| File | Type | Description |
|---|---|---|
| .app_proto | string | |
| .app_proto_expected | string | |
| .app_proto_orig | string | |
| .app_proto_tc | string | |
| .app_proto_ts | string | |
| .capture_file | string | |
| .community_id | string | |
| .dest_ip | string | |
| .dest_port | integer | |
| .event_type | string | |
| .flow_id | integer | |
| .icmp_code | integer | |
| .icmp_type | integer | |
| .log_level | string | |
| .packet | string | |
| .parent_id | integer | |
| .payload | string | |
| .payload_printable | string | |
| .pcap_cnt | integer | |
| .pcap_filename | string | |
| .pkt_src | string | |
| .proto | string | |
| .response_icmp_code | integer | |
| .response_icmp_type | integer | |
| .spi | integer | |
| .src_ip | string | |
| .src_port | integer | |
| .stream | integer | |
| .timestamp | string | |
| .direction | string | |
| .tx_id | integer | |
| .files | array | |
| .files.[].end | integer | |
| .files.[].filename | string | |
| .files.[].gaps | boolean | |
| .files.[].magic | string | |
| .files.[].md5 | string | |
| .files.[].sha1 | string | |
| .files.[].sha256 | string | |
| .files.[].size | integer | |
| .files.[].start | integer | |
| .files.[].state | string | |
| .files.[].stored | boolean | |
| .files.[].tx_id | integer | |
| .files.[].sid | array | |
| .files.[].sid.[] | integer | |
| .vlan | array | |
| .vlan.[] | number | |
| .alert | object | |
| .alert.action | string | |
| .alert.category | string | |
| .alert.gid | integer | |
| .alert.rev | integer | |
| .alert.rule | string | |
| .alert.severity | integer | |
| .alert.signature | string | |
| .alert.signature_id | integer | |
| .alert.xff | string | |
| .alert.metadata | object | |
| .alert.metadata.affected_product | array | |
| .alert.metadata.affected_product.[] | string | |
| .alert.metadata.attack_target | array | |
| .alert.metadata.attack_target.[] | string | |
| .alert.metadata.created_at | array | |
| .alert.metadata.created_at.[] | string | |
| .alert.metadata.deployment | array | |
| .alert.metadata.deployment.[] | string | |
| .alert.metadata.former_category | array | |
| .alert.metadata.former_category.[] | string | |
| .alert.metadata.malware_family | array | |
| .alert.metadata.malware_family.[] | string | |
| .alert.metadata.policy | array | |
| .alert.metadata.policy.[] | string | |
| .alert.metadata.signature_severity | array | |
| .alert.metadata.signature_severity.[] | string | |
| .alert.metadata.tag | array | |
| .alert.metadata.tag.[] | string | |
| .alert.metadata.updated_at | array | |
| .alert.metadata.updated_at.[] | string | |
| .alert.source | object | |
| .alert.source.ip | string | |
| .alert.target | object | |
| .alert.target.ip | string | |
| .anomaly | object | |
| .anomaly.app_proto | string | |
| .anomaly.event | string | |
| .anomaly.layer | string | |
| .anomaly.type | string | |
| .bittorrent_dht | object | |
| .bittorrent_dht.transaction_id | string | |
| .bittorrent_dht.client_version | string | |
| .bittorrent_dht.request_type | string | |
| .bittorrent_dht.request | object | |
| .bittorrent_dht.request.id | string | |
| .bittorrent_dht.request.target | string | |
| .bittorrent_dht.request.implied_port | integer | |
| .bittorrent_dht.request.info_hash | string | |
| .bittorrent_dht.request.port | integer | |
| .bittorrent_dht.request.token | string | |
| .bittorrent_dht.response | object | |
| .bittorrent_dht.response.id | string | |
| .bittorrent_dht.response.nodes | array | |
| .bittorrent_dht.response.nodes.[].object | object (undocumented) | |
| .bittorrent_dht.response.nodes6 | array | |
| .bittorrent_dht.response.nodes6.[].id | string | |
| .bittorrent_dht.response.nodes6.[].ip | string | |
| .bittorrent_dht.response.nodes6.[].port | number | |
| .bittorrent_dht.response.token | string | |
| .bittorrent_dht.response.values | array | |
| .bittorrent_dht.response.values.[].object | object (undocumented) | |
| .bittorrent_dht.error | object | |
| .bittorrent_dht.error.num | integer | |
| .bittorrent_dht.error.msg | string | |
| .dcerpc | object | |
| .dcerpc.activityuuid | string | |
| .dcerpc.call_id | integer | |
| .dcerpc.request | string | |
| .dcerpc.response | string | |
| .dcerpc.rpc_version | string | |
| .dcerpc.seqnum | integer | |
| .dcerpc.interfaces | array | |
| .dcerpc.interfaces.[].ack_result | integer | |
| .dcerpc.interfaces.[].uuid | string | |
| .dcerpc.interfaces.[].version | string | |
| .dcerpc.req | object | |
| .dcerpc.req.frag_cnt | integer | |
| .dcerpc.req.opnum | integer | |
| .dcerpc.req.stub_data_size | integer | |
| .dcerpc.res | object | |
| .dcerpc.res.frag_cnt | integer | |
| .dcerpc.res.stub_data_size | integer | |
| .dhcp | object | |
| .dhcp.assigned_ip | string | |
| .dhcp.client_id | string | |
| .dhcp.client_ip | string | |
| .dhcp.client_mac | string | |
| .dhcp.dhcp_type | string | |
| .dhcp.hostname | string | |
| .dhcp.id | integer | |
| .dhcp.lease_time | integer | |
| .dhcp.next_server_ip | string | |
| .dhcp.rebinding_time | integer | |
| .dhcp.relay_ip | string | |
| .dhcp.renewal_time | integer | |
| .dhcp.subnet_mask | string | |
| .dhcp.type | string | |
| .dhcp.dns_servers | array | |
| .dhcp.dns_servers.[] | string | |
| .dhcp.params | array | |
| .dhcp.params.[] | string | |
| .dhcp.routers | array | |
| .dhcp.routers.[] | string | |
| .dnp3 | object | |
| .dnp3.dst | integer | |
| .dnp3.src | integer | |
| .dnp3.type | string | |
| .dnp3.application | object | |
| .dnp3.application.complete | boolean | |
| .dnp3.application.function_code | integer | |
| .dnp3.application.objects | array | |
| .dnp3.application.objects.[].count | integer | |
| .dnp3.application.objects.[].group | integer | |
| .dnp3.application.objects.[].prefix_code | integer | |
| .dnp3.application.objects.[].qualifier | integer | |
| .dnp3.application.objects.[].range_code | integer | |
| .dnp3.application.objects.[].start | integer | |
| .dnp3.application.objects.[].stop | integer | |
| .dnp3.application.objects.[].variation | integer | |
| .dnp3.application.objects.[].points | array | |
| .dnp3.application.objects.[].points.[].object | object (undocumented) | |
| .dnp3.application.control | object | |
| .dnp3.application.control.con | boolean | |
| .dnp3.application.control.fin | boolean | |
| .dnp3.application.control.fir | boolean | |
| .dnp3.application.control.sequence | integer | |
| .dnp3.application.control.uns | boolean | |
| .dnp3.control | object | |
| .dnp3.control.dir | boolean | |
| .dnp3.control.fcb | boolean | |
| .dnp3.control.fcv | boolean | |
| .dnp3.control.function_code | integer | |
| .dnp3.control.pri | boolean | |
| .dnp3.iin | object | |
| .dnp3.iin.indicators | array | |
| .dnp3.iin.indicators.[] | string | |
| .dnp3.request | object | |
| .dnp3.request.dst | integer | |
| .dnp3.request.src | integer | |
| .dnp3.request.type | string | |
| .dnp3.request.application | object | |
| .dnp3.request.application.complete | boolean | |
| .dnp3.request.application.function_code | integer | |
| .dnp3.request.application.objects | array | |
| .dnp3.request.application.objects.[].count | integer | |
| .dnp3.request.application.objects.[].group | integer | |
| .dnp3.request.application.objects.[].prefix_code | integer | |
| .dnp3.request.application.objects.[].qualifier | integer | |
| .dnp3.request.application.objects.[].range_code | integer | |
| .dnp3.request.application.objects.[].start | integer | |
| .dnp3.request.application.objects.[].stop | integer | |
| .dnp3.request.application.objects.[].variation | integer | |
| .dnp3.request.application.objects.[].points | array | |
| .dnp3.request.application.objects.[].points.[].object | object (undocumented) | |
| .dnp3.request.application.control | object | |
| .dnp3.request.application.control.con | boolean | |
| .dnp3.request.application.control.fin | boolean | |
| .dnp3.request.application.control.fir | boolean | |
| .dnp3.request.application.control.sequence | integer | |
| .dnp3.request.application.control.uns | boolean | |
| .dnp3.request.control | object | |
| .dnp3.request.control.dir | boolean | |
| .dnp3.request.control.fcb | boolean | |
| .dnp3.request.control.fcv | boolean | |
| .dnp3.request.control.function_code | integer | |
| .dnp3.request.control.pri | boolean | |
| .dnp3.response | object | |
| .dnp3.response.dst | integer | |
| .dnp3.response.src | integer | |
| .dnp3.response.type | string | |
| .dnp3.response.application | object | |
| .dnp3.response.application.complete | boolean | |
| .dnp3.response.application.function_code | integer | |
| .dnp3.response.application.objects | array | |
| .dnp3.response.application.objects.[].count | integer | |
| .dnp3.response.application.objects.[].group | integer | |
| .dnp3.response.application.objects.[].prefix_code | integer | |
| .dnp3.response.application.objects.[].qualifier | integer | |
| .dnp3.response.application.objects.[].range_code | integer | |
| .dnp3.response.application.objects.[].start | integer | |
| .dnp3.response.application.objects.[].stop | integer | |
| .dnp3.response.application.objects.[].variation | integer | |
| .dnp3.response.application.objects.[].points | array | |
| .dnp3.response.application.objects.[].points.[].object | object (undocumented) | |
| .dnp3.response.application.control | object | |
| .dnp3.response.application.control.con | boolean | |
| .dnp3.response.application.control.fin | boolean | |
| .dnp3.response.application.control.fir | boolean | |
| .dnp3.response.application.control.sequence | integer | |
| .dnp3.response.application.control.uns | boolean | |
| .dnp3.response.control | object | |
| .dnp3.response.control.dir | boolean | |
| .dnp3.response.control.fcb | boolean | |
| .dnp3.response.control.fcv | boolean | |
| .dnp3.response.control.function_code | integer | |
| .dnp3.response.control.pri | boolean | |
| .dnp3.response.iin | object | |
| .dnp3.response.iin.indicators | array | |
| .dnp3.response.iin.indicators.[] | string | |
| .dns | object | |
| .dns.aa | boolean | |
| .dns.flags | string | |
| .dns.id | integer | |
| .dns.qr | boolean | |
| .dns.ra | boolean | |
| .dns.rcode | string | |
| .dns.rd | boolean | |
| .dns.rrname | string | |
| .dns.rrtype | string | |
| .dns.tx_id | integer | |
| .dns.type | string | |
| .dns.version | integer | |
| .dns.opcode | integer | -> DNS opcode as an integer |
| .dns.answers | array | |
| .dns.answers.[].rdata | string | |
| .dns.answers.[].rrname | string | |
| .dns.answers.[].rrtype | string | |
| .dns.answers.[].ttl | integer | |
| .dns.answers.[].srv | object | |
| .dns.answers.[].srv.name | string | |
| .dns.answers.[].srv.port | integer | |
| .dns.answers.[].srv.priority | integer | |
| .dns.answers.[].srv.weight | integer | |
| .dns.authorities | array | |
| .dns.authorities.[].rdata | string | |
| .dns.authorities.[].rrname | string | |
| .dns.authorities.[].rrtype | string | |
| .dns.authorities.[].ttl | integer | |
| .dns.authorities.[].soa | object | |
| .dns.authorities.[].soa.expire | integer | |
| .dns.authorities.[].soa.minimum | integer | |
| .dns.authorities.[].soa.mname | string | |
| .dns.authorities.[].soa.refresh | integer | |
| .dns.authorities.[].soa.retry | integer | |
| .dns.authorities.[].soa.rname | string | |
| .dns.authorities.[].soa.serial | integer | |
| .dns.query | array | |
| .dns.query.[].id | integer | |
| .dns.query.[].rrname | string | |
| .dns.query.[].rrtype | string | |
| .dns.query.[].tx_id | integer | |
| .dns.query.[].type | string | |
| .dns.query.[].z | boolean | |
| .dns.query.[].opcode | integer | -> DNS opcode as an integer |
| .dns.answer | object | |
| .dns.answer.flags | string | |
| .dns.answer.id | integer | |
| .dns.answer.qr | boolean | |
| .dns.answer.ra | boolean | |
| .dns.answer.rcode | string | |
| .dns.answer.rd | boolean | |
| .dns.answer.rrname | string | |
| .dns.answer.rrtype | string | |
| .dns.answer.type | string | |
| .dns.answer.version | integer | |
| .dns.answer.opcode | integer | -> DNS opcode as an integer |
| .dns.grouped | object | |
| .dns.grouped.A | array | |
| .dns.grouped.A.[] | string | |
| .dns.grouped.AAAA | array | |
| .dns.grouped.AAAA.[] | string | |
| .dns.grouped.CNAME | array | |
| .dns.grouped.CNAME.[] | string | |
| .dns.grouped.MX | array | |
| .dns.grouped.MX.[] | string | |
| .dns.grouped.NULL | array | |
| .dns.grouped.NULL.[] | string | |
| .dns.grouped.PTR | array | |
| .dns.grouped.PTR.[] | string | |
| .dns.grouped.SRV | array | |
| .dns.grouped.SRV.[].name | string | |
| .dns.grouped.SRV.[].port | integer | |
| .dns.grouped.SRV.[].priority | integer | |
| .dns.grouped.SRV.[].weight | integer | |
| .dns.grouped.TXT | array | |
| .dns.grouped.TXT.[] | string | |
| .dns.z | boolean | |
| .drop | object | |
| .drop.ack | boolean | |
| .drop.fin | boolean | |
| .drop.flowlbl | integer | |
| .drop.hoplimit | integer | |
| .drop.tc | integer | |
| .drop.icmp_id | integer | |
| .drop.icmp_seq | integer | |
| .drop.ipid | integer | |
| .drop.len | integer | |
| .drop.psh | boolean | |
| .drop.rst | boolean | |
| .drop.syn | boolean | |
| .drop.tcpack | integer | |
| .drop.tcpres | integer | |
| .drop.tcpseq | integer | |
| .drop.tcpurgp | integer | |
| .drop.tcpwin | integer | |
| .drop.tos | integer | |
| .drop.ttl | integer | |
| .drop.udplen | integer | |
| .drop.urg | boolean | |
| .drop.reason | string | |
| object | ||
| .email.body_md5 | string | |
| .email.date | string | |
| .email.from | string | |
| .email.status | string | |
| .email.subject | string | |
| .email.subject_md5 | string | |
| .email.x_mailer | string | |
| .email.url | array | |
| .email.url.[] | string | |
| .email.attachment | array | |
| .email.attachment.[] | string | |
| .email.to | array | |
| .email.to.[] | string | |
| .email.has_ipv6_url | boolean | |
| .email.has_ipv4_url | boolean | |
| .email.has_exe_url | boolean | |
| .engine | object | |
| .engine.error | string | |
| .engine.error_code | integer | |
| .engine.message | string | |
| .ether | object | |
| .ether.dest_mac | string | |
| .ether.src_mac | string | |
| .ether.dest_macs | array | |
| .ether.dest_macs.[] | string | |
| .ether.src_macs | array | |
| .ether.src_macs.[] | string | |
| .fileinfo | object | |
| .fileinfo.end | integer | |
| .fileinfo.file_id | integer | |
| .fileinfo.filename | string | |
| .fileinfo.gaps | boolean | |
| .fileinfo.magic | string | |
| .fileinfo.md5 | string | |
| .fileinfo.sha1 | string | |
| .fileinfo.sha256 | string | |
| .fileinfo.size | integer | |
| .fileinfo.start | integer | |
| .fileinfo.state | string | |
| .fileinfo.stored | boolean | |
| .fileinfo.tx_id | integer | |
| .fileinfo.sid | array | |
| .fileinfo.sid.[] | integer | |
| .flow | object | |
| .flow.action | string | |
| .flow.age | integer | |
| .flow.alerted | boolean | |
| .flow.bypass | string | |
| .flow.bypassed | object | |
| .flow.bypassed.pkts_toserver | integer | |
| .flow.bypassed.pkts_toclient | integer | |
| .flow.bypassed.bytes_toserver | integer | |
| .flow.bypassed.bytes_toclient | integer | |
| .flow.bytes_toclient | integer | |
| .flow.bytes_toserver | integer | |
| .flow.dest_ip | string | |
| .flow.dest_port | integer | |
| .flow.end | string | |
| .flow.pkts_toclient | integer | |
| .flow.pkts_toserver | integer | |
| .flow.reason | string | |
| .flow.src_ip | string | |
| .flow.src_port | integer | |
| .flow.start | string | |
| .flow.state | string | |
| .frame | object | |
| .frame.type | string | |
| .frame.id | integer | |
| .frame.direction | string | |
| .frame.stream_offset | integer | |
| .frame.length | integer | |
| .frame.complete | boolean | |
| .frame.payload | string | |
| .frame.payload_printable | string | |
| .frame.tx_id | integer | |
| .ftp | object | |
| .ftp.command | string | |
| .ftp.command_data | string | |
| .ftp.command_truncated | boolean | |
| .ftp.dynamic_port | integer | |
| .ftp.mode | string | |
| .ftp.reply_received | string | |
| .ftp.reply_truncated | boolean | |
| .ftp.completion_code | array | |
| .ftp.completion_code.[] | string | |
| .ftp.reply | array | |
| .ftp.reply.[] | string | |
| .ftp_data | object | |
| .ftp_data.command | string | |
| .ftp_data.filename | string | |
| .http | object | |
| .http.hostname | string | |
| .http.http_content_type | string | |
| .http.http_method | string | |
| .http.http_port | integer | |
| .http.http_refer | string | |
| .http.http_response_body | string | |
| .http.http_response_body_printable | string | |
| .http.http_user_agent | string | |
| .http.length | integer | |
| .http.org_src_ip | string | |
| .http.protocol | string | |
| .http.redirect | string | |
| .http.status | integer | |
| .http.true_client_ip | string | |
| .http.url | string | |
| .http.version | string | |
| .http.x_bluecoat_via | string | |
| .http.xff | string | |
| .http.request_headers | array | |
| .http.request_headers.[].name | string | |
| .http.request_headers.[].table_size_update | integer | |
| .http.request_headers.[].value | string | |
| .http.response_headers | array | |
| .http.response_headers.[].name | string | |
| .http.response_headers.[].table_size_update | integer | |
| .http.response_headers.[].value | string | |
| .http.content_range | object | |
| .http.content_range.end | integer | |
| .http.content_range.raw | string | |
| .http.content_range.size | integer | |
| .http.content_range.start | integer | |
| .http.http2 | object | |
| .http.http2.stream_id | integer | |
| .http.http2.request | object | |
| .http.http2.request.error_code | string | |
| .http.http2.request.priority | integer | |
| .http.http2.request.settings | array | |
| .http.http2.request.settings.[].settings_id | string | |
| .http.http2.request.settings.[].settings_value | integer | |
| .http.http2.response | object | |
| .http.http2.response.error_code | string | |
| .http.http2.response.settings | array | |
| .http.http2.response.settings.[].settings_id | string | |
| .http.http2.response.settings.[].settings_value | integer | |
| .http2 | object | |
| .http2.http_method | string | |
| .http2.http_user_agent | string | |
| .http2.length | integer | |
| .http2.status | integer | |
| .http2.url | string | |
| .http2.version | string | |
| .http2.request_headers | array | |
| .http2.request_headers.[].name | string | |
| .http2.request_headers.[].table_size_update | integer | |
| .http2.request_headers.[].value | string | |
| .http2.response_headers | array | |
| .http2.response_headers.[].name | string | |
| .http2.response_headers.[].table_size_update | integer | |
| .http2.response_headers.[].value | string | |
| .http2.http2 | object | |
| .http2.http2.stream_id | integer | |
| .http2.http2.request | object | |
| .http2.http2.request.priority | integer | |
| .http2.http2.response | object | |
| .http2.http2.response.error_code | string | |
| .ike | object | |
| .ike.alg_auth | string | |
| .ike.alg_auth_raw | integer | |
| .ike.alg_dh | string | |
| .ike.alg_dh_raw | integer | |
| .ike.alg_enc | string | |
| .ike.alg_enc_raw | integer | |
| .ike.alg_hash | string | |
| .ike.alg_hash_raw | integer | |
| .ike.exchange_type | integer | |
| .ike.exchange_type_verbose | string | |
| .ike.init_spi | string | |
| .ike.message_id | integer | |
| .ike.resp_spi | string | |
| .ike.role | string | |
| .ike.sa_key_length | string | |
| .ike.sa_key_length_raw | integer | |
| .ike.sa_life_duration | string | |
| .ike.sa_life_duration_raw | integer | |
| .ike.sa_life_type | string | |
| .ike.sa_life_type_raw | integer | |
| .ike.version_major | integer | |
| .ike.version_minor | integer | |
| .ike.payload | array | |
| .ike.payload.[] | string | |
| .ike.ikev1 | object | |
| .ike.ikev1.doi | integer | |
| .ike.ikev1.encrypted_payloads | boolean | |
| .ike.ikev1.vendor_ids | array | |
| .ike.ikev1.vendor_ids.[] | string | |
| .ike.ikev1.client | object | |
| .ike.ikev1.client.key_exchange_payload | string | |
| .ike.ikev1.client.key_exchange_payload_length | integer | |
| .ike.ikev1.client.nonce_payload | string | |
| .ike.ikev1.client.nonce_payload_length | integer | |
| .ike.ikev1.client.proposals | array | |
| .ike.ikev1.client.proposals.[].alg_auth | string | |
| .ike.ikev1.client.proposals.[].alg_auth_raw | integer | |
| .ike.ikev1.client.proposals.[].alg_dh | string | |
| .ike.ikev1.client.proposals.[].alg_dh_raw | integer | |
| .ike.ikev1.client.proposals.[].alg_enc | string | |
| .ike.ikev1.client.proposals.[].alg_enc_raw | integer | |
| .ike.ikev1.client.proposals.[].alg_hash | string | |
| .ike.ikev1.client.proposals.[].alg_hash_raw | integer | |
| .ike.ikev1.client.proposals.[].sa_key_length | string | |
| .ike.ikev1.client.proposals.[].sa_key_length_raw | integer | |
| .ike.ikev1.client.proposals.[].sa_life_duration | string | |
| .ike.ikev1.client.proposals.[].sa_life_duration_raw | integer | |
| .ike.ikev1.client.proposals.[].sa_life_type | string | |
| .ike.ikev1.client.proposals.[].sa_life_type_raw | integer | |
| .ike.ikev1.server | object | |
| .ike.ikev1.server.key_exchange_payload | string | |
| .ike.ikev1.server.key_exchange_payload_length | integer | |
| .ike.ikev1.server.nonce_payload | string | |
| .ike.ikev1.server.nonce_payload_length | integer | |
| .ike.ikev2 | object | |
| .ike.ikev2.errors | integer | |
| .ike.ikev2.notify | array (untyped) | |
| .krb5 | object | |
| .krb5.cname | string | |
| .krb5.encryption | string | |
| .krb5.error_code | string | |
| .krb5.failed_request | string | |
| .krb5.msg_type | string | |
| .krb5.realm | string | |
| .krb5.sname | string | |
| .krb5.ticket_encryption | string | |
| .krb5.ticket_weak_encryption | boolean | |
| .krb5.weak_encryption | boolean | |
| .metadata | object | |
| .metadata.flowbits | array | |
| .metadata.flowbits.[] | string | |
| .metadata.flowvars | array | |
| .metadata.flowvars.[].gid | string | |
| .metadata.flowvars.[].key | string | |
| .metadata.flowvars.[].value | string | |
| .metadata.pktvars | array | |
| .metadata.pktvars.[].uid | string | |
| .metadata.pktvars.[].username | string | |
| .metadata.flowints | object | |
| .metadata.flowints.object | object (undocumented) | |
| .modbus | object | |
| .modbus.id | integer | |
| .modbus.request | object | |
| .modbus.request.access_type | string | |
| .modbus.request.category | string | |
| .modbus.request.data | string | |
| .modbus.request.error_flags | string | |
| .modbus.request.function_code | string | |
| .modbus.request.function_raw | integer | |
| .modbus.request.protocol_id | integer | |
| .modbus.request.transaction_id | integer | |
| .modbus.request.unit_id | integer | |
| .modbus.request.diagnostic | object | |
| .modbus.request.diagnostic.code | string | |
| .modbus.request.diagnostic.data | string | |
| .modbus.request.diagnostic.raw | integer | |
| .modbus.request.mei | object | |
| .modbus.request.mei.code | string | |
| .modbus.request.mei.data | string | |
| .modbus.request.mei.raw | integer | |
| .modbus.request.read | object | |
| .modbus.request.read.address | integer | |
| .modbus.request.read.quantity | integer | |
| .modbus.request.write | object | |
| .modbus.request.write.address | integer | |
| .modbus.request.write.data | integer | |
| .modbus.response | object | |
| .modbus.response.access_type | string | |
| .modbus.response.category | string | |
| .modbus.response.data | string | |
| .modbus.response.error_flags | string | |
| .modbus.response.function_code | string | |
| .modbus.response.function_raw | integer | |
| .modbus.response.protocol_id | integer | |
| .modbus.response.transaction_id | integer | |
| .modbus.response.unit_id | integer | |
| .modbus.response.diagnostic | object | |
| .modbus.response.diagnostic.code | string | |
| .modbus.response.diagnostic.data | string | |
| .modbus.response.diagnostic.raw | integer | |
| .modbus.response.exception | object | |
| .modbus.response.exception.code | string | |
| .modbus.response.exception.raw | integer | |
| .modbus.response.read | object | |
| .modbus.response.read.data | string | |
| .modbus.response.write | object | |
| .modbus.response.write.address | integer | |
| .modbus.response.write.data | integer | |
| .mqtt | object | |
| .mqtt.connack | object | |
| .mqtt.connack.dup | boolean | |
| .mqtt.connack.qos | integer | |
| .mqtt.connack.retain | boolean | |
| .mqtt.connack.return_code | integer | |
| .mqtt.connack.session_present | boolean | |
| .mqtt.connack.properties | object | |
| .mqtt.connack.properties.object | object (undocumented) | |
| .mqtt.connect | object | |
| .mqtt.connect.client_id | string | |
| .mqtt.connect.dup | boolean | |
| .mqtt.connect.password | string | |
| .mqtt.connect.protocol_string | string | |
| .mqtt.connect.protocol_version | integer | |
| .mqtt.connect.qos | integer | |
| .mqtt.connect.retain | boolean | |
| .mqtt.connect.username | string | |
| .mqtt.connect.flags | object | |
| .mqtt.connect.flags.clean_session | boolean | |
| .mqtt.connect.flags.password | boolean | |
| .mqtt.connect.flags.username | boolean | |
| .mqtt.connect.flags.will | boolean | |
| .mqtt.connect.flags.will_retain | boolean | |
| .mqtt.connect.properties | object | |
| .mqtt.connect.properties.object | object (undocumented) | |
| .mqtt.connect.will | object | |
| .mqtt.connect.will.message | string | |
| .mqtt.connect.will.topic | string | |
| .mqtt.connect.will.properties | object | |
| .mqtt.connect.will.properties.object | object (undocumented) | |
| .mqtt.disconnect | object | |
| .mqtt.disconnect.dup | boolean | |
| .mqtt.disconnect.qos | integer | |
| .mqtt.disconnect.reason_code | integer | |
| .mqtt.disconnect.retain | boolean | |
| .mqtt.disconnect.properties | object | |
| .mqtt.disconnect.properties.object | object (undocumented) | |
| .mqtt.pingreq | object | |
| .mqtt.pingreq.dup | boolean | |
| .mqtt.pingreq.qos | integer | |
| .mqtt.pingreq.retain | boolean | |
| .mqtt.pingresp | object | |
| .mqtt.pingresp.dup | boolean | |
| .mqtt.pingresp.qos | integer | |
| .mqtt.pingresp.retain | boolean | |
| .mqtt.puback | object | |
| .mqtt.puback.dup | boolean | |
| .mqtt.puback.message_id | integer | |
| .mqtt.puback.qos | integer | |
| .mqtt.puback.reason_code | integer | |
| .mqtt.puback.retain | boolean | |
| .mqtt.pubcomp | object | |
| .mqtt.pubcomp.dup | boolean | |
| .mqtt.pubcomp.message_id | integer | |
| .mqtt.pubcomp.qos | integer | |
| .mqtt.pubcomp.reason_code | integer | |
| .mqtt.pubcomp.retain | boolean | |
| .mqtt.publish | object | |
| .mqtt.publish.dup | boolean | |
| .mqtt.publish.message | string | |
| .mqtt.publish.message_id | integer | |
| .mqtt.publish.qos | integer | |
| .mqtt.publish.retain | boolean | |
| .mqtt.publish.skipped_length | integer | |
| .mqtt.publish.topic | string | |
| .mqtt.publish.truncated | boolean | |
| .mqtt.publish.properties | object | |
| .mqtt.publish.properties.object | object (undocumented) | |
| .mqtt.pubrec | object | |
| .mqtt.pubrec.dup | boolean | |
| .mqtt.pubrec.message_id | integer | |
| .mqtt.pubrec.qos | integer | |
| .mqtt.pubrec.reason_code | integer | |
| .mqtt.pubrec.retain | boolean | |
| .mqtt.pubrel | object | |
| .mqtt.pubrel.dup | boolean | |
| .mqtt.pubrel.message_id | integer | |
| .mqtt.pubrel.qos | integer | |
| .mqtt.pubrel.reason_code | integer | |
| .mqtt.pubrel.retain | boolean | |
| .mqtt.suback | object | |
| .mqtt.suback.dup | boolean | |
| .mqtt.suback.message_id | integer | |
| .mqtt.suback.qos | integer | |
| .mqtt.suback.retain | boolean | |
| .mqtt.suback.qos_granted | array | |
| .mqtt.suback.qos_granted.[] | integer | |
| .mqtt.subscribe | object | |
| .mqtt.subscribe.dup | boolean | |
| .mqtt.subscribe.message_id | integer | |
| .mqtt.subscribe.qos | integer | |
| .mqtt.subscribe.retain | boolean | |
| .mqtt.subscribe.topics | array | |
| .mqtt.subscribe.topics.[].qos | integer | |
| .mqtt.subscribe.topics.[].topic | string | |
| .mqtt.unsuback | object | |
| .mqtt.unsuback.dup | boolean | |
| .mqtt.unsuback.message_id | integer | |
| .mqtt.unsuback.qos | integer | |
| .mqtt.unsuback.retain | boolean | |
| .mqtt.unsuback.reason_codes | array | |
| .mqtt.unsuback.reason_codes.[] | integer | |
| .mqtt.unsubscribe | object | |
| .mqtt.unsubscribe.dup | boolean | |
| .mqtt.unsubscribe.message_id | integer | |
| .mqtt.unsubscribe.qos | integer | |
| .mqtt.unsubscribe.retain | boolean | |
| .mqtt.unsubscribe.topics | array | |
| .mqtt.unsubscribe.topics.[] | string | |
| .netflow | object | |
| .netflow.age | integer | |
| .netflow.bytes | integer | |
| .netflow.end | string | |
| .netflow.max_ttl | integer | |
| .netflow.min_ttl | integer | |
| .netflow.pkts | integer | |
| .netflow.start | string | |
| .nfs | object | |
| .nfs.file_tx | boolean | |
| .nfs.filename | string | |
| .nfs.hhash | string | |
| .nfs.id | integer | |
| .nfs.procedure | string | |
| .nfs.status | string | |
| .nfs.type | string | |
| .nfs.version | integer | |
| .nfs.read | object | |
| .nfs.read.chunks | integer | |
| .nfs.read.first | boolean | |
| .nfs.read.last | boolean | |
| .nfs.read.last_xid | integer | |
| .nfs.rename | object | |
| .nfs.rename.from | string | |
| .nfs.rename.to | string | |
| .nfs.write | object | |
| .nfs.write.chunks | integer | |
| .nfs.write.first | boolean | |
| .nfs.write.last | boolean | |
| .nfs.write.last_xid | integer | |
| .packet_info | object | |
| .packet_info.linktype | integer | |
| .pgsql | object | |
| .pgsql.request | object | |
| .pgsql.request.message | string | |
| .pgsql.request.password | string | |
| .pgsql.request.password_message | string | |
| .pgsql.request.protocol_version | string | |
| .pgsql.request.sasl_authentication_mechanism | string | |
| .pgsql.request.sasl_param | string | |
| .pgsql.request.sasl_response | string | |
| .pgsql.request.simple_query | string | |
| .pgsql.request.startup_parameters | object | |
| .pgsql.request.startup_parameters.optional_parameters | array | |
| .pgsql.request.startup_parameters.optional_parameters.[].application_name | string | |
| .pgsql.request.startup_parameters.optional_parameters.[].client_encoding | string | |
| .pgsql.request.startup_parameters.optional_parameters.[].database | string | |
| .pgsql.request.startup_parameters.optional_parameters.[].datestyle | string | |
| .pgsql.request.startup_parameters.optional_parameters.[].extra_float_digits | string | |
| .pgsql.request.startup_parameters.optional_parameters.[].options | string | |
| .pgsql.request.startup_parameters.optional_parameters.[].replication | string | |
| .pgsql.request.startup_parameters.user | string | |
| .pgsql.response | object | |
| .pgsql.response.authentication_md5_password | string | |
| .pgsql.response.authentication_sasl_final | string | |
| .pgsql.response.code | string | |
| .pgsql.response.command_completed | string | |
| .pgsql.response.data_rows | integer | |
| .pgsql.response.data_size | integer | |
| .pgsql.response.field_count | integer | |
| .pgsql.response.file | string | |
| .pgsql.response.line | string | |
| .pgsql.response.message | string | |
| .pgsql.response.parameter_status | array | |
| .pgsql.response.parameter_status.[].application_name | string | |
| .pgsql.response.parameter_status.[].client_encoding | string | |
| .pgsql.response.parameter_status.[].date_style | string | |
| .pgsql.response.parameter_status.[].integer_datetimes | string | |
| .pgsql.response.parameter_status.[].interval_style | string | |
| .pgsql.response.parameter_status.[].is_superuser | string | |
| .pgsql.response.parameter_status.[].server_encoding | string | |
| .pgsql.response.parameter_status.[].server_version | string | |
| .pgsql.response.parameter_status.[].session_authorization | string | |
| .pgsql.response.parameter_status.[].standard_conforming_strings | string | |
| .pgsql.response.parameter_status.[].time_zone | string | |
| .pgsql.response.process_id | integer | |
| .pgsql.response.routine | string | |
| .pgsql.response.secret_key | integer | |
| .pgsql.response.severity_localizable | string | |
| .pgsql.response.severity_non_localizable | string | |
| .pgsql.response.ssl_accepted | boolean | |
| .pgsql.tx_id | integer | |
| .quic | object | |
| .quic.cyu | array | |
| .quic.cyu.[].hash | string | |
| .quic.cyu.[].string | string | |
| .quic.extensions | array | |
| .quic.extensions.[].name | string | |
| .quic.extensions.[].type | integer | |
| .quic.extensions.[].values | array | |
| .quic.extensions.[].values.[] | string | |
| .quic.ja3 | object | |
| .quic.ja3.hash | string | |
| .quic.ja3.string | string | |
| .quic.ja3s | object | |
| .quic.ja3s.hash | string | |
| .quic.ja3s.string | string | |
| .quic.sni | string | |
| .quic.ua | string | |
| .quic.version | string | |
| .rdp | object | |
| .rdp.cookie | string | |
| .rdp.event_type | string | |
| .rdp.tx_id | integer | |
| .rdp.channels | array | |
| .rdp.channels.[] | string | |
| .rdp.client | object | |
| .rdp.client.build | string | |
| .rdp.client.client_name | string | |
| .rdp.client.color_depth | integer | |
| .rdp.client.desktop_height | integer | |
| .rdp.client.desktop_width | integer | |
| .rdp.client.function_keys | integer | |
| .rdp.client.id | string | |
| .rdp.client.keyboard_layout | string | |
| .rdp.client.keyboard_type | string | |
| .rdp.client.product_id | integer | |
| .rdp.client.version | string | |
| .rdp.client.capabilities | array | |
| .rdp.client.capabilities.[] | string | |
| .rfb | object | |
| .rfb.screen_shared | boolean | |
| .rfb.authentication | object | |
| .rfb.authentication.security_result | string | |
| .rfb.authentication.security_type | integer | |
| .rfb.authentication.vnc | object | |
| .rfb.authentication.vnc.challenge | string | |
| .rfb.authentication.vnc.response | string | |
| .rfb.client_protocol_version | object | |
| .rfb.client_protocol_version.major | string | |
| .rfb.client_protocol_version.minor | string | |
| .rfb.framebuffer | object | |
| .rfb.framebuffer.height | integer | |
| .rfb.framebuffer.name | string | |
| .rfb.framebuffer.width | integer | |
| .rfb.framebuffer.pixel_format | object | |
| .rfb.framebuffer.pixel_format.big_endian | boolean | |
| .rfb.framebuffer.pixel_format.bits_per_pixel | integer | |
| .rfb.framebuffer.pixel_format.blue_max | integer | |
| .rfb.framebuffer.pixel_format.blue_shift | integer | |
| .rfb.framebuffer.pixel_format.depth | integer | |
| .rfb.framebuffer.pixel_format.green_max | integer | |
| .rfb.framebuffer.pixel_format.green_shift | integer | |
| .rfb.framebuffer.pixel_format.red_max | integer | |
| .rfb.framebuffer.pixel_format.red_shift | integer | |
| .rfb.framebuffer.pixel_format.true_color | boolean | |
| .rfb.server_protocol_version | object | |
| .rfb.server_protocol_version.major | string | |
| .rfb.server_protocol_version.minor | string | |
| .rpc | object | |
| .rpc.auth_type | string | |
| .rpc.status | string | |
| .rpc.xid | integer | |
| .rpc.creds | object | |
| .rpc.creds.gid | integer | |
| .rpc.creds.machine_name | string | |
| .rpc.creds.uid | integer | |
| .sip | object | |
| .sip.code | string | |
| .sip.method | string | |
| .sip.reason | string | |
| .sip.request_line | string | |
| .sip.response_line | string | |
| .sip.uri | string | |
| .sip.version | string | |
| .smb | object | |
| .smb.access | string | |
| .smb.accessed | integer | |
| .smb.changed | integer | |
| .smb.client_guid | string | |
| .smb.command | string | |
| .smb.created | integer | |
| .smb.dialect | string | |
| .smb.directory | string | |
| .smb.disposition | string | |
| .smb.filename | string | |
| .smb.fuid | string | |
| .smb.function | string | |
| .smb.id | integer | |
| .smb.level_of_interest | string | |
| .smb.max_read_size | integer | |
| .smb.max_write_size | integer | |
| .smb.modified | integer | |
| .smb.named_pipe | string | |
| .smb.rename | object | |
| .smb.rename.from | string | |
| .smb.rename.to | string | |
| .smb.request_done | boolean | |
| .smb.response_done | boolean | |
| .smb.server_guid | string | |
| .smb.session_id | integer | |
| .smb.set_info | object | |
| .smb.set_info.class | string | |
| .smb.set_info.info_level | string | |
| .smb.share | string | |
| .smb.share_type | string | |
| .smb.size | integer | |
| .smb.subcmd | string | |
| .smb.status | string | |
| .smb.status_code | string | |
| .smb.tree_id | integer | |
| .smb.client_dialects | array | |
| .smb.client_dialects.[] | string | |
| .smb.dcerpc | object | |
| .smb.dcerpc.call_id | integer | |
| .smb.dcerpc.opnum | integer | |
| .smb.dcerpc.request | string | |
| .smb.dcerpc.response | string | |
| .smb.dcerpc.interface | object | |
| .smb.dcerpc.interface.uuid | string | |
| .smb.dcerpc.interface.version | string | |
| .smb.dcerpc.interfaces | array | |
| .smb.dcerpc.interfaces.[].ack_reason | integer | |
| .smb.dcerpc.interfaces.[].ack_result | integer | |
| .smb.dcerpc.interfaces.[].uuid | string | |
| .smb.dcerpc.interfaces.[].version | string | |
| .smb.dcerpc.req | object | |
| .smb.dcerpc.req.frag_cnt | integer | |
| .smb.dcerpc.req.stub_data_size | integer | |
| .smb.dcerpc.res | object | |
| .smb.dcerpc.res.frag_cnt | integer | |
| .smb.dcerpc.res.stub_data_size | integer | |
| .smb.kerberos | object | |
| .smb.kerberos.realm | string | |
| .smb.kerberos.snames | array | |
| .smb.kerberos.snames.[] | string | |
| .smb.ntlmssp | object | |
| .smb.ntlmssp.domain | string | |
| .smb.ntlmssp.host | string | |
| .smb.ntlmssp.user | string | |
| .smb.request | object | |
| .smb.request.native_lm | string | |
| .smb.request.native_os | string | |
| .smb.response | object | |
| .smb.response.native_lm | string | |
| .smb.response.native_os | string | |
| .smb.service | object | |
| .smb.service.request | string | |
| .smb.service.response | string | |
| .smtp | object | |
| .smtp.helo | string | |
| .smtp.mail_from | string | |
| .smtp.rcpt_to | array | |
| .smtp.rcpt_to.[] | string | |
| .snmp | object | |
| .snmp.community | string | |
| .snmp.pdu_type | string | |
| .snmp.usm | string | |
| .snmp.version | integer | |
| .snmp.vars | array | |
| .snmp.vars.[] | string | |
| .ssh | object | |
| .ssh.client | object | |
| .ssh.client.proto_version | string | |
| .ssh.client.software_version | string | |
| .ssh.client.hassh | object | |
| .ssh.client.hassh.hash | string | |
| .ssh.client.hassh.string | string | |
| .ssh.server | object | |
| .ssh.server.proto_version | string | |
| .ssh.server.software_version | string | |
| .ssh.server.hassh | object | |
| .ssh.server.hassh.hash | string | |
| .ssh.server.hassh.string | string | |
| .stats | object | |
| .stats.uptime | integer | |
| .stats.app_layer | object | |
| .stats.app_layer.expectations | integer | |
| .stats.app_layer.error | object | |
| .stats.app_layer.error.bittorrent-dht | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.dcerpc_tcp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.dcerpc_udp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.dhcp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.dnp3 | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.dns_tcp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.dns_udp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.enip_tcp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.enip_udp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.failed_tcp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.ftp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.ftp-data | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.http | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.http2 | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.ike | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.imap | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.krb5_tcp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.krb5_udp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.mqtt | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.nfs_tcp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.nfs_udp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.ntp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.pgsql | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.quic | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.rdp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.rfb | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.sip | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.smb | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.smtp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.snmp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.ssh | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.telnet | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.tftp | #/$defs/stats_applayer_error | |
| .stats.app_layer.error.tls | #/$defs/stats_applayer_error | |
| .stats.app_layer.flow | object | |
| .stats.app_layer.flow.bittorrent-dht | integer | |
| .stats.app_layer.flow.dcerpc_tcp | integer | |
| .stats.app_layer.flow.dcerpc_udp | integer | |
| .stats.app_layer.flow.dhcp | integer | |
| .stats.app_layer.flow.dnp3 | integer | |
| .stats.app_layer.flow.dns_tcp | integer | |
| .stats.app_layer.flow.dns_udp | integer | |
| .stats.app_layer.flow.enip_tcp | integer | |
| .stats.app_layer.flow.enip_udp | integer | |
| .stats.app_layer.flow.failed_tcp | integer | |
| .stats.app_layer.flow.failed_udp | integer | |
| .stats.app_layer.flow.ftp | integer | |
| .stats.app_layer.flow.ftp-data | integer | |
| .stats.app_layer.flow.http | integer | |
| .stats.app_layer.flow.http2 | integer | |
| .stats.app_layer.flow.ike | integer | |
| .stats.app_layer.flow.ikev2 | integer | |
| .stats.app_layer.flow.imap | integer | |
| .stats.app_layer.flow.krb5_tcp | integer | |
| .stats.app_layer.flow.krb5_udp | integer | |
| .stats.app_layer.flow.modbus | integer | |
| .stats.app_layer.flow.mqtt | integer | |
| .stats.app_layer.flow.nfs_tcp | integer | |
| .stats.app_layer.flow.nfs_udp | integer | |
| .stats.app_layer.flow.ntp | integer | |
| .stats.app_layer.flow.pgsql | integer | |
| .stats.app_layer.flow.quic | integer | |
| .stats.app_layer.flow.rdp | integer | |
| .stats.app_layer.flow.rfb | integer | |
| .stats.app_layer.flow.sip | integer | |
| .stats.app_layer.flow.smb | integer | |
| .stats.app_layer.flow.smtp | integer | |
| .stats.app_layer.flow.snmp | integer | |
| .stats.app_layer.flow.ssh | integer | |
| .stats.app_layer.flow.telnet | integer | |
| .stats.app_layer.flow.tftp | integer | |
| .stats.app_layer.flow.tls | integer | |
| .stats.app_layer.tx | object | |
| .stats.app_layer.tx.bittorrent-dht | integer | |
| .stats.app_layer.tx.dcerpc_tcp | integer | |
| .stats.app_layer.tx.dcerpc_udp | integer | |
| .stats.app_layer.tx.dhcp | integer | |
| .stats.app_layer.tx.dnp3 | integer | |
| .stats.app_layer.tx.dns_tcp | integer | |
| .stats.app_layer.tx.dns_udp | integer | |
| .stats.app_layer.tx.enip_tcp | integer | |
| .stats.app_layer.tx.enip_udp | integer | |
| .stats.app_layer.tx.ftp | integer | |
| .stats.app_layer.tx.ftp-data | integer | |
| .stats.app_layer.tx.http | integer | |
| .stats.app_layer.tx.http2 | integer | |
| .stats.app_layer.tx.ike | integer | |
| .stats.app_layer.tx.ikev2 | integer | |
| .stats.app_layer.tx.imap | integer | |
| .stats.app_layer.tx.krb5_tcp | integer | |
| .stats.app_layer.tx.krb5_udp | integer | |
| .stats.app_layer.tx.modbus | integer | |
| .stats.app_layer.tx.mqtt | integer | |
| .stats.app_layer.tx.nfs_tcp | integer | |
| .stats.app_layer.tx.nfs_udp | integer | |
| .stats.app_layer.tx.ntp | integer | |
| .stats.app_layer.tx.pgsql | integer | |
| .stats.app_layer.tx.quic | integer | |
| .stats.app_layer.tx.rdp | integer | |
| .stats.app_layer.tx.rfb | integer | |
| .stats.app_layer.tx.sip | integer | |
| .stats.app_layer.tx.smb | integer | |
| .stats.app_layer.tx.smtp | integer | |
| .stats.app_layer.tx.snmp | integer | |
| .stats.app_layer.tx.ssh | integer | |
| .stats.app_layer.tx.telnet | integer | |
| .stats.app_layer.tx.tftp | integer | |
| .stats.app_layer.tx.tls | integer | |
| .stats.decoder | object | |
| .stats.decoder.avg_pkt_size | integer | |
| .stats.decoder.bytes | integer | |
| .stats.decoder.chdlc | integer | |
| .stats.decoder.erspan | integer | |
| .stats.decoder.esp | integer | |
| .stats.decoder.ethernet | integer | |
| .stats.decoder.geneve | integer | |
| .stats.decoder.gre | integer | |
| .stats.decoder.icmpv4 | integer | |
| .stats.decoder.icmpv6 | integer | |
| .stats.decoder.ieee8021ah | integer | |
| .stats.decoder.invalid | integer | |
| .stats.decoder.ipv4 | integer | |
| .stats.decoder.ipv4_in_ipv6 | integer | |
| .stats.decoder.ipv6 | integer | |
| .stats.decoder.ipv6_in_ipv6 | integer | |
| .stats.decoder.max_mac_addrs_dst | integer | |
| .stats.decoder.max_mac_addrs_src | integer | |
| .stats.decoder.max_pkt_size | integer | |
| .stats.decoder.mpls | integer | |
| .stats.decoder.nsh | integer | |
| .stats.decoder.null | integer | |
| .stats.decoder.pkts | integer | |
| .stats.decoder.ppp | integer | |
| .stats.decoder.pppoe | integer | |
| .stats.decoder.raw | integer | |
| .stats.decoder.sctp | integer | |
| .stats.decoder.sll | integer | |
| .stats.decoder.tcp | integer | |
| .stats.decoder.teredo | integer | |
| .stats.decoder.too_many_layers | integer | |
| .stats.decoder.udp | integer | |
| .stats.decoder.vlan | integer | |
| .stats.decoder.vlan_qinq | integer | |
| .stats.decoder.vntag | integer | |
| .stats.decoder.vxlan | integer | |
| .stats.decoder.event | object | |
| .stats.decoder.event.chdlc | object | |
| .stats.decoder.event.chdlc.pkt_too_small | integer | |
| .stats.decoder.event.dce | object | |
| .stats.decoder.event.dce.pkt_too_small | integer | |
| .stats.decoder.event.erspan | object | |
| .stats.decoder.event.erspan.header_too_small | integer | |
| .stats.decoder.event.erspan.too_many_vlan_layers | integer | |
| .stats.decoder.event.erspan.unsupported_version | integer | |
| .stats.decoder.event.esp | object | |
| .stats.decoder.event.esp.pkt_too_small | integer | |
| .stats.decoder.event.ethernet | object | |
| .stats.decoder.event.ethernet.pkt_too_small | integer | |
| .stats.decoder.event.geneve | object | |
| .stats.decoder.event.geneve.unknown_payload_type | integer | |
| .stats.decoder.event.gre | object | |
| .stats.decoder.event.gre.pkt_too_small | integer | |
| .stats.decoder.event.gre.version0_flags | integer | |
| .stats.decoder.event.gre.version0_hdr_too_big | integer | |
| .stats.decoder.event.gre.version0_malformed_sre_hdr | integer | |
| .stats.decoder.event.gre.version0_recur | integer | |
| .stats.decoder.event.gre.version1_chksum | integer | |
| .stats.decoder.event.gre.version1_flags | integer | |
| .stats.decoder.event.gre.version1_hdr_too_big | integer | |
| .stats.decoder.event.gre.version1_malformed_sre_hdr | integer | |
| .stats.decoder.event.gre.version1_no_key | integer | |
| .stats.decoder.event.gre.version1_recur | integer | |
| .stats.decoder.event.gre.version1_route | integer | |
| .stats.decoder.event.gre.version1_ssr | integer | |
| .stats.decoder.event.gre.version1_wrong_protocol | integer | |
| .stats.decoder.event.gre.wrong_version | integer | |
| .stats.decoder.event.icmpv4 | object | |
| .stats.decoder.event.icmpv4.ipv4_trunc_pkt | integer | |
| .stats.decoder.event.icmpv4.ipv4_unknown_ver | integer | |
| .stats.decoder.event.icmpv4.pkt_too_small | integer | |
| .stats.decoder.event.icmpv4.unknown_code | integer | |
| .stats.decoder.event.icmpv4.unknown_type | integer | |
| .stats.decoder.event.icmpv6 | object | |
| .stats.decoder.event.icmpv6.experimentation_type | integer | |
| .stats.decoder.event.icmpv6.ipv6_trunc_pkt | integer | |
| .stats.decoder.event.icmpv6.ipv6_unknown_version | integer | |
| .stats.decoder.event.icmpv6.mld_message_with_invalid_hl | integer | |
| .stats.decoder.event.icmpv6.pkt_too_small | integer | |
| .stats.decoder.event.icmpv6.unassigned_type | integer | |
| .stats.decoder.event.icmpv6.unknown_code | integer | |
| .stats.decoder.event.icmpv6.unknown_type | integer | |
| .stats.decoder.event.ieee8021ah | object | |
| .stats.decoder.event.ieee8021ah.header_too_small | integer | |
| .stats.decoder.event.ipraw | object | |
| .stats.decoder.event.ipraw.invalid_ip_version | integer | |
| .stats.decoder.event.ipv4 | object | |
| .stats.decoder.event.ipv4.frag_ignored | integer | |
| .stats.decoder.event.ipv4.frag_overlap | integer | |
| .stats.decoder.event.ipv4.frag_pkt_too_large | integer | |
| .stats.decoder.event.ipv4.hlen_too_small | integer | |
| .stats.decoder.event.ipv4.icmpv6 | integer | |
| .stats.decoder.event.ipv4.iplen_smaller_than_hlen | integer | |
| .stats.decoder.event.ipv4.opt_duplicate | integer | |
| .stats.decoder.event.ipv4.opt_eol_required | integer | |
| .stats.decoder.event.ipv4.opt_invalid | integer | |
| .stats.decoder.event.ipv4.opt_invalid_len | integer | |
| .stats.decoder.event.ipv4.opt_malformed | integer | |
| .stats.decoder.event.ipv4.opt_pad_required | integer | |
| .stats.decoder.event.ipv4.opt_unknown | integer | |
| .stats.decoder.event.ipv4.pkt_too_small | integer | |
| .stats.decoder.event.ipv4.trunc_pkt | integer | |
| .stats.decoder.event.ipv4.wrong_ip_version | integer | |
| .stats.decoder.event.ipv6 | object | |
| .stats.decoder.event.ipv6.data_after_none_header | integer | |
| .stats.decoder.event.ipv6.dstopts_only_padding | integer | |
| .stats.decoder.event.ipv6.dstopts_unknown_opt | integer | |
| .stats.decoder.event.ipv6.exthdr_ah_res_not_null | integer | |
| .stats.decoder.event.ipv6.exthdr_dupl_ah | integer | |
| .stats.decoder.event.ipv6.exthdr_dupl_dh | integer | |
| .stats.decoder.event.ipv6.exthdr_dupl_eh | integer | |
| .stats.decoder.event.ipv6.exthdr_dupl_fh | integer | |
| .stats.decoder.event.ipv6.exthdr_dupl_hh | integer | |
| .stats.decoder.event.ipv6.exthdr_dupl_rh | integer | |
| .stats.decoder.event.ipv6.exthdr_invalid_optlen | integer | |
| .stats.decoder.event.ipv6.exthdr_useless_fh | integer | |
| .stats.decoder.event.ipv6.fh_non_zero_reserved_field | integer | |
| .stats.decoder.event.ipv6.frag_ignored | integer | |
| .stats.decoder.event.ipv6.frag_invalid_length | integer | |
| .stats.decoder.event.ipv6.frag_overlap | integer | |
| .stats.decoder.event.ipv6.frag_pkt_too_large | integer | |
| .stats.decoder.event.ipv6.hopopts_only_padding | integer | |
| .stats.decoder.event.ipv6.hopopts_unknown_opt | integer | |
| .stats.decoder.event.ipv6.icmpv4 | integer | |
| .stats.decoder.event.ipv6.ipv4_in_ipv6_too_small | integer | |
| .stats.decoder.event.ipv6.ipv4_in_ipv6_wrong_version | integer | |
| .stats.decoder.event.ipv6.ipv6_in_ipv6_too_small | integer | |
| .stats.decoder.event.ipv6.ipv6_in_ipv6_wrong_version | integer | |
| .stats.decoder.event.ipv6.pkt_too_small | integer | |
| .stats.decoder.event.ipv6.rh_type_0 | integer | |
| .stats.decoder.event.ipv6.trunc_exthdr | integer | |
| .stats.decoder.event.ipv6.trunc_pkt | integer | |
| .stats.decoder.event.ipv6.unknown_next_header | integer | |
| .stats.decoder.event.ipv6.wrong_ip_version | integer | |
| .stats.decoder.event.ipv6.zero_len_padn | integer | |
| .stats.decoder.event.ltnull | object | |
| .stats.decoder.event.ltnull.pkt_too_small | integer | |
| .stats.decoder.event.ltnull.unsupported_type | integer | |
| .stats.decoder.event.mpls | object | |
| .stats.decoder.event.mpls.bad_label_implicit_null | integer | |
| .stats.decoder.event.mpls.bad_label_reserved | integer | |
| .stats.decoder.event.mpls.bad_label_router_alert | integer | |
| .stats.decoder.event.mpls.header_too_small | integer | |
| .stats.decoder.event.mpls.pkt_too_small | integer | |
| .stats.decoder.event.mpls.unknown_payload_type | integer | |
| .stats.decoder.event.nsh | object | |
| .stats.decoder.event.nsh.bad_header_length | integer | |
| .stats.decoder.event.nsh.header_too_small | integer | |
| .stats.decoder.event.nsh.reserved_type | integer | |
| .stats.decoder.event.nsh.unknown_payload | integer | |
| .stats.decoder.event.nsh.unsupported_type | integer | |
| .stats.decoder.event.nsh.unsupported_version | integer | |
| .stats.decoder.event.ppp | object | |
| .stats.decoder.event.ppp.ip4_pkt_too_small | integer | |
| .stats.decoder.event.ppp.ip6_pkt_too_small | integer | |
| .stats.decoder.event.ppp.pkt_too_small | integer | |
| .stats.decoder.event.ppp.unsup_proto | integer | |
| .stats.decoder.event.ppp.vju_pkt_too_small | integer | |
| .stats.decoder.event.ppp.wrong_type | integer | |
| .stats.decoder.event.pppoe | object | |
| .stats.decoder.event.pppoe.malformed_tags | integer | |
| .stats.decoder.event.pppoe.pkt_too_small | integer | |
| .stats.decoder.event.pppoe.wrong_code | integer | |
| .stats.decoder.event.sctp | object | |
| .stats.decoder.event.sctp.pkt_too_small | integer | |
| .stats.decoder.event.sll | object | |
| .stats.decoder.event.sll.pkt_too_small | integer | |
| .stats.decoder.event.tcp | object | |
| .stats.decoder.event.tcp.hlen_too_small | integer | |
| .stats.decoder.event.tcp.invalid_optlen | integer | |
| .stats.decoder.event.tcp.opt_duplicate | integer | |
| .stats.decoder.event.tcp.opt_invalid_len | integer | |
| .stats.decoder.event.tcp.pkt_too_small | integer | |
| .stats.decoder.event.udp | object | |
| .stats.decoder.event.udp.hlen_invalid | integer | |
| .stats.decoder.event.udp.hlen_too_small | integer | |
| .stats.decoder.event.udp.pkt_too_small | integer | |
| .stats.decoder.event.vlan | object | |
| .stats.decoder.event.vlan.header_too_small | integer | |
| .stats.decoder.event.vlan.too_many_layers | integer | |
| .stats.decoder.event.vlan.unknown_type | integer | |
| .stats.decoder.event.vntag | object | |
| .stats.decoder.event.vntag.header_too_small | integer | |
| .stats.decoder.event.vntag.unknown_type | integer | |
| .stats.decoder.event.vxlan | object | |
| .stats.decoder.event.vxlan.unknown_payload_type | integer | |
| .stats.defrag | object | |
| .stats.defrag.max_frag_hits | integer | |
| .stats.defrag.ipv4 | object | |
| .stats.defrag.ipv4.fragments | integer | |
| .stats.defrag.ipv4.reassembled | integer | |
| .stats.defrag.ipv4.timeouts | integer | |
| .stats.defrag.ipv6 | object | |
| .stats.defrag.ipv6.fragments | integer | |
| .stats.defrag.ipv6.reassembled | integer | |
| .stats.defrag.ipv6.timeouts | integer | |
| .stats.detect | object | |
| .stats.detect.alert | integer | |
| .stats.detect.alert_queue_overflow | integer | |
| .stats.detect.alerts_suppressed | integer | |
| .stats.detect.mpm_list | integer | |
| .stats.detect.nonmpm_list | integer | |
| .stats.detect.fnonmpm_list | integer | |
| .stats.detect.match_list | integer | |
| .stats.detect.engines | array | |
| .stats.detect.engines.[].id | integer | |
| .stats.detect.engines.[].last_reload | string | |
| .stats.detect.engines.[].rules_loaded | integer | |
| .stats.detect.engines.[].rules_failed | integer | |
| .stats.file_store | object | |
| .stats.file_store.fs_errors | integer | |
| .stats.file_store.open_files | integer | |
| .stats.file_store.open_files_max_hit | integer | |
| .stats.flow | object | |
| .stats.flow.active | integer | |
| .stats.flow.emerg_mode_entered | integer | |
| .stats.flow.emerg_mode_over | integer | |
| .stats.flow.get_used | integer | |
| .stats.flow.get_used_eval | integer | |
| .stats.flow.get_used_eval_busy | integer | |
| .stats.flow.get_used_eval_reject | integer | |
| .stats.flow.get_used_failed | integer | |
| .stats.flow.icmpv4 | integer | |
| .stats.flow.icmpv6 | integer | |
| .stats.flow.memcap | integer | |
| .stats.flow.memuse | integer | |
| .stats.flow.spare | integer | |
| .stats.flow.tcp | integer | |
| .stats.flow.tcp_reuse | integer | |
| .stats.flow.total | integer | |
| .stats.flow.udp | integer | |
| .stats.flow.end | object | |
| .stats.flow.end.state | object | |
| .stats.flow.end.state.new | integer | |
| .stats.flow.end.state.established | integer | |
| .stats.flow.end.state.closed | integer | |
| .stats.flow.end.state.local_bypassed | integer | |
| .stats.flow.end.state.capture_bypassed | integer | |
| .stats.flow.end.tcp_state | object | |
| .stats.flow.end.tcp_state.none | integer | |
| .stats.flow.end.tcp_state.syn_sent | integer | |
| .stats.flow.end.tcp_state.syn_recv | integer | |
| .stats.flow.end.tcp_state.established | integer | |
| .stats.flow.end.tcp_state.fin_wait1 | integer | |
| .stats.flow.end.tcp_state.fin_wait2 | integer | |
| .stats.flow.end.tcp_state.time_wait | integer | |
| .stats.flow.end.tcp_state.last_ack | integer | |
| .stats.flow.end.tcp_state.close_wait | integer | |
| .stats.flow.end.tcp_state.closing | integer | |
| .stats.flow.end.tcp_state.closed | integer | |
| .stats.flow.end.tcp_liberal | integer | |
| .stats.flow.mgr | object | |
| .stats.flow.mgr.flows_checked | integer | |
| .stats.flow.mgr.flows_evicted | integer | |
| .stats.flow.mgr.flows_evicted_needs_work | integer | |
| .stats.flow.mgr.flows_notimeout | integer | |
| .stats.flow.mgr.flows_timeout | integer | |
| .stats.flow.mgr.flows_timeout_inuse | integer | |
| .stats.flow.mgr.full_hash_pass | integer | |
| .stats.flow.mgr.rows_maxlen | integer | |
| .stats.flow.mgr.rows_per_sec | integer | |
| .stats.flow.recycler | object | |
| .stats.flow.recycler.recycled | integer | |
| .stats.flow.recycler.queue_avg | integer | |
| .stats.flow.recycler.queue_max | integer | |
| .stats.flow.wrk | object | |
| .stats.flow.wrk.flows_evicted | integer | |
| .stats.flow.wrk.flows_evicted_needs_work | integer | |
| .stats.flow.wrk.flows_evicted_pkt_inject | integer | |
| .stats.flow.wrk.flows_injected | integer | |
| .stats.flow.wrk.flows_injected_max | integer | |
| .stats.flow.wrk.spare_sync | integer | |
| .stats.flow.wrk.spare_sync_avg | integer | |
| .stats.flow.wrk.spare_sync_empty | integer | |
| .stats.flow.wrk.spare_sync_incomplete | integer | |
| .stats.flow_bypassed | object | |
| .stats.flow_bypassed.bytes | integer | |
| .stats.flow_bypassed.closed | integer | |
| .stats.flow_bypassed.local_bytes | integer | |
| .stats.flow_bypassed.local_capture_bytes | integer | |
| .stats.flow_bypassed.local_capture_pkts | integer | |
| .stats.flow_bypassed.local_pkts | integer | |
| .stats.flow_bypassed.pkts | integer | |
| .stats.flow_mgr | object | |
| .stats.flow_mgr.bypassed_pruned | integer | |
| .stats.flow_mgr.closed_pruned | integer | |
| .stats.flow_mgr.est_pruned | integer | |
| .stats.flow_mgr.flows_checked | integer | |
| .stats.flow_mgr.flows_notimeout | integer | |
| .stats.flow_mgr.flows_removed | integer | |
| .stats.flow_mgr.flows_timeout | integer | |
| .stats.flow_mgr.flows_timeout_inuse | integer | |
| .stats.flow_mgr.new_pruned | integer | |
| .stats.flow_mgr.rows_busy | integer | |
| .stats.flow_mgr.rows_checked | integer | |
| .stats.flow_mgr.rows_empty | integer | |
| .stats.flow_mgr.rows_maxlen | integer | |
| .stats.flow_mgr.rows_skipped | integer | |
| .stats.ftp | object | |
| .stats.ftp.memcap | integer | |
| .stats.ftp.memuse | integer | |
| .stats.http | object | |
| .stats.http.memcap | integer | |
| .stats.http.memuse | integer | |
| .stats.tcp | object | |
| .stats.tcp.active_sessions | integer | |
| .stats.tcp.insert_data_normal_fail | integer | |
| .stats.tcp.insert_data_overlap_fail | integer | |
| .stats.tcp.insert_list_fail | integer | |
| .stats.tcp.invalid_checksum | integer | |
| .stats.tcp.memuse | integer | |
| .stats.tcp.midstream_pickups | integer | |
| .stats.tcp.no_flow | integer | |
| .stats.tcp.overlap | integer | |
| .stats.tcp.overlap_diff_data | integer | |
| .stats.tcp.pkt_on_wrong_thread | integer | |
| .stats.tcp.pseudo | integer | |
| .stats.tcp.pseudo_failed | integer | |
| .stats.tcp.reassembly_gap | integer | |
| .stats.tcp.reassembly_memuse | integer | |
| .stats.tcp.rst | integer | |
| .stats.tcp.segment_memcap_drop | integer | |
| .stats.tcp.segment_from_cache | integer | |
| .stats.tcp.segment_from_pool | integer | |
| .stats.tcp.sessions | integer | |
| .stats.tcp.ssn_from_cache | integer | |
| .stats.tcp.ssn_from_pool | integer | |
| .stats.tcp.ssn_memcap_drop | integer | |
| .stats.tcp.stream_depth_reached | integer | |
| .stats.tcp.syn | integer | |
| .stats.tcp.synack | integer | |
| .tcp | object | |
| .tcp.ack | boolean | |
| .tcp.cwr | boolean | |
| .tcp.ecn | boolean | |
| .tcp.fin | boolean | |
| .tcp.psh | boolean | |
| .tcp.rst | boolean | |
| .tcp.state | string | |
| .tcp.syn | boolean | |
| .tcp.tc_gap | boolean | |
| .tcp.tcp_flags | string | |
| .tcp.tcp_flags_tc | string | |
| .tcp.tcp_flags_ts | string | |
| .tcp.ts_gap | boolean | |
| .tcp.urg | boolean | |
| .template | object | |
| .template.request | string | |
| .template.response | string | |
| .tftp | object | |
| .tftp.file | string | |
| .tftp.mode | string | |
| .tftp.packet | string | |
| .tls | object | |
| .tls.client | object | |
| .tls.client.fingerprint | string | |
| .tls.client.issuerdn | string | |
| .tls.client.notafter | string | |
| .tls.client.notbefore | string | |
| .tls.client.serial | string | |
| .tls.client.subject | string | |
| .tls.fingerprint | string | |
| .tls.from_proto | string | |
| .tls.issuerdn | string | |
| .tls.notafter | string | |
| .tls.notbefore | string | |
| .tls.serial | string | |
| .tls.session_resumed | boolean | |
| .tls.sni | string | |
| .tls.subject | string | |
| .tls.version | string | |
| .tls.ja3 | object | |
| .tls.ja3.hash | string | |
| .tls.ja3.string | string | |
| .tls.ja3s | object | |
| .tls.ja3s.hash | string | |
| .tls.ja3s.string | string | |
| .traffic | object | |
| .traffic.id | array | |
| .traffic.id.[] | string | |
| .traffic.label | array | |
| .traffic.label.[] | string | |
| .tunnel | object | |
| .tunnel.depth | integer | |
| .tunnel.dest_ip | string | |
| .tunnel.dest_port | integer | |
| .tunnel.pcap_cnt | integer | |
| .tunnel.pkt_src | string | |
| .tunnel.proto | string | |
| .tunnel.src_ip | string | |
| .tunnel.src_port | integer |
-
-
Save jasonish/fc04da8a5586954f78e1857fe3ae0203 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment