_status": {
"ignore_above": 1024,
"type": "keyword"
},
"uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"vendor_list": {
"ignore_above": 1024,
"type": "keyword"
},
"verdict": {
"ignore_above": 1024,
"type": "keyword"
},
"via": {
"ignore_above": 1024,
"type": "keyword"
},
"virus_name": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_attach_action_info": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_attach_sz": {
"type": "long"
},
"voip_call_dir": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_call_id": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_call_state": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_call_term_time": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_config": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_duration": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_est_codec": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_exp": {
"type": "long"
},
"voip_from_user_type": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_log_type": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_media_codec": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_media_ipp": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_media_port": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_method": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_reason_info": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_reg_int": {
"type": "long"
},
"voip_reg_ipp": {
"type": "long"
},
"voip_reg_period": {
"type": "long"
},
"voip_reg_server": {
"type": "ip"
},
"voip_reg_user_type": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_reject_reason": {
"ignore_above": 1024,
"type": "keyword"
},
"voip_to_user_type": {
"ignore_above": 1024,
"type": "keyword"
},
"vpn_feature_name": {
"ignore_above": 1024,
"type": "keyword"
},
"watermark": {
"ignore_above": 1024,
"type": "keyword"
},
"web_server_type": {
"ignore_above": 1024,
"type": "keyword"
},
"word_list": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink