{ "filebeat-7.8.1-2020.11.27-000107" : { "mappings" : { "_meta" : { "beat" : "filebeat", "version" : "7.8.1" }, "dynamic_templates" : [ { "labels" : { "path_match" : "labels.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "container.labels" : { "path_match" : "container.labels.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "dns.answers" : { "path_match" : "dns.answers.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "log.syslog" : { "path_match" : "log.syslog.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "network.inner" : { "path_match" : "network.inner.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "observer.egress" : { "path_match" : "observer.egress.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "observer.ingress" : { "path_match" : "observer.ingress.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "fields" : { "path_match" : "fields.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "docker.container.labels" : { "path_match" : "docker.container.labels.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "kubernetes.labels.*" : { "path_match" : "kubernetes.labels.*", "mapping" : { "type" : "keyword" } } }, { "kubernetes.annotations.*" : { "path_match" : "kubernetes.annotations.*", "mapping" : { "type" : "keyword" } } }, { "docker.attrs" : { "path_match" : "docker.attrs.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "azure.activitylogs.identity.claims.*" : { "path_match" : "azure.activitylogs.identity.claims.*", "mapping" : { "type" : "keyword" } } }, { "kibana.log.meta" : { "path_match" : "kibana.log.meta.*", "match_mapping_type" : "string", "mapping" : { "type" : "keyword" } } }, { "strings_as_keyword" : { "match_mapping_type" : "string", "mapping" : { "ignore_above" : 1024, "type" : "keyword" } } } ], "date_detection" : false, "properties" : { "@timestamp" : { "type" : "date" }, "Errs" : { "type" : "long" }, "MsgIn" : { "type" : "long" }, "MsgInOutputQueue" : { "type" : "long" }, "MsgOut" : { "type" : "long" }, "Node" : { "type" : "text", "norms" : false, "fields" : { "keyword" : { "type" : "keyword" } } }, "Pid" : { "type" : "long" }, "Status" : { "type" : "text", "norms" : false }, "System" : { "type" : "text", "norms" : false }, "Timestamp" : { "type" : "date" }, "VER" : { "type" : "text", "norms" : false }, "Warns" : { "type" : "long" }, "activemq" : { "properties" : { "audit" : { "type" : "object" }, "caller" : { "type" : "keyword", "ignore_above" : 1024 }, "log" : { "properties" : { "stack_trace" : { "type" : "keyword", "ignore_above" : 1024 } } }, "thread" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "type" : "keyword", "ignore_above" : 1024 } } }, "agent" : { "properties" : { "ephemeral_id" : { "type" : "keyword", "ignore_above" : 1024 }, "hostname" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "apache" : { "properties" : { "access" : { "properties" : { "ssl" : { "properties" : { "cipher" : { "type" : "keyword", "ignore_above" : 1024 }, "protocol" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "error" : { "properties" : { "module" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "apache2" : { "properties" : { "access" : { "properties" : { "geoip" : { "type" : "object" }, "user_agent" : { "type" : "object" } } }, "error" : { "type" : "object" } } }, "as" : { "properties" : { "number" : { "type" : "long" }, "organization" : { "properties" : { "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "auditd" : { "properties" : { "log" : { "properties" : { "a0" : { "type" : "keyword", "ignore_above" : 1024 }, "addr" : { "type" : "ip" }, "geoip" : { "type" : "object" }, "item" : { "type" : "keyword", "ignore_above" : 1024 }, "items" : { "type" : "keyword", "ignore_above" : 1024 }, "laddr" : { "type" : "ip" }, "lport" : { "type" : "long" }, "new_auid" : { "type" : "keyword", "ignore_above" : 1024 }, "new_ses" : { "type" : "keyword", "ignore_above" : 1024 }, "old_auid" : { "type" : "keyword", "ignore_above" : 1024 }, "old_ses" : { "type" : "keyword", "ignore_above" : 1024 }, "rport" : { "type" : "long" }, "sequence" : { "type" : "long" }, "tty" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "aws" : { "properties" : { "cloudtrail" : { "properties" : { "additional_eventdata" : { "type" : "keyword", "ignore_above" : 1024 }, "api_version" : { "type" : "keyword", "ignore_above" : 1024 }, "console_login" : { "properties" : { "additional_eventdata" : { "properties" : { "login_to" : { "type" : "keyword", "ignore_above" : 1024 }, "mfa_used" : { "type" : "boolean" }, "mobile_version" : { "type" : "boolean" } } } } }, "error_code" : { "type" : "keyword", "ignore_above" : 1024 }, "error_message" : { "type" : "keyword", "ignore_above" : 1024 }, "event_type" : { "type" : "keyword", "ignore_above" : 1024 }, "event_version" : { "type" : "keyword", "ignore_above" : 1024 }, "management_event" : { "type" : "keyword", "ignore_above" : 1024 }, "read_only" : { "type" : "keyword", "ignore_above" : 1024 }, "recipient_account_id" : { "type" : "keyword", "ignore_above" : 1024 }, "request_id" : { "type" : "keyword", "ignore_above" : 1024 }, "request_parameters" : { "type" : "keyword", "ignore_above" : 1024 }, "resources" : { "properties" : { "account_id" : { "type" : "keyword", "ignore_above" : 1024 }, "arn" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "response_elements" : { "type" : "keyword", "ignore_above" : 1024 }, "service_event_details" : { "type" : "keyword", "ignore_above" : 1024 }, "shared_event_id" : { "type" : "keyword", "ignore_above" : 1024 }, "user_identity" : { "properties" : { "access_key_id" : { "type" : "keyword", "ignore_above" : 1024 }, "arn" : { "type" : "keyword", "ignore_above" : 1024 }, "invoked_by" : { "type" : "keyword", "ignore_above" : 1024 }, "session_context" : { "properties" : { "creation_date" : { "type" : "date" }, "mfa_authenticated" : { "type" : "keyword", "ignore_above" : 1024 } } }, "session_issuer" : { "properties" : { "account_id" : { "type" : "keyword", "ignore_above" : 1024 }, "arn" : { "type" : "keyword", "ignore_above" : 1024 }, "principal_id" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vpc_endpoint_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "cloudwatch" : { "properties" : { "message" : { "type" : "text", "norms" : false } } }, "ec2" : { "properties" : { "ip_address" : { "type" : "keyword", "ignore_above" : 1024 } } }, "elb" : { "properties" : { "action_executed" : { "type" : "keyword", "ignore_above" : 1024 }, "backend" : { "properties" : { "http" : { "properties" : { "response" : { "properties" : { "status_code" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "ip" : { "type" : "keyword", "ignore_above" : 1024 }, "port" : { "type" : "keyword", "ignore_above" : 1024 } } }, "backend_processing_time" : { "properties" : { "sec" : { "type" : "float" } } }, "chosen_cert" : { "properties" : { "arn" : { "type" : "keyword", "ignore_above" : 1024 }, "serial" : { "type" : "keyword", "ignore_above" : 1024 } } }, "connection_time" : { "properties" : { "ms" : { "type" : "long" } } }, "error" : { "properties" : { "reason" : { "type" : "keyword", "ignore_above" : 1024 } } }, "incoming_tls_alert" : { "type" : "keyword", "ignore_above" : 1024 }, "listener" : { "type" : "keyword", "ignore_above" : 1024 }, "matched_rule_priority" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "protocol" : { "type" : "keyword", "ignore_above" : 1024 }, "redirect_url" : { "type" : "keyword", "ignore_above" : 1024 }, "request_processing_time" : { "properties" : { "sec" : { "type" : "float" } } }, "response_processing_time" : { "properties" : { "sec" : { "type" : "float" } } }, "ssl_cipher" : { "type" : "keyword", "ignore_above" : 1024 }, "ssl_protocol" : { "type" : "keyword", "ignore_above" : 1024 }, "target_group" : { "properties" : { "arn" : { "type" : "keyword", "ignore_above" : 1024 } } }, "tls_handshake_time" : { "properties" : { "ms" : { "type" : "long" } } }, "tls_named_group" : { "type" : "keyword", "ignore_above" : 1024 }, "trace_id" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "s3access" : { "properties" : { "authentication_type" : { "type" : "keyword", "ignore_above" : 1024 }, "bucket" : { "type" : "keyword", "ignore_above" : 1024 }, "bucket_owner" : { "type" : "keyword", "ignore_above" : 1024 }, "bytes_sent" : { "type" : "long" }, "cipher_suite" : { "type" : "keyword", "ignore_above" : 1024 }, "error_code" : { "type" : "keyword", "ignore_above" : 1024 }, "host_header" : { "type" : "keyword", "ignore_above" : 1024 }, "host_id" : { "type" : "keyword", "ignore_above" : 1024 }, "http_status" : { "type" : "long" }, "key" : { "type" : "keyword", "ignore_above" : 1024 }, "object_size" : { "type" : "long" }, "operation" : { "type" : "keyword", "ignore_above" : 1024 }, "referrer" : { "type" : "keyword", "ignore_above" : 1024 }, "remote_ip" : { "type" : "ip" }, "request_id" : { "type" : "keyword", "ignore_above" : 1024 }, "request_uri" : { "type" : "keyword", "ignore_above" : 1024 }, "requester" : { "type" : "keyword", "ignore_above" : 1024 }, "signature_version" : { "type" : "keyword", "ignore_above" : 1024 }, "tls_version" : { "type" : "keyword", "ignore_above" : 1024 }, "total_time" : { "type" : "long" }, "turn_around_time" : { "type" : "long" }, "user_agent" : { "type" : "keyword", "ignore_above" : 1024 }, "version_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vpcflow" : { "properties" : { "account_id" : { "type" : "keyword", "ignore_above" : 1024 }, "action" : { "type" : "keyword", "ignore_above" : 1024 }, "instance_id" : { "type" : "keyword", "ignore_above" : 1024 }, "interface_id" : { "type" : "keyword", "ignore_above" : 1024 }, "log_status" : { "type" : "keyword", "ignore_above" : 1024 }, "pkt_dstaddr" : { "type" : "ip" }, "pkt_srcaddr" : { "type" : "ip" }, "subnet_id" : { "type" : "keyword", "ignore_above" : 1024 }, "tcp_flags" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 }, "vpc_id" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "azure" : { "properties" : { "activitylogs" : { "properties" : { "category" : { "type" : "keyword", "ignore_above" : 1024 }, "identity" : { "properties" : { "authorization" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "evidence" : { "properties" : { "principal_id" : { "type" : "keyword", "ignore_above" : 1024 }, "principal_type" : { "type" : "keyword", "ignore_above" : 1024 }, "role" : { "type" : "keyword", "ignore_above" : 1024 }, "role_assignment_id" : { "type" : "keyword", "ignore_above" : 1024 }, "role_assignment_scope" : { "type" : "keyword", "ignore_above" : 1024 }, "role_definition_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "scope" : { "type" : "keyword", "ignore_above" : 1024 } } }, "claims" : { "properties" : { "*" : { "type" : "object" } } }, "claims_initiated_by_user" : { "properties" : { "fullname" : { "type" : "keyword", "ignore_above" : 1024 }, "givenname" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "schema" : { "type" : "keyword", "ignore_above" : 1024 }, "surname" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "operation_name" : { "type" : "keyword", "ignore_above" : 1024 }, "properties" : { "properties" : { "service_request_id" : { "type" : "keyword", "ignore_above" : 1024 }, "status_code" : { "type" : "keyword", "ignore_above" : 1024 } } }, "result_signature" : { "type" : "keyword", "ignore_above" : 1024 } } }, "auditlogs" : { "properties" : { "identity" : { "type" : "keyword", "ignore_above" : 1024 }, "operation_name" : { "type" : "keyword", "ignore_above" : 1024 }, "operation_version" : { "type" : "keyword", "ignore_above" : 1024 }, "properties" : { "properties" : { "activity_datetime" : { "type" : "date" }, "activity_display_name" : { "type" : "keyword", "ignore_above" : 1024 }, "category" : { "type" : "keyword", "ignore_above" : 1024 }, "correlation_id" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "initiated_by" : { "properties" : { "app" : { "properties" : { "appId" : { "type" : "keyword", "ignore_above" : 1024 }, "displayName" : { "type" : "keyword", "ignore_above" : 1024 }, "servicePrincipalId" : { "type" : "keyword", "ignore_above" : 1024 }, "servicePrincipalName" : { "type" : "keyword", "ignore_above" : 1024 } } }, "user" : { "properties" : { "displayName" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "ipAddress" : { "type" : "keyword", "ignore_above" : 1024 }, "userPrincipalName" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "logged_by_service" : { "type" : "keyword", "ignore_above" : 1024 }, "operation_type" : { "type" : "keyword", "ignore_above" : 1024 }, "result" : { "type" : "keyword", "ignore_above" : 1024 }, "result_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "target_resources" : { "properties" : { "*" : { "properties" : { "display_name" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "ip_address" : { "type" : "keyword", "ignore_above" : 1024 }, "modified_properties" : { "properties" : { "*" : { "properties" : { "display_name" : { "type" : "keyword", "ignore_above" : 1024 }, "new_value" : { "type" : "keyword", "ignore_above" : 1024 }, "old_value" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "user_principal_name" : { "type" : "keyword", "ignore_above" : 1024 } } } } } } }, "result_signature" : { "type" : "keyword", "ignore_above" : 1024 }, "tenant_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "consumer_group" : { "type" : "keyword", "ignore_above" : 1024 }, "correlation_id" : { "type" : "keyword", "ignore_above" : 1024 }, "enqueued_time" : { "type" : "date" }, "eventhub" : { "type" : "keyword", "ignore_above" : 1024 }, "offset" : { "type" : "long" }, "partition_id" : { "type" : "long" }, "resource" : { "properties" : { "authorization_rule" : { "type" : "keyword", "ignore_above" : 1024 }, "group" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "namespace" : { "type" : "keyword", "ignore_above" : 1024 }, "provider" : { "type" : "keyword", "ignore_above" : 1024 } } }, "sequence_number" : { "type" : "long" }, "signinlogs" : { "properties" : { "identity" : { "type" : "keyword", "ignore_above" : 1024 }, "operation_name" : { "type" : "keyword", "ignore_above" : 1024 }, "operation_version" : { "type" : "keyword", "ignore_above" : 1024 }, "properties" : { "properties" : { "app_display_name" : { "type" : "keyword", "ignore_above" : 1024 }, "app_id" : { "type" : "keyword", "ignore_above" : 1024 }, "client_app_used" : { "type" : "keyword", "ignore_above" : 1024 }, "conditional_access_status" : { "type" : "keyword", "ignore_above" : 1024 }, "correlation_id" : { "type" : "keyword", "ignore_above" : 1024 }, "created_at" : { "type" : "date" }, "device_detail" : { "properties" : { "browser" : { "type" : "keyword", "ignore_above" : 1024 }, "device_id" : { "type" : "keyword", "ignore_above" : 1024 }, "display_name" : { "type" : "keyword", "ignore_above" : 1024 }, "operating_system" : { "type" : "keyword", "ignore_above" : 1024 }, "trust_type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "ip_address" : { "type" : "keyword", "ignore_above" : 1024 }, "is_interactive" : { "type" : "keyword", "ignore_above" : 1024 }, "original_request_id" : { "type" : "keyword", "ignore_above" : 1024 }, "processing_time_ms" : { "type" : "float" }, "resource_display_name" : { "type" : "keyword", "ignore_above" : 1024 }, "risk_detail" : { "type" : "keyword", "ignore_above" : 1024 }, "risk_level_aggregated" : { "type" : "keyword", "ignore_above" : 1024 }, "risk_level_during_signin" : { "type" : "keyword", "ignore_above" : 1024 }, "risk_state" : { "type" : "keyword", "ignore_above" : 1024 }, "service_principal_id" : { "type" : "keyword", "ignore_above" : 1024 }, "status" : { "properties" : { "error_code" : { "type" : "keyword", "ignore_above" : 1024 } } }, "token_issuer_name" : { "type" : "keyword", "ignore_above" : 1024 }, "token_issuer_type" : { "type" : "keyword", "ignore_above" : 1024 }, "user_display_name" : { "type" : "keyword", "ignore_above" : 1024 }, "user_id" : { "type" : "keyword", "ignore_above" : 1024 }, "user_principal_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "result_description" : { "type" : "keyword", "ignore_above" : 1024 }, "result_signature" : { "type" : "keyword", "ignore_above" : 1024 }, "tenant_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "subscription_id" : { "type" : "keyword", "ignore_above" : 1024 }, "tenant_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "bucket_name" : { "type" : "keyword", "ignore_above" : 1024 }, "cef" : { "properties" : { "device" : { "properties" : { "event_class_id" : { "type" : "keyword", "ignore_above" : 1024 }, "product" : { "type" : "keyword", "ignore_above" : 1024 }, "vendor" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "extensions" : { "properties" : { "Reason" : { "type" : "keyword", "ignore_above" : 1024 }, "agentAddress" : { "type" : "ip" }, "agentDnsDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "agentHostName" : { "type" : "keyword", "ignore_above" : 1024 }, "agentId" : { "type" : "keyword", "ignore_above" : 1024 }, "agentMacAddress" : { "type" : "keyword", "ignore_above" : 1024 }, "agentNtDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "agentReceiptTime" : { "type" : "date" }, "agentTimeZone" : { "type" : "keyword", "ignore_above" : 1024 }, "agentTranslatedAddress" : { "type" : "ip" }, "agentTranslatedZoneExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "agentTranslatedZoneURI" : { "type" : "keyword", "ignore_above" : 1024 }, "agentType" : { "type" : "keyword", "ignore_above" : 1024 }, "agentVersion" : { "type" : "keyword", "ignore_above" : 1024 }, "agentZoneExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "agentZoneURI" : { "type" : "keyword", "ignore_above" : 1024 }, "applicationProtocol" : { "type" : "keyword", "ignore_above" : 1024 }, "baseEventCount" : { "type" : "long" }, "bytesIn" : { "type" : "long" }, "bytesOut" : { "type" : "long" }, "categoryBehavior" : { "type" : "keyword", "ignore_above" : 1024 }, "categoryDeviceGroup" : { "type" : "keyword", "ignore_above" : 1024 }, "categoryDeviceType" : { "type" : "keyword", "ignore_above" : 1024 }, "categoryObject" : { "type" : "keyword", "ignore_above" : 1024 }, "categoryOutcome" : { "type" : "keyword", "ignore_above" : 1024 }, "categorySignificance" : { "type" : "keyword", "ignore_above" : 1024 }, "categoryTechnique" : { "type" : "keyword", "ignore_above" : 1024 }, "cp_app_risk" : { "type" : "keyword", "ignore_above" : 1024 }, "cp_severity" : { "type" : "keyword", "ignore_above" : 1024 }, "customerExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "customerURI" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationAddress" : { "type" : "ip" }, "destinationDnsDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationGeoLatitude" : { "type" : "double" }, "destinationGeoLongitude" : { "type" : "double" }, "destinationHostName" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationMacAddress" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationNtDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationPort" : { "type" : "long" }, "destinationProcessId" : { "type" : "long" }, "destinationProcessName" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationServiceName" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationTranslatedAddress" : { "type" : "ip" }, "destinationTranslatedPort" : { "type" : "long" }, "destinationTranslatedZoneExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationTranslatedZoneURI" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationUserId" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationUserName" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationUserPrivileges" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationZoneExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "destinationZoneURI" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceAction" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceAddress" : { "type" : "ip" }, "deviceCustomDate1" : { "type" : "date" }, "deviceCustomDate1Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomDate2" : { "type" : "date" }, "deviceCustomDate2Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomFloatingPoint1" : { "type" : "double" }, "deviceCustomFloatingPoint1Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomFloatingPoint2" : { "type" : "double" }, "deviceCustomFloatingPoint2Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomFloatingPoint3" : { "type" : "double" }, "deviceCustomFloatingPoint3Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomFloatingPoint4" : { "type" : "double" }, "deviceCustomFloatingPoint4Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomIPv6Address1" : { "type" : "ip" }, "deviceCustomIPv6Address1Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomIPv6Address2" : { "type" : "ip" }, "deviceCustomIPv6Address2Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomIPv6Address3" : { "type" : "ip" }, "deviceCustomIPv6Address3Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomIPv6Address4" : { "type" : "ip" }, "deviceCustomIPv6Address4Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomNumber1" : { "type" : "long" }, "deviceCustomNumber1Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomNumber2" : { "type" : "long" }, "deviceCustomNumber2Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomNumber3" : { "type" : "long" }, "deviceCustomNumber3Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString1" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString1Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString2" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString2Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString3" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString3Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString4" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString4Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString5" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString5Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString6" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceCustomString6Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceDirection" : { "type" : "long" }, "deviceDnsDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceEventCategory" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceExternalId" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceFacility" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceFlexNumber1" : { "type" : "long" }, "deviceFlexNumber1Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceFlexNumber2" : { "type" : "long" }, "deviceFlexNumber2Label" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceHostName" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceInboundInterface" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceMacAddress" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceNtDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceOutboundInterface" : { "type" : "keyword", "ignore_above" : 1024 }, "devicePayloadId" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceProcessId" : { "type" : "long" }, "deviceProcessName" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceReceiptTime" : { "type" : "date" }, "deviceTimeZone" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceTranslatedAddress" : { "type" : "ip" }, "deviceTranslatedZoneExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceTranslatedZoneURI" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceZoneExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "deviceZoneURI" : { "type" : "keyword", "ignore_above" : 1024 }, "endTime" : { "type" : "date" }, "eventId" : { "type" : "long" }, "eventOutcome" : { "type" : "keyword", "ignore_above" : 1024 }, "externalId" : { "type" : "keyword", "ignore_above" : 1024 }, "fileCreateTime" : { "type" : "date" }, "fileHash" : { "type" : "keyword", "ignore_above" : 1024 }, "fileId" : { "type" : "keyword", "ignore_above" : 1024 }, "fileModificationTime" : { "type" : "date" }, "filePath" : { "type" : "keyword", "ignore_above" : 1024 }, "filePermission" : { "type" : "keyword", "ignore_above" : 1024 }, "fileSize" : { "type" : "long" }, "fileType" : { "type" : "keyword", "ignore_above" : 1024 }, "filename" : { "type" : "keyword", "ignore_above" : 1024 }, "flexDate1" : { "type" : "date" }, "flexDate1Label" : { "type" : "keyword", "ignore_above" : 1024 }, "flexString1" : { "type" : "keyword", "ignore_above" : 1024 }, "flexString1Label" : { "type" : "keyword", "ignore_above" : 1024 }, "flexString2" : { "type" : "keyword", "ignore_above" : 1024 }, "flexString2Label" : { "type" : "keyword", "ignore_above" : 1024 }, "ifname" : { "type" : "keyword", "ignore_above" : 1024 }, "inzone" : { "type" : "keyword", "ignore_above" : 1024 }, "layer_name" : { "type" : "keyword", "ignore_above" : 1024 }, "layer_uuid" : { "type" : "keyword", "ignore_above" : 1024 }, "logid" : { "type" : "keyword", "ignore_above" : 1024 }, "loguid" : { "type" : "keyword", "ignore_above" : 1024 }, "managerReceiptTime" : { "type" : "date" }, "match_id" : { "type" : "keyword", "ignore_above" : 1024 }, "message" : { "type" : "keyword", "ignore_above" : 1024 }, "nat_addtnl_rulenum" : { "type" : "keyword", "ignore_above" : 1024 }, "nat_rulenum" : { "type" : "keyword", "ignore_above" : 1024 }, "oldFileCreateTime" : { "type" : "date" }, "oldFileHash" : { "type" : "keyword", "ignore_above" : 1024 }, "oldFileId" : { "type" : "keyword", "ignore_above" : 1024 }, "oldFileModificationTime" : { "type" : "date" }, "oldFileName" : { "type" : "keyword", "ignore_above" : 1024 }, "oldFilePath" : { "type" : "keyword", "ignore_above" : 1024 }, "oldFilePermission" : { "type" : "keyword", "ignore_above" : 1024 }, "oldFileSize" : { "type" : "long" }, "oldFileType" : { "type" : "keyword", "ignore_above" : 1024 }, "origin" : { "type" : "keyword", "ignore_above" : 1024 }, "originsicname" : { "type" : "keyword", "ignore_above" : 1024 }, "outzone" : { "type" : "keyword", "ignore_above" : 1024 }, "parent_rule" : { "type" : "keyword", "ignore_above" : 1024 }, "product" : { "type" : "keyword", "ignore_above" : 1024 }, "rawEvent" : { "type" : "keyword", "ignore_above" : 1024 }, "requestClientApplication" : { "type" : "keyword", "ignore_above" : 1024 }, "requestContext" : { "type" : "keyword", "ignore_above" : 1024 }, "requestCookies" : { "type" : "keyword", "ignore_above" : 1024 }, "requestMethod" : { "type" : "keyword", "ignore_above" : 1024 }, "requestUrl" : { "type" : "keyword", "ignore_above" : 1024 }, "rule_action" : { "type" : "keyword", "ignore_above" : 1024 }, "rule_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "sequencenum" : { "type" : "keyword", "ignore_above" : 1024 }, "service_id" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceAddress" : { "type" : "ip" }, "sourceDnsDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceGeoLatitude" : { "type" : "double" }, "sourceGeoLongitude" : { "type" : "double" }, "sourceHostName" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceMacAddress" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceNtDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "sourcePort" : { "type" : "long" }, "sourceProcessId" : { "type" : "long" }, "sourceProcessName" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceServiceName" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceTranslatedAddress" : { "type" : "ip" }, "sourceTranslatedPort" : { "type" : "long" }, "sourceTranslatedZoneExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceTranslatedZoneURI" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceUserId" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceUserName" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceUserPrivileges" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceZoneExternalID" : { "type" : "keyword", "ignore_above" : 1024 }, "sourceZoneURI" : { "type" : "keyword", "ignore_above" : 1024 }, "startTime" : { "type" : "date" }, "transportProtocol" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "long" }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "severity" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "checkpoint" : { "properties" : { "action_reason" : { "type" : "long" }, "additional_info" : { "type" : "keyword", "ignore_above" : 1024 }, "additional_ip" : { "type" : "keyword", "ignore_above" : 1024 }, "additional_rdata" : { "type" : "keyword", "ignore_above" : 1024 }, "alert" : { "type" : "keyword", "ignore_above" : 1024 }, "allocated_ports" : { "type" : "long" }, "analyzed_on" : { "type" : "keyword", "ignore_above" : 1024 }, "answer_rdata" : { "type" : "keyword", "ignore_above" : 1024 }, "anti_virus_type" : { "type" : "keyword", "ignore_above" : 1024 }, "app_desc" : { "type" : "keyword", "ignore_above" : 1024 }, "app_id" : { "type" : "long" }, "app_package" : { "type" : "keyword", "ignore_above" : 1024 }, "app_properties" : { "type" : "keyword", "ignore_above" : 1024 }, "app_repackaged" : { "type" : "keyword", "ignore_above" : 1024 }, "app_risk" : { "type" : "keyword", "ignore_above" : 1024 }, "app_severity" : { "type" : "keyword", "ignore_above" : 1024 }, "app_sid_id" : { "type" : "keyword", "ignore_above" : 1024 }, "app_sig_id" : { "type" : "keyword", "ignore_above" : 1024 }, "app_version" : { "type" : "keyword", "ignore_above" : 1024 }, "appi_name" : { "type" : "keyword", "ignore_above" : 1024 }, "arrival_time" : { "type" : "keyword", "ignore_above" : 1024 }, "attachments_num" : { "type" : "long" }, "attack_status" : { "type" : "keyword", "ignore_above" : 1024 }, "audit_status" : { "type" : "keyword", "ignore_above" : 1024 }, "auth_method" : { "type" : "keyword", "ignore_above" : 1024 }, "authority_rdata" : { "type" : "keyword", "ignore_above" : 1024 }, "authorization" : { "type" : "keyword", "ignore_above" : 1024 }, "bcc" : { "type" : "keyword", "ignore_above" : 1024 }, "blade_name" : { "type" : "keyword", "ignore_above" : 1024 }, "broker_publisher" : { "type" : "ip" }, "browse_time" : { "type" : "keyword", "ignore_above" : 1024 }, "c_bytes" : { "type" : "long" }, "calc_desc" : { "type" : "keyword", "ignore_above" : 1024 }, "capacity" : { "type" : "long" }, "capture_uuid" : { "type" : "keyword", "ignore_above" : 1024 }, "category" : { "type" : "keyword", "ignore_above" : 1024 }, "cc" : { "type" : "keyword", "ignore_above" : 1024 }, "certificate_resource" : { "type" : "keyword", "ignore_above" : 1024 }, "certificate_validation" : { "type" : "keyword", "ignore_above" : 1024 }, "cgnet" : { "type" : "keyword", "ignore_above" : 1024 }, "chunk_type" : { "type" : "keyword", "ignore_above" : 1024 }, "client_name" : { "type" : "keyword", "ignore_above" : 1024 }, "client_type" : { "type" : "keyword", "ignore_above" : 1024 }, "client_type_os" : { "type" : "keyword", "ignore_above" : 1024 }, "client_version" : { "type" : "keyword", "ignore_above" : 1024 }, "cluster_info" : { "type" : "keyword", "ignore_above" : 1024 }, "community" : { "type" : "keyword", "ignore_above" : 1024 }, "confidence_level" : { "type" : "long" }, "connection_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "connectivity_level" : { "type" : "keyword", "ignore_above" : 1024 }, "connectivity_state" : { "type" : "keyword", "ignore_above" : 1024 }, "conns_amount" : { "type" : "long" }, "content_disposition" : { "type" : "keyword", "ignore_above" : 1024 }, "content_length" : { "type" : "keyword", "ignore_above" : 1024 }, "content_risk" : { "type" : "long" }, "content_type" : { "type" : "keyword", "ignore_above" : 1024 }, "context_num" : { "type" : "long" }, "cookie" : { "type" : "keyword", "ignore_above" : 1024 }, "cookieI" : { "type" : "keyword", "ignore_above" : 1024 }, "cookieR" : { "type" : "keyword", "ignore_above" : 1024 }, "cp_message" : { "type" : "long" }, "cvpn_category" : { "type" : "keyword", "ignore_above" : 1024 }, "cvpn_resource" : { "type" : "keyword", "ignore_above" : 1024 }, "data_type_name" : { "type" : "keyword", "ignore_above" : 1024 }, "dce-rpc_interface_uuid" : { "type" : "keyword", "ignore_above" : 1024 }, "delivery_time" : { "type" : "keyword", "ignore_above" : 1024 }, "desc" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "keyword", "ignore_above" : 1024 }, "destination_object" : { "type" : "keyword", "ignore_above" : 1024 }, "detected_on" : { "type" : "keyword", "ignore_above" : 1024 }, "developer_certificate_name" : { "type" : "keyword", "ignore_above" : 1024 }, "diameter_app_ID" : { "type" : "long" }, "diameter_cmd_code" : { "type" : "long" }, "diameter_msg_type" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_action_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_additional_action" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_categories" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_data_type_name" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_data_type_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_fingerprint_files_number" : { "type" : "long" }, "dlp_fingerprint_long_status" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_fingerprint_short_status" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_incident_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_recipients" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_related_incident_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_relevant_data_types" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_repository_directories_number" : { "type" : "long" }, "dlp_repository_files_number" : { "type" : "long" }, "dlp_repository_id" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_repository_not_scanned_directories_percentage" : { "type" : "long" }, "dlp_repository_reached_directories_number" : { "type" : "long" }, "dlp_repository_root_path" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_repository_scan_progress" : { "type" : "long" }, "dlp_repository_scanned_directories_number" : { "type" : "long" }, "dlp_repository_scanned_files_number" : { "type" : "long" }, "dlp_repository_scanned_total_size" : { "type" : "long" }, "dlp_repository_skipped_files_number" : { "type" : "long" }, "dlp_repository_total_size" : { "type" : "long" }, "dlp_repository_unreachable_directories_number" : { "type" : "long" }, "dlp_rule_name" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_subject" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_template_score" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_transint" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_violation_description" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_watermark_profile" : { "type" : "keyword", "ignore_above" : 1024 }, "dlp_word_list" : { "type" : "keyword", "ignore_above" : 1024 }, "dns_query" : { "type" : "keyword", "ignore_above" : 1024 }, "drop_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "dropped_file_hash" : { "type" : "keyword", "ignore_above" : 1024 }, "dropped_file_name" : { "type" : "keyword", "ignore_above" : 1024 }, "dropped_file_type" : { "type" : "keyword", "ignore_above" : 1024 }, "dropped_file_verdict" : { "type" : "keyword", "ignore_above" : 1024 }, "dropped_incoming" : { "type" : "long" }, "dropped_outgoing" : { "type" : "long" }, "dropped_total" : { "type" : "long" }, "drops_amount" : { "type" : "long" }, "dst_country" : { "type" : "keyword", "ignore_above" : 1024 }, "dst_phone_number" : { "type" : "keyword", "ignore_above" : 1024 }, "dst_user_name" : { "type" : "keyword", "ignore_above" : 1024 }, "dstkeyid" : { "type" : "keyword", "ignore_above" : 1024 }, "duplicate" : { "type" : "keyword", "ignore_above" : 1024 }, "duration" : { "type" : "keyword", "ignore_above" : 1024 }, "elapsed" : { "type" : "keyword", "ignore_above" : 1024 }, "email_content" : { "type" : "keyword", "ignore_above" : 1024 }, "email_control" : { "type" : "keyword", "ignore_above" : 1024 }, "email_control_analysis" : { "type" : "keyword", "ignore_above" : 1024 }, "email_headers" : { "type" : "keyword", "ignore_above" : 1024 }, "email_id" : { "type" : "keyword", "ignore_above" : 1024 }, "email_message_id" : { "type" : "keyword", "ignore_above" : 1024 }, "email_queue_id" : { "type" : "keyword", "ignore_above" : 1024 }, "email_queue_name" : { "type" : "keyword", "ignore_above" : 1024 }, "email_recipients_num" : { "type" : "long" }, "email_session_id" : { "type" : "keyword", "ignore_above" : 1024 }, "email_spam_category" : { "type" : "keyword", "ignore_above" : 1024 }, "email_spool_id" : { "type" : "keyword", "ignore_above" : 1024 }, "email_status" : { "type" : "keyword", "ignore_above" : 1024 }, "email_subject" : { "type" : "keyword", "ignore_above" : 1024 }, "emulated_on" : { "type" : "keyword", "ignore_above" : 1024 }, "encryption_failure" : { "type" : "keyword", "ignore_above" : 1024 }, "end_time" : { "type" : "keyword", "ignore_above" : 1024 }, "end_user_firewall_type" : { "type" : "keyword", "ignore_above" : 1024 }, "esod_access_status" : { "type" : "keyword", "ignore_above" : 1024 }, "esod_associated_policies" : { "type" : "keyword", "ignore_above" : 1024 }, "esod_noncompliance_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "esod_rule_action" : { "type" : "keyword", "ignore_above" : 1024 }, "esod_rule_name" : { "type" : "keyword", "ignore_above" : 1024 }, "esod_rule_type" : { "type" : "keyword", "ignore_above" : 1024 }, "esod_scan_status" : { "type" : "keyword", "ignore_above" : 1024 }, "event_count" : { "type" : "long" }, "expire_time" : { "type" : "keyword", "ignore_above" : 1024 }, "extension_version" : { "type" : "keyword", "ignore_above" : 1024 }, "extracted_file_hash" : { "type" : "keyword", "ignore_above" : 1024 }, "extracted_file_names" : { "type" : "keyword", "ignore_above" : 1024 }, "extracted_file_type" : { "type" : "keyword", "ignore_above" : 1024 }, "extracted_file_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "extracted_file_verdict" : { "type" : "keyword", "ignore_above" : 1024 }, "failure_impact" : { "type" : "keyword", "ignore_above" : 1024 }, "failure_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "file_direction" : { "type" : "keyword", "ignore_above" : 1024 }, "file_name" : { "type" : "keyword", "ignore_above" : 1024 }, "files_names" : { "type" : "keyword", "ignore_above" : 1024 }, "first_hit_time" : { "type" : "long" }, "frequency" : { "type" : "keyword", "ignore_above" : 1024 }, "fs-proto" : { "type" : "keyword", "ignore_above" : 1024 }, "ftp_user" : { "type" : "keyword", "ignore_above" : 1024 }, "fw_message" : { "type" : "keyword", "ignore_above" : 1024 }, "fw_subproduct" : { "type" : "keyword", "ignore_above" : 1024 }, "hide_ip" : { "type" : "ip" }, "hit" : { "type" : "long" }, "host_time" : { "type" : "keyword", "ignore_above" : 1024 }, "http_host" : { "type" : "keyword", "ignore_above" : 1024 }, "http_location" : { "type" : "keyword", "ignore_above" : 1024 }, "http_server" : { "type" : "keyword", "ignore_above" : 1024 }, "https_inspection_action" : { "type" : "keyword", "ignore_above" : 1024 }, "https_inspection_rule_id" : { "type" : "keyword", "ignore_above" : 1024 }, "https_inspection_rule_name" : { "type" : "keyword", "ignore_above" : 1024 }, "https_validation" : { "type" : "keyword", "ignore_above" : 1024 }, "icap_more_info" : { "type" : "long" }, "icap_server_name" : { "type" : "keyword", "ignore_above" : 1024 }, "icap_server_service" : { "type" : "keyword", "ignore_above" : 1024 }, "icap_service_id" : { "type" : "long" }, "icmp" : { "type" : "keyword", "ignore_above" : 1024 }, "icmp_code" : { "type" : "long" }, "icmp_type" : { "type" : "long" }, "id" : { "type" : "long" }, "identity_type" : { "type" : "keyword", "ignore_above" : 1024 }, "ike" : { "type" : "keyword", "ignore_above" : 1024 }, "ike_ids" : { "type" : "keyword", "ignore_above" : 1024 }, "impacted_files" : { "type" : "keyword", "ignore_above" : 1024 }, "incident_extension" : { "type" : "keyword", "ignore_above" : 1024 }, "indicator_description" : { "type" : "keyword", "ignore_above" : 1024 }, "indicator_name" : { "type" : "keyword", "ignore_above" : 1024 }, "indicator_reference" : { "type" : "keyword", "ignore_above" : 1024 }, "indicator_uuid" : { "type" : "keyword", "ignore_above" : 1024 }, "info" : { "type" : "keyword", "ignore_above" : 1024 }, "information" : { "type" : "keyword", "ignore_above" : 1024 }, "inspection_category" : { "type" : "keyword", "ignore_above" : 1024 }, "inspection_item" : { "type" : "keyword", "ignore_above" : 1024 }, "inspection_profile" : { "type" : "keyword", "ignore_above" : 1024 }, "inspection_settings_log" : { "type" : "keyword", "ignore_above" : 1024 }, "installed_products" : { "type" : "keyword", "ignore_above" : 1024 }, "int_end" : { "type" : "long" }, "int_start" : { "type" : "long" }, "integrity_av_invoke_type" : { "type" : "keyword", "ignore_above" : 1024 }, "interface_name" : { "type" : "keyword", "ignore_above" : 1024 }, "internal_error" : { "type" : "keyword", "ignore_above" : 1024 }, "invalid_file_size" : { "type" : "long" }, "ip_option" : { "type" : "long" }, "isp_link" : { "type" : "keyword", "ignore_above" : 1024 }, "last_hit_time" : { "type" : "long" }, "last_rematch_time" : { "type" : "keyword", "ignore_above" : 1024 }, "layer_name" : { "type" : "keyword", "ignore_above" : 1024 }, "layer_uuid" : { "type" : "keyword", "ignore_above" : 1024 }, "limit_applied" : { "type" : "long" }, "limit_requested" : { "type" : "long" }, "link_probing_status_update" : { "type" : "keyword", "ignore_above" : 1024 }, "links_num" : { "type" : "long" }, "log_delay" : { "type" : "long" }, "log_id" : { "type" : "long" }, "logid" : { "type" : "keyword", "ignore_above" : 1024 }, "long_desc" : { "type" : "keyword", "ignore_above" : 1024 }, "machine" : { "type" : "keyword", "ignore_above" : 1024 }, "malware_family" : { "type" : "keyword", "ignore_above" : 1024 }, "match_fk" : { "type" : "long" }, "match_id" : { "type" : "long" }, "matched_file" : { "type" : "keyword", "ignore_above" : 1024 }, "matched_file_percentage" : { "type" : "long" }, "matched_file_text_segments" : { "type" : "long" }, "media_type" : { "type" : "keyword", "ignore_above" : 1024 }, "message" : { "type" : "keyword", "ignore_above" : 1024 }, "message_info" : { "type" : "keyword", "ignore_above" : 1024 }, "message_size" : { "type" : "long" }, "method" : { "type" : "keyword", "ignore_above" : 1024 }, "methods" : { "type" : "keyword", "ignore_above" : 1024 }, "mime_from" : { "type" : "keyword", "ignore_above" : 1024 }, "mime_to" : { "type" : "keyword", "ignore_above" : 1024 }, "mirror_and_decrypt_type" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_collection" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_command_and_control" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_credential_access" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_defense_evasion" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_discovery" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_execution" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_exfiltration" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_impact" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_initial_access" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_lateral_movement" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_persistence" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_privilege_escalation" : { "type" : "keyword", "ignore_above" : 1024 }, "monitor_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "msgid" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "nat46" : { "type" : "keyword", "ignore_above" : 1024 }, "nat_addtnl_rulenum" : { "type" : "long" }, "nat_exhausted_pool" : { "type" : "keyword", "ignore_above" : 1024 }, "nat_rulenum" : { "type" : "long" }, "needs_browse_time" : { "type" : "long" }, "next_hop_ip" : { "type" : "keyword", "ignore_above" : 1024 }, "next_scheduled_scan_date" : { "type" : "keyword", "ignore_above" : 1024 }, "number_of_errors" : { "type" : "long" }, "objecttable" : { "type" : "keyword", "ignore_above" : 1024 }, "objecttype" : { "type" : "keyword", "ignore_above" : 1024 }, "observable_comment" : { "type" : "keyword", "ignore_above" : 1024 }, "observable_id" : { "type" : "keyword", "ignore_above" : 1024 }, "observable_name" : { "type" : "keyword", "ignore_above" : 1024 }, "operation" : { "type" : "keyword", "ignore_above" : 1024 }, "operation_number" : { "type" : "keyword", "ignore_above" : 1024 }, "origin_sic_name" : { "type" : "keyword", "ignore_above" : 1024 }, "original_queue_id" : { "type" : "keyword", "ignore_above" : 1024 }, "outgoing_url" : { "type" : "keyword", "ignore_above" : 1024 }, "packet_amount" : { "type" : "long" }, "packet_capture_unique_id" : { "type" : "keyword", "ignore_above" : 1024 }, "parent_file_hash" : { "type" : "keyword", "ignore_above" : 1024 }, "parent_file_name" : { "type" : "keyword", "ignore_above" : 1024 }, "parent_file_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "parent_process_username" : { "type" : "keyword", "ignore_above" : 1024 }, "parent_rule" : { "type" : "long" }, "peer_gateway" : { "type" : "ip" }, "peer_ip" : { "type" : "keyword", "ignore_above" : 1024 }, "peer_ip_probing_status_update" : { "type" : "keyword", "ignore_above" : 1024 }, "performance_impact" : { "type" : "long" }, "policy_mgmt" : { "type" : "keyword", "ignore_above" : 1024 }, "policy_name" : { "type" : "keyword", "ignore_above" : 1024 }, "ports_usage" : { "type" : "long" }, "ppp" : { "type" : "keyword", "ignore_above" : 1024 }, "precise_error" : { "type" : "keyword", "ignore_above" : 1024 }, "process_username" : { "type" : "keyword", "ignore_above" : 1024 }, "properties" : { "type" : "keyword", "ignore_above" : 1024 }, "protection_id" : { "type" : "keyword", "ignore_above" : 1024 }, "protection_name" : { "type" : "keyword", "ignore_above" : 1024 }, "protection_type" : { "type" : "keyword", "ignore_above" : 1024 }, "protocol" : { "type" : "keyword", "ignore_above" : 1024 }, "proxy_machine_name" : { "type" : "long" }, "proxy_src_ip" : { "type" : "ip" }, "proxy_user_dn" : { "type" : "keyword", "ignore_above" : 1024 }, "proxy_user_name" : { "type" : "keyword", "ignore_above" : 1024 }, "query" : { "type" : "keyword", "ignore_above" : 1024 }, "question_rdata" : { "type" : "keyword", "ignore_above" : 1024 }, "referrer" : { "type" : "keyword", "ignore_above" : 1024 }, "referrer_parent_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "referrer_self_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "registered_ip-phones" : { "type" : "keyword", "ignore_above" : 1024 }, "reject_category" : { "type" : "keyword", "ignore_above" : 1024 }, "reject_id" : { "type" : "keyword", "ignore_above" : 1024 }, "rematch_info" : { "type" : "keyword", "ignore_above" : 1024 }, "remediated_files" : { "type" : "keyword", "ignore_above" : 1024 }, "reply_status" : { "type" : "long" }, "risk" : { "type" : "keyword", "ignore_above" : 1024 }, "rpc_prog" : { "type" : "long" }, "rule" : { "type" : "long" }, "rule_action" : { "type" : "keyword", "ignore_above" : 1024 }, "rulebase_id" : { "type" : "long" }, "scan_direction" : { "type" : "keyword", "ignore_above" : 1024 }, "scan_hosts_day" : { "type" : "long" }, "scan_hosts_hour" : { "type" : "long" }, "scan_hosts_week" : { "type" : "long" }, "scan_id" : { "type" : "keyword", "ignore_above" : 1024 }, "scan_mail" : { "type" : "long" }, "scan_result" : { "type" : "keyword", "ignore_above" : 1024 }, "scan_results" : { "type" : "keyword", "ignore_above" : 1024 }, "scheme" : { "type" : "keyword", "ignore_above" : 1024 }, "scope" : { "type" : "keyword", "ignore_above" : 1024 }, "scrub_activity" : { "type" : "keyword", "ignore_above" : 1024 }, "scrub_download_time" : { "type" : "keyword", "ignore_above" : 1024 }, "scrub_time" : { "type" : "keyword", "ignore_above" : 1024 }, "scrub_total_time" : { "type" : "keyword", "ignore_above" : 1024 }, "scrubbed_content" : { "type" : "keyword", "ignore_above" : 1024 }, "sctp_association_state" : { "type" : "keyword", "ignore_above" : 1024 }, "sctp_error" : { "type" : "keyword", "ignore_above" : 1024 }, "scv_message_info" : { "type" : "keyword", "ignore_above" : 1024 }, "scv_user" : { "type" : "keyword", "ignore_above" : 1024 }, "securexl_message" : { "type" : "keyword", "ignore_above" : 1024 }, "sensor_mode" : { "type" : "keyword", "ignore_above" : 1024 }, "session_id" : { "type" : "keyword", "ignore_above" : 1024 }, "session_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "severity" : { "type" : "keyword", "ignore_above" : 1024 }, "short_desc" : { "type" : "keyword", "ignore_above" : 1024 }, "sig_id" : { "type" : "keyword", "ignore_above" : 1024 }, "similar_communication" : { "type" : "keyword", "ignore_above" : 1024 }, "similar_hashes" : { "type" : "keyword", "ignore_above" : 1024 }, "similar_strings" : { "type" : "keyword", "ignore_above" : 1024 }, "similiar_iocs" : { "type" : "keyword", "ignore_above" : 1024 }, "sip_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "site_name" : { "type" : "keyword", "ignore_above" : 1024 }, "source_interface" : { "type" : "keyword", "ignore_above" : 1024 }, "source_object" : { "type" : "long" }, "source_os" : { "type" : "keyword", "ignore_above" : 1024 }, "special_properties" : { "type" : "long" }, "specific_data_type_name" : { "type" : "keyword", "ignore_above" : 1024 }, "speed" : { "type" : "long" }, "spyware_name" : { "type" : "keyword", "ignore_above" : 1024 }, "spyware_status" : { "type" : "keyword", "ignore_above" : 1024 }, "spyware_type" : { "type" : "keyword", "ignore_above" : 1024 }, "src_country" : { "type" : "keyword", "ignore_above" : 1024 }, "src_phone_number" : { "type" : "keyword", "ignore_above" : 1024 }, "src_user_dn" : { "type" : "keyword", "ignore_above" : 1024 }, "src_user_name" : { "type" : "keyword", "ignore_above" : 1024 }, "srckeyid" : { "type" : "keyword", "ignore_above" : 1024 }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "status_update" : { "type" : "keyword", "ignore_above" : 1024 }, "sub_policy_name" : { "type" : "keyword", "ignore_above" : 1024 }, "sub_policy_uid" : { "type" : "keyword", "ignore_above" : 1024 }, "subs_exp" : { "type" : "date" }, "subscriber" : { "type" : "ip" }, "summary" : { "type" : "keyword", "ignore_above" : 1024 }, "suppressed_logs" : { "type" : "long" }, "sync" : { "type" : "keyword", "ignore_above" : 1024 }, "sys_message" : { "type" : "keyword", "ignore_above" : 1024 }, "tcp_end_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "tcp_flags" : { "type" : "keyword", "ignore_above" : 1024 }, "tcp_packet_out_of_state" : { "type" : "keyword", "ignore_above" : 1024 }, "tcp_state" : { "type" : "keyword", "ignore_above" : 1024 }, "te_verdict_determined_by" : { "type" : "keyword", "ignore_above" : 1024 }, "termination_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "ticket_id" : { "type" : "keyword", "ignore_above" : 1024 }, "tls_server_host_name" : { "type" : "keyword", "ignore_above" : 1024 }, "top_archive_file_name" : { "type" : "keyword", "ignore_above" : 1024 }, "total_attachments" : { "type" : "long" }, "triggered_by" : { "type" : "keyword", "ignore_above" : 1024 }, "trusted_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "unique_detected_day" : { "type" : "long" }, "unique_detected_hour" : { "type" : "long" }, "unique_detected_week" : { "type" : "long" }, "update_status" : { "type" : "keyword", "ignore_above" : 1024 }, "url" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "type" : "keyword", "ignore_above" : 1024 }, "user_agent" : { "type" : "keyword", "ignore_above" : 1024 }, "user_status" : { "type" : "keyword", "ignore_above" : 1024 }, "uuid" : { "type" : "keyword", "ignore_above" : 1024 }, "vendor_list" : { "type" : "keyword", "ignore_above" : 1024 }, "verdict" : { "type" : "keyword", "ignore_above" : 1024 }, "via" : { "type" : "keyword", "ignore_above" : 1024 }, "virus_name" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_attach_action_info" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_attach_sz" : { "type" : "long" }, "voip_call_dir" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_call_id" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_call_state" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_call_term_time" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_config" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_duration" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_est_codec" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_exp" : { "type" : "long" }, "voip_from_user_type" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_log_type" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_media_codec" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_media_ipp" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_media_port" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_method" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_reason_info" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_reg_int" : { "type" : "long" }, "voip_reg_ipp" : { "type" : "long" }, "voip_reg_period" : { "type" : "long" }, "voip_reg_server" : { "type" : "ip" }, "voip_reg_user_type" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_reject_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "voip_to_user_type" : { "type" : "keyword", "ignore_above" : 1024 }, "vpn_feature_name" : { "type" : "keyword", "ignore_above" : 1024 }, "watermark" : { "type" : "keyword", "ignore_above" : 1024 }, "web_server_type" : { "type" : "keyword", "ignore_above" : 1024 }, "word_list" : { "type" : "keyword", "ignore_above" : 1024 } } }, "cisco" : { "properties" : { "asa" : { "properties" : { "connection_id" : { "type" : "keyword", "ignore_above" : 1024 }, "connection_type" : { "type" : "keyword", "ignore_above" : 1024 }, "dap_records" : { "type" : "keyword", "ignore_above" : 1024 }, "destination_interface" : { "type" : "keyword", "ignore_above" : 1024 }, "destination_username" : { "type" : "keyword", "ignore_above" : 1024 }, "icmp_code" : { "type" : "short" }, "icmp_type" : { "type" : "short" }, "mapped_destination_host" : { "type" : "keyword", "ignore_above" : 1024 }, "mapped_destination_ip" : { "type" : "ip" }, "mapped_destination_port" : { "type" : "long" }, "mapped_source_host" : { "type" : "keyword", "ignore_above" : 1024 }, "mapped_source_ip" : { "type" : "ip" }, "mapped_source_port" : { "type" : "long" }, "message_id" : { "type" : "keyword", "ignore_above" : 1024 }, "rule_name" : { "type" : "keyword", "ignore_above" : 1024 }, "source_interface" : { "type" : "keyword", "ignore_above" : 1024 }, "source_username" : { "type" : "keyword", "ignore_above" : 1024 }, "suffix" : { "type" : "keyword", "ignore_above" : 1024 }, "threat_category" : { "type" : "keyword", "ignore_above" : 1024 }, "threat_level" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ftd" : { "properties" : { "connection_id" : { "type" : "keyword", "ignore_above" : 1024 }, "connection_type" : { "type" : "keyword", "ignore_above" : 1024 }, "dap_records" : { "type" : "keyword", "ignore_above" : 1024 }, "destination_interface" : { "type" : "keyword", "ignore_above" : 1024 }, "destination_username" : { "type" : "keyword", "ignore_above" : 1024 }, "icmp_code" : { "type" : "short" }, "icmp_type" : { "type" : "short" }, "mapped_destination_host" : { "type" : "keyword", "ignore_above" : 1024 }, "mapped_destination_ip" : { "type" : "ip" }, "mapped_destination_port" : { "type" : "long" }, "mapped_source_host" : { "type" : "keyword", "ignore_above" : 1024 }, "mapped_source_ip" : { "type" : "ip" }, "mapped_source_port" : { "type" : "long" }, "message_id" : { "type" : "keyword", "ignore_above" : 1024 }, "rule_name" : { "type" : "keyword", "ignore_above" : 1024 }, "security" : { "type" : "object" }, "source_interface" : { "type" : "keyword", "ignore_above" : 1024 }, "source_username" : { "type" : "keyword", "ignore_above" : 1024 }, "suffix" : { "type" : "keyword", "ignore_above" : 1024 }, "threat_category" : { "type" : "keyword", "ignore_above" : 1024 }, "threat_level" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ios" : { "properties" : { "access_list" : { "type" : "keyword", "ignore_above" : 1024 }, "facility" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "client" : { "properties" : { "address" : { "type" : "keyword", "ignore_above" : 1024 }, "as" : { "properties" : { "number" : { "type" : "long" }, "organization" : { "properties" : { "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "bytes" : { "type" : "long" }, "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "geo" : { "properties" : { "city_name" : { "type" : "keyword", "ignore_above" : 1024 }, "continent_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "country_name" : { "type" : "keyword", "ignore_above" : 1024 }, "location" : { "type" : "geo_point" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "region_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "region_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ip" : { "type" : "ip" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "nat" : { "properties" : { "ip" : { "type" : "ip" }, "port" : { "type" : "long" } } }, "packets" : { "type" : "long" }, "port" : { "type" : "long" }, "registered_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "top_level_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "email" : { "type" : "keyword", "ignore_above" : 1024 }, "full_name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "group" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "cloud" : { "properties" : { "account" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "availability_zone" : { "type" : "keyword", "ignore_above" : 1024 }, "image" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "instance" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "machine" : { "properties" : { "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "project" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "provider" : { "type" : "keyword", "ignore_above" : 1024 }, "region" : { "type" : "keyword", "ignore_above" : 1024 } } }, "code_signature" : { "properties" : { "exists" : { "type" : "boolean" }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "subject_name" : { "type" : "keyword", "ignore_above" : 1024 }, "trusted" : { "type" : "boolean" }, "valid" : { "type" : "boolean" } } }, "container" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "image" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 }, "tag" : { "type" : "keyword", "ignore_above" : 1024 } } }, "labels" : { "type" : "object" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "runtime" : { "type" : "keyword", "ignore_above" : 1024 } } }, "coredns" : { "properties" : { "dnssec_ok" : { "type" : "boolean" }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "query" : { "properties" : { "class" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "size" : { "type" : "long" }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "response" : { "properties" : { "code" : { "type" : "keyword", "ignore_above" : 1024 }, "flags" : { "type" : "keyword", "ignore_above" : 1024 }, "size" : { "type" : "long" } } } } }, "crowdstrike" : { "properties" : { "event" : { "properties" : { "AuditKeyValues" : { "type" : "nested" }, "CommandLine" : { "type" : "keyword", "ignore_above" : 1024 }, "ComputerName" : { "type" : "keyword", "ignore_above" : 1024 }, "DetectDescription" : { "type" : "keyword", "ignore_above" : 1024 }, "DetectId" : { "type" : "keyword", "ignore_above" : 1024 }, "DetectName" : { "type" : "keyword", "ignore_above" : 1024 }, "EndTimestamp" : { "type" : "date" }, "FalconHostLink" : { "type" : "keyword", "ignore_above" : 1024 }, "FileName" : { "type" : "keyword", "ignore_above" : 1024 }, "FilePath" : { "type" : "keyword", "ignore_above" : 1024 }, "FineScore" : { "type" : "float" }, "HostnameField" : { "type" : "keyword", "ignore_above" : 1024 }, "IncidentEndTime" : { "type" : "date" }, "IncidentStartTime" : { "type" : "date" }, "LocalIP" : { "type" : "keyword", "ignore_above" : 1024 }, "MACAddress" : { "type" : "keyword", "ignore_above" : 1024 }, "MD5String" : { "type" : "keyword", "ignore_above" : 1024 }, "MachineDomain" : { "type" : "keyword", "ignore_above" : 1024 }, "Objective" : { "type" : "keyword", "ignore_above" : 1024 }, "OperationName" : { "type" : "keyword", "ignore_above" : 1024 }, "ParentProcessId" : { "type" : "long" }, "PatternDispositionDescription" : { "type" : "keyword", "ignore_above" : 1024 }, "PatternDispositionFlags" : { "type" : "object" }, "PatternDispositionValue" : { "type" : "long" }, "ProcessEndTime" : { "type" : "date" }, "ProcessId" : { "type" : "long" }, "ProcessStartTime" : { "type" : "date" }, "SHA256String" : { "type" : "keyword", "ignore_above" : 1024 }, "SensorId" : { "type" : "keyword", "ignore_above" : 1024 }, "ServiceName" : { "type" : "keyword", "ignore_above" : 1024 }, "SessionId" : { "type" : "keyword", "ignore_above" : 1024 }, "Severity" : { "type" : "long" }, "SeverityName" : { "type" : "keyword", "ignore_above" : 1024 }, "StartTimestamp" : { "type" : "date" }, "State" : { "type" : "keyword", "ignore_above" : 1024 }, "Success" : { "type" : "boolean" }, "Tactic" : { "type" : "keyword", "ignore_above" : 1024 }, "Technique" : { "type" : "keyword", "ignore_above" : 1024 }, "UTCTimestamp" : { "type" : "date" }, "UserId" : { "type" : "keyword", "ignore_above" : 1024 }, "UserIp" : { "type" : "keyword", "ignore_above" : 1024 }, "UserName" : { "type" : "keyword", "ignore_above" : 1024 } } }, "metadata" : { "properties" : { "customerIDString" : { "type" : "keyword", "ignore_above" : 1024 }, "eventCreationTime" : { "type" : "date" }, "eventType" : { "type" : "keyword", "ignore_above" : 1024 }, "offset" : { "type" : "long" }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "destination" : { "properties" : { "address" : { "type" : "keyword", "ignore_above" : 1024 }, "as" : { "properties" : { "number" : { "type" : "long" }, "organization" : { "properties" : { "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "bytes" : { "type" : "long" }, "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "geo" : { "properties" : { "city_name" : { "type" : "keyword", "ignore_above" : 1024 }, "continent_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "country_name" : { "type" : "keyword", "ignore_above" : 1024 }, "location" : { "type" : "geo_point" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "region_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "region_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ip" : { "type" : "ip" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "nat" : { "properties" : { "ip" : { "type" : "ip" }, "port" : { "type" : "long" } } }, "packets" : { "type" : "long" }, "port" : { "type" : "long" }, "registered_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "service" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "top_level_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "email" : { "type" : "keyword", "ignore_above" : 1024 }, "full_name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "group" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "dll" : { "properties" : { "code_signature" : { "properties" : { "exists" : { "type" : "boolean" }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "subject_name" : { "type" : "keyword", "ignore_above" : 1024 }, "trusted" : { "type" : "boolean" }, "valid" : { "type" : "boolean" } } }, "hash" : { "properties" : { "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 }, "sha512" : { "type" : "keyword", "ignore_above" : 1024 } } }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "pe" : { "properties" : { "company" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "keyword", "ignore_above" : 1024 }, "file_version" : { "type" : "keyword", "ignore_above" : 1024 }, "original_file_name" : { "type" : "keyword", "ignore_above" : 1024 }, "product" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "dns" : { "properties" : { "answers" : { "properties" : { "class" : { "type" : "keyword", "ignore_above" : 1024 }, "data" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "ttl" : { "type" : "long" }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "header_flags" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "op_code" : { "type" : "keyword", "ignore_above" : 1024 }, "question" : { "properties" : { "class" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "registered_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "subdomain" : { "type" : "keyword", "ignore_above" : 1024 }, "top_level_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "resolved_ip" : { "type" : "ip" }, "response_code" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "docker" : { "properties" : { "attrs" : { "type" : "object" }, "container" : { "properties" : { "labels" : { "type" : "object" } } } } }, "ecs" : { "properties" : { "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "elasticsearch" : { "properties" : { "audit" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "event_type" : { "type" : "keyword", "ignore_above" : 1024 }, "indices" : { "type" : "keyword", "ignore_above" : 1024 }, "layer" : { "type" : "keyword", "ignore_above" : 1024 }, "message" : { "type" : "text", "norms" : false }, "origin" : { "properties" : { "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "realm" : { "type" : "keyword", "ignore_above" : 1024 }, "request" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "url" : { "properties" : { "params" : { "type" : "keyword", "ignore_above" : 1024 } } }, "user" : { "properties" : { "realm" : { "type" : "keyword", "ignore_above" : 1024 }, "roles" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "cluster" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 }, "uuid" : { "type" : "keyword", "ignore_above" : 1024 } } }, "component" : { "type" : "keyword", "ignore_above" : 1024 }, "deprecation" : { "type" : "object" }, "gc" : { "properties" : { "heap" : { "properties" : { "size_kb" : { "type" : "long" }, "used_kb" : { "type" : "long" } } }, "jvm_runtime_sec" : { "type" : "float" }, "old_gen" : { "properties" : { "size_kb" : { "type" : "long" }, "used_kb" : { "type" : "long" } } }, "phase" : { "properties" : { "class_unload_time_sec" : { "type" : "float" }, "cpu_time" : { "properties" : { "real_sec" : { "type" : "float" }, "sys_sec" : { "type" : "float" }, "user_sec" : { "type" : "float" } } }, "duration_sec" : { "type" : "float" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "parallel_rescan_time_sec" : { "type" : "float" }, "scrub_string_table_time_sec" : { "type" : "float" }, "scrub_symbol_table_time_sec" : { "type" : "float" }, "weak_refs_processing_time_sec" : { "type" : "float" } } }, "stopping_threads_time_sec" : { "type" : "float" }, "tags" : { "type" : "keyword", "ignore_above" : 1024 }, "threads_total_stop_time_sec" : { "type" : "float" }, "young_gen" : { "properties" : { "size_kb" : { "type" : "long" }, "used_kb" : { "type" : "long" } } } } }, "index" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "node" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "server" : { "properties" : { "gc" : { "properties" : { "collection_duration" : { "properties" : { "ms" : { "type" : "float" } } }, "observation_duration" : { "properties" : { "ms" : { "type" : "float" } } }, "overhead_seq" : { "type" : "long" }, "young" : { "properties" : { "one" : { "type" : "long" }, "two" : { "type" : "long" } } } } }, "stacktrace" : { "type" : "keyword", "index" : false, "ignore_above" : 1024 } } }, "shard" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "slowlog" : { "properties" : { "extra_source" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "logger" : { "type" : "keyword", "ignore_above" : 1024 }, "routing" : { "type" : "keyword", "ignore_above" : 1024 }, "search_type" : { "type" : "keyword", "ignore_above" : 1024 }, "source" : { "type" : "keyword", "ignore_above" : 1024 }, "source_query" : { "type" : "keyword", "ignore_above" : 1024 }, "stats" : { "type" : "keyword", "ignore_above" : 1024 }, "took" : { "type" : "keyword", "ignore_above" : 1024 }, "total_hits" : { "type" : "keyword", "ignore_above" : 1024 }, "total_shards" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "types" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "envoyproxy" : { "properties" : { "authority" : { "type" : "keyword", "ignore_above" : 1024 }, "log_type" : { "type" : "keyword", "ignore_above" : 1024 }, "proxy_type" : { "type" : "keyword", "ignore_above" : 1024 }, "request_id" : { "type" : "keyword", "ignore_above" : 1024 }, "response_flags" : { "type" : "keyword", "ignore_above" : 1024 }, "upstream_service_time" : { "type" : "long" } } }, "error" : { "properties" : { "code" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "message" : { "type" : "text", "norms" : false }, "stack_trace" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "event" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "category" : { "type" : "keyword", "ignore_above" : 1024 }, "code" : { "type" : "keyword", "ignore_above" : 1024 }, "created" : { "type" : "date" }, "dataset" : { "type" : "keyword", "ignore_above" : 1024 }, "duration" : { "type" : "long" }, "end" : { "type" : "date" }, "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "ingested" : { "type" : "date" }, "kind" : { "type" : "keyword", "ignore_above" : 1024 }, "module" : { "type" : "keyword", "ignore_above" : 1024 }, "original" : { "type" : "keyword", "ignore_above" : 1024 }, "outcome" : { "type" : "keyword", "ignore_above" : 1024 }, "provider" : { "type" : "keyword", "ignore_above" : 1024 }, "reference" : { "type" : "keyword", "ignore_above" : 1024 }, "risk_score" : { "type" : "float" }, "risk_score_norm" : { "type" : "float" }, "sequence" : { "type" : "long" }, "severity" : { "type" : "long" }, "start" : { "type" : "date" }, "timezone" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "url" : { "type" : "keyword", "ignore_above" : 1024 } } }, "fields" : { "type" : "object" }, "file" : { "properties" : { "accessed" : { "type" : "date" }, "attributes" : { "type" : "keyword", "ignore_above" : 1024 }, "code_signature" : { "properties" : { "exists" : { "type" : "boolean" }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "subject_name" : { "type" : "keyword", "ignore_above" : 1024 }, "trusted" : { "type" : "boolean" }, "valid" : { "type" : "boolean" } } }, "created" : { "type" : "date" }, "ctime" : { "type" : "date" }, "device" : { "type" : "keyword", "ignore_above" : 1024 }, "directory" : { "type" : "keyword", "ignore_above" : 1024 }, "drive_letter" : { "type" : "keyword", "ignore_above" : 1 }, "extension" : { "type" : "keyword", "ignore_above" : 1024 }, "gid" : { "type" : "keyword", "ignore_above" : 1024 }, "group" : { "type" : "keyword", "ignore_above" : 1024 }, "hash" : { "properties" : { "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 }, "sha512" : { "type" : "keyword", "ignore_above" : 1024 } } }, "inode" : { "type" : "keyword", "ignore_above" : 1024 }, "mime_type" : { "type" : "keyword", "ignore_above" : 1024 }, "mode" : { "type" : "keyword", "ignore_above" : 1024 }, "mtime" : { "type" : "date" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "owner" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "pe" : { "properties" : { "company" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "keyword", "ignore_above" : 1024 }, "file_version" : { "type" : "keyword", "ignore_above" : 1024 }, "original_file_name" : { "type" : "keyword", "ignore_above" : 1024 }, "product" : { "type" : "keyword", "ignore_above" : 1024 } } }, "size" : { "type" : "long" }, "target_path" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "uid" : { "type" : "keyword", "ignore_above" : 1024 } } }, "fileset" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "forcepoint" : { "properties" : { "virus_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "fortinet" : { "properties" : { "file" : { "properties" : { "hash" : { "properties" : { "crc32" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "firewall" : { "properties" : { "acct_stat" : { "type" : "keyword", "ignore_above" : 1024 }, "acktime" : { "type" : "keyword", "ignore_above" : 1024 }, "act" : { "type" : "keyword", "ignore_above" : 1024 }, "action" : { "type" : "keyword", "ignore_above" : 1024 }, "activity" : { "type" : "keyword", "ignore_above" : 1024 }, "addr" : { "type" : "ip" }, "addr_type" : { "type" : "keyword", "ignore_above" : 1024 }, "addrgrp" : { "type" : "keyword", "ignore_above" : 1024 }, "adgroup" : { "type" : "keyword", "ignore_above" : 1024 }, "admin" : { "type" : "keyword", "ignore_above" : 1024 }, "age" : { "type" : "long" }, "agent" : { "type" : "keyword", "ignore_above" : 1024 }, "alarmid" : { "type" : "long" }, "alert" : { "type" : "keyword", "ignore_above" : 1024 }, "analyticscksum" : { "type" : "keyword", "ignore_above" : 1024 }, "analyticssubmit" : { "type" : "keyword", "ignore_above" : 1024 }, "ap" : { "type" : "keyword", "ignore_above" : 1024 }, "app-type" : { "type" : "keyword", "ignore_above" : 1024 }, "appact" : { "type" : "keyword", "ignore_above" : 1024 }, "appid" : { "type" : "long" }, "applist" : { "type" : "keyword", "ignore_above" : 1024 }, "apprisk" : { "type" : "keyword", "ignore_above" : 1024 }, "apscan" : { "type" : "keyword", "ignore_above" : 1024 }, "apsn" : { "type" : "keyword", "ignore_above" : 1024 }, "apstatus" : { "type" : "keyword", "ignore_above" : 1024 }, "aptype" : { "type" : "keyword", "ignore_above" : 1024 }, "assigned" : { "type" : "ip" }, "assignip" : { "type" : "ip" }, "attachment" : { "type" : "keyword", "ignore_above" : 1024 }, "attack" : { "type" : "keyword", "ignore_above" : 1024 }, "attackcontext" : { "type" : "keyword", "ignore_above" : 1024 }, "attackcontextid" : { "type" : "keyword", "ignore_above" : 1024 }, "attackid" : { "type" : "long" }, "auditid" : { "type" : "long" }, "auditscore" : { "type" : "keyword", "ignore_above" : 1024 }, "audittime" : { "type" : "long" }, "authgrp" : { "type" : "keyword", "ignore_above" : 1024 }, "authid" : { "type" : "keyword", "ignore_above" : 1024 }, "authproto" : { "type" : "keyword", "ignore_above" : 1024 }, "authserver" : { "type" : "keyword", "ignore_above" : 1024 }, "bandwidth" : { "type" : "keyword", "ignore_above" : 1024 }, "banned_rule" : { "type" : "keyword", "ignore_above" : 1024 }, "banned_src" : { "type" : "keyword", "ignore_above" : 1024 }, "banword" : { "type" : "keyword", "ignore_above" : 1024 }, "botnetdomain" : { "type" : "keyword", "ignore_above" : 1024 }, "botnetip" : { "type" : "ip" }, "bssid" : { "type" : "keyword", "ignore_above" : 1024 }, "call_id" : { "type" : "keyword", "ignore_above" : 1024 }, "carrier_ep" : { "type" : "keyword", "ignore_above" : 1024 }, "cat" : { "type" : "long" }, "category" : { "type" : "keyword", "ignore_above" : 1024 }, "cc" : { "type" : "keyword", "ignore_above" : 1024 }, "cdrcontent" : { "type" : "keyword", "ignore_above" : 1024 }, "centralnatid" : { "type" : "long" }, "cert" : { "type" : "keyword", "ignore_above" : 1024 }, "cert-type" : { "type" : "keyword", "ignore_above" : 1024 }, "certhash" : { "type" : "keyword", "ignore_above" : 1024 }, "cfgattr" : { "type" : "keyword", "ignore_above" : 1024 }, "cfgobj" : { "type" : "keyword", "ignore_above" : 1024 }, "cfgpath" : { "type" : "keyword", "ignore_above" : 1024 }, "cfgtid" : { "type" : "keyword", "ignore_above" : 1024 }, "cfgtxpower" : { "type" : "long" }, "channel" : { "type" : "long" }, "channeltype" : { "type" : "keyword", "ignore_above" : 1024 }, "chassisid" : { "type" : "long" }, "checksum" : { "type" : "keyword", "ignore_above" : 1024 }, "chgheaders" : { "type" : "keyword", "ignore_above" : 1024 }, "cldobjid" : { "type" : "keyword", "ignore_above" : 1024 }, "client_addr" : { "type" : "keyword", "ignore_above" : 1024 }, "cloudaction" : { "type" : "keyword", "ignore_above" : 1024 }, "clouduser" : { "type" : "keyword", "ignore_above" : 1024 }, "column" : { "type" : "long" }, "command" : { "type" : "keyword", "ignore_above" : 1024 }, "community" : { "type" : "keyword", "ignore_above" : 1024 }, "configcountry" : { "type" : "keyword", "ignore_above" : 1024 }, "connection_type" : { "type" : "keyword", "ignore_above" : 1024 }, "conserve" : { "type" : "keyword", "ignore_above" : 1024 }, "constraint" : { "type" : "keyword", "ignore_above" : 1024 }, "contentdisarmed" : { "type" : "keyword", "ignore_above" : 1024 }, "contenttype" : { "type" : "keyword", "ignore_above" : 1024 }, "cookies" : { "type" : "keyword", "ignore_above" : 1024 }, "count" : { "type" : "long" }, "countapp" : { "type" : "long" }, "countav" : { "type" : "long" }, "countcifs" : { "type" : "long" }, "countdlp" : { "type" : "long" }, "countdns" : { "type" : "long" }, "countemail" : { "type" : "long" }, "countff" : { "type" : "long" }, "countips" : { "type" : "long" }, "countssh" : { "type" : "long" }, "countssl" : { "type" : "long" }, "countwaf" : { "type" : "long" }, "countweb" : { "type" : "long" }, "cpu" : { "type" : "long" }, "craction" : { "type" : "long" }, "criticalcount" : { "type" : "long" }, "crl" : { "type" : "keyword", "ignore_above" : 1024 }, "crlevel" : { "type" : "keyword", "ignore_above" : 1024 }, "crscore" : { "type" : "long" }, "cveid" : { "type" : "keyword", "ignore_above" : 1024 }, "daemon" : { "type" : "keyword", "ignore_above" : 1024 }, "datarange" : { "type" : "keyword", "ignore_above" : 1024 }, "date" : { "type" : "keyword", "ignore_above" : 1024 }, "ddnsserver" : { "type" : "ip" }, "desc" : { "type" : "keyword", "ignore_above" : 1024 }, "detectionmethod" : { "type" : "keyword", "ignore_above" : 1024 }, "devcategory" : { "type" : "keyword", "ignore_above" : 1024 }, "devintfname" : { "type" : "keyword", "ignore_above" : 1024 }, "devtype" : { "type" : "keyword", "ignore_above" : 1024 }, "dhcp_msg" : { "type" : "keyword", "ignore_above" : 1024 }, "dintf" : { "type" : "keyword", "ignore_above" : 1024 }, "disk" : { "type" : "keyword", "ignore_above" : 1024 }, "disklograte" : { "type" : "long" }, "dlpextra" : { "type" : "keyword", "ignore_above" : 1024 }, "docsource" : { "type" : "keyword", "ignore_above" : 1024 }, "domainctrlauthstate" : { "type" : "long" }, "domainctrlauthtype" : { "type" : "long" }, "domainctrldomain" : { "type" : "keyword", "ignore_above" : 1024 }, "domainctrlip" : { "type" : "ip" }, "domainctrlname" : { "type" : "keyword", "ignore_above" : 1024 }, "domainctrlprotocoltype" : { "type" : "long" }, "domainctrlusername" : { "type" : "keyword", "ignore_above" : 1024 }, "domainfilteridx" : { "type" : "long" }, "domainfilterlist" : { "type" : "keyword", "ignore_above" : 1024 }, "ds" : { "type" : "keyword", "ignore_above" : 1024 }, "dst_int" : { "type" : "keyword", "ignore_above" : 1024 }, "dstcountry" : { "type" : "keyword", "ignore_above" : 1024 }, "dstdevcategory" : { "type" : "keyword", "ignore_above" : 1024 }, "dstdevtype" : { "type" : "keyword", "ignore_above" : 1024 }, "dstfamily" : { "type" : "keyword", "ignore_above" : 1024 }, "dsthwvendor" : { "type" : "keyword", "ignore_above" : 1024 }, "dsthwversion" : { "type" : "keyword", "ignore_above" : 1024 }, "dstinetsvc" : { "type" : "keyword", "ignore_above" : 1024 }, "dstintfrole" : { "type" : "keyword", "ignore_above" : 1024 }, "dstosname" : { "type" : "keyword", "ignore_above" : 1024 }, "dstosversion" : { "type" : "keyword", "ignore_above" : 1024 }, "dstserver" : { "type" : "long" }, "dstssid" : { "type" : "keyword", "ignore_above" : 1024 }, "dstswversion" : { "type" : "keyword", "ignore_above" : 1024 }, "dstunauthusersource" : { "type" : "keyword", "ignore_above" : 1024 }, "dstuuid" : { "type" : "keyword", "ignore_above" : 1024 }, "duid" : { "type" : "keyword", "ignore_above" : 1024 }, "eapolcnt" : { "type" : "long" }, "eapoltype" : { "type" : "keyword", "ignore_above" : 1024 }, "encrypt" : { "type" : "long" }, "encryption" : { "type" : "keyword", "ignore_above" : 1024 }, "epoch" : { "type" : "long" }, "espauth" : { "type" : "keyword", "ignore_above" : 1024 }, "esptransform" : { "type" : "keyword", "ignore_above" : 1024 }, "exch" : { "type" : "keyword", "ignore_above" : 1024 }, "exchange" : { "type" : "keyword", "ignore_above" : 1024 }, "expectedsignature" : { "type" : "keyword", "ignore_above" : 1024 }, "expiry" : { "type" : "keyword", "ignore_above" : 1024 }, "fams_pause" : { "type" : "long" }, "fazlograte" : { "type" : "long" }, "fctemssn" : { "type" : "keyword", "ignore_above" : 1024 }, "fctuid" : { "type" : "keyword", "ignore_above" : 1024 }, "field" : { "type" : "keyword", "ignore_above" : 1024 }, "filefilter" : { "type" : "keyword", "ignore_above" : 1024 }, "filehashsrc" : { "type" : "keyword", "ignore_above" : 1024 }, "filtercat" : { "type" : "keyword", "ignore_above" : 1024 }, "filteridx" : { "type" : "long" }, "filtername" : { "type" : "keyword", "ignore_above" : 1024 }, "filtertype" : { "type" : "keyword", "ignore_above" : 1024 }, "fortiguardresp" : { "type" : "keyword", "ignore_above" : 1024 }, "forwardedfor" : { "type" : "keyword", "ignore_above" : 1024 }, "fqdn" : { "type" : "keyword", "ignore_above" : 1024 }, "frametype" : { "type" : "keyword", "ignore_above" : 1024 }, "freediskstorage" : { "type" : "long" }, "from" : { "type" : "keyword", "ignore_above" : 1024 }, "from_vcluster" : { "type" : "long" }, "fsaverdict" : { "type" : "keyword", "ignore_above" : 1024 }, "fwserver_name" : { "type" : "keyword", "ignore_above" : 1024 }, "gateway" : { "type" : "ip" }, "green" : { "type" : "keyword", "ignore_above" : 1024 }, "groupid" : { "type" : "long" }, "ha-prio" : { "type" : "long" }, "ha_group" : { "type" : "keyword", "ignore_above" : 1024 }, "ha_role" : { "type" : "keyword", "ignore_above" : 1024 }, "handshake" : { "type" : "keyword", "ignore_above" : 1024 }, "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "hbdn_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "highcount" : { "type" : "long" }, "host" : { "type" : "keyword", "ignore_above" : 1024 }, "iaid" : { "type" : "keyword", "ignore_above" : 1024 }, "icmpcode" : { "type" : "keyword", "ignore_above" : 1024 }, "icmpid" : { "type" : "keyword", "ignore_above" : 1024 }, "icmptype" : { "type" : "keyword", "ignore_above" : 1024 }, "identifier" : { "type" : "long" }, "in_spi" : { "type" : "keyword", "ignore_above" : 1024 }, "incidentserialno" : { "type" : "long" }, "infected" : { "type" : "long" }, "infectedfilelevel" : { "type" : "long" }, "informationsource" : { "type" : "keyword", "ignore_above" : 1024 }, "init" : { "type" : "keyword", "ignore_above" : 1024 }, "initiator" : { "type" : "keyword", "ignore_above" : 1024 }, "interface" : { "type" : "keyword", "ignore_above" : 1024 }, "intf" : { "type" : "keyword", "ignore_above" : 1024 }, "invalidmac" : { "type" : "keyword", "ignore_above" : 1024 }, "ip" : { "type" : "ip" }, "iptype" : { "type" : "keyword", "ignore_above" : 1024 }, "keyword" : { "type" : "keyword", "ignore_above" : 1024 }, "kind" : { "type" : "keyword", "ignore_above" : 1024 }, "lanin" : { "type" : "long" }, "lanout" : { "type" : "long" }, "lease" : { "type" : "long" }, "license_limit" : { "type" : "keyword", "ignore_above" : 1024 }, "limit" : { "type" : "long" }, "line" : { "type" : "keyword", "ignore_above" : 1024 }, "live" : { "type" : "long" }, "local" : { "type" : "ip" }, "log" : { "type" : "keyword", "ignore_above" : 1024 }, "login" : { "type" : "keyword", "ignore_above" : 1024 }, "lowcount" : { "type" : "long" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "malform_data" : { "type" : "long" }, "malform_desc" : { "type" : "keyword", "ignore_above" : 1024 }, "manuf" : { "type" : "keyword", "ignore_above" : 1024 }, "masterdstmac" : { "type" : "keyword", "ignore_above" : 1024 }, "mastersrcmac" : { "type" : "keyword", "ignore_above" : 1024 }, "mediumcount" : { "type" : "long" }, "mem" : { "type" : "keyword", "ignore_above" : 1024 }, "meshmode" : { "type" : "keyword", "ignore_above" : 1024 }, "message_type" : { "type" : "keyword", "ignore_above" : 1024 }, "method" : { "type" : "keyword", "ignore_above" : 1024 }, "mgmtcnt" : { "type" : "long" }, "mode" : { "type" : "keyword", "ignore_above" : 1024 }, "module" : { "type" : "keyword", "ignore_above" : 1024 }, "monitor-name" : { "type" : "keyword", "ignore_above" : 1024 }, "monitor-type" : { "type" : "keyword", "ignore_above" : 1024 }, "mpsk" : { "type" : "keyword", "ignore_above" : 1024 }, "msgproto" : { "type" : "keyword", "ignore_above" : 1024 }, "mtu" : { "type" : "long" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "nat" : { "type" : "keyword", "ignore_above" : 1024 }, "netid" : { "type" : "keyword", "ignore_above" : 1024 }, "new_status" : { "type" : "keyword", "ignore_above" : 1024 }, "new_value" : { "type" : "keyword", "ignore_above" : 1024 }, "newchannel" : { "type" : "long" }, "newchassisid" : { "type" : "long" }, "newslot" : { "type" : "long" }, "nextstat" : { "type" : "long" }, "nf_type" : { "type" : "keyword", "ignore_above" : 1024 }, "noise" : { "type" : "long" }, "old_status" : { "type" : "keyword", "ignore_above" : 1024 }, "old_value" : { "type" : "keyword", "ignore_above" : 1024 }, "oldchannel" : { "type" : "long" }, "oldchassisid" : { "type" : "long" }, "oldslot" : { "type" : "long" }, "oldsn" : { "type" : "keyword", "ignore_above" : 1024 }, "oldwprof" : { "type" : "keyword", "ignore_above" : 1024 }, "onwire" : { "type" : "keyword", "ignore_above" : 1024 }, "opercountry" : { "type" : "keyword", "ignore_above" : 1024 }, "opertxpower" : { "type" : "long" }, "osname" : { "type" : "keyword", "ignore_above" : 1024 }, "osversion" : { "type" : "keyword", "ignore_above" : 1024 }, "out_spi" : { "type" : "keyword", "ignore_above" : 1024 }, "outintf" : { "type" : "keyword", "ignore_above" : 1024 }, "passedcount" : { "type" : "long" }, "passwd" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "peer" : { "type" : "keyword", "ignore_above" : 1024 }, "peer_notif" : { "type" : "keyword", "ignore_above" : 1024 }, "phase2_name" : { "type" : "keyword", "ignore_above" : 1024 }, "phone" : { "type" : "keyword", "ignore_above" : 1024 }, "pid" : { "type" : "long" }, "policytype" : { "type" : "keyword", "ignore_above" : 1024 }, "poolname" : { "type" : "keyword", "ignore_above" : 1024 }, "port" : { "type" : "long" }, "portbegin" : { "type" : "long" }, "portend" : { "type" : "long" }, "probeproto" : { "type" : "keyword", "ignore_above" : 1024 }, "process" : { "type" : "keyword", "ignore_above" : 1024 }, "processtime" : { "type" : "long" }, "profile" : { "type" : "keyword", "ignore_above" : 1024 }, "profile_vd" : { "type" : "keyword", "ignore_above" : 1024 }, "profilegroup" : { "type" : "keyword", "ignore_above" : 1024 }, "profiletype" : { "type" : "keyword", "ignore_above" : 1024 }, "qtypeval" : { "type" : "long" }, "quarskip" : { "type" : "keyword", "ignore_above" : 1024 }, "quotaexceeded" : { "type" : "keyword", "ignore_above" : 1024 }, "quotamax" : { "type" : "long" }, "quotatype" : { "type" : "keyword", "ignore_above" : 1024 }, "quotaused" : { "type" : "long" }, "radioband" : { "type" : "keyword", "ignore_above" : 1024 }, "radioid" : { "type" : "long" }, "radioidclosest" : { "type" : "long" }, "radioiddetected" : { "type" : "long" }, "rate" : { "type" : "keyword", "ignore_above" : 1024 }, "rawdata" : { "type" : "keyword", "ignore_above" : 1024 }, "rawdataid" : { "type" : "keyword", "ignore_above" : 1024 }, "rcvddelta" : { "type" : "keyword", "ignore_above" : 1024 }, "reason" : { "type" : "keyword", "ignore_above" : 1024 }, "received" : { "type" : "long" }, "receivedsignature" : { "type" : "keyword", "ignore_above" : 1024 }, "red" : { "type" : "keyword", "ignore_above" : 1024 }, "referralurl" : { "type" : "keyword", "ignore_above" : 1024 }, "remote" : { "type" : "ip" }, "remotewtptime" : { "type" : "keyword", "ignore_above" : 1024 }, "reporttype" : { "type" : "keyword", "ignore_above" : 1024 }, "reqtype" : { "type" : "keyword", "ignore_above" : 1024 }, "request_name" : { "type" : "keyword", "ignore_above" : 1024 }, "result" : { "type" : "keyword", "ignore_above" : 1024 }, "role" : { "type" : "keyword", "ignore_above" : 1024 }, "rssi" : { "type" : "long" }, "rsso_key" : { "type" : "keyword", "ignore_above" : 1024 }, "ruledata" : { "type" : "keyword", "ignore_above" : 1024 }, "ruletype" : { "type" : "keyword", "ignore_above" : 1024 }, "scanned" : { "type" : "long" }, "scantime" : { "type" : "long" }, "scope" : { "type" : "keyword", "ignore_above" : 1024 }, "security" : { "type" : "keyword", "ignore_above" : 1024 }, "sensitivity" : { "type" : "keyword", "ignore_above" : 1024 }, "sensor" : { "type" : "keyword", "ignore_above" : 1024 }, "sentdelta" : { "type" : "keyword", "ignore_above" : 1024 }, "seq" : { "type" : "keyword", "ignore_above" : 1024 }, "serial" : { "type" : "keyword", "ignore_above" : 1024 }, "serialno" : { "type" : "keyword", "ignore_above" : 1024 }, "server" : { "type" : "keyword", "ignore_above" : 1024 }, "session_id" : { "type" : "keyword", "ignore_above" : 1024 }, "sessionid" : { "type" : "long" }, "setuprate" : { "type" : "long" }, "severity" : { "type" : "keyword", "ignore_above" : 1024 }, "shaperdroprcvdbyte" : { "type" : "long" }, "shaperdropsentbyte" : { "type" : "long" }, "shaperperipdropbyte" : { "type" : "long" }, "shaperperipname" : { "type" : "keyword", "ignore_above" : 1024 }, "shaperrcvdname" : { "type" : "keyword", "ignore_above" : 1024 }, "shapersentname" : { "type" : "keyword", "ignore_above" : 1024 }, "shapingpolicyid" : { "type" : "long" }, "signal" : { "type" : "long" }, "size" : { "type" : "long" }, "slot" : { "type" : "long" }, "sn" : { "type" : "keyword", "ignore_above" : 1024 }, "snclosest" : { "type" : "keyword", "ignore_above" : 1024 }, "sndetected" : { "type" : "keyword", "ignore_above" : 1024 }, "snmeshparent" : { "type" : "keyword", "ignore_above" : 1024 }, "spi" : { "type" : "keyword", "ignore_above" : 1024 }, "src_int" : { "type" : "keyword", "ignore_above" : 1024 }, "srccountry" : { "type" : "keyword", "ignore_above" : 1024 }, "srcfamily" : { "type" : "keyword", "ignore_above" : 1024 }, "srchwvendor" : { "type" : "keyword", "ignore_above" : 1024 }, "srchwversion" : { "type" : "keyword", "ignore_above" : 1024 }, "srcinetsvc" : { "type" : "keyword", "ignore_above" : 1024 }, "srcintfrole" : { "type" : "keyword", "ignore_above" : 1024 }, "srcname" : { "type" : "keyword", "ignore_above" : 1024 }, "srcserver" : { "type" : "long" }, "srcssid" : { "type" : "keyword", "ignore_above" : 1024 }, "srcswversion" : { "type" : "keyword", "ignore_above" : 1024 }, "srcuuid" : { "type" : "keyword", "ignore_above" : 1024 }, "sscname" : { "type" : "keyword", "ignore_above" : 1024 }, "ssid" : { "type" : "keyword", "ignore_above" : 1024 }, "sslaction" : { "type" : "keyword", "ignore_above" : 1024 }, "ssllocal" : { "type" : "keyword", "ignore_above" : 1024 }, "sslremote" : { "type" : "keyword", "ignore_above" : 1024 }, "stacount" : { "type" : "long" }, "stage" : { "type" : "keyword", "ignore_above" : 1024 }, "stamac" : { "type" : "keyword", "ignore_above" : 1024 }, "state" : { "type" : "keyword", "ignore_above" : 1024 }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "stitch" : { "type" : "keyword", "ignore_above" : 1024 }, "subject" : { "type" : "keyword", "ignore_above" : 1024 }, "submodule" : { "type" : "keyword", "ignore_above" : 1024 }, "subservice" : { "type" : "keyword", "ignore_above" : 1024 }, "subtype" : { "type" : "keyword", "ignore_above" : 1024 }, "suspicious" : { "type" : "long" }, "switchproto" : { "type" : "keyword", "ignore_above" : 1024 }, "sync_status" : { "type" : "keyword", "ignore_above" : 1024 }, "sync_type" : { "type" : "keyword", "ignore_above" : 1024 }, "sysuptime" : { "type" : "keyword", "ignore_above" : 1024 }, "tamac" : { "type" : "keyword", "ignore_above" : 1024 }, "threattype" : { "type" : "keyword", "ignore_above" : 1024 }, "time" : { "type" : "keyword", "ignore_above" : 1024 }, "to" : { "type" : "keyword", "ignore_above" : 1024 }, "to_vcluster" : { "type" : "long" }, "total" : { "type" : "long" }, "totalsession" : { "type" : "long" }, "trace_id" : { "type" : "keyword", "ignore_above" : 1024 }, "trandisp" : { "type" : "keyword", "ignore_above" : 1024 }, "transid" : { "type" : "long" }, "translationid" : { "type" : "keyword", "ignore_above" : 1024 }, "trigger" : { "type" : "keyword", "ignore_above" : 1024 }, "trueclntip" : { "type" : "ip" }, "tunnelid" : { "type" : "long" }, "tunnelip" : { "type" : "ip" }, "tunneltype" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "ui" : { "type" : "keyword", "ignore_above" : 1024 }, "unauthusersource" : { "type" : "keyword", "ignore_above" : 1024 }, "unit" : { "type" : "long" }, "urlfilteridx" : { "type" : "long" }, "urlfilterlist" : { "type" : "keyword", "ignore_above" : 1024 }, "urlsource" : { "type" : "keyword", "ignore_above" : 1024 }, "urltype" : { "type" : "keyword", "ignore_above" : 1024 }, "used" : { "type" : "long" }, "used_for_type" : { "type" : "long" }, "utmaction" : { "type" : "keyword", "ignore_above" : 1024 }, "vap" : { "type" : "keyword", "ignore_above" : 1024 }, "vapmode" : { "type" : "keyword", "ignore_above" : 1024 }, "vcluster" : { "type" : "long" }, "vcluster_member" : { "type" : "long" }, "vcluster_state" : { "type" : "keyword", "ignore_above" : 1024 }, "vd" : { "type" : "keyword", "ignore_above" : 1024 }, "vdname" : { "type" : "keyword", "ignore_above" : 1024 }, "vendorurl" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 }, "vip" : { "type" : "keyword", "ignore_above" : 1024 }, "virus" : { "type" : "keyword", "ignore_above" : 1024 }, "virusid" : { "type" : "long" }, "voip_proto" : { "type" : "keyword", "ignore_above" : 1024 }, "vpn" : { "type" : "keyword", "ignore_above" : 1024 }, "vpntunnel" : { "type" : "keyword", "ignore_above" : 1024 }, "vpntype" : { "type" : "keyword", "ignore_above" : 1024 }, "vrf" : { "type" : "long" }, "vulncat" : { "type" : "keyword", "ignore_above" : 1024 }, "vulnid" : { "type" : "long" }, "vulnname" : { "type" : "keyword", "ignore_above" : 1024 }, "vwlid" : { "type" : "long" }, "vwlquality" : { "type" : "keyword", "ignore_above" : 1024 }, "vwlservice" : { "type" : "keyword", "ignore_above" : 1024 }, "vwpvlanid" : { "type" : "long" }, "wanin" : { "type" : "long" }, "wanoptapptype" : { "type" : "keyword", "ignore_above" : 1024 }, "wanout" : { "type" : "long" }, "weakwepiv" : { "type" : "keyword", "ignore_above" : 1024 }, "xauthgroup" : { "type" : "keyword", "ignore_above" : 1024 }, "xauthuser" : { "type" : "keyword", "ignore_above" : 1024 }, "xid" : { "type" : "long" } } } } }, "geo" : { "properties" : { "city_name" : { "type" : "keyword", "ignore_above" : 1024 }, "continent_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "country_name" : { "type" : "keyword", "ignore_above" : 1024 }, "location" : { "type" : "geo_point" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "region_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "region_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "googlecloud" : { "properties" : { "audit" : { "properties" : { "authentication_info" : { "properties" : { "authority_selector" : { "type" : "keyword", "ignore_above" : 1024 }, "principal_email" : { "type" : "keyword", "ignore_above" : 1024 } } }, "method_name" : { "type" : "keyword", "ignore_above" : 1024 }, "num_response_items" : { "type" : "long" }, "request" : { "properties" : { "filter" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "proto_name" : { "type" : "keyword", "ignore_above" : 1024 }, "resource_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "request_metadata" : { "properties" : { "caller_ip" : { "type" : "ip" }, "caller_supplied_user_agent" : { "type" : "keyword", "ignore_above" : 1024 } } }, "resource_location" : { "properties" : { "current_locations" : { "type" : "keyword", "ignore_above" : 1024 } } }, "resource_name" : { "type" : "keyword", "ignore_above" : 1024 }, "response" : { "properties" : { "details" : { "properties" : { "group" : { "type" : "keyword", "ignore_above" : 1024 }, "kind" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "uid" : { "type" : "keyword", "ignore_above" : 1024 } } }, "proto_name" : { "type" : "keyword", "ignore_above" : 1024 }, "status" : { "type" : "keyword", "ignore_above" : 1024 } } }, "service_name" : { "type" : "keyword", "ignore_above" : 1024 }, "status" : { "properties" : { "code" : { "type" : "long" }, "message" : { "type" : "keyword", "ignore_above" : 1024 } } }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "destination" : { "properties" : { "instance" : { "properties" : { "project_id" : { "type" : "keyword", "ignore_above" : 1024 }, "region" : { "type" : "keyword", "ignore_above" : 1024 }, "zone" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vpc" : { "properties" : { "project_id" : { "type" : "keyword", "ignore_above" : 1024 }, "subnetwork_name" : { "type" : "keyword", "ignore_above" : 1024 }, "vpc_name" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "firewall" : { "properties" : { "rule_details" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "destination_range" : { "type" : "keyword", "ignore_above" : 1024 }, "direction" : { "type" : "keyword", "ignore_above" : 1024 }, "priority" : { "type" : "long" }, "reference" : { "type" : "keyword", "ignore_above" : 1024 }, "source_range" : { "type" : "keyword", "ignore_above" : 1024 }, "source_service_account" : { "type" : "keyword", "ignore_above" : 1024 }, "source_tag" : { "type" : "keyword", "ignore_above" : 1024 }, "target_service_account" : { "type" : "keyword", "ignore_above" : 1024 }, "target_tag" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "source" : { "properties" : { "instance" : { "properties" : { "project_id" : { "type" : "keyword", "ignore_above" : 1024 }, "region" : { "type" : "keyword", "ignore_above" : 1024 }, "zone" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vpc" : { "properties" : { "project_id" : { "type" : "keyword", "ignore_above" : 1024 }, "subnetwork_name" : { "type" : "keyword", "ignore_above" : 1024 }, "vpc_name" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "vpcflow" : { "properties" : { "reporter" : { "type" : "keyword", "ignore_above" : 1024 }, "rtt" : { "properties" : { "ms" : { "type" : "long" } } } } } } }, "group" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "haproxy" : { "properties" : { "backend_name" : { "type" : "keyword", "ignore_above" : 1024 }, "backend_queue" : { "type" : "long" }, "bind_name" : { "type" : "keyword", "ignore_above" : 1024 }, "bytes_read" : { "type" : "long" }, "client" : { "type" : "object" }, "connection_wait_time_ms" : { "type" : "long" }, "connections" : { "properties" : { "active" : { "type" : "long" }, "backend" : { "type" : "long" }, "frontend" : { "type" : "long" }, "retries" : { "type" : "long" }, "server" : { "type" : "long" } } }, "destination" : { "type" : "object" }, "error_message" : { "type" : "text", "norms" : false }, "frontend_name" : { "type" : "keyword", "ignore_above" : 1024 }, "geoip" : { "type" : "object" }, "http" : { "properties" : { "request" : { "properties" : { "captured_cookie" : { "type" : "keyword", "ignore_above" : 1024 }, "captured_headers" : { "type" : "keyword", "ignore_above" : 1024 }, "raw_request_line" : { "type" : "keyword", "ignore_above" : 1024 }, "time_wait_ms" : { "type" : "long" }, "time_wait_without_data_ms" : { "type" : "long" } } }, "response" : { "properties" : { "captured_cookie" : { "type" : "keyword", "ignore_above" : 1024 }, "captured_headers" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "mode" : { "type" : "keyword", "ignore_above" : 1024 }, "server_name" : { "type" : "keyword", "ignore_above" : 1024 }, "server_queue" : { "type" : "long" }, "source" : { "type" : "keyword", "ignore_above" : 1024 }, "tcp" : { "properties" : { "connection_waiting_time_ms" : { "type" : "long" } } }, "termination_state" : { "type" : "keyword", "ignore_above" : 1024 }, "time_backend_connect" : { "type" : "long" }, "time_queue" : { "type" : "long" }, "total_waiting_time_ms" : { "type" : "long" } } }, "hash" : { "properties" : { "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 }, "sha512" : { "type" : "keyword", "ignore_above" : 1024 } } }, "host" : { "properties" : { "architecture" : { "type" : "keyword", "ignore_above" : 1024 }, "containerized" : { "type" : "boolean" }, "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "geo" : { "properties" : { "city_name" : { "type" : "keyword", "ignore_above" : 1024 }, "continent_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "country_name" : { "type" : "keyword", "ignore_above" : 1024 }, "location" : { "type" : "geo_point" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "region_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "region_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hostname" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "ip" : { "type" : "ip" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "os" : { "properties" : { "build" : { "type" : "keyword", "ignore_above" : 1024 }, "codename" : { "type" : "keyword", "ignore_above" : 1024 }, "family" : { "type" : "keyword", "ignore_above" : 1024 }, "full" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "kernel" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "platform" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "uptime" : { "type" : "long" }, "user" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "email" : { "type" : "keyword", "ignore_above" : 1024 }, "full_name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "group" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "http" : { "properties" : { "request" : { "properties" : { "body" : { "properties" : { "bytes" : { "type" : "long" }, "content" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } }, "bytes" : { "type" : "long" }, "method" : { "type" : "keyword", "ignore_above" : 1024 }, "referrer" : { "type" : "keyword", "ignore_above" : 1024 } } }, "response" : { "properties" : { "body" : { "properties" : { "bytes" : { "type" : "long" }, "content" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } }, "bytes" : { "type" : "long" }, "status_code" : { "type" : "long" } } }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ibmmq" : { "properties" : { "errorlog" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "arithinsert" : { "type" : "keyword", "ignore_above" : 1024 }, "code" : { "type" : "keyword", "ignore_above" : 1024 }, "commentinsert" : { "type" : "keyword", "ignore_above" : 1024 }, "errordescription" : { "type" : "text", "norms" : false }, "explanation" : { "type" : "keyword", "ignore_above" : 1024 }, "installation" : { "type" : "keyword", "ignore_above" : 1024 }, "qmgr" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "icinga" : { "properties" : { "debug" : { "properties" : { "facility" : { "type" : "keyword", "ignore_above" : 1024 } } }, "main" : { "properties" : { "facility" : { "type" : "keyword", "ignore_above" : 1024 } } }, "startup" : { "properties" : { "facility" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "icmp" : { "properties" : { "code" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "igmp" : { "properties" : { "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "iis" : { "properties" : { "access" : { "properties" : { "cookie" : { "type" : "keyword", "ignore_above" : 1024 }, "geoip" : { "type" : "object" }, "server_name" : { "type" : "keyword", "ignore_above" : 1024 }, "site_name" : { "type" : "keyword", "ignore_above" : 1024 }, "sub_status" : { "type" : "long" }, "user_agent" : { "type" : "object" }, "win32_status" : { "type" : "long" } } }, "error" : { "properties" : { "geoip" : { "type" : "object" }, "queue_name" : { "type" : "keyword", "ignore_above" : 1024 }, "reason_phrase" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "input" : { "properties" : { "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "interface" : { "properties" : { "alias" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "iptables" : { "properties" : { "ether_type" : { "type" : "long" }, "flow_label" : { "type" : "long" }, "fragment_flags" : { "type" : "keyword", "ignore_above" : 1024 }, "fragment_offset" : { "type" : "long" }, "icmp" : { "properties" : { "code" : { "type" : "long" }, "id" : { "type" : "long" }, "parameter" : { "type" : "long" }, "redirect" : { "type" : "ip" }, "seq" : { "type" : "long" }, "type" : { "type" : "long" } } }, "id" : { "type" : "long" }, "incomplete_bytes" : { "type" : "long" }, "input_device" : { "type" : "keyword", "ignore_above" : 1024 }, "length" : { "type" : "long" }, "output_device" : { "type" : "keyword", "ignore_above" : 1024 }, "precedence_bits" : { "type" : "short" }, "tcp" : { "properties" : { "ack" : { "type" : "long" }, "flags" : { "type" : "keyword", "ignore_above" : 1024 }, "reserved_bits" : { "type" : "short" }, "seq" : { "type" : "long" }, "window" : { "type" : "long" } } }, "tos" : { "type" : "long" }, "ttl" : { "type" : "long" }, "ubiquiti" : { "properties" : { "input_zone" : { "type" : "keyword", "ignore_above" : 1024 }, "output_zone" : { "type" : "keyword", "ignore_above" : 1024 }, "rule_number" : { "type" : "keyword", "ignore_above" : 1024 }, "rule_set" : { "type" : "keyword", "ignore_above" : 1024 } } }, "udp" : { "properties" : { "length" : { "type" : "long" } } } } }, "jolokia" : { "properties" : { "agent" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "secured" : { "type" : "boolean" }, "server" : { "properties" : { "product" : { "type" : "keyword", "ignore_above" : 1024 }, "vendor" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "url" : { "type" : "keyword", "ignore_above" : 1024 } } }, "json" : { "type" : "object" }, "kafka" : { "properties" : { "block_timestamp" : { "type" : "date" }, "key" : { "type" : "keyword", "ignore_above" : 1024 }, "log" : { "properties" : { "class" : { "type" : "keyword", "ignore_above" : 1024 }, "component" : { "type" : "keyword", "ignore_above" : 1024 }, "thread" : { "type" : "keyword", "ignore_above" : 1024 }, "trace" : { "properties" : { "class" : { "type" : "keyword", "ignore_above" : 1024 }, "message" : { "type" : "text", "norms" : false } } } } }, "offset" : { "type" : "long" }, "partition" : { "type" : "long" }, "topic" : { "type" : "keyword", "ignore_above" : 1024 } } }, "kibana" : { "properties" : { "log" : { "properties" : { "meta" : { "type" : "object" }, "state" : { "type" : "keyword", "ignore_above" : 1024 }, "tags" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "kubernetes" : { "properties" : { "annotations" : { "properties" : { "*" : { "type" : "object" } } }, "container" : { "properties" : { "image" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "deployment" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "labels" : { "properties" : { "*" : { "type" : "object" } } }, "namespace" : { "type" : "keyword", "ignore_above" : 1024 }, "node" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "pod" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 }, "uid" : { "type" : "keyword", "ignore_above" : 1024 } } }, "replicaset" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "statefulset" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "labels" : { "type" : "object" }, "log" : { "properties" : { "file" : { "properties" : { "path" : { "type" : "keyword", "ignore_above" : 1024 } } }, "flags" : { "type" : "keyword", "ignore_above" : 1024 }, "level" : { "type" : "keyword", "ignore_above" : 1024 }, "logger" : { "type" : "keyword", "ignore_above" : 1024 }, "offset" : { "type" : "long" }, "origin" : { "properties" : { "file" : { "properties" : { "line" : { "type" : "long" }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "function" : { "type" : "keyword", "ignore_above" : 1024 } } }, "original" : { "type" : "keyword", "ignore_above" : 1024 }, "source" : { "properties" : { "address" : { "type" : "keyword", "ignore_above" : 1024 } } }, "syslog" : { "properties" : { "facility" : { "properties" : { "code" : { "type" : "long" }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "priority" : { "type" : "long" }, "severity" : { "properties" : { "code" : { "type" : "long" }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } } } } } }, "logstash" : { "properties" : { "log" : { "properties" : { "log_event" : { "type" : "object" }, "module" : { "type" : "keyword", "ignore_above" : 1024 }, "pipeline_id" : { "type" : "keyword", "ignore_above" : 1024 }, "thread" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } }, "slowlog" : { "properties" : { "event" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "module" : { "type" : "keyword", "ignore_above" : 1024 }, "plugin_name" : { "type" : "keyword", "ignore_above" : 1024 }, "plugin_params" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "plugin_params_object" : { "type" : "object" }, "plugin_type" : { "type" : "keyword", "ignore_above" : 1024 }, "thread" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "took_in_millis" : { "type" : "long" } } } } }, "message" : { "type" : "text", "norms" : false }, "misp" : { "properties" : { "attack_pattern" : { "properties" : { "description" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "kill_chain_phases" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "campaign" : { "properties" : { "aliases" : { "type" : "text", "norms" : false }, "description" : { "type" : "text", "norms" : false }, "first_seen" : { "type" : "date" }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "last_seen" : { "type" : "date" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "objective" : { "type" : "keyword", "ignore_above" : 1024 } } }, "course_of_action" : { "properties" : { "description" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "identity" : { "properties" : { "contact_information" : { "type" : "text", "norms" : false }, "description" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "identity_class" : { "type" : "keyword", "ignore_above" : 1024 }, "labels" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "sectors" : { "type" : "keyword", "ignore_above" : 1024 } } }, "intrusion_set" : { "properties" : { "aliases" : { "type" : "text", "norms" : false }, "description" : { "type" : "text", "norms" : false }, "first_seen" : { "type" : "date" }, "goals" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "last_seen" : { "type" : "date" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "primary_motivation" : { "type" : "text", "norms" : false }, "resource_level" : { "type" : "text", "norms" : false }, "secondary_motivations" : { "type" : "text", "norms" : false } } }, "malware" : { "properties" : { "description" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "kill_chain_phases" : { "type" : "keyword", "ignore_above" : 1024 }, "labels" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "note" : { "properties" : { "authors" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "object_refs" : { "type" : "keyword", "ignore_above" : 1024 }, "summary" : { "type" : "keyword", "ignore_above" : 1024 } } }, "observed_data" : { "properties" : { "first_observed" : { "type" : "date" }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "last_observed" : { "type" : "date" }, "number_observed" : { "type" : "long" }, "objects" : { "type" : "keyword", "ignore_above" : 1024 } } }, "report" : { "properties" : { "description" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "labels" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "object_refs" : { "type" : "text", "norms" : false }, "published" : { "type" : "date" } } }, "threat_actor" : { "properties" : { "aliases" : { "type" : "text", "norms" : false }, "description" : { "type" : "text", "norms" : false }, "goals" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "labels" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "personal_motivations" : { "type" : "text", "norms" : false }, "primary_motivation" : { "type" : "text", "norms" : false }, "resource_level" : { "type" : "text", "norms" : false }, "roles" : { "type" : "text", "norms" : false }, "secondary_motivations" : { "type" : "text", "norms" : false }, "sophistication" : { "type" : "text", "norms" : false } } }, "threat_indicator" : { "properties" : { "attack_pattern" : { "type" : "keyword", "ignore_above" : 1024 }, "attack_pattern_kql" : { "type" : "keyword", "ignore_above" : 1024 }, "campaign" : { "type" : "keyword", "ignore_above" : 1024 }, "confidence" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "text", "norms" : false }, "feed" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "intrusion_set" : { "type" : "keyword", "ignore_above" : 1024 }, "kill_chain_phases" : { "type" : "keyword", "ignore_above" : 1024 }, "labels" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_tactic" : { "type" : "keyword", "ignore_above" : 1024 }, "mitre_technique" : { "type" : "keyword", "ignore_above" : 1024 }, "negate" : { "type" : "boolean" }, "severity" : { "type" : "keyword", "ignore_above" : 1024 }, "threat_actor" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "valid_from" : { "type" : "date" }, "valid_until" : { "type" : "date" }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "tool" : { "properties" : { "description" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "kill_chain_phases" : { "type" : "text", "norms" : false }, "labels" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "tool_version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vulnerability" : { "properties" : { "description" : { "type" : "text", "norms" : false }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "mongodb" : { "properties" : { "log" : { "properties" : { "component" : { "type" : "keyword", "ignore_above" : 1024 }, "context" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "mssql" : { "properties" : { "log" : { "properties" : { "origin" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "mysql" : { "properties" : { "error" : { "type" : "object" }, "slowlog" : { "properties" : { "bytes_received" : { "type" : "long" }, "bytes_sent" : { "type" : "long" }, "current_user" : { "type" : "keyword", "ignore_above" : 1024 }, "filesort" : { "type" : "boolean" }, "filesort_on_disk" : { "type" : "boolean" }, "full_join" : { "type" : "boolean" }, "full_scan" : { "type" : "boolean" }, "innodb" : { "properties" : { "io_r_bytes" : { "type" : "long" }, "io_r_ops" : { "type" : "long" }, "io_r_wait" : { "properties" : { "sec" : { "type" : "long" } } }, "pages_distinct" : { "type" : "long" }, "queue_wait" : { "properties" : { "sec" : { "type" : "long" } } }, "rec_lock_wait" : { "properties" : { "sec" : { "type" : "long" } } }, "trx_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "killed" : { "type" : "keyword", "ignore_above" : 1024 }, "last_errno" : { "type" : "keyword", "ignore_above" : 1024 }, "lock_time" : { "properties" : { "sec" : { "type" : "float" } } }, "log_slow_rate_limit" : { "type" : "keyword", "ignore_above" : 1024 }, "log_slow_rate_type" : { "type" : "keyword", "ignore_above" : 1024 }, "merge_passes" : { "type" : "long" }, "priority_queue" : { "type" : "boolean" }, "query" : { "type" : "keyword", "ignore_above" : 1024 }, "query_cache_hit" : { "type" : "boolean" }, "read_first" : { "type" : "long" }, "read_key" : { "type" : "long" }, "read_last" : { "type" : "long" }, "read_next" : { "type" : "long" }, "read_prev" : { "type" : "long" }, "read_rnd" : { "type" : "long" }, "read_rnd_next" : { "type" : "long" }, "rows_affected" : { "type" : "long" }, "rows_examined" : { "type" : "long" }, "rows_sent" : { "type" : "long" }, "schema" : { "type" : "keyword", "ignore_above" : 1024 }, "sort_merge_passes" : { "type" : "long" }, "sort_range_count" : { "type" : "long" }, "sort_rows" : { "type" : "long" }, "sort_scan_count" : { "type" : "long" }, "tmp_disk_tables" : { "type" : "long" }, "tmp_table" : { "type" : "boolean" }, "tmp_table_on_disk" : { "type" : "boolean" }, "tmp_table_sizes" : { "type" : "long" }, "tmp_tables" : { "type" : "long" } } }, "thread_id" : { "type" : "long" } } }, "nats" : { "properties" : { "log" : { "properties" : { "client" : { "properties" : { "id" : { "type" : "long" } } }, "msg" : { "properties" : { "bytes" : { "type" : "long" }, "error" : { "properties" : { "message" : { "type" : "text", "norms" : false } } }, "max_messages" : { "type" : "long" }, "queue_group" : { "type" : "text", "norms" : false }, "reply_to" : { "type" : "keyword", "ignore_above" : 1024 }, "sid" : { "type" : "long" }, "subject" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } } } } } }, "netflow" : { "properties" : { "absolute_error" : { "type" : "double" }, "address_pool_high_threshold" : { "type" : "long" }, "address_pool_low_threshold" : { "type" : "long" }, "address_port_mapping_high_threshold" : { "type" : "long" }, "address_port_mapping_low_threshold" : { "type" : "long" }, "address_port_mapping_per_user_high_threshold" : { "type" : "long" }, "anonymization_flags" : { "type" : "long" }, "anonymization_technique" : { "type" : "long" }, "application_category_name" : { "type" : "keyword", "ignore_above" : 1024 }, "application_description" : { "type" : "keyword", "ignore_above" : 1024 }, "application_group_name" : { "type" : "keyword", "ignore_above" : 1024 }, "application_id" : { "type" : "short" }, "application_name" : { "type" : "keyword", "ignore_above" : 1024 }, "application_sub_category_name" : { "type" : "keyword", "ignore_above" : 1024 }, "bgp_destination_as_number" : { "type" : "long" }, "bgp_next_adjacent_as_number" : { "type" : "long" }, "bgp_next_hop_ipv4_address" : { "type" : "ip" }, "bgp_next_hop_ipv6_address" : { "type" : "ip" }, "bgp_prev_adjacent_as_number" : { "type" : "long" }, "bgp_source_as_number" : { "type" : "long" }, "bgp_validity_state" : { "type" : "short" }, "biflow_direction" : { "type" : "short" }, "class_id" : { "type" : "long" }, "class_name" : { "type" : "keyword", "ignore_above" : 1024 }, "classification_engine_id" : { "type" : "short" }, "collection_time_milliseconds" : { "type" : "date" }, "collector_certificate" : { "type" : "short" }, "collector_ipv4_address" : { "type" : "ip" }, "collector_ipv6_address" : { "type" : "ip" }, "collector_transport_port" : { "type" : "long" }, "common_properties_id" : { "type" : "long" }, "confidence_level" : { "type" : "double" }, "connection_sum_duration_seconds" : { "type" : "long" }, "connection_transaction_id" : { "type" : "long" }, "data_link_frame_section" : { "type" : "short" }, "data_link_frame_size" : { "type" : "long" }, "data_link_frame_type" : { "type" : "long" }, "data_records_reliability" : { "type" : "boolean" }, "delta_flow_count" : { "type" : "long" }, "destination_ipv4_address" : { "type" : "ip" }, "destination_ipv4_prefix" : { "type" : "ip" }, "destination_ipv4_prefix_length" : { "type" : "short" }, "destination_ipv6_address" : { "type" : "ip" }, "destination_ipv6_prefix" : { "type" : "ip" }, "destination_ipv6_prefix_length" : { "type" : "short" }, "destination_mac_address" : { "type" : "keyword", "ignore_above" : 1024 }, "destination_transport_port" : { "type" : "long" }, "digest_hash_value" : { "type" : "long" }, "distinct_count_of_destination_ip_address" : { "type" : "long" }, "distinct_count_of_destination_ipv4_address" : { "type" : "long" }, "distinct_count_of_destination_ipv6_address" : { "type" : "long" }, "distinct_count_of_source_ip_address" : { "type" : "long" }, "distinct_count_of_source_ipv4_address" : { "type" : "long" }, "distinct_count_of_source_ipv6_address" : { "type" : "long" }, "dot1q_customer_dei" : { "type" : "boolean" }, "dot1q_customer_destination_mac_address" : { "type" : "keyword", "ignore_above" : 1024 }, "dot1q_customer_priority" : { "type" : "short" }, "dot1q_customer_source_mac_address" : { "type" : "keyword", "ignore_above" : 1024 }, "dot1q_customer_vlan_id" : { "type" : "long" }, "dot1q_dei" : { "type" : "boolean" }, "dot1q_priority" : { "type" : "short" }, "dot1q_service_instance_id" : { "type" : "long" }, "dot1q_service_instance_priority" : { "type" : "short" }, "dot1q_service_instance_tag" : { "type" : "short" }, "dot1q_vlan_id" : { "type" : "long" }, "dropped_layer2_octet_delta_count" : { "type" : "long" }, "dropped_layer2_octet_total_count" : { "type" : "long" }, "dropped_octet_delta_count" : { "type" : "long" }, "dropped_octet_total_count" : { "type" : "long" }, "dropped_packet_delta_count" : { "type" : "long" }, "dropped_packet_total_count" : { "type" : "long" }, "dst_traffic_index" : { "type" : "long" }, "egress_broadcast_packet_total_count" : { "type" : "long" }, "egress_interface" : { "type" : "long" }, "egress_interface_type" : { "type" : "long" }, "egress_physical_interface" : { "type" : "long" }, "egress_unicast_packet_total_count" : { "type" : "long" }, "egress_vrfid" : { "type" : "long" }, "encrypted_technology" : { "type" : "keyword", "ignore_above" : 1024 }, "engine_id" : { "type" : "short" }, "engine_type" : { "type" : "short" }, "ethernet_header_length" : { "type" : "short" }, "ethernet_payload_length" : { "type" : "long" }, "ethernet_total_length" : { "type" : "long" }, "ethernet_type" : { "type" : "long" }, "export_interface" : { "type" : "long" }, "export_protocol_version" : { "type" : "short" }, "export_sctp_stream_id" : { "type" : "long" }, "export_transport_protocol" : { "type" : "short" }, "exported_flow_record_total_count" : { "type" : "long" }, "exported_message_total_count" : { "type" : "long" }, "exported_octet_total_count" : { "type" : "long" }, "exporter" : { "properties" : { "address" : { "type" : "keyword", "ignore_above" : 1024 }, "source_id" : { "type" : "long" }, "timestamp" : { "type" : "date" }, "uptime_millis" : { "type" : "long" }, "version" : { "type" : "long" } } }, "exporter_certificate" : { "type" : "short" }, "exporter_ipv4_address" : { "type" : "ip" }, "exporter_ipv6_address" : { "type" : "ip" }, "exporter_transport_port" : { "type" : "long" }, "exporting_process_id" : { "type" : "long" }, "external_address_realm" : { "type" : "short" }, "firewall_event" : { "type" : "short" }, "flags_and_sampler_id" : { "type" : "long" }, "flow_active_timeout" : { "type" : "long" }, "flow_direction" : { "type" : "short" }, "flow_duration_microseconds" : { "type" : "long" }, "flow_duration_milliseconds" : { "type" : "long" }, "flow_end_delta_microseconds" : { "type" : "long" }, "flow_end_microseconds" : { "type" : "date" }, "flow_end_milliseconds" : { "type" : "date" }, "flow_end_nanoseconds" : { "type" : "date" }, "flow_end_reason" : { "type" : "short" }, "flow_end_seconds" : { "type" : "date" }, "flow_end_sys_up_time" : { "type" : "long" }, "flow_id" : { "type" : "long" }, "flow_idle_timeout" : { "type" : "long" }, "flow_key_indicator" : { "type" : "long" }, "flow_label_ipv6" : { "type" : "long" }, "flow_sampling_time_interval" : { "type" : "long" }, "flow_sampling_time_spacing" : { "type" : "long" }, "flow_selected_flow_delta_count" : { "type" : "long" }, "flow_selected_octet_delta_count" : { "type" : "long" }, "flow_selected_packet_delta_count" : { "type" : "long" }, "flow_selector_algorithm" : { "type" : "long" }, "flow_start_delta_microseconds" : { "type" : "long" }, "flow_start_microseconds" : { "type" : "date" }, "flow_start_milliseconds" : { "type" : "date" }, "flow_start_nanoseconds" : { "type" : "date" }, "flow_start_seconds" : { "type" : "date" }, "flow_start_sys_up_time" : { "type" : "long" }, "forwarding_status" : { "type" : "short" }, "fragment_flags" : { "type" : "short" }, "fragment_identification" : { "type" : "long" }, "fragment_offset" : { "type" : "long" }, "global_address_mapping_high_threshold" : { "type" : "long" }, "gre_key" : { "type" : "long" }, "hash_digest_output" : { "type" : "boolean" }, "hash_flow_domain" : { "type" : "long" }, "hash_initialiser_value" : { "type" : "long" }, "hash_ip_payload_offset" : { "type" : "long" }, "hash_ip_payload_size" : { "type" : "long" }, "hash_output_range_max" : { "type" : "long" }, "hash_output_range_min" : { "type" : "long" }, "hash_selected_range_max" : { "type" : "long" }, "hash_selected_range_min" : { "type" : "long" }, "http_content_type" : { "type" : "keyword", "ignore_above" : 1024 }, "http_message_version" : { "type" : "keyword", "ignore_above" : 1024 }, "http_reason_phrase" : { "type" : "keyword", "ignore_above" : 1024 }, "http_request_host" : { "type" : "keyword", "ignore_above" : 1024 }, "http_request_method" : { "type" : "keyword", "ignore_above" : 1024 }, "http_request_target" : { "type" : "keyword", "ignore_above" : 1024 }, "http_status_code" : { "type" : "long" }, "http_user_agent" : { "type" : "keyword", "ignore_above" : 1024 }, "icmp_code_ipv4" : { "type" : "short" }, "icmp_code_ipv6" : { "type" : "short" }, "icmp_type_code_ipv4" : { "type" : "long" }, "icmp_type_code_ipv6" : { "type" : "long" }, "icmp_type_ipv4" : { "type" : "short" }, "icmp_type_ipv6" : { "type" : "short" }, "igmp_type" : { "type" : "short" }, "ignored_data_record_total_count" : { "type" : "long" }, "ignored_layer2_frame_total_count" : { "type" : "long" }, "ignored_layer2_octet_total_count" : { "type" : "long" }, "ignored_octet_total_count" : { "type" : "long" }, "ignored_packet_total_count" : { "type" : "long" }, "information_element_data_type" : { "type" : "short" }, "information_element_description" : { "type" : "keyword", "ignore_above" : 1024 }, "information_element_id" : { "type" : "long" }, "information_element_index" : { "type" : "long" }, "information_element_name" : { "type" : "keyword", "ignore_above" : 1024 }, "information_element_range_begin" : { "type" : "long" }, "information_element_range_end" : { "type" : "long" }, "information_element_semantics" : { "type" : "short" }, "information_element_units" : { "type" : "long" }, "ingress_broadcast_packet_total_count" : { "type" : "long" }, "ingress_interface" : { "type" : "long" }, "ingress_interface_type" : { "type" : "long" }, "ingress_multicast_packet_total_count" : { "type" : "long" }, "ingress_physical_interface" : { "type" : "long" }, "ingress_unicast_packet_total_count" : { "type" : "long" }, "ingress_vrfid" : { "type" : "long" }, "initiator_octets" : { "type" : "long" }, "initiator_packets" : { "type" : "long" }, "interface_description" : { "type" : "keyword", "ignore_above" : 1024 }, "interface_name" : { "type" : "keyword", "ignore_above" : 1024 }, "intermediate_process_id" : { "type" : "long" }, "internal_address_realm" : { "type" : "short" }, "ip_class_of_service" : { "type" : "short" }, "ip_diff_serv_code_point" : { "type" : "short" }, "ip_header_length" : { "type" : "short" }, "ip_header_packet_section" : { "type" : "short" }, "ip_next_hop_ipv4_address" : { "type" : "ip" }, "ip_next_hop_ipv6_address" : { "type" : "ip" }, "ip_payload_length" : { "type" : "long" }, "ip_payload_packet_section" : { "type" : "short" }, "ip_precedence" : { "type" : "short" }, "ip_sec_spi" : { "type" : "long" }, "ip_total_length" : { "type" : "long" }, "ip_ttl" : { "type" : "short" }, "ip_version" : { "type" : "short" }, "ipv4_ihl" : { "type" : "short" }, "ipv4_options" : { "type" : "long" }, "ipv4_router_sc" : { "type" : "ip" }, "ipv6_extension_headers" : { "type" : "long" }, "is_multicast" : { "type" : "short" }, "layer2_frame_delta_count" : { "type" : "long" }, "layer2_frame_total_count" : { "type" : "long" }, "layer2_octet_delta_count" : { "type" : "long" }, "layer2_octet_delta_sum_of_squares" : { "type" : "long" }, "layer2_octet_total_count" : { "type" : "long" }, "layer2_octet_total_sum_of_squares" : { "type" : "long" }, "layer2_segment_id" : { "type" : "long" }, "layer2packet_section_data" : { "type" : "short" }, "layer2packet_section_offset" : { "type" : "long" }, "layer2packet_section_size" : { "type" : "long" }, "line_card_id" : { "type" : "long" }, "lower_ci_limit" : { "type" : "double" }, "max_bib_entries" : { "type" : "long" }, "max_entries_per_user" : { "type" : "long" }, "max_export_seconds" : { "type" : "date" }, "max_flow_end_microseconds" : { "type" : "date" }, "max_flow_end_milliseconds" : { "type" : "date" }, "max_flow_end_nanoseconds" : { "type" : "date" }, "max_flow_end_seconds" : { "type" : "date" }, "max_fragments_pending_reassembly" : { "type" : "long" }, "max_session_entries" : { "type" : "long" }, "max_subscribers" : { "type" : "long" }, "maximum_ip_total_length" : { "type" : "long" }, "maximum_layer2_total_length" : { "type" : "long" }, "maximum_ttl" : { "type" : "short" }, "message_md5_checksum" : { "type" : "short" }, "message_scope" : { "type" : "short" }, "metering_process_id" : { "type" : "long" }, "metro_evc_id" : { "type" : "keyword", "ignore_above" : 1024 }, "metro_evc_type" : { "type" : "short" }, "mib_capture_time_semantics" : { "type" : "short" }, "mib_context_engine_id" : { "type" : "short" }, "mib_context_name" : { "type" : "keyword", "ignore_above" : 1024 }, "mib_index_indicator" : { "type" : "long" }, "mib_module_name" : { "type" : "keyword", "ignore_above" : 1024 }, "mib_object_description" : { "type" : "keyword", "ignore_above" : 1024 }, "mib_object_identifier" : { "type" : "short" }, "mib_object_name" : { "type" : "keyword", "ignore_above" : 1024 }, "mib_object_syntax" : { "type" : "keyword", "ignore_above" : 1024 }, "mib_object_value_bits" : { "type" : "short" }, "mib_object_value_counter" : { "type" : "long" }, "mib_object_value_gauge" : { "type" : "long" }, "mib_object_value_integer" : { "type" : "long" }, "mib_object_value_ip_address" : { "type" : "ip" }, "mib_object_value_octet_string" : { "type" : "short" }, "mib_object_value_oid" : { "type" : "short" }, "mib_object_value_time_ticks" : { "type" : "long" }, "mib_object_value_unsigned" : { "type" : "long" }, "mib_sub_identifier" : { "type" : "long" }, "min_export_seconds" : { "type" : "date" }, "min_flow_start_microseconds" : { "type" : "date" }, "min_flow_start_milliseconds" : { "type" : "date" }, "min_flow_start_nanoseconds" : { "type" : "date" }, "min_flow_start_seconds" : { "type" : "date" }, "minimum_ip_total_length" : { "type" : "long" }, "minimum_layer2_total_length" : { "type" : "long" }, "minimum_ttl" : { "type" : "short" }, "mobile_imsi" : { "type" : "keyword", "ignore_above" : 1024 }, "mobile_msisdn" : { "type" : "keyword", "ignore_above" : 1024 }, "monitoring_interval_end_milli_seconds" : { "type" : "date" }, "monitoring_interval_start_milli_seconds" : { "type" : "date" }, "mpls_label_stack_depth" : { "type" : "long" }, "mpls_label_stack_length" : { "type" : "long" }, "mpls_label_stack_section" : { "type" : "short" }, "mpls_label_stack_section10" : { "type" : "short" }, "mpls_label_stack_section2" : { "type" : "short" }, "mpls_label_stack_section3" : { "type" : "short" }, "mpls_label_stack_section4" : { "type" : "short" }, "mpls_label_stack_section5" : { "type" : "short" }, "mpls_label_stack_section6" : { "type" : "short" }, "mpls_label_stack_section7" : { "type" : "short" }, "mpls_label_stack_section8" : { "type" : "short" }, "mpls_label_stack_section9" : { "type" : "short" }, "mpls_payload_length" : { "type" : "long" }, "mpls_payload_packet_section" : { "type" : "short" }, "mpls_top_label_exp" : { "type" : "short" }, "mpls_top_label_ipv4_address" : { "type" : "ip" }, "mpls_top_label_ipv6_address" : { "type" : "ip" }, "mpls_top_label_prefix_length" : { "type" : "short" }, "mpls_top_label_stack_section" : { "type" : "short" }, "mpls_top_label_ttl" : { "type" : "short" }, "mpls_top_label_type" : { "type" : "short" }, "mpls_vpn_route_distinguisher" : { "type" : "short" }, "multicast_replication_factor" : { "type" : "long" }, "nat_event" : { "type" : "short" }, "nat_instance_id" : { "type" : "long" }, "nat_originating_address_realm" : { "type" : "short" }, "nat_pool_id" : { "type" : "long" }, "nat_pool_name" : { "type" : "keyword", "ignore_above" : 1024 }, "nat_quota_exceeded_event" : { "type" : "long" }, "nat_threshold_event" : { "type" : "long" }, "nat_type" : { "type" : "short" }, "new_connection_delta_count" : { "type" : "long" }, "next_header_ipv6" : { "type" : "short" }, "not_sent_flow_total_count" : { "type" : "long" }, "not_sent_layer2_octet_total_count" : { "type" : "long" }, "not_sent_octet_total_count" : { "type" : "long" }, "not_sent_packet_total_count" : { "type" : "long" }, "observation_domain_id" : { "type" : "long" }, "observation_domain_name" : { "type" : "keyword", "ignore_above" : 1024 }, "observation_point_id" : { "type" : "long" }, "observation_point_type" : { "type" : "short" }, "observation_time_microseconds" : { "type" : "date" }, "observation_time_milliseconds" : { "type" : "date" }, "observation_time_nanoseconds" : { "type" : "date" }, "observation_time_seconds" : { "type" : "date" }, "observed_flow_total_count" : { "type" : "long" }, "octet_delta_count" : { "type" : "long" }, "octet_delta_sum_of_squares" : { "type" : "long" }, "octet_total_count" : { "type" : "long" }, "octet_total_sum_of_squares" : { "type" : "long" }, "opaque_octets" : { "type" : "short" }, "original_exporter_ipv4_address" : { "type" : "ip" }, "original_exporter_ipv6_address" : { "type" : "ip" }, "original_flows_completed" : { "type" : "long" }, "original_flows_initiated" : { "type" : "long" }, "original_flows_present" : { "type" : "long" }, "original_observation_domain_id" : { "type" : "long" }, "p2p_technology" : { "type" : "keyword", "ignore_above" : 1024 }, "packet_delta_count" : { "type" : "long" }, "packet_total_count" : { "type" : "long" }, "padding_octets" : { "type" : "short" }, "payload_length_ipv6" : { "type" : "long" }, "port_id" : { "type" : "long" }, "port_range_end" : { "type" : "long" }, "port_range_num_ports" : { "type" : "long" }, "port_range_start" : { "type" : "long" }, "port_range_step_size" : { "type" : "long" }, "post_destination_mac_address" : { "type" : "keyword", "ignore_above" : 1024 }, "post_dot1q_customer_vlan_id" : { "type" : "long" }, "post_dot1q_vlan_id" : { "type" : "long" }, "post_ip_class_of_service" : { "type" : "short" }, "post_ip_diff_serv_code_point" : { "type" : "short" }, "post_ip_precedence" : { "type" : "short" }, "post_layer2_octet_delta_count" : { "type" : "long" }, "post_layer2_octet_total_count" : { "type" : "long" }, "post_mcast_layer2_octet_delta_count" : { "type" : "long" }, "post_mcast_layer2_octet_total_count" : { "type" : "long" }, "post_mcast_octet_delta_count" : { "type" : "long" }, "post_mcast_octet_total_count" : { "type" : "long" }, "post_mcast_packet_delta_count" : { "type" : "long" }, "post_mcast_packet_total_count" : { "type" : "long" }, "post_mpls_top_label_exp" : { "type" : "short" }, "post_napt_destination_transport_port" : { "type" : "long" }, "post_napt_source_transport_port" : { "type" : "long" }, "post_nat_destination_ipv4_address" : { "type" : "ip" }, "post_nat_destination_ipv6_address" : { "type" : "ip" }, "post_nat_source_ipv4_address" : { "type" : "ip" }, "post_nat_source_ipv6_address" : { "type" : "ip" }, "post_octet_delta_count" : { "type" : "long" }, "post_octet_total_count" : { "type" : "long" }, "post_packet_delta_count" : { "type" : "long" }, "post_packet_total_count" : { "type" : "long" }, "post_source_mac_address" : { "type" : "keyword", "ignore_above" : 1024 }, "post_vlan_id" : { "type" : "long" }, "private_enterprise_number" : { "type" : "long" }, "protocol_identifier" : { "type" : "short" }, "pseudo_wire_control_word" : { "type" : "long" }, "pseudo_wire_destination_ipv4_address" : { "type" : "ip" }, "pseudo_wire_id" : { "type" : "long" }, "pseudo_wire_type" : { "type" : "long" }, "relative_error" : { "type" : "double" }, "responder_octets" : { "type" : "long" }, "responder_packets" : { "type" : "long" }, "rfc3550_jitter_microseconds" : { "type" : "long" }, "rfc3550_jitter_milliseconds" : { "type" : "long" }, "rfc3550_jitter_nanoseconds" : { "type" : "long" }, "rtp_sequence_number" : { "type" : "long" }, "sampler_id" : { "type" : "short" }, "sampler_mode" : { "type" : "short" }, "sampler_name" : { "type" : "keyword", "ignore_above" : 1024 }, "sampler_random_interval" : { "type" : "long" }, "sampling_algorithm" : { "type" : "short" }, "sampling_flow_interval" : { "type" : "long" }, "sampling_flow_spacing" : { "type" : "long" }, "sampling_interval" : { "type" : "long" }, "sampling_packet_interval" : { "type" : "long" }, "sampling_packet_space" : { "type" : "long" }, "sampling_population" : { "type" : "long" }, "sampling_probability" : { "type" : "double" }, "sampling_size" : { "type" : "long" }, "sampling_time_interval" : { "type" : "long" }, "sampling_time_space" : { "type" : "long" }, "section_exported_octets" : { "type" : "long" }, "section_offset" : { "type" : "long" }, "selection_sequence_id" : { "type" : "long" }, "selector_algorithm" : { "type" : "long" }, "selector_id" : { "type" : "long" }, "selector_id_total_flows_observed" : { "type" : "long" }, "selector_id_total_flows_selected" : { "type" : "long" }, "selector_id_total_pkts_observed" : { "type" : "long" }, "selector_id_total_pkts_selected" : { "type" : "long" }, "selector_name" : { "type" : "keyword", "ignore_above" : 1024 }, "session_scope" : { "type" : "short" }, "source_ipv4_address" : { "type" : "ip" }, "source_ipv4_prefix" : { "type" : "ip" }, "source_ipv4_prefix_length" : { "type" : "short" }, "source_ipv6_address" : { "type" : "ip" }, "source_ipv6_prefix" : { "type" : "ip" }, "source_ipv6_prefix_length" : { "type" : "short" }, "source_mac_address" : { "type" : "keyword", "ignore_above" : 1024 }, "source_transport_port" : { "type" : "long" }, "source_transport_ports_limit" : { "type" : "long" }, "src_traffic_index" : { "type" : "long" }, "sta_ipv4_address" : { "type" : "ip" }, "sta_mac_address" : { "type" : "keyword", "ignore_above" : 1024 }, "system_init_time_milliseconds" : { "type" : "date" }, "tcp_ack_total_count" : { "type" : "long" }, "tcp_acknowledgement_number" : { "type" : "long" }, "tcp_control_bits" : { "type" : "long" }, "tcp_destination_port" : { "type" : "long" }, "tcp_fin_total_count" : { "type" : "long" }, "tcp_header_length" : { "type" : "short" }, "tcp_options" : { "type" : "long" }, "tcp_psh_total_count" : { "type" : "long" }, "tcp_rst_total_count" : { "type" : "long" }, "tcp_sequence_number" : { "type" : "long" }, "tcp_source_port" : { "type" : "long" }, "tcp_syn_total_count" : { "type" : "long" }, "tcp_urg_total_count" : { "type" : "long" }, "tcp_urgent_pointer" : { "type" : "long" }, "tcp_window_scale" : { "type" : "long" }, "tcp_window_size" : { "type" : "long" }, "template_id" : { "type" : "long" }, "total_length_ipv4" : { "type" : "long" }, "transport_octet_delta_count" : { "type" : "long" }, "transport_packet_delta_count" : { "type" : "long" }, "tunnel_technology" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "udp_destination_port" : { "type" : "long" }, "udp_message_length" : { "type" : "long" }, "udp_source_port" : { "type" : "long" }, "upper_ci_limit" : { "type" : "double" }, "user_name" : { "type" : "keyword", "ignore_above" : 1024 }, "value_distribution_method" : { "type" : "short" }, "virtual_station_interface_id" : { "type" : "short" }, "virtual_station_interface_name" : { "type" : "keyword", "ignore_above" : 1024 }, "virtual_station_name" : { "type" : "keyword", "ignore_above" : 1024 }, "virtual_station_uuid" : { "type" : "short" }, "vlan_id" : { "type" : "long" }, "vpn_identifier" : { "type" : "short" }, "vr_fname" : { "type" : "keyword", "ignore_above" : 1024 }, "wlan_channel_id" : { "type" : "short" }, "wlan_ssid" : { "type" : "keyword", "ignore_above" : 1024 }, "wtp_mac_address" : { "type" : "keyword", "ignore_above" : 1024 } } }, "network" : { "properties" : { "application" : { "type" : "keyword", "ignore_above" : 1024 }, "bytes" : { "type" : "long" }, "community_id" : { "type" : "keyword", "ignore_above" : 1024 }, "direction" : { "type" : "keyword", "ignore_above" : 1024 }, "forwarded_ip" : { "type" : "ip" }, "iana_number" : { "type" : "keyword", "ignore_above" : 1024 }, "inner" : { "properties" : { "vlan" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "packets" : { "type" : "long" }, "protocol" : { "type" : "keyword", "ignore_above" : 1024 }, "transport" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "vlan" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "nginx" : { "properties" : { "access" : { "properties" : { "geoip" : { "type" : "object" }, "user_agent" : { "type" : "object" } } }, "error" : { "properties" : { "connection_id" : { "type" : "long" } } }, "ingress_controller" : { "properties" : { "geoip" : { "type" : "object" }, "http" : { "properties" : { "request" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "length" : { "type" : "long" }, "time" : { "type" : "double" } } } } }, "upstream" : { "properties" : { "alternative_name" : { "type" : "keyword", "ignore_above" : 1024 }, "ip" : { "type" : "ip" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "port" : { "type" : "long" }, "response" : { "properties" : { "length" : { "type" : "long" }, "status_code" : { "type" : "long" }, "time" : { "type" : "double" } } } } }, "user_agent" : { "type" : "object" } } } } }, "o365" : { "properties" : { "audit" : { "properties" : { "ActorContextId" : { "type" : "keyword", "ignore_above" : 1024 }, "ActorIpAddress" : { "type" : "keyword", "ignore_above" : 1024 }, "ActorUserId" : { "type" : "keyword", "ignore_above" : 1024 }, "ActorYammerUserId" : { "type" : "keyword", "ignore_above" : 1024 }, "AlertEntityId" : { "type" : "keyword", "ignore_above" : 1024 }, "AlertId" : { "type" : "keyword", "ignore_above" : 1024 }, "AlertType" : { "type" : "keyword", "ignore_above" : 1024 }, "AppId" : { "type" : "keyword", "ignore_above" : 1024 }, "ApplicationDisplayName" : { "type" : "keyword", "ignore_above" : 1024 }, "ApplicationId" : { "type" : "keyword", "ignore_above" : 1024 }, "AzureActiveDirectoryEventType" : { "type" : "keyword", "ignore_above" : 1024 }, "Category" : { "type" : "keyword", "ignore_above" : 1024 }, "ClientAppId" : { "type" : "keyword", "ignore_above" : 1024 }, "ClientIP" : { "type" : "keyword", "ignore_above" : 1024 }, "ClientIPAddress" : { "type" : "keyword", "ignore_above" : 1024 }, "ClientInfoString" : { "type" : "keyword", "ignore_above" : 1024 }, "Comments" : { "type" : "text", "norms" : false }, "CorrelationId" : { "type" : "keyword", "ignore_above" : 1024 }, "CreationTime" : { "type" : "keyword", "ignore_above" : 1024 }, "CustomUniqueId" : { "type" : "keyword", "ignore_above" : 1024 }, "Data" : { "type" : "keyword", "ignore_above" : 1024 }, "DataType" : { "type" : "keyword", "ignore_above" : 1024 }, "EntityType" : { "type" : "keyword", "ignore_above" : 1024 }, "EventData" : { "type" : "keyword", "ignore_above" : 1024 }, "EventSource" : { "type" : "keyword", "ignore_above" : 1024 }, "ExceptionInfo" : { "properties" : { "*" : { "type" : "object" } } }, "ExchangeMetaData" : { "properties" : { "*" : { "type" : "object" } } }, "ExtendedProperties" : { "properties" : { "*" : { "type" : "object" } } }, "ExternalAccess" : { "type" : "keyword", "ignore_above" : 1024 }, "GroupName" : { "type" : "keyword", "ignore_above" : 1024 }, "Id" : { "type" : "keyword", "ignore_above" : 1024 }, "ImplicitShare" : { "type" : "keyword", "ignore_above" : 1024 }, "IncidentId" : { "type" : "keyword", "ignore_above" : 1024 }, "InterSystemsId" : { "type" : "keyword", "ignore_above" : 1024 }, "InternalLogonType" : { "type" : "keyword", "ignore_above" : 1024 }, "IntraSystemId" : { "type" : "keyword", "ignore_above" : 1024 }, "Item" : { "properties" : { "*" : { "properties" : { "*" : { "type" : "object" } } } } }, "ItemName" : { "type" : "keyword", "ignore_above" : 1024 }, "ItemType" : { "type" : "keyword", "ignore_above" : 1024 }, "ListId" : { "type" : "keyword", "ignore_above" : 1024 }, "ListItemUniqueId" : { "type" : "keyword", "ignore_above" : 1024 }, "LogonError" : { "type" : "keyword", "ignore_above" : 1024 }, "LogonType" : { "type" : "keyword", "ignore_above" : 1024 }, "LogonUserSid" : { "type" : "keyword", "ignore_above" : 1024 }, "MailboxGuid" : { "type" : "keyword", "ignore_above" : 1024 }, "MailboxOwnerMasterAccountSid" : { "type" : "keyword", "ignore_above" : 1024 }, "MailboxOwnerSid" : { "type" : "keyword", "ignore_above" : 1024 }, "MailboxOwnerUPN" : { "type" : "keyword", "ignore_above" : 1024 }, "Members" : { "properties" : { "*" : { "type" : "object" } } }, "ModifiedProperties" : { "properties" : { "*" : { "properties" : { "*" : { "type" : "object" } } } } }, "Name" : { "type" : "keyword", "ignore_above" : 1024 }, "ObjectId" : { "type" : "keyword", "ignore_above" : 1024 }, "Operation" : { "type" : "keyword", "ignore_above" : 1024 }, "OrganizationId" : { "type" : "keyword", "ignore_above" : 1024 }, "OrganizationName" : { "type" : "keyword", "ignore_above" : 1024 }, "OriginatingServer" : { "type" : "keyword", "ignore_above" : 1024 }, "Parameters" : { "properties" : { "*" : { "type" : "object" } } }, "PolicyId" : { "type" : "keyword", "ignore_above" : 1024 }, "RecordType" : { "type" : "keyword", "ignore_above" : 1024 }, "ResultStatus" : { "type" : "keyword", "ignore_above" : 1024 }, "SensitiveInfoDetectionIsIncluded" : { "type" : "keyword", "ignore_above" : 1024 }, "SessionId" : { "type" : "keyword", "ignore_above" : 1024 }, "Severity" : { "type" : "keyword", "ignore_above" : 1024 }, "SharePointMetaData" : { "properties" : { "*" : { "type" : "object" } } }, "Site" : { "type" : "keyword", "ignore_above" : 1024 }, "SiteUrl" : { "type" : "keyword", "ignore_above" : 1024 }, "Source" : { "type" : "keyword", "ignore_above" : 1024 }, "SourceFileExtension" : { "type" : "keyword", "ignore_above" : 1024 }, "SourceFileName" : { "type" : "keyword", "ignore_above" : 1024 }, "SourceRelativeUrl" : { "type" : "keyword", "ignore_above" : 1024 }, "Status" : { "type" : "keyword", "ignore_above" : 1024 }, "SupportTicketId" : { "type" : "keyword", "ignore_above" : 1024 }, "TargetContextId" : { "type" : "keyword", "ignore_above" : 1024 }, "TargetUserOrGroupName" : { "type" : "keyword", "ignore_above" : 1024 }, "TargetUserOrGroupType" : { "type" : "keyword", "ignore_above" : 1024 }, "TeamGuid" : { "type" : "keyword", "ignore_above" : 1024 }, "TeamName" : { "type" : "keyword", "ignore_above" : 1024 }, "UniqueSharingId" : { "type" : "keyword", "ignore_above" : 1024 }, "UserAgent" : { "type" : "keyword", "ignore_above" : 1024 }, "UserId" : { "type" : "keyword", "ignore_above" : 1024 }, "UserKey" : { "type" : "keyword", "ignore_above" : 1024 }, "UserType" : { "type" : "keyword", "ignore_above" : 1024 }, "Version" : { "type" : "keyword", "ignore_above" : 1024 }, "WebId" : { "type" : "keyword", "ignore_above" : 1024 }, "Workload" : { "type" : "keyword", "ignore_above" : 1024 }, "YammerNetworkId" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "object_key" : { "type" : "keyword", "ignore_above" : 1024 }, "observer" : { "properties" : { "egress" : { "properties" : { "interface" : { "properties" : { "alias" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vlan" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "zone" : { "type" : "keyword", "ignore_above" : 1024 } } }, "geo" : { "properties" : { "city_name" : { "type" : "keyword", "ignore_above" : 1024 }, "continent_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "country_name" : { "type" : "keyword", "ignore_above" : 1024 }, "location" : { "type" : "geo_point" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "region_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "region_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hostname" : { "type" : "keyword", "ignore_above" : 1024 }, "ingress" : { "properties" : { "interface" : { "properties" : { "alias" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vlan" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "zone" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ip" : { "type" : "ip" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "os" : { "properties" : { "family" : { "type" : "keyword", "ignore_above" : 1024 }, "full" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "kernel" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "platform" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "product" : { "type" : "keyword", "ignore_above" : 1024 }, "serial_number" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "vendor" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "okta" : { "properties" : { "actor" : { "properties" : { "alternate_id" : { "type" : "keyword", "ignore_above" : 1024 }, "display_name" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "authentication_context" : { "properties" : { "authentication_provider" : { "type" : "keyword", "ignore_above" : 1024 }, "authentication_step" : { "type" : "long" }, "credential_provider" : { "type" : "keyword", "ignore_above" : 1024 }, "credential_type" : { "type" : "keyword", "ignore_above" : 1024 }, "external_session_id" : { "type" : "keyword", "ignore_above" : 1024 }, "interface" : { "type" : "keyword", "ignore_above" : 1024 } } }, "client" : { "properties" : { "device" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "ip" : { "type" : "ip" }, "user_agent" : { "properties" : { "browser" : { "type" : "keyword", "ignore_above" : 1024 }, "os" : { "type" : "keyword", "ignore_above" : 1024 }, "raw_user_agent" : { "type" : "keyword", "ignore_above" : 1024 } } }, "zone" : { "type" : "keyword", "ignore_above" : 1024 } } }, "debug_context" : { "properties" : { "debug_data" : { "properties" : { "device_fingerprint" : { "type" : "keyword", "ignore_above" : 1024 }, "request_id" : { "type" : "keyword", "ignore_above" : 1024 }, "request_uri" : { "type" : "keyword", "ignore_above" : 1024 }, "threat_suspected" : { "type" : "keyword", "ignore_above" : 1024 }, "url" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "display_message" : { "type" : "keyword", "ignore_above" : 1024 }, "event_type" : { "type" : "keyword", "ignore_above" : 1024 }, "outcome" : { "properties" : { "reason" : { "type" : "keyword", "ignore_above" : 1024 }, "result" : { "type" : "keyword", "ignore_above" : 1024 } } }, "request" : { "properties" : { "ip_chain" : { "properties" : { "geographical_context" : { "properties" : { "city" : { "type" : "keyword", "ignore_above" : 1024 }, "country" : { "type" : "keyword", "ignore_above" : 1024 }, "geolocation" : { "type" : "geo_point" }, "postal_code" : { "type" : "keyword", "ignore_above" : 1024 }, "state" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ip" : { "type" : "ip" }, "source" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "security_context" : { "properties" : { "as" : { "properties" : { "number" : { "type" : "long" }, "organization" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "is_proxy" : { "type" : "boolean" }, "isp" : { "type" : "keyword", "ignore_above" : 1024 } } }, "severity" : { "type" : "keyword", "ignore_above" : 1024 }, "transaction" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "uuid" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "organization" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } }, "os" : { "properties" : { "family" : { "type" : "keyword", "ignore_above" : 1024 }, "full" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "kernel" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "platform" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "osquery" : { "properties" : { "result" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "calendar_time" : { "type" : "keyword", "ignore_above" : 1024 }, "host_identifier" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "unix_time" : { "type" : "long" } } } } }, "package" : { "properties" : { "architecture" : { "type" : "keyword", "ignore_above" : 1024 }, "build_version" : { "type" : "keyword", "ignore_above" : 1024 }, "checksum" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "keyword", "ignore_above" : 1024 }, "install_scope" : { "type" : "keyword", "ignore_above" : 1024 }, "installed" : { "type" : "date" }, "license" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "reference" : { "type" : "keyword", "ignore_above" : 1024 }, "size" : { "type" : "long" }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "panw" : { "properties" : { "panos" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "destination" : { "properties" : { "interface" : { "type" : "keyword", "ignore_above" : 1024 }, "nat" : { "properties" : { "ip" : { "type" : "ip" }, "port" : { "type" : "long" } } }, "zone" : { "type" : "keyword", "ignore_above" : 1024 } } }, "file" : { "properties" : { "hash" : { "type" : "keyword", "ignore_above" : 1024 } } }, "flow_id" : { "type" : "keyword", "ignore_above" : 1024 }, "network" : { "properties" : { "nat" : { "properties" : { "community_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "pcap_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ruleset" : { "type" : "keyword", "ignore_above" : 1024 }, "sequence_number" : { "type" : "long" }, "source" : { "properties" : { "interface" : { "type" : "keyword", "ignore_above" : 1024 }, "nat" : { "properties" : { "ip" : { "type" : "ip" }, "port" : { "type" : "long" } } }, "zone" : { "type" : "keyword", "ignore_above" : 1024 } } }, "threat" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "resource" : { "type" : "keyword", "ignore_above" : 1024 } } }, "url" : { "properties" : { "category" : { "type" : "keyword", "ignore_above" : 1024 } } } } } } }, "pe" : { "properties" : { "company" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "keyword", "ignore_above" : 1024 }, "file_version" : { "type" : "keyword", "ignore_above" : 1024 }, "original_file_name" : { "type" : "keyword", "ignore_above" : 1024 }, "product" : { "type" : "keyword", "ignore_above" : 1024 } } }, "postgresql" : { "properties" : { "log" : { "properties" : { "core_id" : { "type" : "long" }, "database" : { "type" : "keyword", "ignore_above" : 1024 }, "error" : { "properties" : { "code" : { "type" : "long" } } }, "query" : { "type" : "keyword", "ignore_above" : 1024 }, "query_name" : { "type" : "keyword", "ignore_above" : 1024 }, "query_step" : { "type" : "keyword", "ignore_above" : 1024 }, "timestamp" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "process" : { "properties" : { "args" : { "type" : "keyword", "ignore_above" : 1024 }, "args_count" : { "type" : "long" }, "code_signature" : { "properties" : { "exists" : { "type" : "boolean" }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "subject_name" : { "type" : "keyword", "ignore_above" : 1024 }, "trusted" : { "type" : "boolean" }, "valid" : { "type" : "boolean" } } }, "command_line" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "entity_id" : { "type" : "keyword", "ignore_above" : 1024 }, "executable" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "exit_code" : { "type" : "long" }, "hash" : { "properties" : { "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 }, "sha512" : { "type" : "keyword", "ignore_above" : 1024 } } }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "parent" : { "properties" : { "args" : { "type" : "keyword", "ignore_above" : 1024 }, "args_count" : { "type" : "long" }, "code_signature" : { "properties" : { "exists" : { "type" : "boolean" }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "subject_name" : { "type" : "keyword", "ignore_above" : 1024 }, "trusted" : { "type" : "boolean" }, "valid" : { "type" : "boolean" } } }, "command_line" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "entity_id" : { "type" : "keyword", "ignore_above" : 1024 }, "executable" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "exit_code" : { "type" : "long" }, "hash" : { "properties" : { "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 }, "sha512" : { "type" : "keyword", "ignore_above" : 1024 } } }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "pgid" : { "type" : "long" }, "pid" : { "type" : "long" }, "ppid" : { "type" : "long" }, "start" : { "type" : "date" }, "thread" : { "properties" : { "id" : { "type" : "long" }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "title" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "uptime" : { "type" : "long" }, "working_directory" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } }, "pe" : { "properties" : { "company" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "keyword", "ignore_above" : 1024 }, "file_version" : { "type" : "keyword", "ignore_above" : 1024 }, "original_file_name" : { "type" : "keyword", "ignore_above" : 1024 }, "product" : { "type" : "keyword", "ignore_above" : 1024 } } }, "pgid" : { "type" : "long" }, "pid" : { "type" : "long" }, "ppid" : { "type" : "long" }, "program" : { "type" : "keyword", "ignore_above" : 1024 }, "start" : { "type" : "date" }, "thread" : { "properties" : { "id" : { "type" : "long" }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "title" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "uptime" : { "type" : "long" }, "working_directory" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } }, "rabbitmq" : { "properties" : { "log" : { "properties" : { "pid" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "redis" : { "properties" : { "log" : { "properties" : { "role" : { "type" : "keyword", "ignore_above" : 1024 } } }, "slowlog" : { "properties" : { "args" : { "type" : "keyword", "ignore_above" : 1024 }, "cmd" : { "type" : "keyword", "ignore_above" : 1024 }, "duration" : { "properties" : { "us" : { "type" : "long" } } }, "id" : { "type" : "long" }, "key" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "registry" : { "properties" : { "data" : { "properties" : { "bytes" : { "type" : "keyword", "ignore_above" : 1024 }, "strings" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hive" : { "type" : "keyword", "ignore_above" : 1024 }, "key" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "value" : { "type" : "keyword", "ignore_above" : 1024 } } }, "related" : { "properties" : { "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "ip" : { "type" : "ip" }, "user" : { "type" : "keyword", "ignore_above" : 1024 } } }, "rule" : { "properties" : { "author" : { "type" : "keyword", "ignore_above" : 1024 }, "category" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "license" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "reference" : { "type" : "keyword", "ignore_above" : 1024 }, "ruleset" : { "type" : "keyword", "ignore_above" : 1024 }, "uuid" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "santa" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "certificate" : { "properties" : { "common_name" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 } } }, "decision" : { "type" : "keyword", "ignore_above" : 1024 }, "disk" : { "properties" : { "bsdname" : { "type" : "keyword", "ignore_above" : 1024 }, "bus" : { "type" : "keyword", "ignore_above" : 1024 }, "fs" : { "type" : "keyword", "ignore_above" : 1024 }, "model" : { "type" : "keyword", "ignore_above" : 1024 }, "mount" : { "type" : "keyword", "ignore_above" : 1024 }, "serial" : { "type" : "keyword", "ignore_above" : 1024 }, "volume" : { "type" : "keyword", "ignore_above" : 1024 } } }, "mode" : { "type" : "keyword", "ignore_above" : 1024 }, "reason" : { "type" : "keyword", "ignore_above" : 1024 } } }, "server" : { "properties" : { "address" : { "type" : "keyword", "ignore_above" : 1024 }, "as" : { "properties" : { "number" : { "type" : "long" }, "organization" : { "properties" : { "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "bytes" : { "type" : "long" }, "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "geo" : { "properties" : { "city_name" : { "type" : "keyword", "ignore_above" : 1024 }, "continent_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "country_name" : { "type" : "keyword", "ignore_above" : 1024 }, "location" : { "type" : "geo_point" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "region_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "region_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ip" : { "type" : "ip" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "nat" : { "properties" : { "ip" : { "type" : "ip" }, "port" : { "type" : "long" } } }, "packets" : { "type" : "long" }, "port" : { "type" : "long" }, "registered_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "top_level_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "email" : { "type" : "keyword", "ignore_above" : 1024 }, "full_name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "group" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "service" : { "properties" : { "ephemeral_id" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "node" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "state" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "source" : { "properties" : { "address" : { "type" : "keyword", "ignore_above" : 1024 }, "as" : { "properties" : { "number" : { "type" : "long" }, "organization" : { "properties" : { "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "bytes" : { "type" : "long" }, "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "geo" : { "properties" : { "city_name" : { "type" : "keyword", "ignore_above" : 1024 }, "continent_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "country_name" : { "type" : "keyword", "ignore_above" : 1024 }, "location" : { "type" : "geo_point" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "region_iso_code" : { "type" : "keyword", "ignore_above" : 1024 }, "region_name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ip" : { "type" : "ip" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "nat" : { "properties" : { "ip" : { "type" : "ip" }, "port" : { "type" : "long" } } }, "packets" : { "type" : "long" }, "port" : { "type" : "long" }, "registered_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "service" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "top_level_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "email" : { "type" : "keyword", "ignore_above" : 1024 }, "full_name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "group" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 } } } } }, "stream" : { "type" : "keyword", "ignore_above" : 1024 }, "suricata" : { "properties" : { "eve" : { "properties" : { "alert" : { "properties" : { "action" : { "type" : "alias", "path" : "event.outcome" }, "category" : { "type" : "keyword", "ignore_above" : 1024 }, "gid" : { "type" : "long" }, "rev" : { "type" : "long" }, "severity" : { "type" : "alias", "path" : "event.severity" }, "signature" : { "type" : "keyword", "ignore_above" : 1024 }, "signature_id" : { "type" : "long" } } }, "app_proto" : { "type" : "alias", "path" : "network.protocol" }, "app_proto_expected" : { "type" : "keyword", "ignore_above" : 1024 }, "app_proto_orig" : { "type" : "keyword", "ignore_above" : 1024 }, "app_proto_tc" : { "type" : "keyword", "ignore_above" : 1024 }, "app_proto_ts" : { "type" : "keyword", "ignore_above" : 1024 }, "dest_ip" : { "type" : "alias", "path" : "destination.ip" }, "dest_port" : { "type" : "alias", "path" : "destination.port" }, "dns" : { "properties" : { "id" : { "type" : "long" }, "rcode" : { "type" : "keyword", "ignore_above" : 1024 }, "rdata" : { "type" : "keyword", "ignore_above" : 1024 }, "rrname" : { "type" : "keyword", "ignore_above" : 1024 }, "rrtype" : { "type" : "keyword", "ignore_above" : 1024 }, "ttl" : { "type" : "long" }, "tx_id" : { "type" : "long" }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "email" : { "properties" : { "status" : { "type" : "keyword", "ignore_above" : 1024 } } }, "event_type" : { "type" : "keyword", "ignore_above" : 1024 }, "fileinfo" : { "properties" : { "filename" : { "type" : "alias", "path" : "file.path" }, "gaps" : { "type" : "boolean" }, "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 }, "size" : { "type" : "alias", "path" : "file.size" }, "state" : { "type" : "keyword", "ignore_above" : 1024 }, "stored" : { "type" : "boolean" }, "tx_id" : { "type" : "long" } } }, "flags" : { "type" : "object" }, "flow" : { "properties" : { "age" : { "type" : "long" }, "alerted" : { "type" : "boolean" }, "bytes_toclient" : { "type" : "alias", "path" : "destination.bytes" }, "bytes_toserver" : { "type" : "alias", "path" : "source.bytes" }, "end" : { "type" : "date" }, "pkts_toclient" : { "type" : "alias", "path" : "destination.packets" }, "pkts_toserver" : { "type" : "alias", "path" : "source.packets" }, "reason" : { "type" : "keyword", "ignore_above" : 1024 }, "start" : { "type" : "alias", "path" : "event.start" }, "state" : { "type" : "keyword", "ignore_above" : 1024 } } }, "flow_id" : { "type" : "keyword", "ignore_above" : 1024 }, "http" : { "properties" : { "hostname" : { "type" : "alias", "path" : "url.domain" }, "http_content_type" : { "type" : "keyword", "ignore_above" : 1024 }, "http_method" : { "type" : "alias", "path" : "http.request.method" }, "http_refer" : { "type" : "alias", "path" : "http.request.referrer" }, "http_user_agent" : { "type" : "alias", "path" : "user_agent.original" }, "length" : { "type" : "alias", "path" : "http.response.body.bytes" }, "protocol" : { "type" : "keyword", "ignore_above" : 1024 }, "redirect" : { "type" : "keyword", "ignore_above" : 1024 }, "status" : { "type" : "alias", "path" : "http.response.status_code" }, "url" : { "type" : "alias", "path" : "url.original" } } }, "icmp_code" : { "type" : "long" }, "icmp_type" : { "type" : "long" }, "in_iface" : { "type" : "keyword", "ignore_above" : 1024 }, "pcap_cnt" : { "type" : "long" }, "proto" : { "type" : "alias", "path" : "network.transport" }, "smtp" : { "properties" : { "helo" : { "type" : "keyword", "ignore_above" : 1024 }, "mail_from" : { "type" : "keyword", "ignore_above" : 1024 }, "rcpt_to" : { "type" : "keyword", "ignore_above" : 1024 } } }, "src_ip" : { "type" : "alias", "path" : "source.ip" }, "src_port" : { "type" : "alias", "path" : "source.port" }, "ssh" : { "properties" : { "client" : { "properties" : { "proto_version" : { "type" : "keyword", "ignore_above" : 1024 }, "software_version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "server" : { "properties" : { "proto_version" : { "type" : "keyword", "ignore_above" : 1024 }, "software_version" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "stats" : { "properties" : { "app_layer" : { "properties" : { "flow" : { "properties" : { "dcerpc_tcp" : { "type" : "long" }, "dcerpc_udp" : { "type" : "long" }, "dns_tcp" : { "type" : "long" }, "dns_udp" : { "type" : "long" }, "failed_tcp" : { "type" : "long" }, "failed_udp" : { "type" : "long" }, "ftp" : { "type" : "long" }, "http" : { "type" : "long" }, "imap" : { "type" : "long" }, "msn" : { "type" : "long" }, "smb" : { "type" : "long" }, "smtp" : { "type" : "long" }, "ssh" : { "type" : "long" }, "tls" : { "type" : "long" } } }, "tx" : { "properties" : { "dcerpc_tcp" : { "type" : "long" }, "dcerpc_udp" : { "type" : "long" }, "dns_tcp" : { "type" : "long" }, "dns_udp" : { "type" : "long" }, "ftp" : { "type" : "long" }, "http" : { "type" : "long" }, "smb" : { "type" : "long" }, "smtp" : { "type" : "long" }, "ssh" : { "type" : "long" }, "tls" : { "type" : "long" } } } } }, "capture" : { "properties" : { "kernel_drops" : { "type" : "long" }, "kernel_ifdrops" : { "type" : "long" }, "kernel_packets" : { "type" : "long" } } }, "decoder" : { "properties" : { "avg_pkt_size" : { "type" : "long" }, "bytes" : { "type" : "long" }, "dce" : { "properties" : { "pkt_too_small" : { "type" : "long" } } }, "erspan" : { "type" : "long" }, "ethernet" : { "type" : "long" }, "gre" : { "type" : "long" }, "icmpv4" : { "type" : "long" }, "icmpv6" : { "type" : "long" }, "ieee8021ah" : { "type" : "long" }, "invalid" : { "type" : "long" }, "ipraw" : { "properties" : { "invalid_ip_version" : { "type" : "long" } } }, "ipv4" : { "type" : "long" }, "ipv4_in_ipv6" : { "type" : "long" }, "ipv6" : { "type" : "long" }, "ipv6_in_ipv6" : { "type" : "long" }, "ltnull" : { "properties" : { "pkt_too_small" : { "type" : "long" }, "unsupported_type" : { "type" : "long" } } }, "max_pkt_size" : { "type" : "long" }, "mpls" : { "type" : "long" }, "null" : { "type" : "long" }, "pkts" : { "type" : "long" }, "ppp" : { "type" : "long" }, "pppoe" : { "type" : "long" }, "raw" : { "type" : "long" }, "sctp" : { "type" : "long" }, "sll" : { "type" : "long" }, "tcp" : { "type" : "long" }, "teredo" : { "type" : "long" }, "udp" : { "type" : "long" }, "vlan" : { "type" : "long" }, "vlan_qinq" : { "type" : "long" } } }, "defrag" : { "properties" : { "ipv4" : { "properties" : { "fragments" : { "type" : "long" }, "reassembled" : { "type" : "long" }, "timeouts" : { "type" : "long" } } }, "ipv6" : { "properties" : { "fragments" : { "type" : "long" }, "reassembled" : { "type" : "long" }, "timeouts" : { "type" : "long" } } }, "max_frag_hits" : { "type" : "long" } } }, "detect" : { "properties" : { "alert" : { "type" : "long" } } }, "dns" : { "properties" : { "memcap_global" : { "type" : "long" }, "memcap_state" : { "type" : "long" }, "memuse" : { "type" : "long" } } }, "file_store" : { "properties" : { "open_files" : { "type" : "long" } } }, "flow" : { "properties" : { "emerg_mode_entered" : { "type" : "long" }, "emerg_mode_over" : { "type" : "long" }, "icmpv4" : { "type" : "long" }, "icmpv6" : { "type" : "long" }, "memcap" : { "type" : "long" }, "memuse" : { "type" : "long" }, "spare" : { "type" : "long" }, "tcp" : { "type" : "long" }, "tcp_reuse" : { "type" : "long" }, "udp" : { "type" : "long" } } }, "flow_mgr" : { "properties" : { "bypassed_pruned" : { "type" : "long" }, "closed_pruned" : { "type" : "long" }, "est_pruned" : { "type" : "long" }, "flows_checked" : { "type" : "long" }, "flows_notimeout" : { "type" : "long" }, "flows_removed" : { "type" : "long" }, "flows_timeout" : { "type" : "long" }, "flows_timeout_inuse" : { "type" : "long" }, "new_pruned" : { "type" : "long" }, "rows_busy" : { "type" : "long" }, "rows_checked" : { "type" : "long" }, "rows_empty" : { "type" : "long" }, "rows_maxlen" : { "type" : "long" }, "rows_skipped" : { "type" : "long" } } }, "http" : { "properties" : { "memcap" : { "type" : "long" }, "memuse" : { "type" : "long" } } }, "tcp" : { "properties" : { "insert_data_normal_fail" : { "type" : "long" }, "insert_data_overlap_fail" : { "type" : "long" }, "insert_list_fail" : { "type" : "long" }, "invalid_checksum" : { "type" : "long" }, "memuse" : { "type" : "long" }, "no_flow" : { "type" : "long" }, "overlap" : { "type" : "long" }, "overlap_diff_data" : { "type" : "long" }, "pseudo" : { "type" : "long" }, "pseudo_failed" : { "type" : "long" }, "reassembly_gap" : { "type" : "long" }, "reassembly_memuse" : { "type" : "long" }, "rst" : { "type" : "long" }, "segment_memcap_drop" : { "type" : "long" }, "sessions" : { "type" : "long" }, "ssn_memcap_drop" : { "type" : "long" }, "stream_depth_reached" : { "type" : "long" }, "syn" : { "type" : "long" }, "synack" : { "type" : "long" } } }, "uptime" : { "type" : "long" } } }, "tcp" : { "properties" : { "ack" : { "type" : "boolean" }, "fin" : { "type" : "boolean" }, "psh" : { "type" : "boolean" }, "rst" : { "type" : "boolean" }, "state" : { "type" : "keyword", "ignore_above" : 1024 }, "syn" : { "type" : "boolean" }, "tcp_flags" : { "type" : "keyword", "ignore_above" : 1024 }, "tcp_flags_tc" : { "type" : "keyword", "ignore_above" : 1024 }, "tcp_flags_ts" : { "type" : "keyword", "ignore_above" : 1024 } } }, "timestamp" : { "type" : "alias", "path" : "@timestamp" }, "tls" : { "properties" : { "fingerprint" : { "type" : "keyword", "ignore_above" : 1024 }, "issuerdn" : { "type" : "keyword", "ignore_above" : 1024 }, "ja3" : { "properties" : { "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "string" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ja3s" : { "properties" : { "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "string" : { "type" : "keyword", "ignore_above" : 1024 } } }, "notafter" : { "type" : "date" }, "notbefore" : { "type" : "date" }, "serial" : { "type" : "keyword", "ignore_above" : 1024 }, "session_resumed" : { "type" : "boolean" }, "sni" : { "type" : "keyword", "ignore_above" : 1024 }, "subject" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "tx_id" : { "type" : "long" } } } } }, "syslog" : { "properties" : { "facility" : { "type" : "long" }, "facility_label" : { "type" : "keyword", "ignore_above" : 1024 }, "priority" : { "type" : "long" }, "severity_label" : { "type" : "keyword", "ignore_above" : 1024 } } }, "system" : { "properties" : { "auth" : { "properties" : { "groupadd" : { "type" : "object" }, "ssh" : { "properties" : { "dropped_ip" : { "type" : "ip" }, "event" : { "type" : "keyword", "ignore_above" : 1024 }, "geoip" : { "type" : "object" }, "method" : { "type" : "keyword", "ignore_above" : 1024 }, "signature" : { "type" : "keyword", "ignore_above" : 1024 } } }, "sudo" : { "properties" : { "command" : { "type" : "keyword", "ignore_above" : 1024 }, "error" : { "type" : "keyword", "ignore_above" : 1024 }, "pwd" : { "type" : "keyword", "ignore_above" : 1024 }, "tty" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "type" : "keyword", "ignore_above" : 1024 } } }, "useradd" : { "properties" : { "home" : { "type" : "keyword", "ignore_above" : 1024 }, "shell" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "syslog" : { "type" : "object" } } }, "tags" : { "type" : "keyword", "ignore_above" : 1024 }, "threat" : { "properties" : { "framework" : { "type" : "keyword", "ignore_above" : 1024 }, "tactic" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "reference" : { "type" : "keyword", "ignore_above" : 1024 } } }, "technique" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "reference" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "timeseries" : { "properties" : { "instance" : { "type" : "keyword", "ignore_above" : 1024 } } }, "tls" : { "properties" : { "cipher" : { "type" : "keyword", "ignore_above" : 1024 }, "client" : { "properties" : { "certificate" : { "type" : "keyword", "ignore_above" : 1024 }, "certificate_chain" : { "type" : "keyword", "ignore_above" : 1024 }, "hash" : { "properties" : { "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 } } }, "issuer" : { "type" : "keyword", "ignore_above" : 1024 }, "ja3" : { "type" : "keyword", "ignore_above" : 1024 }, "not_after" : { "type" : "date" }, "not_before" : { "type" : "date" }, "server_name" : { "type" : "keyword", "ignore_above" : 1024 }, "subject" : { "type" : "keyword", "ignore_above" : 1024 }, "supported_ciphers" : { "type" : "keyword", "ignore_above" : 1024 } } }, "curve" : { "type" : "keyword", "ignore_above" : 1024 }, "established" : { "type" : "boolean" }, "next_protocol" : { "type" : "keyword", "ignore_above" : 1024 }, "resumed" : { "type" : "boolean" }, "server" : { "properties" : { "certificate" : { "type" : "keyword", "ignore_above" : 1024 }, "certificate_chain" : { "type" : "keyword", "ignore_above" : 1024 }, "hash" : { "properties" : { "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 } } }, "issuer" : { "type" : "keyword", "ignore_above" : 1024 }, "ja3s" : { "type" : "keyword", "ignore_above" : 1024 }, "not_after" : { "type" : "date" }, "not_before" : { "type" : "date" }, "subject" : { "type" : "keyword", "ignore_above" : 1024 } } }, "version" : { "type" : "keyword", "ignore_above" : 1024 }, "version_protocol" : { "type" : "keyword", "ignore_above" : 1024 } } }, "tracing" : { "properties" : { "trace" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "transaction" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "traefik" : { "properties" : { "access" : { "properties" : { "backend_url" : { "type" : "keyword", "ignore_above" : 1024 }, "frontend_name" : { "type" : "keyword", "ignore_above" : 1024 }, "geoip" : { "properties" : { "city_name" : { "type" : "alias", "path" : "source.geo.city_name" }, "continent_name" : { "type" : "alias", "path" : "source.geo.continent_name" }, "country_iso_code" : { "type" : "alias", "path" : "source.geo.country_iso_code" }, "location" : { "type" : "alias", "path" : "source.geo.location" }, "region_iso_code" : { "type" : "alias", "path" : "source.geo.region_iso_code" }, "region_name" : { "type" : "alias", "path" : "source.geo.region_name" } } }, "request_count" : { "type" : "long" }, "user_agent" : { "properties" : { "device" : { "type" : "alias", "path" : "user_agent.device.name" }, "name" : { "type" : "alias", "path" : "user_agent.name" }, "original" : { "type" : "alias", "path" : "user_agent.original" }, "os" : { "type" : "alias", "path" : "user_agent.os.full_name" }, "os_name" : { "type" : "alias", "path" : "user_agent.os.name" } } }, "user_identifier" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "url" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "extension" : { "type" : "keyword", "ignore_above" : 1024 }, "fragment" : { "type" : "keyword", "ignore_above" : 1024 }, "full" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "original" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "password" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "port" : { "type" : "long" }, "query" : { "type" : "keyword", "ignore_above" : 1024 }, "registered_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "scheme" : { "type" : "keyword", "ignore_above" : 1024 }, "top_level_domain" : { "type" : "keyword", "ignore_above" : 1024 }, "username" : { "type" : "keyword", "ignore_above" : 1024 } } }, "user" : { "properties" : { "audit" : { "properties" : { "group" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "effective" : { "properties" : { "group" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "email" : { "type" : "keyword", "ignore_above" : 1024 }, "filesystem" : { "properties" : { "group" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "full_name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "group" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "hash" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "owner" : { "properties" : { "group" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "saved" : { "properties" : { "group" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "terminal" : { "type" : "keyword", "ignore_above" : 1024 } } }, "user_agent" : { "properties" : { "device" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "original" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "os" : { "properties" : { "family" : { "type" : "keyword", "ignore_above" : 1024 }, "full" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "full_name" : { "type" : "keyword", "ignore_above" : 1024 }, "kernel" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "platform" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vlan" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } }, "vulnerability" : { "properties" : { "category" : { "type" : "keyword", "ignore_above" : 1024 }, "classification" : { "type" : "keyword", "ignore_above" : 1024 }, "description" : { "type" : "keyword", "fields" : { "text" : { "type" : "text", "norms" : false } }, "ignore_above" : 1024 }, "enumeration" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "reference" : { "type" : "keyword", "ignore_above" : 1024 }, "report_id" : { "type" : "keyword", "ignore_above" : 1024 }, "scanner" : { "properties" : { "vendor" : { "type" : "keyword", "ignore_above" : 1024 } } }, "score" : { "properties" : { "base" : { "type" : "float" }, "environmental" : { "type" : "float" }, "temporal" : { "type" : "float" }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "severity" : { "type" : "keyword", "ignore_above" : 1024 } } }, "zeek" : { "properties" : { "capture_loss" : { "properties" : { "acks" : { "type" : "long" }, "gaps" : { "type" : "long" }, "peer" : { "type" : "keyword", "ignore_above" : 1024 }, "percent_lost" : { "type" : "double" }, "ts_delta" : { "type" : "long" } } }, "connection" : { "properties" : { "history" : { "type" : "keyword", "ignore_above" : 1024 }, "icmp" : { "properties" : { "code" : { "type" : "long" }, "type" : { "type" : "long" } } }, "inner_vlan" : { "type" : "long" }, "local_orig" : { "type" : "boolean" }, "local_resp" : { "type" : "boolean" }, "missed_bytes" : { "type" : "long" }, "state" : { "type" : "keyword", "ignore_above" : 1024 }, "state_message" : { "type" : "keyword", "ignore_above" : 1024 }, "vlan" : { "type" : "long" } } }, "dce_rpc" : { "properties" : { "endpoint" : { "type" : "keyword", "ignore_above" : 1024 }, "named_pipe" : { "type" : "keyword", "ignore_above" : 1024 }, "operation" : { "type" : "keyword", "ignore_above" : 1024 }, "rtt" : { "type" : "long" } } }, "dhcp" : { "properties" : { "address" : { "properties" : { "assigned" : { "type" : "ip" }, "client" : { "type" : "ip" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "requested" : { "type" : "ip" }, "server" : { "type" : "ip" } } }, "client_fqdn" : { "type" : "keyword", "ignore_above" : 1024 }, "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "duration" : { "type" : "double" }, "hostname" : { "type" : "keyword", "ignore_above" : 1024 }, "id" : { "properties" : { "circuit" : { "type" : "keyword", "ignore_above" : 1024 }, "remote_agent" : { "type" : "keyword", "ignore_above" : 1024 }, "subscriber" : { "type" : "keyword", "ignore_above" : 1024 } } }, "lease_time" : { "type" : "long" }, "msg" : { "properties" : { "client" : { "type" : "keyword", "ignore_above" : 1024 }, "origin" : { "type" : "ip" }, "server" : { "type" : "keyword", "ignore_above" : 1024 }, "types" : { "type" : "keyword", "ignore_above" : 1024 } } }, "software" : { "properties" : { "client" : { "type" : "keyword", "ignore_above" : 1024 }, "server" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "dnp3" : { "properties" : { "function" : { "properties" : { "reply" : { "type" : "keyword", "ignore_above" : 1024 }, "request" : { "type" : "keyword", "ignore_above" : 1024 } } }, "id" : { "type" : "long" } } }, "dns" : { "properties" : { "AA" : { "type" : "boolean" }, "RA" : { "type" : "boolean" }, "RD" : { "type" : "boolean" }, "TC" : { "type" : "boolean" }, "TTLs" : { "type" : "double" }, "answers" : { "type" : "keyword", "ignore_above" : 1024 }, "qclass" : { "type" : "long" }, "qclass_name" : { "type" : "keyword", "ignore_above" : 1024 }, "qtype" : { "type" : "long" }, "qtype_name" : { "type" : "keyword", "ignore_above" : 1024 }, "query" : { "type" : "keyword", "ignore_above" : 1024 }, "rcode" : { "type" : "long" }, "rcode_name" : { "type" : "keyword", "ignore_above" : 1024 }, "rejected" : { "type" : "boolean" }, "rtt" : { "type" : "double" }, "saw_query" : { "type" : "boolean" }, "saw_reply" : { "type" : "boolean" }, "total_answers" : { "type" : "long" }, "total_replies" : { "type" : "long" }, "trans_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "dpd" : { "properties" : { "analyzer" : { "type" : "keyword", "ignore_above" : 1024 }, "failure_reason" : { "type" : "keyword", "ignore_above" : 1024 }, "packet_segment" : { "type" : "keyword", "ignore_above" : 1024 } } }, "files" : { "properties" : { "analyzers" : { "type" : "keyword", "ignore_above" : 1024 }, "depth" : { "type" : "long" }, "duration" : { "type" : "double" }, "entropy" : { "type" : "double" }, "extracted" : { "type" : "keyword", "ignore_above" : 1024 }, "extracted_cutoff" : { "type" : "boolean" }, "extracted_size" : { "type" : "long" }, "filename" : { "type" : "keyword", "ignore_above" : 1024 }, "fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "is_orig" : { "type" : "boolean" }, "local_orig" : { "type" : "boolean" }, "md5" : { "type" : "keyword", "ignore_above" : 1024 }, "mime_type" : { "type" : "keyword", "ignore_above" : 1024 }, "missing_bytes" : { "type" : "long" }, "overflow_bytes" : { "type" : "long" }, "parent_fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "rx_host" : { "type" : "ip" }, "seen_bytes" : { "type" : "long" }, "session_ids" : { "type" : "keyword", "ignore_above" : 1024 }, "sha1" : { "type" : "keyword", "ignore_above" : 1024 }, "sha256" : { "type" : "keyword", "ignore_above" : 1024 }, "source" : { "type" : "keyword", "ignore_above" : 1024 }, "timedout" : { "type" : "boolean" }, "total_bytes" : { "type" : "long" }, "tx_host" : { "type" : "ip" } } }, "ftp" : { "properties" : { "arg" : { "type" : "keyword", "ignore_above" : 1024 }, "capture_password" : { "type" : "boolean" }, "cmdarg" : { "properties" : { "arg" : { "type" : "keyword", "ignore_above" : 1024 }, "cmd" : { "type" : "keyword", "ignore_above" : 1024 }, "seq" : { "type" : "long" } } }, "command" : { "type" : "keyword", "ignore_above" : 1024 }, "cwd" : { "type" : "keyword", "ignore_above" : 1024 }, "data_channel" : { "properties" : { "originating_host" : { "type" : "ip" }, "passive" : { "type" : "boolean" }, "response_host" : { "type" : "ip" }, "response_port" : { "type" : "long" } } }, "file" : { "properties" : { "fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "mime_type" : { "type" : "keyword", "ignore_above" : 1024 }, "size" : { "type" : "long" } } }, "last_auth_requested" : { "type" : "keyword", "ignore_above" : 1024 }, "passive" : { "type" : "boolean" }, "password" : { "type" : "keyword", "ignore_above" : 1024 }, "pending_commands" : { "type" : "long" }, "reply" : { "properties" : { "code" : { "type" : "long" }, "msg" : { "type" : "keyword", "ignore_above" : 1024 } } }, "user" : { "type" : "keyword", "ignore_above" : 1024 } } }, "http" : { "properties" : { "captured_password" : { "type" : "boolean" }, "client_header_names" : { "type" : "keyword", "ignore_above" : 1024 }, "info_code" : { "type" : "long" }, "info_msg" : { "type" : "keyword", "ignore_above" : 1024 }, "orig_filenames" : { "type" : "keyword", "ignore_above" : 1024 }, "orig_fuids" : { "type" : "keyword", "ignore_above" : 1024 }, "orig_mime_depth" : { "type" : "long" }, "orig_mime_types" : { "type" : "keyword", "ignore_above" : 1024 }, "password" : { "type" : "keyword", "ignore_above" : 1024 }, "proxied" : { "type" : "keyword", "ignore_above" : 1024 }, "range_request" : { "type" : "boolean" }, "resp_filenames" : { "type" : "keyword", "ignore_above" : 1024 }, "resp_fuids" : { "type" : "keyword", "ignore_above" : 1024 }, "resp_mime_depth" : { "type" : "long" }, "resp_mime_types" : { "type" : "keyword", "ignore_above" : 1024 }, "server_header_names" : { "type" : "keyword", "ignore_above" : 1024 }, "status_msg" : { "type" : "keyword", "ignore_above" : 1024 }, "tags" : { "type" : "keyword", "ignore_above" : 1024 }, "trans_depth" : { "type" : "long" } } }, "intel" : { "properties" : { "file_desc" : { "type" : "keyword", "ignore_above" : 1024 }, "file_mime_type" : { "type" : "keyword", "ignore_above" : 1024 }, "fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "matched" : { "type" : "keyword", "ignore_above" : 1024 }, "seen" : { "properties" : { "conn" : { "type" : "keyword", "ignore_above" : 1024 }, "f" : { "type" : "object" }, "fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "host" : { "type" : "keyword", "ignore_above" : 1024 }, "indicator" : { "type" : "keyword", "ignore_above" : 1024 }, "indicator_type" : { "type" : "keyword", "ignore_above" : 1024 }, "node" : { "type" : "keyword", "ignore_above" : 1024 }, "uid" : { "type" : "keyword", "ignore_above" : 1024 }, "where" : { "type" : "keyword", "ignore_above" : 1024 } } }, "sources" : { "type" : "keyword", "ignore_above" : 1024 } } }, "irc" : { "properties" : { "addl" : { "type" : "keyword", "ignore_above" : 1024 }, "command" : { "type" : "keyword", "ignore_above" : 1024 }, "dcc" : { "properties" : { "file" : { "properties" : { "name" : { "type" : "keyword", "ignore_above" : 1024 }, "size" : { "type" : "long" } } }, "mime_type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "nick" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "type" : "keyword", "ignore_above" : 1024 }, "value" : { "type" : "keyword", "ignore_above" : 1024 } } }, "kerberos" : { "properties" : { "cert" : { "properties" : { "client" : { "properties" : { "fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "subject" : { "type" : "keyword", "ignore_above" : 1024 }, "value" : { "type" : "keyword", "ignore_above" : 1024 } } }, "server" : { "properties" : { "fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "subject" : { "type" : "keyword", "ignore_above" : 1024 }, "value" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "cipher" : { "type" : "keyword", "ignore_above" : 1024 }, "client" : { "type" : "keyword", "ignore_above" : 1024 }, "error" : { "properties" : { "code" : { "type" : "long" }, "msg" : { "type" : "keyword", "ignore_above" : 1024 } } }, "forwardable" : { "type" : "boolean" }, "renewable" : { "type" : "boolean" }, "request_type" : { "type" : "keyword", "ignore_above" : 1024 }, "service" : { "type" : "keyword", "ignore_above" : 1024 }, "success" : { "type" : "boolean" }, "ticket" : { "properties" : { "auth" : { "type" : "keyword", "ignore_above" : 1024 }, "new" : { "type" : "keyword", "ignore_above" : 1024 } } }, "valid" : { "properties" : { "days" : { "type" : "long" }, "from" : { "type" : "date" }, "until" : { "type" : "date" } } } } }, "modbus" : { "properties" : { "exception" : { "type" : "keyword", "ignore_above" : 1024 }, "function" : { "type" : "keyword", "ignore_above" : 1024 }, "track_address" : { "type" : "long" } } }, "mysql" : { "properties" : { "arg" : { "type" : "keyword", "ignore_above" : 1024 }, "cmd" : { "type" : "keyword", "ignore_above" : 1024 }, "response" : { "type" : "keyword", "ignore_above" : 1024 }, "rows" : { "type" : "long" }, "success" : { "type" : "boolean" } } }, "notice" : { "properties" : { "actions" : { "type" : "keyword", "ignore_above" : 1024 }, "connection_id" : { "type" : "keyword", "ignore_above" : 1024 }, "dropped" : { "type" : "boolean" }, "email_body_sections" : { "type" : "text", "norms" : false }, "email_delay_tokens" : { "type" : "keyword", "ignore_above" : 1024 }, "false" : { "type" : "long" }, "ffile" : { "properties" : { "total_bytes" : { "type" : "long" } } }, "file" : { "properties" : { "id" : { "type" : "keyword", "ignore_above" : 1024 }, "is_orig" : { "type" : "boolean" }, "mime_type" : { "type" : "keyword", "ignore_above" : 1024 }, "missing_bytes" : { "type" : "long" }, "overflow_bytes" : { "type" : "long" }, "parent_id" : { "type" : "keyword", "ignore_above" : 1024 }, "seen_bytes" : { "type" : "long" }, "source" : { "type" : "keyword", "ignore_above" : 1024 } } }, "fuid" : { "type" : "keyword", "ignore_above" : 1024 }, "icmp_id" : { "type" : "keyword", "ignore_above" : 1024 }, "identifier" : { "type" : "keyword", "ignore_above" : 1024 }, "msg" : { "type" : "keyword", "ignore_above" : 1024 }, "note" : { "type" : "keyword", "ignore_above" : 1024 }, "peer_descr" : { "type" : "text", "norms" : false }, "peer_name" : { "type" : "keyword", "ignore_above" : 1024 }, "sub" : { "type" : "keyword", "ignore_above" : 1024 }, "suppress_for" : { "type" : "double" } } }, "ntlm" : { "properties" : { "domain" : { "type" : "keyword", "ignore_above" : 1024 }, "hostname" : { "type" : "keyword", "ignore_above" : 1024 }, "server" : { "properties" : { "name" : { "properties" : { "dns" : { "type" : "keyword", "ignore_above" : 1024 }, "netbios" : { "type" : "keyword", "ignore_above" : 1024 }, "tree" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "success" : { "type" : "boolean" }, "username" : { "type" : "keyword", "ignore_above" : 1024 } } }, "ocsp" : { "properties" : { "file_id" : { "type" : "keyword", "ignore_above" : 1024 }, "hash" : { "properties" : { "algorithm" : { "type" : "keyword", "ignore_above" : 1024 }, "issuer" : { "properties" : { "key" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "revoke" : { "properties" : { "reason" : { "type" : "keyword", "ignore_above" : 1024 }, "time" : { "type" : "date" } } }, "serial_number" : { "type" : "keyword", "ignore_above" : 1024 }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "update" : { "properties" : { "next" : { "type" : "date" }, "this" : { "type" : "date" } } } } }, "pe" : { "properties" : { "client" : { "type" : "keyword", "ignore_above" : 1024 }, "compile_time" : { "type" : "date" }, "has_cert_table" : { "type" : "boolean" }, "has_debug_data" : { "type" : "boolean" }, "has_export_table" : { "type" : "boolean" }, "has_import_table" : { "type" : "boolean" }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "is_64bit" : { "type" : "boolean" }, "is_exe" : { "type" : "boolean" }, "machine" : { "type" : "keyword", "ignore_above" : 1024 }, "os" : { "type" : "keyword", "ignore_above" : 1024 }, "section_names" : { "type" : "keyword", "ignore_above" : 1024 }, "subsystem" : { "type" : "keyword", "ignore_above" : 1024 }, "uses_aslr" : { "type" : "boolean" }, "uses_code_integrity" : { "type" : "boolean" }, "uses_dep" : { "type" : "boolean" }, "uses_seh" : { "type" : "boolean" } } }, "radius" : { "properties" : { "connect_info" : { "type" : "keyword", "ignore_above" : 1024 }, "framed_addr" : { "type" : "ip" }, "logged" : { "type" : "boolean" }, "mac" : { "type" : "keyword", "ignore_above" : 1024 }, "remote_ip" : { "type" : "ip" }, "reply_msg" : { "type" : "keyword", "ignore_above" : 1024 }, "result" : { "type" : "keyword", "ignore_above" : 1024 }, "ttl" : { "type" : "long" }, "username" : { "type" : "keyword", "ignore_above" : 1024 } } }, "rdp" : { "properties" : { "cert" : { "properties" : { "count" : { "type" : "long" }, "permanent" : { "type" : "boolean" }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "client" : { "properties" : { "build" : { "type" : "keyword", "ignore_above" : 1024 }, "client_name" : { "type" : "keyword", "ignore_above" : 1024 }, "product_id" : { "type" : "keyword", "ignore_above" : 1024 } } }, "cookie" : { "type" : "keyword", "ignore_above" : 1024 }, "desktop" : { "properties" : { "color_depth" : { "type" : "keyword", "ignore_above" : 1024 }, "height" : { "type" : "long" }, "width" : { "type" : "long" } } }, "done" : { "type" : "boolean" }, "encryption" : { "properties" : { "level" : { "type" : "keyword", "ignore_above" : 1024 }, "method" : { "type" : "keyword", "ignore_above" : 1024 } } }, "keyboard_layout" : { "type" : "keyword", "ignore_above" : 1024 }, "result" : { "type" : "keyword", "ignore_above" : 1024 }, "security_protocol" : { "type" : "keyword", "ignore_above" : 1024 }, "ssl" : { "type" : "boolean" } } }, "rfb" : { "properties" : { "auth" : { "properties" : { "method" : { "type" : "keyword", "ignore_above" : 1024 }, "success" : { "type" : "boolean" } } }, "desktop_name" : { "type" : "keyword", "ignore_above" : 1024 }, "height" : { "type" : "long" }, "share_flag" : { "type" : "boolean" }, "version" : { "properties" : { "client" : { "properties" : { "major" : { "type" : "keyword", "ignore_above" : 1024 }, "minor" : { "type" : "keyword", "ignore_above" : 1024 } } }, "server" : { "properties" : { "major" : { "type" : "keyword", "ignore_above" : 1024 }, "minor" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "width" : { "type" : "long" } } }, "session_id" : { "type" : "keyword", "ignore_above" : 1024 }, "sip" : { "properties" : { "call_id" : { "type" : "keyword", "ignore_above" : 1024 }, "content_type" : { "type" : "keyword", "ignore_above" : 1024 }, "date" : { "type" : "keyword", "ignore_above" : 1024 }, "reply_to" : { "type" : "keyword", "ignore_above" : 1024 }, "request" : { "properties" : { "body_length" : { "type" : "long" }, "from" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "to" : { "type" : "keyword", "ignore_above" : 1024 } } }, "response" : { "properties" : { "body_length" : { "type" : "long" }, "from" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "to" : { "type" : "keyword", "ignore_above" : 1024 } } }, "sequence" : { "properties" : { "method" : { "type" : "keyword", "ignore_above" : 1024 }, "number" : { "type" : "keyword", "ignore_above" : 1024 } } }, "status" : { "properties" : { "code" : { "type" : "long" }, "msg" : { "type" : "keyword", "ignore_above" : 1024 } } }, "subject" : { "type" : "keyword", "ignore_above" : 1024 }, "transaction_depth" : { "type" : "long" }, "uri" : { "type" : "keyword", "ignore_above" : 1024 }, "user_agent" : { "type" : "keyword", "ignore_above" : 1024 }, "warning" : { "type" : "keyword", "ignore_above" : 1024 } } }, "smb_cmd" : { "properties" : { "argument" : { "type" : "keyword", "ignore_above" : 1024 }, "command" : { "type" : "keyword", "ignore_above" : 1024 }, "file" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "host" : { "properties" : { "rx" : { "type" : "ip" }, "tx" : { "type" : "ip" } } }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "uid" : { "type" : "keyword", "ignore_above" : 1024 } } }, "rtt" : { "type" : "double" }, "smb1_offered_dialects" : { "type" : "keyword", "ignore_above" : 1024 }, "smb2_offered_dialects" : { "type" : "long" }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "sub_command" : { "type" : "keyword", "ignore_above" : 1024 }, "tree" : { "type" : "keyword", "ignore_above" : 1024 }, "tree_service" : { "type" : "keyword", "ignore_above" : 1024 }, "username" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "smb_files" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "fid" : { "type" : "long" }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "previous_name" : { "type" : "keyword", "ignore_above" : 1024 }, "size" : { "type" : "long" }, "times" : { "properties" : { "accessed" : { "type" : "date" }, "changed" : { "type" : "date" }, "created" : { "type" : "date" }, "modified" : { "type" : "date" } } }, "uuid" : { "type" : "keyword", "ignore_above" : 1024 } } }, "smb_mapping" : { "properties" : { "native_file_system" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "keyword", "ignore_above" : 1024 }, "service" : { "type" : "keyword", "ignore_above" : 1024 }, "share_type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "smtp" : { "properties" : { "cc" : { "type" : "keyword", "ignore_above" : 1024 }, "date" : { "type" : "date" }, "first_received" : { "type" : "keyword", "ignore_above" : 1024 }, "from" : { "type" : "keyword", "ignore_above" : 1024 }, "fuids" : { "type" : "keyword", "ignore_above" : 1024 }, "has_client_activity" : { "type" : "boolean" }, "helo" : { "type" : "keyword", "ignore_above" : 1024 }, "in_reply_to" : { "type" : "keyword", "ignore_above" : 1024 }, "is_webmail" : { "type" : "boolean" }, "last_reply" : { "type" : "keyword", "ignore_above" : 1024 }, "mail_from" : { "type" : "keyword", "ignore_above" : 1024 }, "msg_id" : { "type" : "keyword", "ignore_above" : 1024 }, "path" : { "type" : "ip" }, "process_received_from" : { "type" : "boolean" }, "rcpt_to" : { "type" : "keyword", "ignore_above" : 1024 }, "reply_to" : { "type" : "keyword", "ignore_above" : 1024 }, "second_received" : { "type" : "keyword", "ignore_above" : 1024 }, "subject" : { "type" : "keyword", "ignore_above" : 1024 }, "tls" : { "type" : "boolean" }, "to" : { "type" : "keyword", "ignore_above" : 1024 }, "transaction_depth" : { "type" : "long" }, "user_agent" : { "type" : "keyword", "ignore_above" : 1024 }, "x_originating_ip" : { "type" : "keyword", "ignore_above" : 1024 } } }, "snmp" : { "properties" : { "community" : { "type" : "keyword", "ignore_above" : 1024 }, "display_string" : { "type" : "keyword", "ignore_above" : 1024 }, "duration" : { "type" : "double" }, "get" : { "properties" : { "bulk_requests" : { "type" : "long" }, "requests" : { "type" : "long" }, "responses" : { "type" : "long" } } }, "set" : { "properties" : { "requests" : { "type" : "long" } } }, "up_since" : { "type" : "date" }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "socks" : { "properties" : { "bound" : { "properties" : { "host" : { "type" : "keyword", "ignore_above" : 1024 }, "port" : { "type" : "long" } } }, "capture_password" : { "type" : "boolean" }, "password" : { "type" : "keyword", "ignore_above" : 1024 }, "request" : { "properties" : { "host" : { "type" : "keyword", "ignore_above" : 1024 }, "port" : { "type" : "long" } } }, "status" : { "type" : "keyword", "ignore_above" : 1024 }, "user" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "long" } } }, "ssh" : { "properties" : { "algorithm" : { "properties" : { "cipher" : { "type" : "keyword", "ignore_above" : 1024 }, "compression" : { "type" : "keyword", "ignore_above" : 1024 }, "host_key" : { "type" : "keyword", "ignore_above" : 1024 }, "key_exchange" : { "type" : "keyword", "ignore_above" : 1024 }, "mac" : { "type" : "keyword", "ignore_above" : 1024 } } }, "auth" : { "properties" : { "attempts" : { "type" : "long" }, "success" : { "type" : "boolean" } } }, "client" : { "type" : "keyword", "ignore_above" : 1024 }, "direction" : { "type" : "keyword", "ignore_above" : 1024 }, "host_key" : { "type" : "keyword", "ignore_above" : 1024 }, "server" : { "type" : "keyword", "ignore_above" : 1024 }, "version" : { "type" : "long" } } }, "ssl" : { "properties" : { "cipher" : { "type" : "keyword", "ignore_above" : 1024 }, "client" : { "properties" : { "cert_chain" : { "type" : "keyword", "ignore_above" : 1024 }, "cert_chain_fuids" : { "type" : "keyword", "ignore_above" : 1024 }, "issuer" : { "properties" : { "common_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country" : { "type" : "keyword", "ignore_above" : 1024 }, "locality" : { "type" : "keyword", "ignore_above" : 1024 }, "organization" : { "type" : "keyword", "ignore_above" : 1024 }, "organizational_unit" : { "type" : "keyword", "ignore_above" : 1024 }, "state" : { "type" : "keyword", "ignore_above" : 1024 } } }, "subject" : { "properties" : { "common_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country" : { "type" : "keyword", "ignore_above" : 1024 }, "locality" : { "type" : "keyword", "ignore_above" : 1024 }, "organization" : { "type" : "keyword", "ignore_above" : 1024 }, "organizational_unit" : { "type" : "keyword", "ignore_above" : 1024 }, "state" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "curve" : { "type" : "keyword", "ignore_above" : 1024 }, "established" : { "type" : "boolean" }, "last_alert" : { "type" : "keyword", "ignore_above" : 1024 }, "next_protocol" : { "type" : "keyword", "ignore_above" : 1024 }, "resumed" : { "type" : "boolean" }, "server" : { "properties" : { "cert_chain" : { "type" : "keyword", "ignore_above" : 1024 }, "cert_chain_fuids" : { "type" : "keyword", "ignore_above" : 1024 }, "issuer" : { "properties" : { "common_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country" : { "type" : "keyword", "ignore_above" : 1024 }, "locality" : { "type" : "keyword", "ignore_above" : 1024 }, "organization" : { "type" : "keyword", "ignore_above" : 1024 }, "organizational_unit" : { "type" : "keyword", "ignore_above" : 1024 }, "state" : { "type" : "keyword", "ignore_above" : 1024 } } }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "subject" : { "properties" : { "common_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country" : { "type" : "keyword", "ignore_above" : 1024 }, "locality" : { "type" : "keyword", "ignore_above" : 1024 }, "organization" : { "type" : "keyword", "ignore_above" : 1024 }, "organizational_unit" : { "type" : "keyword", "ignore_above" : 1024 }, "state" : { "type" : "keyword", "ignore_above" : 1024 } } } } }, "validation" : { "properties" : { "code" : { "type" : "keyword", "ignore_above" : 1024 }, "status" : { "type" : "keyword", "ignore_above" : 1024 } } }, "version" : { "type" : "keyword", "ignore_above" : 1024 } } }, "stats" : { "properties" : { "bytes" : { "properties" : { "received" : { "type" : "long" } } }, "connections" : { "properties" : { "icmp" : { "properties" : { "active" : { "type" : "long" }, "count" : { "type" : "long" } } }, "tcp" : { "properties" : { "active" : { "type" : "long" }, "count" : { "type" : "long" } } }, "udp" : { "properties" : { "active" : { "type" : "long" }, "count" : { "type" : "long" } } } } }, "dns_requests" : { "properties" : { "active" : { "type" : "long" }, "count" : { "type" : "long" } } }, "events" : { "properties" : { "processed" : { "type" : "long" }, "queued" : { "type" : "long" } } }, "files" : { "properties" : { "active" : { "type" : "long" }, "count" : { "type" : "long" } } }, "memory" : { "type" : "long" }, "packets" : { "properties" : { "dropped" : { "type" : "long" }, "processed" : { "type" : "long" }, "received" : { "type" : "long" } } }, "peer" : { "type" : "keyword", "ignore_above" : 1024 }, "reassembly_size" : { "properties" : { "file" : { "type" : "long" }, "frag" : { "type" : "long" }, "tcp" : { "type" : "long" }, "unknown" : { "type" : "long" } } }, "timers" : { "properties" : { "active" : { "type" : "long" }, "count" : { "type" : "long" } } }, "timestamp_lag" : { "type" : "long" } } }, "syslog" : { "properties" : { "facility" : { "type" : "keyword", "ignore_above" : 1024 }, "message" : { "type" : "keyword", "ignore_above" : 1024 }, "severity" : { "type" : "keyword", "ignore_above" : 1024 } } }, "tunnel" : { "properties" : { "action" : { "type" : "keyword", "ignore_above" : 1024 }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "weird" : { "properties" : { "additional_info" : { "type" : "keyword", "ignore_above" : 1024 }, "identifier" : { "type" : "keyword", "ignore_above" : 1024 }, "name" : { "type" : "keyword", "ignore_above" : 1024 }, "notice" : { "type" : "boolean" }, "peer" : { "type" : "keyword", "ignore_above" : 1024 } } }, "x509" : { "properties" : { "basic_constraints" : { "properties" : { "certificate_authority" : { "type" : "boolean" }, "path_length" : { "type" : "long" } } }, "certificate" : { "properties" : { "common_name" : { "type" : "keyword", "ignore_above" : 1024 }, "curve" : { "type" : "keyword", "ignore_above" : 1024 }, "exponent" : { "type" : "keyword", "ignore_above" : 1024 }, "issuer" : { "properties" : { "common_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country" : { "type" : "keyword", "ignore_above" : 1024 }, "locality" : { "type" : "keyword", "ignore_above" : 1024 }, "organization" : { "type" : "keyword", "ignore_above" : 1024 }, "organizational_unit" : { "type" : "keyword", "ignore_above" : 1024 }, "state" : { "type" : "keyword", "ignore_above" : 1024 } } }, "key" : { "properties" : { "algorithm" : { "type" : "keyword", "ignore_above" : 1024 }, "length" : { "type" : "long" }, "type" : { "type" : "keyword", "ignore_above" : 1024 } } }, "serial" : { "type" : "keyword", "ignore_above" : 1024 }, "signature_algorithm" : { "type" : "keyword", "ignore_above" : 1024 }, "subject" : { "properties" : { "common_name" : { "type" : "keyword", "ignore_above" : 1024 }, "country" : { "type" : "keyword", "ignore_above" : 1024 }, "locality" : { "type" : "keyword", "ignore_above" : 1024 }, "organization" : { "type" : "keyword", "ignore_above" : 1024 }, "organizational_unit" : { "type" : "keyword", "ignore_above" : 1024 }, "state" : { "type" : "keyword", "ignore_above" : 1024 } } }, "valid" : { "properties" : { "from" : { "type" : "date" }, "until" : { "type" : "date" } } }, "version" : { "type" : "long" } } }, "id" : { "type" : "keyword", "ignore_above" : 1024 }, "log_cert" : { "type" : "boolean" }, "san" : { "properties" : { "dns" : { "type" : "keyword", "ignore_above" : 1024 }, "email" : { "type" : "keyword", "ignore_above" : 1024 }, "ip" : { "type" : "ip" }, "other_fields" : { "type" : "boolean" }, "uri" : { "type" : "keyword", "ignore_above" : 1024 } } } } } } } } } } }