API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 8th, 2019
207
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 24.08 KB | None | 0 0
raw download clone embed print report
  1. {
  2.   "index": {
  3.     "lifecycle": {
  4.       "name": "filebeat-7.4.1",
  5.       "rollover_alias": "filebeat-7.4.1"
  6.     },
  7.     "mapping": {
  8.       "total_fields": {
  9.         "limit": "10000"
  10.       }
  11.     },
  12.     "refresh_interval": "5s",
  13.     "number_of_routing_shards": "30",
  14.     "number_of_shards": "1",
  15.     "query": {
  16.       "default_field": [
  17.         "message",
  18.         "tags",
  19.         "agent.ephemeral_id",
  20.         "agent.id",
  21.         "agent.name",
  22.         "agent.type",
  23.         "agent.version",
  24.         "as.organization.name",
  25.         "client.address",
  26.         "client.as.organization.name",
  27.         "client.domain",
  28.         "client.geo.city_name",
  29.         "client.geo.continent_name",
  30.         "client.geo.country_iso_code",
  31.         "client.geo.country_name",
  32.         "client.geo.name",
  33.         "client.geo.region_iso_code",
  34.         "client.geo.region_name",
  35.         "client.mac",
  36.         "client.user.domain",
  37.         "client.user.email",
  38.         "client.user.full_name",
  39.         "client.user.group.id",
  40.         "client.user.group.name",
  41.         "client.user.hash",
  42.         "client.user.id",
  43.         "client.user.name",
  44.         "cloud.account.id",
  45.         "cloud.availability_zone",
  46.         "cloud.instance.id",
  47.         "cloud.instance.name",
  48.         "cloud.machine.type",
  49.         "cloud.provider",
  50.         "cloud.region",
  51.         "container.id",
  52.         "container.image.name",
  53.         "container.image.tag",
  54.         "container.name",
  55.         "container.runtime",
  56.         "destination.address",
  57.         "destination.as.organization.name",
  58.         "destination.domain",
  59.         "destination.geo.city_name",
  60.         "destination.geo.continent_name",
  61.         "destination.geo.country_iso_code",
  62.         "destination.geo.country_name",
  63.         "destination.geo.name",
  64.         "destination.geo.region_iso_code",
  65.         "destination.geo.region_name",
  66.         "destination.mac",
  67.         "destination.user.domain",
  68.         "destination.user.email",
  69.         "destination.user.full_name",
  70.         "destination.user.group.id",
  71.         "destination.user.group.name",
  72.         "destination.user.hash",
  73.         "destination.user.id",
  74.         "destination.user.name",
  75.         "dns.answers.class",
  76.         "dns.answers.data",
  77.         "dns.answers.name",
  78.         "dns.answers.type",
  79.         "dns.header_flags",
  80.         "dns.id",
  81.         "dns.op_code",
  82.         "dns.question.class",
  83.         "dns.question.name",
  84.         "dns.question.registered_domain",
  85.         "dns.question.type",
  86.         "dns.response_code",
  87.         "dns.type",
  88.         "ecs.version",
  89.         "error.code",
  90.         "error.id",
  91.         "error.message",
  92.         "event.action",
  93.         "event.category",
  94.         "event.code",
  95.         "event.dataset",
  96.         "event.hash",
  97.         "event.id",
  98.         "event.kind",
  99.         "event.module",
  100.         "event.original",
  101.         "event.outcome",
  102.         "event.provider",
  103.         "event.timezone",
  104.         "event.type",
  105.         "file.device",
  106.         "file.directory",
  107.         "file.extension",
  108.         "file.gid",
  109.         "file.group",
  110.         "file.hash.md5",
  111.         "file.hash.sha1",
  112.         "file.hash.sha256",
  113.         "file.hash.sha512",
  114.         "file.inode",
  115.         "file.mode",
  116.         "file.name",
  117.         "file.owner",
  118.         "file.path",
  119.         "file.target_path",
  120.         "file.type",
  121.         "file.uid",
  122.         "geo.city_name",
  123.         "geo.continent_name",
  124.         "geo.country_iso_code",
  125.         "geo.country_name",
  126.         "geo.name",
  127.         "geo.region_iso_code",
  128.         "geo.region_name",
  129.         "group.id",
  130.         "group.name",
  131.         "hash.md5",
  132.         "hash.sha1",
  133.         "hash.sha256",
  134.         "hash.sha512",
  135.         "host.architecture",
  136.         "host.geo.city_name",
  137.         "host.geo.continent_name",
  138.         "host.geo.country_iso_code",
  139.         "host.geo.country_name",
  140.         "host.geo.name",
  141.         "host.geo.region_iso_code",
  142.         "host.geo.region_name",
  143.         "host.hostname",
  144.         "host.id",
  145.         "host.mac",
  146.         "host.name",
  147.         "host.os.family",
  148.         "host.os.full",
  149.         "host.os.kernel",
  150.         "host.os.name",
  151.         "host.os.platform",
  152.         "host.os.version",
  153.         "host.type",
  154.         "host.user.domain",
  155.         "host.user.email",
  156.         "host.user.full_name",
  157.         "host.user.group.id",
  158.         "host.user.group.name",
  159.         "host.user.hash",
  160.         "host.user.id",
  161.         "host.user.name",
  162.         "http.request.body.content",
  163.         "http.request.method",
  164.         "http.request.referrer",
  165.         "http.response.body.content",
  166.         "http.version",
  167.         "log.level",
  168.         "log.logger",
  169.         "log.original",
  170.         "network.application",
  171.         "network.community_id",
  172.         "network.direction",
  173.         "network.iana_number",
  174.         "network.name",
  175.         "network.protocol",
  176.         "network.transport",
  177.         "network.type",
  178.         "observer.geo.city_name",
  179.         "observer.geo.continent_name",
  180.         "observer.geo.country_iso_code",
  181.         "observer.geo.country_name",
  182.         "observer.geo.name",
  183.         "observer.geo.region_iso_code",
  184.         "observer.geo.region_name",
  185.         "observer.hostname",
  186.         "observer.mac",
  187.         "observer.os.family",
  188.         "observer.os.full",
  189.         "observer.os.kernel",
  190.         "observer.os.name",
  191.         "observer.os.platform",
  192.         "observer.os.version",
  193.         "observer.serial_number",
  194.         "observer.type",
  195.         "observer.vendor",
  196.         "observer.version",
  197.         "organization.id",
  198.         "organization.name",
  199.         "os.family",
  200.         "os.full",
  201.         "os.kernel",
  202.         "os.name",
  203.         "os.platform",
  204.         "os.version",
  205.         "process.args",
  206.         "process.executable",
  207.         "process.hash.md5",
  208.         "process.hash.sha1",
  209.         "process.hash.sha256",
  210.         "process.hash.sha512",
  211.         "process.name",
  212.         "process.thread.name",
  213.         "process.title",
  214.         "process.working_directory",
  215.         "server.address",
  216.         "server.as.organization.name",
  217.         "server.domain",
  218.         "server.geo.city_name",
  219.         "server.geo.continent_name",
  220.         "server.geo.country_iso_code",
  221.         "server.geo.country_name",
  222.         "server.geo.name",
  223.         "server.geo.region_iso_code",
  224.         "server.geo.region_name",
  225.         "server.mac",
  226.         "server.user.domain",
  227.         "server.user.email",
  228.         "server.user.full_name",
  229.         "server.user.group.id",
  230.         "server.user.group.name",
  231.         "server.user.hash",
  232.         "server.user.id",
  233.         "server.user.name",
  234.         "service.ephemeral_id",
  235.         "service.id",
  236.         "service.name",
  237.         "service.state",
  238.         "service.type",
  239.         "service.version",
  240.         "source.address",
  241.         "source.as.organization.name",
  242.         "source.domain",
  243.         "source.geo.city_name",
  244.         "source.geo.continent_name",
  245.         "source.geo.country_iso_code",
  246.         "source.geo.country_name",
  247.         "source.geo.name",
  248.         "source.geo.region_iso_code",
  249.         "source.geo.region_name",
  250.         "source.mac",
  251.         "source.user.domain",
  252.         "source.user.email",
  253.         "source.user.full_name",
  254.         "source.user.group.id",
  255.         "source.user.group.name",
  256.         "source.user.hash",
  257.         "source.user.id",
  258.         "source.user.name",
  259.         "tracing.trace.id",
  260.         "tracing.transaction.id",
  261.         "url.domain",
  262.         "url.fragment",
  263.         "url.full",
  264.         "url.original",
  265.         "url.password",
  266.         "url.path",
  267.         "url.query",
  268.         "url.scheme",
  269.         "url.username",
  270.         "user.domain",
  271.         "user.email",
  272.         "user.full_name",
  273.         "user.group.id",
  274.         "user.group.name",
  275.         "user.hash",
  276.         "user.id",
  277.         "user.name",
  278.         "user_agent.device.name",
  279.         "user_agent.name",
  280.         "user_agent.original",
  281.         "user_agent.os.family",
  282.         "user_agent.os.full",
  283.         "user_agent.os.kernel",
  284.         "user_agent.os.name",
  285.         "user_agent.os.platform",
  286.         "user_agent.os.version",
  287.         "user_agent.version",
  288.         "agent.hostname",
  289.         "error.type",
  290.         "timeseries.instance",
  291.         "cloud.project.id",
  292.         "cloud.image.id",
  293.         "host.os.build",
  294.         "host.os.codename",
  295.         "kubernetes.pod.name",
  296.         "kubernetes.pod.uid",
  297.         "kubernetes.namespace",
  298.         "kubernetes.node.name",
  299.         "kubernetes.replicaset.name",
  300.         "kubernetes.deployment.name",
  301.         "kubernetes.statefulset.name",
  302.         "kubernetes.container.name",
  303.         "kubernetes.container.image",
  304.         "jolokia.agent.version",
  305.         "jolokia.agent.id",
  306.         "jolokia.server.product",
  307.         "jolokia.server.version",
  308.         "jolokia.server.vendor",
  309.         "jolokia.url",
  310.         "log.file.path",
  311.         "log.source.address",
  312.         "stream",
  313.         "input.type",
  314.         "syslog.severity_label",
  315.         "syslog.facility_label",
  316.         "process.program",
  317.         "log.flags",
  318.         "user_agent.os.full_name",
  319.         "fileset.name",
  320.         "icmp.code",
  321.         "icmp.type",
  322.         "igmp.type",
  323.         "kafka.topic",
  324.         "kafka.key",
  325.         "apache.access.ssl.protocol",
  326.         "apache.access.ssl.cipher",
  327.         "apache.error.module",
  328.         "user.terminal",
  329.         "user.audit.id",
  330.         "user.audit.name",
  331.         "user.audit.group.id",
  332.         "user.audit.group.name",
  333.         "user.effective.id",
  334.         "user.effective.name",
  335.         "user.effective.group.id",
  336.         "user.effective.group.name",
  337.         "user.filesystem.id",
  338.         "user.filesystem.name",
  339.         "user.filesystem.group.id",
  340.         "user.filesystem.group.name",
  341.         "user.owner.id",
  342.         "user.owner.name",
  343.         "user.owner.group.id",
  344.         "user.owner.group.name",
  345.         "user.saved.id",
  346.         "user.saved.name",
  347.         "user.saved.group.id",
  348.         "user.saved.group.name",
  349.         "auditd.log.old_auid",
  350.         "auditd.log.new_auid",
  351.         "auditd.log.old_ses",
  352.         "auditd.log.new_ses",
  353.         "auditd.log.items",
  354.         "auditd.log.item",
  355.         "auditd.log.tty",
  356.         "auditd.log.a0",
  357.         "aws.s3access.bucket_owner",
  358.         "aws.s3access.bucket",
  359.         "aws.s3access.requester",
  360.         "aws.s3access.request_id",
  361.         "aws.s3access.operation",
  362.         "aws.s3access.key",
  363.         "aws.s3access.request_uri",
  364.         "aws.s3access.error_code",
  365.         "aws.s3access.referrer",
  366.         "aws.s3access.user_agent",
  367.         "aws.s3access.version_id",
  368.         "aws.s3access.host_id",
  369.         "aws.s3access.signature_version",
  370.         "aws.s3access.cipher_suite",
  371.         "aws.s3access.authentication_type",
  372.         "aws.s3access.host_header",
  373.         "aws.s3access.tls_version",
  374.         "cisco.asa.message_id",
  375.         "cisco.asa.suffix",
  376.         "cisco.asa.source_interface",
  377.         "cisco.asa.destination_interface",
  378.         "cisco.asa.rule_name",
  379.         "cisco.asa.source_username",
  380.         "cisco.asa.destination_username",
  381.         "cisco.asa.threat_level",
  382.         "cisco.asa.threat_category",
  383.         "cisco.asa.connection_id",
  384.         "cisco.ftd.message_id",
  385.         "cisco.ftd.suffix",
  386.         "cisco.ftd.source_interface",
  387.         "cisco.ftd.destination_interface",
  388.         "cisco.ftd.rule_name",
  389.         "cisco.ftd.source_username",
  390.         "cisco.ftd.destination_username",
  391.         "cisco.ftd.threat_level",
  392.         "cisco.ftd.threat_category",
  393.         "cisco.ftd.connection_id",
  394.         "cisco.ios.access_list",
  395.         "cisco.ios.facility",
  396.         "coredns.id",
  397.         "coredns.query.class",
  398.         "coredns.query.name",
  399.         "coredns.query.type",
  400.         "coredns.response.code",
  401.         "coredns.response.flags",
  402.         "cef.version",
  403.         "cef.device.vendor",
  404.         "cef.device.product",
  405.         "cef.device.version",
  406.         "cef.device.event_class_id",
  407.         "cef.severity",
  408.         "cef.name",
  409.         "observer.product",
  410.         "source.service.name",
  411.         "destination.service.name",
  412.         "elasticsearch.component",
  413.         "elasticsearch.cluster.uuid",
  414.         "elasticsearch.cluster.name",
  415.         "elasticsearch.node.id",
  416.         "elasticsearch.node.name",
  417.         "elasticsearch.index.name",
  418.         "elasticsearch.index.id",
  419.         "elasticsearch.shard.id",
  420.         "elasticsearch.audit.layer",
  421.         "elasticsearch.audit.event_type",
  422.         "elasticsearch.audit.origin.type",
  423.         "elasticsearch.audit.realm",
  424.         "elasticsearch.audit.user.realm",
  425.         "elasticsearch.audit.user.roles",
  426.         "elasticsearch.audit.action",
  427.         "elasticsearch.audit.url.params",
  428.         "elasticsearch.audit.indices",
  429.         "elasticsearch.audit.request.id",
  430.         "elasticsearch.audit.request.name",
  431.         "elasticsearch.audit.message",
  432.         "elasticsearch.gc.phase.name",
  433.         "elasticsearch.gc.tags",
  434.         "elasticsearch.slowlog.logger",
  435.         "elasticsearch.slowlog.took",
  436.         "elasticsearch.slowlog.types",
  437.         "elasticsearch.slowlog.stats",
  438.         "elasticsearch.slowlog.search_type",
  439.         "elasticsearch.slowlog.source_query",
  440.         "elasticsearch.slowlog.extra_source",
  441.         "elasticsearch.slowlog.total_hits",
  442.         "elasticsearch.slowlog.total_shards",
  443.         "elasticsearch.slowlog.routing",
  444.         "elasticsearch.slowlog.id",
  445.         "elasticsearch.slowlog.type",
  446.         "elasticsearch.slowlog.source",
  447.         "envoyproxy.log_type",
  448.         "envoyproxy.response_flags",
  449.         "envoyproxy.request_id",
  450.         "envoyproxy.authority",
  451.         "envoyproxy.proxy_type",
  452.         "googlecloud.vpcflow.reporter",
  453.         "googlecloud.vpcflow.destination.instance.project_id",
  454.         "googlecloud.vpcflow.destination.instance.region",
  455.         "googlecloud.vpcflow.destination.instance.zone",
  456.         "googlecloud.vpcflow.destination.vpc.project_id",
  457.         "googlecloud.vpcflow.destination.vpc.vpc_name",
  458.         "googlecloud.vpcflow.destination.vpc.subnetwork_name",
  459.         "googlecloud.vpcflow.source.instance.project_id",
  460.         "googlecloud.vpcflow.source.instance.region",
  461.         "googlecloud.vpcflow.source.instance.zone",
  462.         "googlecloud.vpcflow.source.vpc.project_id",
  463.         "googlecloud.vpcflow.source.vpc.vpc_name",
  464.         "googlecloud.vpcflow.source.vpc.subnetwork_name",
  465.         "haproxy.frontend_name",
  466.         "haproxy.backend_name",
  467.         "haproxy.server_name",
  468.         "haproxy.bind_name",
  469.         "haproxy.error_message",
  470.         "haproxy.source",
  471.         "haproxy.termination_state",
  472.         "haproxy.mode",
  473.         "haproxy.http.response.captured_cookie",
  474.         "haproxy.http.response.captured_headers",
  475.         "haproxy.http.request.captured_cookie",
  476.         "haproxy.http.request.captured_headers",
  477.         "haproxy.http.request.raw_request_line",
  478.         "ibmmq.errorlog.installation",
  479.         "ibmmq.errorlog.qmgr",
  480.         "ibmmq.errorlog.arithinsert",
  481.         "ibmmq.errorlog.commentinsert",
  482.         "ibmmq.errorlog.errordescription",
  483.         "ibmmq.errorlog.explanation",
  484.         "ibmmq.errorlog.action",
  485.         "ibmmq.errorlog.code",
  486.         "icinga.debug.facility",
  487.         "icinga.main.facility",
  488.         "icinga.startup.facility",
  489.         "iis.access.site_name",
  490.         "iis.access.server_name",
  491.         "iis.access.cookie",
  492.         "iis.error.reason_phrase",
  493.         "iis.error.queue_name",
  494.         "iptables.fragment_flags",
  495.         "iptables.input_device",
  496.         "iptables.output_device",
  497.         "iptables.tcp.flags",
  498.         "iptables.ubiquiti.input_zone",
  499.         "iptables.ubiquiti.output_zone",
  500.         "iptables.ubiquiti.rule_number",
  501.         "iptables.ubiquiti.rule_set",
  502.         "kafka.log.component",
  503.         "kafka.log.class",
  504.         "kafka.log.trace.class",
  505.         "kafka.log.trace.message",
  506.         "kibana.log.tags",
  507.         "kibana.log.state",
  508.         "logstash.log.module",
  509.         "text",
  510.         "logstash.log.thread",
  511.         "logstash.slowlog.module",
  512.         "text",
  513.         "logstash.slowlog.thread",
  514.         "text",
  515.         "logstash.slowlog.event",
  516.         "logstash.slowlog.plugin_name",
  517.         "logstash.slowlog.plugin_type",
  518.         "text",
  519.         "logstash.slowlog.plugin_params",
  520.         "mongodb.log.component",
  521.         "mongodb.log.context",
  522.         "mssql.log.origin",
  523.         "mysql.slowlog.query",
  524.         "mysql.slowlog.schema",
  525.         "mysql.slowlog.current_user",
  526.         "mysql.slowlog.last_errno",
  527.         "mysql.slowlog.killed",
  528.         "mysql.slowlog.log_slow_rate_type",
  529.         "mysql.slowlog.log_slow_rate_limit",
  530.         "mysql.slowlog.innodb.trx_id",
  531.         "nats.log.msg.type",
  532.         "nats.log.msg.subject",
  533.         "nats.log.msg.reply_to",
  534.         "nats.log.msg.error.message",
  535.         "nats.log.msg.queue_group",
  536.         "netflow.type",
  537.         "netflow.exporter.address",
  538.         "netflow.source_mac_address",
  539.         "netflow.post_destination_mac_address",
  540.         "netflow.destination_mac_address",
  541.         "netflow.post_source_mac_address",
  542.         "netflow.interface_name",
  543.         "netflow.interface_description",
  544.         "netflow.sampler_name",
  545.         "netflow.application_description",
  546.         "netflow.application_name",
  547.         "netflow.class_name",
  548.         "netflow.wlan_ssid",
  549.         "netflow.vr_fname",
  550.         "netflow.metro_evc_id",
  551.         "netflow.nat_pool_name",
  552.         "netflow.p2p_technology",
  553.         "netflow.tunnel_technology",
  554.         "netflow.encrypted_technology",
  555.         "netflow.observation_domain_name",
  556.         "netflow.selector_name",
  557.         "netflow.information_element_description",
  558.         "netflow.information_element_name",
  559.         "netflow.virtual_station_interface_name",
  560.         "netflow.virtual_station_name",
  561.         "netflow.sta_mac_address",
  562.         "netflow.wtp_mac_address",
  563.         "netflow.user_name",
  564.         "netflow.application_category_name",
  565.         "netflow.application_sub_category_name",
  566.         "netflow.application_group_name",
  567.         "netflow.dot1q_customer_source_mac_address",
  568.         "netflow.dot1q_customer_destination_mac_address",
  569.         "netflow.mib_context_name",
  570.         "netflow.mib_object_name",
  571.         "netflow.mib_object_description",
  572.         "netflow.mib_object_syntax",
  573.         "netflow.mib_module_name",
  574.         "netflow.mobile_imsi",
  575.         "netflow.mobile_msisdn",
  576.         "netflow.http_request_method",
  577.         "netflow.http_request_host",
  578.         "netflow.http_request_target",
  579.         "netflow.http_message_version",
  580.         "netflow.http_user_agent",
  581.         "netflow.http_content_type",
  582.         "netflow.http_reason_phrase",
  583.         "osquery.result.name",
  584.         "osquery.result.action",
  585.         "osquery.result.host_identifier",
  586.         "osquery.result.calendar_time",
  587.         "panw.panos.ruleset",
  588.         "panw.panos.source.zone",
  589.         "panw.panos.source.interface",
  590.         "panw.panos.destination.zone",
  591.         "panw.panos.destination.interface",
  592.         "panw.panos.network.pcap_id",
  593.         "panw.panos.network.nat.community_id",
  594.         "panw.panos.file.hash",
  595.         "panw.panos.url.category",
  596.         "panw.panos.flow_id",
  597.         "panw.panos.threat.resource",
  598.         "panw.panos.threat.id",
  599.         "panw.panos.threat.name",
  600.         "postgresql.log.timestamp",
  601.         "postgresql.log.database",
  602.         "postgresql.log.query",
  603.         "rabbitmq.log.pid",
  604.         "redis.log.role",
  605.         "redis.slowlog.cmd",
  606.         "redis.slowlog.key",
  607.         "redis.slowlog.args",
  608.         "bucket_name",
  609.         "object_key",
  610.         "santa.action",
  611.         "santa.decision",
  612.         "santa.reason",
  613.         "santa.mode",
  614.         "santa.disk.volume",
  615.         "santa.disk.bus",
  616.         "santa.disk.serial",
  617.         "santa.disk.bsdname",
  618.         "santa.disk.model",
  619.         "santa.disk.fs",
  620.         "santa.disk.mount",
  621.         "certificate.common_name",
  622.         "certificate.sha256",
  623.         "suricata.eve.event_type",
  624.         "suricata.eve.app_proto_orig",
  625.         "suricata.eve.tcp.tcp_flags",
  626.         "suricata.eve.tcp.tcp_flags_tc",
  627.         "suricata.eve.tcp.state",
  628.         "suricata.eve.tcp.tcp_flags_ts",
  629.         "suricata.eve.fileinfo.sha1",
  630.         "suricata.eve.fileinfo.state",
  631.         "suricata.eve.fileinfo.sha256",
  632.         "suricata.eve.fileinfo.md5",
  633.         "suricata.eve.dns.type",
  634.         "suricata.eve.dns.rrtype",
  635.         "suricata.eve.dns.rrname",
  636.         "suricata.eve.dns.rdata",
  637.         "suricata.eve.dns.rcode",
  638.         "suricata.eve.flow_id",
  639.         "suricata.eve.email.status",
  640.         "suricata.eve.http.redirect",
  641.         "suricata.eve.http.protocol",
  642.         "suricata.eve.http.http_content_type",
  643.         "suricata.eve.in_iface",
  644.         "suricata.eve.alert.category",
  645.         "suricata.eve.alert.signature",
  646.         "suricata.eve.ssh.client.proto_version",
  647.         "suricata.eve.ssh.client.software_version",
  648.         "suricata.eve.ssh.server.proto_version",
  649.         "suricata.eve.ssh.server.software_version",
  650.         "suricata.eve.tls.issuerdn",
  651.         "suricata.eve.tls.sni",
  652.         "suricata.eve.tls.version",
  653.         "suricata.eve.tls.fingerprint",
  654.         "suricata.eve.tls.serial",
  655.         "suricata.eve.tls.subject",
  656.         "suricata.eve.app_proto_ts",
  657.         "suricata.eve.flow.state",
  658.         "suricata.eve.flow.reason",
  659.         "suricata.eve.app_proto_tc",
  660.         "suricata.eve.smtp.rcpt_to",
  661.         "suricata.eve.smtp.mail_from",
  662.         "suricata.eve.smtp.helo",
  663.         "suricata.eve.app_proto_expected",
  664.         "system.auth.ssh.method",
  665.         "system.auth.ssh.signature",
  666.         "system.auth.ssh.event",
  667.         "system.auth.sudo.error",
  668.         "system.auth.sudo.tty",
  669.         "system.auth.sudo.pwd",
  670.         "system.auth.sudo.user",
  671.         "system.auth.sudo.command",
  672.         "system.auth.useradd.home",
  673.         "system.auth.useradd.shell",
  674.         "traefik.access.user_identifier",
  675.         "traefik.access.frontend_name",
  676.         "traefik.access.backend_url",
  677.         "zeek.session_id",
  678.         "zeek.connection.state",
  679.         "zeek.connection.history",
  680.         "zeek.connection.orig_l2_addr",
  681.         "zeek.connection.resp_l2_addr",
  682.         "zeek.dns.trans_id",
  683.         "zeek.dns.query",
  684.         "zeek.dns.qclass_name",
  685.         "zeek.dns.qtype_name",
  686.         "zeek.dns.rcode_name",
  687.         "zeek.dns.answers",
  688.         "zeek.http.status_msg",
  689.         "zeek.http.info_msg",
  690.         "zeek.http.tags",
  691.         "zeek.http.password",
  692.         "zeek.http.proxied",
  693.         "zeek.http.client_header_names",
  694.         "zeek.http.server_header_names",
  695.         "zeek.http.orig_fuids",
  696.         "zeek.http.orig_mime_types",
  697.         "zeek.http.orig_filenames",
  698.         "zeek.http.resp_fuids",
  699.         "zeek.http.resp_mime_types",
  700.         "zeek.http.resp_filenames",
  701.         "zeek.files.fuid",
  702.         "zeek.files.session_ids",
  703.         "zeek.files.source",
  704.         "zeek.files.analyzers",
  705.         "zeek.files.mime_type",
  706.         "zeek.files.filename",
  707.         "zeek.files.parent_fuid",
  708.         "zeek.files.md5",
  709.         "zeek.files.sha1",
  710.         "zeek.files.sha256",
  711.         "zeek.files.extracted",
  712.         "zeek.ssl.version",
  713.         "zeek.ssl.cipher",
  714.         "zeek.ssl.curve",
  715.         "zeek.ssl.server_name",
  716.         "zeek.ssl.next_protocol",
  717.         "zeek.ssl.cert_chain",
  718.         "zeek.ssl.cert_chain_fuids",
  719.         "zeek.ssl.client_cert_chain",
  720.         "zeek.ssl.client_cert_chain_fuids",
  721.         "zeek.ssl.issuer",
  722.         "zeek.ssl.client_issuer",
  723.         "zeek.ssl.validation_status",
  724.         "zeek.ssl.validation_code",
  725.         "zeek.ssl.subject",
  726.         "zeek.ssl.client_subject",
  727.         "zeek.ssl.last_alert",
  728.         "zeek.notice.connection_id",
  729.         "zeek.notice.icmp_id",
  730.         "zeek.notice.file.id",
  731.         "zeek.notice.file.parent_id",
  732.         "zeek.notice.file.source",
  733.         "zeek.notice.file.mime_type",
  734.         "zeek.notice.fuid",
  735.         "zeek.notice.note",
  736.         "zeek.notice.msg",
  737.         "zeek.notice.sub",
  738.         "zeek.notice.peer_name",
  739.         "zeek.notice.peer_descr",
  740.         "zeek.notice.actions",
  741.         "zeek.notice.email_body_sections",
  742.         "zeek.notice.email_delay_tokens",
  743.         "zeek.notice.identifier",
  744.         "fields.*"
  745.       ]
  746.     }
  747.   }
  748. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!