Created
May 28, 2023 08:43
-
-
Save fatehMohamed14/d900a17a56b7de1a401fb0498e00efb4 to your computer and use it in GitHub Desktop.
ES Alert Typescript types and interfaces that you may need when integrating alerts in your Typescript based web applications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export interface Alert { | |
id?: string | |
agent?: AlertAgent | |
process?: Process | |
rule?: Rule | |
message?: string | |
'@timestamp'?: string | |
file?: File | |
Endpoint?: Endpoint | |
ecs?: Ecs | |
data_stream?: DataStream | |
elastic?: Elastic | |
host?: Host | |
event?: Event | |
user?: User | |
} | |
export interface Event { | |
severity: number | |
code: string | |
risk_score: number | |
created: string | |
kind: string | |
module: string | |
type: string[] | |
agent_id_status: string | |
sequence: number | |
ingested: string | |
action: string | |
id: string | |
category: string[] | |
dataset: string | |
outcome: string | |
} | |
export interface Endpoint { | |
policy: Policy | |
} | |
export interface Policy { | |
applied: Applied | |
} | |
export interface Applied { | |
artifacts: Artifacts | |
} | |
export interface Artifacts { | |
global: Global | |
user: Global | |
} | |
export interface Global { | |
identifiers: Identifier[] | |
version: string | |
} | |
export interface Identifier { | |
sha256: string | |
name: string | |
} | |
export interface AlertAgent { | |
build: Build | |
id: string | |
type: string | |
version: string | |
} | |
export interface Build { | |
original: string | |
} | |
export interface DataStream { | |
namespace: string | |
type: string | |
dataset: string | |
} | |
export interface Ecs { | |
version: string | |
} | |
export interface Elastic { | |
agent: ElasticAgent | |
} | |
export interface ElasticAgent { | |
id: string | |
} | |
export interface File { | |
Ext: FileEXT | |
inode: number | |
owner: string | |
path: string | |
extension: string | |
size: number | |
created: string | |
name: string | |
accessed: string | |
mtime: string | |
directory: string | |
hash: FileHash | |
} | |
export interface FileEXT { | |
temp_file_path: string | |
malware_signature: MalwareSignature | |
quarantine_path: string | |
quarantine_message: string | |
quarantine_result: boolean | |
} | |
export interface MalwareSignature { | |
secondary: any[] | |
identifier: string | |
all_names: string | |
version: string | |
primary: Primary | |
} | |
export interface Primary { | |
signature: Signature | |
matches: string[] | |
} | |
export interface Signature { | |
name: string | |
id: string | |
hash: SignatureHash | |
} | |
export interface SignatureHash { | |
sha256: string | |
} | |
export interface FileHash { | |
sha1: string | |
sha256: string | |
md5: string | |
} | |
export interface Host { | |
hostname: string | |
os: OS | |
ip: string[] | |
name: string | |
id: string | |
mac: string[] | |
architecture: string | |
} | |
export interface OS { | |
Ext: OSEXT | |
kernel: string | |
name: string | |
family: string | |
type: string | |
version: string | |
platform: string | |
full: string | |
} | |
export interface OSEXT { | |
variant: string | |
} | |
export interface Process { | |
Ext: ProcessEXT | |
args: string[] | |
parent: Parent | |
name: string | |
pid: number | |
args_count: number | |
command_line: string | |
executable: string | |
hash: FileHash | |
} | |
export interface ProcessEXT { | |
ancestry: any[] | |
user: string | |
} | |
export interface Parent { | |
Ext: ParentEXT | |
args: string[] | |
pgid: number | |
name: string | |
start: string | |
pid: number | |
args_count: number | |
command_line: string | |
executable: string | |
hash: FileHash | |
ppid: number | |
uptime: number | |
} | |
export interface ParentEXT { | |
user: string | |
} | |
export interface Rule { | |
name: string | |
ruleset: string | |
id: string | |
} | |
export interface User { | |
name: string | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment