Skip to content

Instantly share code, notes, and snippets.

@rishisalunkhe4141

rishisalunkhe4141/response.json

Created January 31, 2022 17:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rishisalunkhe4141/d5f2d38d8f528e126fadfc3325cf27e4 to your computer and use it in GitHub Desktop.
Save rishisalunkhe4141/d5f2d38d8f528e126fadfc3325cf27e4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
response.json
This file has been truncated, but you can view the full file.
{
"apm-7.16.3-span-000001": {
"mappings": {
"_meta": {
"beat": "apm",
"version": "7.16.3"
},
"dynamic_templates": [
{
"labels": {
"path_match": "labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"container.labels": {
"path_match": "container.labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"fields": {
"path_match": "fields.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"docker.container.labels": {
"path_match": "docker.container.labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.labels.*": {
"path_match": "kubernetes.labels.*",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.annotations.*": {
"path_match": "kubernetes.annotations.*",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.selectors.*": {
"path_match": "kubernetes.selectors.*",
"mapping": {
"type": "keyword"
}
}
},
{
"labels_string": {
"path_match": "labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"labels_boolean": {
"path_match": "labels.*",
"match_mapping_type": "boolean",
"mapping": {
"type": "boolean"
}
}
},
{
"labels_*": {
"path_match": "labels.*",
"mapping": {
"scaling_factor": 1000000,
"type": "scaled_float"
}
}
},
{
"histogram": {
"mapping": {
"type": "histogram"
}
}
},
{
"transaction.marks": {
"path_match": "transaction.marks.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"transaction.marks.*.*": {
"path_match": "transaction.marks.*.*",
"mapping": {
"scaling_factor": 1000000,
"type": "scaled_float"
}
}
},
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
],
"date_detection": false,
"properties": {
"@timestamp": {
"type": "date"
},
"agent": {
"dynamic": "false",
"properties": {
"build": {
"properties": {
"original": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"child": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"client": {
"dynamic": "false",
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"cloud": {
"properties": {
"account": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"availability_zone": {
"type": "keyword",
"ignore_above": 1024
},
"image": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"instance": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"machine": {
"dynamic": "false",
"properties": {
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"origin": {
"dynamic": "false",
"properties": {
"account": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"region": {
"type": "keyword",
"ignore_above": 1024
},
"service": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"project": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"region": {
"type": "keyword",
"ignore_above": 1024
},
"service": {
"dynamic": "false",
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"container": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"image": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"tag": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"labels": {
"type": "object"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"runtime": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"data_stream": {
"properties": {
"dataset": {
"type": "constant_keyword"
},
"namespace": {
"type": "constant_keyword"
},
"type": {
"type": "constant_keyword"
}
}
},
"destination": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"dll": {
"properties": {
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"dns": {
"properties": {
"answers": {
"properties": {
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"ttl": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"header_flags": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"op_code": {
"type": "keyword",
"ignore_above": 1024
},
"question": {
"properties": {
"class": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"resolved_ip": {
"type": "ip"
},
"response_code": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"docker": {
"properties": {
"container": {
"properties": {
"labels": {
"type": "object"
}
}
}
}
},
"ecs": {
"properties": {
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"error": {
"dynamic": "false",
"properties": {
"code": {
"type": "keyword",
"ignore_above": 1024
},
"culprit": {
"type": "keyword",
"ignore_above": 1024
},
"exception": {
"properties": {
"code": {
"type": "keyword",
"ignore_above": 1024
},
"handled": {
"type": "boolean"
},
"message": {
"type": "text",
"norms": false
},
"module": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"grouping_key": {
"type": "keyword",
"ignore_above": 1024
},
"grouping_name": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"log": {
"properties": {
"level": {
"type": "keyword",
"ignore_above": 1024
},
"logger_name": {
"type": "keyword",
"ignore_above": 1024
},
"message": {
"type": "text",
"norms": false
},
"param_message": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"message": {
"type": "match_only_text"
},
"stack_trace": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"event": {
"properties": {
"action": {
"type": "keyword",
"ignore_above": 1024
},
"agent_id_status": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
},
"code": {
"type": "keyword",
"ignore_above": 1024
},
"created": {
"type": "date"
},
"dataset": {
"type": "keyword",
"ignore_above": 1024
},
"duration": {
"type": "long"
},
"end": {
"type": "date"
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ingested": {
"type": "date"
},
"kind": {
"type": "keyword",
"ignore_above": 1024
},
"module": {
"type": "keyword",
"ignore_above": 1024
},
"original": {
"type": "keyword",
"index": false,
"doc_values": false,
"ignore_above": 1024
},
"outcome": {
"type": "keyword",
"ignore_above": 1024
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"reason": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"risk_score": {
"type": "float"
},
"risk_score_norm": {
"type": "float"
},
"sequence": {
"type": "long"
},
"severity": {
"type": "long"
},
"start": {
"type": "date"
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"faas": {
"dynamic": "false",
"properties": {
"coldstart": {
"type": "boolean"
},
"execution": {
"type": "keyword",
"ignore_above": 1024
},
"trigger": {
"properties": {
"request_id": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"fields": {
"type": "object"
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fork_name": {
"type": "keyword",
"ignore_above": 1024
},
"gid": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"inode": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"mode": {
"type": "keyword",
"ignore_above": 1024
},
"mtime": {
"type": "date"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"owner": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"size": {
"type": "long"
},
"target_path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"host": {
"dynamic": "false",
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"containerized": {
"type": "boolean"
},
"cpu": {
"properties": {
"usage": {
"type": "scaled_float",
"scaling_factor": 1000.0
}
}
},
"disk": {
"properties": {
"read": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"write": {
"properties": {
"bytes": {
"type": "long"
}
}
}
}
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"network": {
"properties": {
"egress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
},
"ingress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
}
}
},
"os": {
"properties": {
"build": {
"type": "keyword",
"ignore_above": 1024
},
"codename": {
"type": "keyword",
"ignore_above": 1024
},
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uptime": {
"type": "long"
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"http": {
"dynamic": "false",
"properties": {
"request": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
},
"content": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"bytes": {
"type": "long"
},
"headers": {
"type": "object",
"enabled": false
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"method": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"referrer": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"response": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
},
"content": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"bytes": {
"type": "long"
},
"finished": {
"type": "boolean"
},
"headers": {
"type": "object",
"enabled": false
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"status_code": {
"type": "long"
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"kubernetes": {
"dynamic": "false",
"properties": {
"annotations": {
"properties": {
"*": {
"type": "object"
}
}
},
"container": {
"properties": {
"image": {
"type": "alias",
"path": "container.image.name"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"deployment": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"labels": {
"properties": {
"*": {
"type": "object"
}
}
},
"namespace": {
"type": "keyword",
"ignore_above": 1024
},
"node": {
"properties": {
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pod": {
"properties": {
"ip": {
"type": "ip"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"replicaset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"selectors": {
"properties": {
"*": {
"type": "object"
}
}
},
"statefulset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"labels": {
"type": "object",
"dynamic": "true"
},
"log": {
"properties": {
"file": {
"properties": {
"path": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"level": {
"type": "keyword",
"ignore_above": 1024
},
"logger": {
"type": "keyword",
"ignore_above": 1024
},
"origin": {
"properties": {
"file": {
"properties": {
"line": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"function": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"original": {
"type": "keyword",
"index": false,
"doc_values": false,
"ignore_above": 1024
},
"syslog": {
"properties": {
"facility": {
"properties": {
"code": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"priority": {
"type": "long"
},
"severity": {
"properties": {
"code": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
}
},
"message": {
"type": "text",
"norms": false
},
"metricset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"period": {
"type": "long",
"meta": {
"unit": "ms"
}
}
}
},
"network": {
"dynamic": "false",
"properties": {
"application": {
"type": "keyword",
"ignore_above": 1024
},
"bytes": {
"type": "long"
},
"carrier": {
"properties": {
"icc": {
"type": "keyword",
"ignore_above": 1024
},
"mcc": {
"type": "keyword",
"ignore_above": 1024
},
"mnc": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"community_id": {
"type": "keyword",
"ignore_above": 1024
},
"connection": {
"properties": {
"subtype": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"direction": {
"type": "keyword",
"ignore_above": 1024
},
"forwarded_ip": {
"type": "ip"
},
"iana_number": {
"type": "keyword",
"ignore_above": 1024
},
"inner": {
"properties": {
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"packets": {
"type": "long"
},
"protocol": {
"type": "keyword",
"ignore_above": 1024
},
"transport": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"observer": {
"dynamic": "false",
"properties": {
"egress": {
"properties": {
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"zone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ingress": {
"properties": {
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"zone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"listening": {
"type": "keyword",
"ignore_above": 1024
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"os": {
"properties": {
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"product": {
"type": "keyword",
"ignore_above": 1024
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"vendor": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
},
"version_major": {
"type": "byte"
}
}
},
"orchestrator": {
"properties": {
"api_version": {
"type": "keyword",
"ignore_above": 1024
},
"cluster": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"namespace": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"resource": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"organization": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"os": {
"properties": {
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"package": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"build_version": {
"type": "keyword",
"ignore_above": 1024
},
"checksum": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"install_scope": {
"type": "keyword",
"ignore_above": 1024
},
"installed": {
"type": "date"
},
"license": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"parent": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"process": {
"dynamic": "false",
"properties": {
"args": {
"type": "keyword",
"ignore_above": 1024
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"end": {
"type": "date"
},
"entity_id": {
"type": "keyword",
"ignore_above": 1024
},
"executable": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"parent": {
"properties": {
"args": {
"type": "keyword",
"ignore_above": 1024
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"end": {
"type": "date"
},
"entity_id": {
"type": "keyword",
"ignore_above": 1024
},
"executable": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"title": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"uptime": {
"type": "long"
},
"working_directory": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"title": {
"type": "keyword",
"ignore_above": 1024
},
"uptime": {
"type": "long"
},
"working_directory": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"processor": {
"properties": {
"event": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"profile": {
"dynamic": "false",
"properties": {
"alloc_objects": {
"properties": {
"count": {
"type": "long"
}
}
},
"alloc_space": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"cpu": {
"properties": {
"ns": {
"type": "long",
"meta": {
"unit": "nanos"
}
}
}
},
"duration": {
"type": "long",
"meta": {
"unit": "nanos"
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"inuse_objects": {
"properties": {
"count": {
"type": "long"
}
}
},
"inuse_space": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"samples": {
"properties": {
"count": {
"type": "long"
}
}
},
"stack": {
"dynamic": "false",
"properties": {
"filename": {
"type": "keyword",
"ignore_above": 1024
},
"function": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"line": {
"type": "long"
}
}
},
"top": {
"dynamic": "false",
"properties": {
"filename": {
"type": "keyword",
"ignore_above": 1024
},
"function": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"line": {
"type": "long"
}
}
},
"wall": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"registry": {
"properties": {
"data": {
"properties": {
"bytes": {
"type": "keyword",
"ignore_above": 1024
},
"strings": {
"type": "wildcard",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hive": {
"type": "keyword",
"ignore_above": 1024
},
"key": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"related": {
"properties": {
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"hosts": {
"type": "keyword",
"ignore_above": 1024
},
"ip": {
"type": "ip"
},
"user": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"rule": {
"properties": {
"author": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"license": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"ruleset": {
"type": "keyword",
"ignore_above": 1024
},
"uuid": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"server": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"service": {
"dynamic": "false",
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"environment": {
"type": "keyword",
"ignore_above": 1024
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"framework": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"language": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"node": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"origin": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"runtime": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"state": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"session": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"sequence": {
"type": "long"
}
}
},
"source": {
"dynamic": "false",
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"sourcemap": {
"dynamic": "false",
"properties": {
"bundle_filepath": {
"type": "keyword",
"ignore_above": 1024
},
"service": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"span": {
"dynamic": "false",
"properties": {
"action": {
"type": "keyword",
"ignore_above": 1024
},
"composite": {
"dynamic": "false",
"properties": {
"compression_strategy": {
"type": "keyword",
"ignore_above": 1024
},
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long"
}
}
}
}
},
"db": {
"dynamic": "false",
"properties": {
"link": {
"type": "keyword",
"ignore_above": 1024
},
"rows_affected": {
"type": "long"
}
}
},
"destination": {
"dynamic": "false",
"properties": {
"service": {
"dynamic": "false",
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"resource": {
"type": "keyword",
"ignore_above": 1024
},
"response_time": {
"properties": {
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"duration": {
"properties": {
"us": {
"type": "long"
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"kind": {
"type": "keyword",
"ignore_above": 1024
},
"message": {
"dynamic": "false",
"properties": {
"age": {
"properties": {
"ms": {
"type": "long"
}
}
},
"queue": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"self_time": {
"properties": {
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"start": {
"properties": {
"us": {
"type": "long"
}
}
},
"subtype": {
"type": "keyword",
"ignore_above": 1024
},
"sync": {
"type": "boolean"
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"system": {
"properties": {
"cpu": {
"properties": {
"total": {
"properties": {
"norm": {
"properties": {
"pct": {
"type": "scaled_float",
"meta": {
"metric_type": "gauge",
"unit": "percent"
},
"scaling_factor": 1000.0
}
}
}
}
}
}
},
"memory": {
"properties": {
"actual": {
"properties": {
"free": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"total": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"process": {
"properties": {
"cgroup": {
"properties": {
"cpu": {
"properties": {
"cfs": {
"properties": {
"period": {
"properties": {
"us": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "micros"
}
}
}
},
"quota": {
"properties": {
"us": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "micros"
}
}
}
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"stats": {
"properties": {
"periods": {
"type": "long",
"meta": {
"metric_type": "counter"
}
},
"throttled": {
"properties": {
"ns": {
"type": "long",
"meta": {
"metric_type": "counter",
"unit": "nanos"
}
},
"periods": {
"type": "long",
"meta": {
"metric_type": "counter"
}
}
}
}
}
}
}
},
"cpuacct": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"total": {
"properties": {
"ns": {
"type": "long",
"meta": {
"metric_type": "counter",
"unit": "nanos"
}
}
}
}
}
},
"memory": {
"properties": {
"mem": {
"properties": {
"limit": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"usage": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
}
}
}
}
}
}
},
"cpu": {
"properties": {
"total": {
"properties": {
"norm": {
"properties": {
"pct": {
"type": "scaled_float",
"meta": {
"metric_type": "gauge",
"unit": "percent"
},
"scaling_factor": 1000.0
}
}
}
}
}
}
},
"memory": {
"properties": {
"rss": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"size": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
}
}
}
}
},
"tags": {
"type": "keyword",
"ignore_above": 1024
},
"threat": {
"properties": {
"enrichments": {
"type": "nested",
"properties": {
"indicator": {
"properties": {
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"confidence": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fork_name": {
"type": "keyword",
"ignore_above": 1024
},
"gid": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"inode": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"mode": {
"type": "keyword",
"ignore_above": 1024
},
"mtime": {
"type": "date"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"owner": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"size": {
"type": "long"
},
"target_path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"first_seen": {
"type": "date"
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"last_seen": {
"type": "date"
},
"marking": {
"properties": {
"tlp": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"modified_at": {
"type": "date"
},
"port": {
"type": "long"
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"registry": {
"properties": {
"data": {
"properties": {
"bytes": {
"type": "keyword",
"ignore_above": 1024
},
"strings": {
"type": "wildcard",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hive": {
"type": "keyword",
"ignore_above": 1024
},
"key": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"scanner_stats": {
"type": "long"
},
"sightings": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fragment": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"original": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"password": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "wildcard",
"ignore_above": 1024
},
"port": {
"type": "long"
},
"query": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"scheme": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"username": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"matched": {
"properties": {
"atomic": {
"type": "keyword",
"ignore_above": 1024
},
"field": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"index": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"framework": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"indicator": {
"properties": {
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"confidence": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fork_name": {
"type": "keyword",
"ignore_above": 1024
},
"gid": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"inode": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"mode": {
"type": "keyword",
"ignore_above": 1024
},
"mtime": {
"type": "date"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"owner": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"size": {
"type": "long"
},
"target_path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"first_seen": {
"type": "date"
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"last_seen": {
"type": "date"
},
"marking": {
"properties": {
"tlp": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"modified_at": {
"type": "date"
},
"port": {
"type": "long"
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"registry": {
"properties": {
"data": {
"properties": {
"bytes": {
"type": "keyword",
"ignore_above": 1024
},
"strings": {
"type": "wildcard",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hive": {
"type": "keyword",
"ignore_above": 1024
},
"key": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"scanner_stats": {
"type": "long"
},
"sightings": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fragment": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"original": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"password": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "wildcard",
"ignore_above": 1024
},
"port": {
"type": "long"
},
"query": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"scheme": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"username": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"software": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"platforms": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"tactic": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"technique": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"subtechnique": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"reference": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
}
},
"timeseries": {
"properties": {
"instance": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"timestamp": {
"properties": {
"us": {
"type": "long"
}
}
},
"tls": {
"properties": {
"cipher": {
"type": "keyword",
"ignore_above": 1024
},
"client": {
"properties": {
"certificate": {
"type": "keyword",
"ignore_above": 1024
},
"certificate_chain": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"issuer": {
"type": "keyword",
"ignore_above": 1024
},
"ja3": {
"type": "keyword",
"ignore_above": 1024
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"server_name": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"type": "keyword",
"ignore_above": 1024
},
"supported_ciphers": {
"type": "keyword",
"ignore_above": 1024
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"curve": {
"type": "keyword",
"ignore_above": 1024
},
"established": {
"type": "boolean"
},
"next_protocol": {
"type": "keyword",
"ignore_above": 1024
},
"resumed": {
"type": "boolean"
},
"server": {
"properties": {
"certificate": {
"type": "keyword",
"ignore_above": 1024
},
"certificate_chain": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"issuer": {
"type": "keyword",
"ignore_above": 1024
},
"ja3s": {
"type": "keyword",
"ignore_above": 1024
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"subject": {
"type": "keyword",
"ignore_above": 1024
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
},
"version_protocol": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"trace": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"transaction": {
"dynamic": "false",
"properties": {
"breakdown": {
"properties": {
"count": {
"type": "long"
}
}
},
"duration": {
"properties": {
"histogram": {
"type": "histogram"
},
"us": {
"type": "long"
}
}
},
"experience": {
"properties": {
"cls": {
"type": "scaled_float",
"scaling_factor": 1000000.0
},
"fid": {
"type": "scaled_float",
"scaling_factor": 1000000.0
},
"longtask": {
"properties": {
"count": {
"type": "long"
},
"max": {
"type": "scaled_float",
"scaling_factor": 1000000.0
},
"sum": {
"type": "scaled_float",
"scaling_factor": 1000000.0
}
}
},
"tbt": {
"type": "scaled_float",
"scaling_factor": 1000000.0
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"marks": {
"dynamic": "true",
"properties": {
"*": {
"properties": {
"*": {
"type": "object",
"dynamic": "true"
}
}
}
}
},
"message": {
"dynamic": "false",
"properties": {
"age": {
"properties": {
"ms": {
"type": "long"
}
}
},
"queue": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"result": {
"type": "keyword",
"ignore_above": 1024
},
"root": {
"type": "boolean"
},
"sampled": {
"type": "boolean"
},
"self_time": {
"properties": {
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"span_count": {
"properties": {
"dropped": {
"type": "long"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"url": {
"dynamic": "false",
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fragment": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024
},
"original": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"password": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"port": {
"type": "long"
},
"query": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"scheme": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"username": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"user": {
"dynamic": "false",
"properties": {
"changes": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"effective": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"roles": {
"type": "keyword",
"ignore_above": 1024
},
"target": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"user_agent": {
"dynamic": "false",
"properties": {
"device": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"original": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"os": {
"properties": {
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vulnerability": {
"properties": {
"category": {
"type": "keyword",
"ignore_above": 1024
},
"classification": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"enumeration": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"report_id": {
"type": "keyword",
"ignore_above": 1024
},
"scanner": {
"properties": {
"vendor": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"score": {
"properties": {
"base": {
"type": "float"
},
"environmental": {
"type": "float"
},
"temporal": {
"type": "float"
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"severity": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
},
"apm-7.15.2-error-000001": {
"mappings": {
"_meta": {
"beat": "apm",
"version": "7.15.2"
},
"dynamic_templates": [
{
"labels": {
"path_match": "labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"container.labels": {
"path_match": "container.labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"fields": {
"path_match": "fields.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"docker.container.labels": {
"path_match": "docker.container.labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.labels.*": {
"path_match": "kubernetes.labels.*",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.annotations.*": {
"path_match": "kubernetes.annotations.*",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.selectors.*": {
"path_match": "kubernetes.selectors.*",
"mapping": {
"type": "keyword"
}
}
},
{
"labels_string": {
"path_match": "labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"labels_boolean": {
"path_match": "labels.*",
"match_mapping_type": "boolean",
"mapping": {
"type": "boolean"
}
}
},
{
"labels_*": {
"path_match": "labels.*",
"mapping": {
"scaling_factor": 1000000,
"type": "scaled_float"
}
}
},
{
"histogram": {
"mapping": {
"type": "histogram"
}
}
},
{
"transaction.marks": {
"path_match": "transaction.marks.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"transaction.marks.*.*": {
"path_match": "transaction.marks.*.*",
"mapping": {
"scaling_factor": 1000000,
"type": "scaled_float"
}
}
},
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
],
"date_detection": false,
"properties": {
"@timestamp": {
"type": "date"
},
"agent": {
"dynamic": "false",
"properties": {
"build": {
"properties": {
"original": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
}
}
},
"child": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"client": {
"dynamic": "false",
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"cloud": {
"properties": {
"account": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"availability_zone": {
"type": "keyword",
"ignore_above": 1024
},
"image": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"instance": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"machine": {
"dynamic": "false",
"properties": {
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"project": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"region": {
"type": "keyword",
"ignore_above": 1024
},
"service": {
"dynamic": "false",
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"code_signature": {
"properties": {
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"container": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"image": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"tag": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"labels": {
"type": "object"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"runtime": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"data_stream": {
"properties": {
"dataset": {
"type": "constant_keyword"
},
"namespace": {
"type": "constant_keyword"
},
"type": {
"type": "constant_keyword"
}
}
},
"destination": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"dll": {
"properties": {
"code_signature": {
"properties": {
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"dns": {
"properties": {
"answers": {
"properties": {
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"ttl": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"header_flags": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"op_code": {
"type": "keyword",
"ignore_above": 1024
},
"question": {
"properties": {
"class": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"resolved_ip": {
"type": "ip"
},
"response_code": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"docker": {
"properties": {
"container": {
"properties": {
"labels": {
"type": "object"
}
}
}
}
},
"ecs": {
"properties": {
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"error": {
"dynamic": "false",
"properties": {
"code": {
"type": "keyword",
"ignore_above": 1024
},
"culprit": {
"type": "keyword",
"ignore_above": 1024
},
"exception": {
"properties": {
"code": {
"type": "keyword",
"ignore_above": 1024
},
"handled": {
"type": "boolean"
},
"message": {
"type": "text",
"norms": false
},
"module": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"grouping_key": {
"type": "keyword",
"ignore_above": 1024
},
"grouping_name": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"log": {
"properties": {
"level": {
"type": "keyword",
"ignore_above": 1024
},
"logger_name": {
"type": "keyword",
"ignore_above": 1024
},
"message": {
"type": "text",
"norms": false
},
"param_message": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"message": {
"type": "text",
"norms": false
},
"stack_trace": {
"type": "keyword",
"index": false,
"doc_values": false,
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"event": {
"properties": {
"action": {
"type": "keyword",
"ignore_above": 1024
},
"agent_id_status": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
},
"code": {
"type": "keyword",
"ignore_above": 1024
},
"created": {
"type": "date"
},
"dataset": {
"type": "keyword",
"ignore_above": 1024
},
"duration": {
"type": "long"
},
"end": {
"type": "date"
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ingested": {
"type": "date"
},
"kind": {
"type": "keyword",
"ignore_above": 1024
},
"module": {
"type": "keyword",
"ignore_above": 1024
},
"original": {
"type": "keyword",
"index": false,
"doc_values": false,
"ignore_above": 1024
},
"outcome": {
"type": "keyword",
"ignore_above": 1024
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"reason": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"risk_score": {
"type": "float"
},
"risk_score_norm": {
"type": "float"
},
"sequence": {
"type": "long"
},
"severity": {
"type": "long"
},
"start": {
"type": "date"
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"experimental": {
"type": "object",
"dynamic": "true"
},
"fields": {
"type": "object"
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"gid": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"inode": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"mode": {
"type": "keyword",
"ignore_above": 1024
},
"mtime": {
"type": "date"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"owner": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"size": {
"type": "long"
},
"target_path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"host": {
"dynamic": "false",
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"containerized": {
"type": "boolean"
},
"cpu": {
"properties": {
"usage": {
"type": "scaled_float",
"scaling_factor": 1000.0
}
}
},
"disk": {
"properties": {
"read": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"write": {
"properties": {
"bytes": {
"type": "long"
}
}
}
}
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"network": {
"properties": {
"egress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
},
"ingress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
}
}
},
"os": {
"properties": {
"build": {
"type": "keyword",
"ignore_above": 1024
},
"codename": {
"type": "keyword",
"ignore_above": 1024
},
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uptime": {
"type": "long"
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"http": {
"dynamic": "false",
"properties": {
"request": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
},
"content": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
},
"bytes": {
"type": "long"
},
"headers": {
"type": "object",
"enabled": false
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"method": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"referrer": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"response": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
},
"content": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
},
"bytes": {
"type": "long"
},
"finished": {
"type": "boolean"
},
"headers": {
"type": "object",
"enabled": false
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"status_code": {
"type": "long"
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"kubernetes": {
"dynamic": "false",
"properties": {
"annotations": {
"properties": {
"*": {
"type": "object"
}
}
},
"container": {
"properties": {
"image": {
"type": "alias",
"path": "container.image.name"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"deployment": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"labels": {
"properties": {
"*": {
"type": "object"
}
}
},
"namespace": {
"type": "keyword",
"ignore_above": 1024
},
"node": {
"properties": {
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pod": {
"properties": {
"ip": {
"type": "ip"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"replicaset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"selectors": {
"properties": {
"*": {
"type": "object"
}
}
},
"statefulset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"labels": {
"type": "object",
"dynamic": "true"
},
"log": {
"properties": {
"file": {
"properties": {
"path": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"level": {
"type": "keyword",
"ignore_above": 1024
},
"logger": {
"type": "keyword",
"ignore_above": 1024
},
"origin": {
"properties": {
"file": {
"properties": {
"line": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"function": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"original": {
"type": "keyword",
"index": false,
"doc_values": false,
"ignore_above": 1024
},
"syslog": {
"properties": {
"facility": {
"properties": {
"code": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"priority": {
"type": "long"
},
"severity": {
"properties": {
"code": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
}
},
"message": {
"type": "text",
"norms": false
},
"metricset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"period": {
"type": "long",
"meta": {
"unit": "ms"
}
}
}
},
"network": {
"dynamic": "false",
"properties": {
"application": {
"type": "keyword",
"ignore_above": 1024
},
"bytes": {
"type": "long"
},
"carrier": {
"properties": {
"icc": {
"type": "keyword",
"ignore_above": 1024
},
"mcc": {
"type": "keyword",
"ignore_above": 1024
},
"mnc": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"community_id": {
"type": "keyword",
"ignore_above": 1024
},
"connection": {
"properties": {
"subtype": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"direction": {
"type": "keyword",
"ignore_above": 1024
},
"forwarded_ip": {
"type": "ip"
},
"iana_number": {
"type": "keyword",
"ignore_above": 1024
},
"inner": {
"properties": {
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"packets": {
"type": "long"
},
"protocol": {
"type": "keyword",
"ignore_above": 1024
},
"transport": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"observer": {
"dynamic": "false",
"properties": {
"egress": {
"properties": {
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"zone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ingress": {
"properties": {
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"zone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"listening": {
"type": "keyword",
"ignore_above": 1024
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"os": {
"properties": {
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"product": {
"type": "keyword",
"ignore_above": 1024
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"vendor": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
},
"version_major": {
"type": "byte"
}
}
},
"orchestrator": {
"properties": {
"api_version": {
"type": "keyword",
"ignore_above": 1024
},
"cluster": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"namespace": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"resource": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"organization": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
},
"os": {
"properties": {
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"package": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"build_version": {
"type": "keyword",
"ignore_above": 1024
},
"checksum": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"install_scope": {
"type": "keyword",
"ignore_above": 1024
},
"installed": {
"type": "date"
},
"license": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"parent": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"process": {
"dynamic": "false",
"properties": {
"args": {
"type": "keyword",
"ignore_above": 1024
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"entity_id": {
"type": "keyword",
"ignore_above": 1024
},
"executable": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"parent": {
"properties": {
"args": {
"type": "keyword",
"ignore_above": 1024
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"entity_id": {
"type": "keyword",
"ignore_above": 1024
},
"executable": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"title": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"uptime": {
"type": "long"
},
"working_directory": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"title": {
"type": "keyword",
"ignore_above": 1024
},
"uptime": {
"type": "long"
},
"working_directory": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
},
"processor": {
"properties": {
"event": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"profile": {
"dynamic": "false",
"properties": {
"alloc_objects": {
"properties": {
"count": {
"type": "long"
}
}
},
"alloc_space": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"cpu": {
"properties": {
"ns": {
"type": "long",
"meta": {
"unit": "nanos"
}
}
}
},
"duration": {
"type": "long",
"meta": {
"unit": "nanos"
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"inuse_objects": {
"properties": {
"count": {
"type": "long"
}
}
},
"inuse_space": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"samples": {
"properties": {
"count": {
"type": "long"
}
}
},
"stack": {
"dynamic": "false",
"properties": {
"filename": {
"type": "keyword",
"ignore_above": 1024
},
"function": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"line": {
"type": "long"
}
}
},
"top": {
"dynamic": "false",
"properties": {
"filename": {
"type": "keyword",
"ignore_above": 1024
},
"function": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"line": {
"type": "long"
}
}
},
"wall": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"registry": {
"properties": {
"data": {
"properties": {
"bytes": {
"type": "keyword",
"ignore_above": 1024
},
"strings": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hive": {
"type": "keyword",
"ignore_above": 1024
},
"key": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"related": {
"properties": {
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"hosts": {
"type": "keyword",
"ignore_above": 1024
},
"ip": {
"type": "ip"
},
"user": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"rule": {
"properties": {
"author": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"license": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"ruleset": {
"type": "keyword",
"ignore_above": 1024
},
"uuid": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"server": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"service": {
"dynamic": "false",
"properties": {
"environment": {
"type": "keyword",
"ignore_above": 1024
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"framework": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"language": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"node": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"runtime": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"state": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"session": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"sequence": {
"type": "long"
}
}
},
"source": {
"dynamic": "false",
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"sourcemap": {
"dynamic": "false",
"properties": {
"bundle_filepath": {
"type": "keyword",
"ignore_above": 1024
},
"service": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"span": {
"dynamic": "false",
"properties": {
"action": {
"type": "keyword",
"ignore_above": 1024
},
"composite": {
"dynamic": "false",
"properties": {
"compression_strategy": {
"type": "keyword",
"ignore_above": 1024
},
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long"
}
}
}
}
},
"db": {
"dynamic": "false",
"properties": {
"link": {
"type": "keyword",
"ignore_above": 1024
},
"rows_affected": {
"type": "long"
}
}
},
"destination": {
"dynamic": "false",
"properties": {
"service": {
"dynamic": "false",
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"resource": {
"type": "keyword",
"ignore_above": 1024
},
"response_time": {
"properties": {
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"duration": {
"properties": {
"us": {
"type": "long"
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"message": {
"dynamic": "false",
"properties": {
"age": {
"properties": {
"ms": {
"type": "long"
}
}
},
"queue": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"self_time": {
"properties": {
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"start": {
"properties": {
"us": {
"type": "long"
}
}
},
"subtype": {
"type": "keyword",
"ignore_above": 1024
},
"sync": {
"type": "boolean"
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"system": {
"properties": {
"cpu": {
"properties": {
"total": {
"properties": {
"norm": {
"properties": {
"pct": {
"type": "scaled_float",
"meta": {
"metric_type": "gauge",
"unit": "percent"
},
"scaling_factor": 1000.0
}
}
}
}
}
}
},
"memory": {
"properties": {
"actual": {
"properties": {
"free": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"total": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"process": {
"properties": {
"cgroup": {
"properties": {
"cpu": {
"properties": {
"cfs": {
"properties": {
"period": {
"properties": {
"us": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "micros"
}
}
}
},
"quota": {
"properties": {
"us": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "micros"
}
}
}
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"stats": {
"properties": {
"periods": {
"type": "long",
"meta": {
"metric_type": "counter"
}
},
"throttled": {
"properties": {
"ns": {
"type": "long",
"meta": {
"metric_type": "counter",
"unit": "nanos"
}
},
"periods": {
"type": "long",
"meta": {
"metric_type": "counter"
}
}
}
}
}
}
}
},
"cpuacct": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"total": {
"properties": {
"ns": {
"type": "long",
"meta": {
"metric_type": "counter",
"unit": "nanos"
}
}
}
}
}
},
"memory": {
"properties": {
"mem": {
"properties": {
"limit": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"usage": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
}
}
}
}
}
}
},
"cpu": {
"properties": {
"total": {
"properties": {
"norm": {
"properties": {
"pct": {
"type": "scaled_float",
"meta": {
"metric_type": "gauge",
"unit": "percent"
},
"scaling_factor": 1000.0
}
}
}
}
}
}
},
"memory": {
"properties": {
"rss": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"size": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
}
}
}
}
},
"tags": {
"type": "keyword",
"ignore_above": 1024
},
"threat": {
"properties": {
"enrichments": {
"type": "nested",
"properties": {
"indicator": {
"properties": {
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
}
}
},
"confidence": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"gid": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"type": "keyword",
"ignore_above": 1024
},
"inode": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"mode": {
"type": "keyword",
"ignore_above": 1024
},
"mtime": {
"type": "date"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"owner": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"size": {
"type": "long"
},
"target_path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"first_seen": {
"type": "date"
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"last_seen": {
"type": "date"
},
"marking": {
"properties": {
"tlp": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"modified_at": {
"type": "date"
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"port": {
"type": "long"
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"registry": {
"properties": {
"data": {
"properties": {
"bytes": {
"type": "keyword",
"ignore_above": 1024
},
"strings": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hive": {
"type": "keyword",
"ignore_above": 1024
},
"key": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"scanner_stats": {
"type": "long"
},
"sightings": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fragment": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"original": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"password": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"port": {
"type": "long"
},
"query": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"scheme": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"username": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"matched": {
"properties": {
"atomic": {
"type": "keyword",
"ignore_above": 1024
},
"field": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"index": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"framework": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"indicator": {
"properties": {
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
}
}
}
}
},
"confidence": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"gid": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"type": "keyword",
"ignore_above": 1024
},
"inode": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"mode": {
"type": "keyword",
"ignore_above": 1024
},
"mtime": {
"type": "date"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"owner": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"size": {
"type": "long"
},
"target_path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"first_seen": {
"type": "date"
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"last_seen": {
"type": "date"
},
"marking": {
"properties": {
"tlp": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"modified_at": {
"type": "date"
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"port": {
"type": "long"
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"registry": {
"properties": {
"data": {
"properties": {
"bytes": {
"type": "keyword",
"ignore_above": 1024
},
"strings": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hive": {
"type": "keyword",
"ignore_above": 1024
},
"key": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"scanner_stats": {
"type": "long"
},
"sightings": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fragment": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"original": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"password": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"port": {
"type": "long"
},
"query": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"scheme": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"username": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"software": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"platforms": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"tactic": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"technique": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"subtechnique": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"reference": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
}
},
"timeseries": {
"properties": {
"instance": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"timestamp": {
"properties": {
"us": {
"type": "long"
}
}
},
"tls": {
"properties": {
"cipher": {
"type": "keyword",
"ignore_above": 1024
},
"client": {
"properties": {
"certificate": {
"type": "keyword",
"ignore_above": 1024
},
"certificate_chain": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"issuer": {
"type": "keyword",
"ignore_above": 1024
},
"ja3": {
"type": "keyword",
"ignore_above": 1024
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"server_name": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"type": "keyword",
"ignore_above": 1024
},
"supported_ciphers": {
"type": "keyword",
"ignore_above": 1024
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"curve": {
"type": "keyword",
"ignore_above": 1024
},
"established": {
"type": "boolean"
},
"next_protocol": {
"type": "keyword",
"ignore_above": 1024
},
"resumed": {
"type": "boolean"
},
"server": {
"properties": {
"certificate": {
"type": "keyword",
"ignore_above": 1024
},
"certificate_chain": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"issuer": {
"type": "keyword",
"ignore_above": 1024
},
"ja3s": {
"type": "keyword",
"ignore_above": 1024
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"subject": {
"type": "keyword",
"ignore_above": 1024
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
},
"version_protocol": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"trace": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"transaction": {
"dynamic": "false",
"properties": {
"breakdown": {
"properties": {
"count": {
"type": "long"
}
}
},
"duration": {
"properties": {
"count": {
"type": "long"
},
"histogram": {
"type": "histogram"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
},
"us": {
"type": "long"
}
}
},
"experience": {
"properties": {
"cls": {
"type": "scaled_float",
"scaling_factor": 1000000.0
},
"fid": {
"type": "scaled_float",
"scaling_factor": 1000000.0
},
"longtask": {
"properties": {
"count": {
"type": "long"
},
"max": {
"type": "scaled_float",
"scaling_factor": 1000000.0
},
"sum": {
"type": "scaled_float",
"scaling_factor": 1000000.0
}
}
},
"tbt": {
"type": "scaled_float",
"scaling_factor": 1000000.0
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"marks": {
"dynamic": "true",
"properties": {
"*": {
"properties": {
"*": {
"type": "object",
"dynamic": "true"
}
}
}
}
},
"message": {
"dynamic": "false",
"properties": {
"age": {
"properties": {
"ms": {
"type": "long"
}
}
},
"queue": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"result": {
"type": "keyword",
"ignore_above": 1024
},
"root": {
"type": "boolean"
},
"sampled": {
"type": "boolean"
},
"self_time": {
"properties": {
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"span_count": {
"properties": {
"dropped": {
"type": "long"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"url": {
"dynamic": "false",
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fragment": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024
},
"original": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"password": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"port": {
"type": "long"
},
"query": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"scheme": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"username": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"user": {
"dynamic": "false",
"properties": {
"changes": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"effective": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"roles": {
"type": "keyword",
"ignore_above": 1024
},
"target": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"user_agent": {
"dynamic": "false",
"properties": {
"device": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"original": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"os": {
"properties": {
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vulnerability": {
"properties": {
"category": {
"type": "keyword",
"ignore_above": 1024
},
"classification": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "text",
"norms": false
}
}
},
"enumeration": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"report_id": {
"type": "keyword",
"ignore_above": 1024
},
"scanner": {
"properties": {
"vendor": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"score": {
"properties": {
"base": {
"type": "float"
},
"environmental": {
"type": "float"
},
"temporal": {
"type": "float"
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"severity": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
},
"apm-7.16.3-profile-000001": {
"mappings": {
"_meta": {
"beat": "apm",
"version": "7.16.3"
},
"dynamic_templates": [
{
"labels": {
"path_match": "labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"container.labels": {
"path_match": "container.labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"fields": {
"path_match": "fields.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"docker.container.labels": {
"path_match": "docker.container.labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.labels.*": {
"path_match": "kubernetes.labels.*",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.annotations.*": {
"path_match": "kubernetes.annotations.*",
"mapping": {
"type": "keyword"
}
}
},
{
"kubernetes.selectors.*": {
"path_match": "kubernetes.selectors.*",
"mapping": {
"type": "keyword"
}
}
},
{
"labels_string": {
"path_match": "labels.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"labels_boolean": {
"path_match": "labels.*",
"match_mapping_type": "boolean",
"mapping": {
"type": "boolean"
}
}
},
{
"labels_*": {
"path_match": "labels.*",
"mapping": {
"scaling_factor": 1000000,
"type": "scaled_float"
}
}
},
{
"histogram": {
"mapping": {
"type": "histogram"
}
}
},
{
"transaction.marks": {
"path_match": "transaction.marks.*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"transaction.marks.*.*": {
"path_match": "transaction.marks.*.*",
"mapping": {
"scaling_factor": 1000000,
"type": "scaled_float"
}
}
},
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
],
"date_detection": false,
"properties": {
"@timestamp": {
"type": "date"
},
"agent": {
"dynamic": "false",
"properties": {
"build": {
"properties": {
"original": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"child": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"client": {
"dynamic": "false",
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"cloud": {
"properties": {
"account": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"availability_zone": {
"type": "keyword",
"ignore_above": 1024
},
"image": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"instance": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"machine": {
"dynamic": "false",
"properties": {
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"origin": {
"dynamic": "false",
"properties": {
"account": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"region": {
"type": "keyword",
"ignore_above": 1024
},
"service": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"project": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"region": {
"type": "keyword",
"ignore_above": 1024
},
"service": {
"dynamic": "false",
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"container": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"image": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"tag": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"labels": {
"type": "object"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"runtime": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"data_stream": {
"properties": {
"dataset": {
"type": "constant_keyword"
},
"namespace": {
"type": "constant_keyword"
},
"type": {
"type": "constant_keyword"
}
}
},
"destination": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"dll": {
"properties": {
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"dns": {
"properties": {
"answers": {
"properties": {
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"ttl": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"header_flags": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"op_code": {
"type": "keyword",
"ignore_above": 1024
},
"question": {
"properties": {
"class": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"resolved_ip": {
"type": "ip"
},
"response_code": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"docker": {
"properties": {
"container": {
"properties": {
"labels": {
"type": "object"
}
}
}
}
},
"ecs": {
"properties": {
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"error": {
"dynamic": "false",
"properties": {
"code": {
"type": "keyword",
"ignore_above": 1024
},
"culprit": {
"type": "keyword",
"ignore_above": 1024
},
"exception": {
"properties": {
"code": {
"type": "keyword",
"ignore_above": 1024
},
"handled": {
"type": "boolean"
},
"message": {
"type": "text",
"norms": false
},
"module": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"grouping_key": {
"type": "keyword",
"ignore_above": 1024
},
"grouping_name": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"log": {
"properties": {
"level": {
"type": "keyword",
"ignore_above": 1024
},
"logger_name": {
"type": "keyword",
"ignore_above": 1024
},
"message": {
"type": "text",
"norms": false
},
"param_message": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"message": {
"type": "match_only_text"
},
"stack_trace": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"event": {
"properties": {
"action": {
"type": "keyword",
"ignore_above": 1024
},
"agent_id_status": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
},
"code": {
"type": "keyword",
"ignore_above": 1024
},
"created": {
"type": "date"
},
"dataset": {
"type": "keyword",
"ignore_above": 1024
},
"duration": {
"type": "long"
},
"end": {
"type": "date"
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ingested": {
"type": "date"
},
"kind": {
"type": "keyword",
"ignore_above": 1024
},
"module": {
"type": "keyword",
"ignore_above": 1024
},
"original": {
"type": "keyword",
"index": false,
"doc_values": false,
"ignore_above": 1024
},
"outcome": {
"type": "keyword",
"ignore_above": 1024
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"reason": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"risk_score": {
"type": "float"
},
"risk_score_norm": {
"type": "float"
},
"sequence": {
"type": "long"
},
"severity": {
"type": "long"
},
"start": {
"type": "date"
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"faas": {
"dynamic": "false",
"properties": {
"coldstart": {
"type": "boolean"
},
"execution": {
"type": "keyword",
"ignore_above": 1024
},
"trigger": {
"properties": {
"request_id": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"fields": {
"type": "object"
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fork_name": {
"type": "keyword",
"ignore_above": 1024
},
"gid": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"inode": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"mode": {
"type": "keyword",
"ignore_above": 1024
},
"mtime": {
"type": "date"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"owner": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"size": {
"type": "long"
},
"target_path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"host": {
"dynamic": "false",
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"containerized": {
"type": "boolean"
},
"cpu": {
"properties": {
"usage": {
"type": "scaled_float",
"scaling_factor": 1000.0
}
}
},
"disk": {
"properties": {
"read": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"write": {
"properties": {
"bytes": {
"type": "long"
}
}
}
}
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"network": {
"properties": {
"egress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
},
"ingress": {
"properties": {
"bytes": {
"type": "long"
},
"packets": {
"type": "long"
}
}
}
}
},
"os": {
"properties": {
"build": {
"type": "keyword",
"ignore_above": 1024
},
"codename": {
"type": "keyword",
"ignore_above": 1024
},
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uptime": {
"type": "long"
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"http": {
"dynamic": "false",
"properties": {
"request": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
},
"content": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"bytes": {
"type": "long"
},
"headers": {
"type": "object",
"enabled": false
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"method": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"referrer": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"response": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
},
"content": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"bytes": {
"type": "long"
},
"finished": {
"type": "boolean"
},
"headers": {
"type": "object",
"enabled": false
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"status_code": {
"type": "long"
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"kubernetes": {
"dynamic": "false",
"properties": {
"annotations": {
"properties": {
"*": {
"type": "object"
}
}
},
"container": {
"properties": {
"image": {
"type": "alias",
"path": "container.image.name"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"deployment": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"labels": {
"properties": {
"*": {
"type": "object"
}
}
},
"namespace": {
"type": "keyword",
"ignore_above": 1024
},
"node": {
"properties": {
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pod": {
"properties": {
"ip": {
"type": "ip"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"replicaset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"selectors": {
"properties": {
"*": {
"type": "object"
}
}
},
"statefulset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"labels": {
"type": "object",
"dynamic": "true"
},
"log": {
"properties": {
"file": {
"properties": {
"path": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"level": {
"type": "keyword",
"ignore_above": 1024
},
"logger": {
"type": "keyword",
"ignore_above": 1024
},
"origin": {
"properties": {
"file": {
"properties": {
"line": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"function": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"original": {
"type": "keyword",
"index": false,
"doc_values": false,
"ignore_above": 1024
},
"syslog": {
"properties": {
"facility": {
"properties": {
"code": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"priority": {
"type": "long"
},
"severity": {
"properties": {
"code": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
}
}
},
"message": {
"type": "text",
"norms": false
},
"metricset": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"period": {
"type": "long",
"meta": {
"unit": "ms"
}
}
}
},
"network": {
"dynamic": "false",
"properties": {
"application": {
"type": "keyword",
"ignore_above": 1024
},
"bytes": {
"type": "long"
},
"carrier": {
"properties": {
"icc": {
"type": "keyword",
"ignore_above": 1024
},
"mcc": {
"type": "keyword",
"ignore_above": 1024
},
"mnc": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"community_id": {
"type": "keyword",
"ignore_above": 1024
},
"connection": {
"properties": {
"subtype": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"direction": {
"type": "keyword",
"ignore_above": 1024
},
"forwarded_ip": {
"type": "ip"
},
"iana_number": {
"type": "keyword",
"ignore_above": 1024
},
"inner": {
"properties": {
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"packets": {
"type": "long"
},
"protocol": {
"type": "keyword",
"ignore_above": 1024
},
"transport": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"observer": {
"dynamic": "false",
"properties": {
"egress": {
"properties": {
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"zone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ingress": {
"properties": {
"interface": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"vlan": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"zone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"listening": {
"type": "keyword",
"ignore_above": 1024
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"os": {
"properties": {
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"product": {
"type": "keyword",
"ignore_above": 1024
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"vendor": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
},
"version_major": {
"type": "byte"
}
}
},
"orchestrator": {
"properties": {
"api_version": {
"type": "keyword",
"ignore_above": 1024
},
"cluster": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"namespace": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"resource": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"organization": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"os": {
"properties": {
"family": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"package": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"build_version": {
"type": "keyword",
"ignore_above": 1024
},
"checksum": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"install_scope": {
"type": "keyword",
"ignore_above": 1024
},
"installed": {
"type": "date"
},
"license": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"parent": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"process": {
"dynamic": "false",
"properties": {
"args": {
"type": "keyword",
"ignore_above": 1024
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"end": {
"type": "date"
},
"entity_id": {
"type": "keyword",
"ignore_above": 1024
},
"executable": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"parent": {
"properties": {
"args": {
"type": "keyword",
"ignore_above": 1024
},
"args_count": {
"type": "long"
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"command_line": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"end": {
"type": "date"
},
"entity_id": {
"type": "keyword",
"ignore_above": 1024
},
"executable": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"exit_code": {
"type": "long"
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"title": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"uptime": {
"type": "long"
},
"working_directory": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"pgid": {
"type": "long"
},
"pid": {
"type": "long"
},
"ppid": {
"type": "long"
},
"start": {
"type": "date"
},
"thread": {
"properties": {
"id": {
"type": "long"
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"title": {
"type": "keyword",
"ignore_above": 1024
},
"uptime": {
"type": "long"
},
"working_directory": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"processor": {
"properties": {
"event": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"profile": {
"dynamic": "false",
"properties": {
"alloc_objects": {
"properties": {
"count": {
"type": "long"
}
}
},
"alloc_space": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"cpu": {
"properties": {
"ns": {
"type": "long",
"meta": {
"unit": "nanos"
}
}
}
},
"duration": {
"type": "long",
"meta": {
"unit": "nanos"
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"inuse_objects": {
"properties": {
"count": {
"type": "long"
}
}
},
"inuse_space": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"samples": {
"properties": {
"count": {
"type": "long"
}
}
},
"stack": {
"dynamic": "false",
"properties": {
"filename": {
"type": "keyword",
"ignore_above": 1024
},
"function": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"line": {
"type": "long"
}
}
},
"top": {
"dynamic": "false",
"properties": {
"filename": {
"type": "keyword",
"ignore_above": 1024
},
"function": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"line": {
"type": "long"
}
}
},
"wall": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"registry": {
"properties": {
"data": {
"properties": {
"bytes": {
"type": "keyword",
"ignore_above": 1024
},
"strings": {
"type": "wildcard",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hive": {
"type": "keyword",
"ignore_above": 1024
},
"key": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"related": {
"properties": {
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"hosts": {
"type": "keyword",
"ignore_above": 1024
},
"ip": {
"type": "ip"
},
"user": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"rule": {
"properties": {
"author": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"license": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"ruleset": {
"type": "keyword",
"ignore_above": 1024
},
"uuid": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"server": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"service": {
"dynamic": "false",
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"environment": {
"type": "keyword",
"ignore_above": 1024
},
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"framework": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"language": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"node": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"origin": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"runtime": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"state": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"session": {
"dynamic": "false",
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"sequence": {
"type": "long"
}
}
},
"source": {
"dynamic": "false",
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"bytes": {
"type": "long"
},
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"nat": {
"properties": {
"ip": {
"type": "ip"
},
"port": {
"type": "long"
}
}
},
"packets": {
"type": "long"
},
"port": {
"type": "long"
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"user": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"type": "keyword",
"ignore_above": 1024
},
"full_name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"group": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hash": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"roles": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"sourcemap": {
"dynamic": "false",
"properties": {
"bundle_filepath": {
"type": "keyword",
"ignore_above": 1024
},
"service": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"span": {
"dynamic": "false",
"properties": {
"action": {
"type": "keyword",
"ignore_above": 1024
},
"composite": {
"dynamic": "false",
"properties": {
"compression_strategy": {
"type": "keyword",
"ignore_above": 1024
},
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long"
}
}
}
}
},
"db": {
"dynamic": "false",
"properties": {
"link": {
"type": "keyword",
"ignore_above": 1024
},
"rows_affected": {
"type": "long"
}
}
},
"destination": {
"dynamic": "false",
"properties": {
"service": {
"dynamic": "false",
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
},
"resource": {
"type": "keyword",
"ignore_above": 1024
},
"response_time": {
"properties": {
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"duration": {
"properties": {
"us": {
"type": "long"
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"kind": {
"type": "keyword",
"ignore_above": 1024
},
"message": {
"dynamic": "false",
"properties": {
"age": {
"properties": {
"ms": {
"type": "long"
}
}
},
"queue": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"self_time": {
"properties": {
"count": {
"type": "long"
},
"sum": {
"properties": {
"us": {
"type": "long",
"meta": {
"unit": "micros"
}
}
}
}
}
},
"start": {
"properties": {
"us": {
"type": "long"
}
}
},
"subtype": {
"type": "keyword",
"ignore_above": 1024
},
"sync": {
"type": "boolean"
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"system": {
"properties": {
"cpu": {
"properties": {
"total": {
"properties": {
"norm": {
"properties": {
"pct": {
"type": "scaled_float",
"meta": {
"metric_type": "gauge",
"unit": "percent"
},
"scaling_factor": 1000.0
}
}
}
}
}
}
},
"memory": {
"properties": {
"actual": {
"properties": {
"free": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"total": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"process": {
"properties": {
"cgroup": {
"properties": {
"cpu": {
"properties": {
"cfs": {
"properties": {
"period": {
"properties": {
"us": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "micros"
}
}
}
},
"quota": {
"properties": {
"us": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "micros"
}
}
}
}
}
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"stats": {
"properties": {
"periods": {
"type": "long",
"meta": {
"metric_type": "counter"
}
},
"throttled": {
"properties": {
"ns": {
"type": "long",
"meta": {
"metric_type": "counter",
"unit": "nanos"
}
},
"periods": {
"type": "long",
"meta": {
"metric_type": "counter"
}
}
}
}
}
}
}
},
"cpuacct": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"total": {
"properties": {
"ns": {
"type": "long",
"meta": {
"metric_type": "counter",
"unit": "nanos"
}
}
}
}
}
},
"memory": {
"properties": {
"mem": {
"properties": {
"limit": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"usage": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
}
}
}
}
}
}
},
"cpu": {
"properties": {
"total": {
"properties": {
"norm": {
"properties": {
"pct": {
"type": "scaled_float",
"meta": {
"metric_type": "gauge",
"unit": "percent"
},
"scaling_factor": 1000.0
}
}
}
}
}
}
},
"memory": {
"properties": {
"rss": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
},
"size": {
"type": "long",
"meta": {
"metric_type": "gauge",
"unit": "byte"
}
}
}
}
}
}
}
},
"tags": {
"type": "keyword",
"ignore_above": 1024
},
"threat": {
"properties": {
"enrichments": {
"type": "nested",
"properties": {
"indicator": {
"properties": {
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"confidence": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
"type": "keyword",
"ignore_above": 1024
},
"data": {
"type": "keyword",
"ignore_above": 1024
},
"entrypoint": {
"type": "long"
},
"object_version": {
"type": "keyword",
"ignore_above": 1024
},
"os_abi": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"imports": {
"type": "flattened"
},
"sections": {
"type": "nested",
"properties": {
"chi2": {
"type": "long"
},
"entropy": {
"type": "long"
},
"flags": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"physical_offset": {
"type": "keyword",
"ignore_above": 1024
},
"physical_size": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"virtual_address": {
"type": "long"
},
"virtual_size": {
"type": "long"
}
}
},
"segments": {
"type": "nested",
"properties": {
"sections": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"shared_libraries": {
"type": "keyword",
"ignore_above": 1024
},
"telfhash": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fork_name": {
"type": "keyword",
"ignore_above": 1024
},
"gid": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"type": "keyword",
"ignore_above": 1024
},
"hash": {
"properties": {
"md5": {
"type": "keyword",
"ignore_above": 1024
},
"sha1": {
"type": "keyword",
"ignore_above": 1024
},
"sha256": {
"type": "keyword",
"ignore_above": 1024
},
"sha512": {
"type": "keyword",
"ignore_above": 1024
},
"ssdeep": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"inode": {
"type": "keyword",
"ignore_above": 1024
},
"mime_type": {
"type": "keyword",
"ignore_above": 1024
},
"mode": {
"type": "keyword",
"ignore_above": 1024
},
"mtime": {
"type": "date"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"owner": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"pe": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"company": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"file_version": {
"type": "keyword",
"ignore_above": 1024
},
"imphash": {
"type": "keyword",
"ignore_above": 1024
},
"original_file_name": {
"type": "keyword",
"ignore_above": 1024
},
"product": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"size": {
"type": "long"
},
"target_path": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"uid": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"first_seen": {
"type": "date"
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_code": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"postal_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
},
"last_seen": {
"type": "date"
},
"marking": {
"properties": {
"tlp": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"modified_at": {
"type": "date"
},
"port": {
"type": "long"
},
"provider": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
},
"registry": {
"properties": {
"data": {
"properties": {
"bytes": {
"type": "keyword",
"ignore_above": 1024
},
"strings": {
"type": "wildcard",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"hive": {
"type": "keyword",
"ignore_above": 1024
},
"key": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "keyword",
"ignore_above": 1024
},
"value": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"scanner_stats": {
"type": "long"
},
"sightings": {
"type": "long"
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fragment": {
"type": "keyword",
"ignore_above": 1024
},
"full": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"original": {
"type": "wildcard",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"password": {
"type": "keyword",
"ignore_above": 1024
},
"path": {
"type": "wildcard",
"ignore_above": 1024
},
"port": {
"type": "long"
},
"query": {
"type": "keyword",
"ignore_above": 1024
},
"registered_domain": {
"type": "keyword",
"ignore_above": 1024
},
"scheme": {
"type": "keyword",
"ignore_above": 1024
},
"subdomain": {
"type": "keyword",
"ignore_above": 1024
},
"top_level_domain": {
"type": "keyword",
"ignore_above": 1024
},
"username": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"x509": {
"properties": {
"alternative_names": {
"type": "keyword",
"ignore_above": 1024
},
"issuer": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"not_after": {
"type": "date"
},
"not_before": {
"type": "date"
},
"public_key_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_curve": {
"type": "keyword",
"ignore_above": 1024
},
"public_key_exponent": {
"type": "long",
"index": false,
"doc_values": false
},
"public_key_size": {
"type": "long"
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"signature_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"subject": {
"properties": {
"common_name": {
"type": "keyword",
"ignore_above": 1024
},
"country": {
"type": "keyword",
"ignore_above": 1024
},
"distinguished_name": {
"type": "keyword",
"ignore_above": 1024
},
"locality": {
"type": "keyword",
"ignore_above": 1024
},
"organization": {
"type": "keyword",
"ignore_above": 1024
},
"organizational_unit": {
"type": "keyword",
"ignore_above": 1024
},
"state_or_province": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version_number": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"matched": {
"properties": {
"atomic": {
"type": "keyword",
"ignore_above": 1024
},
"field": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"index": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"framework": {
"type": "keyword",
"ignore_above": 1024
},
"group": {
"properties": {
"alias": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"ignore_above": 1024
},
"reference": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"indicator": {
"properties": {
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"ignore_above": 1024,
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"confidence": {
"type": "keyword",
"ignore_above": 1024
},
"description": {
"type": "keyword",
"ignore_above": 1024
},
"email": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"file": {
"properties": {
"accessed": {
"type": "date"
},
"attributes": {
"type": "keyword",
"ignore_above": 1024
},
"code_signature": {
"properties": {
"digest_algorithm": {
"type": "keyword",
"ignore_above": 1024
},
"exists": {
"type": "boolean"
},
"signing_id": {
"type": "keyword",
"ignore_above": 1024
},
"status": {
"type": "keyword",
"ignore_above": 1024
},
"subject_name": {
"type": "keyword",
"ignore_above": 1024
},
"team_id": {
"type": "keyword",
"ignore_above": 1024
},
"timestamp": {
"type": "date"
},
"trusted": {
"type": "boolean"
},
"valid": {
"type": "boolean"
}
}
},
"created": {
"type": "date"
},
"ctime": {
"type": "date"
},
"device": {
"type": "keyword",
"ignore_above": 1024
},
"directory": {
"type": "keyword",
"ignore_above": 1024
},
"drive_letter": {
"type": "keyword",
"ignore_above": 1
},
"elf": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"byte_order": {
"type": "keyword",
"ignore_above": 1024
},
"cpu_type": {
"type": "keyword",
"ignore_above": 1024
},
"creation_date": {
"type": "date"
},
"exports": {
"type": "flattened"
},
"header": {
"properties": {
"abi_version": {
"type": "keyword",
"ignore_above": 1024
},
"class": {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment