Last active
June 7, 2020 10:41
-
-
Save JonathanBowker/9e8c7ee579c86251ea6a213269695b82 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PUT _template/docs-* | |
{ | |
"index_patterns": [ | |
"docs-*" | |
], | |
"mappings": { | |
"_meta": { | |
"version": "1.6.0-dev" | |
}, | |
"date_detection": false, | |
"dynamic_templates": [ | |
{ | |
"strings_as_keyword": { | |
"mapping": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"match_mapping_type": "string" | |
} | |
} | |
], | |
"properties": { | |
"@timestamp": { | |
"type": "date" | |
}, | |
"agent": { | |
"properties": { | |
"build": { | |
"properties": { | |
"original": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"ephemeral_id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"client": { | |
"properties": { | |
"address": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"as": { | |
"properties": { | |
"number": { | |
"type": "long" | |
}, | |
"organization": { | |
"properties": { | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"bytes": { | |
"type": "long" | |
}, | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"geo": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"ip": { | |
"type": "ip" | |
}, | |
"mac": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"nat": { | |
"properties": { | |
"ip": { | |
"type": "ip" | |
}, | |
"port": { | |
"type": "long" | |
} | |
} | |
}, | |
"packets": { | |
"type": "long" | |
}, | |
"port": { | |
"type": "long" | |
}, | |
"registered_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"top_level_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"email": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"full_name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"group": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"cloud": { | |
"properties": { | |
"account": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"availability_zone": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"instance": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"machine": { | |
"properties": { | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"project": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"provider": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"container": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"image": { | |
"properties": { | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"tag": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"labels": { | |
"type": "object" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"runtime": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"destination": { | |
"properties": { | |
"address": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"as": { | |
"properties": { | |
"number": { | |
"type": "long" | |
}, | |
"organization": { | |
"properties": { | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"bytes": { | |
"type": "long" | |
}, | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"geo": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"ip": { | |
"type": "ip" | |
}, | |
"mac": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"nat": { | |
"properties": { | |
"ip": { | |
"type": "ip" | |
}, | |
"port": { | |
"type": "long" | |
} | |
} | |
}, | |
"packets": { | |
"type": "long" | |
}, | |
"port": { | |
"type": "long" | |
}, | |
"registered_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"top_level_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"email": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"full_name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"group": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"dll": { | |
"properties": { | |
"code_signature": { | |
"properties": { | |
"exists": { | |
"type": "boolean" | |
}, | |
"status": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subject_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"trusted": { | |
"type": "boolean" | |
}, | |
"valid": { | |
"type": "boolean" | |
} | |
} | |
}, | |
"hash": { | |
"properties": { | |
"md5": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha1": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha256": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha512": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"path": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pe": { | |
"properties": { | |
"architecture": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"company": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"description": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"file_version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"imphash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"original_file_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"product": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"dns": { | |
"properties": { | |
"answers": { | |
"properties": { | |
"class": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"data": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ttl": { | |
"type": "long" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
}, | |
"type": "object" | |
}, | |
"header_flags": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"op_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"question": { | |
"properties": { | |
"class": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"registered_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subdomain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"top_level_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"resolved_ip": { | |
"type": "ip" | |
}, | |
"response_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"ecs": { | |
"properties": { | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"error": { | |
"properties": { | |
"code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"stack_trace": { | |
"doc_values": false, | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"index": false, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"event": { | |
"properties": { | |
"action": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"category": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"created": { | |
"type": "date" | |
}, | |
"dataset": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"duration": { | |
"type": "long" | |
}, | |
"end": { | |
"type": "date" | |
}, | |
"hash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ingested": { | |
"type": "date" | |
}, | |
"kind": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"module": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"original": { | |
"doc_values": false, | |
"ignore_above": 1024, | |
"index": false, | |
"type": "keyword" | |
}, | |
"outcome": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"provider": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"reference": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"risk_score": { | |
"type": "float" | |
}, | |
"risk_score_norm": { | |
"type": "float" | |
}, | |
"sequence": { | |
"type": "long" | |
}, | |
"severity": { | |
"type": "long" | |
}, | |
"start": { | |
"type": "date" | |
}, | |
"timezone": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"url": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"file": { | |
"properties": { | |
"accessed": { | |
"type": "date" | |
}, | |
"attributes": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"code_signature": { | |
"properties": { | |
"exists": { | |
"type": "boolean" | |
}, | |
"status": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subject_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"trusted": { | |
"type": "boolean" | |
}, | |
"valid": { | |
"type": "boolean" | |
} | |
} | |
}, | |
"created": { | |
"type": "date" | |
}, | |
"ctime": { | |
"type": "date" | |
}, | |
"device": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"directory": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"drive_letter": { | |
"ignore_above": 1, | |
"type": "keyword" | |
}, | |
"extension": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"gid": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"group": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"hash": { | |
"properties": { | |
"md5": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha1": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha256": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha512": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"inode": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"mime_type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"mode": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"mtime": { | |
"type": "date" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"owner": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"path": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pe": { | |
"properties": { | |
"architecture": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"company": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"description": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"file_version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"imphash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"original_file_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"product": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"size": { | |
"type": "long" | |
}, | |
"target_path": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"uid": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"x509": { | |
"properties": { | |
"alternative_names": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"issuer": { | |
"properties": { | |
"common_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"distinguished_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"locality": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organization": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organizational_unit": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"state_or_province": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"not_after": { | |
"type": "date" | |
}, | |
"not_before": { | |
"type": "date" | |
}, | |
"public_key_algorithm": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"public_key_curve": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"public_key_exponent": { | |
"doc_values": false, | |
"index": false, | |
"type": "long" | |
}, | |
"public_key_size": { | |
"type": "long" | |
}, | |
"serial_number": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"signature_algorithm": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subject": { | |
"properties": { | |
"common_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"distinguished_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"locality": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organization": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organizational_unit": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"state_or_province": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"version_number": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"group": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"host": { | |
"properties": { | |
"architecture": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"geo": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hostname": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ip": { | |
"type": "ip" | |
}, | |
"mac": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"os": { | |
"properties": { | |
"family": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"full": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"kernel": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"platform": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"uptime": { | |
"type": "long" | |
}, | |
"user": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"email": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"full_name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"group": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"http": { | |
"properties": { | |
"request": { | |
"properties": { | |
"body": { | |
"properties": { | |
"bytes": { | |
"type": "long" | |
}, | |
"content": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"bytes": { | |
"type": "long" | |
}, | |
"method": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"referrer": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"response": { | |
"properties": { | |
"body": { | |
"properties": { | |
"bytes": { | |
"type": "long" | |
}, | |
"content": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"bytes": { | |
"type": "long" | |
}, | |
"status_code": { | |
"type": "long" | |
} | |
} | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"labels": { | |
"type": "object" | |
}, | |
"log": { | |
"properties": { | |
"file": { | |
"properties": { | |
"path": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"level": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"logger": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"origin": { | |
"properties": { | |
"file": { | |
"properties": { | |
"line": { | |
"type": "integer" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"function": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"original": { | |
"doc_values": false, | |
"ignore_above": 1024, | |
"index": false, | |
"type": "keyword" | |
}, | |
"syslog": { | |
"properties": { | |
"facility": { | |
"properties": { | |
"code": { | |
"type": "long" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"priority": { | |
"type": "long" | |
}, | |
"severity": { | |
"properties": { | |
"code": { | |
"type": "long" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
}, | |
"type": "object" | |
} | |
} | |
}, | |
"message": { | |
"norms": false, | |
"type": "text" | |
}, | |
"network": { | |
"properties": { | |
"application": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"bytes": { | |
"type": "long" | |
}, | |
"community_id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"direction": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"forwarded_ip": { | |
"type": "ip" | |
}, | |
"iana_number": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"inner": { | |
"properties": { | |
"vlan": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
}, | |
"type": "object" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"packets": { | |
"type": "long" | |
}, | |
"protocol": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"transport": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"vlan": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"observer": { | |
"properties": { | |
"egress": { | |
"properties": { | |
"interface": { | |
"properties": { | |
"alias": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"vlan": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"zone": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
}, | |
"type": "object" | |
}, | |
"geo": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hostname": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ingress": { | |
"properties": { | |
"interface": { | |
"properties": { | |
"alias": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"vlan": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"zone": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
}, | |
"type": "object" | |
}, | |
"ip": { | |
"type": "ip" | |
}, | |
"mac": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"os": { | |
"properties": { | |
"family": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"full": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"kernel": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"platform": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"product": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"serial_number": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"vendor": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"organization": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"package": { | |
"properties": { | |
"architecture": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"build_version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"checksum": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"description": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"install_scope": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"installed": { | |
"type": "date" | |
}, | |
"license": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"path": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"reference": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"size": { | |
"type": "long" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"process": { | |
"properties": { | |
"args": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"args_count": { | |
"type": "long" | |
}, | |
"code_signature": { | |
"properties": { | |
"exists": { | |
"type": "boolean" | |
}, | |
"status": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subject_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"trusted": { | |
"type": "boolean" | |
}, | |
"valid": { | |
"type": "boolean" | |
} | |
} | |
}, | |
"command_line": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"entity_id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"executable": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"exit_code": { | |
"type": "long" | |
}, | |
"hash": { | |
"properties": { | |
"md5": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha1": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha256": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha512": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"parent": { | |
"properties": { | |
"args": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"args_count": { | |
"type": "long" | |
}, | |
"code_signature": { | |
"properties": { | |
"exists": { | |
"type": "boolean" | |
}, | |
"status": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subject_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"trusted": { | |
"type": "boolean" | |
}, | |
"valid": { | |
"type": "boolean" | |
} | |
} | |
}, | |
"command_line": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"entity_id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"executable": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"exit_code": { | |
"type": "long" | |
}, | |
"hash": { | |
"properties": { | |
"md5": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha1": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha256": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha512": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"pgid": { | |
"type": "long" | |
}, | |
"pid": { | |
"type": "long" | |
}, | |
"ppid": { | |
"type": "long" | |
}, | |
"start": { | |
"type": "date" | |
}, | |
"thread": { | |
"properties": { | |
"id": { | |
"type": "long" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"title": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"uptime": { | |
"type": "long" | |
}, | |
"working_directory": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"pe": { | |
"properties": { | |
"architecture": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"company": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"description": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"file_version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"imphash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"original_file_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"product": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"pgid": { | |
"type": "long" | |
}, | |
"pid": { | |
"type": "long" | |
}, | |
"ppid": { | |
"type": "long" | |
}, | |
"start": { | |
"type": "date" | |
}, | |
"thread": { | |
"properties": { | |
"id": { | |
"type": "long" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"title": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"uptime": { | |
"type": "long" | |
}, | |
"working_directory": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"registry": { | |
"properties": { | |
"data": { | |
"properties": { | |
"bytes": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"strings": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hive": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"key": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"path": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"value": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"related": { | |
"properties": { | |
"hash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ip": { | |
"type": "ip" | |
}, | |
"user": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"rule": { | |
"properties": { | |
"author": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"category": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"description": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"license": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"reference": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ruleset": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"uuid": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"server": { | |
"properties": { | |
"address": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"as": { | |
"properties": { | |
"number": { | |
"type": "long" | |
}, | |
"organization": { | |
"properties": { | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"bytes": { | |
"type": "long" | |
}, | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"geo": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"ip": { | |
"type": "ip" | |
}, | |
"mac": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"nat": { | |
"properties": { | |
"ip": { | |
"type": "ip" | |
}, | |
"port": { | |
"type": "long" | |
} | |
} | |
}, | |
"packets": { | |
"type": "long" | |
}, | |
"port": { | |
"type": "long" | |
}, | |
"registered_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"top_level_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"email": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"full_name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"group": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"service": { | |
"properties": { | |
"ephemeral_id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"node": { | |
"properties": { | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"state": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"source": { | |
"properties": { | |
"address": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"as": { | |
"properties": { | |
"number": { | |
"type": "long" | |
}, | |
"organization": { | |
"properties": { | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"bytes": { | |
"type": "long" | |
}, | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"geo": { | |
"properties": { | |
"city_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"continent_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"location": { | |
"type": "geo_point" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_iso_code": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"region_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"ip": { | |
"type": "ip" | |
}, | |
"mac": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"nat": { | |
"properties": { | |
"ip": { | |
"type": "ip" | |
}, | |
"port": { | |
"type": "long" | |
} | |
} | |
}, | |
"packets": { | |
"type": "long" | |
}, | |
"port": { | |
"type": "long" | |
}, | |
"registered_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"top_level_domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"user": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"email": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"full_name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"group": { | |
"properties": { | |
"domain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"hash": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"tags": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"threat": { | |
"properties": { | |
"framework": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"tactic": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"reference": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"technique": { | |
"properties": { | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"name": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"reference": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"tls": { | |
"properties": { | |
"cipher": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"client": { | |
"properties": { | |
"certificate": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"certificate_chain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"hash": { | |
"properties": { | |
"md5": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha1": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha256": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"issuer": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ja3": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"not_after": { | |
"type": "date" | |
}, | |
"not_before": { | |
"type": "date" | |
}, | |
"server_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subject": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"supported_ciphers": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"x509": { | |
"properties": { | |
"alternative_names": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"issuer": { | |
"properties": { | |
"common_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"distinguished_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"locality": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organization": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organizational_unit": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"state_or_province": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"not_after": { | |
"type": "date" | |
}, | |
"not_before": { | |
"type": "date" | |
}, | |
"public_key_algorithm": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"public_key_curve": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"public_key_exponent": { | |
"doc_values": false, | |
"index": false, | |
"type": "long" | |
}, | |
"public_key_size": { | |
"type": "long" | |
}, | |
"serial_number": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"signature_algorithm": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subject": { | |
"properties": { | |
"common_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"distinguished_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"locality": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organization": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organizational_unit": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"state_or_province": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"version_number": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"curve": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"established": { | |
"type": "boolean" | |
}, | |
"next_protocol": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"resumed": { | |
"type": "boolean" | |
}, | |
"server": { | |
"properties": { | |
"certificate": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"certificate_chain": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"hash": { | |
"properties": { | |
"md5": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha1": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"sha256": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"issuer": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"ja3s": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"not_after": { | |
"type": "date" | |
}, | |
"not_before": { | |
"type": "date" | |
}, | |
"subject": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"x509": { | |
"properties": { | |
"alternative_names": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"issuer": { | |
"properties": { | |
"common_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"distinguished_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"locality": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organization": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organizational_unit": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"state_or_province": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"not_after": { | |
"type": "date" | |
}, | |
"not_before": { | |
"type": "date" | |
}, | |
"public_key_algorithm": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"public_key_curve": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"public_key_exponent": { | |
"doc_values": false, | |
"index": false, | |
"type": "long" | |
}, | |
"public_key_size": { | |
"type": "long" | |
}, | |
"serial_number": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"signature_algorithm": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subject": { | |
"properties": { | |
"common_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"country": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"distinguished_name": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"locality": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organization": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"organizational_unit": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"state_or_province": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"version_number": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"version_protocol": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"token": { | |
"properties": { | |
"text": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"text_pattern": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"position": { | |
"type": "long" | |
}, | |
"offset": { | |
"type": "long" | |
}, | |
"part_of_speech": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"dependency_relationship": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"entity_type": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"lemma": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"word_type_probability": { | |
"type": "long" | |
}, | |
"sentiment": { | |
"type": "long" | |
}, | |
"parent_position": { | |
"type": "long" | |
}, | |
"parent_offset,": { | |
"type": "long" | |
}, | |
"parent_offset_part_of_speech": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_alphabetic_characters": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_stop_word": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_bracket": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_quotation_mark": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_upper_case": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_lower_case": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_title_case": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_sent_start": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_currency": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_digit": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_punctuation_mark": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_left_punctuation_mark": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_right_punctuation_mark": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_like_url": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_like_email": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"is_whitespace": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"has_vector": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"vector_norm": { | |
"type": "long" | |
}, | |
"dependencies": { | |
"properties": { | |
"ancestors": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"children": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"conjuncts": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"subtree": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"leftwards_tokens_no": { | |
"type": "long" | |
}, | |
"leftwards_tokens": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"rightward_tokens_no": { | |
"type": "long" | |
} | |
} | |
} | |
} | |
}, | |
"vulnerability": { | |
"properties": { | |
"category": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"classification": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"description": { | |
"fields": { | |
"text": { | |
"norms": false, | |
"type": "text" | |
} | |
}, | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"enumeration": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"reference": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"report_id": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
}, | |
"scanner": { | |
"properties": { | |
"vendor": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"score": { | |
"properties": { | |
"base": { | |
"type": "float" | |
}, | |
"environmental": { | |
"type": "float" | |
}, | |
"temporal": { | |
"type": "float" | |
}, | |
"version": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
}, | |
"severity": { | |
"ignore_above": 1024, | |
"type": "keyword" | |
} | |
} | |
} | |
} | |
}, | |
"order": 1, | |
"settings": { | |
"index": { | |
"mapping": { | |
"total_fields": { | |
"limit": 10000 | |
} | |
}, | |
"refresh_interval": "5s" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment