PUT _component_template/pfelk-mappings-ecs { "version": 23, "template": { "settings": { "index": { "mapping": { "total_fields": { "limit": "10000" } }, "refresh_interval": "5s" } }, "mappings": { "_meta": { "managed": true, "description": "pfELK ecs mappings", "version": "8.0.0-dev" }, "dynamic_templates": [ { "strings_as_keyword": { "mapping": { "ignore_above": 1024, "type": "keyword" }, "match_mapping_type": "string" } } ], "date_detection": false, "properties": { "container": { "properties": { "image": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "tag": { "ignore_above": 1024, "type": "keyword" } } }, "name": { "ignore_above": 1024, "type": "keyword" }, "runtime": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "labels": { "type": "object" } } }, "server": { "properties": { "nat": { "properties": { "port": { "type": "long" }, "ip": { "type": "ip" } } }, "address": { "ignore_above": 1024, "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, "type": "keyword" }, "ip": { "type": "ip" }, "mac": { "ignore_above": 1024, "type": "keyword" }, "packets": { "type": "long" }, "geo": { "properties": { "continent_name": { "ignore_above": 1024, "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, "type": "keyword" }, "city_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "country_name": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "continent_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" }, "postal_code": { "ignore_above": 1024, "type": "keyword" } } }, "as": { "properties": { "number": { "type": "long" }, "organization": { "properties": { "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } } } }, "registered_domain": { "ignore_above": 1024, "type": "keyword" }, "port": { "type": "long" }, "bytes": { "type": "long" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "subdomain": { "ignore_above": 1024, "type": "keyword" }, "user": { "properties": { "full_name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "email": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } } } }, "agent": { "properties": { "build": { "properties": { "original": { "ignore_above": 1024, "type": "keyword" } } }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "ephemeral_id": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "faas": { "properties": { "execution": { "ignore_above": 1024, "type": "keyword" }, "coldstart": { "type": "boolean" }, "trigger": { "type": "nested", "properties": { "type": { "ignore_above": 1024, "type": "keyword" }, "request_id": { "ignore_above": 1024, "type": "keyword" } } } } }, "log": { "properties": { "file": { "properties": { "path": { "ignore_above": 1024, "type": "keyword" } } }, "level": { "ignore_above": 1024, "type": "keyword" }, "logger": { "ignore_above": 1024, "type": "keyword" }, "origin": { "properties": { "file": { "properties": { "line": { "type": "long" }, "name": { "ignore_above": 1024, "type": "keyword" } } }, "function": { "ignore_above": 1024, "type": "keyword" } } }, "syslog": { "type": "object", "properties": { "severity": { "properties": { "code": { "type": "long" }, "name": { "ignore_above": 1024, "type": "keyword" } } }, "priority": { "type": "long" }, "facility": { "properties": { "code": { "type": "long" }, "name": { "ignore_above": 1024, "type": "keyword" } } } } } } }, "destination": { "properties": { "nat": { "properties": { "port": { "type": "long" }, "ip": { "type": "ip" } } }, "address": { "ignore_above": 1024, "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, "type": "keyword" }, "ip": { "type": "ip" }, "mac": { "ignore_above": 1024, "type": "keyword" }, "packets": { "type": "long" }, "geo": { "properties": { "continent_name": { "ignore_above": 1024, "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, "type": "keyword" }, "city_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "country_name": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "continent_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" }, "postal_code": { "ignore_above": 1024, "type": "keyword" } } }, "as": { "properties": { "number": { "type": "long" }, "organization": { "properties": { "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } } } }, "registered_domain": { "ignore_above": 1024, "type": "keyword" }, "port": { "type": "long" }, "bytes": { "type": "long" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "subdomain": { "ignore_above": 1024, "type": "keyword" }, "user": { "properties": { "full_name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "email": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } } } }, "rule": { "properties": { "reference": { "ignore_above": 1024, "type": "keyword" }, "license": { "ignore_above": 1024, "type": "keyword" }, "author": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "ruleset": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "category": { "ignore_above": 1024, "type": "keyword" }, "uuid": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "source": { "properties": { "nat": { "properties": { "port": { "type": "long" }, "ip": { "type": "ip" } } }, "address": { "ignore_above": 1024, "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, "type": "keyword" }, "ip": { "type": "ip" }, "mac": { "ignore_above": 1024, "type": "keyword" }, "packets": { "type": "long" }, "geo": { "properties": { "continent_name": { "ignore_above": 1024, "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, "type": "keyword" }, "city_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "country_name": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "continent_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" }, "postal_code": { "ignore_above": 1024, "type": "keyword" } } }, "as": { "properties": { "number": { "type": "long" }, "organization": { "properties": { "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } } } }, "registered_domain": { "ignore_above": 1024, "type": "keyword" }, "port": { "type": "long" }, "bytes": { "type": "long" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "subdomain": { "ignore_above": 1024, "type": "keyword" }, "user": { "properties": { "full_name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "email": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } } } }, "error": { "properties": { "code": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "stack_trace": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "message": { "type": "match_only_text" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "network": { "properties": { "transport": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "inner": { "type": "object", "properties": { "vlan": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } }, "packets": { "type": "long" }, "community_id": { "ignore_above": 1024, "type": "keyword" }, "forwarded_ip": { "type": "ip" }, "protocol": { "ignore_above": 1024, "type": "keyword" }, "application": { "ignore_above": 1024, "type": "keyword" }, "vlan": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "bytes": { "type": "long" }, "name": { "ignore_above": 1024, "type": "keyword" }, "iana_number": { "ignore_above": 1024, "type": "keyword" }, "direction": { "ignore_above": 1024, "type": "keyword" } } }, "cloud": { "properties": { "availability_zone": { "ignore_above": 1024, "type": "keyword" }, "instance": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "provider": { "ignore_above": 1024, "type": "keyword" }, "machine": { "properties": { "type": { "ignore_above": 1024, "type": "keyword" } } }, "service": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" } } }, "origin": { "properties": { "availability_zone": { "ignore_above": 1024, "type": "keyword" }, "instance": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "provider": { "ignore_above": 1024, "type": "keyword" }, "machine": { "properties": { "type": { "ignore_above": 1024, "type": "keyword" } } }, "service": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" } } }, "project": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "region": { "ignore_above": 1024, "type": "keyword" }, "account": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } }, "project": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "region": { "ignore_above": 1024, "type": "keyword" }, "account": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "target": { "properties": { "availability_zone": { "ignore_above": 1024, "type": "keyword" }, "instance": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "provider": { "ignore_above": 1024, "type": "keyword" }, "machine": { "properties": { "type": { "ignore_above": 1024, "type": "keyword" } } }, "service": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" } } }, "project": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "region": { "ignore_above": 1024, "type": "keyword" }, "account": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } } } }, "observer": { "properties": { "product": { "ignore_above": 1024, "type": "keyword" }, "os": { "properties": { "kernel": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "family": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" }, "platform": { "ignore_above": 1024, "type": "keyword" }, "full": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } }, "ip": { "type": "ip" }, "serial_number": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" }, "mac": { "ignore_above": 1024, "type": "keyword" }, "egress": { "type": "object", "properties": { "vlan": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "zone": { "ignore_above": 1024, "type": "keyword" }, "interface": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "alias": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } }, "geo": { "properties": { "continent_name": { "ignore_above": 1024, "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, "type": "keyword" }, "city_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "country_name": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "continent_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" }, "postal_code": { "ignore_above": 1024, "type": "keyword" } } }, "ingress": { "type": "object", "properties": { "vlan": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "zone": { "ignore_above": 1024, "type": "keyword" }, "interface": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "alias": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } }, "hostname": { "ignore_above": 1024, "type": "keyword" }, "vendor": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" } } }, "trace": { "properties": { "id": { "ignore_above": 1024, "type": "keyword" } } }, "file": { "properties": { "extension": { "ignore_above": 1024, "type": "keyword" }, "gid": { "ignore_above": 1024, "type": "keyword" }, "drive_letter": { "ignore_above": 1, "type": "keyword" }, "accessed": { "type": "date" }, "mtime": { "type": "date" }, "type": { "ignore_above": 1024, "type": "keyword" }, "directory": { "ignore_above": 1024, "type": "keyword" }, "inode": { "ignore_above": 1024, "type": "keyword" }, "mode": { "ignore_above": 1024, "type": "keyword" }, "path": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "uid": { "ignore_above": 1024, "type": "keyword" }, "code_signature": { "properties": { "valid": { "type": "boolean" }, "digest_algorithm": { "ignore_above": 1024, "type": "keyword" }, "signing_id": { "ignore_above": 1024, "type": "keyword" }, "trusted": { "type": "boolean" }, "subject_name": { "ignore_above": 1024, "type": "keyword" }, "exists": { "type": "boolean" }, "team_id": { "ignore_above": 1024, "type": "keyword" }, "status": { "ignore_above": 1024, "type": "keyword" }, "timestamp": { "type": "date" } } }, "ctime": { "type": "date" }, "fork_name": { "ignore_above": 1024, "type": "keyword" }, "elf": { "properties": { "imports": { "type": "flattened" }, "shared_libraries": { "ignore_above": 1024, "type": "keyword" }, "byte_order": { "ignore_above": 1024, "type": "keyword" }, "exports": { "type": "flattened" }, "cpu_type": { "ignore_above": 1024, "type": "keyword" }, "header": { "properties": { "object_version": { "ignore_above": 1024, "type": "keyword" }, "data": { "ignore_above": 1024, "type": "keyword" }, "entrypoint": { "type": "long" }, "os_abi": { "ignore_above": 1024, "type": "keyword" }, "abi_version": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "class": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "creation_date": { "type": "date" }, "sections": { "type": "nested", "properties": { "chi2": { "type": "long" }, "virtual_address": { "type": "long" }, "entropy": { "type": "long" }, "physical_offset": { "ignore_above": 1024, "type": "keyword" }, "flags": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "virtual_size": { "type": "long" } } }, "telfhash": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" }, "segments": { "type": "nested", "properties": { "type": { "ignore_above": 1024, "type": "keyword" }, "sections": { "ignore_above": 1024, "type": "keyword" } } } } }, "group": { "ignore_above": 1024, "type": "keyword" }, "owner": { "ignore_above": 1024, "type": "keyword" }, "created": { "type": "date" }, "target_path": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "x509": { "properties": { "not_after": { "type": "date" }, "public_key_exponent": { "index": false, "type": "long", "doc_values": false }, "not_before": { "type": "date" }, "subject": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } }, "public_key_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_size": { "type": "long" }, "serial_number": { "ignore_above": 1024, "type": "keyword" }, "version_number": { "ignore_above": 1024, "type": "keyword" }, "alternative_names": { "ignore_above": 1024, "type": "keyword" }, "issuer": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } } } }, "size": { "type": "long" }, "mime_type": { "ignore_above": 1024, "type": "keyword" }, "pe": { "properties": { "file_version": { "ignore_above": 1024, "type": "keyword" }, "product": { "ignore_above": 1024, "type": "keyword" }, "imphash": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "company": { "ignore_above": 1024, "type": "keyword" }, "original_file_name": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" } } }, "name": { "ignore_above": 1024, "type": "keyword" }, "attributes": { "ignore_above": 1024, "type": "keyword" }, "device": { "ignore_above": 1024, "type": "keyword" }, "hash": { "properties": { "sha1": { "ignore_above": 1024, "type": "keyword" }, "sha256": { "ignore_above": 1024, "type": "keyword" }, "sha512": { "ignore_above": 1024, "type": "keyword" }, "ssdeep": { "ignore_above": 1024, "type": "keyword" }, "md5": { "ignore_above": 1024, "type": "keyword" } } } } }, "ecs": { "properties": { "version": { "ignore_above": 1024, "type": "keyword" } } }, "related": { "properties": { "hosts": { "ignore_above": 1024, "type": "keyword" }, "ip": { "type": "ip" }, "user": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" } } }, "host": { "properties": { "os": { "properties": { "kernel": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "family": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" }, "platform": { "ignore_above": 1024, "type": "keyword" }, "full": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } }, "ip": { "type": "ip" }, "cpu": { "properties": { "usage": { "scaling_factor": 1000, "type": "scaled_float" } } }, "type": { "ignore_above": 1024, "type": "keyword" }, "mac": { "ignore_above": 1024, "type": "keyword" }, "network": { "properties": { "ingress": { "properties": { "bytes": { "type": "long" }, "packets": { "type": "long" } } }, "egress": { "properties": { "bytes": { "type": "long" }, "packets": { "type": "long" } } } } }, "uptime": { "type": "long" }, "geo": { "properties": { "continent_name": { "ignore_above": 1024, "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, "type": "keyword" }, "city_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "country_name": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "continent_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" }, "postal_code": { "ignore_above": 1024, "type": "keyword" } } }, "disk": { "properties": { "read": { "properties": { "bytes": { "type": "long" } } }, "write": { "properties": { "bytes": { "type": "long" } } } } }, "hostname": { "ignore_above": 1024, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" } } }, "client": { "properties": { "nat": { "properties": { "port": { "type": "long" }, "ip": { "type": "ip" } } }, "address": { "ignore_above": 1024, "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, "type": "keyword" }, "ip": { "type": "ip" }, "mac": { "ignore_above": 1024, "type": "keyword" }, "packets": { "type": "long" }, "geo": { "properties": { "continent_name": { "ignore_above": 1024, "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, "type": "keyword" }, "city_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "country_name": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "continent_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" }, "postal_code": { "ignore_above": 1024, "type": "keyword" } } }, "as": { "properties": { "number": { "type": "long" }, "organization": { "properties": { "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } } } }, "registered_domain": { "ignore_above": 1024, "type": "keyword" }, "port": { "type": "long" }, "bytes": { "type": "long" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "subdomain": { "ignore_above": 1024, "type": "keyword" }, "user": { "properties": { "full_name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "email": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } } } }, "event": { "properties": { "reason": { "ignore_above": 1024, "type": "keyword" }, "code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "agent_id_status": { "ignore_above": 1024, "type": "keyword" }, "duration": { "type": "long" }, "reference": { "ignore_above": 1024, "type": "keyword" }, "ingested": { "type": "date" }, "provider": { "ignore_above": 1024, "type": "keyword" }, "action": { "ignore_above": 1024, "type": "keyword" }, "end": { "type": "date" }, "id": { "ignore_above": 1024, "type": "keyword" }, "outcome": { "ignore_above": 1024, "type": "keyword" }, "severity": { "type": "long" }, "original": { "index": false, "type": "keyword", "doc_values": false }, "risk_score": { "type": "float" }, "created": { "type": "date" }, "kind": { "ignore_above": 1024, "type": "keyword" }, "module": { "ignore_above": 1024, "type": "keyword" }, "start": { "type": "date" }, "url": { "ignore_above": 1024, "type": "keyword" }, "sequence": { "type": "long" }, "risk_score_norm": { "type": "float" }, "category": { "ignore_above": 1024, "type": "keyword" }, "dataset": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" } } }, "user_agent": { "properties": { "original": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "os": { "properties": { "kernel": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "family": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" }, "platform": { "ignore_above": 1024, "type": "keyword" }, "full": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } }, "name": { "ignore_above": 1024, "type": "keyword" }, "device": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" } } }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "registry": { "properties": { "hive": { "ignore_above": 1024, "type": "keyword" }, "path": { "ignore_above": 1024, "type": "keyword" }, "data": { "properties": { "strings": { "type": "wildcard" }, "bytes": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "value": { "ignore_above": 1024, "type": "keyword" }, "key": { "ignore_above": 1024, "type": "keyword" } } }, "process": { "properties": { "parent": { "properties": { "pgid": { "type": "long" }, "start": { "type": "date" }, "pid": { "type": "long" }, "working_directory": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "thread": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "type": "long" } } }, "entity_id": { "ignore_above": 1024, "type": "keyword" }, "title": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "executable": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "uptime": { "type": "long" }, "args": { "ignore_above": 1024, "type": "keyword" }, "code_signature": { "properties": { "valid": { "type": "boolean" }, "digest_algorithm": { "ignore_above": 1024, "type": "keyword" }, "signing_id": { "ignore_above": 1024, "type": "keyword" }, "trusted": { "type": "boolean" }, "subject_name": { "ignore_above": 1024, "type": "keyword" }, "exists": { "type": "boolean" }, "team_id": { "ignore_above": 1024, "type": "keyword" }, "status": { "ignore_above": 1024, "type": "keyword" }, "timestamp": { "type": "date" } } }, "pe": { "properties": { "file_version": { "ignore_above": 1024, "type": "keyword" }, "product": { "ignore_above": 1024, "type": "keyword" }, "imphash": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "company": { "ignore_above": 1024, "type": "keyword" }, "original_file_name": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" } } }, "exit_code": { "type": "long" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "end": { "type": "date" }, "args_count": { "type": "long" }, "command_line": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "elf": { "properties": { "imports": { "type": "flattened" }, "shared_libraries": { "ignore_above": 1024, "type": "keyword" }, "byte_order": { "ignore_above": 1024, "type": "keyword" }, "exports": { "type": "flattened" }, "cpu_type": { "ignore_above": 1024, "type": "keyword" }, "header": { "properties": { "object_version": { "ignore_above": 1024, "type": "keyword" }, "data": { "ignore_above": 1024, "type": "keyword" }, "entrypoint": { "type": "long" }, "os_abi": { "ignore_above": 1024, "type": "keyword" }, "abi_version": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "class": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "creation_date": { "type": "date" }, "sections": { "type": "nested", "properties": { "chi2": { "type": "long" }, "virtual_address": { "type": "long" }, "entropy": { "type": "long" }, "physical_offset": { "ignore_above": 1024, "type": "keyword" }, "flags": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "virtual_size": { "type": "long" } } }, "telfhash": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" }, "segments": { "type": "nested", "properties": { "type": { "ignore_above": 1024, "type": "keyword" }, "sections": { "ignore_above": 1024, "type": "keyword" } } } } }, "hash": { "properties": { "sha1": { "ignore_above": 1024, "type": "keyword" }, "sha256": { "ignore_above": 1024, "type": "keyword" }, "sha512": { "ignore_above": 1024, "type": "keyword" }, "ssdeep": { "ignore_above": 1024, "type": "keyword" }, "md5": { "ignore_above": 1024, "type": "keyword" } } } } }, "pgid": { "type": "long" }, "start": { "type": "date" }, "pid": { "type": "long" }, "working_directory": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "thread": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "type": "long" } } }, "entity_id": { "ignore_above": 1024, "type": "keyword" }, "title": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "executable": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "uptime": { "type": "long" }, "args": { "ignore_above": 1024, "type": "keyword" }, "code_signature": { "properties": { "valid": { "type": "boolean" }, "digest_algorithm": { "ignore_above": 1024, "type": "keyword" }, "signing_id": { "ignore_above": 1024, "type": "keyword" }, "trusted": { "type": "boolean" }, "subject_name": { "ignore_above": 1024, "type": "keyword" }, "exists": { "type": "boolean" }, "team_id": { "ignore_above": 1024, "type": "keyword" }, "status": { "ignore_above": 1024, "type": "keyword" }, "timestamp": { "type": "date" } } }, "pe": { "properties": { "file_version": { "ignore_above": 1024, "type": "keyword" }, "product": { "ignore_above": 1024, "type": "keyword" }, "imphash": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "company": { "ignore_above": 1024, "type": "keyword" }, "original_file_name": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" } } }, "exit_code": { "type": "long" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "end": { "type": "date" }, "args_count": { "type": "long" }, "command_line": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "elf": { "properties": { "imports": { "type": "flattened" }, "shared_libraries": { "ignore_above": 1024, "type": "keyword" }, "byte_order": { "ignore_above": 1024, "type": "keyword" }, "exports": { "type": "flattened" }, "cpu_type": { "ignore_above": 1024, "type": "keyword" }, "header": { "properties": { "object_version": { "ignore_above": 1024, "type": "keyword" }, "data": { "ignore_above": 1024, "type": "keyword" }, "entrypoint": { "type": "long" }, "os_abi": { "ignore_above": 1024, "type": "keyword" }, "abi_version": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "class": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "creation_date": { "type": "date" }, "sections": { "type": "nested", "properties": { "chi2": { "type": "long" }, "virtual_address": { "type": "long" }, "entropy": { "type": "long" }, "physical_offset": { "ignore_above": 1024, "type": "keyword" }, "flags": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "virtual_size": { "type": "long" } } }, "telfhash": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" }, "segments": { "type": "nested", "properties": { "type": { "ignore_above": 1024, "type": "keyword" }, "sections": { "ignore_above": 1024, "type": "keyword" } } } } }, "hash": { "properties": { "sha1": { "ignore_above": 1024, "type": "keyword" }, "sha256": { "ignore_above": 1024, "type": "keyword" }, "sha512": { "ignore_above": 1024, "type": "keyword" }, "ssdeep": { "ignore_above": 1024, "type": "keyword" }, "md5": { "ignore_above": 1024, "type": "keyword" } } } } }, "package": { "properties": { "installed": { "type": "date" }, "build_version": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" }, "reference": { "ignore_above": 1024, "type": "keyword" }, "license": { "ignore_above": 1024, "type": "keyword" }, "path": { "ignore_above": 1024, "type": "keyword" }, "install_scope": { "ignore_above": 1024, "type": "keyword" }, "size": { "type": "long" }, "checksum": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" } } }, "dll": { "properties": { "path": { "ignore_above": 1024, "type": "keyword" }, "code_signature": { "properties": { "valid": { "type": "boolean" }, "digest_algorithm": { "ignore_above": 1024, "type": "keyword" }, "signing_id": { "ignore_above": 1024, "type": "keyword" }, "trusted": { "type": "boolean" }, "subject_name": { "ignore_above": 1024, "type": "keyword" }, "exists": { "type": "boolean" }, "team_id": { "ignore_above": 1024, "type": "keyword" }, "status": { "ignore_above": 1024, "type": "keyword" }, "timestamp": { "type": "date" } } }, "pe": { "properties": { "file_version": { "ignore_above": 1024, "type": "keyword" }, "product": { "ignore_above": 1024, "type": "keyword" }, "imphash": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "company": { "ignore_above": 1024, "type": "keyword" }, "original_file_name": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" } } }, "name": { "ignore_above": 1024, "type": "keyword" }, "hash": { "properties": { "sha1": { "ignore_above": 1024, "type": "keyword" }, "sha256": { "ignore_above": 1024, "type": "keyword" }, "sha512": { "ignore_above": 1024, "type": "keyword" }, "ssdeep": { "ignore_above": 1024, "type": "keyword" }, "md5": { "ignore_above": 1024, "type": "keyword" } } } } }, "dns": { "properties": { "op_code": { "ignore_above": 1024, "type": "keyword" }, "resolved_ip": { "type": "ip" }, "response_code": { "ignore_above": 1024, "type": "keyword" }, "question": { "properties": { "registered_domain": { "ignore_above": 1024, "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "subdomain": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "class": { "ignore_above": 1024, "type": "keyword" } } }, "answers": { "type": "object", "properties": { "data": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "class": { "ignore_above": 1024, "type": "keyword" }, "ttl": { "type": "long" } } }, "header_flags": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "vulnerability": { "properties": { "reference": { "ignore_above": 1024, "type": "keyword" }, "severity": { "ignore_above": 1024, "type": "keyword" }, "score": { "properties": { "environmental": { "type": "float" }, "version": { "ignore_above": 1024, "type": "keyword" }, "temporal": { "type": "float" }, "base": { "type": "float" } } }, "report_id": { "ignore_above": 1024, "type": "keyword" }, "scanner": { "properties": { "vendor": { "ignore_above": 1024, "type": "keyword" } } }, "description": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "category": { "ignore_above": 1024, "type": "keyword" }, "classification": { "ignore_above": 1024, "type": "keyword" }, "enumeration": { "ignore_above": 1024, "type": "keyword" } } }, "message": { "type": "match_only_text" }, "url": { "properties": { "extension": { "ignore_above": 1024, "type": "keyword" }, "original": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "scheme": { "ignore_above": 1024, "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, "type": "keyword" }, "query": { "ignore_above": 1024, "type": "keyword" }, "path": { "type": "wildcard" }, "fragment": { "ignore_above": 1024, "type": "keyword" }, "password": { "ignore_above": 1024, "type": "keyword" }, "registered_domain": { "ignore_above": 1024, "type": "keyword" }, "port": { "type": "long" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "subdomain": { "ignore_above": 1024, "type": "keyword" }, "full": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "username": { "ignore_above": 1024, "type": "keyword" } } }, "labels": { "type": "object" }, "tags": { "ignore_above": 1024, "type": "keyword" }, "orchestrator": { "properties": { "cluster": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" }, "url": { "ignore_above": 1024, "type": "keyword" } } }, "resource": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "organization": { "ignore_above": 1024, "type": "keyword" }, "namespace": { "ignore_above": 1024, "type": "keyword" }, "api_version": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "@timestamp": { "type": "date" }, "data_stream": { "properties": { "namespace": { "type": "constant_keyword" }, "type": { "type": "constant_keyword" }, "dataset": { "type": "constant_keyword" } } }, "service": { "properties": { "node": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" } } }, "environment": { "ignore_above": 1024, "type": "keyword" }, "address": { "ignore_above": 1024, "type": "keyword" }, "origin": { "properties": { "node": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" } } }, "environment": { "ignore_above": 1024, "type": "keyword" }, "address": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "state": { "ignore_above": 1024, "type": "keyword" }, "ephemeral_id": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "state": { "ignore_above": 1024, "type": "keyword" }, "ephemeral_id": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" }, "target": { "properties": { "node": { "properties": { "name": { "ignore_above": 1024, "type": "keyword" } } }, "environment": { "ignore_above": 1024, "type": "keyword" }, "address": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "state": { "ignore_above": 1024, "type": "keyword" }, "ephemeral_id": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } } } }, "organization": { "properties": { "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "http": { "properties": { "request": { "properties": { "referrer": { "ignore_above": 1024, "type": "keyword" }, "method": { "ignore_above": 1024, "type": "keyword" }, "mime_type": { "ignore_above": 1024, "type": "keyword" }, "bytes": { "type": "long" }, "id": { "ignore_above": 1024, "type": "keyword" }, "body": { "properties": { "bytes": { "type": "long" }, "content": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" } } } } }, "response": { "properties": { "status_code": { "type": "long" }, "mime_type": { "ignore_above": 1024, "type": "keyword" }, "bytes": { "type": "long" }, "body": { "properties": { "bytes": { "type": "long" }, "content": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" } } } } }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "tls": { "properties": { "cipher": { "ignore_above": 1024, "type": "keyword" }, "established": { "type": "boolean" }, "server": { "properties": { "not_after": { "type": "date" }, "x509": { "properties": { "not_after": { "type": "date" }, "public_key_exponent": { "index": false, "type": "long", "doc_values": false }, "not_before": { "type": "date" }, "subject": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } }, "public_key_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_size": { "type": "long" }, "serial_number": { "ignore_above": 1024, "type": "keyword" }, "version_number": { "ignore_above": 1024, "type": "keyword" }, "alternative_names": { "ignore_above": 1024, "type": "keyword" }, "issuer": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } } } }, "ja3s": { "ignore_above": 1024, "type": "keyword" }, "not_before": { "type": "date" }, "subject": { "ignore_above": 1024, "type": "keyword" }, "certificate": { "ignore_above": 1024, "type": "keyword" }, "certificate_chain": { "ignore_above": 1024, "type": "keyword" }, "hash": { "properties": { "sha1": { "ignore_above": 1024, "type": "keyword" }, "sha256": { "ignore_above": 1024, "type": "keyword" }, "md5": { "ignore_above": 1024, "type": "keyword" } } }, "issuer": { "ignore_above": 1024, "type": "keyword" } } }, "curve": { "ignore_above": 1024, "type": "keyword" }, "client": { "properties": { "not_after": { "type": "date" }, "server_name": { "ignore_above": 1024, "type": "keyword" }, "x509": { "properties": { "not_after": { "type": "date" }, "public_key_exponent": { "index": false, "type": "long", "doc_values": false }, "not_before": { "type": "date" }, "subject": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } }, "public_key_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_size": { "type": "long" }, "serial_number": { "ignore_above": 1024, "type": "keyword" }, "version_number": { "ignore_above": 1024, "type": "keyword" }, "alternative_names": { "ignore_above": 1024, "type": "keyword" }, "issuer": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } } } }, "not_before": { "type": "date" }, "subject": { "ignore_above": 1024, "type": "keyword" }, "supported_ciphers": { "ignore_above": 1024, "type": "keyword" }, "certificate": { "ignore_above": 1024, "type": "keyword" }, "ja3": { "ignore_above": 1024, "type": "keyword" }, "certificate_chain": { "ignore_above": 1024, "type": "keyword" }, "hash": { "properties": { "sha1": { "ignore_above": 1024, "type": "keyword" }, "sha256": { "ignore_above": 1024, "type": "keyword" }, "md5": { "ignore_above": 1024, "type": "keyword" } } }, "issuer": { "ignore_above": 1024, "type": "keyword" } } }, "next_protocol": { "ignore_above": 1024, "type": "keyword" }, "resumed": { "type": "boolean" }, "version": { "ignore_above": 1024, "type": "keyword" }, "version_protocol": { "ignore_above": 1024, "type": "keyword" } } }, "threat": { "properties": { "indicator": { "properties": { "registry": { "properties": { "hive": { "ignore_above": 1024, "type": "keyword" }, "path": { "ignore_above": 1024, "type": "keyword" }, "data": { "properties": { "strings": { "type": "wildcard" }, "bytes": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "value": { "ignore_above": 1024, "type": "keyword" }, "key": { "ignore_above": 1024, "type": "keyword" } } }, "first_seen": { "type": "date" }, "last_seen": { "type": "date" }, "confidence": { "ignore_above": 1024, "type": "keyword" }, "ip": { "type": "ip" }, "description": { "ignore_above": 1024, "type": "keyword" }, "sightings": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "url": { "properties": { "extension": { "ignore_above": 1024, "type": "keyword" }, "original": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "scheme": { "ignore_above": 1024, "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, "type": "keyword" }, "query": { "ignore_above": 1024, "type": "keyword" }, "path": { "type": "wildcard" }, "fragment": { "ignore_above": 1024, "type": "keyword" }, "password": { "ignore_above": 1024, "type": "keyword" }, "registered_domain": { "ignore_above": 1024, "type": "keyword" }, "port": { "type": "long" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "subdomain": { "ignore_above": 1024, "type": "keyword" }, "full": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "username": { "ignore_above": 1024, "type": "keyword" } } }, "scanner_stats": { "type": "long" }, "geo": { "properties": { "continent_name": { "ignore_above": 1024, "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, "type": "keyword" }, "city_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "country_name": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "continent_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" }, "postal_code": { "ignore_above": 1024, "type": "keyword" } } }, "reference": { "ignore_above": 1024, "type": "keyword" }, "x509": { "properties": { "not_after": { "type": "date" }, "public_key_exponent": { "index": false, "type": "long", "doc_values": false }, "not_before": { "type": "date" }, "subject": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } }, "public_key_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_size": { "type": "long" }, "serial_number": { "ignore_above": 1024, "type": "keyword" }, "version_number": { "ignore_above": 1024, "type": "keyword" }, "alternative_names": { "ignore_above": 1024, "type": "keyword" }, "issuer": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } } } }, "as": { "properties": { "number": { "type": "long" }, "organization": { "properties": { "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } } } }, "file": { "properties": { "extension": { "ignore_above": 1024, "type": "keyword" }, "gid": { "ignore_above": 1024, "type": "keyword" }, "drive_letter": { "ignore_above": 1, "type": "keyword" }, "accessed": { "type": "date" }, "mtime": { "type": "date" }, "type": { "ignore_above": 1024, "type": "keyword" }, "directory": { "ignore_above": 1024, "type": "keyword" }, "inode": { "ignore_above": 1024, "type": "keyword" }, "mode": { "ignore_above": 1024, "type": "keyword" }, "path": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "uid": { "ignore_above": 1024, "type": "keyword" }, "code_signature": { "properties": { "valid": { "type": "boolean" }, "digest_algorithm": { "ignore_above": 1024, "type": "keyword" }, "signing_id": { "ignore_above": 1024, "type": "keyword" }, "trusted": { "type": "boolean" }, "subject_name": { "ignore_above": 1024, "type": "keyword" }, "exists": { "type": "boolean" }, "team_id": { "ignore_above": 1024, "type": "keyword" }, "status": { "ignore_above": 1024, "type": "keyword" }, "timestamp": { "type": "date" } } }, "ctime": { "type": "date" }, "fork_name": { "ignore_above": 1024, "type": "keyword" }, "elf": { "properties": { "imports": { "type": "flattened" }, "shared_libraries": { "ignore_above": 1024, "type": "keyword" }, "byte_order": { "ignore_above": 1024, "type": "keyword" }, "exports": { "type": "flattened" }, "cpu_type": { "ignore_above": 1024, "type": "keyword" }, "header": { "properties": { "object_version": { "ignore_above": 1024, "type": "keyword" }, "data": { "ignore_above": 1024, "type": "keyword" }, "entrypoint": { "type": "long" }, "os_abi": { "ignore_above": 1024, "type": "keyword" }, "abi_version": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "class": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "creation_date": { "type": "date" }, "sections": { "type": "nested", "properties": { "chi2": { "type": "long" }, "virtual_address": { "type": "long" }, "entropy": { "type": "long" }, "physical_offset": { "ignore_above": 1024, "type": "keyword" }, "flags": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "virtual_size": { "type": "long" } } }, "telfhash": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" }, "segments": { "type": "nested", "properties": { "type": { "ignore_above": 1024, "type": "keyword" }, "sections": { "ignore_above": 1024, "type": "keyword" } } } } }, "group": { "ignore_above": 1024, "type": "keyword" }, "owner": { "ignore_above": 1024, "type": "keyword" }, "created": { "type": "date" }, "target_path": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "x509": { "properties": { "not_after": { "type": "date" }, "public_key_exponent": { "index": false, "type": "long", "doc_values": false }, "not_before": { "type": "date" }, "subject": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } }, "public_key_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_size": { "type": "long" }, "serial_number": { "ignore_above": 1024, "type": "keyword" }, "version_number": { "ignore_above": 1024, "type": "keyword" }, "alternative_names": { "ignore_above": 1024, "type": "keyword" }, "issuer": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } } } }, "size": { "type": "long" }, "mime_type": { "ignore_above": 1024, "type": "keyword" }, "pe": { "properties": { "file_version": { "ignore_above": 1024, "type": "keyword" }, "product": { "ignore_above": 1024, "type": "keyword" }, "imphash": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "company": { "ignore_above": 1024, "type": "keyword" }, "original_file_name": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" } } }, "name": { "ignore_above": 1024, "type": "keyword" }, "attributes": { "ignore_above": 1024, "type": "keyword" }, "device": { "ignore_above": 1024, "type": "keyword" }, "hash": { "properties": { "sha1": { "ignore_above": 1024, "type": "keyword" }, "sha256": { "ignore_above": 1024, "type": "keyword" }, "sha512": { "ignore_above": 1024, "type": "keyword" }, "ssdeep": { "ignore_above": 1024, "type": "keyword" }, "md5": { "ignore_above": 1024, "type": "keyword" } } } } }, "marking": { "properties": { "tlp": { "ignore_above": 1024, "type": "keyword" } } }, "port": { "type": "long" }, "provider": { "ignore_above": 1024, "type": "keyword" }, "modified_at": { "type": "date" }, "email": { "properties": { "address": { "ignore_above": 1024, "type": "keyword" } } } } }, "framework": { "ignore_above": 1024, "type": "keyword" }, "software": { "properties": { "reference": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "alias": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "platforms": { "ignore_above": 1024, "type": "keyword" } } }, "technique": { "properties": { "reference": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "subtechnique": { "properties": { "reference": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "enrichments": { "type": "nested", "properties": { "indicator": { "type": "object", "properties": { "registry": { "properties": { "hive": { "ignore_above": 1024, "type": "keyword" }, "path": { "ignore_above": 1024, "type": "keyword" }, "data": { "properties": { "strings": { "type": "wildcard" }, "bytes": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" } } }, "value": { "ignore_above": 1024, "type": "keyword" }, "key": { "ignore_above": 1024, "type": "keyword" } } }, "first_seen": { "type": "date" }, "last_seen": { "type": "date" }, "confidence": { "ignore_above": 1024, "type": "keyword" }, "ip": { "type": "ip" }, "description": { "ignore_above": 1024, "type": "keyword" }, "sightings": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "url": { "properties": { "extension": { "ignore_above": 1024, "type": "keyword" }, "original": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "scheme": { "ignore_above": 1024, "type": "keyword" }, "top_level_domain": { "ignore_above": 1024, "type": "keyword" }, "query": { "ignore_above": 1024, "type": "keyword" }, "path": { "type": "wildcard" }, "fragment": { "ignore_above": 1024, "type": "keyword" }, "password": { "ignore_above": 1024, "type": "keyword" }, "registered_domain": { "ignore_above": 1024, "type": "keyword" }, "port": { "type": "long" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "subdomain": { "ignore_above": 1024, "type": "keyword" }, "full": { "fields": { "text": { "type": "match_only_text" } }, "type": "wildcard" }, "username": { "ignore_above": 1024, "type": "keyword" } } }, "scanner_stats": { "type": "long" }, "geo": { "properties": { "continent_name": { "ignore_above": 1024, "type": "keyword" }, "region_iso_code": { "ignore_above": 1024, "type": "keyword" }, "city_name": { "ignore_above": 1024, "type": "keyword" }, "country_iso_code": { "ignore_above": 1024, "type": "keyword" }, "timezone": { "ignore_above": 1024, "type": "keyword" }, "country_name": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "continent_code": { "ignore_above": 1024, "type": "keyword" }, "location": { "type": "geo_point" }, "region_name": { "ignore_above": 1024, "type": "keyword" }, "postal_code": { "ignore_above": 1024, "type": "keyword" } } }, "reference": { "ignore_above": 1024, "type": "keyword" }, "x509": { "properties": { "not_after": { "type": "date" }, "public_key_exponent": { "index": false, "type": "long", "doc_values": false }, "not_before": { "type": "date" }, "subject": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } }, "public_key_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_size": { "type": "long" }, "serial_number": { "ignore_above": 1024, "type": "keyword" }, "version_number": { "ignore_above": 1024, "type": "keyword" }, "alternative_names": { "ignore_above": 1024, "type": "keyword" }, "issuer": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } } } }, "as": { "properties": { "number": { "type": "long" }, "organization": { "properties": { "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" } } } } }, "file": { "properties": { "extension": { "ignore_above": 1024, "type": "keyword" }, "gid": { "ignore_above": 1024, "type": "keyword" }, "drive_letter": { "ignore_above": 1, "type": "keyword" }, "accessed": { "type": "date" }, "mtime": { "type": "date" }, "type": { "ignore_above": 1024, "type": "keyword" }, "directory": { "ignore_above": 1024, "type": "keyword" }, "inode": { "ignore_above": 1024, "type": "keyword" }, "mode": { "ignore_above": 1024, "type": "keyword" }, "path": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "uid": { "ignore_above": 1024, "type": "keyword" }, "code_signature": { "properties": { "valid": { "type": "boolean" }, "digest_algorithm": { "ignore_above": 1024, "type": "keyword" }, "signing_id": { "ignore_above": 1024, "type": "keyword" }, "trusted": { "type": "boolean" }, "subject_name": { "ignore_above": 1024, "type": "keyword" }, "exists": { "type": "boolean" }, "team_id": { "ignore_above": 1024, "type": "keyword" }, "status": { "ignore_above": 1024, "type": "keyword" }, "timestamp": { "type": "date" } } }, "ctime": { "type": "date" }, "fork_name": { "ignore_above": 1024, "type": "keyword" }, "elf": { "properties": { "imports": { "type": "flattened" }, "shared_libraries": { "ignore_above": 1024, "type": "keyword" }, "byte_order": { "ignore_above": 1024, "type": "keyword" }, "exports": { "type": "flattened" }, "cpu_type": { "ignore_above": 1024, "type": "keyword" }, "header": { "properties": { "object_version": { "ignore_above": 1024, "type": "keyword" }, "data": { "ignore_above": 1024, "type": "keyword" }, "entrypoint": { "type": "long" }, "os_abi": { "ignore_above": 1024, "type": "keyword" }, "abi_version": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" }, "class": { "ignore_above": 1024, "type": "keyword" }, "version": { "ignore_above": 1024, "type": "keyword" } } }, "creation_date": { "type": "date" }, "sections": { "type": "nested", "properties": { "chi2": { "type": "long" }, "virtual_address": { "type": "long" }, "entropy": { "type": "long" }, "physical_offset": { "ignore_above": 1024, "type": "keyword" }, "flags": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "physical_size": { "type": "long" }, "type": { "ignore_above": 1024, "type": "keyword" }, "virtual_size": { "type": "long" } } }, "telfhash": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" }, "segments": { "type": "nested", "properties": { "type": { "ignore_above": 1024, "type": "keyword" }, "sections": { "ignore_above": 1024, "type": "keyword" } } } } }, "group": { "ignore_above": 1024, "type": "keyword" }, "owner": { "ignore_above": 1024, "type": "keyword" }, "created": { "type": "date" }, "target_path": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "x509": { "properties": { "not_after": { "type": "date" }, "public_key_exponent": { "index": false, "type": "long", "doc_values": false }, "not_before": { "type": "date" }, "subject": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } }, "public_key_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_curve": { "ignore_above": 1024, "type": "keyword" }, "signature_algorithm": { "ignore_above": 1024, "type": "keyword" }, "public_key_size": { "type": "long" }, "serial_number": { "ignore_above": 1024, "type": "keyword" }, "version_number": { "ignore_above": 1024, "type": "keyword" }, "alternative_names": { "ignore_above": 1024, "type": "keyword" }, "issuer": { "properties": { "country": { "ignore_above": 1024, "type": "keyword" }, "state_or_province": { "ignore_above": 1024, "type": "keyword" }, "organization": { "ignore_above": 1024, "type": "keyword" }, "distinguished_name": { "ignore_above": 1024, "type": "keyword" }, "locality": { "ignore_above": 1024, "type": "keyword" }, "common_name": { "ignore_above": 1024, "type": "keyword" }, "organizational_unit": { "ignore_above": 1024, "type": "keyword" } } } } }, "size": { "type": "long" }, "mime_type": { "ignore_above": 1024, "type": "keyword" }, "pe": { "properties": { "file_version": { "ignore_above": 1024, "type": "keyword" }, "product": { "ignore_above": 1024, "type": "keyword" }, "imphash": { "ignore_above": 1024, "type": "keyword" }, "description": { "ignore_above": 1024, "type": "keyword" }, "company": { "ignore_above": 1024, "type": "keyword" }, "original_file_name": { "ignore_above": 1024, "type": "keyword" }, "architecture": { "ignore_above": 1024, "type": "keyword" } } }, "name": { "ignore_above": 1024, "type": "keyword" }, "attributes": { "ignore_above": 1024, "type": "keyword" }, "device": { "ignore_above": 1024, "type": "keyword" }, "hash": { "properties": { "sha1": { "ignore_above": 1024, "type": "keyword" }, "sha256": { "ignore_above": 1024, "type": "keyword" }, "sha512": { "ignore_above": 1024, "type": "keyword" }, "ssdeep": { "ignore_above": 1024, "type": "keyword" }, "md5": { "ignore_above": 1024, "type": "keyword" } } } } }, "marking": { "properties": { "tlp": { "ignore_above": 1024, "type": "keyword" } } }, "port": { "type": "long" }, "provider": { "ignore_above": 1024, "type": "keyword" }, "modified_at": { "type": "date" }, "email": { "properties": { "address": { "ignore_above": 1024, "type": "keyword" } } } } }, "matched": { "properties": { "field": { "ignore_above": 1024, "type": "keyword" }, "atomic": { "ignore_above": 1024, "type": "keyword" }, "index": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "type": { "ignore_above": 1024, "type": "keyword" } } } } }, "group": { "properties": { "reference": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "alias": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "tactic": { "properties": { "reference": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } }, "user": { "properties": { "effective": { "properties": { "full_name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "email": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } }, "full_name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, "type": "keyword" }, "changes": { "properties": { "full_name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "email": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "email": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } }, "target": { "properties": { "full_name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "domain": { "ignore_above": 1024, "type": "keyword" }, "roles": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "fields": { "text": { "type": "match_only_text" } }, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" }, "email": { "ignore_above": 1024, "type": "keyword" }, "hash": { "ignore_above": 1024, "type": "keyword" }, "group": { "properties": { "domain": { "ignore_above": 1024, "type": "keyword" }, "name": { "ignore_above": 1024, "type": "keyword" }, "id": { "ignore_above": 1024, "type": "keyword" } } } } } } }, "transaction": { "properties": { "id": { "ignore_above": 1024, "type": "keyword" } } }, "span": { "properties": { "id": { "ignore_above": 1024, "type": "keyword" } } } } } } }