1801 lines
49 KiB
Django/Jinja
1801 lines
49 KiB
Django/Jinja
{
|
|
"order": 0,
|
|
"index_patterns": [
|
|
"wazuh-alerts-3.x-*",
|
|
"wazuh-archives-3.x-*"
|
|
],
|
|
"settings": {
|
|
"index.refresh_interval": "5s",
|
|
"index.number_of_shards": "3",
|
|
"index.number_of_replicas": "0",
|
|
"index.auto_expand_replicas": "0-1",
|
|
"index.mapping.total_fields.limit": 10000,
|
|
"index.query.default_field": [
|
|
"GeoLocation.city_name",
|
|
"GeoLocation.continent_code",
|
|
"GeoLocation.country_code2",
|
|
"GeoLocation.country_code3",
|
|
"GeoLocation.country_name",
|
|
"GeoLocation.ip",
|
|
"GeoLocation.postal_code",
|
|
"GeoLocation.real_region_name",
|
|
"GeoLocation.region_name",
|
|
"GeoLocation.timezone",
|
|
"agent.id",
|
|
"agent.ip",
|
|
"agent.name",
|
|
"cluster.name",
|
|
"cluster.node",
|
|
"command",
|
|
"data",
|
|
"data.action",
|
|
"data.audit",
|
|
"data.audit.acct",
|
|
"data.audit.arch",
|
|
"data.audit.auid",
|
|
"data.audit.command",
|
|
"data.audit.cwd",
|
|
"data.audit.dev",
|
|
"data.audit.directory.inode",
|
|
"data.audit.directory.mode",
|
|
"data.audit.directory.name",
|
|
"data.audit.egid",
|
|
"data.audit.enforcing",
|
|
"data.audit.euid",
|
|
"data.audit.exe",
|
|
"data.audit.execve.a0",
|
|
"data.audit.execve.a1",
|
|
"data.audit.execve.a2",
|
|
"data.audit.execve.a3",
|
|
"data.audit.exit",
|
|
"data.audit.file.inode",
|
|
"data.audit.file.mode",
|
|
"data.audit.file.name",
|
|
"data.audit.fsgid",
|
|
"data.audit.fsuid",
|
|
"data.audit.gid",
|
|
"data.audit.id",
|
|
"data.audit.key",
|
|
"data.audit.list",
|
|
"data.audit.old-auid",
|
|
"data.audit.old-ses",
|
|
"data.audit.old_enforcing",
|
|
"data.audit.old_prom",
|
|
"data.audit.op",
|
|
"data.audit.pid",
|
|
"data.audit.ppid",
|
|
"data.audit.prom",
|
|
"data.audit.res",
|
|
"data.audit.session",
|
|
"data.audit.sgid",
|
|
"data.audit.srcip",
|
|
"data.audit.subj",
|
|
"data.audit.success",
|
|
"data.audit.suid",
|
|
"data.audit.syscall",
|
|
"data.audit.tty",
|
|
"data.audit.uid",
|
|
"data.aws.accountId",
|
|
"data.aws.account_id",
|
|
"data.aws.action",
|
|
"data.aws.actor",
|
|
"data.aws.aws_account_id",
|
|
"data.aws.description",
|
|
"data.aws.dstport",
|
|
"data.aws.errorCode",
|
|
"data.aws.errorMessage",
|
|
"data.aws.eventID",
|
|
"data.aws.eventName",
|
|
"data.aws.eventSource",
|
|
"data.aws.eventType",
|
|
"data.aws.id",
|
|
"data.aws.name",
|
|
"data.aws.requestParameters.accessKeyId",
|
|
"data.aws.requestParameters.bucketName",
|
|
"data.aws.requestParameters.gatewayId",
|
|
"data.aws.requestParameters.groupDescription",
|
|
"data.aws.requestParameters.groupId",
|
|
"data.aws.requestParameters.groupName",
|
|
"data.aws.requestParameters.host",
|
|
"data.aws.requestParameters.hostedZoneId",
|
|
"data.aws.requestParameters.instanceId",
|
|
"data.aws.requestParameters.instanceProfileName",
|
|
"data.aws.requestParameters.loadBalancerName",
|
|
"data.aws.requestParameters.loadBalancerPorts",
|
|
"data.aws.requestParameters.masterUserPassword",
|
|
"data.aws.requestParameters.masterUsername",
|
|
"data.aws.requestParameters.name",
|
|
"data.aws.requestParameters.natGatewayId",
|
|
"data.aws.requestParameters.networkAclId",
|
|
"data.aws.requestParameters.path",
|
|
"data.aws.requestParameters.policyName",
|
|
"data.aws.requestParameters.port",
|
|
"data.aws.requestParameters.stackId",
|
|
"data.aws.requestParameters.stackName",
|
|
"data.aws.requestParameters.subnetId",
|
|
"data.aws.requestParameters.subnetIds",
|
|
"data.aws.requestParameters.volumeId",
|
|
"data.aws.requestParameters.vpcId",
|
|
"data.aws.resource.accessKeyDetails.accessKeyId",
|
|
"data.aws.resource.accessKeyDetails.principalId",
|
|
"data.aws.resource.accessKeyDetails.userName",
|
|
"data.aws.resource.instanceDetails.instanceId",
|
|
"data.aws.resource.instanceDetails.instanceState",
|
|
"data.aws.resource.instanceDetails.networkInterfaces.privateDnsName",
|
|
"data.aws.resource.instanceDetails.networkInterfaces.publicDnsName",
|
|
"data.aws.resource.instanceDetails.networkInterfaces.subnetId",
|
|
"data.aws.resource.instanceDetails.networkInterfaces.vpcId",
|
|
"data.aws.resource.instanceDetails.tags.value",
|
|
"data.aws.responseElements.AssociateVpcCidrBlockResponse.vpcId",
|
|
"data.aws.responseElements.description",
|
|
"data.aws.responseElements.instanceId",
|
|
"data.aws.responseElements.instances.instanceId",
|
|
"data.aws.responseElements.instancesSet.items.instanceId",
|
|
"data.aws.responseElements.listeners.port",
|
|
"data.aws.responseElements.loadBalancerName",
|
|
"data.aws.responseElements.loadBalancers.vpcId",
|
|
"data.aws.responseElements.loginProfile.userName",
|
|
"data.aws.responseElements.networkAcl.vpcId",
|
|
"data.aws.responseElements.ownerId",
|
|
"data.aws.responseElements.publicIp",
|
|
"data.aws.responseElements.user.userId",
|
|
"data.aws.responseElements.user.userName",
|
|
"data.aws.responseElements.volumeId",
|
|
"data.aws.service.serviceName",
|
|
"data.aws.severity",
|
|
"data.aws.source",
|
|
"data.aws.sourceIPAddress",
|
|
"data.aws.srcport",
|
|
"data.aws.userIdentity.accessKeyId",
|
|
"data.aws.userIdentity.accountId",
|
|
"data.aws.userIdentity.userName",
|
|
"data.aws.vpcEndpointId",
|
|
"data.command",
|
|
"data.data",
|
|
"data.docker.Actor.Attributes.container",
|
|
"data.docker.Actor.Attributes.image",
|
|
"data.docker.Actor.Attributes.name",
|
|
"data.docker.Actor.ID",
|
|
"data.docker.id",
|
|
"data.docker.message",
|
|
"data.docker.status",
|
|
"data.dstip",
|
|
"data.dstport",
|
|
"data.dstuser",
|
|
"data.extra_data",
|
|
"data.hardware.serial",
|
|
"data.id",
|
|
"data.integration",
|
|
"data.netinfo.iface.adapter",
|
|
"data.netinfo.iface.ipv4.address",
|
|
"data.netinfo.iface.ipv6.address",
|
|
"data.netinfo.iface.mac",
|
|
"data.netinfo.iface.name",
|
|
"data.os.architecture",
|
|
"data.os.build",
|
|
"data.os.codename",
|
|
"data.os.hostname",
|
|
"data.os.major",
|
|
"data.os.minor",
|
|
"data.os.name",
|
|
"data.os.platform",
|
|
"data.os.release",
|
|
"data.os.release_version",
|
|
"data.os.sysname",
