1{ 2 "index_patterns": ["try-ecs-*"], 3 "mappings": { 4 "_meta": { 5 "version": "1.11.0" 6 }, 7 "date_detection": false, 8 "dynamic_templates": [ 9 { 10 "strings_as_keyword": { 11 "mapping": { 12 "ignore_above": 1024, 13 "type": "keyword" 14 }, 15 "match_mapping_type": "string" 16 } 17 } 18 ], 19 "properties": { 20 "@timestamp": { 21 "type": "date" 22 }, 23 "agent": { 24 "properties": { 25 "build": { 26 "properties": { 27 "original": { 28 "ignore_above": 1024, 29 "type": "keyword" 30 } 31 } 32 }, 33 "ephemeral_id": { 34 "ignore_above": 1024, 35 "type": "keyword" 36 }, 37 "id": { 38 "ignore_above": 1024, 39 "type": "keyword" 40 }, 41 "name": { 42 "ignore_above": 1024, 43 "type": "keyword" 44 }, 45 "type": { 46 "ignore_above": 1024, 47 "type": "keyword" 48 }, 49 "version": { 50 "ignore_above": 1024, 51 "type": "keyword" 52 } 53 } 54 }, 55 "client": { 56 "properties": { 57 "address": { 58 "ignore_above": 1024, 59 "type": "keyword" 60 }, 61 "as": { 62 "properties": { 63 "number": { 64 "type": "long" 65 }, 66 "organization": { 67 "properties": { 68 "name": { 69 "fields": { 70 "text": { 71 "norms": false, 72 "type": "text" 73 } 74 }, 75 "ignore_above": 1024, 76 "type": "keyword" 77 } 78 } 79 } 80 } 81 }, 82 "bytes": { 83 "type": "long" 84 }, 85 "domain": { 86 "ignore_above": 1024, 87 "type": "keyword" 88 }, 89 "geo": { 90 "properties": { 91 "city_name": { 92 "ignore_above": 1024, 93 "type": "keyword" 94 }, 95 "continent_code": { 96 "ignore_above": 1024, 97 "type": "keyword" 98 }, 99 "continent_name": { 100 "ignore_above": 1024, 101 "type": "keyword" 102 }, 103 "country_iso_code": { 104 "ignore_above": 1024, 105 "type": "keyword" 106 }, 107 "country_name": { 108 "ignore_above": 1024, 109 "type": "keyword" 110 }, 111 "location": { 112 "type": "geo_point" 113 }, 114 "name": { 115 "ignore_above": 1024, 116 "type": "keyword" 117 }, 118 "postal_code": { 119 "ignore_above": 1024, 120 "type": "keyword" 121 }, 122 "region_iso_code": { 123 "ignore_above": 1024, 124 "type": "keyword" 125 }, 126 "region_name": { 127 "ignore_above": 1024, 128 "type": "keyword" 129 }, 130 "timezone": { 131 "ignore_above": 1024, 132 "type": "keyword" 133 } 134 } 135 }, 136 "ip": { 137 "type": "ip" 138 }, 139 "mac": { 140 "ignore_above": 1024, 141 "type": "keyword" 142 }, 143 "nat": { 144 "properties": { 145 "ip": { 146 "type": "ip" 147 }, 148 "port": { 149 "type": "long" 150 } 151 } 152 }, 153 "packets": { 154 "type": "long" 155 }, 156 "port": { 157 "type": "long" 158 }, 159 "registered_domain": { 160 "ignore_above": 1024, 161 "type": "keyword" 162 }, 163 "subdomain": { 164 "ignore_above": 1024, 165 "type": "keyword" 166 }, 167 "top_level_domain": { 168 "ignore_above": 1024, 169 "type": "keyword" 170 }, 171 "user": { 172 "properties": { 173 "domain": { 174 "ignore_above": 1024, 175 "type": "keyword" 176 }, 177 "email": { 178 "ignore_above": 1024, 179 "type": "keyword" 180 }, 181 "full_name": { 182 "fields": { 183 "text": { 184 "norms": false, 185 "type": "text" 186 } 187 }, 188 "ignore_above": 1024, 189 "type": "keyword" 190 }, 191 "group": { 192 "properties": { 193 "domain": { 194 "ignore_above": 1024, 195 "type": "keyword" 196 }, 197 "id": { 198 "ignore_above": 1024, 199 "type": "keyword" 200 }, 201 "name": { 202 "ignore_above": 1024, 203 "type": "keyword" 204 } 205 } 206 }, 207 "hash": { 208 "ignore_above": 1024, 209 "type": "keyword" 210 }, 211 "id": { 212 "ignore_above": 1024, 213 "type": "keyword" 214 }, 215 "name": { 216 "fields": { 217 "text": { 218 "norms": false, 219 "type": "text" 220 } 221 }, 222 "ignore_above": 1024, 223 "type": "keyword" 224 }, 225 "roles": { 226 "ignore_above": 1024, 227 "type": "keyword" 228 } 229 } 230 } 231 } 232 }, 233 "cloud": { 234 "properties": { 235 "account": { 236 "properties": { 237 "id": { 238 "ignore_above": 1024, 239 "type": "keyword" 240 }, 241 "name": { 242 "ignore_above": 1024, 243 "type": "keyword" 244 } 245 } 246 }, 247 "availability_zone": { 248 "ignore_above": 1024, 249 "type": "keyword" 250 }, 251 "instance": { 252 "properties": { 253 "id": { 254 "ignore_above": 1024, 255 "type": "keyword" 256 }, 257 "name": { 258 "ignore_above": 1024, 259 "type": "keyword" 260 } 261 } 262 }, 263 "machine": { 264 "properties": { 265 "type": { 266 "ignore_above": 1024, 267 "type": "keyword" 268 } 269 } 270 }, 271 "project": { 272 "properties": { 273 "id": { 274 "ignore_above": 1024, 275 "type": "keyword" 276 }, 277 "name": { 278 "ignore_above": 1024, 279 "type": "keyword" 280 } 281 } 282 }, 283 "provider": { 284 "ignore_above": 1024, 285 "type": "keyword" 286 }, 287 "region": { 288 "ignore_above": 1024, 289 "type": "keyword" 290 }, 291 "service": { 292 "properties": { 293 "name": { 294 "ignore_above": 1024, 295 "type": "keyword" 296 } 297 } 298 } 299 } 300 }, 301 "container": { 302 "properties": { 303 "id": { 304 "ignore_above": 1024, 305 "type": "keyword" 306 }, 307 "image": { 308 "properties": { 309 "name": { 310 "ignore_above": 1024, 311 "type": "keyword" 312 }, 313 "tag": { 314 "ignore_above": 1024, 315 "type": "keyword" 316 } 317 } 318 }, 319 "labels": { 320 "type": "object" 321 }, 322 "name": { 323 "ignore_above": 1024, 324 "type": "keyword" 325 }, 326 "runtime": { 327 "ignore_above": 1024, 328 "type": "keyword" 329 } 330 } 331 }, 332 "data_stream": { 333 "properties": { 334 "dataset": { 335 "type": "keyword" 336 }, 337 "namespace": { 338 "type": "keyword" 339 }, 340 "type": { 341 "type": "keyword" 342 } 343 } 344 }, 345 "destination": { 346 "properties": { 347 "address": { 348 "ignore_above": 1024, 349 "type": "keyword" 350 }, 351 "as": { 352 "properties": { 353 "number": { 354 "type": "long" 355 }, 356 "organization": { 357 "properties": { 358 "name": { 359 "fields": { 360 "text": { 361 "norms": false, 362 "type": "text" 363 } 364 }, 365 "ignore_above": 1024, 366 "type": "keyword" 367 } 368 } 369 } 370 } 371 }, 372 "bytes": { 373 "type": "long" 374 }, 375 "domain": { 376 "ignore_above": 1024, 377 "type": "keyword" 378 }, 379 "geo": { 380 "properties": { 381 "city_name": { 382 "ignore_above": 1024, 383 "type": "keyword" 384 }, 385 "continent_code": { 386 "ignore_above": 1024, 387 "type": "keyword" 388 }, 389 "continent_name": { 390 "ignore_above": 1024, 391 "type": "keyword" 392 }, 393 "country_iso_code": { 394 "ignore_above": 1024, 395 "type": "keyword" 396 }, 397 "country_name": { 398 "ignore_above": 1024, 399 "type": "keyword" 400 }, 401 "location": { 402 "type": "geo_point" 403 }, 404 "name": { 405 "ignore_above": 1024, 406 "type": "keyword" 407 }, 408 "postal_code": { 409 "ignore_above": 1024, 410 "type": "keyword" 411 }, 412 "region_iso_code": { 413 "ignore_above": 1024, 414 "type": "keyword" 415 }, 416 "region_name": { 417 "ignore_above": 1024, 418 "type": "keyword" 419 }, 420 "timezone": { 421 "ignore_above": 1024, 422 "type": "keyword" 423 } 424 } 425 }, 426 "ip": { 427 "type": "ip" 428 }, 429 "mac": { 430 "ignore_above": 1024, 431 "type": "keyword" 432 }, 433 "nat": { 434 "properties": { 435 "ip": { 436 "type": "ip" 437 }, 438 "port": { 439 "type": "long" 440 } 441 } 442 }, 443 "packets": { 444 "type": "long" 445 }, 446 "port": { 447 "type": "long" 448 }, 449 "registered_domain": { 450 "ignore_above": 1024, 451 "type": "keyword" 452 }, 453 "subdomain": { 454 "ignore_above": 1024, 455 "type": "keyword" 456 }, 457 "top_level_domain": { 458 "ignore_above": 1024, 459 "type": "keyword" 460 }, 461 "user": { 462 "properties": { 463 "domain": { 464 "ignore_above": 1024, 465 "type": "keyword" 466 }, 467 "email": { 468 "ignore_above": 1024, 469 "type": "keyword" 470 }, 471 "full_name": { 472 "fields": { 473 "text": { 474 "norms": false, 475 "type": "text" 476 } 477 }, 478 "ignore_above": 1024, 479 "type": "keyword" 480 }, 481 "group": { 482 "properties": { 483 "domain": { 484 "ignore_above": 1024, 485 "type": "keyword" 486 }, 487 "id": { 488 "ignore_above": 1024, 489 "type": "keyword" 490 }, 491 "name": { 492 "ignore_above": 1024, 493 "type": "keyword" 494 } 495 } 496 }, 497 "hash": { 498 "ignore_above": 1024, 499 "type": "keyword" 500 }, 501 "id": { 502 "ignore_above": 1024, 503 "type": "keyword" 504 }, 505 "name": { 506 "fields": { 507 "text": { 508 "norms": false, 509 "type": "text" 510 } 511 }, 512 "ignore_above": 1024, 513 "type": "keyword" 514 }, 515 "roles": { 516 "ignore_above": 1024, 517 "type": "keyword" 518 } 519 } 520 } 521 } 522 }, 523 "dll": { 524 "properties": { 525 "code_signature": { 526 "properties": { 527 "exists": { 528 "type": "boolean" 529 }, 530 "signing_id": { 531 "ignore_above": 1024, 532 "type": "keyword" 533 }, 534 "status": { 535 "ignore_above": 1024, 536 "type": "keyword" 537 }, 538 "subject_name": { 539 "ignore_above": 1024, 540 "type": "keyword" 541 }, 542 "team_id": { 543 "ignore_above": 1024, 544 "type": "keyword" 545 }, 546 "trusted": { 547 "type": "boolean" 548 }, 549 "valid": { 550 "type": "boolean" 551 } 552 } 553 }, 554 "hash": { 555 "properties": { 556 "md5": { 557 "ignore_above": 1024, 558 "type": "keyword" 559 }, 560 "sha1": { 561 "ignore_above": 1024, 562 "type": "keyword" 563 }, 564 "sha256": { 565 "ignore_above": 1024, 566 "type": "keyword" 567 }, 568 "sha512": { 569 "ignore_above": 1024, 570 "type": "keyword" 571 }, 572 "ssdeep": { 573 "ignore_above": 1024, 574 "type": "keyword" 575 } 576 } 577 }, 578 "name": { 579 "ignore_above": 1024, 580 "type": "keyword" 581 }, 582 "path": { 583 "ignore_above": 1024, 584 "type": "keyword" 585 }, 586 "pe": { 587 "properties": { 588 "architecture": { 589 "ignore_above": 1024, 590 "type": "keyword" 591 }, 592 "company": { 593 "ignore_above": 1024, 594 "type": "keyword" 595 }, 596 "description": { 597 "ignore_above": 1024, 598 "type": "keyword" 599 }, 600 "file_version": { 601 "ignore_above": 1024, 602 "type": "keyword" 603 }, 604 "imphash": { 605 "ignore_above": 1024, 606 "type": "keyword" 607 }, 608 "original_file_name": { 609 "ignore_above": 1024, 610 "type": "keyword" 611 }, 612 "product": { 613 "ignore_above": 1024, 614 "type": "keyword" 615 } 616 } 617 } 618 } 619 }, 620 "dns": { 621 "properties": { 622 "answers": { 623 "properties": { 624 "class": { 625 "ignore_above": 1024, 626 "type": "keyword" 627 }, 628 "data": { 629 "ignore_above": 1024, 630 "type": "keyword" 631 }, 632 "name": { 633 "ignore_above": 1024, 634 "type": "keyword" 635 }, 636 "ttl": { 637 "type": "long" 638 }, 639 "type": { 640 "ignore_above": 1024, 641 "type": "keyword" 642 } 643 }, 644 "type": "object" 645 }, 646 "header_flags": { 647 "ignore_above": 1024, 648 "type": "keyword" 649 }, 650 "id": { 651 "ignore_above": 1024, 652 "type": "keyword" 653 }, 654 "op_code": { 655 "ignore_above": 1024, 656 "type": "keyword" 657 }, 658 "question": { 659 "properties": { 660 "class": { 661 "ignore_above": 1024, 662 "type": "keyword" 663 }, 664 "name": { 665 "ignore_above": 1024, 666 "type": "keyword" 667 }, 668 "registered_domain": { 669 "ignore_above": 1024, 670 "type": "keyword" 671 }, 672 "subdomain": { 673 "ignore_above": 1024, 674 "type": "keyword" 675 }, 676 "top_level_domain": { 677 "ignore_above": 1024, 678 "type": "keyword" 679 }, 680 "type": { 681 "ignore_above": 1024, 682 "type": "keyword" 683 } 684 } 685 }, 686 "resolved_ip": { 687 "type": "ip" 688 }, 689 "response_code": { 690 "ignore_above": 1024, 691 "type": "keyword" 692 }, 693 "type": { 694 "ignore_above": 1024, 695 "type": "keyword" 696 } 697 } 698 }, 699 "ecs": { 700 "properties": { 701 "version": { 702 "ignore_above": 1024, 703 "type": "keyword" 704 } 705 } 706 }, 707 "error": { 708 "properties": { 709 "code": { 710 "ignore_above": 1024, 711 "type": "keyword" 712 }, 713 "id": { 714 "ignore_above": 1024, 715 "type": "keyword" 716 }, 717 "message": { 718 "norms": false, 719 "type": "text" 720 }, 721 "stack_trace": { 722 "doc_values": false, 723 "fields": { 724 "text": { 725 "norms": false, 726 "type": "text" 727 } 728 }, 729 "index": false, 730 "type": "keyword" 731 }, 732 "type": { 733 "ignore_above": 1024, 734 "type": "keyword" 735 } 736 } 737 }, 738 "event": { 739 "properties": { 740 "action": { 741 "ignore_above": 1024, 742 "type": "keyword" 743 }, 744 "agent_id_status": { 745 "ignore_above": 1024, 746 "type": "keyword" 747 }, 748 "category": { 749 "ignore_above": 1024, 750 "type": "keyword" 751 }, 752 "code": { 753 "ignore_above": 1024, 754 "type": "keyword" 755 }, 756 "created": { 757 "type": "date" 758 }, 759 "dataset": { 760 "ignore_above": 1024, 761 "type": "keyword" 762 }, 763 "duration": { 764 "type": "long" 765 }, 766 "end": { 767 "type": "date" 768 }, 769 "hash": { 770 "ignore_above": 1024, 771 "type": "keyword" 772 }, 773 "id": { 774 "ignore_above": 1024, 775 "type": "keyword" 776 }, 777 "ingested": { 778 "type": "date" 779 }, 780 "kind": { 781 "ignore_above": 1024, 782 "type": "keyword" 783 }, 784 "module": { 785 "ignore_above": 1024, 786 "type": "keyword" 787 }, 788 "original": { 789 "doc_values": false, 790 "index": false, 791 "type": "keyword" 792 }, 793 "outcome": { 794 "ignore_above": 1024, 795 "type": "keyword" 796 }, 797 "provider": { 798 "ignore_above": 1024, 799 "type": "keyword" 800 }, 801 "reason": { 802 "ignore_above": 1024, 803 "type": "keyword" 804 }, 805 "reference": { 806 "ignore_above": 1024, 807 "type": "keyword" 808 }, 809 "risk_score": { 810 "type": "float" 811 }, 812 "risk_score_norm": { 813 "type": "float" 814 }, 815 "sequence": { 816 "type": "long" 817 }, 818 "severity": { 819 "type": "long" 820 }, 821 "start": { 822 "type": "date" 823 }, 824 "timezone": { 825 "ignore_above": 1024, 826 "type": "keyword" 827 }, 828 "type": { 829 "ignore_above": 1024, 830 "type": "keyword" 831 }, 832 "url": { 833 "ignore_above": 1024, 834 "type": "keyword" 835 } 836 } 837 }, 838 "file": { 839 "properties": { 840 "accessed": { 841 "type": "date" 842 }, 843 "attributes": { 844 "ignore_above": 1024, 845 "type": "keyword" 846 }, 847 "code_signature": { 848 "properties": { 849 "exists": { 850 "type": "boolean" 851 }, 852 "signing_id": { 853 "ignore_above": 1024, 854 "type": "keyword" 855 }, 856 "status": { 857 "ignore_above": 1024, 858 "type": "keyword" 859 }, 860 "subject_name": { 861 "ignore_above": 1024, 862 "type": "keyword" 863 }, 864 "team_id": { 865 "ignore_above": 1024, 866 "type": "keyword" 867 }, 868 "trusted": { 869 "type": "boolean" 870 }, 871 "valid": { 872 "type": "boolean" 873 } 874 } 875 }, 876 "created": { 877 "type": "date" 878 }, 879 "ctime": { 880 "type": "date" 881 }, 882 "device": { 883 "ignore_above": 1024, 884 "type": "keyword" 885 }, 886 "directory": { 887 "ignore_above": 1024, 888 "type": "keyword" 889 }, 890 "drive_letter": { 891 "ignore_above": 1, 892 "type": "keyword" 893 }, 894 "elf": { 895 "properties": { 896 "architecture": { 897 "ignore_above": 1024, 898 "type": "keyword" 899 }, 900 "byte_order": { 901 "ignore_above": 1024, 902 "type": "keyword" 903 }, 904 "cpu_type": { 905 "ignore_above": 1024, 906 "type": "keyword" 907 }, 908 "creation_date": { 909 "type": "date" 910 }, 911 "exports": { 912 "type": "flattened" 913 }, 914 "header": { 915 "properties": { 916 "abi_version": { 917 "ignore_above": 1024, 918 "type": "keyword" 919 }, 920 "class": { 921 "ignore_above": 1024, 922 "type": "keyword" 923 }, 924 "data": { 925 "ignore_above": 1024, 926 "type": "keyword" 927 }, 928 "entrypoint": { 929 "type": "long" 930 }, 931 "object_version": { 932 "ignore_above": 1024, 933 "type": "keyword" 934 }, 935 "os_abi": { 936 "ignore_above": 1024, 937 "type": "keyword" 938 }, 939 "type": { 940 "ignore_above": 1024, 941 "type": "keyword" 942 }, 943 "version": { 944 "ignore_above": 1024, 945 "type": "keyword" 946 } 947 } 948 }, 949 "imports": { 950 "type": "flattened" 951 }, 952 "sections": { 953 "properties": { 954 "chi2": { 955 "type": "long" 956 }, 957 "entropy": { 958 "type": "long" 959 }, 960 "flags": { 961 "ignore_above": 1024, 962 "type": "keyword" 963 }, 964 "name": { 965 "ignore_above": 1024, 966 "type": "keyword" 967 }, 968 "physical_offset": { 969 "ignore_above": 1024, 970 "type": "keyword" 971 }, 972 "physical_size": { 973 "type": "long" 974 }, 975 "type": { 976 "ignore_above": 1024, 977 "type": "keyword" 978 }, 979 "virtual_address": { 980 "type": "long" 981 }, 982 "virtual_size": { 983 "type": "long" 984 } 985 }, 986 "type": "nested" 987 }, 988 "segments": { 989 "properties": { 990 "sections": { 991 "ignore_above": 1024, 992 "type": "keyword" 993 }, 994 "type": { 995 "ignore_above": 1024, 996 "type": "keyword" 997 } 998 }, 999 "type": "nested" 1000 }, 1001 "shared_libraries": { 1002 "ignore_above": 1024, 1003 "type": "keyword" 1004 }, 1005 "telfhash": { 1006 "ignore_above": 1024, 1007 "type": "keyword" 1008 } 1009 } 1010 }, 1011 "extension": { 1012 "ignore_above": 1024, 1013 "type": "keyword" 1014 }, 1015 "gid": { 1016 "ignore_above": 1024, 1017 "type": "keyword" 1018 }, 1019 "group": { 1020 "ignore_above": 1024, 1021 "type": "keyword" 1022 }, 1023 "hash": { 1024 "properties": { 1025 "md5": { 1026 "ignore_above": 1024, 1027 "type": "keyword" 1028 }, 1029 "sha1": { 1030 "ignore_above": 1024, 1031 "type": "keyword" 1032 }, 1033 "sha256": { 1034 "ignore_above": 1024, 1035 "type": "keyword" 1036 }, 1037 "sha512": { 1038 "ignore_above": 1024, 1039 "type": "keyword" 1040 }, 1041 "ssdeep": { 1042 "ignore_above": 1024, 1043 "type": "keyword" 1044 } 1045 } 1046 }, 1047 "inode": { 1048 "ignore_above": 1024, 1049 "type": "keyword" 1050 }, 1051 "mime_type": { 1052 "ignore_above": 1024, 1053 "type": "keyword" 1054 }, 1055 "mode": { 1056 "ignore_above": 1024, 1057 "type": "keyword" 1058 }, 1059 "mtime": { 1060 "type": "date" 1061 }, 1062 "name": { 1063 "ignore_above": 1024, 1064 "type": "keyword" 1065 }, 1066 "owner": { 1067 "ignore_above": 1024, 1068 "type": "keyword" 1069 }, 1070 "path": { 1071 "fields": { 1072 "text": { 1073 "norms": false, 1074 "type": "text" 1075 } 1076 }, 1077 "ignore_above": 1024, 1078 "type": "keyword" 1079 }, 1080 "pe": { 1081 "properties": { 1082 "architecture": { 1083 "ignore_above": 1024, 1084 "type": "keyword" 1085 }, 1086 "company": { 1087 "ignore_above": 1024, 1088 "type": "keyword" 1089 }, 1090 "description": { 1091 "ignore_above": 1024, 1092 "type": "keyword" 1093 }, 1094 "file_version": { 1095 "ignore_above": 1024, 1096 "type": "keyword" 1097 }, 1098 "imphash": { 1099 "ignore_above": 1024, 1100 "type": "keyword" 1101 }, 1102 "original_file_name": { 1103 "ignore_above": 1024, 1104 "type": "keyword" 1105 }, 1106 "product": { 1107 "ignore_above": 1024, 1108 "type": "keyword" 1109 } 1110 } 1111 }, 1112 "size": { 1113 "type": "long" 1114 }, 1115 "target_path": { 1116 "fields": { 1117 "text": { 1118 "norms": false, 1119 "type": "text" 1120 } 1121 }, 1122 "ignore_above": 1024, 1123 "type": "keyword" 1124 }, 1125 "type": { 1126 "ignore_above": 1024, 1127 "type": "keyword" 1128 }, 1129 "uid": { 1130 "ignore_above": 1024, 1131 "type": "keyword" 1132 }, 1133 "x509": { 1134 "properties": { 1135 "alternative_names": { 1136 "ignore_above": 1024, 1137 "type": "keyword" 1138 }, 1139 "issuer": { 1140 "properties": { 1141 "common_name": { 1142 "ignore_above": 1024, 1143 "type": "keyword" 1144 }, 1145 "country": { 1146 "ignore_above": 1024, 1147 "type": "keyword" 1148 }, 1149 "distinguished_name": { 1150 "ignore_above": 1024, 1151 "type": "keyword" 1152 }, 1153 "locality": { 1154 "ignore_above": 1024, 1155 "type": "keyword" 1156 }, 1157 "organization": { 1158 "ignore_above": 1024, 1159 "type": "keyword" 1160 }, 1161 "organizational_unit": { 1162 "ignore_above": 1024, 1163 "type": "keyword" 1164 }, 1165 "state_or_province": { 1166 "ignore_above": 1024, 1167 "type": "keyword" 1168 } 1169 } 1170 }, 1171 "not_after": { 1172 "type": "date" 1173 }, 1174 "not_before": { 1175 "type": "date" 1176 }, 1177 "public_key_algorithm": { 1178 "ignore_above": 1024, 1179 "type": "keyword" 1180 }, 1181 "public_key_curve": { 1182 "ignore_above": 1024, 1183 "type": "keyword" 1184 }, 1185 "public_key_exponent": { 1186 "doc_values": false, 1187 "index": false, 1188 "type": "long" 1189 }, 1190 "public_key_size": { 1191 "type": "long" 1192 }, 1193 "serial_number": { 1194 "ignore_above": 1024, 1195 "type": "keyword" 1196 }, 1197 "signature_algorithm": { 1198 "ignore_above": 1024, 1199 "type": "keyword" 1200 }, 1201 "subject": { 1202 "properties": { 1203 "common_name": { 1204 "ignore_above": 1024, 1205 "type": "keyword" 1206 }, 1207 "country": { 1208 "ignore_above": 1024, 1209 "type": "keyword" 1210 }, 1211 "distinguished_name": { 1212 "ignore_above": 1024, 1213 "type": "keyword" 1214 }, 1215 "locality": { 1216 "ignore_above": 1024, 1217 "type": "keyword" 1218 }, 1219 "organization": { 1220 "ignore_above": 1024, 1221 "type": "keyword" 1222 }, 1223 "organizational_unit": { 1224 "ignore_above": 1024, 1225 "type": "keyword" 1226 }, 1227 "state_or_province": { 1228 "ignore_above": 1024, 1229 "type": "keyword" 1230 } 1231 } 1232 }, 1233 "version_number": { 1234 "ignore_above": 1024, 1235 "type": "keyword" 1236 } 1237 } 1238 } 1239 } 1240 }, 1241 "group": { 1242 "properties": { 1243 "domain": { 1244 "ignore_above": 1024, 1245 "type": "keyword" 1246 }, 1247 "id": { 1248 "ignore_above": 1024, 1249 "type": "keyword" 1250 }, 1251 "name": { 1252 "ignore_above": 1024, 1253 "type": "keyword" 1254 } 1255 } 1256 }, 1257 "host": { 1258 "properties": { 1259 "architecture": { 1260 "ignore_above": 1024, 1261 "type": "keyword" 1262 }, 1263 "cpu": { 1264 "properties": { 1265 "usage": { 1266 "scaling_factor": 1000, 1267 "type": "scaled_float" 1268 } 1269 } 1270 }, 1271 "disk": { 1272 "properties": { 1273 "read": { 1274 "properties": { 1275 "bytes": { 1276 "type": "long" 1277 } 1278 } 1279 }, 1280 "write": { 1281 "properties": { 1282 "bytes": { 1283 "type": "long" 1284 } 1285 } 1286 } 1287 } 1288 }, 1289 "domain": { 1290 "ignore_above": 1024, 1291 "type": "keyword" 1292 }, 1293 "geo": { 1294 "properties": { 1295 "city_name": { 1296 "ignore_above": 1024, 1297 "type": "keyword" 1298 }, 1299 "continent_code": { 1300 "ignore_above": 1024, 1301 "type": "keyword" 1302 }, 1303 "continent_name": { 1304 "ignore_above": 1024, 1305 "type": "keyword" 1306 }, 1307 "country_iso_code": { 1308 "ignore_above": 1024, 1309 "type": "keyword" 1310 }, 1311 "country_name": { 1312 "ignore_above": 1024, 1313 "type": "keyword" 1314 }, 1315 "location": { 1316 "type": "geo_point" 1317 }, 1318 "name": { 1319 "ignore_above": 1024, 1320 "type": "keyword" 1321 }, 1322 "postal_code": { 1323 "ignore_above": 1024, 1324 "type": "keyword" 1325 }, 1326 "region_iso_code": { 1327 "ignore_above": 1024, 1328 "type": "keyword" 1329 }, 1330 "region_name": { 1331 "ignore_above": 1024, 1332 "type": "keyword" 1333 }, 1334 "timezone": { 1335 "ignore_above": 1024, 1336 "type": "keyword" 1337 } 1338 } 1339 }, 1340 "hostname": { 1341 "ignore_above": 1024, 1342 "type": "keyword" 1343 }, 1344 "id": { 1345 "ignore_above": 1024, 1346 "type": "keyword" 1347 }, 1348 "ip": { 1349 "type": "ip" 1350 }, 1351 "mac": { 1352 "ignore_above": 1024, 1353 "type": "keyword" 1354 }, 1355 "name": { 1356 "ignore_above": 1024, 1357 "type": "keyword" 1358 }, 1359 "network": { 1360 "properties": { 1361 "egress": { 1362 "properties": { 1363 "bytes": { 1364 "type": "long" 1365 }, 1366 "packets": { 1367 "type": "long" 1368 } 1369 } 1370 }, 1371 "ingress": { 1372 "properties": { 1373 "bytes": { 1374 "type": "long" 1375 }, 1376 "packets": { 1377 "type": "long" 1378 } 1379 } 1380 } 1381 } 1382 }, 1383 "os": { 1384 "properties": { 1385 "family": { 1386 "ignore_above": 1024, 1387 "type": "keyword" 1388 }, 1389 "full": { 1390 "fields": { 1391 "text": { 1392 "norms": false, 1393 "type": "text" 1394 } 1395 }, 1396 "ignore_above": 1024, 1397 "type": "keyword" 1398 }, 1399 "kernel": { 1400 "ignore_above": 1024, 1401 "type": "keyword" 1402 }, 1403 "name": { 1404 "fields": { 1405 "text": { 1406 "norms": false, 1407 "type": "text" 1408 } 1409 }, 1410 "ignore_above": 1024, 1411 "type": "keyword" 1412 }, 1413 "platform": { 1414 "ignore_above": 1024, 1415 "type": "keyword" 1416 }, 1417 "type": { 1418 "ignore_above": 1024, 1419 "type": "keyword" 1420 }, 1421 "version": { 1422 "ignore_above": 1024, 1423 "type": "keyword" 1424 } 1425 } 1426 }, 1427 "type": { 1428 "ignore_above": 1024, 1429 "type": "keyword" 1430 }, 1431 "uptime": { 1432 "type": "long" 1433 }, 1434 "user": { 1435 "properties": { 1436 "domain": { 1437 "ignore_above": 1024, 1438 "type": "keyword" 1439 }, 1440 "email": { 1441 "ignore_above": 1024, 1442 "type": "keyword" 1443 }, 1444 "full_name": { 1445 "fields": { 1446 "text": { 1447 "norms": false, 1448 "type": "text" 1449 } 1450 }, 1451 "ignore_above": 1024, 1452 "type": "keyword" 1453 }, 1454 "group": { 1455 "properties": { 1456 "domain": { 1457 "ignore_above": 1024, 1458 "type": "keyword" 1459 }, 1460 "id": { 1461 "ignore_above": 1024, 1462 "type": "keyword" 1463 }, 1464 "name": { 1465 "ignore_above": 1024, 1466 "type": "keyword" 1467 } 1468 } 1469 }, 1470 "hash": { 1471 "ignore_above": 1024, 1472 "type": "keyword" 1473 }, 1474 "id": { 1475 "ignore_above": 1024, 1476 "type": "keyword" 1477 }, 1478 "name": { 1479 "fields": { 1480 "text": { 1481 "norms": false, 1482 "type": "text" 1483 } 1484 }, 1485 "ignore_above": 1024, 1486 "type": "keyword" 1487 }, 1488 "roles": { 1489 "ignore_above": 1024, 1490 "type": "keyword" 1491 } 1492 } 1493 } 1494 } 1495 }, 1496 "http": { 1497 "properties": { 1498 "request": { 1499 "properties": { 1500 "body": { 1501 "properties": { 1502 "bytes": { 1503 "type": "long" 1504 }, 1505 "content": { 1506 "fields": { 1507 "text": { 1508 "norms": false, 1509 "type": "text" 1510 } 1511 }, 1512 "ignore_above": 1024, 1513 "type": "keyword" 1514 } 1515 } 1516 }, 1517 "bytes": { 1518 "type": "long" 1519 }, 1520 "id": { 1521 "ignore_above": 1024, 1522 "type": "keyword" 1523 }, 1524 "method": { 1525 "ignore_above": 1024, 1526 "type": "keyword" 1527 }, 1528 "mime_type": { 1529 "ignore_above": 1024, 1530 "type": "keyword" 1531 }, 1532 "referrer": { 1533 "ignore_above": 1024, 1534 "type": "keyword" 1535 } 1536 } 1537 }, 1538 "response": { 1539 "properties": { 1540 "body": { 1541 "properties": { 1542 "bytes": { 1543 "type": "long" 1544 }, 1545 "content": { 1546 "fields": { 1547 "text": { 1548 "norms": false, 1549 "type": "text" 1550 } 1551 }, 1552 "ignore_above": 1024, 1553 "type": "keyword" 1554 } 1555 } 1556 }, 1557 "bytes": { 1558 "type": "long" 1559 }, 1560 "mime_type": { 1561 "ignore_above": 1024, 1562 "type": "keyword" 1563 }, 1564 "status_code": { 1565 "type": "long" 1566 } 1567 } 1568 }, 1569 "version": { 1570 "ignore_above": 1024, 1571 "type": "keyword" 1572 } 1573 } 1574 }, 1575 "labels": { 1576 "type": "object" 1577 }, 1578 "log": { 1579 "properties": { 1580 "file": { 1581 "properties": { 1582 "path": { 1583 "ignore_above": 1024, 1584 "type": "keyword" 1585 } 1586 } 1587 }, 1588 "level": { 1589 "ignore_above": 1024, 1590 "type": "keyword" 1591 }, 1592 "logger": { 1593 "ignore_above": 1024, 1594 "type": "keyword" 1595 }, 1596 "origin": { 1597 "properties": { 1598 "file": { 1599 "properties": { 1600 "line": { 1601 "type": "integer" 1602 }, 1603 "name": { 1604 "ignore_above": 1024, 1605 "type": "keyword" 1606 } 1607 } 1608 }, 1609 "function": { 1610 "ignore_above": 1024, 1611 "type": "keyword" 1612 } 1613 } 1614 }, 1615 "original": { 1616 "doc_values": false, 1617 "index": false, 1618 "type": "keyword" 1619 }, 1620 "syslog": { 1621 "properties": { 1622 "facility": { 1623 "properties": { 1624 "code": { 1625 "type": "long" 1626 }, 1627 "name": { 1628 "ignore_above": 1024, 1629 "type": "keyword" 1630 } 1631 } 1632 }, 1633 "priority": { 1634 "type": "long" 1635 }, 1636 "severity": { 1637 "properties": { 1638 "code": { 1639 "type": "long" 1640 }, 1641 "name": { 1642 "ignore_above": 1024, 1643 "type": "keyword" 1644 } 1645 } 1646 } 1647 }, 1648 "type": "object" 1649 } 1650 } 1651 }, 1652 "message": { 1653 "norms": false, 1654 "type": "text" 1655 }, 1656 "network": { 1657 "properties": { 1658 "application": { 1659 "ignore_above": 1024, 1660 "type": "keyword" 1661 }, 1662 "bytes": { 1663 "type": "long" 1664 }, 1665 "community_id": { 1666 "ignore_above": 1024, 1667 "type": "keyword" 1668 }, 1669 "direction": { 1670 "ignore_above": 1024, 1671 "type": "keyword" 1672 }, 1673 "forwarded_ip": { 1674 "type": "ip" 1675 }, 1676 "iana_number": { 1677 "ignore_above": 1024, 1678 "type": "keyword" 1679 }, 1680 "inner": { 1681 "properties": { 1682 "vlan": { 1683 "properties": { 1684 "id": { 1685 "ignore_above": 1024, 1686 "type": "keyword" 1687 }, 1688 "name": { 1689 "ignore_above": 1024, 1690 "type": "keyword" 1691 } 1692 } 1693 } 1694 }, 1695 "type": "object" 1696 }, 1697 "name": { 1698 "ignore_above": 1024, 1699 "type": "keyword" 1700 }, 1701 "packets": { 1702 "type": "long" 1703 }, 1704 "protocol": { 1705 "ignore_above": 1024, 1706 "type": "keyword" 1707 }, 1708 "transport": { 1709 "ignore_above": 1024, 1710 "type": "keyword" 1711 }, 1712 "type": { 1713 "ignore_above": 1024, 1714 "type": "keyword" 1715 }, 1716 "vlan": { 1717 "properties": { 1718 "id": { 1719 "ignore_above": 1024, 1720 "type": "keyword" 1721 }, 1722 "name": { 1723 "ignore_above": 1024, 1724 "type": "keyword" 1725 } 1726 } 1727 } 1728 } 1729 }, 1730 "observer": { 1731 "properties": { 1732 "egress": { 1733 "properties": { 1734 "interface": { 1735 "properties": { 1736 "alias": { 1737 "ignore_above": 1024, 1738 "type": "keyword" 1739 }, 1740 "id": { 1741 "ignore_above": 1024, 1742 "type": "keyword" 1743 }, 1744 "name": { 1745 "ignore_above": 1024, 1746 "type": "keyword" 1747 } 1748 } 1749 }, 1750 "vlan": { 1751 "properties": { 1752 "id": { 1753 "ignore_above": 1024, 1754 "type": "keyword" 1755 }, 1756 "name": { 1757 "ignore_above": 1024, 1758 "type": "keyword" 1759 } 1760 } 1761 }, 1762 "zone": { 1763 "ignore_above": 1024, 1764 "type": "keyword" 1765 } 1766 }, 1767 "type": "object" 1768 }, 1769 "geo": { 1770 "properties": { 1771 "city_name": { 1772 "ignore_above": 1024, 1773 "type": "keyword" 1774 }, 1775 "continent_code": { 1776 "ignore_above": 1024, 1777 "type": "keyword" 1778 }, 1779 "continent_name": { 1780 "ignore_above": 1024, 1781 "type": "keyword" 1782 }, 1783 "country_iso_code": { 1784 "ignore_above": 1024, 1785 "type": "keyword" 1786 }, 1787 "country_name": { 1788 "ignore_above": 1024, 1789 "type": "keyword" 1790 }, 1791 "location": { 1792 "type": "geo_point" 1793 }, 1794 "name": { 1795 "ignore_above": 1024, 1796 "type": "keyword" 1797 }, 1798 "postal_code": { 1799 "ignore_above": 1024, 1800 "type": "keyword" 1801 }, 1802 "region_iso_code": { 1803 "ignore_above": 1024, 1804 "type": "keyword" 1805 }, 1806 "region_name": { 1807 "ignore_above": 1024, 1808 "type": "keyword" 1809 }, 1810 "timezone": { 1811 "ignore_above": 1024, 1812 "type": "keyword" 1813 } 1814 } 1815 }, 1816 "hostname": { 1817 "ignore_above": 1024, 1818 "type": "keyword" 1819 }, 1820 "ingress": { 1821 "properties": { 1822 "interface": { 1823 "properties": { 1824 "alias": { 1825 "ignore_above": 1024, 1826 "type": "keyword" 1827 }, 1828 "id": { 1829 "ignore_above": 1024, 1830 "type": "keyword" 1831 }, 1832 "name": { 1833 "ignore_above": 1024, 1834 "type": "keyword" 1835 } 1836 } 1837 }, 1838 "vlan": { 1839 "properties": { 1840 "id": { 1841 "ignore_above": 1024, 1842 "type": "keyword" 1843 }, 1844 "name": { 1845 "ignore_above": 1024, 1846 "type": "keyword" 1847 } 1848 } 1849 }, 1850 "zone": { 1851 "ignore_above": 1024, 1852 "type": "keyword" 1853 } 1854 }, 1855 "type": "object" 1856 }, 1857 "ip": { 1858 "type": "ip" 1859 }, 1860 "mac": { 1861 "ignore_above": 1024, 1862 "type": "keyword" 1863 }, 1864 "name": { 1865 "ignore_above": 1024, 1866 "type": "keyword" 1867 }, 1868 "os": { 1869 "properties": { 1870 "family": { 1871 "ignore_above": 1024, 1872 "type": "keyword" 1873 }, 1874 "full": { 1875 "fields": { 1876 "text": { 1877 "norms": false, 1878 "type": "text" 1879 } 1880 }, 1881 "ignore_above": 1024, 1882 "type": "keyword" 1883 }, 1884 "kernel": { 1885 "ignore_above": 1024, 1886 "type": "keyword" 1887 }, 1888 "name": { 1889 "fields": { 1890 "text": { 1891 "norms": false, 1892 "type": "text" 1893 } 1894 }, 1895 "ignore_above": 1024, 1896 "type": "keyword" 1897 }, 1898 "platform": { 1899 "ignore_above": 1024, 1900 "type": "keyword" 1901 }, 1902 "type": { 1903 "ignore_above": 1024, 1904 "type": "keyword" 1905 }, 1906 "version": { 1907 "ignore_above": 1024, 1908 "type": "keyword" 1909 } 1910 } 1911 }, 1912 "product": { 1913 "ignore_above": 1024, 1914 "type": "keyword" 1915 }, 1916 "serial_number": { 1917 "ignore_above": 1024, 1918 "type": "keyword" 1919 }, 1920 "type": { 1921 "ignore_above": 1024, 1922 "type": "keyword" 1923 }, 1924 "vendor": { 1925 "ignore_above": 1024, 1926 "type": "keyword" 1927 }, 1928 "version": { 1929 "ignore_above": 1024, 1930 "type": "keyword" 1931 } 1932 } 1933 }, 1934 "orchestrator": { 1935 "properties": { 1936 "api_version": { 1937 "ignore_above": 1024, 1938 "type": "keyword" 1939 }, 1940 "cluster": { 1941 "properties": { 1942 "name": { 1943 "ignore_above": 1024, 1944 "type": "keyword" 1945 }, 1946 "url": { 1947 "ignore_above": 1024, 1948 "type": "keyword" 1949 }, 1950 "version": { 1951 "ignore_above": 1024, 1952 "type": "keyword" 1953 } 1954 } 1955 }, 1956 "namespace": { 1957 "ignore_above": 1024, 1958 "type": "keyword" 1959 }, 1960 "organization": { 1961 "ignore_above": 1024, 1962 "type": "keyword" 1963 }, 1964 "resource": { 1965 "properties": { 1966 "name": { 1967 "ignore_above": 1024, 1968 "type": "keyword" 1969 }, 1970 "type": { 1971 "ignore_above": 1024, 1972 "type": "keyword" 1973 } 1974 } 1975 }, 1976 "type": { 1977 "ignore_above": 1024, 1978 "type": "keyword" 1979 } 1980 } 1981 }, 1982 "organization": { 1983 "properties": { 1984 "id": { 1985 "ignore_above": 1024, 1986 "type": "keyword" 1987 }, 1988 "name": { 1989 "fields": { 1990 "text": { 1991 "norms": false, 1992 "type": "text" 1993 } 1994 }, 1995 "ignore_above": 1024, 1996 "type": "keyword" 1997 } 1998 } 1999 }, 2000 "package": { 2001 "properties": { 2002 "architecture": { 2003 "ignore_above": 1024, 2004 "type": "keyword" 2005 }, 2006 "build_version": { 2007 "ignore_above": 1024, 2008 "type": "keyword" 2009 }, 2010 "checksum": { 2011 "ignore_above": 1024, 2012 "type": "keyword" 2013 }, 2014 "description": { 2015 "ignore_above": 1024, 2016 "type": "keyword" 2017 }, 2018 "install_scope": { 2019 "ignore_above": 1024, 2020 "type": "keyword" 2021 }, 2022 "installed": { 2023 "type": "date" 2024 }, 2025 "license": { 2026 "ignore_above": 1024, 2027 "type": "keyword" 2028 }, 2029 "name": { 2030 "ignore_above": 1024, 2031 "type": "keyword" 2032 }, 2033 "path": { 2034 "ignore_above": 1024, 2035 "type": "keyword" 2036 }, 2037 "reference": { 2038 "ignore_above": 1024, 2039 "type": "keyword" 2040 }, 2041 "size": { 2042 "type": "long" 2043 }, 2044 "type": { 2045 "ignore_above": 1024, 2046 "type": "keyword" 2047 }, 2048 "version": { 2049 "ignore_above": 1024, 2050 "type": "keyword" 2051 } 2052 } 2053 }, 2054 "process": { 2055 "properties": { 2056 "args": { 2057 "ignore_above": 1024, 2058 "type": "keyword" 2059 }, 2060 "args_count": { 2061 "type": "long" 2062 }, 2063 "code_signature": { 2064 "properties": { 2065 "exists": { 2066 "type": "boolean" 2067 }, 2068 "signing_id": { 2069 "ignore_above": 1024, 2070 "type": "keyword" 2071 }, 2072 "status": { 2073 "ignore_above": 1024, 2074 "type": "keyword" 2075 }, 2076 "subject_name": { 2077 "ignore_above": 1024, 2078 "type": "keyword" 2079 }, 2080 "team_id": { 2081 "ignore_above": 1024, 2082 "type": "keyword" 2083 }, 2084 "trusted": { 2085 "type": "boolean" 2086 }, 2087 "valid": { 2088 "type": "boolean" 2089 } 2090 } 2091 }, 2092 "command_line": { 2093 "fields": { 2094 "text": { 2095 "norms": false, 2096 "type": "text" 2097 } 2098 }, 2099 "ignore_above": 1024, 2100 "type": "keyword" 2101 }, 2102 "elf": { 2103 "properties": { 2104 "architecture": { 2105 "ignore_above": 1024, 2106 "type": "keyword" 2107 }, 2108 "byte_order": { 2109 "ignore_above": 1024, 2110 "type": "keyword" 2111 }, 2112 "cpu_type": { 2113 "ignore_above": 1024, 2114 "type": "keyword" 2115 }, 2116 "creation_date": { 2117 "type": "date" 2118 }, 2119 "exports": { 2120 "type": "flattened" 2121 }, 2122 "header": { 2123 "properties": { 2124 "abi_version": { 2125 "ignore_above": 1024, 2126 "type": "keyword" 2127 }, 2128 "class": { 2129 "ignore_above": 1024, 2130 "type": "keyword" 2131 }, 2132 "data": { 2133 "ignore_above": 1024, 2134 "type": "keyword" 2135 }, 2136 "entrypoint": { 2137 "type": "long" 2138 }, 2139 "object_version": { 2140 "ignore_above": 1024, 2141 "type": "keyword" 2142 }, 2143 "os_abi": { 2144 "ignore_above": 1024, 2145 "type": "keyword" 2146 }, 2147 "type": { 2148 "ignore_above": 1024, 2149 "type": "keyword" 2150 }, 2151 "version": { 2152 "ignore_above": 1024, 2153 "type": "keyword" 2154 } 2155 } 2156 }, 2157 "imports": { 2158 "type": "flattened" 2159 }, 2160 "sections": { 2161 "properties": { 2162 "chi2": { 2163 "type": "long" 2164 }, 2165 "entropy": { 2166 "type": "long" 2167 }, 2168 "flags": { 2169 "ignore_above": 1024, 2170 "type": "keyword" 2171 }, 2172 "name": { 2173 "ignore_above": 1024, 2174 "type": "keyword" 2175 }, 2176 "physical_offset": { 2177 "ignore_above": 1024, 2178 "type": "keyword" 2179 }, 2180 "physical_size": { 2181 "type": "long" 2182 }, 2183 "type": { 2184 "ignore_above": 1024, 2185 "type": "keyword" 2186 }, 2187 "virtual_address": { 2188 "type": "long" 2189 }, 2190 "virtual_size": { 2191 "type": "long" 2192 } 2193 }, 2194 "type": "nested" 2195 }, 2196 "segments": { 2197 "properties": { 2198 "sections": { 2199 "ignore_above": 1024, 2200 "type": "keyword" 2201 }, 2202 "type": { 2203 "ignore_above": 1024, 2204 "type": "keyword" 2205 } 2206 }, 2207 "type": "nested" 2208 }, 2209 "shared_libraries": { 2210 "ignore_above": 1024, 2211 "type": "keyword" 2212 }, 2213 "telfhash": { 2214 "ignore_above": 1024, 2215 "type": "keyword" 2216 } 2217 } 2218 }, 2219 "entity_id": { 2220 "ignore_above": 1024, 2221 "type": "keyword" 2222 }, 2223 "executable": { 2224 "fields": { 2225 "text": { 2226 "norms": false, 2227 "type": "text" 2228 } 2229 }, 2230 "ignore_above": 1024, 2231 "type": "keyword" 2232 }, 2233 "exit_code": { 2234 "type": "long" 2235 }, 2236 "hash": { 2237 "properties": { 2238 "md5": { 2239 "ignore_above": 1024, 2240 "type": "keyword" 2241 }, 2242 "sha1": { 2243 "ignore_above": 1024, 2244 "type": "keyword" 2245 }, 2246 "sha256": { 2247 "ignore_above": 1024, 2248 "type": "keyword" 2249 }, 2250 "sha512": { 2251 "ignore_above": 1024, 2252 "type": "keyword" 2253 }, 2254 "ssdeep": { 2255 "ignore_above": 1024, 2256 "type": "keyword" 2257 } 2258 } 2259 }, 2260 "name": { 2261 "fields": { 2262 "text": { 2263 "norms": false, 2264 "type": "text" 2265 } 2266 }, 2267 "ignore_above": 1024, 2268 "type": "keyword" 2269 }, 2270 "parent": { 2271 "properties": { 2272 "args": { 2273 "ignore_above": 1024, 2274 "type": "keyword" 2275 }, 2276 "args_count": { 2277 "type": "long" 2278 }, 2279 "code_signature": { 2280 "properties": { 2281 "exists": { 2282 "type": "boolean" 2283 }, 2284 "signing_id": { 2285 "ignore_above": 1024, 2286 "type": "keyword" 2287 }, 2288 "status": { 2289 "ignore_above": 1024, 2290 "type": "keyword" 2291 }, 2292 "subject_name": { 2293 "ignore_above": 1024, 2294 "type": "keyword" 2295 }, 2296 "team_id": { 2297 "ignore_above": 1024, 2298 "type": "keyword" 2299 }, 2300 "trusted": { 2301 "type": "boolean" 2302 }, 2303 "valid": { 2304 "type": "boolean" 2305 } 2306 } 2307 }, 2308 "command_line": { 2309 "fields": { 2310 "text": { 2311 "norms": false, 2312 "type": "text" 2313 } 2314 }, 2315 "ignore_above": 1024, 2316 "type": "keyword" 2317 }, 2318 "elf": { 2319 "properties": { 2320 "architecture": { 2321 "ignore_above": 1024, 2322 "type": "keyword" 2323 }, 2324 "byte_order": { 2325 "ignore_above": 1024, 2326 "type": "keyword" 2327 }, 2328 "cpu_type": { 2329 "ignore_above": 1024, 2330 "type": "keyword" 2331 }, 2332 "creation_date": { 2333 "type": "date" 2334 }, 2335 "exports": { 2336 "type": "flattened" 2337 }, 2338 "header": { 2339 "properties": { 2340 "abi_version": { 2341 "ignore_above": 1024, 2342 "type": "keyword" 2343 }, 2344 "class": { 2345 "ignore_above": 1024, 2346 "type": "keyword" 2347 }, 2348 "data": { 2349 "ignore_above": 1024, 2350 "type": "keyword" 2351 }, 2352 "entrypoint": { 2353 "type": "long" 2354 }, 2355 "object_version": { 2356 "ignore_above": 1024, 2357 "type": "keyword" 2358 }, 2359 "os_abi": { 2360 "ignore_above": 1024, 2361 "type": "keyword" 2362 }, 2363 "type": { 2364 "ignore_above": 1024, 2365 "type": "keyword" 2366 }, 2367 "version": { 2368 "ignore_above": 1024, 2369 "type": "keyword" 2370 } 2371 } 2372 }, 2373 "imports": { 2374 "type": "flattened" 2375 }, 2376 "sections": { 2377 "properties": { 2378 "chi2": { 2379 "type": "long" 2380 }, 2381 "entropy": { 2382 "type": "long" 2383 }, 2384 "flags": { 2385 "ignore_above": 1024, 2386 "type": "keyword" 2387 }, 2388 "name": { 2389 "ignore_above": 1024, 2390 "type": "keyword" 2391 }, 2392 "physical_offset": { 2393 "ignore_above": 1024, 2394 "type": "keyword" 2395 }, 2396 "physical_size": { 2397 "type": "long" 2398 }, 2399 "type": { 2400 "ignore_above": 1024, 2401 "type": "keyword" 2402 }, 2403 "virtual_address": { 2404 "type": "long" 2405 }, 2406 "virtual_size": { 2407 "type": "long" 2408 } 2409 }, 2410 "type": "nested" 2411 }, 2412 "segments": { 2413 "properties": { 2414 "sections": { 2415 "ignore_above": 1024, 2416 "type": "keyword" 2417 }, 2418 "type": { 2419 "ignore_above": 1024, 2420 "type": "keyword" 2421 } 2422 }, 2423 "type": "nested" 2424 }, 2425 "shared_libraries": { 2426 "ignore_above": 1024, 2427 "type": "keyword" 2428 }, 2429 "telfhash": { 2430 "ignore_above": 1024, 2431 "type": "keyword" 2432 } 2433 } 2434 }, 2435 "entity_id": { 2436 "ignore_above": 1024, 2437 "type": "keyword" 2438 }, 2439 "executable": { 2440 "fields": { 2441 "text": { 2442 "norms": false, 2443 "type": "text" 2444 } 2445 }, 2446 "ignore_above": 1024, 2447 "type": "keyword" 2448 }, 2449 "exit_code": { 2450 "type": "long" 2451 }, 2452 "hash": { 2453 "properties": { 2454 "md5": { 2455 "ignore_above": 1024, 2456 "type": "keyword" 2457 }, 2458 "sha1": { 2459 "ignore_above": 1024, 2460 "type": "keyword" 2461 }, 2462 "sha256": { 2463 "ignore_above": 1024, 2464 "type": "keyword" 2465 }, 2466 "sha512": { 2467 "ignore_above": 1024, 2468 "type": "keyword" 2469 }, 2470 "ssdeep": { 2471 "ignore_above": 1024, 2472 "type": "keyword" 2473 } 2474 } 2475 }, 2476 "name": { 2477 "fields": { 2478 "text": { 2479 "norms": false, 2480 "type": "text" 2481 } 2482 }, 2483 "ignore_above": 1024, 2484 "type": "keyword" 2485 }, 2486 "pe": { 2487 "properties": { 2488 "architecture": { 2489 "ignore_above": 1024, 2490 "type": "keyword" 2491 }, 2492 "company": { 2493 "ignore_above": 1024, 2494 "type": "keyword" 2495 }, 2496 "description": { 2497 "ignore_above": 1024, 2498 "type": "keyword" 2499 }, 2500 "file_version": { 2501 "ignore_above": 1024, 2502 "type": "keyword" 2503 }, 2504 "imphash": { 2505 "ignore_above": 1024, 2506 "type": "keyword" 2507 }, 2508 "original_file_name": { 2509 "ignore_above": 1024, 2510 "type": "keyword" 2511 }, 2512 "product": { 2513 "ignore_above": 1024, 2514 "type": "keyword" 2515 } 2516 } 2517 }, 2518 "pgid": { 2519 "type": "long" 2520 }, 2521 "pid": { 2522 "type": "long" 2523 }, 2524 "ppid": { 2525 "type": "long" 2526 }, 2527 "start": { 2528 "type": "date" 2529 }, 2530 "thread": { 2531 "properties": { 2532 "id": { 2533 "type": "long" 2534 }, 2535 "name": { 2536 "ignore_above": 1024, 2537 "type": "keyword" 2538 } 2539 } 2540 }, 2541 "title": { 2542 "fields": { 2543 "text": { 2544 "norms": false, 2545 "type": "text" 2546 } 2547 }, 2548 "ignore_above": 1024, 2549 "type": "keyword" 2550 }, 2551 "uptime": { 2552 "type": "long" 2553 }, 2554 "working_directory": { 2555 "fields": { 2556 "text": { 2557 "norms": false, 2558 "type": "text" 2559 } 2560 }, 2561 "ignore_above": 1024, 2562 "type": "keyword" 2563 } 2564 } 2565 }, 2566 "pe": { 2567 "properties": { 2568 "architecture": { 2569 "ignore_above": 1024, 2570 "type": "keyword" 2571 }, 2572 "company": { 2573 "ignore_above": 1024, 2574 "type": "keyword" 2575 }, 2576 "description": { 2577 "ignore_above": 1024, 2578 "type": "keyword" 2579 }, 2580 "file_version": { 2581 "ignore_above": 1024, 2582 "type": "keyword" 2583 }, 2584 "imphash": { 2585 "ignore_above": 1024, 2586 "type": "keyword" 2587 }, 2588 "original_file_name": { 2589 "ignore_above": 1024, 2590 "type": "keyword" 2591 }, 2592 "product": { 2593 "ignore_above": 1024, 2594 "type": "keyword" 2595 } 2596 } 2597 }, 2598 "pgid": { 2599 "type": "long" 2600 }, 2601 "pid": { 2602 "type": "long" 2603 }, 2604 "ppid": { 2605 "type": "long" 2606 }, 2607 "start": { 2608 "type": "date" 2609 }, 2610 "thread": { 2611 "properties": { 2612 "id": { 2613 "type": "long" 2614 }, 2615 "name": { 2616 "ignore_above": 1024, 2617 "type": "keyword" 2618 } 2619 } 2620 }, 2621 "title": { 2622 "fields": { 2623 "text": { 2624 "norms": false, 2625 "type": "text" 2626 } 2627 }, 2628 "ignore_above": 1024, 2629 "type": "keyword" 2630 }, 2631 "uptime": { 2632 "type": "long" 2633 }, 2634 "working_directory": { 2635 "fields": { 2636 "text": { 2637 "norms": false, 2638 "type": "text" 2639 } 2640 }, 2641 "ignore_above": 1024, 2642 "type": "keyword" 2643 } 2644 } 2645 }, 2646 "registry": { 2647 "properties": { 2648 "data": { 2649 "properties": { 2650 "bytes": { 2651 "ignore_above": 1024, 2652 "type": "keyword" 2653 }, 2654 "strings": { 2655 "ignore_above": 1024, 2656 "type": "keyword" 2657 }, 2658 "type": { 2659 "ignore_above": 1024, 2660 "type": "keyword" 2661 } 2662 } 2663 }, 2664 "hive": { 2665 "ignore_above": 1024, 2666 "type": "keyword" 2667 }, 2668 "key": { 2669 "ignore_above": 1024, 2670 "type": "keyword" 2671 }, 2672 "path": { 2673 "ignore_above": 1024, 2674 "type": "keyword" 2675 }, 2676 "value": { 2677 "ignore_above": 1024, 2678 "type": "keyword" 2679 } 2680 } 2681 }, 2682 "related": { 2683 "properties": { 2684 "hash": { 2685 "ignore_above": 1024, 2686 "type": "keyword" 2687 }, 2688 "hosts": { 2689 "ignore_above": 1024, 2690 "type": "keyword" 2691 }, 2692 "ip": { 2693 "type": "ip" 2694 }, 2695 "user": { 2696 "ignore_above": 1024, 2697 "type": "keyword" 2698 } 2699 } 2700 }, 2701 "rule": { 2702 "properties": { 2703 "author": { 2704 "ignore_above": 1024, 2705 "type": "keyword" 2706 }, 2707 "category": { 2708 "ignore_above": 1024, 2709 "type": "keyword" 2710 }, 2711 "description": { 2712 "ignore_above": 1024, 2713 "type": "keyword" 2714 }, 2715 "id": { 2716 "ignore_above": 1024, 2717 "type": "keyword" 2718 }, 2719 "license": { 2720 "ignore_above": 1024, 2721 "type": "keyword" 2722 }, 2723 "name": { 2724 "ignore_above": 1024, 2725 "type": "keyword" 2726 }, 2727 "reference": { 2728 "ignore_above": 1024, 2729 "type": "keyword" 2730 }, 2731 "ruleset": { 2732 "ignore_above": 1024, 2733 "type": "keyword" 2734 }, 2735 "uuid": { 2736 "ignore_above": 1024, 2737 "type": "keyword" 2738 }, 2739 "version": { 2740 "ignore_above": 1024, 2741 "type": "keyword" 2742 } 2743 } 2744 }, 2745 "server": { 2746 "properties": { 2747 "address": { 2748 "ignore_above": 1024, 2749 "type": "keyword" 2750 }, 2751 "as": { 2752 "properties": { 2753 "number": { 2754 "type": "long" 2755 }, 2756 "organization": { 2757 "properties": { 2758 "name": { 2759 "fields": { 2760 "text": { 2761 "norms": false, 2762 "type": "text" 2763 } 2764 }, 2765 "ignore_above": 1024, 2766 "type": "keyword" 2767 } 2768 } 2769 } 2770 } 2771 }, 2772 "bytes": { 2773 "type": "long" 2774 }, 2775 "domain": { 2776 "ignore_above": 1024, 2777 "type": "keyword" 2778 }, 2779 "geo": { 2780 "properties": { 2781 "city_name": { 2782 "ignore_above": 1024, 2783 "type": "keyword" 2784 }, 2785 "continent_code": { 2786 "ignore_above": 1024, 2787 "type": "keyword" 2788 }, 2789 "continent_name": { 2790 "ignore_above": 1024, 2791 "type": "keyword" 2792 }, 2793 "country_iso_code": { 2794 "ignore_above": 1024, 2795 "type": "keyword" 2796 }, 2797 "country_name": { 2798 "ignore_above": 1024, 2799 "type": "keyword" 2800 }, 2801 "location": { 2802 "type": "geo_point" 2803 }, 2804 "name": { 2805 "ignore_above": 1024, 2806 "type": "keyword" 2807 }, 2808 "postal_code": { 2809 "ignore_above": 1024, 2810 "type": "keyword" 2811 }, 2812 "region_iso_code": { 2813 "ignore_above": 1024, 2814 "type": "keyword" 2815 }, 2816 "region_name": { 2817 "ignore_above": 1024, 2818 "type": "keyword" 2819 }, 2820 "timezone": { 2821 "ignore_above": 1024, 2822 "type": "keyword" 2823 } 2824 } 2825 }, 2826 "ip": { 2827 "type": "ip" 2828 }, 2829 "mac": { 2830 "ignore_above": 1024, 2831 "type": "keyword" 2832 }, 2833 "nat": { 2834 "properties": { 2835 "ip": { 2836 "type": "ip" 2837 }, 2838 "port": { 2839 "type": "long" 2840 } 2841 } 2842 }, 2843 "packets": { 2844 "type": "long" 2845 }, 2846 "port": { 2847 "type": "long" 2848 }, 2849 "registered_domain": { 2850 "ignore_above": 1024, 2851 "type": "keyword" 2852 }, 2853 "subdomain": { 2854 "ignore_above": 1024, 2855 "type": "keyword" 2856 }, 2857 "top_level_domain": { 2858 "ignore_above": 1024, 2859 "type": "keyword" 2860 }, 2861 "user": { 2862 "properties": { 2863 "domain": { 2864 "ignore_above": 1024, 2865 "type": "keyword" 2866 }, 2867 "email": { 2868 "ignore_above": 1024, 2869 "type": "keyword" 2870 }, 2871 "full_name": { 2872 "fields": { 2873 "text": { 2874 "norms": false, 2875 "type": "text" 2876 } 2877 }, 2878 "ignore_above": 1024, 2879 "type": "keyword" 2880 }, 2881 "group": { 2882 "properties": { 2883 "domain": { 2884 "ignore_above": 1024, 2885 "type": "keyword" 2886 }, 2887 "id": { 2888 "ignore_above": 1024, 2889 "type": "keyword" 2890 }, 2891 "name": { 2892 "ignore_above": 1024, 2893 "type": "keyword" 2894 } 2895 } 2896 }, 2897 "hash": { 2898 "ignore_above": 1024, 2899 "type": "keyword" 2900 }, 2901 "id": { 2902 "ignore_above": 1024, 2903 "type": "keyword" 2904 }, 2905 "name": { 2906 "fields": { 2907 "text": { 2908 "norms": false, 2909 "type": "text" 2910 } 2911 }, 2912 "ignore_above": 1024, 2913 "type": "keyword" 2914 }, 2915 "roles": { 2916 "ignore_above": 1024, 2917 "type": "keyword" 2918 } 2919 } 2920 } 2921 } 2922 }, 2923 "service": { 2924 "properties": { 2925 "ephemeral_id": { 2926 "ignore_above": 1024, 2927 "type": "keyword" 2928 }, 2929 "id": { 2930 "ignore_above": 1024, 2931 "type": "keyword" 2932 }, 2933 "name": { 2934 "ignore_above": 1024, 2935 "type": "keyword" 2936 }, 2937 "node": { 2938 "properties": { 2939 "name": { 2940 "ignore_above": 1024, 2941 "type": "keyword" 2942 } 2943 } 2944 }, 2945 "state": { 2946 "ignore_above": 1024, 2947 "type": "keyword" 2948 }, 2949 "type": { 2950 "ignore_above": 1024, 2951 "type": "keyword" 2952 }, 2953 "version": { 2954 "ignore_above": 1024, 2955 "type": "keyword" 2956 } 2957 } 2958 }, 2959 "source": { 2960 "properties": { 2961 "address": { 2962 "ignore_above": 1024, 2963 "type": "keyword" 2964 }, 2965 "as": { 2966 "properties": { 2967 "number": { 2968 "type": "long" 2969 }, 2970 "organization": { 2971 "properties": { 2972 "name": { 2973 "fields": { 2974 "text": { 2975 "norms": false, 2976 "type": "text" 2977 } 2978 }, 2979 "ignore_above": 1024, 2980 "type": "keyword" 2981 } 2982 } 2983 } 2984 } 2985 }, 2986 "bytes": { 2987 "type": "long" 2988 }, 2989 "domain": { 2990 "ignore_above": 1024, 2991 "type": "keyword" 2992 }, 2993 "geo": { 2994 "properties": { 2995 "city_name": { 2996 "ignore_above": 1024, 2997 "type": "keyword" 2998 }, 2999 "continent_code": { 3000 "ignore_above": 1024, 3001 "type": "keyword" 3002 }, 3003 "continent_name": { 3004 "ignore_above": 1024, 3005 "type": "keyword" 3006 }, 3007 "country_iso_code": { 3008 "ignore_above": 1024, 3009 "type": "keyword" 3010 }, 3011 "country_name": { 3012 "ignore_above": 1024, 3013 "type": "keyword" 3014 }, 3015 "location": { 3016 "type": "geo_point" 3017 }, 3018 "name": { 3019 "ignore_above": 1024, 3020 "type": "keyword" 3021 }, 3022 "postal_code": { 3023 "ignore_above": 1024, 3024 "type": "keyword" 3025 }, 3026 "region_iso_code": { 3027 "ignore_above": 1024, 3028 "type": "keyword" 3029 }, 3030 "region_name": { 3031 "ignore_above": 1024, 3032 "type": "keyword" 3033 }, 3034 "timezone": { 3035 "ignore_above": 1024, 3036 "type": "keyword" 3037 } 3038 } 3039 }, 3040 "ip": { 3041 "type": "ip" 3042 }, 3043 "mac": { 3044 "ignore_above": 1024, 3045 "type": "keyword" 3046 }, 3047 "nat": { 3048 "properties": { 3049 "ip": { 3050 "type": "ip" 3051 }, 3052 "port": { 3053 "type": "long" 3054 } 3055 } 3056 }, 3057 "packets": { 3058 "type": "long" 3059 }, 3060 "port": { 3061 "type": "long" 3062 }, 3063 "registered_domain": { 3064 "ignore_above": 1024, 3065 "type": "keyword" 3066 }, 3067 "subdomain": { 3068 "ignore_above": 1024, 3069 "type": "keyword" 3070 }, 3071 "top_level_domain": { 3072 "ignore_above": 1024, 3073 "type": "keyword" 3074 }, 3075 "user": { 3076 "properties": { 3077 "domain": { 3078 "ignore_above": 1024, 3079 "type": "keyword" 3080 }, 3081 "email": { 3082 "ignore_above": 1024, 3083 "type": "keyword" 3084 }, 3085 "full_name": { 3086 "fields": { 3087 "text": { 3088 "norms": false, 3089 "type": "text" 3090 } 3091 }, 3092 "ignore_above": 1024, 3093 "type": "keyword" 3094 }, 3095 "group": { 3096 "properties": { 3097 "domain": { 3098 "ignore_above": 1024, 3099 "type": "keyword" 3100 }, 3101 "id": { 3102 "ignore_above": 1024, 3103 "type": "keyword" 3104 }, 3105 "name": { 3106 "ignore_above": 1024, 3107 "type": "keyword" 3108 } 3109 } 3110 }, 3111 "hash": { 3112 "ignore_above": 1024, 3113 "type": "keyword" 3114 }, 3115 "id": { 3116 "ignore_above": 1024, 3117 "type": "keyword" 3118 }, 3119 "name": { 3120 "fields": { 3121 "text": { 3122 "norms": false, 3123 "type": "text" 3124 } 3125 }, 3126 "ignore_above": 1024, 3127 "type": "keyword" 3128 }, 3129 "roles": { 3130 "ignore_above": 1024, 3131 "type": "keyword" 3132 } 3133 } 3134 } 3135 } 3136 }, 3137 "span": { 3138 "properties": { 3139 "id": { 3140 "ignore_above": 1024, 3141 "type": "keyword" 3142 } 3143 } 3144 }, 3145 "tags": { 3146 "ignore_above": 1024, 3147 "type": "keyword" 3148 }, 3149 "threat": { 3150 "properties": { 3151 "enrichments": { 3152 "properties": { 3153 "indicator": { 3154 "properties": { 3155 "as": { 3156 "properties": { 3157 "number": { 3158 "type": "long" 3159 }, 3160 "organization": { 3161 "properties": { 3162 "name": { 3163 "fields": { 3164 "text": { 3165 "norms": false, 3166 "type": "text" 3167 } 3168 }, 3169 "ignore_above": 1024, 3170 "type": "keyword" 3171 } 3172 } 3173 } 3174 } 3175 }, 3176 "confidence": { 3177 "ignore_above": 1024, 3178 "type": "keyword" 3179 }, 3180 "description": { 3181 "ignore_above": 1024, 3182 "type": "keyword" 3183 }, 3184 "email": { 3185 "properties": { 3186 "address": { 3187 "ignore_above": 1024, 3188 "type": "keyword" 3189 } 3190 } 3191 }, 3192 "file": { 3193 "properties": { 3194 "accessed": { 3195 "type": "date" 3196 }, 3197 "attributes": { 3198 "ignore_above": 1024, 3199 "type": "keyword" 3200 }, 3201 "code_signature": { 3202 "properties": { 3203 "exists": { 3204 "type": "boolean" 3205 }, 3206 "signing_id": { 3207 "ignore_above": 1024, 3208 "type": "keyword" 3209 }, 3210 "status": { 3211 "ignore_above": 1024, 3212 "type": "keyword" 3213 }, 3214 "subject_name": { 3215 "ignore_above": 1024, 3216 "type": "keyword" 3217 }, 3218 "team_id": { 3219 "ignore_above": 1024, 3220 "type": "keyword" 3221 }, 3222 "trusted": { 3223 "type": "boolean" 3224 }, 3225 "valid": { 3226 "type": "boolean" 3227 } 3228 } 3229 }, 3230 "created": { 3231 "type": "date" 3232 }, 3233 "ctime": { 3234 "type": "date" 3235 }, 3236 "device": { 3237 "ignore_above": 1024, 3238 "type": "keyword" 3239 }, 3240 "directory": { 3241 "ignore_above": 1024, 3242 "type": "keyword" 3243 }, 3244 "drive_letter": { 3245 "ignore_above": 1, 3246 "type": "keyword" 3247 }, 3248 "elf": { 3249 "properties": { 3250 "architecture": { 3251 "ignore_above": 1024, 3252 "type": "keyword" 3253 }, 3254 "byte_order": { 3255 "ignore_above": 1024, 3256 "type": "keyword" 3257 }, 3258 "cpu_type": { 3259 "ignore_above": 1024, 3260 "type": "keyword" 3261 }, 3262 "creation_date": { 3263 "type": "date" 3264 }, 3265 "exports": { 3266 "type": "flattened" 3267 }, 3268 "header": { 3269 "properties": { 3270 "abi_version": { 3271 "ignore_above": 1024, 3272 "type": "keyword" 3273 }, 3274 "class": { 3275 "ignore_above": 1024, 3276 "type": "keyword" 3277 }, 3278 "data": { 3279 "ignore_above": 1024, 3280 "type": "keyword" 3281 }, 3282 "entrypoint": { 3283 "type": "long" 3284 }, 3285 "object_version": { 3286 "ignore_above": 1024, 3287 "type": "keyword" 3288 }, 3289 "os_abi": { 3290 "ignore_above": 1024, 3291 "type": "keyword" 3292 }, 3293 "type": { 3294 "ignore_above": 1024, 3295 "type": "keyword" 3296 }, 3297 "version": { 3298 "ignore_above": 1024, 3299 "type": "keyword" 3300 } 3301 } 3302 }, 3303 "imports": { 3304 "type": "flattened" 3305 }, 3306 "sections": { 3307 "properties": { 3308 "chi2": { 3309 "type": "long" 3310 }, 3311 "entropy": { 3312 "type": "long" 3313 }, 3314 "flags": { 3315 "ignore_above": 1024, 3316 "type": "keyword" 3317 }, 3318 "name": { 3319 "ignore_above": 1024, 3320 "type": "keyword" 3321 }, 3322 "physical_offset": { 3323 "ignore_above": 1024, 3324 "type": "keyword" 3325 }, 3326 "physical_size": { 3327 "type": "long" 3328 }, 3329 "type": { 3330 "ignore_above": 1024, 3331 "type": "keyword" 3332 }, 3333 "virtual_address": { 3334 "type": "long" 3335 }, 3336 "virtual_size": { 3337 "type": "long" 3338 } 3339 }, 3340 "type": "nested" 3341 }, 3342 "segments": { 3343 "properties": { 3344 "sections": { 3345 "ignore_above": 1024, 3346 "type": "keyword" 3347 }, 3348 "type": { 3349 "ignore_above": 1024, 3350 "type": "keyword" 3351 } 3352 }, 3353 "type": "nested" 3354 }, 3355 "shared_libraries": { 3356 "ignore_above": 1024, 3357 "type": "keyword" 3358 }, 3359 "telfhash": { 3360 "ignore_above": 1024, 3361 "type": "keyword" 3362 } 3363 } 3364 }, 3365 "extension": { 3366 "ignore_above": 1024, 3367 "type": "keyword" 3368 }, 3369 "gid": { 3370 "ignore_above": 1024, 3371 "type": "keyword" 3372 }, 3373 "group": { 3374 "ignore_above": 1024, 3375 "type": "keyword" 3376 }, 3377 "inode": { 3378 "ignore_above": 1024, 3379 "type": "keyword" 3380 }, 3381 "mime_type": { 3382 "ignore_above": 1024, 3383 "type": "keyword" 3384 }, 3385 "mode": { 3386 "ignore_above": 1024, 3387 "type": "keyword" 3388 }, 3389 "mtime": { 3390 "type": "date" 3391 }, 3392 "name": { 3393 "ignore_above": 1024, 3394 "type": "keyword" 3395 }, 3396 "owner": { 3397 "ignore_above": 1024, 3398 "type": "keyword" 3399 }, 3400 "path": { 3401 "fields": { 3402 "text": { 3403 "norms": false, 3404 "type": "text" 3405 } 3406 }, 3407 "ignore_above": 1024, 3408 "type": "keyword" 3409 }, 3410 "size": { 3411 "type": "long" 3412 }, 3413 "target_path": { 3414 "fields": { 3415 "text": { 3416 "norms": false, 3417 "type": "text" 3418 } 3419 }, 3420 "ignore_above": 1024, 3421 "type": "keyword" 3422 }, 3423 "type": { 3424 "ignore_above": 1024, 3425 "type": "keyword" 3426 }, 3427 "uid": { 3428 "ignore_above": 1024, 3429 "type": "keyword" 3430 } 3431 } 3432 }, 3433 "first_seen": { 3434 "type": "date" 3435 }, 3436 "geo": { 3437 "properties": { 3438 "city_name": { 3439 "ignore_above": 1024, 3440 "type": "keyword" 3441 }, 3442 "continent_code": { 3443 "ignore_above": 1024, 3444 "type": "keyword" 3445 }, 3446 "continent_name": { 3447 "ignore_above": 1024, 3448 "type": "keyword" 3449 }, 3450 "country_iso_code": { 3451 "ignore_above": 1024, 3452 "type": "keyword" 3453 }, 3454 "country_name": { 3455 "ignore_above": 1024, 3456 "type": "keyword" 3457 }, 3458 "location": { 3459 "type": "geo_point" 3460 }, 3461 "name": { 3462 "ignore_above": 1024, 3463 "type": "keyword" 3464 }, 3465 "postal_code": { 3466 "ignore_above": 1024, 3467 "type": "keyword" 3468 }, 3469 "region_iso_code": { 3470 "ignore_above": 1024, 3471 "type": "keyword" 3472 }, 3473 "region_name": { 3474 "ignore_above": 1024, 3475 "type": "keyword" 3476 }, 3477 "timezone": { 3478 "ignore_above": 1024, 3479 "type": "keyword" 3480 } 3481 } 3482 }, 3483 "hash": { 3484 "properties": { 3485 "md5": { 3486 "ignore_above": 1024, 3487 "type": "keyword" 3488 }, 3489 "sha1": { 3490 "ignore_above": 1024, 3491 "type": "keyword" 3492 }, 3493 "sha256": { 3494 "ignore_above": 1024, 3495 "type": "keyword" 3496 }, 3497 "sha512": { 3498 "ignore_above": 1024, 3499 "type": "keyword" 3500 }, 3501 "ssdeep": { 3502 "ignore_above": 1024, 3503 "type": "keyword" 3504 } 3505 } 3506 }, 3507 "ip": { 3508 "type": "ip" 3509 }, 3510 "last_seen": { 3511 "type": "date" 3512 }, 3513 "marking": { 3514 "properties": { 3515 "tlp": { 3516 "ignore_above": 1024, 3517 "type": "keyword" 3518 } 3519 } 3520 }, 3521 "modified_at": { 3522 "type": "date" 3523 }, 3524 "pe": { 3525 "properties": { 3526 "architecture": { 3527 "ignore_above": 1024, 3528 "type": "keyword" 3529 }, 3530 "company": { 3531 "ignore_above": 1024, 3532 "type": "keyword" 3533 }, 3534 "description": { 3535 "ignore_above": 1024, 3536 "type": "keyword" 3537 }, 3538 "file_version": { 3539 "ignore_above": 1024, 3540 "type": "keyword" 3541 }, 3542 "imphash": { 3543 "ignore_above": 1024, 3544 "type": "keyword" 3545 }, 3546 "original_file_name": { 3547 "ignore_above": 1024, 3548 "type": "keyword" 3549 }, 3550 "product": { 3551 "ignore_above": 1024, 3552 "type": "keyword" 3553 } 3554 } 3555 }, 3556 "port": { 3557 "type": "long" 3558 }, 3559 "provider": { 3560 "ignore_above": 1024, 3561 "type": "keyword" 3562 }, 3563 "reference": { 3564 "ignore_above": 1024, 3565 "type": "keyword" 3566 }, 3567 "registry": { 3568 "properties": { 3569 "data": { 3570 "properties": { 3571 "bytes": { 3572 "ignore_above": 1024, 3573 "type": "keyword" 3574 }, 3575 "strings": { 3576 "ignore_above": 1024, 3577 "type": "keyword" 3578 }, 3579 "type": { 3580 "ignore_above": 1024, 3581 "type": "keyword" 3582 } 3583 } 3584 }, 3585 "hive": { 3586 "ignore_above": 1024, 3587 "type": "keyword" 3588 }, 3589 "key": { 3590 "ignore_above": 1024, 3591 "type": "keyword" 3592 }, 3593 "path": { 3594 "ignore_above": 1024, 3595 "type": "keyword" 3596 }, 3597 "value": { 3598 "ignore_above": 1024, 3599 "type": "keyword" 3600 } 3601 } 3602 }, 3603 "scanner_stats": { 3604 "type": "long" 3605 }, 3606 "sightings": { 3607 "type": "long" 3608 }, 3609 "type": { 3610 "ignore_above": 1024, 3611 "type": "keyword" 3612 }, 3613 "url": { 3614 "properties": { 3615 "domain": { 3616 "ignore_above": 1024, 3617 "type": "keyword" 3618 }, 3619 "extension": { 3620 "ignore_above": 1024, 3621 "type": "keyword" 3622 }, 3623 "fragment": { 3624 "ignore_above": 1024, 3625 "type": "keyword" 3626 }, 3627 "full": { 3628 "fields": { 3629 "text": { 3630 "norms": false, 3631 "type": "text" 3632 } 3633 }, 3634 "ignore_above": 1024, 3635 "type": "keyword" 3636 }, 3637 "original": { 3638 "fields": { 3639 "text": { 3640 "norms": false, 3641 "type": "text" 3642 } 3643 }, 3644 "ignore_above": 1024, 3645 "type": "keyword" 3646 }, 3647 "password": { 3648 "ignore_above": 1024, 3649 "type": "keyword" 3650 }, 3651 "path": { 3652 "ignore_above": 1024, 3653 "type": "keyword" 3654 }, 3655 "port": { 3656 "type": "long" 3657 }, 3658 "query": { 3659 "ignore_above": 1024, 3660 "type": "keyword" 3661 }, 3662 "registered_domain": { 3663 "ignore_above": 1024, 3664 "type": "keyword" 3665 }, 3666 "scheme": { 3667 "ignore_above": 1024, 3668 "type": "keyword" 3669 }, 3670 "subdomain": { 3671 "ignore_above": 1024, 3672 "type": "keyword" 3673 }, 3674 "top_level_domain": { 3675 "ignore_above": 1024, 3676 "type": "keyword" 3677 }, 3678 "username": { 3679 "ignore_above": 1024, 3680 "type": "keyword" 3681 } 3682 } 3683 }, 3684 "x509": { 3685 "properties": { 3686 "alternative_names": { 3687 "ignore_above": 1024, 3688 "type": "keyword" 3689 }, 3690 "issuer": { 3691 "properties": { 3692 "common_name": { 3693 "ignore_above": 1024, 3694 "type": "keyword" 3695 }, 3696 "country": { 3697 "ignore_above": 1024, 3698 "type": "keyword" 3699 }, 3700 "distinguished_name": { 3701 "ignore_above": 1024, 3702 "type": "keyword" 3703 }, 3704 "locality": { 3705 "ignore_above": 1024, 3706 "type": "keyword" 3707 }, 3708 "organization": { 3709 "ignore_above": 1024, 3710 "type": "keyword" 3711 }, 3712 "organizational_unit": { 3713 "ignore_above": 1024, 3714 "type": "keyword" 3715 }, 3716 "state_or_province": { 3717 "ignore_above": 1024, 3718 "type": "keyword" 3719 } 3720 } 3721 }, 3722 "not_after": { 3723 "type": "date" 3724 }, 3725 "not_before": { 3726 "type": "date" 3727 }, 3728 "public_key_algorithm": { 3729 "ignore_above": 1024, 3730 "type": "keyword" 3731 }, 3732 "public_key_curve": { 3733 "ignore_above": 1024, 3734 "type": "keyword" 3735 }, 3736 "public_key_exponent": { 3737 "doc_values": false, 3738 "index": false, 3739 "type": "long" 3740 }, 3741 "public_key_size": { 3742 "type": "long" 3743 }, 3744 "serial_number": { 3745 "ignore_above": 1024, 3746 "type": "keyword" 3747 }, 3748 "signature_algorithm": { 3749 "ignore_above": 1024, 3750 "type": "keyword" 3751 }, 3752 "subject": { 3753 "properties": { 3754 "common_name": { 3755 "ignore_above": 1024, 3756 "type": "keyword" 3757 }, 3758 "country": { 3759 "ignore_above": 1024, 3760 "type": "keyword" 3761 }, 3762 "distinguished_name": { 3763 "ignore_above": 1024, 3764 "type": "keyword" 3765 }, 3766 "locality": { 3767 "ignore_above": 1024, 3768 "type": "keyword" 3769 }, 3770 "organization": { 3771 "ignore_above": 1024, 3772 "type": "keyword" 3773 }, 3774 "organizational_unit": { 3775 "ignore_above": 1024, 3776 "type": "keyword" 3777 }, 3778 "state_or_province": { 3779 "ignore_above": 1024, 3780 "type": "keyword" 3781 } 3782 } 3783 }, 3784 "version_number": { 3785 "ignore_above": 1024, 3786 "type": "keyword" 3787 } 3788 } 3789 } 3790 }, 3791 "type": "object" 3792 }, 3793 "matched": { 3794 "properties": { 3795 "atomic": { 3796 "ignore_above": 1024, 3797 "type": "keyword" 3798 }, 3799 "field": { 3800 "ignore_above": 1024, 3801 "type": "keyword" 3802 }, 3803 "id": { 3804 "ignore_above": 1024, 3805 "type": "keyword" 3806 }, 3807 "index": { 3808 "ignore_above": 1024, 3809 "type": "keyword" 3810 }, 3811 "type": { 3812 "ignore_above": 1024, 3813 "type": "keyword" 3814 } 3815 } 3816 } 3817 }, 3818 "type": "nested" 3819 }, 3820 "framework": { 3821 "ignore_above": 1024, 3822 "type": "keyword" 3823 }, 3824 "group": { 3825 "properties": { 3826 "alias": { 3827 "ignore_above": 1024, 3828 "type": "keyword" 3829 }, 3830 "id": { 3831 "ignore_above": 1024, 3832 "type": "keyword" 3833 }, 3834 "name": { 3835 "ignore_above": 1024, 3836 "type": "keyword" 3837 }, 3838 "reference": { 3839 "ignore_above": 1024, 3840 "type": "keyword" 3841 } 3842 } 3843 }, 3844 "software": { 3845 "properties": { 3846 "id": { 3847 "ignore_above": 1024, 3848 "type": "keyword" 3849 }, 3850 "name": { 3851 "ignore_above": 1024, 3852 "type": "keyword" 3853 }, 3854 "platforms": { 3855 "ignore_above": 1024, 3856 "type": "keyword" 3857 }, 3858 "reference": { 3859 "ignore_above": 1024, 3860 "type": "keyword" 3861 }, 3862 "type": { 3863 "ignore_above": 1024, 3864 "type": "keyword" 3865 } 3866 } 3867 }, 3868 "tactic": { 3869 "properties": { 3870 "id": { 3871 "ignore_above": 1024, 3872 "type": "keyword" 3873 }, 3874 "name": { 3875 "ignore_above": 1024, 3876 "type": "keyword" 3877 }, 3878 "reference": { 3879 "ignore_above": 1024, 3880 "type": "keyword" 3881 } 3882 } 3883 }, 3884 "technique": { 3885 "properties": { 3886 "id": { 3887 "ignore_above": 1024, 3888 "type": "keyword" 3889 }, 3890 "name": { 3891 "fields": { 3892 "text": { 3893 "norms": false, 3894 "type": "text" 3895 } 3896 }, 3897 "ignore_above": 1024, 3898 "type": "keyword" 3899 }, 3900 "reference": { 3901 "ignore_above": 1024, 3902 "type": "keyword" 3903 }, 3904 "subtechnique": { 3905 "properties": { 3906 "id": { 3907 "ignore_above": 1024, 3908 "type": "keyword" 3909 }, 3910 "name": { 3911 "fields": { 3912 "text": { 3913 "norms": false, 3914 "type": "text" 3915 } 3916 }, 3917 "ignore_above": 1024, 3918 "type": "keyword" 3919 }, 3920 "reference": { 3921 "ignore_above": 1024, 3922 "type": "keyword" 3923 } 3924 } 3925 } 3926 } 3927 } 3928 } 3929 }, 3930 "tls": { 3931 "properties": { 3932 "cipher": { 3933 "ignore_above": 1024, 3934 "type": "keyword" 3935 }, 3936 "client": { 3937 "properties": { 3938 "certificate": { 3939 "ignore_above": 1024, 3940 "type": "keyword" 3941 }, 3942 "certificate_chain": { 3943 "ignore_above": 1024, 3944 "type": "keyword" 3945 }, 3946 "hash": { 3947 "properties": { 3948 "md5": { 3949 "ignore_above": 1024, 3950 "type": "keyword" 3951 }, 3952 "sha1": { 3953 "ignore_above": 1024, 3954 "type": "keyword" 3955 }, 3956 "sha256": { 3957 "ignore_above": 1024, 3958 "type": "keyword" 3959 } 3960 } 3961 }, 3962 "issuer": { 3963 "ignore_above": 1024, 3964 "type": "keyword" 3965 }, 3966 "ja3": { 3967 "ignore_above": 1024, 3968 "type": "keyword" 3969 }, 3970 "not_after": { 3971 "type": "date" 3972 }, 3973 "not_before": { 3974 "type": "date" 3975 }, 3976 "server_name": { 3977 "ignore_above": 1024, 3978 "type": "keyword" 3979 }, 3980 "subject": { 3981 "ignore_above": 1024, 3982 "type": "keyword" 3983 }, 3984 "supported_ciphers": { 3985 "ignore_above": 1024, 3986 "type": "keyword" 3987 }, 3988 "x509": { 3989 "properties": { 3990 "alternative_names": { 3991 "ignore_above": 1024, 3992 "type": "keyword" 3993 }, 3994 "issuer": { 3995 "properties": { 3996 "common_name": { 3997 "ignore_above": 1024, 3998 "type": "keyword" 3999 }, 4000 "country": { 4001 "ignore_above": 1024, 4002 "type": "keyword" 4003 }, 4004 "distinguished_name": { 4005 "ignore_above": 1024, 4006 "type": "keyword" 4007 }, 4008 "locality": { 4009 "ignore_above": 1024, 4010 "type": "keyword" 4011 }, 4012 "organization": { 4013 "ignore_above": 1024, 4014 "type": "keyword" 4015 }, 4016 "organizational_unit": { 4017 "ignore_above": 1024, 4018 "type": "keyword" 4019 }, 4020 "state_or_province": { 4021 "ignore_above": 1024, 4022 "type": "keyword" 4023 } 4024 } 4025 }, 4026 "not_after": { 4027 "type": "date" 4028 }, 4029 "not_before": { 4030 "type": "date" 4031 }, 4032 "public_key_algorithm": { 4033 "ignore_above": 1024, 4034 "type": "keyword" 4035 }, 4036 "public_key_curve": { 4037 "ignore_above": 1024, 4038 "type": "keyword" 4039 }, 4040 "public_key_exponent": { 4041 "doc_values": false, 4042 "index": false, 4043 "type": "long" 4044 }, 4045 "public_key_size": { 4046 "type": "long" 4047 }, 4048 "serial_number": { 4049 "ignore_above": 1024, 4050 "type": "keyword" 4051 }, 4052 "signature_algorithm": { 4053 "ignore_above": 1024, 4054 "type": "keyword" 4055 }, 4056 "subject": { 4057 "properties": { 4058 "common_name": { 4059 "ignore_above": 1024, 4060 "type": "keyword" 4061 }, 4062 "country": { 4063 "ignore_above": 1024, 4064 "type": "keyword" 4065 }, 4066 "distinguished_name": { 4067 "ignore_above": 1024, 4068 "type": "keyword" 4069 }, 4070 "locality": { 4071 "ignore_above": 1024, 4072 "type": "keyword" 4073 }, 4074 "organization": { 4075 "ignore_above": 1024, 4076 "type": "keyword" 4077 }, 4078 "organizational_unit": { 4079 "ignore_above": 1024, 4080 "type": "keyword" 4081 }, 4082 "state_or_province": { 4083 "ignore_above": 1024, 4084 "type": "keyword" 4085 } 4086 } 4087 }, 4088 "version_number": { 4089 "ignore_above": 1024, 4090 "type": "keyword" 4091 } 4092 } 4093 } 4094 } 4095 }, 4096 "curve": { 4097 "ignore_above": 1024, 4098 "type": "keyword" 4099 }, 4100 "established": { 4101 "type": "boolean" 4102 }, 4103 "next_protocol": { 4104 "ignore_above": 1024, 4105 "type": "keyword" 4106 }, 4107 "resumed": { 4108 "type": "boolean" 4109 }, 4110 "server": { 4111 "properties": { 4112 "certificate": { 4113 "ignore_above": 1024, 4114 "type": "keyword" 4115 }, 4116 "certificate_chain": { 4117 "ignore_above": 1024, 4118 "type": "keyword" 4119 }, 4120 "hash": { 4121 "properties": { 4122 "md5": { 4123 "ignore_above": 1024, 4124 "type": "keyword" 4125 }, 4126 "sha1": { 4127 "ignore_above": 1024, 4128 "type": "keyword" 4129 }, 4130 "sha256": { 4131 "ignore_above": 1024, 4132 "type": "keyword" 4133 } 4134 } 4135 }, 4136 "issuer": { 4137 "ignore_above": 1024, 4138 "type": "keyword" 4139 }, 4140 "ja3s": { 4141 "ignore_above": 1024, 4142 "type": "keyword" 4143 }, 4144 "not_after": { 4145 "type": "date" 4146 }, 4147 "not_before": { 4148 "type": "date" 4149 }, 4150 "subject": { 4151 "ignore_above": 1024, 4152 "type": "keyword" 4153 }, 4154 "x509": { 4155 "properties": { 4156 "alternative_names": { 4157 "ignore_above": 1024, 4158 "type": "keyword" 4159 }, 4160 "issuer": { 4161 "properties": { 4162 "common_name": { 4163 "ignore_above": 1024, 4164 "type": "keyword" 4165 }, 4166 "country": { 4167 "ignore_above": 1024, 4168 "type": "keyword" 4169 }, 4170 "distinguished_name": { 4171 "ignore_above": 1024, 4172 "type": "keyword" 4173 }, 4174 "locality": { 4175 "ignore_above": 1024, 4176 "type": "keyword" 4177 }, 4178 "organization": { 4179 "ignore_above": 1024, 4180 "type": "keyword" 4181 }, 4182 "organizational_unit": { 4183 "ignore_above": 1024, 4184 "type": "keyword" 4185 }, 4186 "state_or_province": { 4187 "ignore_above": 1024, 4188 "type": "keyword" 4189 } 4190 } 4191 }, 4192 "not_after": { 4193 "type": "date" 4194 }, 4195 "not_before": { 4196 "type": "date" 4197 }, 4198 "public_key_algorithm": { 4199 "ignore_above": 1024, 4200 "type": "keyword" 4201 }, 4202 "public_key_curve": { 4203 "ignore_above": 1024, 4204 "type": "keyword" 4205 }, 4206 "public_key_exponent": { 4207 "doc_values": false, 4208 "index": false, 4209 "type": "long" 4210 }, 4211 "public_key_size": { 4212 "type": "long" 4213 }, 4214 "serial_number": { 4215 "ignore_above": 1024, 4216 "type": "keyword" 4217 }, 4218 "signature_algorithm": { 4219 "ignore_above": 1024, 4220 "type": "keyword" 4221 }, 4222 "subject": { 4223 "properties": { 4224 "common_name": { 4225 "ignore_above": 1024, 4226 "type": "keyword" 4227 }, 4228 "country": { 4229 "ignore_above": 1024, 4230 "type": "keyword" 4231 }, 4232 "distinguished_name": { 4233 "ignore_above": 1024, 4234 "type": "keyword" 4235 }, 4236 "locality": { 4237 "ignore_above": 1024, 4238 "type": "keyword" 4239 }, 4240 "organization": { 4241 "ignore_above": 1024, 4242 "type": "keyword" 4243 }, 4244 "organizational_unit": { 4245 "ignore_above": 1024, 4246 "type": "keyword" 4247 }, 4248 "state_or_province": { 4249 "ignore_above": 1024, 4250 "type": "keyword" 4251 } 4252 } 4253 }, 4254 "version_number": { 4255 "ignore_above": 1024, 4256 "type": "keyword" 4257 } 4258 } 4259 } 4260 } 4261 }, 4262 "version": { 4263 "ignore_above": 1024, 4264 "type": "keyword" 4265 }, 4266 "version_protocol": { 4267 "ignore_above": 1024, 4268 "type": "keyword" 4269 } 4270 } 4271 }, 4272 "trace": { 4273 "properties": { 4274 "id": { 4275 "ignore_above": 1024, 4276 "type": "keyword" 4277 } 4278 } 4279 }, 4280 "transaction": { 4281 "properties": { 4282 "id": { 4283 "ignore_above": 1024, 4284 "type": "keyword" 4285 } 4286 } 4287 }, 4288 "url": { 4289 "properties": { 4290 "domain": { 4291 "ignore_above": 1024, 4292 "type": "keyword" 4293 }, 4294 "extension": { 4295 "ignore_above": 1024, 4296 "type": "keyword" 4297 }, 4298 "fragment": { 4299 "ignore_above": 1024, 4300 "type": "keyword" 4301 }, 4302 "full": { 4303 "fields": { 4304 "text": { 4305 "norms": false, 4306 "type": "text" 4307 } 4308 }, 4309 "ignore_above": 1024, 4310 "type": "keyword" 4311 }, 4312 "original": { 4313 "fields": { 4314 "text": { 4315 "norms": false, 4316 "type": "text" 4317 } 4318 }, 4319 "ignore_above": 1024, 4320 "type": "keyword" 4321 }, 4322 "password": { 4323 "ignore_above": 1024, 4324 "type": "keyword" 4325 }, 4326 "path": { 4327 "ignore_above": 1024, 4328 "type": "keyword" 4329 }, 4330 "port": { 4331 "type": "long" 4332 }, 4333 "query": { 4334 "ignore_above": 1024, 4335 "type": "keyword" 4336 }, 4337 "registered_domain": { 4338 "ignore_above": 1024, 4339 "type": "keyword" 4340 }, 4341 "scheme": { 4342 "ignore_above": 1024, 4343 "type": "keyword" 4344 }, 4345 "subdomain": { 4346 "ignore_above": 1024, 4347 "type": "keyword" 4348 }, 4349 "top_level_domain": { 4350 "ignore_above": 1024, 4351 "type": "keyword" 4352 }, 4353 "username": { 4354 "ignore_above": 1024, 4355 "type": "keyword" 4356 } 4357 } 4358 }, 4359 "user": { 4360 "properties": { 4361 "changes": { 4362 "properties": { 4363 "domain": { 4364 "ignore_above": 1024, 4365 "type": "keyword" 4366 }, 4367 "email": { 4368 "ignore_above": 1024, 4369 "type": "keyword" 4370 }, 4371 "full_name": { 4372 "fields": { 4373 "text": { 4374 "norms": false, 4375 "type": "text" 4376 } 4377 }, 4378 "ignore_above": 1024, 4379 "type": "keyword" 4380 }, 4381 "group": { 4382 "properties": { 4383 "domain": { 4384 "ignore_above": 1024, 4385 "type": "keyword" 4386 }, 4387 "id": { 4388 "ignore_above": 1024, 4389 "type": "keyword" 4390 }, 4391 "name": { 4392 "ignore_above": 1024, 4393 "type": "keyword" 4394 } 4395 } 4396 }, 4397 "hash": { 4398 "ignore_above": 1024, 4399 "type": "keyword" 4400 }, 4401 "id": { 4402 "ignore_above": 1024, 4403 "type": "keyword" 4404 }, 4405 "name": { 4406 "fields": { 4407 "text": { 4408 "norms": false, 4409 "type": "text" 4410 } 4411 }, 4412 "ignore_above": 1024, 4413 "type": "keyword" 4414 }, 4415 "roles": { 4416 "ignore_above": 1024, 4417 "type": "keyword" 4418 } 4419 } 4420 }, 4421 "domain": { 4422 "ignore_above": 1024, 4423 "type": "keyword" 4424 }, 4425 "effective": { 4426 "properties": { 4427 "domain": { 4428 "ignore_above": 1024, 4429 "type": "keyword" 4430 }, 4431 "email": { 4432 "ignore_above": 1024, 4433 "type": "keyword" 4434 }, 4435 "full_name": { 4436 "fields": { 4437 "text": { 4438 "norms": false, 4439 "type": "text" 4440 } 4441 }, 4442 "ignore_above": 1024, 4443 "type": "keyword" 4444 }, 4445 "group": { 4446 "properties": { 4447 "domain": { 4448 "ignore_above": 1024, 4449 "type": "keyword" 4450 }, 4451 "id": { 4452 "ignore_above": 1024, 4453 "type": "keyword" 4454 }, 4455 "name": { 4456 "ignore_above": 1024, 4457 "type": "keyword" 4458 } 4459 } 4460 }, 4461 "hash": { 4462 "ignore_above": 1024, 4463 "type": "keyword" 4464 }, 4465 "id": { 4466 "ignore_above": 1024, 4467 "type": "keyword" 4468 }, 4469 "name": { 4470 "fields": { 4471 "text": { 4472 "norms": false, 4473 "type": "text" 4474 } 4475 }, 4476 "ignore_above": 1024, 4477 "type": "keyword" 4478 }, 4479 "roles": { 4480 "ignore_above": 1024, 4481 "type": "keyword" 4482 } 4483 } 4484 }, 4485 "email": { 4486 "ignore_above": 1024, 4487 "type": "keyword" 4488 }, 4489 "full_name": { 4490 "fields": { 4491 "text": { 4492 "norms": false, 4493 "type": "text" 4494 } 4495 }, 4496 "ignore_above": 1024, 4497 "type": "keyword" 4498 }, 4499 "group": { 4500 "properties": { 4501 "domain": { 4502 "ignore_above": 1024, 4503 "type": "keyword" 4504 }, 4505 "id": { 4506 "ignore_above": 1024, 4507 "type": "keyword" 4508 }, 4509 "name": { 4510 "ignore_above": 1024, 4511 "type": "keyword" 4512 } 4513 } 4514 }, 4515 "hash": { 4516 "ignore_above": 1024, 4517 "type": "keyword" 4518 }, 4519 "id": { 4520 "ignore_above": 1024, 4521 "type": "keyword" 4522 }, 4523 "name": { 4524 "fields": { 4525 "text": { 4526 "norms": false, 4527 "type": "text" 4528 } 4529 }, 4530 "ignore_above": 1024, 4531 "type": "keyword" 4532 }, 4533 "roles": { 4534 "ignore_above": 1024, 4535 "type": "keyword" 4536 }, 4537 "target": { 4538 "properties": { 4539 "domain": { 4540 "ignore_above": 1024, 4541 "type": "keyword" 4542 }, 4543 "email": { 4544 "ignore_above": 1024, 4545 "type": "keyword" 4546 }, 4547 "full_name": { 4548 "fields": { 4549 "text": { 4550 "norms": false, 4551 "type": "text" 4552 } 4553 }, 4554 "ignore_above": 1024, 4555 "type": "keyword" 4556 }, 4557 "group": { 4558 "properties": { 4559 "domain": { 4560 "ignore_above": 1024, 4561 "type": "keyword" 4562 }, 4563 "id": { 4564 "ignore_above": 1024, 4565 "type": "keyword" 4566 }, 4567 "name": { 4568 "ignore_above": 1024, 4569 "type": "keyword" 4570 } 4571 } 4572 }, 4573 "hash": { 4574 "ignore_above": 1024, 4575 "type": "keyword" 4576 }, 4577 "id": { 4578 "ignore_above": 1024, 4579 "type": "keyword" 4580 }, 4581 "name": { 4582 "fields": { 4583 "text": { 4584 "norms": false, 4585 "type": "text" 4586 } 4587 }, 4588 "ignore_above": 1024, 4589 "type": "keyword" 4590 }, 4591 "roles": { 4592 "ignore_above": 1024, 4593 "type": "keyword" 4594 } 4595 } 4596 } 4597 } 4598 }, 4599 "user_agent": { 4600 "properties": { 4601 "device": { 4602 "properties": { 4603 "name": { 4604 "ignore_above": 1024, 4605 "type": "keyword" 4606 } 4607 } 4608 }, 4609 "name": { 4610 "ignore_above": 1024, 4611 "type": "keyword" 4612 }, 4613 "original": { 4614 "fields": { 4615 "text": { 4616 "norms": false, 4617 "type": "text" 4618 } 4619 }, 4620 "ignore_above": 1024, 4621 "type": "keyword" 4622 }, 4623 "os": { 4624 "properties": { 4625 "family": { 4626 "ignore_above": 1024, 4627 "type": "keyword" 4628 }, 4629 "full": { 4630 "fields": { 4631 "text": { 4632 "norms": false, 4633 "type": "text" 4634 } 4635 }, 4636 "ignore_above": 1024, 4637 "type": "keyword" 4638 }, 4639 "kernel": { 4640 "ignore_above": 1024, 4641 "type": "keyword" 4642 }, 4643 "name": { 4644 "fields": { 4645 "text": { 4646 "norms": false, 4647 "type": "text" 4648 } 4649 }, 4650 "ignore_above": 1024, 4651 "type": "keyword" 4652 }, 4653 "platform": { 4654 "ignore_above": 1024, 4655 "type": "keyword" 4656 }, 4657 "type": { 4658 "ignore_above": 1024, 4659 "type": "keyword" 4660 }, 4661 "version": { 4662 "ignore_above": 1024, 4663 "type": "keyword" 4664 } 4665 } 4666 }, 4667 "version": { 4668 "ignore_above": 1024, 4669 "type": "keyword" 4670 } 4671 } 4672 }, 4673 "vulnerability": { 4674 "properties": { 4675 "category": { 4676 "ignore_above": 1024, 4677 "type": "keyword" 4678 }, 4679 "classification": { 4680 "ignore_above": 1024, 4681 "type": "keyword" 4682 }, 4683 "description": { 4684 "fields": { 4685 "text": { 4686 "norms": false, 4687 "type": "text" 4688 } 4689 }, 4690 "ignore_above": 1024, 4691 "type": "keyword" 4692 }, 4693 "enumeration": { 4694 "ignore_above": 1024, 4695 "type": "keyword" 4696 }, 4697 "id": { 4698 "ignore_above": 1024, 4699 "type": "keyword" 4700 }, 4701 "reference": { 4702 "ignore_above": 1024, 4703 "type": "keyword" 4704 }, 4705 "report_id": { 4706 "ignore_above": 1024, 4707 "type": "keyword" 4708 }, 4709 "scanner": { 4710 "properties": { 4711 "vendor": { 4712 "ignore_above": 1024, 4713 "type": "keyword" 4714 } 4715 } 4716 }, 4717 "score": { 4718 "properties": { 4719 "base": { 4720 "type": "float" 4721 }, 4722 "environmental": { 4723 "type": "float" 4724 }, 4725 "temporal": { 4726 "type": "float" 4727 }, 4728 "version": { 4729 "ignore_above": 1024, 4730 "type": "keyword" 4731 } 4732 } 4733 }, 4734 "severity": { 4735 "ignore_above": 1024, 4736 "type": "keyword" 4737 } 4738 } 4739 } 4740 } 4741 }, 4742 "order": 1, 4743 "settings": { 4744 "index": { 4745 "mapping": { 4746 "total_fields": { 4747 "limit": 10000 4748 } 4749 }, 4750 "refresh_interval": "5s" 4751 } 4752 } 4753} 4754