Created
August 4, 2021 06:13
-
-
Save ankitdevnalkar/c7df2a438c4870532ad31fc1241f320e to your computer and use it in GitHub Desktop.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"cloud-audit-aws-2021.07" : { | |
"mappings" : { | |
"_meta" : { | |
"beat" : "filebeat", | |
"version" : "7.9.1" | |
}, | |
"dynamic_templates" : [ | |
{ | |
"labels" : { | |
"path_match" : "labels.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"container.labels" : { | |
"path_match" : "container.labels.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"dns.answers" : { | |
"path_match" : "dns.answers.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"log.syslog" : { | |
"path_match" : "log.syslog.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"network.inner" : { | |
"path_match" : "network.inner.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"observer.egress" : { | |
"path_match" : "observer.egress.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"observer.ingress" : { | |
"path_match" : "observer.ingress.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"fields" : { | |
"path_match" : "fields.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"docker.container.labels" : { | |
"path_match" : "docker.container.labels.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"kubernetes.labels.*" : { | |
"path_match" : "kubernetes.labels.*", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"kubernetes.annotations.*" : { | |
"path_match" : "kubernetes.annotations.*", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"docker.attrs" : { | |
"path_match" : "docker.attrs.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"azure.activitylogs.identity.claims.*" : { | |
"path_match" : "azure.activitylogs.identity.claims.*", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"kibana.log.meta" : { | |
"path_match" : "kibana.log.meta.*", | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"type" : "keyword" | |
} | |
} | |
}, | |
{ | |
"strings_as_keyword" : { | |
"match_mapping_type" : "string", | |
"mapping" : { | |
"ignore_above" : 1024, | |
"type" : "keyword" | |
} | |
} | |
} | |
], | |
"date_detection" : false, | |
"properties" : { | |
"@timestamp" : { | |
"type" : "date" | |
}, | |
"@version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Priority" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Signal" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"activemq" : { | |
"properties" : { | |
"audit" : { | |
"type" : "object" | |
}, | |
"caller" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log" : { | |
"properties" : { | |
"stack_trace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"thread" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"addendum" : { | |
"properties" : { | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"additionalEventData" : { | |
"properties" : { | |
"AuthenticationMethod" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"CipherSuite" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LoginTo" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MFAUsed" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MobileVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Note" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SamlProviderArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SignatureVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bytesTransferredIn" : { | |
"type" : "long" | |
}, | |
"bytesTransferredOut" : { | |
"type" : "long" | |
}, | |
"grantId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"x-amz-id-2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"agent" : { | |
"properties" : { | |
"ephemeral_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hostname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"apache" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"ssl" : { | |
"properties" : { | |
"cipher" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"module" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"apache2" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"geoip" : { | |
"type" : "object" | |
}, | |
"user_agent" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"error" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"apiVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"auditd" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"a0" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"addr" : { | |
"type" : "ip" | |
}, | |
"geoip" : { | |
"type" : "object" | |
}, | |
"item" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"laddr" : { | |
"type" : "ip" | |
}, | |
"lport" : { | |
"type" : "long" | |
}, | |
"new_auid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"new_ses" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"old_auid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"old_ses" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rport" : { | |
"type" : "long" | |
}, | |
"sequence" : { | |
"type" : "long" | |
}, | |
"tty" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"aws" : { | |
"properties" : { | |
"cloudtrail" : { | |
"properties" : { | |
"additional_eventdata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"api_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"console_login" : { | |
"properties" : { | |
"additional_eventdata" : { | |
"properties" : { | |
"login_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mfa_used" : { | |
"type" : "boolean" | |
}, | |
"mobile_version" : { | |
"type" : "boolean" | |
} | |
} | |
} | |
} | |
}, | |
"error_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"error_message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"flattened" : { | |
"properties" : { | |
"additional_eventdata" : { | |
"type" : "flattened" | |
}, | |
"request_parameters" : { | |
"type" : "flattened" | |
}, | |
"response_elements" : { | |
"type" : "flattened" | |
}, | |
"service_event_details" : { | |
"type" : "flattened" | |
} | |
} | |
}, | |
"management_event" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"read_only" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recipient_account_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request_parameters" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"resources" : { | |
"properties" : { | |
"account_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"response_elements" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"service_event_details" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"shared_event_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_identity" : { | |
"properties" : { | |
"access_key_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"invoked_by" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"session_context" : { | |
"properties" : { | |
"creation_date" : { | |
"type" : "date" | |
}, | |
"mfa_authenticated" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"session_issuer" : { | |
"properties" : { | |
"account_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"principal_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpc_endpoint_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"cloudwatch" : { | |
"properties" : { | |
"message" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"ec2" : { | |
"properties" : { | |
"ip_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"elb" : { | |
"properties" : { | |
"action_executed" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"backend" : { | |
"properties" : { | |
"http" : { | |
"properties" : { | |
"response" : { | |
"properties" : { | |
"status_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"ip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"backend_processing_time" : { | |
"properties" : { | |
"sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"chosen_cert" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serial" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"connection_time" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"incoming_tls_alert" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"listener" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"matched_rule_priority" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"redirect_url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request_processing_time" : { | |
"properties" : { | |
"sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"response_processing_time" : { | |
"properties" : { | |
"sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"ssl_cipher" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ssl_protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"target_group" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tls_handshake_time" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tls_named_group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trace_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"s3" : { | |
"properties" : { | |
"bucket" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"object" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"s3access" : { | |
"properties" : { | |
"authentication_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bucket" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bucket_owner" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bytes_sent" : { | |
"type" : "long" | |
}, | |
"cipher_suite" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"error_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_header" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_status" : { | |
"type" : "long" | |
}, | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"object_size" : { | |
"type" : "long" | |
}, | |
"operation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"referrer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"remote_ip" : { | |
"type" : "ip" | |
}, | |
"request_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request_uri" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requester" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"signature_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tls_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"total_time" : { | |
"type" : "long" | |
}, | |
"turn_around_time" : { | |
"type" : "long" | |
}, | |
"user_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpcflow" : { | |
"properties" : { | |
"account_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instance_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"interface_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pkt_dstaddr" : { | |
"type" : "ip" | |
}, | |
"pkt_srcaddr" : { | |
"type" : "ip" | |
}, | |
"subnet_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp_flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpc_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"awsRegion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"awscloudwatch" : { | |
"properties" : { | |
"ingestion_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_stream" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"azure" : { | |
"properties" : { | |
"activitylogs" : { | |
"properties" : { | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identity" : { | |
"properties" : { | |
"authorization" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"evidence" : { | |
"properties" : { | |
"principal_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"principal_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"role_assignment_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"role_assignment_scope" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"role_definition_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"scope" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"claims" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"claims_initiated_by_user" : { | |
"properties" : { | |
"fullname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"givenname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"schema" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"surname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"operation_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"properties" : { | |
"properties" : { | |
"service_request_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"result_signature" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"auditlogs" : { | |
"properties" : { | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"properties" : { | |
"properties" : { | |
"activity_datetime" : { | |
"type" : "date" | |
}, | |
"activity_display_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"correlation_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"initiated_by" : { | |
"properties" : { | |
"app" : { | |
"properties" : { | |
"appId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"displayName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"servicePrincipalId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"servicePrincipalName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"user" : { | |
"properties" : { | |
"displayName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userPrincipalName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"logged_by_service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"target_resources" : { | |
"properties" : { | |
"*" : { | |
"properties" : { | |
"display_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ip_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"modified_properties" : { | |
"properties" : { | |
"*" : { | |
"properties" : { | |
"display_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"new_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"old_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_principal_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"result_signature" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tenant_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"consumer_group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"correlation_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enqueued_time" : { | |
"type" : "date" | |
}, | |
"eventhub" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"offset" : { | |
"type" : "long" | |
}, | |
"partition_id" : { | |
"type" : "long" | |
}, | |
"resource" : { | |
"properties" : { | |
"authorization_rule" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"namespace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"provider" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sequence_number" : { | |
"type" : "long" | |
}, | |
"signinlogs" : { | |
"properties" : { | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"properties" : { | |
"properties" : { | |
"app_display_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_app_used" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"conditional_access_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"correlation_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"created_at" : { | |
"type" : "date" | |
}, | |
"device_detail" : { | |
"properties" : { | |
"browser" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"display_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operating_system" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trust_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ip_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"is_interactive" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"original_request_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"processing_time_ms" : { | |
"type" : "float" | |
}, | |
"resource_display_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk_detail" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk_level_aggregated" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk_level_during_signin" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service_principal_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"properties" : { | |
"error_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"token_issuer_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"token_issuer_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_display_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_principal_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"result_description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result_signature" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tenant_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"subscription_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tenant_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"bucket_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cef" : { | |
"properties" : { | |
"device" : { | |
"properties" : { | |
"event_class_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"product" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"extensions" : { | |
"properties" : { | |
"Reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentAddress" : { | |
"type" : "ip" | |
}, | |
"agentDnsDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentHostName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentMacAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentNtDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentReceiptTime" : { | |
"type" : "date" | |
}, | |
"agentTimeZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentTranslatedAddress" : { | |
"type" : "ip" | |
}, | |
"agentTranslatedZoneExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentTranslatedZoneURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentZoneExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agentZoneURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"applicationProtocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"baseEventCount" : { | |
"type" : "long" | |
}, | |
"bytesIn" : { | |
"type" : "long" | |
}, | |
"bytesOut" : { | |
"type" : "long" | |
}, | |
"categoryBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"categoryDeviceGroup" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"categoryDeviceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"categoryObject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"categoryOutcome" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"categorySignificance" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"categoryTechnique" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cp_app_risk" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cp_severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"customerExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"customerURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationAddress" : { | |
"type" : "ip" | |
}, | |
"destinationDnsDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationGeoLatitude" : { | |
"type" : "double" | |
}, | |
"destinationGeoLongitude" : { | |
"type" : "double" | |
}, | |
"destinationHostName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationMacAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationNtDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationPort" : { | |
"type" : "long" | |
}, | |
"destinationProcessId" : { | |
"type" : "long" | |
}, | |
"destinationProcessName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationServiceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationTranslatedAddress" : { | |
"type" : "ip" | |
}, | |
"destinationTranslatedPort" : { | |
"type" : "long" | |
}, | |
"destinationTranslatedZoneExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationTranslatedZoneURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationUserId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationUserName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationUserPrivileges" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationZoneExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationZoneURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceAction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceAddress" : { | |
"type" : "ip" | |
}, | |
"deviceCustomDate1" : { | |
"type" : "date" | |
}, | |
"deviceCustomDate1Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomDate2" : { | |
"type" : "date" | |
}, | |
"deviceCustomDate2Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomFloatingPoint1" : { | |
"type" : "double" | |
}, | |
"deviceCustomFloatingPoint1Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomFloatingPoint2" : { | |
"type" : "double" | |
}, | |
"deviceCustomFloatingPoint2Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomFloatingPoint3" : { | |
"type" : "double" | |
}, | |
"deviceCustomFloatingPoint3Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomFloatingPoint4" : { | |
"type" : "double" | |
}, | |
"deviceCustomFloatingPoint4Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomIPv6Address1" : { | |
"type" : "ip" | |
}, | |
"deviceCustomIPv6Address1Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomIPv6Address2" : { | |
"type" : "ip" | |
}, | |
"deviceCustomIPv6Address2Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomIPv6Address3" : { | |
"type" : "ip" | |
}, | |
"deviceCustomIPv6Address3Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomIPv6Address4" : { | |
"type" : "ip" | |
}, | |
"deviceCustomIPv6Address4Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomNumber1" : { | |
"type" : "long" | |
}, | |
"deviceCustomNumber1Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomNumber2" : { | |
"type" : "long" | |
}, | |
"deviceCustomNumber2Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomNumber3" : { | |
"type" : "long" | |
}, | |
"deviceCustomNumber3Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString1Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString2Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString3" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString3Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString4" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString4Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString5Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString6" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceCustomString6Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceDirection" : { | |
"type" : "long" | |
}, | |
"deviceDnsDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceEventCategory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceExternalId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceFacility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceFlexNumber1" : { | |
"type" : "long" | |
}, | |
"deviceFlexNumber1Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceFlexNumber2" : { | |
"type" : "long" | |
}, | |
"deviceFlexNumber2Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceHostName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceInboundInterface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceMacAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceNtDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceOutboundInterface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"devicePayloadId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceProcessId" : { | |
"type" : "long" | |
}, | |
"deviceProcessName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceReceiptTime" : { | |
"type" : "date" | |
}, | |
"deviceTimeZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTranslatedAddress" : { | |
"type" : "ip" | |
}, | |
"deviceTranslatedZoneExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTranslatedZoneURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceZoneExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceZoneURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"endTime" : { | |
"type" : "date" | |
}, | |
"eventId" : { | |
"type" : "long" | |
}, | |
"eventOutcome" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"externalId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fileCreateTime" : { | |
"type" : "date" | |
}, | |
"fileHash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fileId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fileModificationTime" : { | |
"type" : "date" | |
}, | |
"filePath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filePermission" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fileSize" : { | |
"type" : "long" | |
}, | |
"fileType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filename" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"flexDate1" : { | |
"type" : "date" | |
}, | |
"flexDate1Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"flexString1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"flexString1Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"flexString2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"flexString2Label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ifname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inzone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"layer_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"layer_uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"loguid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"managerReceiptTime" : { | |
"type" : "date" | |
}, | |
"match_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat_addtnl_rulenum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat_rulenum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldFileCreateTime" : { | |
"type" : "date" | |
}, | |
"oldFileHash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldFileId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldFileModificationTime" : { | |
"type" : "date" | |
}, | |
"oldFileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldFilePath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldFilePermission" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldFileSize" : { | |
"type" : "long" | |
}, | |
"oldFileType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"origin" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"originsicname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"outzone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parent_rule" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"product" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rawEvent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestClientApplication" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestContext" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestCookies" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestMethod" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestUrl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sequencenum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceAddress" : { | |
"type" : "ip" | |
}, | |
"sourceDnsDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceGeoLatitude" : { | |
"type" : "double" | |
}, | |
"sourceGeoLongitude" : { | |
"type" : "double" | |
}, | |
"sourceHostName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceMacAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceNtDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourcePort" : { | |
"type" : "long" | |
}, | |
"sourceProcessId" : { | |
"type" : "long" | |
}, | |
"sourceProcessName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceServiceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceTranslatedAddress" : { | |
"type" : "ip" | |
}, | |
"sourceTranslatedPort" : { | |
"type" : "long" | |
}, | |
"sourceTranslatedZoneExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceTranslatedZoneURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceUserId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceUserName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceUserPrivileges" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceZoneExternalID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceZoneURI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"startTime" : { | |
"type" : "date" | |
}, | |
"transportProtocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "long" | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"checkpoint" : { | |
"properties" : { | |
"action_reason" : { | |
"type" : "long" | |
}, | |
"additional_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"additional_ip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"additional_rdata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"alert" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"allocated_ports" : { | |
"type" : "long" | |
}, | |
"analyzed_on" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"answer_rdata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"anti_virus_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_id" : { | |
"type" : "long" | |
}, | |
"app_package" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_properties" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_repackaged" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_risk" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_sid_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_sig_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"appi_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"arrival_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attachments_num" : { | |
"type" : "long" | |
}, | |
"attack_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"audit_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"auth_method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"authority_rdata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"authorization" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bcc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"blade_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"broker_publisher" : { | |
"type" : "ip" | |
}, | |
"browse_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"c_bytes" : { | |
"type" : "long" | |
}, | |
"calc_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"capacity" : { | |
"type" : "long" | |
}, | |
"capture_uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificate_resource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificate_validation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cgnet" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"chunk_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_type_os" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cluster_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"community" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"confidence_level" : { | |
"type" : "long" | |
}, | |
"connection_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connectivity_level" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connectivity_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"conns_amount" : { | |
"type" : "long" | |
}, | |
"content_disposition" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"content_length" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"content_risk" : { | |
"type" : "long" | |
}, | |
"content_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"context_num" : { | |
"type" : "long" | |
}, | |
"cookie" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cookieI" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cookieR" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cp_message" : { | |
"type" : "long" | |
}, | |
"cvpn_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cvpn_resource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"data_type_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dce-rpc_interface_uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"delivery_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination_object" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"detected_on" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"developer_certificate_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"diameter_app_ID" : { | |
"type" : "long" | |
}, | |
"diameter_cmd_code" : { | |
"type" : "long" | |
}, | |
"diameter_msg_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_action_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_additional_action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_categories" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_data_type_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_data_type_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_fingerprint_files_number" : { | |
"type" : "long" | |
}, | |
"dlp_fingerprint_long_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_fingerprint_short_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_incident_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_recipients" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_related_incident_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_relevant_data_types" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_repository_directories_number" : { | |
"type" : "long" | |
}, | |
"dlp_repository_files_number" : { | |
"type" : "long" | |
}, | |
"dlp_repository_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_repository_not_scanned_directories_percentage" : { | |
"type" : "long" | |
}, | |
"dlp_repository_reached_directories_number" : { | |
"type" : "long" | |
}, | |
"dlp_repository_root_path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_repository_scan_progress" : { | |
"type" : "long" | |
}, | |
"dlp_repository_scanned_directories_number" : { | |
"type" : "long" | |
}, | |
"dlp_repository_scanned_files_number" : { | |
"type" : "long" | |
}, | |
"dlp_repository_scanned_total_size" : { | |
"type" : "long" | |
}, | |
"dlp_repository_skipped_files_number" : { | |
"type" : "long" | |
}, | |
"dlp_repository_total_size" : { | |
"type" : "long" | |
}, | |
"dlp_repository_unreachable_directories_number" : { | |
"type" : "long" | |
}, | |
"dlp_rule_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_template_score" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_transint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_violation_description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_watermark_profile" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dlp_word_list" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dns_query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"drop_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dropped_file_hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dropped_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dropped_file_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dropped_file_verdict" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dropped_incoming" : { | |
"type" : "long" | |
}, | |
"dropped_outgoing" : { | |
"type" : "long" | |
}, | |
"dropped_total" : { | |
"type" : "long" | |
}, | |
"drops_amount" : { | |
"type" : "long" | |
}, | |
"dst_country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dst_phone_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dst_user_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstkeyid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duplicate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"elapsed" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_control" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_control_analysis" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_headers" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_message_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_queue_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_queue_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_recipients_num" : { | |
"type" : "long" | |
}, | |
"email_session_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_spam_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_spool_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"emulated_on" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"encryption_failure" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"end_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"end_user_firewall_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"esod_access_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"esod_associated_policies" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"esod_noncompliance_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"esod_rule_action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"esod_rule_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"esod_rule_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"esod_scan_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_count" : { | |
"type" : "long" | |
}, | |
"expire_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extension_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extracted_file_hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extracted_file_names" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extracted_file_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extracted_file_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extracted_file_verdict" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"failure_impact" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"failure_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_direction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"files_names" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"first_hit_time" : { | |
"type" : "long" | |
}, | |
"frequency" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fs-proto" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ftp_user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fw_message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fw_subproduct" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hide_ip" : { | |
"type" : "ip" | |
}, | |
"hit" : { | |
"type" : "long" | |
}, | |
"host_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_location" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_server" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"https_inspection_action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"https_inspection_rule_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"https_inspection_rule_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"https_validation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icap_more_info" : { | |
"type" : "long" | |
}, | |
"icap_server_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icap_server_service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icap_service_id" : { | |
"type" : "long" | |
}, | |
"icmp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp_code" : { | |
"type" : "long" | |
}, | |
"icmp_type" : { | |
"type" : "long" | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"identity_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ike" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ike_ids" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"impacted_files" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"incident_extension" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"indicator_description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"indicator_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"indicator_reference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"indicator_uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"information" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inspection_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inspection_item" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inspection_profile" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inspection_settings_log" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"installed_products" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"int_end" : { | |
"type" : "long" | |
}, | |
"int_start" : { | |
"type" : "long" | |
}, | |
"integrity_av_invoke_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"interface_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"internal_error" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"invalid_file_size" : { | |
"type" : "long" | |
}, | |
"ip_option" : { | |
"type" : "long" | |
}, | |
"isp_link" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"last_hit_time" : { | |
"type" : "long" | |
}, | |
"last_rematch_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"layer_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"layer_uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"limit_applied" : { | |
"type" : "long" | |
}, | |
"limit_requested" : { | |
"type" : "long" | |
}, | |
"link_probing_status_update" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"links_num" : { | |
"type" : "long" | |
}, | |
"log_delay" : { | |
"type" : "long" | |
}, | |
"log_id" : { | |
"type" : "long" | |
}, | |
"logid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"long_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"machine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"malware_family" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"match_fk" : { | |
"type" : "long" | |
}, | |
"match_id" : { | |
"type" : "long" | |
}, | |
"matched_file" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"matched_file_percentage" : { | |
"type" : "long" | |
}, | |
"matched_file_text_segments" : { | |
"type" : "long" | |
}, | |
"media_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message_size" : { | |
"type" : "long" | |
}, | |
"method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"methods" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mime_from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mime_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mirror_and_decrypt_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_collection" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_command_and_control" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_credential_access" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_defense_evasion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_discovery" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_execution" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_exfiltration" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_impact" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_initial_access" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_lateral_movement" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_persistence" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_privilege_escalation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"monitor_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msgid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat46" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat_addtnl_rulenum" : { | |
"type" : "long" | |
}, | |
"nat_exhausted_pool" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat_rulenum" : { | |
"type" : "long" | |
}, | |
"needs_browse_time" : { | |
"type" : "long" | |
}, | |
"next_hop_ip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"next_scheduled_scan_date" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"number_of_errors" : { | |
"type" : "long" | |
}, | |
"objecttable" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"objecttype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"observable_comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"observable_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"observable_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"origin_sic_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"original_queue_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"outgoing_url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"packet_amount" : { | |
"type" : "long" | |
}, | |
"packet_capture_unique_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parent_file_hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parent_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parent_file_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parent_process_username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parent_rule" : { | |
"type" : "long" | |
}, | |
"peer_gateway" : { | |
"type" : "ip" | |
}, | |
"peer_ip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"peer_ip_probing_status_update" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"performance_impact" : { | |
"type" : "long" | |
}, | |
"policy_mgmt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policy_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ports_usage" : { | |
"type" : "long" | |
}, | |
"ppp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"precise_error" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"process_username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"properties" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"protection_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"protection_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"protection_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"proxy_machine_name" : { | |
"type" : "long" | |
}, | |
"proxy_src_ip" : { | |
"type" : "ip" | |
}, | |
"proxy_user_dn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"proxy_user_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"question_rdata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"referrer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"referrer_parent_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"referrer_self_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registered_ip-phones" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reject_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reject_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rematch_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"remediated_files" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reply_status" : { | |
"type" : "long" | |
}, | |
"risk" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rpc_prog" : { | |
"type" : "long" | |
}, | |
"rule" : { | |
"type" : "long" | |
}, | |
"rule_action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rulebase_id" : { | |
"type" : "long" | |
}, | |
"scan_direction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scan_hosts_day" : { | |
"type" : "long" | |
}, | |
"scan_hosts_hour" : { | |
"type" : "long" | |
}, | |
"scan_hosts_week" : { | |
"type" : "long" | |
}, | |
"scan_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scan_mail" : { | |
"type" : "long" | |
}, | |
"scan_result" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scan_results" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scheme" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scope" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scrub_activity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scrub_download_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scrub_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scrub_total_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scrubbed_content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sctp_association_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sctp_error" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scv_message_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scv_user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"securexl_message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sensor_mode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"session_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"session_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"short_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sig_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"similar_communication" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"similar_hashes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"similar_strings" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"similiar_iocs" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sip_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"site_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_object" : { | |
"type" : "long" | |
}, | |
"source_os" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"special_properties" : { | |
"type" : "long" | |
}, | |
"specific_data_type_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"speed" : { | |
"type" : "long" | |
}, | |
"spyware_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"spyware_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"spyware_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_phone_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_user_dn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_user_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srckeyid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status_update" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sub_policy_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sub_policy_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subs_exp" : { | |
"type" : "date" | |
}, | |
"subscriber" : { | |
"type" : "ip" | |
}, | |
"summary" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"suppressed_logs" : { | |
"type" : "long" | |
}, | |
"sync" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sys_message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp_end_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp_flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp_packet_out_of_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"te_verdict_determined_by" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"termination_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ticket_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tls_server_host_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"top_archive_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"total_attachments" : { | |
"type" : "long" | |
}, | |
"triggered_by" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trusted_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"unique_detected_day" : { | |
"type" : "long" | |
}, | |
"unique_detected_hour" : { | |
"type" : "long" | |
}, | |
"unique_detected_week" : { | |
"type" : "long" | |
}, | |
"update_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vendor_list" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"verdict" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"via" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"virus_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_attach_action_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_attach_sz" : { | |
"type" : "long" | |
}, | |
"voip_call_dir" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_call_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_call_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_call_term_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_config" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_duration" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_est_codec" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_exp" : { | |
"type" : "long" | |
}, | |
"voip_from_user_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_log_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_media_codec" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_media_ipp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_media_port" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_reason_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_reg_int" : { | |
"type" : "long" | |
}, | |
"voip_reg_ipp" : { | |
"type" : "long" | |
}, | |
"voip_reg_period" : { | |
"type" : "long" | |
}, | |
"voip_reg_server" : { | |
"type" : "ip" | |
}, | |
"voip_reg_user_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_reject_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"voip_to_user_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpn_feature_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"watermark" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"web_server_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"word_list" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"cisco" : { | |
"properties" : { | |
"asa" : { | |
"properties" : { | |
"assigned_ip" : { | |
"type" : "ip" | |
}, | |
"burst" : { | |
"properties" : { | |
"avg_rate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"configured_avg_rate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"configured_rate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cumulative_count" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"current_rate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"object" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"command_line_arguments" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connection_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connection_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dap_records" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination_interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination_username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp_code" : { | |
"type" : "short" | |
}, | |
"icmp_type" : { | |
"type" : "short" | |
}, | |
"mapped_destination_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mapped_destination_ip" : { | |
"type" : "ip" | |
}, | |
"mapped_destination_port" : { | |
"type" : "long" | |
}, | |
"mapped_source_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mapped_source_ip" : { | |
"type" : "ip" | |
}, | |
"mapped_source_port" : { | |
"type" : "long" | |
}, | |
"message_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privilege" : { | |
"properties" : { | |
"new" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"old" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"rule_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"suffix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_level" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ftd" : { | |
"properties" : { | |
"connection_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connection_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dap_records" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination_interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination_username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp_code" : { | |
"type" : "short" | |
}, | |
"icmp_type" : { | |
"type" : "short" | |
}, | |
"mapped_destination_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mapped_destination_ip" : { | |
"type" : "ip" | |
}, | |
"mapped_destination_port" : { | |
"type" : "long" | |
}, | |
"mapped_source_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mapped_source_ip" : { | |
"type" : "ip" | |
}, | |
"mapped_source_port" : { | |
"type" : "long" | |
}, | |
"message_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"security" : { | |
"type" : "object" | |
}, | |
"source_interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"suffix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_level" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ios" : { | |
"properties" : { | |
"access_list" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"facility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"client" : { | |
"properties" : { | |
"address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geo" : { | |
"properties" : { | |
"city_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"continent_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"packets" : { | |
"type" : "long" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"registered_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"top_level_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"cloud" : { | |
"properties" : { | |
"account" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"availability_zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"image" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"instance" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"machine" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"project" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"provider" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"code_signature" : { | |
"properties" : { | |
"exists" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trusted" : { | |
"type" : "boolean" | |
}, | |
"valid" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"container" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"image" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"labels" : { | |
"type" : "object" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"runtime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"coredns" : { | |
"properties" : { | |
"dnssec_ok" : { | |
"type" : "boolean" | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"query" : { | |
"properties" : { | |
"class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"response" : { | |
"properties" : { | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"crowdstrike" : { | |
"properties" : { | |
"event" : { | |
"properties" : { | |
"AuditKeyValues" : { | |
"type" : "nested" | |
}, | |
"CommandLine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Commands" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ComputerName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ConnectionDirection" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"CustomerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"DetectDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"DetectId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"DetectName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"DeviceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"EndTimestamp" : { | |
"type" : "date" | |
}, | |
"EventType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ExecutablesWritten" : { | |
"type" : "nested" | |
}, | |
"FalconHostLink" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"FileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"FilePath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"FineScore" : { | |
"type" : "float" | |
}, | |
"Flags" : { | |
"properties" : { | |
"Audit" : { | |
"type" : "boolean" | |
}, | |
"Log" : { | |
"type" : "boolean" | |
}, | |
"Monitor" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"GrandparentCommandLine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"GrandparentImageFileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"HostName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"HostnameField" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ICMPCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ICMPType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"IOCType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"IOCValue" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ImageFileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"IncidentEndTime" : { | |
"type" : "date" | |
}, | |
"IncidentStartTime" : { | |
"type" : "date" | |
}, | |
"Ipv" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LateralMovement" : { | |
"type" : "long" | |
}, | |
"LocalAddress" : { | |
"type" : "ip" | |
}, | |
"LocalIP" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LocalPort" : { | |
"type" : "long" | |
}, | |
"MACAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MD5String" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MachineDomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MatchCount" : { | |
"type" : "long" | |
}, | |
"MatchCountSinceLastReport" : { | |
"type" : "long" | |
}, | |
"NetworkProfile" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Objective" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"OperationName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"PID" : { | |
"type" : "long" | |
}, | |
"ParentCommandLine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ParentImageFileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ParentProcessId" : { | |
"type" : "long" | |
}, | |
"PatternDispositionDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"PatternDispositionFlags" : { | |
"type" : "object" | |
}, | |
"PatternDispositionValue" : { | |
"type" : "long" | |
}, | |
"PolicyID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"PolicyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ProcessEndTime" : { | |
"type" : "date" | |
}, | |
"ProcessId" : { | |
"type" : "long" | |
}, | |
"ProcessStartTime" : { | |
"type" : "date" | |
}, | |
"Protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"RemoteAddress" : { | |
"type" : "ip" | |
}, | |
"RemotePort" : { | |
"type" : "long" | |
}, | |
"RuleAction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"RuleDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"RuleFamilyID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"RuleGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"RuleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"RuleName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SHA1String" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SHA256String" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SensorId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ServiceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SessionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Severity" : { | |
"type" : "long" | |
}, | |
"SeverityName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"StartTimestamp" : { | |
"type" : "date" | |
}, | |
"State" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Success" : { | |
"type" : "boolean" | |
}, | |
"Tactic" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Technique" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Timestamp" : { | |
"type" : "date" | |
}, | |
"TreeID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"UTCTimestamp" : { | |
"type" : "date" | |
}, | |
"UserId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"UserIp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"UserName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"metadata" : { | |
"properties" : { | |
"customerIDString" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventCreationTime" : { | |
"type" : "date" | |
}, | |
"eventType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"offset" : { | |
"type" : "long" | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"destination" : { | |
"properties" : { | |
"address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geo" : { | |
"properties" : { | |
"city_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"continent_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"packets" : { | |
"type" : "long" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"registered_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"top_level_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"dll" : { | |
"properties" : { | |
"code_signature" : { | |
"properties" : { | |
"exists" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trusted" : { | |
"type" : "boolean" | |
}, | |
"valid" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"hash" : { | |
"properties" : { | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha512" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pe" : { | |
"properties" : { | |
"company" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"original_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"product" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"dns" : { | |
"properties" : { | |
"answers" : { | |
"properties" : { | |
"class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ttl" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"header_flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"op_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"question" : { | |
"properties" : { | |
"class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registered_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subdomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"top_level_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"resolved_ip" : { | |
"type" : "ip" | |
}, | |
"response_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"docker" : { | |
"properties" : { | |
"attrs" : { | |
"type" : "object" | |
}, | |
"container" : { | |
"properties" : { | |
"labels" : { | |
"type" : "object" | |
} | |
} | |
} | |
} | |
}, | |
"ecs" : { | |
"properties" : { | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"elasticsearch" : { | |
"properties" : { | |
"audit" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"indices" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"layer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"origin" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"realm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"url" : { | |
"properties" : { | |
"params" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"user" : { | |
"properties" : { | |
"realm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roles" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"cluster" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"component" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deprecation" : { | |
"type" : "object" | |
}, | |
"gc" : { | |
"properties" : { | |
"heap" : { | |
"properties" : { | |
"size_kb" : { | |
"type" : "long" | |
}, | |
"used_kb" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"jvm_runtime_sec" : { | |
"type" : "float" | |
}, | |
"old_gen" : { | |
"properties" : { | |
"size_kb" : { | |
"type" : "long" | |
}, | |
"used_kb" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"phase" : { | |
"properties" : { | |
"class_unload_time_sec" : { | |
"type" : "float" | |
}, | |
"cpu_time" : { | |
"properties" : { | |
"real_sec" : { | |
"type" : "float" | |
}, | |
"sys_sec" : { | |
"type" : "float" | |
}, | |
"user_sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"duration_sec" : { | |
"type" : "float" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parallel_rescan_time_sec" : { | |
"type" : "float" | |
}, | |
"scrub_string_table_time_sec" : { | |
"type" : "float" | |
}, | |
"scrub_symbol_table_time_sec" : { | |
"type" : "float" | |
}, | |
"weak_refs_processing_time_sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"stopping_threads_time_sec" : { | |
"type" : "float" | |
}, | |
"tags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threads_total_stop_time_sec" : { | |
"type" : "float" | |
}, | |
"young_gen" : { | |
"properties" : { | |
"size_kb" : { | |
"type" : "long" | |
}, | |
"used_kb" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"index" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"node" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"server" : { | |
"properties" : { | |
"gc" : { | |
"properties" : { | |
"collection_duration" : { | |
"properties" : { | |
"ms" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"observation_duration" : { | |
"properties" : { | |
"ms" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"overhead_seq" : { | |
"type" : "long" | |
}, | |
"young" : { | |
"properties" : { | |
"one" : { | |
"type" : "long" | |
}, | |
"two" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"stacktrace" : { | |
"type" : "keyword", | |
"index" : false, | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"shard" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"slowlog" : { | |
"properties" : { | |
"extra_source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logger" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"routing" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"search_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stats" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"took" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"total_hits" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"total_shards" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"types" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"envoyproxy" : { | |
"properties" : { | |
"authority" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"proxy_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"response_flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"upstream_service_time" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"stack_trace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"errorCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"errorMessage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"created" : { | |
"type" : "date" | |
}, | |
"dataset" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration" : { | |
"type" : "long" | |
}, | |
"end" : { | |
"type" : "date" | |
}, | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ingested" : { | |
"type" : "date" | |
}, | |
"kind" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"module" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"original" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"outcome" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"provider" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk_score" : { | |
"type" : "float" | |
}, | |
"risk_score_norm" : { | |
"type" : "float" | |
}, | |
"sequence" : { | |
"type" : "long" | |
}, | |
"severity" : { | |
"type" : "long" | |
}, | |
"start" : { | |
"type" : "date" | |
}, | |
"timezone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"eventCategory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventSource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fields" : { | |
"type" : "object" | |
}, | |
"file" : { | |
"properties" : { | |
"accessed" : { | |
"type" : "date" | |
}, | |
"attributes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"code_signature" : { | |
"properties" : { | |
"exists" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trusted" : { | |
"type" : "boolean" | |
}, | |
"valid" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"created" : { | |
"type" : "date" | |
}, | |
"ctime" : { | |
"type" : "date" | |
}, | |
"device" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"drive_letter" : { | |
"type" : "keyword", | |
"ignore_above" : 1 | |
}, | |
"extension" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"gid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hash" : { | |
"properties" : { | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha512" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"inode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mime_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mtime" : { | |
"type" : "date" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"owner" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"pe" : { | |
"properties" : { | |
"company" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"original_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"product" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"size" : { | |
"type" : "long" | |
}, | |
"target_path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"fileset" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"forcepoint" : { | |
"properties" : { | |
"virus_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"fortinet" : { | |
"properties" : { | |
"file" : { | |
"properties" : { | |
"hash" : { | |
"properties" : { | |
"crc32" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"firewall" : { | |
"properties" : { | |
"acct_stat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"acktime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"act" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"activity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"addr" : { | |
"type" : "ip" | |
}, | |
"addr_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"addrgrp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"adgroup" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"admin" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"age" : { | |
"type" : "long" | |
}, | |
"agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"alarmid" : { | |
"type" : "long" | |
}, | |
"alert" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"analyticscksum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"analyticssubmit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ap" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app-type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"appact" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"appid" : { | |
"type" : "long" | |
}, | |
"applist" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"apprisk" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"apscan" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"apsn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"apstatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aptype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assigned" : { | |
"type" : "ip" | |
}, | |
"assignip" : { | |
"type" : "ip" | |
}, | |
"attachment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attack" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attackcontext" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attackcontextid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attackid" : { | |
"type" : "long" | |
}, | |
"auditid" : { | |
"type" : "long" | |
}, | |
"auditscore" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"audittime" : { | |
"type" : "long" | |
}, | |
"authgrp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"authid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"authproto" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"authserver" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bandwidth" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"banned_rule" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"banned_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"banword" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"botnetdomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"botnetip" : { | |
"type" : "ip" | |
}, | |
"bssid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"call_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"carrier_ep" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cat" : { | |
"type" : "long" | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cdrcontent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"centralnatid" : { | |
"type" : "long" | |
}, | |
"cert" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert-type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certhash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cfgattr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cfgobj" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cfgpath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cfgtid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cfgtxpower" : { | |
"type" : "long" | |
}, | |
"channel" : { | |
"type" : "long" | |
}, | |
"channeltype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"chassisid" : { | |
"type" : "long" | |
}, | |
"checksum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"chgheaders" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cldobjid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_addr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cloudaction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"clouduser" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"column" : { | |
"type" : "long" | |
}, | |
"command" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"community" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"configcountry" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connection_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"conserve" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"constraint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"contentdisarmed" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"contenttype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cookies" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"count" : { | |
"type" : "long" | |
}, | |
"countapp" : { | |
"type" : "long" | |
}, | |
"countav" : { | |
"type" : "long" | |
}, | |
"countcifs" : { | |
"type" : "long" | |
}, | |
"countdlp" : { | |
"type" : "long" | |
}, | |
"countdns" : { | |
"type" : "long" | |
}, | |
"countemail" : { | |
"type" : "long" | |
}, | |
"countff" : { | |
"type" : "long" | |
}, | |
"countips" : { | |
"type" : "long" | |
}, | |
"countssh" : { | |
"type" : "long" | |
}, | |
"countssl" : { | |
"type" : "long" | |
}, | |
"countwaf" : { | |
"type" : "long" | |
}, | |
"countweb" : { | |
"type" : "long" | |
}, | |
"cpu" : { | |
"type" : "long" | |
}, | |
"craction" : { | |
"type" : "long" | |
}, | |
"criticalcount" : { | |
"type" : "long" | |
}, | |
"crl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"crlevel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"crscore" : { | |
"type" : "long" | |
}, | |
"cveid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"daemon" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"datarange" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"date" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ddnsserver" : { | |
"type" : "ip" | |
}, | |
"desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"detectionmethod" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"devcategory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"devintfname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"devtype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dhcp_msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dintf" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"disk" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"disklograte" : { | |
"type" : "long" | |
}, | |
"dlpextra" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"docsource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domainctrlauthstate" : { | |
"type" : "long" | |
}, | |
"domainctrlauthtype" : { | |
"type" : "long" | |
}, | |
"domainctrldomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domainctrlip" : { | |
"type" : "ip" | |
}, | |
"domainctrlname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domainctrlprotocoltype" : { | |
"type" : "long" | |
}, | |
"domainctrlusername" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domainfilteridx" : { | |
"type" : "long" | |
}, | |
"domainfilterlist" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dst_int" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstcountry" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstdevcategory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstdevtype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstfamily" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dsthwvendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dsthwversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstinetsvc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstintfrole" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstosname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstosversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstserver" : { | |
"type" : "long" | |
}, | |
"dstssid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstswversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstunauthusersource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstuuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eapolcnt" : { | |
"type" : "long" | |
}, | |
"eapoltype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"encrypt" : { | |
"type" : "long" | |
}, | |
"encryption" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"epoch" : { | |
"type" : "long" | |
}, | |
"espauth" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"esptransform" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"exch" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"exchange" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"expectedsignature" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"expiry" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fams_pause" : { | |
"type" : "long" | |
}, | |
"fazlograte" : { | |
"type" : "long" | |
}, | |
"fctemssn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fctuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"field" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filefilter" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filehashsrc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filtercat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filteridx" : { | |
"type" : "long" | |
}, | |
"filtername" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filtertype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fortiguardresp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"forwardedfor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fqdn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"frametype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"freediskstorage" : { | |
"type" : "long" | |
}, | |
"from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"from_vcluster" : { | |
"type" : "long" | |
}, | |
"fsaverdict" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fwserver_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"gateway" : { | |
"type" : "ip" | |
}, | |
"green" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupid" : { | |
"type" : "long" | |
}, | |
"ha-prio" : { | |
"type" : "long" | |
}, | |
"ha_group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ha_role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"handshake" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hbdn_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"highcount" : { | |
"type" : "long" | |
}, | |
"host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"iaid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmpcode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmpid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmptype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identifier" : { | |
"type" : "long" | |
}, | |
"in_spi" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"incidentserialno" : { | |
"type" : "long" | |
}, | |
"infected" : { | |
"type" : "long" | |
}, | |
"infectedfilelevel" : { | |
"type" : "long" | |
}, | |
"informationsource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"init" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"initiator" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"intf" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"invalidmac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"iptype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyword" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kind" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lanin" : { | |
"type" : "long" | |
}, | |
"lanout" : { | |
"type" : "long" | |
}, | |
"lease" : { | |
"type" : "long" | |
}, | |
"license_limit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"limit" : { | |
"type" : "long" | |
}, | |
"line" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"live" : { | |
"type" : "long" | |
}, | |
"local" : { | |
"type" : "ip" | |
}, | |
"log" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"login" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lowcount" : { | |
"type" : "long" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"malform_data" : { | |
"type" : "long" | |
}, | |
"malform_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"manuf" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"masterdstmac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mastersrcmac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mediumcount" : { | |
"type" : "long" | |
}, | |
"mem" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"meshmode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mgmtcnt" : { | |
"type" : "long" | |
}, | |
"mode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"module" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"monitor-name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"monitor-type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mpsk" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msgproto" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mtu" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"netid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"new_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"new_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"newchannel" : { | |
"type" : "long" | |
}, | |
"newchassisid" : { | |
"type" : "long" | |
}, | |
"newslot" : { | |
"type" : "long" | |
}, | |
"nextstat" : { | |
"type" : "long" | |
}, | |
"nf_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"noise" : { | |
"type" : "long" | |
}, | |
"old_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"old_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldchannel" : { | |
"type" : "long" | |
}, | |
"oldchassisid" : { | |
"type" : "long" | |
}, | |
"oldslot" : { | |
"type" : "long" | |
}, | |
"oldsn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldwprof" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"onwire" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"opercountry" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"opertxpower" : { | |
"type" : "long" | |
}, | |
"osname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"osversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"out_spi" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"outintf" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"passedcount" : { | |
"type" : "long" | |
}, | |
"passwd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"peer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"peer_notif" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"phase2_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"phone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pid" : { | |
"type" : "long" | |
}, | |
"policytype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"poolname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"portbegin" : { | |
"type" : "long" | |
}, | |
"portend" : { | |
"type" : "long" | |
}, | |
"probeproto" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"process" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"processtime" : { | |
"type" : "long" | |
}, | |
"profile" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"profile_vd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"profilegroup" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"profiletype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"qtypeval" : { | |
"type" : "long" | |
}, | |
"quarskip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quotaexceeded" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quotamax" : { | |
"type" : "long" | |
}, | |
"quotatype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quotaused" : { | |
"type" : "long" | |
}, | |
"radioband" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"radioid" : { | |
"type" : "long" | |
}, | |
"radioidclosest" : { | |
"type" : "long" | |
}, | |
"radioiddetected" : { | |
"type" : "long" | |
}, | |
"rate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rawdata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rawdataid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rcvddelta" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"received" : { | |
"type" : "long" | |
}, | |
"receivedsignature" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"red" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"referralurl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"remote" : { | |
"type" : "ip" | |
}, | |
"remotewtptime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reporttype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reqtype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rssi" : { | |
"type" : "long" | |
}, | |
"rsso_key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ruledata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ruletype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scanned" : { | |
"type" : "long" | |
}, | |
"scantime" : { | |
"type" : "long" | |
}, | |
"scope" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"security" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sensitivity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sensor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sentdelta" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"seq" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serial" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serialno" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"server" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"session_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sessionid" : { | |
"type" : "long" | |
}, | |
"setuprate" : { | |
"type" : "long" | |
}, | |
"severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"shaperdroprcvdbyte" : { | |
"type" : "long" | |
}, | |
"shaperdropsentbyte" : { | |
"type" : "long" | |
}, | |
"shaperperipdropbyte" : { | |
"type" : "long" | |
}, | |
"shaperperipname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"shaperrcvdname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"shapersentname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"shapingpolicyid" : { | |
"type" : "long" | |
}, | |
"signal" : { | |
"type" : "long" | |
}, | |
"size" : { | |
"type" : "long" | |
}, | |
"slot" : { | |
"type" : "long" | |
}, | |
"sn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"snclosest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sndetected" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"snmeshparent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"spi" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_int" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srccountry" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcfamily" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srchwvendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srchwversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcinetsvc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcintfrole" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcserver" : { | |
"type" : "long" | |
}, | |
"srcssid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcswversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcuuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sscname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ssid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sslaction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ssllocal" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sslremote" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stacount" : { | |
"type" : "long" | |
}, | |
"stage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stamac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stitch" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"submodule" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subservice" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subtype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"suspicious" : { | |
"type" : "long" | |
}, | |
"switchproto" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sync_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sync_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sysuptime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tamac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threattype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"to_vcluster" : { | |
"type" : "long" | |
}, | |
"total" : { | |
"type" : "long" | |
}, | |
"totalsession" : { | |
"type" : "long" | |
}, | |
"trace_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trandisp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transid" : { | |
"type" : "long" | |
}, | |
"translationid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trigger" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trueclntip" : { | |
"type" : "ip" | |
}, | |
"tunnelid" : { | |
"type" : "long" | |
}, | |
"tunnelip" : { | |
"type" : "ip" | |
}, | |
"tunneltype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ui" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"unauthusersource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"unit" : { | |
"type" : "long" | |
}, | |
"urlfilteridx" : { | |
"type" : "long" | |
}, | |
"urlfilterlist" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"urlsource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"urltype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"used" : { | |
"type" : "long" | |
}, | |
"used_for_type" : { | |
"type" : "long" | |
}, | |
"utmaction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vap" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vapmode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vcluster" : { | |
"type" : "long" | |
}, | |
"vcluster_member" : { | |
"type" : "long" | |
}, | |
"vcluster_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vdname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vendorurl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"virus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"virusid" : { | |
"type" : "long" | |
}, | |
"voip_proto" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpntunnel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpntype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vrf" : { | |
"type" : "long" | |
}, | |
"vulncat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vulnid" : { | |
"type" : "long" | |
}, | |
"vulnname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vwlid" : { | |
"type" : "long" | |
}, | |
"vwlquality" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vwlservice" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vwpvlanid" : { | |
"type" : "long" | |
}, | |
"wanin" : { | |
"type" : "long" | |
}, | |
"wanoptapptype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"wanout" : { | |
"type" : "long" | |
}, | |
"weakwepiv" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xauthgroup" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xauthuser" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xid" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"geo" : { | |
"properties" : { | |
"city_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"continent_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"googlecloud" : { | |
"properties" : { | |
"audit" : { | |
"properties" : { | |
"authentication_info" : { | |
"properties" : { | |
"authority_selector" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"principal_email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"method_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"num_response_items" : { | |
"type" : "long" | |
}, | |
"request" : { | |
"properties" : { | |
"filter" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"proto_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resource_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"request_metadata" : { | |
"properties" : { | |
"caller_ip" : { | |
"type" : "ip" | |
}, | |
"caller_supplied_user_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"resource_location" : { | |
"properties" : { | |
"current_locations" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"resource_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"response" : { | |
"properties" : { | |
"details" : { | |
"properties" : { | |
"group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kind" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"proto_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"service_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"destination" : { | |
"properties" : { | |
"instance" : { | |
"properties" : { | |
"project_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpc" : { | |
"properties" : { | |
"project_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetwork_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpc_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"firewall" : { | |
"properties" : { | |
"rule_details" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination_range" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"direction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"priority" : { | |
"type" : "long" | |
}, | |
"reference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_range" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_service_account" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_tag" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"target_service_account" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"target_tag" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"source" : { | |
"properties" : { | |
"instance" : { | |
"properties" : { | |
"project_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpc" : { | |
"properties" : { | |
"project_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetwork_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpc_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"vpcflow" : { | |
"properties" : { | |
"reporter" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rtt" : { | |
"properties" : { | |
"ms" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"gsuite" : { | |
"properties" : { | |
"actor" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"admin" : { | |
"properties" : { | |
"alert" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"api" : { | |
"properties" : { | |
"client" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"scopes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"application" : { | |
"properties" : { | |
"asp_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"edition" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enabled" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"licences_order_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"licences_purchased" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"package_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"bulk_upload" : { | |
"properties" : { | |
"failed" : { | |
"type" : "long" | |
}, | |
"total" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"chrome_licenses" : { | |
"properties" : { | |
"allowed" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enabled" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"chrome_os" : { | |
"properties" : { | |
"session_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"device" : { | |
"properties" : { | |
"command_details" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serial_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"distribution" : { | |
"properties" : { | |
"entity" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"domain" : { | |
"properties" : { | |
"alias" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"secondary_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"email" : { | |
"properties" : { | |
"log_search_filter" : { | |
"properties" : { | |
"end_date" : { | |
"type" : "date" | |
}, | |
"message_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recipient" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sender" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"start_date" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"quarantine_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"email_dump" : { | |
"properties" : { | |
"include_deleted" : { | |
"type" : "boolean" | |
}, | |
"package_content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"email_monitor" : { | |
"properties" : { | |
"dest_email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"level" : { | |
"properties" : { | |
"chat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"draft" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"incoming" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"outgoing" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"field" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"gateway" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"allowed_list" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"priorities" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"info_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"managed_configuration" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mdm" : { | |
"properties" : { | |
"token" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"mobile" : { | |
"properties" : { | |
"action" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"certificate" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"company_owned_devices" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"new_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"non_featured_services_selection" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oauth2" : { | |
"properties" : { | |
"application" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"service" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"old_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"org_unit" : { | |
"properties" : { | |
"full" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"print_server" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"printer" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"privilege" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"product" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sku" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"request" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"resource" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"role" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"rule" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"service" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"setting" : { | |
"properties" : { | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"url" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"user" : { | |
"properties" : { | |
"birthdate" : { | |
"type" : "date" | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nickname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"user_defined_setting" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"verification_method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"drive" : { | |
"properties" : { | |
"added_role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"billable" : { | |
"type" : "boolean" | |
}, | |
"destination_folder_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination_folder_title" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"owner" : { | |
"properties" : { | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"is_shared_drive" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"membership_change_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"new_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"old_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"old_visibility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"originating_app_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"primary_event" : { | |
"type" : "boolean" | |
}, | |
"removed_role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"shared_drive_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"shared_drive_settings_change_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sheets_import_range_recipient_doc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_folder_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_folder_title" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"target" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"target_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"visibility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"visibility_change" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"event" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"groups" : { | |
"properties" : { | |
"acl_permission" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"member" : { | |
"properties" : { | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"message" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"moderation_action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"new_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"old_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"setting" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"kind" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"login" : { | |
"properties" : { | |
"affected_email_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"challenge_method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"failure_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"is_second_factor" : { | |
"type" : "boolean" | |
}, | |
"is_suspicious" : { | |
"type" : "boolean" | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"organization" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"saml" : { | |
"properties" : { | |
"application_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"failure_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"initiated_by" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"orgunit_path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"second_level_status_code" : { | |
"type" : "long" | |
}, | |
"status_code" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"haproxy" : { | |
"properties" : { | |
"backend_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"backend_queue" : { | |
"type" : "long" | |
}, | |
"bind_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bytes_read" : { | |
"type" : "long" | |
}, | |
"client" : { | |
"type" : "object" | |
}, | |
"connection_wait_time_ms" : { | |
"type" : "long" | |
}, | |
"connections" : { | |
"properties" : { | |
"active" : { | |
"type" : "long" | |
}, | |
"backend" : { | |
"type" : "long" | |
}, | |
"frontend" : { | |
"type" : "long" | |
}, | |
"retries" : { | |
"type" : "long" | |
}, | |
"server" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"destination" : { | |
"type" : "object" | |
}, | |
"error_message" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"frontend_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geoip" : { | |
"type" : "object" | |
}, | |
"http" : { | |
"properties" : { | |
"request" : { | |
"properties" : { | |
"captured_cookie" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"captured_headers" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"raw_request_line" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"time_wait_ms" : { | |
"type" : "long" | |
}, | |
"time_wait_without_data_ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"response" : { | |
"properties" : { | |
"captured_cookie" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"captured_headers" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"mode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"server_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"server_queue" : { | |
"type" : "long" | |
}, | |
"source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp" : { | |
"properties" : { | |
"connection_waiting_time_ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"termination_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"time_backend_connect" : { | |
"type" : "long" | |
}, | |
"time_queue" : { | |
"type" : "long" | |
}, | |
"total_waiting_time_ms" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"hash" : { | |
"properties" : { | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha512" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"host" : { | |
"properties" : { | |
"architecture" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"containerized" : { | |
"type" : "boolean" | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geo" : { | |
"properties" : { | |
"city_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"continent_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hostname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"os" : { | |
"properties" : { | |
"build" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"codename" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"family" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"kernel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"platform" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uptime" : { | |
"type" : "long" | |
}, | |
"user" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"http" : { | |
"properties" : { | |
"request" : { | |
"properties" : { | |
"body" : { | |
"properties" : { | |
"bytes" : { | |
"type" : "long" | |
}, | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"referrer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"response" : { | |
"properties" : { | |
"body" : { | |
"properties" : { | |
"bytes" : { | |
"type" : "long" | |
}, | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"status_code" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ibmmq" : { | |
"properties" : { | |
"errorlog" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"arithinsert" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"commentinsert" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"errordescription" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"explanation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"installation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"qmgr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"icinga" : { | |
"properties" : { | |
"debug" : { | |
"properties" : { | |
"facility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"main" : { | |
"properties" : { | |
"facility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"startup" : { | |
"properties" : { | |
"facility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"icmp" : { | |
"properties" : { | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"igmp" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"iis" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"cookie" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geoip" : { | |
"type" : "object" | |
}, | |
"server_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"site_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sub_status" : { | |
"type" : "long" | |
}, | |
"user_agent" : { | |
"type" : "object" | |
}, | |
"win32_status" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"geoip" : { | |
"type" : "object" | |
}, | |
"queue_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reason_phrase" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"input" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"interface" : { | |
"properties" : { | |
"alias" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"iptables" : { | |
"properties" : { | |
"ether_type" : { | |
"type" : "long" | |
}, | |
"flow_label" : { | |
"type" : "long" | |
}, | |
"fragment_flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fragment_offset" : { | |
"type" : "long" | |
}, | |
"icmp" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"parameter" : { | |
"type" : "long" | |
}, | |
"redirect" : { | |
"type" : "ip" | |
}, | |
"seq" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"incomplete_bytes" : { | |
"type" : "long" | |
}, | |
"input_device" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"length" : { | |
"type" : "long" | |
}, | |
"output_device" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"precedence_bits" : { | |
"type" : "short" | |
}, | |
"tcp" : { | |
"properties" : { | |
"ack" : { | |
"type" : "long" | |
}, | |
"flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reserved_bits" : { | |
"type" : "short" | |
}, | |
"seq" : { | |
"type" : "long" | |
}, | |
"window" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tos" : { | |
"type" : "long" | |
}, | |
"ttl" : { | |
"type" : "long" | |
}, | |
"ubiquiti" : { | |
"properties" : { | |
"input_zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"output_zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_set" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"udp" : { | |
"properties" : { | |
"length" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"jolokia" : { | |
"properties" : { | |
"agent" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"secured" : { | |
"type" : "boolean" | |
}, | |
"server" : { | |
"properties" : { | |
"product" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"kafka" : { | |
"properties" : { | |
"block_timestamp" : { | |
"type" : "date" | |
}, | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log" : { | |
"properties" : { | |
"class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"component" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"thread" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trace" : { | |
"properties" : { | |
"class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
}, | |
"offset" : { | |
"type" : "long" | |
}, | |
"partition" : { | |
"type" : "long" | |
}, | |
"topic" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"kibana" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"meta" : { | |
"type" : "object" | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"kubernetes" : { | |
"properties" : { | |
"annotations" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"container" : { | |
"properties" : { | |
"image" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"deployment" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"labels" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"namespace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"node" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"pod" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"replicaset" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"statefulset" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"labels" : { | |
"type" : "object" | |
}, | |
"log" : { | |
"properties" : { | |
"file" : { | |
"properties" : { | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"level" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logger" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"offset" : { | |
"type" : "long" | |
}, | |
"origin" : { | |
"properties" : { | |
"file" : { | |
"properties" : { | |
"line" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"function" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"original" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source" : { | |
"properties" : { | |
"address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"syslog" : { | |
"properties" : { | |
"facility" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"priority" : { | |
"type" : "long" | |
}, | |
"severity" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"logstash" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"log_event" : { | |
"type" : "object" | |
}, | |
"module" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pipeline_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"thread" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
}, | |
"slowlog" : { | |
"properties" : { | |
"event" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"module" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"plugin_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"plugin_params" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"plugin_params_object" : { | |
"type" : "object" | |
}, | |
"plugin_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"thread" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"took_in_millis" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"managementEvent" : { | |
"type" : "boolean" | |
}, | |
"message" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"microsoft" : { | |
"properties" : { | |
"defender_atp" : { | |
"properties" : { | |
"assignedTo" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"classification" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"determination" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"evidence" : { | |
"properties" : { | |
"aadUserId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"accountName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domainName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"entityType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipAddress" : { | |
"type" : "ip" | |
}, | |
"userPrincipalName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"incidentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"investigationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"investigationState" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastUpdateTime" : { | |
"type" : "date" | |
}, | |
"rbacGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resolvedTime" : { | |
"type" : "date" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threatFamilyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"misp" : { | |
"properties" : { | |
"attack_pattern" : { | |
"properties" : { | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kill_chain_phases" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"campaign" : { | |
"properties" : { | |
"aliases" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"first_seen" : { | |
"type" : "date" | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"last_seen" : { | |
"type" : "date" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"objective" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"course_of_action" : { | |
"properties" : { | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"identity" : { | |
"properties" : { | |
"contact_information" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identity_class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"labels" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sectors" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"intrusion_set" : { | |
"properties" : { | |
"aliases" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"first_seen" : { | |
"type" : "date" | |
}, | |
"goals" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"last_seen" : { | |
"type" : "date" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"primary_motivation" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"resource_level" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"secondary_motivations" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"malware" : { | |
"properties" : { | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kill_chain_phases" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"labels" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"note" : { | |
"properties" : { | |
"authors" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"object_refs" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"summary" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"observed_data" : { | |
"properties" : { | |
"first_observed" : { | |
"type" : "date" | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"last_observed" : { | |
"type" : "date" | |
}, | |
"number_observed" : { | |
"type" : "long" | |
}, | |
"objects" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"report" : { | |
"properties" : { | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"labels" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"object_refs" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"published" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"threat_actor" : { | |
"properties" : { | |
"aliases" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"goals" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"labels" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"personal_motivations" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"primary_motivation" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"resource_level" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"roles" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"secondary_motivations" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"sophistication" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"threat_indicator" : { | |
"properties" : { | |
"attack_pattern" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attack_pattern_kql" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"campaign" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"confidence" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"feed" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"intrusion_set" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kill_chain_phases" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"labels" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_tactic" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mitre_technique" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"negate" : { | |
"type" : "boolean" | |
}, | |
"severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_actor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"valid_from" : { | |
"type" : "date" | |
}, | |
"valid_until" : { | |
"type" : "date" | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tool" : { | |
"properties" : { | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kill_chain_phases" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"labels" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tool_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vulnerability" : { | |
"properties" : { | |
"description" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"mongodb" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"component" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"context" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"mssql" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"origin" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"mysql" : { | |
"properties" : { | |
"error" : { | |
"type" : "object" | |
}, | |
"slowlog" : { | |
"properties" : { | |
"bytes_received" : { | |
"type" : "long" | |
}, | |
"bytes_sent" : { | |
"type" : "long" | |
}, | |
"current_user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filesort" : { | |
"type" : "boolean" | |
}, | |
"filesort_on_disk" : { | |
"type" : "boolean" | |
}, | |
"full_join" : { | |
"type" : "boolean" | |
}, | |
"full_scan" : { | |
"type" : "boolean" | |
}, | |
"innodb" : { | |
"properties" : { | |
"io_r_bytes" : { | |
"type" : "long" | |
}, | |
"io_r_ops" : { | |
"type" : "long" | |
}, | |
"io_r_wait" : { | |
"properties" : { | |
"sec" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"pages_distinct" : { | |
"type" : "long" | |
}, | |
"queue_wait" : { | |
"properties" : { | |
"sec" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"rec_lock_wait" : { | |
"properties" : { | |
"sec" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"trx_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"killed" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"last_errno" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lock_time" : { | |
"properties" : { | |
"sec" : { | |
"type" : "float" | |
} | |
} | |
}, | |
"log_slow_rate_limit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_slow_rate_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"merge_passes" : { | |
"type" : "long" | |
}, | |
"priority_queue" : { | |
"type" : "boolean" | |
}, | |
"query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"query_cache_hit" : { | |
"type" : "boolean" | |
}, | |
"read_first" : { | |
"type" : "long" | |
}, | |
"read_key" : { | |
"type" : "long" | |
}, | |
"read_last" : { | |
"type" : "long" | |
}, | |
"read_next" : { | |
"type" : "long" | |
}, | |
"read_prev" : { | |
"type" : "long" | |
}, | |
"read_rnd" : { | |
"type" : "long" | |
}, | |
"read_rnd_next" : { | |
"type" : "long" | |
}, | |
"rows_affected" : { | |
"type" : "long" | |
}, | |
"rows_examined" : { | |
"type" : "long" | |
}, | |
"rows_sent" : { | |
"type" : "long" | |
}, | |
"schema" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sort_merge_passes" : { | |
"type" : "long" | |
}, | |
"sort_range_count" : { | |
"type" : "long" | |
}, | |
"sort_rows" : { | |
"type" : "long" | |
}, | |
"sort_scan_count" : { | |
"type" : "long" | |
}, | |
"tmp_disk_tables" : { | |
"type" : "long" | |
}, | |
"tmp_table" : { | |
"type" : "boolean" | |
}, | |
"tmp_table_on_disk" : { | |
"type" : "boolean" | |
}, | |
"tmp_table_sizes" : { | |
"type" : "long" | |
}, | |
"tmp_tables" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"thread_id" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"nats" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"client" : { | |
"properties" : { | |
"id" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"msg" : { | |
"properties" : { | |
"bytes" : { | |
"type" : "long" | |
}, | |
"error" : { | |
"properties" : { | |
"message" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"max_messages" : { | |
"type" : "long" | |
}, | |
"queue_group" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"reply_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sid" : { | |
"type" : "long" | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"netflow" : { | |
"properties" : { | |
"absolute_error" : { | |
"type" : "double" | |
}, | |
"address_pool_high_threshold" : { | |
"type" : "long" | |
}, | |
"address_pool_low_threshold" : { | |
"type" : "long" | |
}, | |
"address_port_mapping_high_threshold" : { | |
"type" : "long" | |
}, | |
"address_port_mapping_low_threshold" : { | |
"type" : "long" | |
}, | |
"address_port_mapping_per_user_high_threshold" : { | |
"type" : "long" | |
}, | |
"anonymization_flags" : { | |
"type" : "long" | |
}, | |
"anonymization_technique" : { | |
"type" : "long" | |
}, | |
"application_category_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"application_description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"application_group_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"application_id" : { | |
"type" : "short" | |
}, | |
"application_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"application_sub_category_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bgp_destination_as_number" : { | |
"type" : "long" | |
}, | |
"bgp_next_adjacent_as_number" : { | |
"type" : "long" | |
}, | |
"bgp_next_hop_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"bgp_next_hop_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"bgp_prev_adjacent_as_number" : { | |
"type" : "long" | |
}, | |
"bgp_source_as_number" : { | |
"type" : "long" | |
}, | |
"bgp_validity_state" : { | |
"type" : "short" | |
}, | |
"biflow_direction" : { | |
"type" : "short" | |
}, | |
"class_id" : { | |
"type" : "long" | |
}, | |
"class_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"classification_engine_id" : { | |
"type" : "short" | |
}, | |
"collection_time_milliseconds" : { | |
"type" : "date" | |
}, | |
"collector_certificate" : { | |
"type" : "short" | |
}, | |
"collector_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"collector_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"collector_transport_port" : { | |
"type" : "long" | |
}, | |
"common_properties_id" : { | |
"type" : "long" | |
}, | |
"confidence_level" : { | |
"type" : "double" | |
}, | |
"connection_sum_duration_seconds" : { | |
"type" : "long" | |
}, | |
"connection_transaction_id" : { | |
"type" : "long" | |
}, | |
"data_link_frame_section" : { | |
"type" : "short" | |
}, | |
"data_link_frame_size" : { | |
"type" : "long" | |
}, | |
"data_link_frame_type" : { | |
"type" : "long" | |
}, | |
"data_records_reliability" : { | |
"type" : "boolean" | |
}, | |
"delta_flow_count" : { | |
"type" : "long" | |
}, | |
"destination_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"destination_ipv4_prefix" : { | |
"type" : "ip" | |
}, | |
"destination_ipv4_prefix_length" : { | |
"type" : "short" | |
}, | |
"destination_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"destination_ipv6_prefix" : { | |
"type" : "ip" | |
}, | |
"destination_ipv6_prefix_length" : { | |
"type" : "short" | |
}, | |
"destination_mac_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination_transport_port" : { | |
"type" : "long" | |
}, | |
"digest_hash_value" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_destination_ip_address" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_destination_ipv4_address" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_destination_ipv6_address" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_source_ip_address" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_source_ipv4_address" : { | |
"type" : "long" | |
}, | |
"distinct_count_of_source_ipv6_address" : { | |
"type" : "long" | |
}, | |
"dot1q_customer_dei" : { | |
"type" : "boolean" | |
}, | |
"dot1q_customer_destination_mac_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dot1q_customer_priority" : { | |
"type" : "short" | |
}, | |
"dot1q_customer_source_mac_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dot1q_customer_vlan_id" : { | |
"type" : "long" | |
}, | |
"dot1q_dei" : { | |
"type" : "boolean" | |
}, | |
"dot1q_priority" : { | |
"type" : "short" | |
}, | |
"dot1q_service_instance_id" : { | |
"type" : "long" | |
}, | |
"dot1q_service_instance_priority" : { | |
"type" : "short" | |
}, | |
"dot1q_service_instance_tag" : { | |
"type" : "short" | |
}, | |
"dot1q_vlan_id" : { | |
"type" : "long" | |
}, | |
"dropped_layer2_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"dropped_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"dropped_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"dropped_octet_total_count" : { | |
"type" : "long" | |
}, | |
"dropped_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"dropped_packet_total_count" : { | |
"type" : "long" | |
}, | |
"dst_traffic_index" : { | |
"type" : "long" | |
}, | |
"egress_broadcast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"egress_interface" : { | |
"type" : "long" | |
}, | |
"egress_interface_type" : { | |
"type" : "long" | |
}, | |
"egress_physical_interface" : { | |
"type" : "long" | |
}, | |
"egress_unicast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"egress_vrfid" : { | |
"type" : "long" | |
}, | |
"encrypted_technology" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engine_id" : { | |
"type" : "short" | |
}, | |
"engine_type" : { | |
"type" : "short" | |
}, | |
"ethernet_header_length" : { | |
"type" : "short" | |
}, | |
"ethernet_payload_length" : { | |
"type" : "long" | |
}, | |
"ethernet_total_length" : { | |
"type" : "long" | |
}, | |
"ethernet_type" : { | |
"type" : "long" | |
}, | |
"export_interface" : { | |
"type" : "long" | |
}, | |
"export_protocol_version" : { | |
"type" : "short" | |
}, | |
"export_sctp_stream_id" : { | |
"type" : "long" | |
}, | |
"export_transport_protocol" : { | |
"type" : "short" | |
}, | |
"exported_flow_record_total_count" : { | |
"type" : "long" | |
}, | |
"exported_message_total_count" : { | |
"type" : "long" | |
}, | |
"exported_octet_total_count" : { | |
"type" : "long" | |
}, | |
"exporter" : { | |
"properties" : { | |
"address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_id" : { | |
"type" : "long" | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"uptime_millis" : { | |
"type" : "long" | |
}, | |
"version" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"exporter_certificate" : { | |
"type" : "short" | |
}, | |
"exporter_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"exporter_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"exporter_transport_port" : { | |
"type" : "long" | |
}, | |
"exporting_process_id" : { | |
"type" : "long" | |
}, | |
"external_address_realm" : { | |
"type" : "short" | |
}, | |
"firewall_event" : { | |
"type" : "short" | |
}, | |
"flags_and_sampler_id" : { | |
"type" : "long" | |
}, | |
"flow_active_timeout" : { | |
"type" : "long" | |
}, | |
"flow_direction" : { | |
"type" : "short" | |
}, | |
"flow_duration_microseconds" : { | |
"type" : "long" | |
}, | |
"flow_duration_milliseconds" : { | |
"type" : "long" | |
}, | |
"flow_end_delta_microseconds" : { | |
"type" : "long" | |
}, | |
"flow_end_microseconds" : { | |
"type" : "date" | |
}, | |
"flow_end_milliseconds" : { | |
"type" : "date" | |
}, | |
"flow_end_nanoseconds" : { | |
"type" : "date" | |
}, | |
"flow_end_reason" : { | |
"type" : "short" | |
}, | |
"flow_end_seconds" : { | |
"type" : "date" | |
}, | |
"flow_end_sys_up_time" : { | |
"type" : "long" | |
}, | |
"flow_id" : { | |
"type" : "long" | |
}, | |
"flow_idle_timeout" : { | |
"type" : "long" | |
}, | |
"flow_key_indicator" : { | |
"type" : "long" | |
}, | |
"flow_label_ipv6" : { | |
"type" : "long" | |
}, | |
"flow_sampling_time_interval" : { | |
"type" : "long" | |
}, | |
"flow_sampling_time_spacing" : { | |
"type" : "long" | |
}, | |
"flow_selected_flow_delta_count" : { | |
"type" : "long" | |
}, | |
"flow_selected_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"flow_selected_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"flow_selector_algorithm" : { | |
"type" : "long" | |
}, | |
"flow_start_delta_microseconds" : { | |
"type" : "long" | |
}, | |
"flow_start_microseconds" : { | |
"type" : "date" | |
}, | |
"flow_start_milliseconds" : { | |
"type" : "date" | |
}, | |
"flow_start_nanoseconds" : { | |
"type" : "date" | |
}, | |
"flow_start_seconds" : { | |
"type" : "date" | |
}, | |
"flow_start_sys_up_time" : { | |
"type" : "long" | |
}, | |
"forwarding_status" : { | |
"type" : "short" | |
}, | |
"fragment_flags" : { | |
"type" : "short" | |
}, | |
"fragment_identification" : { | |
"type" : "long" | |
}, | |
"fragment_offset" : { | |
"type" : "long" | |
}, | |
"global_address_mapping_high_threshold" : { | |
"type" : "long" | |
}, | |
"gre_key" : { | |
"type" : "long" | |
}, | |
"hash_digest_output" : { | |
"type" : "boolean" | |
}, | |
"hash_flow_domain" : { | |
"type" : "long" | |
}, | |
"hash_initialiser_value" : { | |
"type" : "long" | |
}, | |
"hash_ip_payload_offset" : { | |
"type" : "long" | |
}, | |
"hash_ip_payload_size" : { | |
"type" : "long" | |
}, | |
"hash_output_range_max" : { | |
"type" : "long" | |
}, | |
"hash_output_range_min" : { | |
"type" : "long" | |
}, | |
"hash_selected_range_max" : { | |
"type" : "long" | |
}, | |
"hash_selected_range_min" : { | |
"type" : "long" | |
}, | |
"http_content_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_message_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_reason_phrase" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_request_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_request_method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_request_target" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_status_code" : { | |
"type" : "long" | |
}, | |
"http_user_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp_code_ipv4" : { | |
"type" : "short" | |
}, | |
"icmp_code_ipv6" : { | |
"type" : "short" | |
}, | |
"icmp_type_code_ipv4" : { | |
"type" : "long" | |
}, | |
"icmp_type_code_ipv6" : { | |
"type" : "long" | |
}, | |
"icmp_type_ipv4" : { | |
"type" : "short" | |
}, | |
"icmp_type_ipv6" : { | |
"type" : "short" | |
}, | |
"igmp_type" : { | |
"type" : "short" | |
}, | |
"ignored_data_record_total_count" : { | |
"type" : "long" | |
}, | |
"ignored_layer2_frame_total_count" : { | |
"type" : "long" | |
}, | |
"ignored_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"ignored_octet_total_count" : { | |
"type" : "long" | |
}, | |
"ignored_packet_total_count" : { | |
"type" : "long" | |
}, | |
"information_element_data_type" : { | |
"type" : "short" | |
}, | |
"information_element_description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"information_element_id" : { | |
"type" : "long" | |
}, | |
"information_element_index" : { | |
"type" : "long" | |
}, | |
"information_element_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"information_element_range_begin" : { | |
"type" : "long" | |
}, | |
"information_element_range_end" : { | |
"type" : "long" | |
}, | |
"information_element_semantics" : { | |
"type" : "short" | |
}, | |
"information_element_units" : { | |
"type" : "long" | |
}, | |
"ingress_broadcast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"ingress_interface" : { | |
"type" : "long" | |
}, | |
"ingress_interface_type" : { | |
"type" : "long" | |
}, | |
"ingress_multicast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"ingress_physical_interface" : { | |
"type" : "long" | |
}, | |
"ingress_unicast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"ingress_vrfid" : { | |
"type" : "long" | |
}, | |
"initiator_octets" : { | |
"type" : "long" | |
}, | |
"initiator_packets" : { | |
"type" : "long" | |
}, | |
"interface_description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"interface_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"intermediate_process_id" : { | |
"type" : "long" | |
}, | |
"internal_address_realm" : { | |
"type" : "short" | |
}, | |
"ip_class_of_service" : { | |
"type" : "short" | |
}, | |
"ip_diff_serv_code_point" : { | |
"type" : "short" | |
}, | |
"ip_header_length" : { | |
"type" : "short" | |
}, | |
"ip_header_packet_section" : { | |
"type" : "short" | |
}, | |
"ip_next_hop_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"ip_next_hop_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"ip_payload_length" : { | |
"type" : "long" | |
}, | |
"ip_payload_packet_section" : { | |
"type" : "short" | |
}, | |
"ip_precedence" : { | |
"type" : "short" | |
}, | |
"ip_sec_spi" : { | |
"type" : "long" | |
}, | |
"ip_total_length" : { | |
"type" : "long" | |
}, | |
"ip_ttl" : { | |
"type" : "short" | |
}, | |
"ip_version" : { | |
"type" : "short" | |
}, | |
"ipv4_ihl" : { | |
"type" : "short" | |
}, | |
"ipv4_options" : { | |
"type" : "long" | |
}, | |
"ipv4_router_sc" : { | |
"type" : "ip" | |
}, | |
"ipv6_extension_headers" : { | |
"type" : "long" | |
}, | |
"is_multicast" : { | |
"type" : "short" | |
}, | |
"layer2_frame_delta_count" : { | |
"type" : "long" | |
}, | |
"layer2_frame_total_count" : { | |
"type" : "long" | |
}, | |
"layer2_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"layer2_octet_delta_sum_of_squares" : { | |
"type" : "long" | |
}, | |
"layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"layer2_octet_total_sum_of_squares" : { | |
"type" : "long" | |
}, | |
"layer2_segment_id" : { | |
"type" : "long" | |
}, | |
"layer2packet_section_data" : { | |
"type" : "short" | |
}, | |
"layer2packet_section_offset" : { | |
"type" : "long" | |
}, | |
"layer2packet_section_size" : { | |
"type" : "long" | |
}, | |
"line_card_id" : { | |
"type" : "long" | |
}, | |
"lower_ci_limit" : { | |
"type" : "double" | |
}, | |
"max_bib_entries" : { | |
"type" : "long" | |
}, | |
"max_entries_per_user" : { | |
"type" : "long" | |
}, | |
"max_export_seconds" : { | |
"type" : "date" | |
}, | |
"max_flow_end_microseconds" : { | |
"type" : "date" | |
}, | |
"max_flow_end_milliseconds" : { | |
"type" : "date" | |
}, | |
"max_flow_end_nanoseconds" : { | |
"type" : "date" | |
}, | |
"max_flow_end_seconds" : { | |
"type" : "date" | |
}, | |
"max_fragments_pending_reassembly" : { | |
"type" : "long" | |
}, | |
"max_session_entries" : { | |
"type" : "long" | |
}, | |
"max_subscribers" : { | |
"type" : "long" | |
}, | |
"maximum_ip_total_length" : { | |
"type" : "long" | |
}, | |
"maximum_layer2_total_length" : { | |
"type" : "long" | |
}, | |
"maximum_ttl" : { | |
"type" : "short" | |
}, | |
"message_md5_checksum" : { | |
"type" : "short" | |
}, | |
"message_scope" : { | |
"type" : "short" | |
}, | |
"metering_process_id" : { | |
"type" : "long" | |
}, | |
"metro_evc_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"metro_evc_type" : { | |
"type" : "short" | |
}, | |
"mib_capture_time_semantics" : { | |
"type" : "short" | |
}, | |
"mib_context_engine_id" : { | |
"type" : "short" | |
}, | |
"mib_context_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mib_index_indicator" : { | |
"type" : "long" | |
}, | |
"mib_module_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mib_object_description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mib_object_identifier" : { | |
"type" : "short" | |
}, | |
"mib_object_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mib_object_syntax" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mib_object_value_bits" : { | |
"type" : "short" | |
}, | |
"mib_object_value_counter" : { | |
"type" : "long" | |
}, | |
"mib_object_value_gauge" : { | |
"type" : "long" | |
}, | |
"mib_object_value_integer" : { | |
"type" : "long" | |
}, | |
"mib_object_value_ip_address" : { | |
"type" : "ip" | |
}, | |
"mib_object_value_octet_string" : { | |
"type" : "short" | |
}, | |
"mib_object_value_oid" : { | |
"type" : "short" | |
}, | |
"mib_object_value_time_ticks" : { | |
"type" : "long" | |
}, | |
"mib_object_value_unsigned" : { | |
"type" : "long" | |
}, | |
"mib_sub_identifier" : { | |
"type" : "long" | |
}, | |
"min_export_seconds" : { | |
"type" : "date" | |
}, | |
"min_flow_start_microseconds" : { | |
"type" : "date" | |
}, | |
"min_flow_start_milliseconds" : { | |
"type" : "date" | |
}, | |
"min_flow_start_nanoseconds" : { | |
"type" : "date" | |
}, | |
"min_flow_start_seconds" : { | |
"type" : "date" | |
}, | |
"minimum_ip_total_length" : { | |
"type" : "long" | |
}, | |
"minimum_layer2_total_length" : { | |
"type" : "long" | |
}, | |
"minimum_ttl" : { | |
"type" : "short" | |
}, | |
"mobile_imsi" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mobile_msisdn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"monitoring_interval_end_milli_seconds" : { | |
"type" : "date" | |
}, | |
"monitoring_interval_start_milli_seconds" : { | |
"type" : "date" | |
}, | |
"mpls_label_stack_depth" : { | |
"type" : "long" | |
}, | |
"mpls_label_stack_length" : { | |
"type" : "long" | |
}, | |
"mpls_label_stack_section" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section10" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section2" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section3" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section4" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section5" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section6" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section7" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section8" : { | |
"type" : "short" | |
}, | |
"mpls_label_stack_section9" : { | |
"type" : "short" | |
}, | |
"mpls_payload_length" : { | |
"type" : "long" | |
}, | |
"mpls_payload_packet_section" : { | |
"type" : "short" | |
}, | |
"mpls_top_label_exp" : { | |
"type" : "short" | |
}, | |
"mpls_top_label_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"mpls_top_label_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"mpls_top_label_prefix_length" : { | |
"type" : "short" | |
}, | |
"mpls_top_label_stack_section" : { | |
"type" : "short" | |
}, | |
"mpls_top_label_ttl" : { | |
"type" : "short" | |
}, | |
"mpls_top_label_type" : { | |
"type" : "short" | |
}, | |
"mpls_vpn_route_distinguisher" : { | |
"type" : "short" | |
}, | |
"multicast_replication_factor" : { | |
"type" : "long" | |
}, | |
"nat_event" : { | |
"type" : "short" | |
}, | |
"nat_instance_id" : { | |
"type" : "long" | |
}, | |
"nat_originating_address_realm" : { | |
"type" : "short" | |
}, | |
"nat_pool_id" : { | |
"type" : "long" | |
}, | |
"nat_pool_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat_quota_exceeded_event" : { | |
"type" : "long" | |
}, | |
"nat_threshold_event" : { | |
"type" : "long" | |
}, | |
"nat_type" : { | |
"type" : "short" | |
}, | |
"new_connection_delta_count" : { | |
"type" : "long" | |
}, | |
"next_header_ipv6" : { | |
"type" : "short" | |
}, | |
"not_sent_flow_total_count" : { | |
"type" : "long" | |
}, | |
"not_sent_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"not_sent_octet_total_count" : { | |
"type" : "long" | |
}, | |
"not_sent_packet_total_count" : { | |
"type" : "long" | |
}, | |
"observation_domain_id" : { | |
"type" : "long" | |
}, | |
"observation_domain_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"observation_point_id" : { | |
"type" : "long" | |
}, | |
"observation_point_type" : { | |
"type" : "short" | |
}, | |
"observation_time_microseconds" : { | |
"type" : "date" | |
}, | |
"observation_time_milliseconds" : { | |
"type" : "date" | |
}, | |
"observation_time_nanoseconds" : { | |
"type" : "date" | |
}, | |
"observation_time_seconds" : { | |
"type" : "date" | |
}, | |
"observed_flow_total_count" : { | |
"type" : "long" | |
}, | |
"octet_delta_count" : { | |
"type" : "long" | |
}, | |
"octet_delta_sum_of_squares" : { | |
"type" : "long" | |
}, | |
"octet_total_count" : { | |
"type" : "long" | |
}, | |
"octet_total_sum_of_squares" : { | |
"type" : "long" | |
}, | |
"opaque_octets" : { | |
"type" : "short" | |
}, | |
"original_exporter_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"original_exporter_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"original_flows_completed" : { | |
"type" : "long" | |
}, | |
"original_flows_initiated" : { | |
"type" : "long" | |
}, | |
"original_flows_present" : { | |
"type" : "long" | |
}, | |
"original_observation_domain_id" : { | |
"type" : "long" | |
}, | |
"p2p_technology" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"packet_delta_count" : { | |
"type" : "long" | |
}, | |
"packet_total_count" : { | |
"type" : "long" | |
}, | |
"padding_octets" : { | |
"type" : "short" | |
}, | |
"payload_length_ipv6" : { | |
"type" : "long" | |
}, | |
"port_id" : { | |
"type" : "long" | |
}, | |
"port_range_end" : { | |
"type" : "long" | |
}, | |
"port_range_num_ports" : { | |
"type" : "long" | |
}, | |
"port_range_start" : { | |
"type" : "long" | |
}, | |
"port_range_step_size" : { | |
"type" : "long" | |
}, | |
"post_destination_mac_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"post_dot1q_customer_vlan_id" : { | |
"type" : "long" | |
}, | |
"post_dot1q_vlan_id" : { | |
"type" : "long" | |
}, | |
"post_ip_class_of_service" : { | |
"type" : "short" | |
}, | |
"post_ip_diff_serv_code_point" : { | |
"type" : "short" | |
}, | |
"post_ip_precedence" : { | |
"type" : "short" | |
}, | |
"post_layer2_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"post_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"post_mcast_layer2_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"post_mcast_layer2_octet_total_count" : { | |
"type" : "long" | |
}, | |
"post_mcast_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"post_mcast_octet_total_count" : { | |
"type" : "long" | |
}, | |
"post_mcast_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"post_mcast_packet_total_count" : { | |
"type" : "long" | |
}, | |
"post_mpls_top_label_exp" : { | |
"type" : "short" | |
}, | |
"post_napt_destination_transport_port" : { | |
"type" : "long" | |
}, | |
"post_napt_source_transport_port" : { | |
"type" : "long" | |
}, | |
"post_nat_destination_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"post_nat_destination_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"post_nat_source_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"post_nat_source_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"post_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"post_octet_total_count" : { | |
"type" : "long" | |
}, | |
"post_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"post_packet_total_count" : { | |
"type" : "long" | |
}, | |
"post_source_mac_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"post_vlan_id" : { | |
"type" : "long" | |
}, | |
"private_enterprise_number" : { | |
"type" : "long" | |
}, | |
"protocol_identifier" : { | |
"type" : "short" | |
}, | |
"pseudo_wire_control_word" : { | |
"type" : "long" | |
}, | |
"pseudo_wire_destination_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"pseudo_wire_id" : { | |
"type" : "long" | |
}, | |
"pseudo_wire_type" : { | |
"type" : "long" | |
}, | |
"relative_error" : { | |
"type" : "double" | |
}, | |
"responder_octets" : { | |
"type" : "long" | |
}, | |
"responder_packets" : { | |
"type" : "long" | |
}, | |
"rfc3550_jitter_microseconds" : { | |
"type" : "long" | |
}, | |
"rfc3550_jitter_milliseconds" : { | |
"type" : "long" | |
}, | |
"rfc3550_jitter_nanoseconds" : { | |
"type" : "long" | |
}, | |
"rtp_sequence_number" : { | |
"type" : "long" | |
}, | |
"sampler_id" : { | |
"type" : "short" | |
}, | |
"sampler_mode" : { | |
"type" : "short" | |
}, | |
"sampler_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sampler_random_interval" : { | |
"type" : "long" | |
}, | |
"sampling_algorithm" : { | |
"type" : "short" | |
}, | |
"sampling_flow_interval" : { | |
"type" : "long" | |
}, | |
"sampling_flow_spacing" : { | |
"type" : "long" | |
}, | |
"sampling_interval" : { | |
"type" : "long" | |
}, | |
"sampling_packet_interval" : { | |
"type" : "long" | |
}, | |
"sampling_packet_space" : { | |
"type" : "long" | |
}, | |
"sampling_population" : { | |
"type" : "long" | |
}, | |
"sampling_probability" : { | |
"type" : "double" | |
}, | |
"sampling_size" : { | |
"type" : "long" | |
}, | |
"sampling_time_interval" : { | |
"type" : "long" | |
}, | |
"sampling_time_space" : { | |
"type" : "long" | |
}, | |
"section_exported_octets" : { | |
"type" : "long" | |
}, | |
"section_offset" : { | |
"type" : "long" | |
}, | |
"selection_sequence_id" : { | |
"type" : "long" | |
}, | |
"selector_algorithm" : { | |
"type" : "long" | |
}, | |
"selector_id" : { | |
"type" : "long" | |
}, | |
"selector_id_total_flows_observed" : { | |
"type" : "long" | |
}, | |
"selector_id_total_flows_selected" : { | |
"type" : "long" | |
}, | |
"selector_id_total_pkts_observed" : { | |
"type" : "long" | |
}, | |
"selector_id_total_pkts_selected" : { | |
"type" : "long" | |
}, | |
"selector_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"session_scope" : { | |
"type" : "short" | |
}, | |
"source_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"source_ipv4_prefix" : { | |
"type" : "ip" | |
}, | |
"source_ipv4_prefix_length" : { | |
"type" : "short" | |
}, | |
"source_ipv6_address" : { | |
"type" : "ip" | |
}, | |
"source_ipv6_prefix" : { | |
"type" : "ip" | |
}, | |
"source_ipv6_prefix_length" : { | |
"type" : "short" | |
}, | |
"source_mac_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source_transport_port" : { | |
"type" : "long" | |
}, | |
"source_transport_ports_limit" : { | |
"type" : "long" | |
}, | |
"src_traffic_index" : { | |
"type" : "long" | |
}, | |
"sta_ipv4_address" : { | |
"type" : "ip" | |
}, | |
"sta_mac_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"system_init_time_milliseconds" : { | |
"type" : "date" | |
}, | |
"tcp_ack_total_count" : { | |
"type" : "long" | |
}, | |
"tcp_acknowledgement_number" : { | |
"type" : "long" | |
}, | |
"tcp_control_bits" : { | |
"type" : "long" | |
}, | |
"tcp_destination_port" : { | |
"type" : "long" | |
}, | |
"tcp_fin_total_count" : { | |
"type" : "long" | |
}, | |
"tcp_header_length" : { | |
"type" : "short" | |
}, | |
"tcp_options" : { | |
"type" : "long" | |
}, | |
"tcp_psh_total_count" : { | |
"type" : "long" | |
}, | |
"tcp_rst_total_count" : { | |
"type" : "long" | |
}, | |
"tcp_sequence_number" : { | |
"type" : "long" | |
}, | |
"tcp_source_port" : { | |
"type" : "long" | |
}, | |
"tcp_syn_total_count" : { | |
"type" : "long" | |
}, | |
"tcp_urg_total_count" : { | |
"type" : "long" | |
}, | |
"tcp_urgent_pointer" : { | |
"type" : "long" | |
}, | |
"tcp_window_scale" : { | |
"type" : "long" | |
}, | |
"tcp_window_size" : { | |
"type" : "long" | |
}, | |
"template_id" : { | |
"type" : "long" | |
}, | |
"total_length_ipv4" : { | |
"type" : "long" | |
}, | |
"transport_octet_delta_count" : { | |
"type" : "long" | |
}, | |
"transport_packet_delta_count" : { | |
"type" : "long" | |
}, | |
"tunnel_technology" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"udp_destination_port" : { | |
"type" : "long" | |
}, | |
"udp_message_length" : { | |
"type" : "long" | |
}, | |
"udp_source_port" : { | |
"type" : "long" | |
}, | |
"upper_ci_limit" : { | |
"type" : "double" | |
}, | |
"user_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value_distribution_method" : { | |
"type" : "short" | |
}, | |
"virtual_station_interface_id" : { | |
"type" : "short" | |
}, | |
"virtual_station_interface_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"virtual_station_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"virtual_station_uuid" : { | |
"type" : "short" | |
}, | |
"vlan_id" : { | |
"type" : "long" | |
}, | |
"vpn_identifier" : { | |
"type" : "short" | |
}, | |
"vr_fname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"wlan_channel_id" : { | |
"type" : "short" | |
}, | |
"wlan_ssid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"wtp_mac_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"network" : { | |
"properties" : { | |
"application" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"community_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"direction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"forwarded_ip" : { | |
"type" : "ip" | |
}, | |
"iana_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inner" : { | |
"properties" : { | |
"vlan" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"interface" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"packets" : { | |
"type" : "long" | |
}, | |
"protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transport" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vlan" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"nginx" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"geoip" : { | |
"type" : "object" | |
}, | |
"user_agent" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"error" : { | |
"properties" : { | |
"connection_id" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ingress_controller" : { | |
"properties" : { | |
"geoip" : { | |
"type" : "object" | |
}, | |
"http" : { | |
"properties" : { | |
"request" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"length" : { | |
"type" : "long" | |
}, | |
"time" : { | |
"type" : "double" | |
} | |
} | |
} | |
} | |
}, | |
"upstream" : { | |
"properties" : { | |
"alternative_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"response" : { | |
"properties" : { | |
"length" : { | |
"type" : "long" | |
}, | |
"status_code" : { | |
"type" : "long" | |
}, | |
"time" : { | |
"type" : "double" | |
} | |
} | |
} | |
} | |
}, | |
"user_agent" : { | |
"type" : "object" | |
} | |
} | |
} | |
} | |
}, | |
"o365" : { | |
"properties" : { | |
"audit" : { | |
"properties" : { | |
"ActorContextId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ActorIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ActorUserId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ActorYammerUserId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"AlertEntityId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"AlertId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"AlertType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"AppId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ApplicationDisplayName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ApplicationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"AzureActiveDirectoryEventType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ClientAppId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ClientIP" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ClientIPAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ClientInfoString" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Comments" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"CorrelationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"CreationTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"CustomUniqueId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"DataType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"EntityType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"EventData" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"EventSource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ExceptionInfo" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"ExchangeMetaData" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"ExtendedProperties" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"ExternalAccess" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"GroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ImplicitShare" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"IncidentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"InterSystemsId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"InternalLogonType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"IntraSystemId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Item" : { | |
"properties" : { | |
"*" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
} | |
} | |
}, | |
"ItemName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ItemType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ListId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ListItemUniqueId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LogonError" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LogonType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LogonUserSid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MailboxGuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MailboxOwnerMasterAccountSid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MailboxOwnerSid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"MailboxOwnerUPN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Members" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"ModifiedProperties" : { | |
"properties" : { | |
"*" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
} | |
} | |
}, | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ObjectId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Operation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"OrganizationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"OrganizationName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"OriginatingServer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Parameters" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"PolicyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"RecordType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ResultStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SensitiveInfoDetectionIsIncluded" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SessionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SharePointMetaData" : { | |
"properties" : { | |
"*" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"Site" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SiteUrl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SourceFileExtension" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SourceFileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SourceRelativeUrl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SupportTicketId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"TargetContextId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"TargetUserOrGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"TargetUserOrGroupType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"TeamGuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"TeamName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"UniqueSharingId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"UserAgent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"UserId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"UserKey" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"UserType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"WebId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Workload" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"YammerNetworkId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"object_key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"observer" : { | |
"properties" : { | |
"egress" : { | |
"properties" : { | |
"interface" : { | |
"properties" : { | |
"alias" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vlan" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"geo" : { | |
"properties" : { | |
"city_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"continent_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hostname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ingress" : { | |
"properties" : { | |
"interface" : { | |
"properties" : { | |
"alias" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vlan" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"os" : { | |
"properties" : { | |
"family" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"kernel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"platform" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"product" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serial_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"okta" : { | |
"properties" : { | |
"actor" : { | |
"properties" : { | |
"alternate_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"display_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"authentication_context" : { | |
"properties" : { | |
"authentication_provider" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"authentication_step" : { | |
"type" : "long" | |
}, | |
"credential_provider" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"credential_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"external_session_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"client" : { | |
"properties" : { | |
"device" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"user_agent" : { | |
"properties" : { | |
"browser" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"os" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"raw_user_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"debug_context" : { | |
"properties" : { | |
"debug_data" : { | |
"properties" : { | |
"device_fingerprint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request_uri" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_suspected" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"display_message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"outcome" : { | |
"properties" : { | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"request" : { | |
"properties" : { | |
"ip_chain" : { | |
"properties" : { | |
"geographical_context" : { | |
"properties" : { | |
"city" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geolocation" : { | |
"type" : "geo_point" | |
}, | |
"postal_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"security_context" : { | |
"properties" : { | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"is_proxy" : { | |
"type" : "boolean" | |
}, | |
"isp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transaction" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"organization" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
}, | |
"os" : { | |
"properties" : { | |
"family" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"kernel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"platform" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"osquery" : { | |
"properties" : { | |
"result" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"calendar_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_identifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"unix_time" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"package" : { | |
"properties" : { | |
"architecture" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"build_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"checksum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"install_scope" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"installed" : { | |
"type" : "date" | |
}, | |
"license" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"panw" : { | |
"properties" : { | |
"panos" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destination" : { | |
"properties" : { | |
"interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"file" : { | |
"properties" : { | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"flow_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"network" : { | |
"properties" : { | |
"nat" : { | |
"properties" : { | |
"community_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"pcap_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ruleset" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sequence_number" : { | |
"type" : "long" | |
}, | |
"source" : { | |
"properties" : { | |
"interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"threat" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"url" : { | |
"properties" : { | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"pe" : { | |
"properties" : { | |
"company" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"original_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"product" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"postgresql" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"core_id" : { | |
"type" : "long" | |
}, | |
"database" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"error" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"query_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"query_step" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"timestamp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"process" : { | |
"properties" : { | |
"args" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"args_count" : { | |
"type" : "long" | |
}, | |
"code_signature" : { | |
"properties" : { | |
"exists" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trusted" : { | |
"type" : "boolean" | |
}, | |
"valid" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"command_line" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"entity_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"executable" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"exit_code" : { | |
"type" : "long" | |
}, | |
"hash" : { | |
"properties" : { | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha512" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"parent" : { | |
"properties" : { | |
"args" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"args_count" : { | |
"type" : "long" | |
}, | |
"code_signature" : { | |
"properties" : { | |
"exists" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trusted" : { | |
"type" : "boolean" | |
}, | |
"valid" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"command_line" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"entity_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"executable" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"exit_code" : { | |
"type" : "long" | |
}, | |
"hash" : { | |
"properties" : { | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha512" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"pgid" : { | |
"type" : "long" | |
}, | |
"pid" : { | |
"type" : "long" | |
}, | |
"ppid" : { | |
"type" : "long" | |
}, | |
"start" : { | |
"type" : "date" | |
}, | |
"thread" : { | |
"properties" : { | |
"id" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"title" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"uptime" : { | |
"type" : "long" | |
}, | |
"working_directory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
}, | |
"pe" : { | |
"properties" : { | |
"company" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"original_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"product" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"pgid" : { | |
"type" : "long" | |
}, | |
"pid" : { | |
"type" : "long" | |
}, | |
"ppid" : { | |
"type" : "long" | |
}, | |
"program" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"start" : { | |
"type" : "date" | |
}, | |
"thread" : { | |
"properties" : { | |
"id" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"title" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"uptime" : { | |
"type" : "long" | |
}, | |
"working_directory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
}, | |
"provider" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rabbitmq" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"pid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"readOnly" : { | |
"type" : "boolean" | |
}, | |
"recipientAccountId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"redis" : { | |
"properties" : { | |
"log" : { | |
"properties" : { | |
"role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"slowlog" : { | |
"properties" : { | |
"args" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cmd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration" : { | |
"properties" : { | |
"us" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"id" : { | |
"type" : "long" | |
}, | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"registry" : { | |
"properties" : { | |
"data" : { | |
"properties" : { | |
"bytes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"strings" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hive" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"related" : { | |
"properties" : { | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"requestID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestParameters" : { | |
"properties" : { | |
"AccessControlPolicy" : { | |
"properties" : { | |
"AccessControlList" : { | |
"properties" : { | |
"Grant" : { | |
"properties" : { | |
"Grantee" : { | |
"properties" : { | |
"ID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xmlns:xsi" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xsi:type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Permission" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"Owner" : { | |
"properties" : { | |
"ID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"BucketLoggingStatus" : { | |
"properties" : { | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"CORSConfiguration" : { | |
"properties" : { | |
"CORSRule" : { | |
"properties" : { | |
"AllowedMethod" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"AllowedOrigin" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"CreateBucketConfiguration" : { | |
"properties" : { | |
"LocationConstraint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"CreateLaunchTemplateRequest" : { | |
"properties" : { | |
"ClientToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LaunchTemplateData" : { | |
"properties" : { | |
"BlockDeviceMapping" : { | |
"properties" : { | |
"DeviceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Ebs" : { | |
"properties" : { | |
"VolumeSize" : { | |
"type" : "long" | |
}, | |
"VolumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"IamInstanceProfile" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ImageId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"InstanceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"KeyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SecurityGroupId" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"TagSpecification" : { | |
"properties" : { | |
"ResourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Tag" : { | |
"properties" : { | |
"Key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"UserData" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"LaunchTemplateName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"TagSpecification" : { | |
"properties" : { | |
"ResourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Tag" : { | |
"properties" : { | |
"Key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"VersionDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"CreateLaunchTemplateVersionRequest" : { | |
"properties" : { | |
"ClientToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LaunchTemplateData" : { | |
"properties" : { | |
"BlockDeviceMapping" : { | |
"properties" : { | |
"DeviceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Ebs" : { | |
"properties" : { | |
"VolumeSize" : { | |
"type" : "long" | |
}, | |
"VolumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"InstanceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"KeyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"TagSpecification" : { | |
"properties" : { | |
"ResourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Tag" : { | |
"properties" : { | |
"Key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"UserData" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"LaunchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"VersionDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DeleteLaunchTemplateRequest" : { | |
"properties" : { | |
"LaunchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DeleteNatGatewayRequest" : { | |
"properties" : { | |
"NatGatewayId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DescribeAddressesAttributeRequest" : { | |
"properties" : { | |
"AllocationId" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"Attribute" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DescribeCapacityReservationsRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeClientVpnEndpointsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeCoipPoolsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeEgressOnlyInternetGatewaysRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeFastSnapshotRestoresRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeFlowLogsRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeHostsRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeInstanceCreditSpecificationsRequest" : { | |
"properties" : { | |
"InstanceId" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"DescribeInstanceTypeOfferingsRequest" : { | |
"properties" : { | |
"LocationType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"NextToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DescribeInstanceTypesRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
}, | |
"NextToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DescribeIpv6PoolsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeLaunchTemplateVersionsRequest" : { | |
"properties" : { | |
"LaunchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"LaunchTemplateVersion" : { | |
"properties" : { | |
"content" : { | |
"type" : "long" | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"DescribeLaunchTemplatesRequest" : { | |
"properties" : { | |
"LaunchTemplateId" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeManagedPrefixListsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeNatGatewaysRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
}, | |
"NatGatewayId" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"DescribePublicIpv4PoolsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeReplaceRootVolumeTasksRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeSecurityGroupRulesRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeSpotFleetRequestsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
}, | |
"NextToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DescribeStaleSecurityGroupsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
}, | |
"VpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DescribeTrafficMirrorTargetsRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeVolumesModificationsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeVpcClassicLinkDnsSupportRequest" : { | |
"properties" : { | |
"VpcIds" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"DescribeVpcEndpointServiceConfigurationsRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"DescribeVpcEndpointServicesRequest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"DescribeVpcEndpointsRequest" : { | |
"properties" : { | |
"Filter" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"Description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"EnableFastSnapshotRestoresRequest" : { | |
"properties" : { | |
"AvailabilityZone" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"SourceSnapshotId" : { | |
"properties" : { | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"Filters" : { | |
"properties" : { | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Values" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"GetConsoleScreenshotRequest" : { | |
"properties" : { | |
"InstanceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"GetDefaultCreditSpecificationRequest" : { | |
"properties" : { | |
"InstanceFamily" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"GetEbsEncryptionByDefaultRequest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"GetManagedPrefixListEntriesRequest" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
}, | |
"PrefixListId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"GetSubnetCidrReservationsRequest" : { | |
"properties" : { | |
"SubnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"GroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Input" : { | |
"properties" : { | |
"MaxResults" : { | |
"type" : "long" | |
}, | |
"__type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"LifecycleConfiguration" : { | |
"properties" : { | |
"Rule" : { | |
"properties" : { | |
"Prefix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"MaxResults" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ModifyLaunchTemplateRequest" : { | |
"properties" : { | |
"LaunchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SetDefaultVersion" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ModifySecurityGroupRulesRequest" : { | |
"properties" : { | |
"GroupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SecurityGroupRule" : { | |
"properties" : { | |
"SecurityGroupRule" : { | |
"properties" : { | |
"CidrIpv4" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"FromPort" : { | |
"type" : "long" | |
}, | |
"IpProtocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ToPort" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"SecurityGroupRuleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tag" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"ModifyVolumeRequest" : { | |
"properties" : { | |
"Iops" : { | |
"type" : "long" | |
}, | |
"Size" : { | |
"type" : "long" | |
}, | |
"Throughput" : { | |
"type" : "long" | |
}, | |
"VolumeId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"VolumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"NotificationConfiguration" : { | |
"properties" : { | |
"TopicConfiguration" : { | |
"properties" : { | |
"Event" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Topic" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Operation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"PublicAccessBlockConfiguration" : { | |
"properties" : { | |
"BlockPublicAcls" : { | |
"type" : "boolean" | |
}, | |
"BlockPublicPolicy" : { | |
"type" : "boolean" | |
}, | |
"IgnorePublicAcls" : { | |
"type" : "boolean" | |
}, | |
"RestrictPublicBuckets" : { | |
"type" : "boolean" | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ResourceQuery" : { | |
"properties" : { | |
"Query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Tagging" : { | |
"properties" : { | |
"TagSet" : { | |
"properties" : { | |
"Tag" : { | |
"properties" : { | |
"Key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Tags" : { | |
"type" : "object" | |
}, | |
"Version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"WebsiteConfiguration" : { | |
"properties" : { | |
"ErrorDocument" : { | |
"properties" : { | |
"Key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"IndexDocument" : { | |
"properties" : { | |
"Suffix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"aWSServiceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"accelerate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"acceptedMediaTypes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"accepts" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"accessControlList" : { | |
"properties" : { | |
"x-amz-grant-full-control" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"accessKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"accountAttributeNameSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"attributeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"accountDetails" : { | |
"properties" : { | |
"accountId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"accountId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"accountIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"acl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aggregateField" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aggregators" : { | |
"properties" : { | |
"aggregatorType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aggregators" : { | |
"properties" : { | |
"aggregatorType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attributeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"typeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"attributeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"typeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"alarmName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"alarmNames" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"alarmTypes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"allAvailabilityZones" : { | |
"type" : "boolean" | |
}, | |
"allRegions" : { | |
"type" : "boolean" | |
}, | |
"allocationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"allocationIdsSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"allocationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"allowMajorVersionUpgrade" : { | |
"type" : "boolean" | |
}, | |
"allowReassociation" : { | |
"type" : "boolean" | |
}, | |
"amazonProvidedIpv6CidrBlock" : { | |
"type" : "boolean" | |
}, | |
"amiType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"applyImmediately" : { | |
"type" : "boolean" | |
}, | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assessmentRunArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assessmentRunArns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assessmentRunName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assessmentTargetArns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assessmentTemplateArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assessmentTemplateArns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"associationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"associationType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attachment" : { | |
"properties" : { | |
"attachmentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deleteOnTermination" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"attachmentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attribute" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attributeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attributes" : { | |
"properties" : { | |
"Policy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"autoMinorVersionUpgrade" : { | |
"type" : "boolean" | |
}, | |
"autoScalingGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"availabilityZoneId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"availabilityZoneIdSet" : { | |
"type" : "object" | |
}, | |
"availabilityZoneSet" : { | |
"type" : "object" | |
}, | |
"backupType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"blockDeviceMapping" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"deviceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ebs" : { | |
"properties" : { | |
"deleteOnTermination" : { | |
"type" : "boolean" | |
}, | |
"encrypted" : { | |
"type" : "boolean" | |
}, | |
"iops" : { | |
"type" : "long" | |
}, | |
"kmsKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"throughput" : { | |
"type" : "long" | |
}, | |
"volumeSize" : { | |
"type" : "long" | |
}, | |
"volumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"noDevice" : { | |
"type" : "object" | |
} | |
} | |
} | |
} | |
}, | |
"bucket" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bucketName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bucketPolicy" : { | |
"properties" : { | |
"Id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Statement" : { | |
"properties" : { | |
"Action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Effect" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Principal" : { | |
"properties" : { | |
"CanonicalUser" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Resource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Sid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"capacityRebalance" : { | |
"type" : "boolean" | |
}, | |
"capacityReservationSpecification" : { | |
"properties" : { | |
"capacityReservationPreference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"capacityType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificateArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificateStatuses" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"changeBatch" : { | |
"properties" : { | |
"changes" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceRecordSet" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceRecords" : { | |
"properties" : { | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tTL" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"checkId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"checkIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cidrBlock" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cidrIp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"clientRequestToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"clientToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cloudFrontOriginAccessIdentityConfig" : { | |
"properties" : { | |
"callerReference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"commitment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comparisonOperator" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"configurationARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"configurationType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"constraints" : { | |
"properties" : { | |
"encryptionContextEquals" : { | |
"properties" : { | |
"aws:acm:arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:cloudfront:arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"encryptionContextSubset" : { | |
"properties" : { | |
"aws:ebs:id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:pi:service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:rds:db-id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:rds:dbc-id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:workspaces:sid-directoryid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"continue" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cors" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"count" : { | |
"type" : "long" | |
}, | |
"createdSince" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"creditSpecification" : { | |
"properties" : { | |
"cpuCredits" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"customerGatewaySet" : { | |
"type" : "object" | |
}, | |
"dBClusterIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBClusterSnapshotIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBInstanceClass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBInstanceIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBParameterGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBSnapshotIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBSubnetGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dbiResourceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultOnly" : { | |
"type" : "boolean" | |
}, | |
"deleteAutomatedBackups" : { | |
"type" : "boolean" | |
}, | |
"deleteOnTermination" : { | |
"type" : "boolean" | |
}, | |
"deletionProtection" : { | |
"type" : "boolean" | |
}, | |
"deploymentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"descending" : { | |
"type" : "boolean" | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"desiredCapacity" : { | |
"type" : "long" | |
}, | |
"destinationAAD" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationCidrBlock" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationEncryptionAlgorithm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationEncryptionContext" : { | |
"properties" : { | |
"aws:acm:arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:cloudfront:arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:ebs:id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"destinationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationIpv6CidrBlock" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"destinationRegion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"detectorId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceIndex" : { | |
"type" : "long" | |
}, | |
"dhcpOptionsSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"dhcpOptionsId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"dimensions" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"directoryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directoryIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"disableApiStop" : { | |
"type" : "boolean" | |
}, | |
"disableApiTermination" : { | |
"type" : "boolean" | |
}, | |
"disableEmailNotification" : { | |
"type" : "boolean" | |
}, | |
"distributionConfig" : { | |
"properties" : { | |
"aliases" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"cacheBehaviors" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"callerReference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"customErrorResponses" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"defaultCacheBehavior" : { | |
"properties" : { | |
"allowedMethods" : { | |
"properties" : { | |
"cachedMethods" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"cachePolicyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"compress" : { | |
"type" : "boolean" | |
}, | |
"fieldLevelEncryptionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionAssociations" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"eventType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"lambdaFunctionAssociations" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"originRequestPolicyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"realtimeLogConfigArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"smoothStreaming" : { | |
"type" : "boolean" | |
}, | |
"targetOriginId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trustedKeyGroups" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"trustedSigners" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"viewerProtocolPolicy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"defaultRootObject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"httpVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"isIPV6Enabled" : { | |
"type" : "boolean" | |
}, | |
"logging" : { | |
"properties" : { | |
"bucket" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"includeCookies" : { | |
"type" : "boolean" | |
}, | |
"prefix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"originGroups" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"origins" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"connectionAttempts" : { | |
"type" : "long" | |
}, | |
"connectionTimeout" : { | |
"type" : "long" | |
}, | |
"customHeaders" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"domainName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"originPath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"originShield" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"s3OriginConfig" : { | |
"properties" : { | |
"originAccessIdentity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"priceClass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"restrictions" : { | |
"properties" : { | |
"geoRestriction" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
}, | |
"restrictionType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"viewerCertificate" : { | |
"properties" : { | |
"aCMCertificateArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificateSource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cloudFrontDefaultCertificate" : { | |
"type" : "boolean" | |
}, | |
"minimumProtocolVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sSLSupportMethod" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"webACLId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"distributionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"documentFilterList" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"documentFormat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"documentVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domainName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration" : { | |
"type" : "long" | |
}, | |
"durationInMonths" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"durationSeconds" : { | |
"type" : "long" | |
}, | |
"durations" : { | |
"type" : "long" | |
}, | |
"ebsOptimized" : { | |
"type" : "boolean" | |
}, | |
"embed" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enableDnsHostnames" : { | |
"properties" : { | |
"value" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"enablePerformanceInsights" : { | |
"type" : "boolean" | |
}, | |
"encrypted" : { | |
"type" : "boolean" | |
}, | |
"encryption" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"encryptionAlgorithm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"encryptionConfiguration" : { | |
"properties" : { | |
"encryptionType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"encryptionContext" : { | |
"properties" : { | |
"*amzn-ddb-env-alg*" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"*amzn-ddb-sig-alg*" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SecretARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"SecretVersionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"account" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:acm:arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:cloudfront:arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:ebs:id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:pi:service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:rds:db-id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:rds:dbc-id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:s3:arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"endTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"endpointArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enforceConsumerDeletion" : { | |
"type" : "boolean" | |
}, | |
"engine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engineName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engineVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"evaluateExpressions" : { | |
"type" : "boolean" | |
}, | |
"evaluationPeriods" : { | |
"type" : "long" | |
}, | |
"event" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventArns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventObject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventPattern" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"excludeAutoscalingAlarms" : { | |
"type" : "boolean" | |
}, | |
"excludeChildExecutions" : { | |
"type" : "boolean" | |
}, | |
"excludeManagedAlarms" : { | |
"type" : "boolean" | |
}, | |
"exclusionArns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"executableBySet" : { | |
"type" : "object" | |
}, | |
"exportType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fileLastWritten" : { | |
"type" : "long" | |
}, | |
"fileSize" : { | |
"type" : "long" | |
}, | |
"filter" : { | |
"properties" : { | |
"assessmentTargetNamePattern" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"endpointIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventStatusCodes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventTypeCategories" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"namePattern" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"severities" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"startTimeRange" : { | |
"properties" : { | |
"beginDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"endDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"startTimes" : { | |
"properties" : { | |
"from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"states" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"filterName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filterSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"valueSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"filters" : { | |
"properties" : { | |
"condition" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"field" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fieldId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"values" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"finalDBSnapshotIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"findingArns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"findingCriteria" : { | |
"properties" : { | |
"criterion" : { | |
"properties" : { | |
"resource" : { | |
"properties" : { | |
"accessKeyDetails" : { | |
"properties" : { | |
"accessKeyId" : { | |
"properties" : { | |
"eq" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"instanceDetails" : { | |
"properties" : { | |
"instanceId" : { | |
"properties" : { | |
"eq" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"service" : { | |
"properties" : { | |
"archived" : { | |
"properties" : { | |
"eq" : { | |
"type" : "boolean" | |
} | |
} | |
} | |
} | |
}, | |
"severity" : { | |
"properties" : { | |
"eq" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"type" : { | |
"properties" : { | |
"eq" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"findingIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"findingStatisticTypes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"force" : { | |
"type" : "boolean" | |
}, | |
"fromPort" : { | |
"type" : "long" | |
}, | |
"functionCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionConfig" : { | |
"properties" : { | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"runtime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"functionName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"gatewayId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"granteePrincipal" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"granularity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupBy" : { | |
"properties" : { | |
"dimensions" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"groupDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"healthCheckGracePeriod" : { | |
"type" : "long" | |
}, | |
"healthCheckPath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"healthCheckPort" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"healthCheckProtocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"healthCheckType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hibernationOptions" : { | |
"properties" : { | |
"configured" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"hostedZoneId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"idempotencyToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identities" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ids" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ifMatch" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imageId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imageIds" : { | |
"properties" : { | |
"imageDigest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imageTag" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"imageManifest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imageManifestMediaType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imageScanningConfiguration" : { | |
"properties" : { | |
"scanOnPush" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"imageTag" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imageTagMutability" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imagesSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"imageId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"includeAll" : { | |
"type" : "boolean" | |
}, | |
"includeAllInstances" : { | |
"type" : "boolean" | |
}, | |
"includeAvailabilityZones" : { | |
"type" : "boolean" | |
}, | |
"includeCertificateDetails" : { | |
"type" : "boolean" | |
}, | |
"includeDeleted" : { | |
"type" : "boolean" | |
}, | |
"includeIdentityPools" : { | |
"type" : "boolean" | |
}, | |
"includeInactive" : { | |
"type" : "boolean" | |
}, | |
"includePublic" : { | |
"type" : "boolean" | |
}, | |
"includeRecoveryBin" : { | |
"type" : "boolean" | |
}, | |
"includeRelationalDatabaseAvailabilityZones" : { | |
"type" : "boolean" | |
}, | |
"includeShadowTrails" : { | |
"type" : "boolean" | |
}, | |
"includeShared" : { | |
"type" : "boolean" | |
}, | |
"includes" : { | |
"properties" : { | |
"hasDnsFqdn" : { | |
"type" : "boolean" | |
}, | |
"keyTypes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"instanceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceInitiatedShutdownBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceProfileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceTenancy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceTypeSet" : { | |
"type" : "object" | |
}, | |
"instancesSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"instanceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"items" : { | |
"properties" : { | |
"imageId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"maxCount" : { | |
"type" : "long" | |
}, | |
"minCount" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"intelligent-tiering" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"internetGatewayId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"invalidationBatch" : { | |
"properties" : { | |
"callerReference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"paths" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"inventory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"iops" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipPermissions" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"fromPort" : { | |
"type" : "long" | |
}, | |
"groups" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"ipProtocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipRanges" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"cidrIp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"ipv6Ranges" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"cidrIpv6" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"prefixListIds" : { | |
"type" : "object" | |
}, | |
"toPort" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"ipProtocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipv4Prefixes" : { | |
"type" : "object" | |
}, | |
"ipv6AddressCount" : { | |
"type" : "long" | |
}, | |
"jobId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"k8sapi" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyPairIdSet" : { | |
"type" : "object" | |
}, | |
"keySet" : { | |
"type" : "object" | |
}, | |
"keySpec" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"labels" : { | |
"properties" : { | |
"workload" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"language" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"launchTemplate" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"launchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"layerDigest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"layerDigests" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lifecycle" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lifecycleActionResult" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lifecycleActionToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lifecycleHookName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lifecycleHookSpecificationList" : { | |
"properties" : { | |
"defaultResult" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"heartbeatTimeout" : { | |
"type" : "long" | |
}, | |
"lifecycleHookName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lifecycleTransition" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"notificationTargetARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"limit" : { | |
"type" : "long" | |
}, | |
"listSupportedCharacterSets" : { | |
"type" : "boolean" | |
}, | |
"listSupportedTimezones" : { | |
"type" : "boolean" | |
}, | |
"listenerArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"loadBalancerArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"locale" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logGroupNamePrefix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logStreamName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logging" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"majorEngineVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"map" : { | |
"properties" : { | |
"month" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"payload" : { | |
"properties" : { | |
"myArrayList" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"timestamp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"year" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"mapPublicIpOnLaunch" : { | |
"properties" : { | |
"value" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"marker" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"maxAllocatedStorage" : { | |
"type" : "long" | |
}, | |
"maxItems" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"maxRecords" : { | |
"type" : "long" | |
}, | |
"maxResults" : { | |
"type" : "long" | |
}, | |
"maxSize" : { | |
"type" : "long" | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"metadataOptions" : { | |
"properties" : { | |
"httpEndpoint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"httpPutResponseHopLimit" : { | |
"type" : "long" | |
}, | |
"httpTokens" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"metric" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"metricName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"metricQueries" : { | |
"properties" : { | |
"groupBy" : { | |
"properties" : { | |
"group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"limit" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"metric" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"minSize" : { | |
"type" : "long" | |
}, | |
"mixedInstancesPolicy" : { | |
"properties" : { | |
"instancesDistribution" : { | |
"properties" : { | |
"onDemandAllocationStrategy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"onDemandPercentageAboveBaseCapacity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"launchTemplate" : { | |
"properties" : { | |
"launchTemplateSpecification" : { | |
"properties" : { | |
"launchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"monitoring" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"namespace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"networkInterfaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"networkInterfaceSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"deleteOnTermination" : { | |
"type" : "boolean" | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceIndex" : { | |
"type" : "long" | |
}, | |
"groupSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"ipv6AddressCount" : { | |
"type" : "long" | |
}, | |
"subnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"nextToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"noReboot" : { | |
"type" : "boolean" | |
}, | |
"nodeRole" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nodegroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"notification" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"notificationTypes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"object-lock" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"objectIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"offeringIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"onlyAssociated" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"onlyAttached" : { | |
"type" : "boolean" | |
}, | |
"openIDConnectProviderArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operations" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"opsMetadataArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"orderBy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ownersSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"owner" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"ownershipControls" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pageSize" : { | |
"type" : "long" | |
}, | |
"pageToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parameterGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parameters" : { | |
"properties" : { | |
"extensions" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"partitionBy" : { | |
"properties" : { | |
"group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"limit" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"passwordResetRequired" : { | |
"type" : "boolean" | |
}, | |
"pathPrefix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"paymentOptions" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"performanceInsightsRetentionPeriod" : { | |
"type" : "long" | |
}, | |
"period" : { | |
"type" : "long" | |
}, | |
"periodInSeconds" : { | |
"type" : "long" | |
}, | |
"pipelineId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pipelineIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"placementGroupIdSet" : { | |
"type" : "object" | |
}, | |
"placementGroupSet" : { | |
"type" : "object" | |
}, | |
"planTypes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyDocument" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"portInfos" : { | |
"properties" : { | |
"cidrListAliases" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cidrs" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fromPort" : { | |
"type" : "long" | |
}, | |
"protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"toPort" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"presignedUrl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"principalArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateIpAddressesSet" : { | |
"type" : "object" | |
}, | |
"productDescriptionSet" : { | |
"type" : "object" | |
}, | |
"protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"publicAccessBlock" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"publicIpsSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"publicIp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"publiclyAccessible" : { | |
"type" : "boolean" | |
}, | |
"query" : { | |
"properties" : { | |
"selectors" : { | |
"properties" : { | |
"fieldName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operator" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"values" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"queueUrl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rank" : { | |
"type" : "long" | |
}, | |
"rebootWorkspaceRequests" : { | |
"properties" : { | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"regionSet" : { | |
"type" : "object" | |
}, | |
"registryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registryIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"relationalDatabaseName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replication" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstanceArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstanceClass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationSubnetGroupIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"repositoryName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"repositoryNames" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestContext" : { | |
"properties" : { | |
"awsAccountId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"requestPayment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reservedInstancesModificationSet" : { | |
"type" : "object" | |
}, | |
"reservedInstancesSet" : { | |
"type" : "object" | |
}, | |
"resource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceArns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceIdList" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceOwner" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourcesSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"resourceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"restApiId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resultAttributes" : { | |
"properties" : { | |
"typeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"retiringPrincipal" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleSessionName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"routeTableId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"routeTableIdSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"routeTableId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"rule" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rulesPackageArns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sAMLAssertionID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"savingsPlanOfferingId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scalableDimension" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scalingConfig" : { | |
"properties" : { | |
"desiredSize" : { | |
"type" : "long" | |
}, | |
"maxSize" : { | |
"type" : "long" | |
}, | |
"minSize" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"scheduleExpression" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scope" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"secondaryPrivateIpAddressCount" : { | |
"type" : "long" | |
}, | |
"secretId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"securityGroupIdSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"securityGroupRuleIds" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"securityGroupRuleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"securityGroupSet" : { | |
"type" : "object" | |
}, | |
"serviceCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceNamespace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceNamespaces" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sessionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"settingId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sharedUsersSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"showMemberInfo" : { | |
"type" : "boolean" | |
}, | |
"showNodeGroupConfig" : { | |
"type" : "boolean" | |
}, | |
"showSubscriptionDestinations" : { | |
"type" : "boolean" | |
}, | |
"size" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"skipFinalSnapshot" : { | |
"type" : "boolean" | |
}, | |
"snapshotId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"snapshotSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"snapshotId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"snapshotType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sort" : { | |
"properties" : { | |
"direction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fieldId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sortCondition" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sortOrder" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sortCriteria" : { | |
"properties" : { | |
"attributeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"orderBy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sortOrder" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceAAD" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceEncryptionAlgorithm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceEncryptionContext" : { | |
"properties" : { | |
"aws:acm:arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"aws:ebs:id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sourceIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceRegion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceSnapshotId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sphere" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"spotInstanceRequestIdSet" : { | |
"type" : "object" | |
}, | |
"stackName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stageName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"start" : { | |
"type" : "long" | |
}, | |
"startTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"startWorkspaceRequests" : { | |
"properties" : { | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stateValue" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"statistic" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"statistics" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stopWorkspaceRequests" : { | |
"properties" : { | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"strategy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"streamCreationTimestamp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"streamName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subjectAlternativeNames" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"subnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"subnets" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"syncType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tableName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagKeys" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"tagSpecificationSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"resourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tags" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"tagging" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tags" : { | |
"properties" : { | |
"AWS" : { | |
"properties" : { | |
"SSM" : { | |
"properties" : { | |
"AppManager" : { | |
"properties" : { | |
"EKS" : { | |
"properties" : { | |
"Cluster" : { | |
"properties" : { | |
"ARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workload" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"target" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"targetArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"targetGroupArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"targets" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"input" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inputPath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"template" : { | |
"type" : "boolean" | |
}, | |
"tenancy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"terminateWorkspaceRequests" : { | |
"properties" : { | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"terminationPolicies" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threshold" : { | |
"type" : "long" | |
}, | |
"throughput" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"timeRangeLowerBound" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"toPort" : { | |
"type" : "long" | |
}, | |
"topicARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"topicArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trailName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"unit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"updateActionStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"updateConfig" : { | |
"properties" : { | |
"maxUnavailable" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"updateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"updateStageInput" : { | |
"properties" : { | |
"patchOperations" : { | |
"properties" : { | |
"op" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"uploadId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uploads" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"usageCriteria" : { | |
"properties" : { | |
"accountIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dataSources" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"usageStatisticsType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vPCZoneIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"validationMethod" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"versionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"versioning" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"volumeId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"volumeSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"volumeId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"volumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpc" : { | |
"type" : "boolean" | |
}, | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpcPeeringConnectionIdSet" : { | |
"type" : "object" | |
}, | |
"vpcSecurityGroupIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpcSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"items" : { | |
"properties" : { | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"vpnConnectionSet" : { | |
"type" : "object" | |
}, | |
"vpnGatewaySet" : { | |
"type" : "object" | |
}, | |
"website" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"withoutSettings" : { | |
"type" : "boolean" | |
}, | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workspaceIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workspaceProperties" : { | |
"properties" : { | |
"computeTypeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"runningMode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userVolumeSizeGib" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"workspaces" : { | |
"properties" : { | |
"bundleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directoryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rootVolumeEncryptionEnabled" : { | |
"type" : "boolean" | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userVolumeEncryptionEnabled" : { | |
"type" : "boolean" | |
}, | |
"workspaceProperties" : { | |
"properties" : { | |
"computeTypeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rootVolumeSizeGib" : { | |
"type" : "long" | |
}, | |
"runningMode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"runningModeAutoStopTimeoutInMinutes" : { | |
"type" : "long" | |
}, | |
"userVolumeSizeGib" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"resources" : { | |
"properties" : { | |
"ARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"accountId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"responseElements" : { | |
"properties" : { | |
"ConsoleLogin" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"CreateLaunchTemplateResponse" : { | |
"properties" : { | |
"launchTemplate" : { | |
"properties" : { | |
"createTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createdBy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultVersionNumber" : { | |
"type" : "long" | |
}, | |
"latestVersionNumber" : { | |
"type" : "long" | |
}, | |
"launchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"launchTemplateName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"warning" : { | |
"properties" : { | |
"errorSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"CreateLaunchTemplateVersionResponse" : { | |
"properties" : { | |
"launchTemplateVersion" : { | |
"properties" : { | |
"createTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createdBy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultVersion" : { | |
"type" : "boolean" | |
}, | |
"launchTemplateData" : { | |
"properties" : { | |
"blockDeviceMappingSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"deviceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ebs" : { | |
"properties" : { | |
"volumeSize" : { | |
"type" : "long" | |
}, | |
"volumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"instanceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSpecificationSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"resourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"launchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"launchTemplateName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"versionDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"versionNumber" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DeleteLaunchTemplateResponse" : { | |
"properties" : { | |
"launchTemplate" : { | |
"properties" : { | |
"createTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createdBy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultVersionNumber" : { | |
"type" : "long" | |
}, | |
"latestVersionNumber" : { | |
"type" : "long" | |
}, | |
"launchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"launchTemplateName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"DeleteNatGatewayResponse" : { | |
"properties" : { | |
"natGatewayId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"EnableFastSnapshotRestoresResponse" : { | |
"properties" : { | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"successful" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enablingTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ownerId" : { | |
"type" : "long" | |
}, | |
"snapshotId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stateTransitionReason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"unsuccessful" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"Group" : { | |
"properties" : { | |
"Description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"GroupArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"OwnerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ModifyLaunchTemplateResponse" : { | |
"properties" : { | |
"launchTemplate" : { | |
"properties" : { | |
"createTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createdBy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultVersionNumber" : { | |
"type" : "long" | |
}, | |
"latestVersionNumber" : { | |
"type" : "long" | |
}, | |
"launchTemplateId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"launchTemplateName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ModifySecurityGroupRulesResponse" : { | |
"properties" : { | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"return" : { | |
"type" : "boolean" | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ModifyVolumeResponse" : { | |
"properties" : { | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"volumeModification" : { | |
"properties" : { | |
"modificationState" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"originalIops" : { | |
"type" : "long" | |
}, | |
"originalMultiAttachEnabled" : { | |
"type" : "boolean" | |
}, | |
"originalSize" : { | |
"type" : "long" | |
}, | |
"originalThroughput" : { | |
"type" : "long" | |
}, | |
"originalVolumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"progress" : { | |
"type" : "long" | |
}, | |
"startTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"targetIops" : { | |
"type" : "long" | |
}, | |
"targetMultiAttachEnabled" : { | |
"type" : "boolean" | |
}, | |
"targetSize" : { | |
"type" : "long" | |
}, | |
"targetThroughput" : { | |
"type" : "long" | |
}, | |
"targetVolumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"volumeId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"xmlns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ResourceQuery" : { | |
"properties" : { | |
"Query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"_return" : { | |
"type" : "boolean" | |
}, | |
"accessKey" : { | |
"properties" : { | |
"accessKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"account" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"allocatedStorage" : { | |
"type" : "long" | |
}, | |
"allocationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assessmentRunArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assignedIpv4PrefixSet" : { | |
"type" : "object" | |
}, | |
"assignedPrivateIpAddressesSet" : { | |
"properties" : { | |
"assignedPrivateIpAddressSetType" : { | |
"properties" : { | |
"privateIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"associationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assumedRoleUser" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assumedRoleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"attachTime" : { | |
"type" : "long" | |
}, | |
"attachmentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"audience" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"autoMinorVersionUpgrade" : { | |
"type" : "boolean" | |
}, | |
"automaticRestartTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"backupRetentionPeriod" : { | |
"type" : "long" | |
}, | |
"backupTarget" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cACertificateIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cacheClusterEnabled" : { | |
"type" : "boolean" | |
}, | |
"cacheClusterSize" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cacheClusterStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cachePolicy" : { | |
"properties" : { | |
"cachePolicyConfig" : { | |
"properties" : { | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultTTL" : { | |
"type" : "long" | |
}, | |
"maxTTL" : { | |
"type" : "long" | |
}, | |
"minTTL" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parametersInCacheKeyAndForwardedToOrigin" : { | |
"properties" : { | |
"cookiesConfig" : { | |
"properties" : { | |
"cookieBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"enableAcceptEncodingBrotli" : { | |
"type" : "boolean" | |
}, | |
"enableAcceptEncodingGzip" : { | |
"type" : "boolean" | |
}, | |
"headersConfig" : { | |
"properties" : { | |
"headerBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"queryStringsConfig" : { | |
"properties" : { | |
"queryStringBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastModifiedTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"cachePolicyList" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"cachePolicy" : { | |
"properties" : { | |
"cachePolicyConfig" : { | |
"properties" : { | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultTTL" : { | |
"type" : "long" | |
}, | |
"maxTTL" : { | |
"type" : "long" | |
}, | |
"minTTL" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parametersInCacheKeyAndForwardedToOrigin" : { | |
"properties" : { | |
"cookiesConfig" : { | |
"properties" : { | |
"cookieBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"enableAcceptEncodingBrotli" : { | |
"type" : "boolean" | |
}, | |
"enableAcceptEncodingGzip" : { | |
"type" : "boolean" | |
}, | |
"headersConfig" : { | |
"properties" : { | |
"headerBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"headers" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"queryStringsConfig" : { | |
"properties" : { | |
"queryStringBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"queryStrings" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastModifiedTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"maxItems" : { | |
"type" : "long" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"certificateArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificateSummaryList" : { | |
"properties" : { | |
"certificateArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domainName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"changeInfo" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"submittedAt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"clientIDList" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cloudFrontOriginAccessIdentity" : { | |
"properties" : { | |
"cloudFrontOriginAccessIdentityConfig" : { | |
"properties" : { | |
"callerReference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"s3CanonicalUserId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"contentType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"copyTagsToSnapshot" : { | |
"type" : "boolean" | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createTime" : { | |
"type" : "long" | |
}, | |
"createdDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"credentials" : { | |
"properties" : { | |
"accessKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"expiration" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sessionToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"customerOwnedIpEnabled" : { | |
"type" : "boolean" | |
}, | |
"dBClusterIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBClusterSnapshotAttributes" : { | |
"properties" : { | |
"attributeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"dBClusterSnapshotIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBInstanceArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBInstanceClass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBInstanceIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBInstanceStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBParameterGroups" : { | |
"properties" : { | |
"dBParameterGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parameterApplyStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"dBSnapshotAttributes" : { | |
"properties" : { | |
"attributeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"dBSnapshotIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBSubnetGroup" : { | |
"properties" : { | |
"dBSubnetGroupDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dBSubnetGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetGroupStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnets" : { | |
"properties" : { | |
"subnetAvailabilityZone" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"subnetIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetOutpost" : { | |
"type" : "object" | |
}, | |
"subnetStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"dbInstancePort" : { | |
"type" : "long" | |
}, | |
"dbiResourceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dedicatedIpAutoWarmupEnabled" : { | |
"type" : "boolean" | |
}, | |
"deleteOnTermination" : { | |
"type" : "boolean" | |
}, | |
"deletionProtection" : { | |
"type" : "boolean" | |
}, | |
"deploymentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directories" : { | |
"properties" : { | |
"alias" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"customerUserName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directoryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directoryName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directoryType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dnsIpAddresses" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"iamRoleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registrationCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"selfservicePermissions" : { | |
"properties" : { | |
"changeComputeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"increaseVolumeSize" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rebuildWorkspace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"restartWorkspace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"switchRunningMode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tenancy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workspaceAccessProperties" : { | |
"properties" : { | |
"deviceTypeAndroid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTypeChromeOs" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTypeIos" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTypeLinux" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTypeOsx" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTypeWeb" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTypeWindows" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deviceTypeZeroClient" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"workspaceCreationProperties" : { | |
"properties" : { | |
"enableInternetAccess" : { | |
"type" : "boolean" | |
}, | |
"enableMaintenanceMode" : { | |
"type" : "boolean" | |
}, | |
"enableWorkDocs" : { | |
"type" : "boolean" | |
}, | |
"userEnabledAsLocalAdministrator" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"workspaceSecurityGroupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"distribution" : { | |
"properties" : { | |
"aRN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"activeTrustedKeyGroups" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"activeTrustedSigners" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"aliasICPRecordals" : { | |
"properties" : { | |
"cNAME" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"iCPRecordalStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"distributionConfig" : { | |
"properties" : { | |
"aliases" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"cacheBehaviors" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"callerReference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"customErrorResponses" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"defaultCacheBehavior" : { | |
"properties" : { | |
"allowedMethods" : { | |
"properties" : { | |
"cachedMethods" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"cachePolicyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"compress" : { | |
"type" : "boolean" | |
}, | |
"fieldLevelEncryptionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionAssociations" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"eventType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"lambdaFunctionAssociations" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"smoothStreaming" : { | |
"type" : "boolean" | |
}, | |
"targetOriginId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trustedKeyGroups" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"trustedSigners" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"viewerProtocolPolicy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"defaultRootObject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"httpVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"isIPV6Enabled" : { | |
"type" : "boolean" | |
}, | |
"logging" : { | |
"properties" : { | |
"bucket" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enabled" : { | |
"type" : "boolean" | |
}, | |
"includeCookies" : { | |
"type" : "boolean" | |
}, | |
"prefix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"originGroups" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"origins" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"connectionAttempts" : { | |
"type" : "long" | |
}, | |
"connectionTimeout" : { | |
"type" : "long" | |
}, | |
"customHeaders" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"domainName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"originPath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"originShield" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"s3OriginConfig" : { | |
"properties" : { | |
"originAccessIdentity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"priceClass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"restrictions" : { | |
"properties" : { | |
"geoRestriction" : { | |
"properties" : { | |
"quantity" : { | |
"type" : "long" | |
}, | |
"restrictionType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"viewerCertificate" : { | |
"properties" : { | |
"aCMCertificateArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificateSource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cloudFrontDefaultCertificate" : { | |
"type" : "boolean" | |
}, | |
"minimumProtocolVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sSLSupportMethod" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"webACLId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"domainName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inProgressInvalidationBatches" : { | |
"type" : "long" | |
}, | |
"lastModifiedTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eTag" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enabledCloudwatchLogsExports" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"encrypted" : { | |
"type" : "boolean" | |
}, | |
"endpoint" : { | |
"properties" : { | |
"address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"databaseName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"endpointArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"endpointIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"endpointType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engineDisplayName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engineName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hostedZoneId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kmsKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"receiveTransferredFiles" : { | |
"type" : "boolean" | |
}, | |
"serverName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sslMode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transferFiles" : { | |
"type" : "boolean" | |
}, | |
"username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"enforcementStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engineVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"enhancedMonitoringResourceArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"failedEntryCount" : { | |
"type" : "long" | |
}, | |
"failedRequests" : { | |
"properties" : { | |
"errorCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"errorMessage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"functionCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionList" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"functionConfig" : { | |
"properties" : { | |
"runtime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"functionMetadata" : { | |
"properties" : { | |
"createdTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastModifiedTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"maxItems" : { | |
"type" : "long" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"functionSummary" : { | |
"properties" : { | |
"functionConfig" : { | |
"properties" : { | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"runtime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"functionMetadata" : { | |
"properties" : { | |
"createdTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastModifiedTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"grantId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupSet" : { | |
"type" : "object" | |
}, | |
"httpEndpointEnabled" : { | |
"type" : "boolean" | |
}, | |
"iAMDatabaseAuthenticationEnabled" : { | |
"type" : "boolean" | |
}, | |
"image" : { | |
"properties" : { | |
"imageId" : { | |
"properties" : { | |
"imageDigest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imageTag" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"imageManifest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"imageManifestMediaType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"repositoryName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"imageId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceCreateTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceProfile" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceProfileId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceProfileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roles" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assumeRolePolicyDocument" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"instanceProfiles" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceProfileId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceProfileName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roles" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assumeRolePolicyDocument" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"instancesSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"amiLaunchIndex" : { | |
"type" : "long" | |
}, | |
"architecture" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"blockDeviceMapping" : { | |
"type" : "object" | |
}, | |
"capacityReservationSpecification" : { | |
"properties" : { | |
"capacityReservationPreference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"clientToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cpuOptions" : { | |
"properties" : { | |
"coreCount" : { | |
"type" : "long" | |
}, | |
"threadsPerCore" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"currentState" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ebsOptimized" : { | |
"type" : "boolean" | |
}, | |
"enaSupport" : { | |
"type" : "boolean" | |
}, | |
"enclaveOptions" : { | |
"properties" : { | |
"enabled" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"groupSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"hibernationOptions" : { | |
"properties" : { | |
"configured" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"hypervisor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"iamInstanceProfile" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"imageId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceState" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"instanceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"launchTime" : { | |
"type" : "long" | |
}, | |
"metadataOptions" : { | |
"properties" : { | |
"httpEndpoint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"httpPutResponseHopLimit" : { | |
"type" : "long" | |
}, | |
"httpTokens" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"monitoring" : { | |
"properties" : { | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"networkInterfaceSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"attachment" : { | |
"properties" : { | |
"attachTime" : { | |
"type" : "long" | |
}, | |
"attachmentId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"deleteOnTermination" : { | |
"type" : "boolean" | |
}, | |
"deviceIndex" : { | |
"type" : "long" | |
}, | |
"networkCardIndex" : { | |
"type" : "long" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"interfaceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipv6AddressesSet" : { | |
"type" : "object" | |
}, | |
"macAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"networkInterfaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ownerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateDnsName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateIpAddressesSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"primary" : { | |
"type" : "boolean" | |
}, | |
"privateDnsName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"sourceDestCheck" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"type" : "object" | |
}, | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"placement" : { | |
"properties" : { | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tenancy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"previousState" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"privateDnsName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"productCodes" : { | |
"type" : "object" | |
}, | |
"rootDeviceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rootDeviceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceDestCheck" : { | |
"type" : "boolean" | |
}, | |
"stateReason" : { | |
"properties" : { | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"subnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"virtualizationType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"internetGateway" : { | |
"properties" : { | |
"association" : { | |
"type" : "object" | |
}, | |
"attachmentSet" : { | |
"type" : "object" | |
}, | |
"internetGatewayId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ownerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"invalidation" : { | |
"properties" : { | |
"createTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"invalidationBatch" : { | |
"properties" : { | |
"callerReference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"paths" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"iops" : { | |
"type" : "long" | |
}, | |
"isTruncated" : { | |
"type" : "boolean" | |
}, | |
"issuer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"jobCompletionDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"jobCreationDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"jobId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"jobStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"jobType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyFingerprint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyGroupList" : { | |
"properties" : { | |
"maxItems" : { | |
"type" : "long" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"keyMaterial" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"keyPairId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kmsKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastByteReceived" : { | |
"type" : "long" | |
}, | |
"lastUpdatedDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"latestRestorableTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"layerDigest" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"licenseModel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"loginProfile" : { | |
"properties" : { | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"passwordResetRequired" : { | |
"type" : "boolean" | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"mailFromDomainAttributes" : { | |
"properties" : { | |
"email" : { | |
"properties" : { | |
"zebpay" : { | |
"properties" : { | |
"com" : { | |
"properties" : { | |
"behaviorOnMXFailure" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"jenil" : { | |
"properties" : { | |
"g@zebpay" : { | |
"properties" : { | |
"com" : { | |
"properties" : { | |
"behaviorOnMXFailure" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"otc" : { | |
"properties" : { | |
"zebpay" : { | |
"properties" : { | |
"com" : { | |
"properties" : { | |
"behaviorOnMXFailure" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"updates" : { | |
"properties" : { | |
"zebpay" : { | |
"properties" : { | |
"com" : { | |
"properties" : { | |
"behaviorOnMXFailure" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"zebpay" : { | |
"properties" : { | |
"com" : { | |
"properties" : { | |
"behaviorOnMXFailure" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"marker" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"masterUsername" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"methodSettings" : { | |
"properties" : { | |
"*/*" : { | |
"properties" : { | |
"cacheDataEncrypted" : { | |
"type" : "boolean" | |
}, | |
"cacheTtlInSeconds" : { | |
"type" : "long" | |
}, | |
"cachingEnabled" : { | |
"type" : "boolean" | |
}, | |
"dataTraceEnabled" : { | |
"type" : "boolean" | |
}, | |
"loggingLevel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"metricsEnabled" : { | |
"type" : "boolean" | |
}, | |
"requireAuthorizationForCacheControl" : { | |
"type" : "boolean" | |
}, | |
"throttlingBurstLimit" : { | |
"type" : "long" | |
}, | |
"throttlingRateLimit" : { | |
"type" : "long" | |
}, | |
"unauthorizedCacheControlHeaderStrategy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"monitoringInterval" : { | |
"type" : "long" | |
}, | |
"monitoringRoleArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"multiAZ" : { | |
"type" : "boolean" | |
}, | |
"multiAttachEnabled" : { | |
"type" : "boolean" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nameQualifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"networkBorderGroup" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"networkInterface" : { | |
"properties" : { | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"interfaceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipv6AddressesSet" : { | |
"type" : "object" | |
}, | |
"macAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"networkInterfaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ownerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateDnsName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateIpAddressesSet" : { | |
"properties" : { | |
"item" : { | |
"properties" : { | |
"primary" : { | |
"type" : "boolean" | |
}, | |
"privateDnsName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privateIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"requesterId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requesterManaged" : { | |
"type" : "boolean" | |
}, | |
"sourceDestCheck" : { | |
"type" : "boolean" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"networkInterfaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"networkType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nextToken" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nodegroup" : { | |
"properties" : { | |
"amiType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"capacityType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"clusterName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createdAt" : { | |
"type" : "float" | |
}, | |
"health" : { | |
"type" : "object" | |
}, | |
"labels" : { | |
"properties" : { | |
"workload" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"launchTemplate" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"modifiedAt" : { | |
"type" : "float" | |
}, | |
"nodeRole" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nodegroupArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nodegroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"releaseVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resources" : { | |
"properties" : { | |
"autoScalingGroups" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"scalingConfig" : { | |
"properties" : { | |
"desiredSize" : { | |
"type" : "long" | |
}, | |
"maxSize" : { | |
"type" : "long" | |
}, | |
"minSize" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnets" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tags" : { | |
"properties" : { | |
"workload" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"updateConfig" : { | |
"properties" : { | |
"maxUnavailable" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"operation" : { | |
"properties" : { | |
"createdAt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"isTerminal" : { | |
"type" : "boolean" | |
}, | |
"location" : { | |
"properties" : { | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"regionName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"operationDetails" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operationType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"statusChangedAt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"operations" : { | |
"properties" : { | |
"createdAt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"isTerminal" : { | |
"type" : "boolean" | |
}, | |
"location" : { | |
"properties" : { | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"regionName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"operationDetails" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operationType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"statusChangedAt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"opsMetadataArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"optionGroupMemberships" : { | |
"properties" : { | |
"optionGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"originRequestPolicyList" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"originRequestPolicy" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastModifiedTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"originRequestPolicyConfig" : { | |
"properties" : { | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cookiesConfig" : { | |
"properties" : { | |
"cookieBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"headersConfig" : { | |
"properties" : { | |
"headerBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"headers" : { | |
"properties" : { | |
"items" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"queryStringsConfig" : { | |
"properties" : { | |
"queryStringBehavior" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"maxItems" : { | |
"type" : "long" | |
}, | |
"quantity" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ownerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parameterGroups" : { | |
"properties" : { | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parameterGroupFamily" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parameterGroupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"parameters" : { | |
"properties" : { | |
"allowedValues" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"applyType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dataType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"isModifiable" : { | |
"type" : "boolean" | |
}, | |
"parameterName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parameterValue" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"partSize" : { | |
"type" : "long" | |
}, | |
"pendingModifiedValues" : { | |
"properties" : { | |
"dBInstanceClass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pendingCloudwatchLogsExports" : { | |
"properties" : { | |
"logTypesToEnable" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"pendingRequests" : { | |
"properties" : { | |
"bundleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directoryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rootVolumeEncryptionEnabled" : { | |
"type" : "boolean" | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userVolumeEncryptionEnabled" : { | |
"type" : "boolean" | |
}, | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"performanceInsightsEnabled" : { | |
"type" : "boolean" | |
}, | |
"performanceInsightsKMSKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"performanceInsightsRetentionPeriod" : { | |
"type" : "long" | |
}, | |
"placementGroup" : { | |
"properties" : { | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"strategy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"policiesGrantingServiceAccess" : { | |
"properties" : { | |
"policies" : { | |
"properties" : { | |
"policyArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"serviceNamespace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"policy" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"attachmentCount" : { | |
"type" : "long" | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultVersionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"isAttachable" : { | |
"type" : "boolean" | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"permissionsBoundaryUsageCount" : { | |
"type" : "long" | |
}, | |
"policyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"updateDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"preferredBackupWindow" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"preferredMaintenanceWindow" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"productionAccessEnabled" : { | |
"type" : "boolean" | |
}, | |
"promotionTier" : { | |
"type" : "long" | |
}, | |
"publicIp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"publicIpv4Pool" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"publiclyAccessible" : { | |
"type" : "boolean" | |
}, | |
"realtimeLogConfigs" : { | |
"properties" : { | |
"isTruncated" : { | |
"type" : "boolean" | |
}, | |
"marker" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"maxItems" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"recommendationGroups" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
}, | |
"docLink" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupKey" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupTitle" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"helpText" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"recommendations" : { | |
"properties" : { | |
"recommendationApplyNowActions" : { | |
"properties" : { | |
"actionCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"actionParameters" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"recommendationCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recommendationCreateTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recommendationModifyTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recommendationNextMaintenanceActions" : { | |
"properties" : { | |
"actionCode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"actionParameters" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"recommendationParameters" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"recommendationStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recommendationText" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"registries" : { | |
"properties" : { | |
"registryArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registryUri" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"verified" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"registryCatalogData" : { | |
"properties" : { | |
"displayName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"registryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstance" : { | |
"properties" : { | |
"allocatedStorage" : { | |
"type" : "long" | |
}, | |
"autoMinorVersionUpgrade" : { | |
"type" : "boolean" | |
}, | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engineVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceCreateTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kmsKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"multiAZ" : { | |
"type" : "boolean" | |
}, | |
"patchingPrecedence" : { | |
"type" : "long" | |
}, | |
"pendingModifiedValues" : { | |
"properties" : { | |
"replicationInstanceClass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"preferredMaintenanceWindow" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"publiclyAccessible" : { | |
"type" : "boolean" | |
}, | |
"replicationInstanceArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstanceClass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstanceEniId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstanceEniIds" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstanceIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstancePrivateIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstancePrivateIpAddresses" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstancePublicIpAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstancePublicIpAddresses" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationInstanceStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationSubnetGroup" : { | |
"properties" : { | |
"replicationSubnetGroupArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationSubnetGroupDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"replicationSubnetGroupIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetGroupStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnets" : { | |
"properties" : { | |
"subnetAvailabilityZone" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"subnetIdentifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpcSecurityGroups" : { | |
"properties" : { | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpcSecurityGroupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"repository" : { | |
"properties" : { | |
"createdAt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"encryptionConfiguration" : { | |
"properties" : { | |
"encryptionType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"imageScanningConfiguration" : { | |
"properties" : { | |
"scanOnPush" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"imageTagMutability" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"repositoryArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"repositoryName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"repositoryUri" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"repositoryName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requestId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requesterId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reservationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resourceType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"role" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"assumeRolePolicyDocument" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"roleName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ruleArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"savingsPlanId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"securityGroupRuleSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"cidrIpv4" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cidrIpv6" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fromPort" : { | |
"type" : "long" | |
}, | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"groupOwnerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipProtocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"isEgress" : { | |
"type" : "boolean" | |
}, | |
"referencedGroupInfo" : { | |
"properties" : { | |
"groupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"securityGroupRuleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"toPort" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"self" : { | |
"properties" : { | |
"restApiId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stageName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"template" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"sendQuota" : { | |
"properties" : { | |
"max24HourSend" : { | |
"type" : "long" | |
}, | |
"maxSendRate" : { | |
"type" : "long" | |
}, | |
"sentLast24Hours" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"sendingEnabled" : { | |
"type" : "boolean" | |
}, | |
"serviceUpdates" : { | |
"properties" : { | |
"autoUpdateAfterRecommendedApplyByDate" : { | |
"type" : "boolean" | |
}, | |
"engine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engineVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"estimatedUpdateTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateDescription" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateEndDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateRecommendedApplyByDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateReleaseDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateSeverity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"servicesLastAccessed" : { | |
"properties" : { | |
"serviceName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceNamespace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"totalAuthenticatedEntities" : { | |
"type" : "long" | |
}, | |
"trackedActionsLastAccessed" : { | |
"properties" : { | |
"actionName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"sessionId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"snapshotId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stageDelete" : { | |
"properties" : { | |
"restApiId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stageName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"template" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"stageFlushAuthorizerCache" : { | |
"properties" : { | |
"restApiId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stageName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"template" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"stageName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stageUpdate" : { | |
"properties" : { | |
"restApiId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stageName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"template" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"startTime" : { | |
"type" : "long" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"storageEncrypted" : { | |
"type" : "boolean" | |
}, | |
"storageType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"streamUrl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subjectType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnet" : { | |
"properties" : { | |
"assignIpv6AddressOnCreation" : { | |
"type" : "boolean" | |
}, | |
"availabilityZone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"availabilityZoneId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"availableIpAddressCount" : { | |
"type" : "long" | |
}, | |
"cidrBlock" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"defaultForAz" : { | |
"type" : "boolean" | |
}, | |
"ipv6CidrBlockAssociationSet" : { | |
"type" : "object" | |
}, | |
"mapPublicIpOnLaunch" : { | |
"type" : "boolean" | |
}, | |
"ownerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"suppressionAttributes" : { | |
"properties" : { | |
"suppressedReasons" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tableDescription" : { | |
"properties" : { | |
"itemCount" : { | |
"type" : "long" | |
}, | |
"latestStreamArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"latestStreamLabel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"provisionedThroughput" : { | |
"properties" : { | |
"numberOfDecreasesToday" : { | |
"type" : "long" | |
}, | |
"readCapacityUnits" : { | |
"type" : "long" | |
}, | |
"writeCapacityUnits" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"streamSpecification" : { | |
"properties" : { | |
"streamEnabled" : { | |
"type" : "boolean" | |
}, | |
"streamViewType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tableArn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tableId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tableName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tableSizeBytes" : { | |
"type" : "long" | |
}, | |
"tableStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tagList" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tagSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"tags" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"testResult" : { | |
"properties" : { | |
"computeUtilization" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionErrorMessage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionExecutionLogs" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionOutput" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionSummary" : { | |
"properties" : { | |
"functionConfig" : { | |
"properties" : { | |
"comment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"runtime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"functionMetadata" : { | |
"properties" : { | |
"createdTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"functionARN" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastModifiedTime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"throughput" : { | |
"type" : "long" | |
}, | |
"thumbprintList" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tokenValue" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tracingEnabled" : { | |
"type" : "boolean" | |
}, | |
"unprocessedAccounts" : { | |
"properties" : { | |
"accountId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"update" : { | |
"properties" : { | |
"createdAt" : { | |
"type" : "float" | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"params" : { | |
"properties" : { | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"updateActions" : { | |
"properties" : { | |
"cacheClusterId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"engine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nodesUpdated" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateRecommendedApplyByDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateReleaseDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateSeverity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serviceUpdateType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"slaMet" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"updateActionAvailableDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"updateActionStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"updateActionStatusModifiedDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"uploadId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"properties" : { | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"createDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"userId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"volumeId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"volumeSize" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"volumeType" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpc" : { | |
"properties" : { | |
"cidrBlock" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cidrBlockAssociationSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"associationId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cidrBlock" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cidrBlockState" : { | |
"properties" : { | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"dhcpOptionsId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instanceTenancy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipv6CidrBlockAssociationSet" : { | |
"type" : "object" | |
}, | |
"isDefault" : { | |
"type" : "boolean" | |
}, | |
"ownerId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tagSet" : { | |
"properties" : { | |
"items" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"vpcId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpcSecurityGroups" : { | |
"properties" : { | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpcSecurityGroupId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"workspaces" : { | |
"properties" : { | |
"bundleId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"computerName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directoryId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subnetId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userRealm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workspaceProperties" : { | |
"properties" : { | |
"computeTypeName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recycleMode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rootVolumeSizeGib" : { | |
"type" : "long" | |
}, | |
"runningMode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"runningModeAutoStopTimeoutInMinutes" : { | |
"type" : "long" | |
}, | |
"userVolumeSizeGib" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"workspacesConnectionStatus" : { | |
"properties" : { | |
"connectionState" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connectionStateCheckTimestamp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastKnownUserConnectionTimestamp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workspaceId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"rsa" : { | |
"properties" : { | |
"counters" : { | |
"properties" : { | |
"dclass_c1" : { | |
"type" : "long" | |
}, | |
"dclass_c1_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dclass_c2" : { | |
"type" : "long" | |
}, | |
"dclass_c2_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dclass_c3" : { | |
"type" : "long" | |
}, | |
"dclass_c3_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dclass_r1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dclass_r1_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dclass_r2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dclass_r2_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dclass_r3" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dclass_r3_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_counter" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"crypto" : { | |
"properties" : { | |
"cert_ca" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_checksum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_common" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_error" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_host_cat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_host_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_issuer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_keysize" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_serial" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cipher_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cipher_size_dst" : { | |
"type" : "long" | |
}, | |
"cipher_size_src" : { | |
"type" : "long" | |
}, | |
"cipher_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"crypto" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"d_certauth" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"https_insact" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"https_valid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ike" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ike_cookie1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ike_cookie2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"peer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"peer_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"s_certauth" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scheme" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sig_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ssl_ver_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ssl_ver_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"db" : { | |
"properties" : { | |
"database" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"db_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"db_pid" : { | |
"type" : "long" | |
}, | |
"index" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"instance" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lread" : { | |
"type" : "long" | |
}, | |
"lwrite" : { | |
"type" : "long" | |
}, | |
"permissions" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pread" : { | |
"type" : "long" | |
}, | |
"table_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transact_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"email" : { | |
"properties" : { | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trans_from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trans_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"endpoint" : { | |
"properties" : { | |
"host_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registry_key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registry_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"file" : { | |
"properties" : { | |
"attachment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"binary" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directory_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"directory_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_entropy" : { | |
"type" : "double" | |
}, | |
"file_vendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filename_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filename_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filename_tmp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filesystem" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"privilege" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"task_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"healthcare" : { | |
"properties" : { | |
"patient_fname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"patient_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"patient_lname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"patient_mname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"identity" : { | |
"properties" : { | |
"accesses" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"auth_method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dn_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dn_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"federated_idp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"federated_sp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"firstname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lastname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ldap" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ldap_query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ldap_response" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logon_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logon_type_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"middlename" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"org" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"owner" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"password" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"profile" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"realm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service_account" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_dept" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_role" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_sid_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_sid_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"internal" : { | |
"properties" : { | |
"audit_class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dead" : { | |
"type" : "long" | |
}, | |
"device_class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device_group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device_ip" : { | |
"type" : "ip" | |
}, | |
"device_ipv6" : { | |
"type" : "ip" | |
}, | |
"device_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device_type_id" : { | |
"type" : "long" | |
}, | |
"did" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"entropy_req" : { | |
"type" : "long" | |
}, | |
"entropy_res" : { | |
"type" : "long" | |
}, | |
"entry" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"feed_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"feed_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"feed_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"forward_ip" : { | |
"type" : "ip" | |
}, | |
"forward_ipv6" : { | |
"type" : "ip" | |
}, | |
"hcode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"header_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inode" : { | |
"type" : "long" | |
}, | |
"lc_cid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lc_ctime" : { | |
"type" : "date" | |
}, | |
"level" : { | |
"type" : "long" | |
}, | |
"mcb_req" : { | |
"type" : "long" | |
}, | |
"mcb_res" : { | |
"type" : "long" | |
}, | |
"mcbc_req" : { | |
"type" : "long" | |
}, | |
"mcbc_res" : { | |
"type" : "long" | |
}, | |
"medium" : { | |
"type" : "long" | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"messageid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msg_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msg_vid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"node_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nwe_callback_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"obj_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"obj_server" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"obj_val" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parse_error" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"payload_req" : { | |
"type" : "long" | |
}, | |
"payload_res" : { | |
"type" : "long" | |
}, | |
"process_vid_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"process_vid_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resource" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resource_class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rid" : { | |
"type" : "long" | |
}, | |
"session_split" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"site" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "long" | |
}, | |
"sourcefile" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"statement" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"time" : { | |
"type" : "date" | |
}, | |
"ubc_req" : { | |
"type" : "long" | |
}, | |
"ubc_res" : { | |
"type" : "long" | |
}, | |
"word" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"investigations" : { | |
"properties" : { | |
"analysis_file" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"analysis_service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"analysis_session" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"boc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ec_activity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ec_outcome" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ec_subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ec_theme" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eoc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_cat" : { | |
"type" : "long" | |
}, | |
"event_cat_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_vcat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inv_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inv_context" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ioc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"misc" : { | |
"properties" : { | |
"OS" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"acl_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"acl_op" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"acl_pos" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"acl_table" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"admin" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"agent_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"alarm_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"alarmname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"alert_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"audit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"audit_object" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"auditdata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"autorun_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"benchmark" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bypass" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cache" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cache_hit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cc_number" : { | |
"type" : "long" | |
}, | |
"cefversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cfg_attr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cfg_obj" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cfg_path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"change_attrib" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"change_new" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"change_old" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"changes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"checksum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"checksum_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"checksum_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_ip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"clustermembers" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cmd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_acttimeout" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_asn_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_bgpv4nxthop" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_ctr_dst_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_dst_tos" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_dst_vlan" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_engine_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_engine_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_f_switch" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_flowsampid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_flowsampintv" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_flowsampmode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_inacttimeout" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_inpermbyts" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_inpermpckts" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_invalid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_ip_proto_ver" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_ipv4_ident" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_l_switch" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_log_did" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_log_rid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_max_ttl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_maxpcktlen" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_min_ttl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_minpcktlen" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_10" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_3" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_4" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_6" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_7" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_8" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mpls_lbl_9" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mplstoplabel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mplstoplabip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mul_dst_byt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_mul_dst_pks" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_muligmptype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_sampalgo" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_sampint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_seqctr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_spackets" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_src_tos" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_src_vlan" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_sysuptime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_template_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_totbytsexp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_totflowexp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_totpcktsexp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_unixnanosecs" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_v6flowlabel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_v6optheaders" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"command" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comments" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comp_class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comp_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comp_rbytes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comp_sbytes" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"comp_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connection_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"content" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"content_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"content_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"context" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"context_subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"context_target" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"count" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cpu" : { | |
"type" : "long" | |
}, | |
"cpu_data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"criticality" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_agency_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_analyzedby" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_av_other" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_av_primary" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_av_secondary" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_bgpv6nxthop" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_bit9status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_context" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_control" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_datecret" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_dst_tld" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_eth_dst_ven" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_eth_src_ven" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_event_uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_filetype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_fld" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_if_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_if_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_ip_next_hop" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_ipv4dstpre" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_ipv4srcpre" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_lifetime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_log_medium" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_loginname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_modulescore" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_modulesign" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_opswatresult" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_payload" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_registrant" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_registrar" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_represult" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_rpayload" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_sampler_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_sourcemodule" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_streams" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_targetmodule" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_v6nxthop" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_whois_server" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cs_yararesult" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cve" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"data_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"devvendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"disposition" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"distance" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"doc_number" : { | |
"type" : "long" | |
}, | |
"dstburb" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"edomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"edomaub" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ein_number" : { | |
"type" : "long" | |
}, | |
"error" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"euid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_computer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_log" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"event_user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"expected_val" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"facility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"facilityname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fcatnum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filter" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"finterface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"forensic_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"found" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fresult" : { | |
"type" : "long" | |
}, | |
"gaddr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"group_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"group_object" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hardware_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id3" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"im_buddyid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"im_buddyname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"im_client" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"im_croomid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"im_croomtype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"im_members" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"im_userid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"im_username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"index" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"inout" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipkt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipscat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipspri" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"job_num" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"jobname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"language" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"latitude" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"library" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lifetime" : { | |
"type" : "long" | |
}, | |
"linenum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"link" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"list_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"listnum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"load_data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location_floor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location_mark" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_session_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_session_id1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"logname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"longitude" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lport" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mail_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"match" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mbug_data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message_body" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"misc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"misc_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msgIdPart1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msgIdPart2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msgIdPart3" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msgIdPart4" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msg_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msgid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"netsessid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"node" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ntype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"num" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"number1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"number2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nwwn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"obj_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"obj_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"object" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"observed_val" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"opkt" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"orig_from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"owner_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_filter" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_group_object" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_msgid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_msgid1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_msgid2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_result1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"param" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"param_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"param_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"parent_node" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"password_chg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"password_expire" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"payload_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"payload_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"permgranted" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"permwanted" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pgid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"phone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policyUUID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policy_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policy_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policy_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policy_waiver" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pool_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pool_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"priority" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"process_id_val" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"prog_asp_num" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"program" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"real_data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rec_asp_device" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rec_asp_num" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rec_library" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recordnum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reference_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reference_id1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reference_id2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk_num" : { | |
"type" : "double" | |
}, | |
"risk_num_comm" : { | |
"type" : "double" | |
}, | |
"risk_num_next" : { | |
"type" : "double" | |
}, | |
"risk_num_sand" : { | |
"type" : "double" | |
}, | |
"risk_num_static" : { | |
"type" : "double" | |
}, | |
"risk_suspicious" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"risk_warning" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ruid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_template" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rule_uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sburb" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sdomain_fld" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"search_text" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sec" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"second" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sensor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sensorname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"seqnum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serial_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"session" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sessiontype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sigUUID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sig_id" : { | |
"type" : "long" | |
}, | |
"sig_id1" : { | |
"type" : "long" | |
}, | |
"sig_id_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sig_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sigcat" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"snmp_oid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"snmp_value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"space" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"space1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"spi" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"spi_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"spi_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sql" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcburb" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcdom" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srcservice" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"streams" : { | |
"type" : "long" | |
}, | |
"subcategory" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"svcno" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"system" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tbdstr1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tbdstr2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp_flags" : { | |
"type" : "long" | |
}, | |
"terminal" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tgtdom" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tgtdomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threshold" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tos" : { | |
"type" : "long" | |
}, | |
"trigger_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trigger_val" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"udb_class" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"url_fld" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_div" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"username_fld" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"utcstamp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"v_instafname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"virt_data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"virusname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vm_target" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vpnid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vsys" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vuln_ref" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"workspace" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"network" : { | |
"properties" : { | |
"ad_computer_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"addr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"alias_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dinterface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dmask" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dns_a_record" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dns_cname_record" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dns_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dns_opcode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dns_ptr_record" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dns_resp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dns_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domain1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eth_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eth_type" : { | |
"type" : "long" | |
}, | |
"faddr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fhost" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fport" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"gateway" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_orig" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp_code" : { | |
"type" : "long" | |
}, | |
"icmp_type" : { | |
"type" : "long" | |
}, | |
"interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ip_proto" : { | |
"type" : "long" | |
}, | |
"laddr" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lhost" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"linterface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mask" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"netname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"network_port" : { | |
"type" : "long" | |
}, | |
"network_service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"origin" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"packet_length" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"paddr" : { | |
"type" : "ip" | |
}, | |
"phost" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"protocol_detail" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"remote_domain_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rpayload" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sinterface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"smask" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vlan" : { | |
"type" : "long" | |
}, | |
"vlan_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"zone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"zone_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"zone_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"physical" : { | |
"properties" : { | |
"org_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"org_src" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"storage" : { | |
"properties" : { | |
"disk_volume" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"lun" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pwwn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"threat" : { | |
"properties" : { | |
"alert" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat_source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"time" : { | |
"properties" : { | |
"date" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"datetime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"day" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration_time" : { | |
"type" : "double" | |
}, | |
"effective_time" : { | |
"type" : "date" | |
}, | |
"endtime" : { | |
"type" : "date" | |
}, | |
"event_queue_time" : { | |
"type" : "date" | |
}, | |
"event_time" : { | |
"type" : "date" | |
}, | |
"event_time_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventtime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"expire_time" : { | |
"type" : "date" | |
}, | |
"expire_time_str" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"gmtdate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"gmttime" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hour" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"min" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"month" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_date" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_month" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_time1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_time2" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_year" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"process_time" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"recorded_time" : { | |
"type" : "date" | |
}, | |
"stamp" : { | |
"type" : "date" | |
}, | |
"starttime" : { | |
"type" : "date" | |
}, | |
"timestamp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"timezone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tzone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"year" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"web" : { | |
"properties" : { | |
"alias_host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_asn_dst" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cn_rpackets" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fqdn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_user_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_web_cookie" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_web_method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"p_web_referer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"remote_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reputation_num" : { | |
"type" : "double" | |
}, | |
"urlpage" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"urlroot" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"web_cookie" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"web_extension_tmp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"web_page" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"web_ref_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"web_ref_page" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"web_ref_query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"web_ref_root" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"wireless" : { | |
"properties" : { | |
"access_point" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"wlan_channel" : { | |
"type" : "long" | |
}, | |
"wlan_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"wlan_ssid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"rule" : { | |
"properties" : { | |
"author" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"license" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ruleset" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"samlProvider" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"santa" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificate" : { | |
"properties" : { | |
"common_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"decision" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"disk" : { | |
"properties" : { | |
"bsdname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"bus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fs" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"model" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mount" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"serial" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"volume" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"mode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"server" : { | |
"properties" : { | |
"address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geo" : { | |
"properties" : { | |
"city_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"continent_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"packets" : { | |
"type" : "long" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"registered_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"top_level_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"service" : { | |
"properties" : { | |
"ephemeral_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"node" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"serviceEventDetails" : { | |
"properties" : { | |
"ESMDisableReason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"snapshotId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sessionCredentialFromConsole" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sharedEventID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"signalStatus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sophos" : { | |
"properties" : { | |
"xg" : { | |
"properties" : { | |
"Configuration" : { | |
"type" : "float" | |
}, | |
"FTP_direction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"FTP_url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Mode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"PHPSESSID" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Reports" : { | |
"type" : "float" | |
}, | |
"Signature" : { | |
"type" : "float" | |
}, | |
"SysLog_SERVER_NAME" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"Temp" : { | |
"type" : "float" | |
}, | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"activityname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ap" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_is_cloud" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"appfilter_policy_id" : { | |
"type" : "long" | |
}, | |
"application" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"application_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"application_filter_policy" : { | |
"type" : "long" | |
}, | |
"application_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"application_risk" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"application_technology" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"appresolvedby" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"auth_client" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"auth_mechanism" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"av_policy_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"backup_mode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"branch_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"category_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"classification" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_host_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_physical_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"clients_conn_ssid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"collisions" : { | |
"type" : "long" | |
}, | |
"con_id" : { | |
"type" : "long" | |
}, | |
"conn_id" : { | |
"type" : "long" | |
}, | |
"connectionname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connectiontype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connevent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"contenttype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"context_match" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"context_prefix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"context_suffix" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cookie" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"date" : { | |
"type" : "date" | |
}, | |
"destinationip" : { | |
"type" : "ip" | |
}, | |
"device" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"device_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dictionary_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dir_disp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"direction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domainname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"download_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"download_file_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dst_country_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dst_domainname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dst_ip" : { | |
"type" : "ip" | |
}, | |
"dst_port" : { | |
"type" : "long" | |
}, | |
"dstdomain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstzone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dstzonetype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration" : { | |
"type" : "long" | |
}, | |
"email_subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ep_uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"eventtime" : { | |
"type" : "date" | |
}, | |
"eventtype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"exceptions" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"execution_path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extra" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_size" : { | |
"type" : "long" | |
}, | |
"filename" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filepath" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filesize" : { | |
"type" : "long" | |
}, | |
"free" : { | |
"type" : "long" | |
}, | |
"from_email_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ftpcommand" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fw_rule_id" : { | |
"type" : "long" | |
}, | |
"hb_health" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"httpresponsecode" : { | |
"type" : "long" | |
}, | |
"iap" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"idle_cpu" : { | |
"type" : "float" | |
}, | |
"idp_policy_id" : { | |
"type" : "long" | |
}, | |
"idp_policy_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"in_interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ipaddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ips_policy_id" : { | |
"type" : "long" | |
}, | |
"localgateway" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"localnetwork" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_component" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_subtype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"login_user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mailid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mailsize" : { | |
"type" : "long" | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"newversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"oldversion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"out_interface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"override_authorizer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"override_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"override_token" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"platform" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"policy_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"priority" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quarantine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"quarantine_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"querystring" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"raw_data" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"received_pkts" : { | |
"type" : "long" | |
}, | |
"receiveddrops" : { | |
"type" : "long" | |
}, | |
"receivederrors" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"receivedkbits" : { | |
"type" : "long" | |
}, | |
"recv_bytes" : { | |
"type" : "long" | |
}, | |
"red_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"referer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"remote_ip" : { | |
"type" : "ip" | |
}, | |
"remotenetwork" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"responsetime" : { | |
"type" : "long" | |
}, | |
"rule_priority" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sent_bytes" : { | |
"type" : "long" | |
}, | |
"sent_pkts" : { | |
"type" : "long" | |
}, | |
"server" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sessionid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1sum" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"signature_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"signature_msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"site_category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sourceip" : { | |
"type" : "ip" | |
}, | |
"spamaction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_country_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_domainname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_ip" : { | |
"type" : "ip" | |
}, | |
"src_mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"src_port" : { | |
"type" : "long" | |
}, | |
"srczone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"srczonetype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ssid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"start_time" : { | |
"type" : "date" | |
}, | |
"starttime" : { | |
"type" : "date" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"system_cpu" : { | |
"type" : "float" | |
}, | |
"target" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threatname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"timestamp" : { | |
"type" : "date" | |
}, | |
"timezone" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"to_email_address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"total_memory" : { | |
"type" : "long" | |
}, | |
"trans_dst_ip" : { | |
"type" : "ip" | |
}, | |
"trans_dst_port" : { | |
"type" : "long" | |
}, | |
"trans_src_ ip" : { | |
"type" : "ip" | |
}, | |
"trans_src_port" : { | |
"type" : "long" | |
}, | |
"transaction_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transactionid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transmitteddrops" : { | |
"type" : "long" | |
}, | |
"transmittederrors" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transmittedkbits" : { | |
"type" : "long" | |
}, | |
"unit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"updatedip" : { | |
"type" : "ip" | |
}, | |
"upload_file_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"upload_file_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"used" : { | |
"type" : "long" | |
}, | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_cpu" : { | |
"type" : "float" | |
}, | |
"user_gp" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_group" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"users" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vconn_id" : { | |
"type" : "long" | |
}, | |
"virus" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"website" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"source" : { | |
"properties" : { | |
"address" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"as" : { | |
"properties" : { | |
"number" : { | |
"type" : "long" | |
}, | |
"organization" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geo" : { | |
"properties" : { | |
"city_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"continent_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"location" : { | |
"type" : "geo_point" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_iso_code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"region_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ip" : { | |
"type" : "ip" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nat" : { | |
"properties" : { | |
"ip" : { | |
"type" : "ip" | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"packets" : { | |
"type" : "long" | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"registered_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"top_level_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
} | |
} | |
} | |
} | |
}, | |
"sourceIPAddress" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stream" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"suricata" : { | |
"properties" : { | |
"eve" : { | |
"properties" : { | |
"alert" : { | |
"properties" : { | |
"action" : { | |
"type" : "alias", | |
"path" : "event.outcome" | |
}, | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"gid" : { | |
"type" : "long" | |
}, | |
"rev" : { | |
"type" : "long" | |
}, | |
"severity" : { | |
"type" : "alias", | |
"path" : "event.severity" | |
}, | |
"signature" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"signature_id" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"app_proto" : { | |
"type" : "alias", | |
"path" : "network.protocol" | |
}, | |
"app_proto_expected" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_proto_orig" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_proto_tc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"app_proto_ts" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dest_ip" : { | |
"type" : "alias", | |
"path" : "destination.ip" | |
}, | |
"dest_port" : { | |
"type" : "alias", | |
"path" : "destination.port" | |
}, | |
"dns" : { | |
"properties" : { | |
"id" : { | |
"type" : "long" | |
}, | |
"rcode" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rdata" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rrname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rrtype" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ttl" : { | |
"type" : "long" | |
}, | |
"tx_id" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"email" : { | |
"properties" : { | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"event_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fileinfo" : { | |
"properties" : { | |
"filename" : { | |
"type" : "alias", | |
"path" : "file.path" | |
}, | |
"gaps" : { | |
"type" : "boolean" | |
}, | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "alias", | |
"path" : "file.size" | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"stored" : { | |
"type" : "boolean" | |
}, | |
"tx_id" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"flags" : { | |
"type" : "object" | |
}, | |
"flow" : { | |
"properties" : { | |
"age" : { | |
"type" : "long" | |
}, | |
"alerted" : { | |
"type" : "boolean" | |
}, | |
"bytes_toclient" : { | |
"type" : "alias", | |
"path" : "destination.bytes" | |
}, | |
"bytes_toserver" : { | |
"type" : "alias", | |
"path" : "source.bytes" | |
}, | |
"end" : { | |
"type" : "date" | |
}, | |
"pkts_toclient" : { | |
"type" : "alias", | |
"path" : "destination.packets" | |
}, | |
"pkts_toserver" : { | |
"type" : "alias", | |
"path" : "source.packets" | |
}, | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"start" : { | |
"type" : "alias", | |
"path" : "event.start" | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"flow_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http" : { | |
"properties" : { | |
"hostname" : { | |
"type" : "alias", | |
"path" : "url.domain" | |
}, | |
"http_content_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"http_method" : { | |
"type" : "alias", | |
"path" : "http.request.method" | |
}, | |
"http_refer" : { | |
"type" : "alias", | |
"path" : "http.request.referrer" | |
}, | |
"http_user_agent" : { | |
"type" : "alias", | |
"path" : "user_agent.original" | |
}, | |
"length" : { | |
"type" : "alias", | |
"path" : "http.response.body.bytes" | |
}, | |
"protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"redirect" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "alias", | |
"path" : "http.response.status_code" | |
}, | |
"url" : { | |
"type" : "alias", | |
"path" : "url.original" | |
} | |
} | |
}, | |
"icmp_code" : { | |
"type" : "long" | |
}, | |
"icmp_type" : { | |
"type" : "long" | |
}, | |
"in_iface" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pcap_cnt" : { | |
"type" : "long" | |
}, | |
"proto" : { | |
"type" : "alias", | |
"path" : "network.transport" | |
}, | |
"smtp" : { | |
"properties" : { | |
"helo" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mail_from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rcpt_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"src_ip" : { | |
"type" : "alias", | |
"path" : "source.ip" | |
}, | |
"src_port" : { | |
"type" : "alias", | |
"path" : "source.port" | |
}, | |
"ssh" : { | |
"properties" : { | |
"client" : { | |
"properties" : { | |
"proto_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"software_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"server" : { | |
"properties" : { | |
"proto_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"software_version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"stats" : { | |
"properties" : { | |
"app_layer" : { | |
"properties" : { | |
"flow" : { | |
"properties" : { | |
"dcerpc_tcp" : { | |
"type" : "long" | |
}, | |
"dcerpc_udp" : { | |
"type" : "long" | |
}, | |
"dns_tcp" : { | |
"type" : "long" | |
}, | |
"dns_udp" : { | |
"type" : "long" | |
}, | |
"failed_tcp" : { | |
"type" : "long" | |
}, | |
"failed_udp" : { | |
"type" : "long" | |
}, | |
"ftp" : { | |
"type" : "long" | |
}, | |
"http" : { | |
"type" : "long" | |
}, | |
"imap" : { | |
"type" : "long" | |
}, | |
"msn" : { | |
"type" : "long" | |
}, | |
"smb" : { | |
"type" : "long" | |
}, | |
"smtp" : { | |
"type" : "long" | |
}, | |
"ssh" : { | |
"type" : "long" | |
}, | |
"tls" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tx" : { | |
"properties" : { | |
"dcerpc_tcp" : { | |
"type" : "long" | |
}, | |
"dcerpc_udp" : { | |
"type" : "long" | |
}, | |
"dns_tcp" : { | |
"type" : "long" | |
}, | |
"dns_udp" : { | |
"type" : "long" | |
}, | |
"ftp" : { | |
"type" : "long" | |
}, | |
"http" : { | |
"type" : "long" | |
}, | |
"smb" : { | |
"type" : "long" | |
}, | |
"smtp" : { | |
"type" : "long" | |
}, | |
"ssh" : { | |
"type" : "long" | |
}, | |
"tls" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"capture" : { | |
"properties" : { | |
"kernel_drops" : { | |
"type" : "long" | |
}, | |
"kernel_ifdrops" : { | |
"type" : "long" | |
}, | |
"kernel_packets" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"decoder" : { | |
"properties" : { | |
"avg_pkt_size" : { | |
"type" : "long" | |
}, | |
"bytes" : { | |
"type" : "long" | |
}, | |
"dce" : { | |
"properties" : { | |
"pkt_too_small" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"erspan" : { | |
"type" : "long" | |
}, | |
"ethernet" : { | |
"type" : "long" | |
}, | |
"gre" : { | |
"type" : "long" | |
}, | |
"icmpv4" : { | |
"type" : "long" | |
}, | |
"icmpv6" : { | |
"type" : "long" | |
}, | |
"ieee8021ah" : { | |
"type" : "long" | |
}, | |
"invalid" : { | |
"type" : "long" | |
}, | |
"ipraw" : { | |
"properties" : { | |
"invalid_ip_version" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ipv4" : { | |
"type" : "long" | |
}, | |
"ipv4_in_ipv6" : { | |
"type" : "long" | |
}, | |
"ipv6" : { | |
"type" : "long" | |
}, | |
"ipv6_in_ipv6" : { | |
"type" : "long" | |
}, | |
"ltnull" : { | |
"properties" : { | |
"pkt_too_small" : { | |
"type" : "long" | |
}, | |
"unsupported_type" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"max_pkt_size" : { | |
"type" : "long" | |
}, | |
"mpls" : { | |
"type" : "long" | |
}, | |
"null" : { | |
"type" : "long" | |
}, | |
"pkts" : { | |
"type" : "long" | |
}, | |
"ppp" : { | |
"type" : "long" | |
}, | |
"pppoe" : { | |
"type" : "long" | |
}, | |
"raw" : { | |
"type" : "long" | |
}, | |
"sctp" : { | |
"type" : "long" | |
}, | |
"sll" : { | |
"type" : "long" | |
}, | |
"tcp" : { | |
"type" : "long" | |
}, | |
"teredo" : { | |
"type" : "long" | |
}, | |
"udp" : { | |
"type" : "long" | |
}, | |
"vlan" : { | |
"type" : "long" | |
}, | |
"vlan_qinq" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"defrag" : { | |
"properties" : { | |
"ipv4" : { | |
"properties" : { | |
"fragments" : { | |
"type" : "long" | |
}, | |
"reassembled" : { | |
"type" : "long" | |
}, | |
"timeouts" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ipv6" : { | |
"properties" : { | |
"fragments" : { | |
"type" : "long" | |
}, | |
"reassembled" : { | |
"type" : "long" | |
}, | |
"timeouts" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"max_frag_hits" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"detect" : { | |
"properties" : { | |
"alert" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"dns" : { | |
"properties" : { | |
"memcap_global" : { | |
"type" : "long" | |
}, | |
"memcap_state" : { | |
"type" : "long" | |
}, | |
"memuse" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"file_store" : { | |
"properties" : { | |
"open_files" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"flow" : { | |
"properties" : { | |
"emerg_mode_entered" : { | |
"type" : "long" | |
}, | |
"emerg_mode_over" : { | |
"type" : "long" | |
}, | |
"icmpv4" : { | |
"type" : "long" | |
}, | |
"icmpv6" : { | |
"type" : "long" | |
}, | |
"memcap" : { | |
"type" : "long" | |
}, | |
"memuse" : { | |
"type" : "long" | |
}, | |
"spare" : { | |
"type" : "long" | |
}, | |
"tcp" : { | |
"type" : "long" | |
}, | |
"tcp_reuse" : { | |
"type" : "long" | |
}, | |
"udp" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"flow_mgr" : { | |
"properties" : { | |
"bypassed_pruned" : { | |
"type" : "long" | |
}, | |
"closed_pruned" : { | |
"type" : "long" | |
}, | |
"est_pruned" : { | |
"type" : "long" | |
}, | |
"flows_checked" : { | |
"type" : "long" | |
}, | |
"flows_notimeout" : { | |
"type" : "long" | |
}, | |
"flows_removed" : { | |
"type" : "long" | |
}, | |
"flows_timeout" : { | |
"type" : "long" | |
}, | |
"flows_timeout_inuse" : { | |
"type" : "long" | |
}, | |
"new_pruned" : { | |
"type" : "long" | |
}, | |
"rows_busy" : { | |
"type" : "long" | |
}, | |
"rows_checked" : { | |
"type" : "long" | |
}, | |
"rows_empty" : { | |
"type" : "long" | |
}, | |
"rows_maxlen" : { | |
"type" : "long" | |
}, | |
"rows_skipped" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"http" : { | |
"properties" : { | |
"memcap" : { | |
"type" : "long" | |
}, | |
"memuse" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tcp" : { | |
"properties" : { | |
"insert_data_normal_fail" : { | |
"type" : "long" | |
}, | |
"insert_data_overlap_fail" : { | |
"type" : "long" | |
}, | |
"insert_list_fail" : { | |
"type" : "long" | |
}, | |
"invalid_checksum" : { | |
"type" : "long" | |
}, | |
"memuse" : { | |
"type" : "long" | |
}, | |
"no_flow" : { | |
"type" : "long" | |
}, | |
"overlap" : { | |
"type" : "long" | |
}, | |
"overlap_diff_data" : { | |
"type" : "long" | |
}, | |
"pseudo" : { | |
"type" : "long" | |
}, | |
"pseudo_failed" : { | |
"type" : "long" | |
}, | |
"reassembly_gap" : { | |
"type" : "long" | |
}, | |
"reassembly_memuse" : { | |
"type" : "long" | |
}, | |
"rst" : { | |
"type" : "long" | |
}, | |
"segment_memcap_drop" : { | |
"type" : "long" | |
}, | |
"sessions" : { | |
"type" : "long" | |
}, | |
"ssn_memcap_drop" : { | |
"type" : "long" | |
}, | |
"stream_depth_reached" : { | |
"type" : "long" | |
}, | |
"syn" : { | |
"type" : "long" | |
}, | |
"synack" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"uptime" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tcp" : { | |
"properties" : { | |
"ack" : { | |
"type" : "boolean" | |
}, | |
"fin" : { | |
"type" : "boolean" | |
}, | |
"psh" : { | |
"type" : "boolean" | |
}, | |
"rst" : { | |
"type" : "boolean" | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"syn" : { | |
"type" : "boolean" | |
}, | |
"tcp_flags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp_flags_tc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tcp_flags_ts" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"timestamp" : { | |
"type" : "alias", | |
"path" : "@timestamp" | |
}, | |
"tls" : { | |
"properties" : { | |
"fingerprint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"issuerdn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ja3" : { | |
"properties" : { | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"string" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ja3s" : { | |
"properties" : { | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"string" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"notafter" : { | |
"type" : "date" | |
}, | |
"notbefore" : { | |
"type" : "date" | |
}, | |
"serial" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"session_resumed" : { | |
"type" : "boolean" | |
}, | |
"sni" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tx_id" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"syslog" : { | |
"properties" : { | |
"facility" : { | |
"type" : "long" | |
}, | |
"facility_label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"priority" : { | |
"type" : "long" | |
}, | |
"severity_label" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"system" : { | |
"properties" : { | |
"auth" : { | |
"properties" : { | |
"groupadd" : { | |
"type" : "object" | |
}, | |
"ssh" : { | |
"properties" : { | |
"dropped_ip" : { | |
"type" : "ip" | |
}, | |
"event" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geoip" : { | |
"type" : "object" | |
}, | |
"method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"signature" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sudo" : { | |
"properties" : { | |
"command" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"error" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pwd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tty" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"useradd" : { | |
"properties" : { | |
"home" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"shell" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"syslog" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"tags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"threat" : { | |
"properties" : { | |
"framework" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tactic" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"technique" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"reference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"timeseries" : { | |
"properties" : { | |
"instance" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tls" : { | |
"properties" : { | |
"cipher" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client" : { | |
"properties" : { | |
"certificate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificate_chain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hash" : { | |
"properties" : { | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"issuer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ja3" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"not_after" : { | |
"type" : "date" | |
}, | |
"not_before" : { | |
"type" : "date" | |
}, | |
"server_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"supported_ciphers" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"curve" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"established" : { | |
"type" : "boolean" | |
}, | |
"next_protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resumed" : { | |
"type" : "boolean" | |
}, | |
"server" : { | |
"properties" : { | |
"certificate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"certificate_chain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hash" : { | |
"properties" : { | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"issuer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ja3s" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"not_after" : { | |
"type" : "date" | |
}, | |
"not_before" : { | |
"type" : "date" | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version_protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tlsDetails" : { | |
"properties" : { | |
"cipherSuite" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"clientProvidedHostHeader" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tlsVersion" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tracing" : { | |
"properties" : { | |
"trace" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"transaction" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"traefik" : { | |
"properties" : { | |
"access" : { | |
"properties" : { | |
"backend_url" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"frontend_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"geoip" : { | |
"properties" : { | |
"city_name" : { | |
"type" : "alias", | |
"path" : "source.geo.city_name" | |
}, | |
"continent_name" : { | |
"type" : "alias", | |
"path" : "source.geo.continent_name" | |
}, | |
"country_iso_code" : { | |
"type" : "alias", | |
"path" : "source.geo.country_iso_code" | |
}, | |
"location" : { | |
"type" : "alias", | |
"path" : "source.geo.location" | |
}, | |
"region_iso_code" : { | |
"type" : "alias", | |
"path" : "source.geo.region_iso_code" | |
}, | |
"region_name" : { | |
"type" : "alias", | |
"path" : "source.geo.region_name" | |
} | |
} | |
}, | |
"request_count" : { | |
"type" : "long" | |
}, | |
"user_agent" : { | |
"properties" : { | |
"device" : { | |
"type" : "alias", | |
"path" : "user_agent.device.name" | |
}, | |
"name" : { | |
"type" : "alias", | |
"path" : "user_agent.name" | |
}, | |
"original" : { | |
"type" : "alias", | |
"path" : "user_agent.original" | |
}, | |
"os" : { | |
"type" : "alias", | |
"path" : "user_agent.os.full_name" | |
}, | |
"os_name" : { | |
"type" : "alias", | |
"path" : "user_agent.os.name" | |
} | |
} | |
}, | |
"user_identifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"url" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extension" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fragment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"original" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"password" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "long" | |
}, | |
"query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"registered_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scheme" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"top_level_domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"user" : { | |
"properties" : { | |
"audit" : { | |
"properties" : { | |
"group" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"effective" : { | |
"properties" : { | |
"group" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"email" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"filesystem" : { | |
"properties" : { | |
"group" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"full_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"group" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"hash" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"owner" : { | |
"properties" : { | |
"group" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"saved" : { | |
"properties" : { | |
"group" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"terminal" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"userAgent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userIdentity" : { | |
"properties" : { | |
"accessKeyId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"accountId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identityProvider" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"invokedBy" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"principalId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sessionContext" : { | |
"properties" : { | |
"attributes" : { | |
"properties" : { | |
"creationDate" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mfaAuthenticated" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ec2RoleDelivery" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sessionIssuer" : { | |
"properties" : { | |
"accountId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"arn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"principalId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"webIdFederationData" : { | |
"type" : "object" | |
} | |
} | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"userName" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_agent" : { | |
"properties" : { | |
"device" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"original" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"os" : { | |
"properties" : { | |
"family" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"full" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"full_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"kernel" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"platform" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vlan" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"vpcEndpointId" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vulnerability" : { | |
"properties" : { | |
"category" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"classification" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"description" : { | |
"type" : "keyword", | |
"ignore_above" : 1024, | |
"fields" : { | |
"text" : { | |
"type" : "text", | |
"norms" : false | |
} | |
} | |
}, | |
"enumeration" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reference" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"report_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"scanner" : { | |
"properties" : { | |
"vendor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"score" : { | |
"properties" : { | |
"base" : { | |
"type" : "float" | |
}, | |
"environmental" : { | |
"type" : "float" | |
}, | |
"temporal" : { | |
"type" : "float" | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"zeek" : { | |
"properties" : { | |
"capture_loss" : { | |
"properties" : { | |
"acks" : { | |
"type" : "long" | |
}, | |
"gaps" : { | |
"type" : "long" | |
}, | |
"peer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"percent_lost" : { | |
"type" : "double" | |
}, | |
"ts_delta" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"connection" : { | |
"properties" : { | |
"history" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"inner_vlan" : { | |
"type" : "long" | |
}, | |
"local_orig" : { | |
"type" : "boolean" | |
}, | |
"local_resp" : { | |
"type" : "boolean" | |
}, | |
"missed_bytes" : { | |
"type" : "long" | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state_message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"vlan" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"dce_rpc" : { | |
"properties" : { | |
"endpoint" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"named_pipe" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"operation" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rtt" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"dhcp" : { | |
"properties" : { | |
"address" : { | |
"properties" : { | |
"assigned" : { | |
"type" : "ip" | |
}, | |
"client" : { | |
"type" : "ip" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"requested" : { | |
"type" : "ip" | |
}, | |
"server" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"client_fqdn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration" : { | |
"type" : "double" | |
}, | |
"hostname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"id" : { | |
"properties" : { | |
"circuit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"remote_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subscriber" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"lease_time" : { | |
"type" : "long" | |
}, | |
"msg" : { | |
"properties" : { | |
"client" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"origin" : { | |
"type" : "ip" | |
}, | |
"server" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"types" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"software" : { | |
"properties" : { | |
"client" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"server" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"dnp3" : { | |
"properties" : { | |
"function" : { | |
"properties" : { | |
"reply" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"id" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"dns" : { | |
"properties" : { | |
"AA" : { | |
"type" : "boolean" | |
}, | |
"RA" : { | |
"type" : "boolean" | |
}, | |
"RD" : { | |
"type" : "boolean" | |
}, | |
"TC" : { | |
"type" : "boolean" | |
}, | |
"TTLs" : { | |
"type" : "double" | |
}, | |
"answers" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"qclass" : { | |
"type" : "long" | |
}, | |
"qclass_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"qtype" : { | |
"type" : "long" | |
}, | |
"qtype_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"query" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rcode" : { | |
"type" : "long" | |
}, | |
"rcode_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rejected" : { | |
"type" : "boolean" | |
}, | |
"rtt" : { | |
"type" : "double" | |
}, | |
"saw_query" : { | |
"type" : "boolean" | |
}, | |
"saw_reply" : { | |
"type" : "boolean" | |
}, | |
"total_answers" : { | |
"type" : "long" | |
}, | |
"total_replies" : { | |
"type" : "long" | |
}, | |
"trans_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"dpd" : { | |
"properties" : { | |
"analyzer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"failure_reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"packet_segment" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"files" : { | |
"properties" : { | |
"analyzers" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"depth" : { | |
"type" : "long" | |
}, | |
"duration" : { | |
"type" : "double" | |
}, | |
"entropy" : { | |
"type" : "double" | |
}, | |
"extracted" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"extracted_cutoff" : { | |
"type" : "boolean" | |
}, | |
"extracted_size" : { | |
"type" : "long" | |
}, | |
"filename" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"is_orig" : { | |
"type" : "boolean" | |
}, | |
"local_orig" : { | |
"type" : "boolean" | |
}, | |
"md5" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mime_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"missing_bytes" : { | |
"type" : "long" | |
}, | |
"overflow_bytes" : { | |
"type" : "long" | |
}, | |
"parent_fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rx_host" : { | |
"type" : "ip" | |
}, | |
"seen_bytes" : { | |
"type" : "long" | |
}, | |
"session_ids" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha1" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sha256" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"timedout" : { | |
"type" : "boolean" | |
}, | |
"total_bytes" : { | |
"type" : "long" | |
}, | |
"tx_host" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"ftp" : { | |
"properties" : { | |
"arg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"capture_password" : { | |
"type" : "boolean" | |
}, | |
"cmdarg" : { | |
"properties" : { | |
"arg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cmd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"seq" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"command" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cwd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"data_channel" : { | |
"properties" : { | |
"originating_host" : { | |
"type" : "ip" | |
}, | |
"passive" : { | |
"type" : "boolean" | |
}, | |
"response_host" : { | |
"type" : "ip" | |
}, | |
"response_port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"file" : { | |
"properties" : { | |
"fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mime_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"last_auth_requested" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"passive" : { | |
"type" : "boolean" | |
}, | |
"password" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"pending_commands" : { | |
"type" : "long" | |
}, | |
"reply" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"http" : { | |
"properties" : { | |
"captured_password" : { | |
"type" : "boolean" | |
}, | |
"client_header_names" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"info_code" : { | |
"type" : "long" | |
}, | |
"info_msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"orig_filenames" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"orig_fuids" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"orig_mime_depth" : { | |
"type" : "long" | |
}, | |
"orig_mime_types" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"password" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"proxied" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"range_request" : { | |
"type" : "boolean" | |
}, | |
"resp_filenames" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resp_fuids" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resp_mime_depth" : { | |
"type" : "long" | |
}, | |
"resp_mime_types" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"server_header_names" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status_msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tags" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"trans_depth" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"intel" : { | |
"properties" : { | |
"file_desc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file_mime_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"matched" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"seen" : { | |
"properties" : { | |
"conn" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"f" : { | |
"type" : "object" | |
}, | |
"fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"indicator" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"indicator_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"node" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"where" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sources" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"irc" : { | |
"properties" : { | |
"addl" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"command" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dcc" : { | |
"properties" : { | |
"file" : { | |
"properties" : { | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"mime_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"nick" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"kerberos" : { | |
"properties" : { | |
"cert" : { | |
"properties" : { | |
"client" : { | |
"properties" : { | |
"fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"server" : { | |
"properties" : { | |
"fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"value" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"cipher" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"error" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"forwardable" : { | |
"type" : "boolean" | |
}, | |
"renewable" : { | |
"type" : "boolean" | |
}, | |
"request_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"success" : { | |
"type" : "boolean" | |
}, | |
"ticket" : { | |
"properties" : { | |
"auth" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"new" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"valid" : { | |
"properties" : { | |
"days" : { | |
"type" : "long" | |
}, | |
"from" : { | |
"type" : "date" | |
}, | |
"until" : { | |
"type" : "date" | |
} | |
} | |
} | |
} | |
}, | |
"modbus" : { | |
"properties" : { | |
"exception" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"function" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"track_address" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"mysql" : { | |
"properties" : { | |
"arg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cmd" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"response" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"rows" : { | |
"type" : "long" | |
}, | |
"success" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"notice" : { | |
"properties" : { | |
"actions" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"connection_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"dropped" : { | |
"type" : "boolean" | |
}, | |
"email_body_sections" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"email_delay_tokens" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"false" : { | |
"type" : "long" | |
}, | |
"ffile" : { | |
"properties" : { | |
"total_bytes" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"file" : { | |
"properties" : { | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"is_orig" : { | |
"type" : "boolean" | |
}, | |
"mime_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"missing_bytes" : { | |
"type" : "long" | |
}, | |
"overflow_bytes" : { | |
"type" : "long" | |
}, | |
"parent_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"seen_bytes" : { | |
"type" : "long" | |
}, | |
"source" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"fuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"icmp_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"note" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"peer_descr" : { | |
"type" : "text", | |
"norms" : false | |
}, | |
"peer_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sub" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"suppress_for" : { | |
"type" : "double" | |
} | |
} | |
}, | |
"ntlm" : { | |
"properties" : { | |
"domain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hostname" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"server" : { | |
"properties" : { | |
"name" : { | |
"properties" : { | |
"dns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"netbios" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tree" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"success" : { | |
"type" : "boolean" | |
}, | |
"username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"ocsp" : { | |
"properties" : { | |
"file_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"hash" : { | |
"properties" : { | |
"algorithm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"issuer" : { | |
"properties" : { | |
"key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"revoke" : { | |
"properties" : { | |
"reason" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"time" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"serial_number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"update" : { | |
"properties" : { | |
"next" : { | |
"type" : "date" | |
}, | |
"this" : { | |
"type" : "date" | |
} | |
} | |
} | |
} | |
}, | |
"pe" : { | |
"properties" : { | |
"client" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"compile_time" : { | |
"type" : "date" | |
}, | |
"has_cert_table" : { | |
"type" : "boolean" | |
}, | |
"has_debug_data" : { | |
"type" : "boolean" | |
}, | |
"has_export_table" : { | |
"type" : "boolean" | |
}, | |
"has_import_table" : { | |
"type" : "boolean" | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"is_64bit" : { | |
"type" : "boolean" | |
}, | |
"is_exe" : { | |
"type" : "boolean" | |
}, | |
"machine" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"os" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"section_names" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subsystem" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uses_aslr" : { | |
"type" : "boolean" | |
}, | |
"uses_code_integrity" : { | |
"type" : "boolean" | |
}, | |
"uses_dep" : { | |
"type" : "boolean" | |
}, | |
"uses_seh" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"radius" : { | |
"properties" : { | |
"connect_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"framed_addr" : { | |
"type" : "ip" | |
}, | |
"logged" : { | |
"type" : "boolean" | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"remote_ip" : { | |
"type" : "ip" | |
}, | |
"reply_msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ttl" : { | |
"type" : "long" | |
}, | |
"username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"rdp" : { | |
"properties" : { | |
"cert" : { | |
"properties" : { | |
"count" : { | |
"type" : "long" | |
}, | |
"permanent" : { | |
"type" : "boolean" | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"client" : { | |
"properties" : { | |
"build" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"product_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"cookie" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"desktop" : { | |
"properties" : { | |
"color_depth" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"height" : { | |
"type" : "long" | |
}, | |
"width" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"done" : { | |
"type" : "boolean" | |
}, | |
"encryption" : { | |
"properties" : { | |
"level" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"keyboard_layout" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"result" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"security_protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"ssl" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"rfb" : { | |
"properties" : { | |
"auth" : { | |
"properties" : { | |
"method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"success" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"desktop_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"height" : { | |
"type" : "long" | |
}, | |
"share_flag" : { | |
"type" : "boolean" | |
}, | |
"version" : { | |
"properties" : { | |
"client" : { | |
"properties" : { | |
"major" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"minor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"server" : { | |
"properties" : { | |
"major" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"minor" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"width" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"session_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sip" : { | |
"properties" : { | |
"call_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"content_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"date" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reply_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request" : { | |
"properties" : { | |
"body_length" : { | |
"type" : "long" | |
}, | |
"from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"response" : { | |
"properties" : { | |
"body_length" : { | |
"type" : "long" | |
}, | |
"from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"sequence" : { | |
"properties" : { | |
"method" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"number" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"status" : { | |
"properties" : { | |
"code" : { | |
"type" : "long" | |
}, | |
"msg" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transaction_depth" : { | |
"type" : "long" | |
}, | |
"uri" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"warning" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"smb_cmd" : { | |
"properties" : { | |
"argument" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"command" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"file" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host" : { | |
"properties" : { | |
"rx" : { | |
"type" : "ip" | |
}, | |
"tx" : { | |
"type" : "ip" | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"uid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"rtt" : { | |
"type" : "double" | |
}, | |
"smb1_offered_dialects" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"smb2_offered_dialects" : { | |
"type" : "long" | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"sub_command" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tree" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tree_service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"username" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"smb_files" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fid" : { | |
"type" : "long" | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"previous_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"size" : { | |
"type" : "long" | |
}, | |
"times" : { | |
"properties" : { | |
"accessed" : { | |
"type" : "date" | |
}, | |
"changed" : { | |
"type" : "date" | |
}, | |
"created" : { | |
"type" : "date" | |
}, | |
"modified" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"uuid" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"smb_mapping" : { | |
"properties" : { | |
"native_file_system" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"service" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"share_type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"smtp" : { | |
"properties" : { | |
"cc" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"date" : { | |
"type" : "date" | |
}, | |
"first_received" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"fuids" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"has_client_activity" : { | |
"type" : "boolean" | |
}, | |
"helo" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"in_reply_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"is_webmail" : { | |
"type" : "boolean" | |
}, | |
"last_reply" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mail_from" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"msg_id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"path" : { | |
"type" : "ip" | |
}, | |
"process_received_from" : { | |
"type" : "boolean" | |
}, | |
"rcpt_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reply_to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"second_received" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"tls" : { | |
"type" : "boolean" | |
}, | |
"to" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"transaction_depth" : { | |
"type" : "long" | |
}, | |
"user_agent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"x_originating_ip" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"snmp" : { | |
"properties" : { | |
"community" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"display_string" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"duration" : { | |
"type" : "double" | |
}, | |
"get" : { | |
"properties" : { | |
"bulk_requests" : { | |
"type" : "long" | |
}, | |
"requests" : { | |
"type" : "long" | |
}, | |
"responses" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"set" : { | |
"properties" : { | |
"requests" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"up_since" : { | |
"type" : "date" | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"socks" : { | |
"properties" : { | |
"bound" : { | |
"properties" : { | |
"host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"capture_password" : { | |
"type" : "boolean" | |
}, | |
"password" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"request" : { | |
"properties" : { | |
"host" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"port" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"user" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ssh" : { | |
"properties" : { | |
"algorithm" : { | |
"properties" : { | |
"cipher" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"compression" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"key_exchange" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"mac" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"auth" : { | |
"properties" : { | |
"attempts" : { | |
"type" : "long" | |
}, | |
"success" : { | |
"type" : "boolean" | |
} | |
} | |
}, | |
"client" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"direction" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"host_key" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"server" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"version" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"ssl" : { | |
"properties" : { | |
"cipher" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"client" : { | |
"properties" : { | |
"cert_chain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_chain_fuids" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"issuer" : { | |
"properties" : { | |
"common_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"locality" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organization" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organizational_unit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"subject" : { | |
"properties" : { | |
"common_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"locality" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organization" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organizational_unit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"curve" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"established" : { | |
"type" : "boolean" | |
}, | |
"last_alert" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"next_protocol" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"resumed" : { | |
"type" : "boolean" | |
}, | |
"server" : { | |
"properties" : { | |
"cert_chain" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"cert_chain_fuids" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"issuer" : { | |
"properties" : { | |
"common_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"locality" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organization" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organizational_unit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"properties" : { | |
"common_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"locality" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organization" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organizational_unit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
} | |
} | |
}, | |
"validation" : { | |
"properties" : { | |
"code" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"status" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"version" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"stats" : { | |
"properties" : { | |
"bytes" : { | |
"properties" : { | |
"received" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"connections" : { | |
"properties" : { | |
"icmp" : { | |
"properties" : { | |
"active" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"tcp" : { | |
"properties" : { | |
"active" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"udp" : { | |
"properties" : { | |
"active" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
} | |
} | |
}, | |
"dns_requests" : { | |
"properties" : { | |
"active" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"events" : { | |
"properties" : { | |
"processed" : { | |
"type" : "long" | |
}, | |
"queued" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"files" : { | |
"properties" : { | |
"active" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"memory" : { | |
"type" : "long" | |
}, | |
"packets" : { | |
"properties" : { | |
"dropped" : { | |
"type" : "long" | |
}, | |
"processed" : { | |
"type" : "long" | |
}, | |
"received" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"peer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"reassembly_size" : { | |
"properties" : { | |
"file" : { | |
"type" : "long" | |
}, | |
"frag" : { | |
"type" : "long" | |
}, | |
"tcp" : { | |
"type" : "long" | |
}, | |
"unknown" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"timers" : { | |
"properties" : { | |
"active" : { | |
"type" : "long" | |
}, | |
"count" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"timestamp_lag" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"syslog" : { | |
"properties" : { | |
"facility" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"message" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"severity" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"tunnel" : { | |
"properties" : { | |
"action" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"weird" : { | |
"properties" : { | |
"additional_info" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"identifier" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"notice" : { | |
"type" : "boolean" | |
}, | |
"peer" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"x509" : { | |
"properties" : { | |
"basic_constraints" : { | |
"properties" : { | |
"certificate_authority" : { | |
"type" : "boolean" | |
}, | |
"path_length" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"certificate" : { | |
"properties" : { | |
"common_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"curve" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"exponent" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"issuer" : { | |
"properties" : { | |
"common_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"locality" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organization" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organizational_unit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"key" : { | |
"properties" : { | |
"algorithm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"length" : { | |
"type" : "long" | |
}, | |
"type" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"serial" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"signature_algorithm" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"subject" : { | |
"properties" : { | |
"common_name" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"country" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"locality" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organization" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"organizational_unit" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"state" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
} | |
} | |
}, | |
"valid" : { | |
"properties" : { | |
"from" : { | |
"type" : "date" | |
}, | |
"until" : { | |
"type" : "date" | |
} | |
} | |
}, | |
"version" : { | |
"type" : "long" | |
} | |
} | |
}, | |
"id" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"log_cert" : { | |
"type" : "boolean" | |
}, | |
"san" : { | |
"properties" : { | |
"dns" : { | |
"type" : "keyword", | |
"ignore_above" : 1024 | |
}, | |
"email" : { | |
"type" : "keyword", | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment