Skip to content

Instantly share code, notes, and snippets.

@bndabbs

bndabbs/bro-diag.json

Last active August 19, 2018 21:49
Show Gist options
  • Save bndabbs/5818dd4dfaa1ebcbd4588a667e79cbe3 to your computer and use it in GitHub Desktop.
Save bndabbs/5818dd4dfaa1ebcbd4588a667e79cbe3 to your computer and use it in GitHub Desktop.
Download ZIP
Bro ES Index Templates
Raw
bro-diag.json
{
"order": 10,
"index_patterns": [
"bro-diag-*"
],
"mappings": {
"_doc": {
"properties": {
"acks": {
"type": "long"
},
"active_dns_requests": {
"type": "long"
},
"active_files": {
"type": "long"
},
"active_icmp_conns": {
"type": "long"
},
"active_tcp_conns": {
"type": "long"
},
"active_timers": {
"type": "long"
},
"active_udp_conns": {
"type": "long"
},
"bytes_recv": {
"type": "long"
},
"dns_requests": {
"type": "long"
},
"events_proc": {
"type": "long"
},
"events_queued": {
"type": "long"
},
"files": {
"type": "long"
},
"gaps": {
"type": "long"
},
"icmp_conns": {
"type": "long"
},
"mem": {
"type": "long"
},
"peer": {
"type": "keyword"
},
"percent_lost": {
"type": "float"
},
"pkt_lag": {
"type": "float"
},
"pkts_dropped": {
"type": "long"
},
"pkts_link": {
"type": "long"
},
"pkts_proc": {
"type": "long"
},
"reassem_file_size": {
"type": "long"
},
"reassem_frag_size": {
"type": "long"
},
"reassem_tcp_size": {
"type": "long"
},
"reassem_unknown_size": {
"type": "long"
},
"tcp_conns": {
"type": "long"
},
"timers": {
"type": "long"
},
"ts": {
"type": "date"
},
"ts_delta": {
"type": "float"
},
"udp_conns": {
"type": "long"
}
}
}
}
}
Raw
bro-file.json
{
"order": 10,
"index_patterns": [
"bro-file-*"
],
"settings": {
"index": {
"analysis": {
"analyzer": {
"comma_analyzer": {
"tokenizer": "comma_tokenizer"
},
"url_analyzer": {
"tokenizer": "url_tokenizer"
}
},
"tokenizer": {
"url_tokenizer": {
"type": "uax_url_email"
},
"comma_tokenizer": {
"pattern": ",",
"type": "simple_pattern_split"
}
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"analyzers": {
"type": "keyword"
},
"basic_constraints_ca": {
"type": "boolean"
},
"basic_constraints_path_len": {
"type": "long"
},
"certificate_curve": {
"type": "keyword"
},
"certificate_exponent": {
"type": "long"
},
"certificate_issuer": {
"type": "text",
"analyzer": "comma_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"certificate_key_alg": {
"type": "keyword"
},
"certificate_key_length": {
"type": "long"
},
"certificate_key_type": {
"type": "keyword"
},
"certificate_not_valid_after": {
"type": "date"
},
"certificate_not_valid_before": {
"type": "date"
},
"certificate_serial": {
"type": "keyword"
},
"certificate_sig_alg": {
"type": "keyword"
},
"certificate_subject": {
"type": "text",
"analyzer": "comma_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"certificate_version": {
"type": "long"
},
"compile_ts": {
"type": "date"
},
"conn_uids": {
"type": "keyword"
},
"depth": {
"type": "long"
},
"duration": {
"type": "float"
},
"extracted": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"extracted_cutoff": {
"type": "boolean"
},
"filename": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"fuid": {
"type": "keyword"
},
"has_cert_table": {
"type": "boolean"
},
"has_debug_data": {
"type": "boolean"
},
"has_export_table": {
"type": "boolean"
},
"has_import_table": {
"type": "boolean"
},
"is_64bit": {
"type": "boolean"
},
"is_exe": {
"type": "boolean"
},
"is_orig": {
"type": "boolean"
},
"local_orig": {
"type": "boolean"
},
"machine": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"md5": {
"type": "keyword"
},
"mime_type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"missing_bytes": {
"type": "long"
},
"os": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"overflow_bytes": {
"type": "long"
},
"rx_hosts": {
"type": "ip"
},
"san_dns": {
"type": "text",
"analyzer": "comma_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"san_email": {
"type": "text",
"analyzer": "url_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"section_names": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"seen_bytes": {
"type": "long"
},
"sha1": {
"type": "keyword"
},
"source": {
"type": "keyword"
},
"subsystem": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"timedout": {
"type": "boolean"
},
"total_bytes": {
"type": "long"
},
"ts": {
"type": "date"
},
"tx_hosts": {
"type": "ip"
},
"uses_aslr": {
"type": "boolean"
},
"uses_code_integrity": {
"type": "boolean"
},
"uses_dep": {
"type": "boolean"
},
"uses_seh": {
"type": "boolean"
}
}
}
}
}
Raw
bro-miscellaneous.json
{
"order": 10,
"index_patterns": [
"bro-miscellaneous-*"
],
"mappings": {
"_doc": {
"properties": {
"addl": {
"type": "keyword"
},
"analyzer": {
"type": "keyword"
},
"failure_reason": {
"type": "keyword"
},
"id_orig_h": {
"type": "ip"
},
"id_orig_p": {
"type": "long"
},
"id_resp_h": {
"type": "ip"
},
"id_resp_p": {
"type": "long"
},
"name": {
"type": "keyword"
},
"notice": {
"type": "boolean"
},
"peer": {
"type": "keyword"
},
"proto": {
"type": "keyword"
},
"uid": {
"type": "keyword"
}
}
}
}
}
Raw
bro-observations.json
{
"order": 10,
"index_patterns": [
"bro-observations-*"
],
"settings": {
"analysis": {
"analyzer": {
"comma_analyzer": {
"tokenizer": "comma_tokenizer"
}
},
"tokenizer": {
"comma_tokenizer": {
"type": "simple_pattern_split",
"pattern": ","
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"host": {
"type": "ip"
},
"host_p": {
"type": "long"
},
"issuer_subject": {
"type": "text",
"analyzer": "comma_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"port_num": {
"type": "long"
},
"port_proto": {
"type": "keyword"
},
"serial": {
"type": "keyword"
},
"service": {
"type": "keyword"
},
"software_type": {
"type": "keyword"
},
"subject": {
"type": "text",
"analyzer": "comma_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"unparsed_version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"version_addl": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"version_major": {
"type": "long"
},
"version_minor": {
"type": "long"
},
"version_minor2": {
"type": "long"
},
"version_minor3": {
"type": "long"
}
}
}
}
}
Raw
bro_detection.json
{
"order": 10,
"index_patterns": [
"bro-detection-*"
],
"settings": {
"analysis": {
"analyzer": {
"comma_analyzer": {
"tokenizer": "comma_tokenizer"
}
},
"tokenizer": {
"comma_tokenizer": {
"type": "simple_pattern_split",
"pattern": ","
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"actions": {
"type": "keyword"
},
"dropped": {
"type": "boolean"
},
"dst": {
"type": "ip"
},
"id_orig_h": {
"type": "ip"
},
"id_orig_p": {
"type": "long"
},
"id_resp_h": {
"type": "ip"
},
"id_resp_p": {
"type": "long"
},
"msg": {
"type": "text"
},
"note": {
"type": "keyword"
},
"p": {
"type": "long"
},
"peer_descr": {
"type": "keyword"
},
"proto": {
"type": "keyword"
},
"src": {
"type": "ip"
},
"sub": {
"type": "text",
"analyzer": "comma_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"suppress_for": {
"type": "float"
},
"uid": {
"type": "keyword"
}
}
}
}
}
Raw
bro_network_conn.json
{
"order": 10,
"index_patterns": [
"bro-network-conn-*"
],
"settings": {},
"mappings": {
"_doc": {
"properties": {
"conn_state": {
"type": "keyword"
},
"duration": {
"type": "float"
},
"history": {
"type": "keyword"
},
"local_orig": {
"type": "boolean"
},
"local_resp": {
"type": "boolean"
},
"missed_bytes": {
"type": "long"
},
"orig_asn": {
"type": "long"
},
"orig_bytes": {
"type": "long"
},
"orig_country_code": {
"type": "keyword"
},
"orig_location": {
"type": "geo_point"
},
"orig_ip_bytes": {
"type": "long"
},
"orig_pkts": {
"type": "long"
},
"proto": {
"type": "keyword"
},
"resp_asn": {
"type": "long"
},
"resp_bytes": {
"type": "long"
},
"resp_country_code": {
"type": "keyword"
},
"resp_location": {
"type": "geo_point"
},
"resp_ip_bytes": {
"type": "long"
},
"resp_pkts": {
"type": "long"
},
"service": {
"type": "keyword"
},
"tunnel_parents": {
"type": "keyword"
}
}
}
}
}
Raw
bro_network_dce_rpc.json
{
"order": 10,
"index_patterns": [
"bro-network-dce_rpc-*"
],
"settings": {
"index": {
"analysis": {
"analyzer": {
"path_analyzer": {
"tokenizer": "path_tokenizer"
}
},
"tokenizer": {
"path_tokenizer": {
"type": "path_hierarchy",
"replacement": "/",
"delimiter": "\\"
}
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"endpoint": {
"type": "keyword"
},
"named_pipe": {
"type": "text",
"analyzer": "path_analyzer"
},
"operation": {
"type": "keyword"
},
"rtt": {
"type": "float"
}
}
}
}
}
Raw
bro_network_defaults.json
{
"order": 1,
"index_patterns": [
"bro-network-*"
],
"settings": {
"index": {
"number_of_shards": "3",
"number_of_replicas": "0",
"refresh_interval": "20s"
}
},
"mappings": {
"_doc": {
"properties": {
"@meta": {
"properties": {
"event_type": {
"type": "keyword"
},
"id": {
"type": "keyword"
},
"orig_host": {
"type": "ip"
},
"orig_host_routable": {
"type": "boolean"
},
"orig_port": {
"type": "long"
},
"proc": {
"type": "keyword"
},
"resp_host": {
"type": "ip"
},
"resp_host_routable": {
"type": "boolean"
},
"resp_port": {
"type": "long"
},
"stream": {
"type": "keyword"
},
"system": {
"type": "keyword"
},
"geoip_orig": {
"dynamic": true,
"properties": {
"asn": {
"type": "keyword",
"norms": false
},
"as_org": {
"type": "keyword",
"norms": false
},
"autonomous_system": {
"type": "keyword",
"norms": false
},
"city_name": {
"type": "keyword",
"norms": false
},
"continent_code": {
"type": "keyword",
"norms": false
},
"country_code2": {
"type": "keyword",
"norms": false
},
"country_code3": {
"type": "keyword",
"norms": false
},
"country_name": {
"type": "keyword",
"norms": false
},
"dma_code": {
"type": "integer"
},
"ip": {
"type": "ip"
},
"latitude": {
"type": "float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "float"
},
"postal_code": {
"type": "keyword",
"norms": false
},
"region_code": {
"type": "keyword",
"norms": false
},
"region_name": {
"type": "keyword",
"norms": false
},
"timezone": {
"type": "keyword",
"norms": false
}
}
},
"geoip_resp": {
"dynamic": true,
"properties": {
"asn": {
"type": "keyword",
"norms": false
},
"as_org": {
"type": "keyword",
"norms": false
},
"autonomous_system": {
"type": "keyword",
"norms": false
},
"city_name": {
"type": "keyword",
"norms": false
},
"continent_code": {
"type": "keyword",
"norms": false
},
"country_code2": {
"type": "keyword",
"norms": false
},
"country_code3": {
"type": "keyword",
"norms": false
},
"country_name": {
"type": "keyword",
"norms": false
},
"dma_code": {
"type": "integer"
},
"ip": {
"type": "ip"
},
"latitude": {
"type": "float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "float"
},
"postal_code": {
"type": "keyword",
"norms": false
},
"region_code": {
"type": "keyword",
"norms": false
},
"region_name": {
"type": "keyword",
"norms": false
},
"timezone": {
"type": "keyword",
"norms": false
}
}
}
}
},
"@timestamp": {
"type": "date"
},
"ts": {
"type": "date"
}
}
}
}
}
Raw
bro_network_dhcp
{
"order": 10,
"index_patterns": [
"bro-network-dhcp-*"
],
"settings": {
"analysis": {
"analyzer": {
"mac_analyzer": {
"tokenizer": "colon_tokenizer"
}
},
"tokenizer": {
"colon_tokenizer": {
"type": "simple_pattern_split",
"pattern": ":"
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"assigned_ip": {
"type": "ip"
},
"lease_time": {
"type": "float"
},
"mac": {
"type": "text",
"analyzer": "mac_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"trans_id": {
"type": "long"
}
}
}
}
}
Raw
bro_network_dns.json
{
"order": 10,
"index_patterns": [
"bro-network-dns-*"
],
"settings": {},
"mappings": {
"_doc": {
"properties": {
"AA": {
"type": "boolean"
},
"RA": {
"type": "boolean"
},
"RD": {
"type": "boolean"
},
"TC": {
"type": "boolean"
},
"TTLs": {
"type": "float"
},
"Z": {
"type": "long"
},
"answers": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"proto": {
"type": "keyword"
},
"qclass": {
"type": "long"
},
"qclass_name": {
"type": "keyword"
},
"qtype": {
"type": "long"
},
"qtype_name": {
"type": "keyword"
},
"query": {
"type": "keyword",
"copy_to": "domain.name"
},
"rcode": {
"type": "long"
},
"rcode_name": {
"type": "keyword"
},
"rejected": {
"type": "boolean"
},
"rtt": {
"type": "float"
},
"trans_id": {
"type": "long"
}
}
}
}
}
Raw
bro_network_ftp.json
{
"order": 10,
"index_patterns": [
"bro-network-ftp-*"
],
"settings": {
"analysis": {
"analyzer": {
"mime_analyzer": {
"tokenizer": "slash_tokenizer"
}
},
"tokenizer": {
"slash_tokenizer": {
"type": "simple_pattern_split",
"pattern": "/"
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"arg": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"command": {
"type": "keyword"
},
"data_channel_orig_h": {
"type": "ip"
},
"data_channel_passive": {
"type": "boolean"
},
"data_channel_resp_h": {
"type": "ip"
},
"data_channel_resp_p": {
"type": "long"
},
"file_size": {
"type": "long"
},
"fuid": {
"type": "keyword"
},
"mime_type": {
"type": "text",
"analyzer": "mime_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"password": {
"type": "keyword"
},
"reply_code": {
"type": "long"
},
"reply_msg": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"user": {
"type": "keyword"
}
}
}
}
}
Raw
bro_network_http
{
"order": 10,
"index_patterns": [
"bro-network-http-*"
],
"settings": {
"analysis": {
"analyzer": {
"url_analyzer": {
"tokenizer": "url_tokenizer"
}
},
"tokenizer": {
"url_tokenizer": {
"type": "uax_url_email"
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"host": {
"type": "text",
"analyzer": "url_analyzer"
},
"info_code": {
"type": "long"
},
"info_msg": {
"type": "keyword"
},
"method": {
"type": "keyword"
},
"orig_fuids": {
"type": "keyword"
},
"orig_mime_types": {
"type": "keyword"
},
"referrer": {
"type": "text",
"analyzer": "url_analyzer"
},
"request_body_len": {
"type": "long"
},
"resp_filenames": {
"type": "keyword"
},
"resp_fuids": {
"type": "keyword"
},
"resp_mime_types": {
"type": "keyword"
},
"response_body_len": {
"type": "long"
},
"status_code": {
"type": "long"
},
"status_msg": {
"type": "keyword"
},
"tags": {
"type": "keyword"
},
"trans_depth": {
"type": "long"
},
"uri": {
"type": "text",
"analyzer": "url_analyzer"
},
"user_agent": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"username": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
Raw
bro_network_kerberos
{
"order": 10,
"index_patterns": [
"bro-network-kerberos-*"
],
"settings": {
"analysis": {
"analyzer": {
"url_analyzer": {
"tokenizer": "url_tokenizer"
}
},
"tokenizer": {
"url_tokenizer": {
"type": "uax_url_email"
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"cipher": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"client": {
"type": "text",
"analyzer": "url_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"error_msg": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"forwardable": {
"type": "boolean"
},
"renewable": {
"type": "boolean"
},
"request_type": {
"type": "keyword"
},
"service": {
"type": "text",
"analyzer": "url_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"success": {
"type": "boolean"
},
"till": {
"type": "date"
}
}
}
}
}
Raw
bro_network_ntlm
{
"order": 10,
"index_patterns": [
"bro-network-ntlm-*"
],
"mappings": {
"_doc": {
"properties": {
"domainname": {
"type": "keyword"
},
"hostname": {
"type": "keyword"
},
"status": {
"type": "keyword"
},
"success": {
"type": "boolean"
},
"username": {
"type": "keyword"
}
}
}
}
}
Raw
bro_network_rdp
{
"order": 10,
"index_patterns": [
"bro-network-rdp-*"
],
"mappings": {
"_doc": {
"properties": {
"cert_count": {
"type": "long"
},
"cookie": {
"type": "keyword"
},
"result": {
"type": "keyword"
},
"security_protocol": {
"type": "keyword"
}
}
}
}
}
Raw
bro_network_smb_files.json
{
"order": 10,
"index_patterns": [
"bro-network-smb_files-*"
],
"settings": {
"index": {
"analysis": {
"analyzer": {
"path_analyzer": {
"tokenizer": "path_tokenizer"
}
},
"tokenizer": {
"path_tokenizer": {
"type": "path_hierarchy",
"replacement": "/",
"delimiter": "\\"
}
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"action": {
"type": "keyword"
},
"name": {
"type": "text",
"analyzer": "path_analyzer"
},
"path": {
"type": "text",
"analyzer": "path_analyzer"
},
"size": {
"type": "long"
},
"times_accessed": {
"type": "date"
},
"times_changed": {
"type": "date"
},
"times_created": {
"type": "date"
},
"times_modified": {
"type": "date"
}
}
}
}
}
Raw
bro_network_smb_mapping.json
{
"order": 10,
"index_patterns": [
"bro-network-smb_mapping-*"
],
"settings": {
"index": {
"analysis": {
"analyzer": {
"path_analyzer": {
"tokenizer": "path_tokenizer"
}
},
"tokenizer": {
"path_tokenizer": {
"type": "path_hierarchy",
"replacement": "/",
"delimiter": "\\"
}
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"path": {
"type": "text",
"analyzer": "path_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"service": {
"type": "keyword"
},
"share_type": {
"type": "keyword"
}
}
}
}
}
Raw
bro_network_smtp.json
{
"order": 10,
"index_patterns": [
"bro-network-smtp-*"
],
"settings": {
"index": {
"analysis": {
"analyzer": {
"url_analyzer": {
"tokenizer": "url_tokenizer"
}
},
"tokenizer": {
"url_tokenizer": {
"type": "uax_url_email"
}
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"fuids": {
"type": "keyword"
},
"helo": {
"type": "text",
"analyzer": "url_analyzer",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"is_webmail": {
"type": "boolean"
},
"last_reply": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"smtp_path": {
"type": "ip"
},
"tls": {
"type": "boolean"
},
"trans_depth": {
"type": "long"
}
}
}
}
}
Raw
bro_network_socks.json
{
"order": 10,
"index_patterns": [
"bro-network-socks-*"
],
"mappings": {
"_doc": {
"properties": {
"bound_name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"bound_p": {
"type": "long"
},
"request_name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"request_p": {
"type": "long"
},
"status": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"version": {
"type": "keyword"
},
"user": {
"type": "keyword"
},
"password": {
"type": "keyword"
}
}
}
}
}
Raw
bro_network_ssl.json
{
"order": 10,
"index_patterns": [
"bro-network-ssl-*"
],
"settings": {
"analysis": {
"analyzer": {
"comma_analyzer": {
"tokenizer": "comma_tokenizer"
},
"url_analyzer": {
"tokenizer": "url_tokenizer"
}
},
"tokenizer": {
"comma_tokenizer": {
"type": "simple_pattern_split",
"pattern": ","
},
"url_tokenizer": {
"type": "uax_url_email"
}
}
}
},
"mappings": {
"_doc": {
"properties": {
"cert_chain_fuids": {
"type": "keyword"
},
"cipher": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"client_cert_chain_fuids": {
"type": "keyword"
},
"client_issuer": {
"type": "text",
"analyzer": "comma_analyzer"
},
"client_subject": {
"type": "text",
"analyzer": "comma_analyzer"
},
"curve": {
"type": "keyword"
},
"established": {
"type": "boolean"
},
"issuer": {
"type": "text",
"analyzer": "comma_analyzer"
},
"last_alert": {
"type": "keyword"
},
"next_protocol": {
"type": "keyword"
},
"resumed": {
"type": "boolean"
},
"server_name": {
"type": "text",
"analyzer": "url_analyzer"
},
"subject": {
"type": "text",
"analyzer": "comma_analyzer"
},
"validation_status": {
"type": "keyword"
},
"version": {
"type": "keyword"
}
}
}
}
}
Raw
bro_network_tunnel.json
{
"order": 10,
"index_patterns": [
"bro-network-tunnel-*"
],
"mappings": {
"_doc": {
"properties": {
"action": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"tunnel_type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment