Created
November 5, 2013 03:52
-
-
Save grigorescu/7313599 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "bro_logs": { | |
| "template": "bro-*", | |
| "settings": { | |
| "number_of_shards": 4, | |
| "number_of_replicas": 0, | |
| "index.cache.field.type": "soft", | |
| "index.refresh_interval": "30s", | |
| "index.analysis": { | |
| "analyzer": { | |
| "HostnameAnalyzer": { | |
| "type": "custom", | |
| "tokenizer": "ReverseDotPath" | |
| } | |
| }, | |
| "tokenizer": { | |
| "ReverseDotPath": { | |
| "type": "path_hierarchy", | |
| "delimiter": ".", | |
| "reverse": "true", | |
| "skip": 1 | |
| } | |
| } | |
| } | |
| }, | |
| "mappings": { | |
| "_default_": { | |
| "_all": {"enabled": false} | |
| }, | |
| "capture_loss": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "ts_delta": {"type": "float", "index": "no"}, | |
| "peer": {"type": "string", "index": "not_analyzed"}, | |
| "gaps": {"type": "long", "index": "not_analyzed"}, | |
| "acks": {"type": "long", "index": "not_analyzed"}, | |
| "percent_lost": {"type": "string", "index": "no"} | |
| } | |
| }, | |
| "cluster": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "message": {"type": "float", "index": "no"} | |
| } | |
| }, | |
| "communication": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "peer": {"type": "string", "index": "not_analyzed"}, | |
| "src_name": {"type": "string", "index": "not_analyzed"}, | |
| "connected_peer_desc": {"type": "string", "index": "not_analyzed"}, | |
| "connected_peer_addr": {"type": "string", "index": "not_analyzed"}, | |
| "connected_peer_port": {"type": "integer", "index": "not_analyzed"}, | |
| "level": {"type": "string", "index": "not_analyzed"}, | |
| "message": {"type": "string", "analyzer": "whitespace"} | |
| } | |
| }, | |
| "conn": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "proto": {"type": "string", "index": "not_analyzed"}, | |
| "service": {"type": "string", "index": "not_analyzed"}, | |
| "duration": {"type": "double", "index": "not_analyzed"}, | |
| "orig_bytes": {"type": "long", "index": "not_analyzed"}, | |
| "resp_bytes": {"type": "long", "index": "not_analyzed"}, | |
| "conn_state": {"type": "string", "index": "not_analyzed"}, | |
| "local_orig": {"type": "boolean", "index": "not_analyzed"}, | |
| "missed_bytes": {"type": "long", "index": "not_analyzed"}, | |
| "history": {"type": "string", "index": "not_analyzed"}, | |
| "orig_pkts": {"type": "long", "index": "not_analyzed"}, | |
| "orig_ip_bytes": {"type": "long", "index": "not_analyzed"}, | |
| "resp_pkts": {"type": "long", "index": "not_analyzed"}, | |
| "resp_ip_bytes": {"type": "long", "index": "not_analyzed"}, | |
| "orig_cc": {"type": "string", "index": "not_analyzed"}, | |
| "resp_cc": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "dhcp": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "mac": {"type": "string", "index": "not_analyzed"}, | |
| "assigned_ip": {"type": "ip"}, | |
| "lease_time": {"type": "float", "index": "not_analyzed"}, | |
| "trans_id": {"type": "long", "index": "not_analyzed"} | |
| } | |
| }, | |
| "dns": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "proto": {"type": "string", "index": "not_analyzed"}, | |
| "trans_id": {"type": "long", "index": "not_analyzed"}, | |
| "query": {"type": "string", "analyzer": "HostnameAnalyzer"}, | |
| "qclass": {"type": "integer", "index": "not_analyzed"}, | |
| "qclass_name": {"type": "string", "index": "not_analyzed"}, | |
| "qtype": {"type": "integer", "index": "not_analyzed"}, | |
| "qtype_name": {"type": "string", "index": "not_analyzed"}, | |
| "rcode": {"type": "integer", "index": "not_analyzed"}, | |
| "rcode_name": {"type": "string", "index": "not_analyzed"}, | |
| "AA": {"type": "boolean", "index": "not_analyzed"}, | |
| "TC": {"type": "boolean", "index": "not_analyzed"}, | |
| "RD": {"type": "boolean", "index": "not_analyzed"}, | |
| "RA": {"type": "boolean", "index": "not_analyzed"}, | |
| "Z": {"type": "boolean", "index": "not_analyzed"}, | |
| "answers": {"type": "string", "analyzer": "HostnameAnalyzer"}, | |
| "TTLs": {"type": "long", "index": "not_analyzed"} | |
| } | |
| }, | |
| "dpd": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "proto": {"type": "string", "index": "not_analyzed"}, | |
| "analyzer": {"type": "string", "index": "not_analyzed"}, | |
| "failure_reason": {"type": "string", "index": "no"} | |
| } | |
| }, | |
| "ftp": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "user": {"type": "string", "index": "not_analyzed"}, | |
| "password": {"type": "string", "index": "not_analyzed"}, | |
| "command": {"type": "string", "index": "not_analyzed"}, | |
| "arg": {"type": "string", "analyzer": "simple"}, | |
| "mime_type": {"type": "string", "analyzer": "simple"}, | |
| "mime_desc": {"type": "string", "index": "not_analyzed"}, | |
| "file_size": {"type": "long", "index": "not_analyzed"}, | |
| "reply_code": {"type": "integer", "index": "not_analyzed"}, | |
| "reply_msg": {"type": "string", "index": "not_analyzed"}, | |
| "tags": {"type": "string", "index": "not_analyzed"}, | |
| "cwd": {"type": "string", "analyzer": "simple"}, | |
| "cmdarg": {"type": "string", "index": "not_analyzed"}, | |
| "passive": {"type": "boolean", "index": "not_analyzed"} | |
| } | |
| }, | |
| "http": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "trans_depth": {"type": "integer", "index": "not_analyzed"}, | |
| "method": {"type": "string", "index": "not_analyzed"}, | |
| "host": {"type": "string", "analyzer": "HostnameAnalyzer"}, | |
| "uri": {"type": "string", "analyzer": "simple"}, | |
| "referrer": {"type": "string", "analyzer": "simple"}, | |
| "user_agent": {"type": "string", "analyzer": "simple"}, | |
| "request_body_len": {"type": "long", "index": "not_analyzed"}, | |
| "response_body_len": {"type": "long", "index": "not_analyzed"}, | |
| "status_code": {"type": "integer", "index": "not_analyzed"}, | |
| "status_msg": {"type": "string", "index": "not_analyzed"}, | |
| "info_code": {"type": "integer", "index": "not_analyzed"}, | |
| "info_msg": {"type": "string", "index": "not_analyzed"}, | |
| "filename": {"type": "string", "index": "not_analyzed"}, | |
| "tags": {"type": "string", "index": "not_analyzed"}, | |
| "username": {"type": "string", "index": "not_analyzed"}, | |
| "password": {"type": "string", "index": "not_analyzed"}, | |
| "proxied": {"type": "boolean", "index": "not_analyzed"} | |
| } | |
| }, | |
| "irc": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "nick": {"type": "string", "index": "not_analyzed"}, | |
| "user": {"type": "string", "index": "not_analyzed"}, | |
| "command": {"type": "string", "index": "not_analyzed"}, | |
| "value": {"type": "string", "analyzer": "simple"}, | |
| "addl": {"type": "string", "analyzer": "simple"} | |
| } | |
| }, | |
| "known_certs": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "host": {"type": "ip"}, | |
| "port_num": {"type": "integer", "index": "not_analyzed"}, | |
| "subject": {"type": "string", "analyzer": "simple"}, | |
| "issuer_subject": {"type": "string", "analyzer": "simple"}, | |
| "serial": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "known_hosts": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "host": {"type": "ip"} | |
| } | |
| }, | |
| "known_services": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "host": {"type": "ip"}, | |
| "port_num": {"type": "integer", "index": "not_analyzed"}, | |
| "port_proto": {"type": "string", "index": "not_analyzed"}, | |
| "service": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "intel": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "seen.host": {"type": "ip"}, | |
| "seen.where": {"type": "string", "analyzer": "simple"}, | |
| "sources": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "loaded_scripts": { | |
| "properties": { | |
| "name": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "modbus": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "func": {"type": "string", "index": "not_analyzed"}, | |
| "exception": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "notice": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "proto": {"type": "string", "index": "not_analyzed"}, | |
| "note": {"type": "string", "analyzer": "simple"}, | |
| "msg": {"type": "string", "analyzer": "simple"}, | |
| "sub": {"type": "string", "analyzer": "simple"}, | |
| "src": {"type": "ip"}, | |
| "dst": {"type": "ip"}, | |
| "p": {"type": "integer", "index": "not_analyzed"}, | |
| "n": {"type": "integer", "index": "not_analyzed"}, | |
| "src_peer": {"type": "ip"}, | |
| "peer_descr": {"type": "string", "index": "not_analyzed"}, | |
| "actions": {"type": "string", "analyzer": "simple"}, | |
| "suppress_for": {"type": "double", "index": "not_analyzed"} | |
| } | |
| }, | |
| "notice_alarm": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "proto": {"type": "string", "index": "not_analyzed"}, | |
| "note": {"type": "string", "analyzer": "simple"}, | |
| "msg": {"type": "string", "analyzer": "simple"}, | |
| "sub": {"type": "string", "analyzer": "simple"}, | |
| "src": {"type": "ip"}, | |
| "dst": {"type": "ip"}, | |
| "p": {"type": "integer", "index": "not_analyzed"}, | |
| "n": {"type": "integer", "index": "not_analyzed"}, | |
| "src_peer": {"type": "ip"}, | |
| "peer_descr": {"type": "string", "index": "not_analyzed"}, | |
| "actions": {"type": "string", "analyzer": "simple"}, | |
| "suppress_for": {"type": "double", "index": "not_analyzed"} | |
| } | |
| }, | |
| "packet_filter": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "node": {"type": "ip"}, | |
| "filter": {"type": "string", "analyzer": "simple"}, | |
| "init": {"type": "boolean", "index": "not_analyzed"}, | |
| "success": {"type": "boolean", "index": "not_analyzed"} | |
| } | |
| }, | |
| "reporter": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "level": {"type": "string", "analyzer": "simple"}, | |
| "message": {"type": "string", "analyzer": "simple"}, | |
| "location": {"type": "string", "analyzer": "simple"} | |
| } | |
| }, | |
| "signatures": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "src_addr": {"type": "ip"}, | |
| "src_port": {"type": "integer", "index": "not_analyzed"}, | |
| "dst_addr": {"type": "ip"}, | |
| "dst_port": {"type": "integer", "index": "not_analyzed"}, | |
| "note": {"type": "string", "analyzer": "simple"}, | |
| "sig_id": {"type": "string", "index": "not_analyzed"}, | |
| "event_msg": {"type": "string", "analyzer": "simple"}, | |
| "sub_msg": {"type": "string", "analyzer": "simple"}, | |
| "sig_count": {"type": "long", "index": "not_analyzed"}, | |
| "host_count": {"type": "long", "index": "not_analyzed"} | |
| } | |
| }, | |
| "smtp": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "trans_depth": {"type": "integer", "index": "not_analyzed"}, | |
| "helo": {"type": "string", "analyzer": "HostnameAnalyzer"}, | |
| "mailfrom": {"type": "string", "analyzer": "simple"}, | |
| "rcptto": {"type": "string", "analyzer": "simple"}, | |
| "date": {"type": "string", "index": "not_analyzed"}, | |
| "from": {"type": "string", "analyzer": "simple"}, | |
| "to": {"type": "string", "analyzer": "simple"}, | |
| "reply_to": {"type": "string", "analyzer": "simple"}, | |
| "msg_id": {"type": "string", "index": "not_analyzed"}, | |
| "in_reply_to": {"type": "string", "index": "not_analyzed"}, | |
| "subject": {"type": "string", "analyzer": "simple"}, | |
| "x_originating_ip": {"type": "ip"}, | |
| "first_received": {"type": "string", "index": "not_analyzed"}, | |
| "second_received": {"type": "string", "analyzer": "simple"}, | |
| "last_reply": {"type": "string", "analyzer": "simple"}, | |
| "path": {"type": "ip"}, | |
| "user_agent": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "smtp_entities": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "trans_depth": {"type": "integer", "index": "not_analyzed"}, | |
| "filename": {"type": "string", "index": "not_analyzed"}, | |
| "content_len": {"type": "long", "index": "not_analyzed"}, | |
| "mime_type": {"type": "string", "analyzer": "simple"}, | |
| "md5": {"type": "string", "index": "not_analyzed"}, | |
| "calc_md5": {"type": "boolean", "index": "not_analyzed"}, | |
| "extract_file": {"type": "boolean", "index": "not_analyzed"}, | |
| "file": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "sip" : { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "trans_depth": {"type": "integer", "index": "not_analyzed"}, | |
| "method": {"type": "string", "index": "not_analyzed"}, | |
| "from": {"type": "string", "analyzer": "simple"}, | |
| "to": {"type": "string", "analyzer": "simple"}, | |
| "call_id": {"type": "string", "index": "not_analyzed"}, | |
| "seq": {"type": "string", "index": "not_analyzed"}, | |
| "path": {"type": "string", "analyzer": "simple"}, | |
| "user_agent": {"type": "string", "index": "not_analyzed"}, | |
| "request_body_len": {"type": "long", "index": "not_analyzed"}, | |
| "response_body_len": {"type": "long", "index": "not_analyzed"} | |
| }, | |
| "socks": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "version": {"type": "integer", "index": "not_analyzed"}, | |
| "user": {"type": "string", "index": "not_analyzed"}, | |
| "status": {"type": "string", "index": "not_analyzed"}, | |
| "request": {"type": "string", "index": "not_analyzed"}, | |
| "request_p": {"type": "integer", "index": "not_analyzed"}, | |
| "bound": {"type": "string", "index": "not_analyzed"}, | |
| "bound_p": {"type": "integer", "index": "not_analyzed"} | |
| } | |
| }, | |
| "software": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "host": {"type": "ip"}, | |
| "host_p": {"type": "integer", "index": "not_analyzed"}, | |
| "software_type": {"type": "string", "analyzer": "simple"}, | |
| "name": {"type": "string", "analyzer": "simple"}, | |
| "version": {"type": "string", "index": "not_analyzed"}, | |
| "version.major": {"type": "string", "index": "not_analyzed"}, | |
| "version.minor": {"type": "string", "index": "not_analyzed"}, | |
| "version.minor2": {"type": "string", "index": "not_analyzed"}, | |
| "unparsed_version": {"type": "string", "analyzer": "simple"}, | |
| "url": {"type": "string", "analyzer": "simple"} | |
| } | |
| }, | |
| "ssh": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "status": {"type": "string", "index": "not_analyzed"}, | |
| "direction": {"type": "string", "index": "not_analyzed"}, | |
| "client": {"type": "string", "analyzer": "simple"}, | |
| "server": {"type": "string", "analyzer": "simple"}, | |
| "resp_size": {"type": "long", "index": "not_analyzed"} | |
| } | |
| }, | |
| "ssl": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "version": {"type": "string", "index": "not_analyzed"}, | |
| "cipher": {"type": "string", "index": "not_analyzed"}, | |
| "server_name": {"type": "string", "index": "not_analyzed"}, | |
| "session_id": {"type": "string", "index": "not_analyzed"}, | |
| "subject": {"type": "string", "analyzer": "simple"}, | |
| "issuer_subject": {"type": "string", "analyzer": "simple"}, | |
| "not_valid_before": {"type": "date", "format": "basic_date_time"}, | |
| "not_valid_after": {"type": "date", "format": "basic_date_time"}, | |
| "cert_hash": {"type": "string", "index": "not_analyzed"}, | |
| "validation_status": {"type": "string", "index": "not_analyzed"} | |
| } | |
| }, | |
| "stats": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "peer": {"type": "string", "index": "not_analzyed"}, | |
| "mem": {"type": "long", "index": "not_analyzed"}, | |
| "pkts_proc": {"type": "long", "index": "not_analyzed"}, | |
| "events_proc": {"type": "long", "index": "not_analyzed"}, | |
| "events_queued": {"type": "long", "index": "not_analyzed"}, | |
| "lag": {"type": "float", "index": "not_analyzed"}, | |
| "pkts_recv": {"type": "long", "index": "not_analyzed"}, | |
| "pkts_dropped": {"type": "long", "index": "not_analyzed"}, | |
| "pkts_link": {"type": "long", "index": "not_analyzed"} | |
| } | |
| }, | |
| "syslog": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "proto": {"type": "string", "index": "not_analyzed"}, | |
| "facility": {"type": "string", "index": "not_analyzed"}, | |
| "severity": {"type": "string", "index": "not_analyzed"}, | |
| "message": {"type": "string", "analyzer": "simple"} | |
| } | |
| }, | |
| "tunnel": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "tunnel_type": {"type": "string", "analyzer": "simple"}, | |
| "action": {"type": "string", "analyzer": "simple"} | |
| } | |
| }, | |
| "weird": { | |
| "_timestamp": {"type": "date", "enabled": "true", "path": "ts"}, | |
| "properties": { | |
| "ts": {"type": "date", "format": "basic_date_time"}, | |
| "uid": {"type": "string", "index": "not_analyzed"}, | |
| "id.orig_h": {"type": "ip"}, | |
| "id.orig_p": {"type": "integer", "index": "not_analyzed"}, | |
| "id.resp_h": {"type": "ip"}, | |
| "id.resp_p": {"type": "integer", "index": "not_analyzed"}, | |
| "name": {"type": "string", "index": "not_analyzed"}, | |
| "addl": {"type": "string", "index": "not_analyzed"}, | |
| "notice": {"type": "boolean", "index": "not_analyzed"}, | |
| "peer": {"type": "string", "index": "not_analyzed"} | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment