Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- PUT _index_template/myindex-template
- {
- "index_patterns": [
- "myindex-*"
- ],
- "mappings": {
- "_meta": {
- "version": "1.5.0"
- },
- "date_detection": false,
- "dynamic_templates": [
- {
- "strings_as_keyword": {
- "mapping": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "match_mapping_type": "string"
- }
- }
- ],
- "properties": {
- "@timestamp": {
- "type": "date"
- },
- "TimeOfConnection": {
- "type": "date"
- },
- "Timestamp": {
- "type": "date"
- },
- "agent": {
- "properties": {
- "ephemeral_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "as": {
- "properties": {
- "number": {
- "type": "long"
- },
- "organization": {
- "properties": {
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "client": {
- "properties": {
- "address": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "as": {
- "properties": {
- "number": {
- "type": "long"
- },
- "organization": {
- "properties": {
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "bytes": {
- "type": "long"
- },
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "geo": {
- "properties": {
- "city_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "continent_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "location": {
- "type": "geo_point"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ip": {
- "type": "ip"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "nat": {
- "properties": {
- "ip": {
- "type": "ip"
- },
- "port": {
- "type": "long"
- }
- }
- },
- "packets": {
- "type": "long"
- },
- "port": {
- "type": "long"
- },
- "registered_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "top_level_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "user": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "email": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full_name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "group": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hash": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "cloud": {
- "properties": {
- "account": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "availability_zone": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "instance": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "machine": {
- "properties": {
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "provider": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "code_signature": {
- "properties": {
- "exists": {
- "type": "boolean"
- },
- "status": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "subject_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "trusted": {
- "type": "boolean"
- },
- "valid": {
- "type": "boolean"
- }
- }
- },
- "container": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "image": {
- "properties": {
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "tag": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "labels": {
- "type": "object"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "runtime": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "destination": {
- "properties": {
- "address": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "as": {
- "properties": {
- "number": {
- "type": "long"
- },
- "organization": {
- "properties": {
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "bytes": {
- "type": "long"
- },
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "geo": {
- "properties": {
- "city_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "continent_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "location": {
- "type": "geo_point"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ip": {
- "type": "ip"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "nat": {
- "properties": {
- "ip": {
- "type": "ip"
- },
- "port": {
- "type": "long"
- }
- }
- },
- "packets": {
- "type": "long"
- },
- "port": {
- "type": "long"
- },
- "registered_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "top_level_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "user": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "email": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full_name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "group": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hash": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "dll": {
- "properties": {
- "code_signature": {
- "properties": {
- "exists": {
- "type": "boolean"
- },
- "status": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "subject_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "trusted": {
- "type": "boolean"
- },
- "valid": {
- "type": "boolean"
- }
- }
- },
- "hash": {
- "properties": {
- "md5": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha1": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha256": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha512": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "path": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "pe": {
- "properties": {
- "company": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "description": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "file_version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "original_file_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "product": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "dns": {
- "properties": {
- "answers": {
- "properties": {
- "class": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "data": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ttl": {
- "type": "long"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- },
- "type": "object"
- },
- "header_flags": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "op_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "question": {
- "properties": {
- "class": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "registered_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "subdomain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "top_level_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "resolved_ip": {
- "type": "ip"
- },
- "response_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ecs": {
- "properties": {
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "error": {
- "properties": {
- "code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "message": {
- "norms": false,
- "type": "text"
- },
- "stack_trace": {
- "doc_values": false,
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "index": false,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "event": {
- "properties": {
- "action": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "category": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "created": {
- "type": "date"
- },
- "dataset": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "duration": {
- "type": "long"
- },
- "end": {
- "type": "date"
- },
- "hash": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ingested": {
- "type": "date"
- },
- "kind": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "module": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "original": {
- "doc_values": false,
- "ignore_above": 1024,
- "index": false,
- "type": "keyword"
- },
- "outcome": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "provider": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "reference": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "risk_score": {
- "type": "float"
- },
- "risk_score_norm": {
- "type": "float"
- },
- "sequence": {
- "type": "long"
- },
- "severity": {
- "type": "long"
- },
- "start": {
- "type": "date"
- },
- "timezone": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "url": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "file": {
- "properties": {
- "accessed": {
- "type": "date"
- },
- "attributes": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "code_signature": {
- "properties": {
- "exists": {
- "type": "boolean"
- },
- "status": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "subject_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "trusted": {
- "type": "boolean"
- },
- "valid": {
- "type": "boolean"
- }
- }
- },
- "created": {
- "type": "date"
- },
- "ctime": {
- "type": "date"
- },
- "device": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "directory": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "drive_letter": {
- "ignore_above": 1,
- "type": "keyword"
- },
- "extension": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "gid": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "group": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "hash": {
- "properties": {
- "md5": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha1": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha256": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha512": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "inode": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "mime_type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "mode": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "mtime": {
- "type": "date"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "owner": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "path": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "pe": {
- "properties": {
- "company": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "description": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "file_version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "original_file_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "product": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "size": {
- "type": "long"
- },
- "target_path": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "uid": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "geo": {
- "properties": {
- "city_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "continent_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "location": {
- "type": "geo_point"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "group": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hash": {
- "properties": {
- "md5": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha1": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha256": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha512": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "host": {
- "properties": {
- "architecture": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "geo": {
- "properties": {
- "city_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "continent_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "location": {
- "type": "geo_point"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ip": {
- "type": "ip"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "os": {
- "properties": {
- "family": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "kernel": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "platform": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "uptime": {
- "type": "long"
- },
- "user": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "email": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full_name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "group": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hash": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "http": {
- "properties": {
- "request": {
- "properties": {
- "body": {
- "properties": {
- "bytes": {
- "type": "long"
- },
- "content": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "bytes": {
- "type": "long"
- },
- "method": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "referrer": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "response": {
- "properties": {
- "body": {
- "properties": {
- "bytes": {
- "type": "long"
- },
- "content": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "bytes": {
- "type": "long"
- },
- "status_code": {
- "type": "long"
- }
- }
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "interface": {
- "properties": {
- "alias": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "labels": {
- "type": "object"
- },
- "log": {
- "properties": {
- "level": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "logger": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "origin": {
- "properties": {
- "file": {
- "properties": {
- "line": {
- "type": "integer"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "function": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "original": {
- "doc_values": false,
- "ignore_above": 1024,
- "index": false,
- "type": "keyword"
- },
- "syslog": {
- "properties": {
- "facility": {
- "properties": {
- "code": {
- "type": "long"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "priority": {
- "type": "long"
- },
- "severity": {
- "properties": {
- "code": {
- "type": "long"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- },
- "type": "object"
- }
- }
- },
- "message": {
- "norms": false,
- "type": "text"
- },
- "network": {
- "properties": {
- "application": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "bytes": {
- "type": "long"
- },
- "community_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "direction": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "forwarded_ip": {
- "type": "ip"
- },
- "iana_number": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "inner": {
- "properties": {
- "vlan": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- },
- "type": "object"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "packets": {
- "type": "long"
- },
- "protocol": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "transport": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "vlan": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "observer": {
- "properties": {
- "egress": {
- "properties": {
- "interface": {
- "properties": {
- "alias": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "vlan": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "zone": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- },
- "type": "object"
- },
- "geo": {
- "properties": {
- "city_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "continent_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "location": {
- "type": "geo_point"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hostname": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ingress": {
- "properties": {
- "interface": {
- "properties": {
- "alias": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "vlan": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "zone": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- },
- "type": "object"
- },
- "ip": {
- "type": "ip"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "os": {
- "properties": {
- "family": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "kernel": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "platform": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "product": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "serial_number": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "vendor": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "organization": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "os": {
- "properties": {
- "family": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "kernel": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "platform": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "package": {
- "properties": {
- "architecture": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "build_version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "checksum": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "description": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "install_scope": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "installed": {
- "type": "date"
- },
- "license": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "path": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "reference": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "size": {
- "type": "long"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "pe": {
- "properties": {
- "company": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "description": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "file_version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "original_file_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "product": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "process": {
- "properties": {
- "args": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "args_count": {
- "type": "long"
- },
- "code_signature": {
- "properties": {
- "exists": {
- "type": "boolean"
- },
- "status": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "subject_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "trusted": {
- "type": "boolean"
- },
- "valid": {
- "type": "boolean"
- }
- }
- },
- "command_line": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "entity_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "executable": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "exit_code": {
- "type": "long"
- },
- "hash": {
- "properties": {
- "md5": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha1": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha256": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha512": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "parent": {
- "properties": {
- "args": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "args_count": {
- "type": "long"
- },
- "code_signature": {
- "properties": {
- "exists": {
- "type": "boolean"
- },
- "status": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "subject_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "trusted": {
- "type": "boolean"
- },
- "valid": {
- "type": "boolean"
- }
- }
- },
- "command_line": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "entity_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "executable": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "exit_code": {
- "type": "long"
- },
- "hash": {
- "properties": {
- "md5": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha1": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha256": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha512": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "pgid": {
- "type": "long"
- },
- "pid": {
- "type": "long"
- },
- "ppid": {
- "type": "long"
- },
- "start": {
- "type": "date"
- },
- "thread": {
- "properties": {
- "id": {
- "type": "long"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "title": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "uptime": {
- "type": "long"
- },
- "working_directory": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "pe": {
- "properties": {
- "company": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "description": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "file_version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "original_file_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "product": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "pgid": {
- "type": "long"
- },
- "pid": {
- "type": "long"
- },
- "ppid": {
- "type": "long"
- },
- "start": {
- "type": "date"
- },
- "thread": {
- "properties": {
- "id": {
- "type": "long"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "title": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "uptime": {
- "type": "long"
- },
- "working_directory": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "registry": {
- "properties": {
- "data": {
- "properties": {
- "bytes": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "strings": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hive": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "key": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "path": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "value": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "related": {
- "properties": {
- "hash": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ip": {
- "type": "ip"
- },
- "user": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "rule": {
- "properties": {
- "author": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "category": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "description": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "license": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "reference": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ruleset": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "uuid": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "server": {
- "properties": {
- "address": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "as": {
- "properties": {
- "number": {
- "type": "long"
- },
- "organization": {
- "properties": {
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "bytes": {
- "type": "long"
- },
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "geo": {
- "properties": {
- "city_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "continent_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "location": {
- "type": "geo_point"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ip": {
- "type": "ip"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "nat": {
- "properties": {
- "ip": {
- "type": "ip"
- },
- "port": {
- "type": "long"
- }
- }
- },
- "packets": {
- "type": "long"
- },
- "port": {
- "type": "long"
- },
- "registered_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "top_level_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "user": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "email": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full_name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "group": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hash": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "service": {
- "properties": {
- "ephemeral_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "node": {
- "properties": {
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "state": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "type": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "source": {
- "properties": {
- "address": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "as": {
- "properties": {
- "number": {
- "type": "long"
- },
- "organization": {
- "properties": {
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "bytes": {
- "type": "long"
- },
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "geo": {
- "properties": {
- "city_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "continent_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "country_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "location": {
- "type": "geo_point"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_iso_code": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "region_name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "ip": {
- "type": "ip"
- },
- "mac": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "nat": {
- "properties": {
- "ip": {
- "type": "ip"
- },
- "port": {
- "type": "long"
- }
- }
- },
- "packets": {
- "type": "long"
- },
- "port": {
- "type": "long"
- },
- "registered_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "top_level_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "user": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "email": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full_name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "group": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hash": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "tags": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "threat": {
- "properties": {
- "framework": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "tactic": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "reference": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "technique": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "reference": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "tls": {
- "properties": {
- "cipher": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "client": {
- "properties": {
- "certificate": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "certificate_chain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "hash": {
- "properties": {
- "md5": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha1": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha256": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "issuer": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ja3": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "not_after": {
- "type": "date"
- },
- "not_before": {
- "type": "date"
- },
- "server_name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "subject": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "supported_ciphers": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "curve": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "established": {
- "type": "boolean"
- },
- "next_protocol": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "resumed": {
- "type": "boolean"
- },
- "server": {
- "properties": {
- "certificate": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "certificate_chain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "hash": {
- "properties": {
- "md5": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha1": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "sha256": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "issuer": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "ja3s": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "not_after": {
- "type": "date"
- },
- "not_before": {
- "type": "date"
- },
- "subject": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version_protocol": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "trace": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "transaction": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "url": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "extension": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "fragment": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "original": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "password": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "path": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "port": {
- "type": "long"
- },
- "query": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "registered_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "scheme": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "top_level_domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "username": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "user": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "email": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full_name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "group": {
- "properties": {
- "domain": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "hash": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "user_agent": {
- "properties": {
- "device": {
- "properties": {
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "original": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "os": {
- "properties": {
- "family": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "full": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "kernel": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "platform": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "vlan": {
- "properties": {
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "name": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "vulnerability": {
- "properties": {
- "category": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "classification": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "description": {
- "fields": {
- "text": {
- "norms": false,
- "type": "text"
- }
- },
- "ignore_above": 1024,
- "type": "keyword"
- },
- "enumeration": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "reference": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "report_id": {
- "ignore_above": 1024,
- "type": "keyword"
- },
- "scanner": {
- "properties": {
- "vendor": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "score": {
- "properties": {
- "base": {
- "type": "float"
- },
- "environmental": {
- "type": "float"
- },
- "temporal": {
- "type": "float"
- },
- "version": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- },
- "severity": {
- "ignore_above": 1024,
- "type": "keyword"
- }
- }
- }
- }
- },
- "order": 1,
- "settings": {
- "index": {
- "mapping": {
- "total_fields": {
- "limit": 10000
- }
- },
- "refresh_interval": "5s"
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