|
|
"data.os.version",
|
|
"data.oscap.check.description",
|
|
"data.oscap.check.id",
|
|
"data.oscap.check.identifiers",
|
|
"data.oscap.check.oval.id",
|
|
"data.oscap.check.rationale",
|
|
"data.oscap.check.references",
|
|
"data.oscap.check.result",
|
|
"data.oscap.check.severity",
|
|
"data.oscap.check.title",
|
|
"data.oscap.scan.benchmark.id",
|
|
"data.oscap.scan.content",
|
|
"data.oscap.scan.id",
|
|
"data.oscap.scan.profile.id",
|
|
"data.oscap.scan.profile.title",
|
|
"data.osquery.columns.address",
|
|
"data.osquery.columns.command",
|
|
"data.osquery.columns.description",
|
|
"data.osquery.columns.dst_ip",
|
|
"data.osquery.columns.gid",
|
|
"data.osquery.columns.hostname",
|
|
"data.osquery.columns.md5",
|
|
"data.osquery.columns.path",
|
|
"data.osquery.columns.sha1",
|
|
"data.osquery.columns.sha256",
|
|
"data.osquery.columns.src_ip",
|
|
"data.osquery.columns.user",
|
|
"data.osquery.columns.username",
|
|
"data.osquery.name",
|
|
"data.osquery.pack",
|
|
"data.port.process",
|
|
"data.port.protocol",
|
|
"data.port.state",
|
|
"data.process.args",
|
|
"data.process.cmd",
|
|
"data.process.egroup",
|
|
"data.process.euser",
|
|
"data.process.fgroup",
|
|
"data.process.name",
|
|
"data.process.rgroup",
|
|
"data.process.ruser",
|
|
"data.process.sgroup",
|
|
"data.process.state",
|
|
"data.process.suser",
|
|
"data.program.architecture",
|
|
"data.program.description",
|
|
"data.program.format",
|
|
"data.program.location",
|
|
"data.program.multiarch",
|
|
"data.program.name",
|
|
"data.program.priority",
|
|
"data.program.section",
|
|
"data.program.source",
|
|
"data.program.vendor",
|
|
"data.program.version",
|
|
"data.protocol",
|
|
"data.pwd",
|
|
"data.sca",
|
|
"data.sca.check.compliance.cis",
|
|
"data.sca.check.compliance.cis_csc",
|
|
"data.sca.check.compliance.pci_dss",
|
|
"data.sca.check.compliance.hipaa",
|
|
"data.sca.check.compliance.nist_800_53",
|
|
"data.sca.check.description",
|
|
"data.sca.check.directory",
|
|
"data.sca.check.file",
|
|
"data.sca.check.id",
|
|
"data.sca.check.previous_result",
|
|
"data.sca.check.process",
|
|
"data.sca.check.rationale",
|
|
"data.sca.check.reason",
|
|
"data.sca.check.references",
|
|
"data.sca.check.registry",
|
|
"data.sca.check.remediation",
|
|
"data.sca.check.result",
|
|
"data.sca.check.status",
|
|
"data.sca.check.title",
|
|
"data.sca.description",
|
|
"data.sca.file",
|
|
"data.sca.invalid",
|
|
"data.sca.name",
|
|
"data.sca.policy",
|
|
"data.sca.policy_id",
|
|
"data.sca.scan_id",
|
|
"data.sca.total_checks",
|
|
"data.script",
|
|
"data.src_ip",
|
|
"data.src_port",
|
|
"data.srcip",
|
|
"data.srcport",
|
|
"data.srcuser",
|
|
"data.status",
|
|
"data.system_name",
|
|
"data.title",
|
|
"data.tty",
|
|
"data.uid",
|
|
"data.url",
|
|
"data.virustotal.description",
|
|
"data.virustotal.error",
|
|
"data.virustotal.found",
|
|
"data.virustotal.permalink",
|
|
"data.virustotal.scan_date",
|
|
"data.virustotal.sha1",
|
|
"data.virustotal.source.alert_id",
|
|
"data.virustotal.source.file",
|
|
"data.virustotal.source.md5",
|
|
"data.virustotal.source.sha1",
|
|
"data.vulnerability.advisories",
|
|
"data.vulnerability.bugzilla_reference",
|
|
"data.vulnerability.cve",
|
|
"data.vulnerability.cvss.cvss2.base_score",
|
|
"data.vulnerability.cvss.cvss2.exploitability_score",
|
|
"data.vulnerability.cvss.cvss2.impact_score",
|
|
"data.vulnerability.cvss.cvss2.vector.access_complexity",
|
|
"data.vulnerability.cvss.cvss2.vector.attack_vector",
|
|
"data.vulnerability.cvss.cvss2.vector.authentication",
|
|
"data.vulnerability.cvss.cvss2.vector.availability",
|
|
"data.vulnerability.cvss.cvss2.vector.confidentiality_impact",
|
|
"data.vulnerability.cvss.cvss2.vector.integrity_impact",
|
|
"data.vulnerability.cvss.cvss2.vector.privileges_required",
|
|
"data.vulnerability.cvss.cvss2.vector.scope",
|
|
"data.vulnerability.cvss.cvss2.vector.user_interaction",
|
|
"data.vulnerability.cvss.cvss3.base_score",
|
|
"data.vulnerability.cvss.cvss3.exploitability_score",
|
|
"data.vulnerability.cvss.cvss3.impact_score",
|
|
"data.vulnerability.cvss.cvss3.vector.access_complexity",
|
|
"data.vulnerability.cvss.cvss3.vector.attack_vector",
|
|
"data.vulnerability.cvss.cvss3.vector.authentication",
|
|
"data.vulnerability.cvss.cvss3.vector.availability",
|
|
"data.vulnerability.cvss.cvss3.vector.confidentiality_impact",
|
|
"data.vulnerability.cvss.cvss3.vector.integrity_impact",
|
|
"data.vulnerability.cvss.cvss3.vector.privileges_required",
|
|
"data.vulnerability.cvss.cvss3.vector.scope",
|
|
"data.vulnerability.cvss.cvss3.vector.user_interaction",
|
|
"data.vulnerability.cwe_reference",
|
|
"data.vulnerability.package.architecture",
|
|
"data.vulnerability.package.condition",
|
|
"data.vulnerability.package.generated_cpe",
|
|
"data.vulnerability.package.name",
|
|
"data.vulnerability.package.version",
|
|
"data.vulnerability.rationale",
|
|
"data.vulnerability.reference",
|
|
"data.vulnerability.severity",
|
|
"data.vulnerability.state",
|
|
"data.vulnerability.title",
|
|
"data.win.eventdata.auditPolicyChanges",
|
|
"data.win.eventdata.auditPolicyChangesId",
|
|
"data.win.eventdata.binary",
|
|
"data.win.eventdata.category",
|
|
"data.win.eventdata.categoryId",
|
|
"data.win.eventdata.data",
|
|
"data.win.eventdata.image",
|
|
"data.win.eventdata.ipAddress",
|
|
"data.win.eventdata.ipPort",
|
|
"data.win.eventdata.keyName",
|
|
"data.win.eventdata.logonGuid",
|
|
"data.win.eventdata.logonProcessName",
|
|
"data.win.eventdata.operation",
|
|
"data.win.eventdata.parentImage",
|
|
"data.win.eventdata.processId",
|
|
"data.win.eventdata.processName",
|
|
"data.win.eventdata.providerName",
|
|
"data.win.eventdata.returnCode",
|
|
"data.win.eventdata.service",
|
|
"data.win.eventdata.status",
|
|
"data.win.eventdata.subcategory",
|
|
"data.win.eventdata.subcategoryGuid",
|
|
"data.win.eventdata.subcategoryId",
|
|
"data.win.eventdata.subjectDomainName",
|
|
"data.win.eventdata.subjectLogonId",
|
|
"data.win.eventdata.subjectUserName",
|
|
"data.win.eventdata.subjectUserSid",
|
|
"data.win.eventdata.targetDomainName",
|
|
"data.win.eventdata.targetLinkedLogonId",
|
|
"data.win.eventdata.targetLogonId",
|
|
"data.win.eventdata.targetUserName",
|
|
"data.win.eventdata.targetUserSid",
|
|
"data.win.eventdata.workstationName",
|
|
"data.win.system.channel",
|
|
"data.win.system.computer",
|
|
"data.win.system.eventID",
|
|
"data.win.system.eventRecordID",
|
|
"data.win.system.eventSourceName",
|
|
"data.win.system.keywords",
|
|
"data.win.system.level",
|
|
"data.win.system.message",
|
|
"data.win.system.opcode",
|
|
"data.win.system.processID",
|
|
"data.win.system.providerGuid",
|
|
"data.win.system.providerName",
|
|
"data.win.system.securityUserID",
|
|
"data.win.system.severityValue",
|
|
"data.win.system.userID",
|
|
"decoder.ftscomment",
|
|
"decoder.name",
|
|
"decoder.parent",
|
|
"full_log",
|
|
"host",
|
|
"id",
|
|
"input",
|
|
"location",
|
|
"manager.name",
|
|
"message",
|
|
"offset",
|
|
"predecoder.hostname",
|
|
"predecoder.program_name",
|
|
"previous_log",
|
|
"previous_output",
|
|
"program_name",
|
|
"rule.cis",
|
|
"rule.cve",
|
|
"rule.description",
|
|
"rule.gdpr",
|
|
"rule.gpg13",
|
|
"rule.groups",
|
|
"rule.id",
|
|
"rule.info",
|
|
"rule.pci_dss",
|
|
"rule.hipaa",
|
|
"rule.nist_800_53",
|
|
"syscheck.audit.effective_user.id",
|
|
"syscheck.audit.effective_user.name",
|
|
"syscheck.audit.group.id",
|
|
"syscheck.audit.group.name",
|
|
"syscheck.audit.login_user.id",
|
|
"syscheck.audit.login_user.name",
|
|
"syscheck.audit.process.id",
|
|
"syscheck.audit.process.name",
|
|
"syscheck.audit.process.ppid",
|
|
"syscheck.audit.user.id",
|
|
"syscheck.audit.user.name",
|
|
"syscheck.diff",
|
|
"syscheck.event",
|
|
"syscheck.gid_after",
|
|
"syscheck.gid_before",
|
|
"syscheck.gname_after",
|
|
"syscheck.gname_before",
|
|
"syscheck.inode_after",
|
|
"syscheck.inode_before",
|
|
"syscheck.md5_after",
|
|
"syscheck.md5_before",
|
|
"syscheck.path",
|
|
"syscheck.perm_after",
|
|
"syscheck.perm_before",
|
|
"syscheck.sha1_after",
|
|
"syscheck.sha1_before",
|
|
"syscheck.sha256_after",
|
|
"syscheck.sha256_before",
|
|
"syscheck.tags",
|
|
"syscheck.uid_after",
|
|
"syscheck.uid_before",
|
|
"syscheck.uname_after",
|
|
"syscheck.uname_before",
|
|
"title",
|
|
"type"
|
|
]
|
|
},
|
|
"mappings": {
|
|
"dynamic_templates": [
|
|
{
|
|
"string_as_keyword": {
|
|
"mapping": {
|
|
"type": "keyword"
|
|
},
|
|
"match_mapping_type": "string"
|
|
}
|
|
}
|
|
],
|
|
"date_detection": false,
|
|
"properties": {
|
|
"@timestamp": {
|
|
"type": "date"
|
|
},
|
|
"timestamp": {
|
|
"type": "date",
|
|
"format": "date_optional_time||epoch_millis"
|
|
},
|
|
"@version": {
|
|
"type": "text"
|
|
},
|
|
"agent": {
|
|
"properties": {
|
|
"ip": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"manager": {
|
|
"properties": {
|
|
"name": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"cluster": {
|
|
"properties": {
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"node": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"full_log": {
|
|
"type": "text"
|
|
},
|
|
"previous_log": {
|
|
"type": "text"
|
|
},
|
|
"GeoLocation": {
|
|
"properties": {
|
|
"area_code": {
|
|
"type": "long"
|
|
},
|
|
"city_name": {
|
|
"type": "keyword"
|
|
},
|
|
"continent_code": {
|
|
"type": "text"
|
|
},
|
|
"coordinates": {
|
|
"type": "double"
|
|
},
|
|
"country_code2": {
|
|
"type": "text"
|
|
},
|
|
"country_code3": {
|
|
"type": "text"
|
|
},
|
|
"country_name": {
|
|
"type": "keyword"
|
|
},
|
|
"dma_code": {
|
|
"type": "long"
|
|
},
|
|
"ip": {
|
|
"type": "keyword"
|
|
},
|
|
"latitude": {
|
|
"type": "double"
|
|
},
|
|
"location": {
|
|
"type": "geo_point"
|
|
},
|
|
"longitude": {
|
|
"type": "double"
|
|
},
|
|
"postal_code": {
|
|
"type": "keyword"
|
|
},
|
|
"real_region_name": {
|
|
"type": "keyword"
|
|
},
|
|
"region_name": {
|
|
"type": "keyword"
|
|
},
|
|
"timezone": {
|
|
"type": "text"
|
|
}
|
|
}
|
|
},
|
|
"host": {
|
|
"type": "keyword"
|
|
},
|
|
"syscheck": {
|
|
"properties": {
|
|
"path": {
|
|
"type": "keyword"
|
|
},
|
|
"sha1_before": {
|
|
"type": "keyword"
|
|
},
|
|
"sha1_after": {
|
|
"type": "keyword"
|
|
},
|
|
"uid_before": {
|
|
"type": "keyword"
|
|
},
|
|
"uid_after": {
|
|
"type": "keyword"
|
|
},
|
|
"gid_before": {
|
|
"type": "keyword"
|
|
},
|
|
"gid_after": {
|
|
"type": "keyword"
|
|
},
|
|
"perm_before": {
|
|
"type": "keyword"
|
|
},
|
|
"perm_after": {
|
|
"type": "keyword"
|
|
},
|
|
"md5_after": {
|
|
"type": "keyword"
|
|
},
|
|
"md5_before": {
|
|
"type": "keyword"
|
|
},
|
|
"gname_after": {
|
|
"type": "keyword"
|
|
},
|
|
"gname_before": {
|
|
"type": "keyword"
|
|
},
|
|
"inode_after": {
|
|
"type": "keyword"
|
|
},
|
|
"inode_before": {
|
|
"type": "keyword"
|
|
},
|
|
"mtime_after": {
|
|
"type": "date",
|
|
"format": "date_optional_time"
|
|
},
|
|
"mtime_before": {
|
|
"type": "date",
|
|
"format": "date_optional_time"
|
|
},
|
|
"uname_after": {
|
|
"type": "keyword"
|
|
},
|
|
"uname_before": {
|
|
"type": "keyword"
|
|
},
|
|
"size_before": {
|
|
"type": "long"
|
|
},
|
|
"size_after": {
|
|
"type": "long"
|
|
},
|
|
"diff": {
|
|
"type": "keyword"
|
|
},
|
|
"event": {
|
|
"type": "keyword"
|
|
},
|
|
"audit": {
|
|
"properties": {
|
|
"effective_user": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"group": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"login_user": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"process": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"ppid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"user": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"sha256_after": {
|
|
"type": "keyword"
|
|
},
|
|
"sha256_before": {
|
|
"type": "keyword"
|
|
},
|
|
"tags": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"location": {
|
|
"type": "keyword"
|
|
},
|
|
"message": {
|
|
"type": "text"
|
|
},
|
|
"offset": {
|
|
"type": "keyword"
|
|
},
|
|
"rule": {
|
|
"properties": {
|
|
"description": {
|
|
"type": "keyword"
|
|
},
|
|
"groups": {
|
|
"type": "keyword"
|
|
},
|
|
"level": {
|
|
"type": "long"
|
|
},
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"cve": {
|
|
"type": "keyword"
|
|
},
|
|
"info": {
|
|
"type": "keyword"
|
|
},
|
|
"frequency": {
|
|
"type": "long"
|
|
},
|
|
"firedtimes": {
|
|
"type": "long"
|
|
},
|
|
"cis": {
|
|
"type": "keyword"
|
|
},
|
|
"pci_dss": {
|
|
"type": "keyword"
|
|
},
|
|
"gdpr": {
|
|
"type": "keyword"
|
|
},
|
|
"gpg13": {
|
|
"type": "keyword"
|
|
},
|
|
"hipaa": {
|
|
"type": "keyword"
|
|
},
|
|
"nist_800_53": {
|
|
"type": "keyword"
|
|
},
|
|
"mail": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
},
|
|
"predecoder": {
|
|
"properties": {
|
|
"program_name": {
|
|
"type": "keyword"
|
|
},
|
|
"timestamp": {
|
|
"type": "keyword"
|
|
},
|
|
"hostname": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"decoder": {
|
|
"properties": {
|
|
"parent": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"ftscomment": {
|
|
"type": "keyword"
|
|
},
|
|
"fts": {
|
|
"type": "long"
|
|
},
|
|
"accumulate": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
},
|
|
"data": {
|
|
"properties": {
|
|
"audit": {
|
|
"properties": {
|
|
"acct": {
|
|
"type": "keyword"
|
|
},
|
|
"arch": {
|
|
"type": "keyword"
|
|
},
|
|
"auid": {
|
|
"type": "keyword"
|
|
},
|
|
"command": {
|
|
"type": "keyword"
|
|
},
|
|
"cwd": {
|
|
"type": "keyword"
|
|
},
|
|
"dev": {
|
|
"type": "keyword"
|
|
},
|
|
"directory": {
|
|
"properties": {
|
|
"inode": {
|
|
"type": "keyword"
|
|
},
|
|
"mode": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"egid": {
|
|
"type": "keyword"
|
|
},
|
|
"enforcing": {
|
|
"type": "keyword"
|
|
},
|
|
"euid": {
|
|
"type": "keyword"
|
|
},
|
|
"exe": {
|
|
"type": "keyword"
|
|
},
|
|
"execve": {
|
|
"properties": {
|
|
"a0": {
|
|
"type": "keyword"
|
|
},
|
|
"a1": {
|
|
"type": "keyword"
|
|
},
|
|
"a2": {
|
|
"type": "keyword"
|
|
},
|
|
"a3": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"exit": {
|
|
"type": "keyword"
|
|
},
|
|
"file": {
|
|
"properties": {
|
|
"inode": {
|
|
"type": "keyword"
|
|
},
|
|
"mode": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"fsgid": {
|
|
"type": "keyword"
|
|
},
|
|
"fsuid": {
|
|
"type": "keyword"
|
|
},
|
|
"gid": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"key": {
|
|
"type": "keyword"
|
|
},
|
|
"list": {
|
|
"type": "keyword"
|
|
},
|
|
"old-auid": {
|
|
"type": "keyword"
|
|
},
|
|
"old-ses": {
|
|
"type": "keyword"
|
|
},
|
|
"old_enforcing": {
|
|
"type": "keyword"
|
|
},
|
|
"old_prom": {
|
|
"type": "keyword"
|
|
},
|
|
"op": {
|
|
"type": "keyword"
|
|
},
|
|
"pid": {
|
|
"type": "keyword"
|
|
},
|
|
"ppid": {
|
|
"type": "keyword"
|
|
},
|
|
"prom": {
|
|
"type": "keyword"
|
|
},
|
|
"res": {
|
|
"type": "keyword"
|
|
},
|
|
"session": {
|
|
"type": "keyword"
|
|
},
|
|
"sgid": {
|
|
"type": "keyword"
|
|
},
|
|
"srcip": {
|
|
"type": "keyword"
|
|
},
|
|
"subj": {
|
|
"type": "keyword"
|
|
},
|
|
"success": {
|
|
"type": "keyword"
|
|
},
|
|
"suid": {
|
|
"type": "keyword"
|
|
},
|
|
"syscall": {
|
|
"type": "keyword"
|
|
},
|
|
"tty": {
|
|
"type": "keyword"
|
|
},
|
|
"type": {
|
|
"type": "keyword"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"protocol": {
|
|
"type": "keyword"
|
|
},
|
|
"action": {
|
|
"type": "keyword"
|
|
},
|
|
"srcip": {
|
|
"type": "keyword"
|
|
},
|
|
"dstip": {
|
|
"type": "keyword"
|
|
},
|
|
"srcport": {
|
|
"type": "keyword"
|
|
},
|
|
"dstport": {
|
|
"type": "keyword"
|
|
},
|
|
"srcuser": {
|
|
"type": "keyword"
|
|
},
|
|
"dstuser": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"status": {
|
|
"type": "keyword"
|
|
},
|
|
"data": {
|
|
"type": "keyword"
|
|
},
|
|
"extra_data": {
|
|
"type": "keyword"
|
|
},
|
|
"system_name": {
|
|
"type": "keyword"
|
|
},
|
|
"url": {
|
|
"type": "keyword"
|
|
},
|
|
"oscap": {
|
|
"properties": {
|
|
"check": {
|
|
"properties": {
|
|
"description": {
|
|
"type": "text"
|
|
},
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"identifiers": {
|
|
"type": "text"
|
|
},
|
|
"oval": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"rationale": {
|
|
"type": "text"
|
|
},
|
|
"references": {
|
|
"type": "text"
|
|
},
|
|
"result": {
|
|
"type": "keyword"
|
|
},
|
|
"severity": {
|
|
"type": "keyword"
|
|
},
|
|
"title": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"scan": {
|
|
"properties": {
|
|
"benchmark": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"content": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"profile": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"title": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"return_code": {
|
|
"type": "long"
|
|
},
|
|
"score": {
|
|
"type": "double"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"type": {
|
|
"type": "keyword"
|
|
},
|
|
"netinfo": {
|
|
"properties": {
|
|
"iface": {
|
|
"properties": {
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"mac": {
|
|
"type": "keyword"
|
|
},
|
|
"adapter": {
|
|
"type": "keyword"
|
|
},
|
|
"type": {
|
|
"type": "keyword"
|
|
},
|
|
"state": {
|
|
"type": "keyword"
|
|
},
|
|
"mtu": {
|
|
"type": "long"
|
|
},
|
|
"tx_bytes": {
|
|
"type": "long"
|
|
},
|
|
"rx_bytes": {
|
|
"type": "long"
|
|
},
|
|
"tx_errors": {
|
|
"type": "long"
|
|
},
|
|
"rx_errors": {
|
|
"type": "long"
|
|
},
|
|
"tx_dropped": {
|
|
"type": "long"
|
|
},
|
|
"rx_dropped": {
|
|
"type": "long"
|
|
},
|
|
"tx_packets": {
|
|
"type": "long"
|
|
},
|
|
"rx_packets": {
|
|
"type": "long"
|
|
},
|
|
"ipv4": {
|
|
"properties": {
|
|
"gateway": {
|
|
"type": "keyword"
|
|
},
|
|
"dhcp": {
|
|
"type": "keyword"
|
|
},
|
|
"address": {
|
|
"type": "keyword"
|
|
},
|
|
"netmask": {
|
|
"type": "keyword"
|
|
},
|
|
"broadcast": {
|
|
"type": "keyword"
|
|
},
|
|
"metric": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
},
|
|
"ipv6": {
|
|
"properties": {
|
|
"gateway": {
|
|
"type": "keyword"
|
|
},
|
|
"dhcp": {
|
|
"type": "keyword"
|
|
},
|
|
"address": {
|
|
"type": "keyword"
|
|
},
|
|
"netmask": {
|
|
"type": "keyword"
|
|
},
|
|
"broadcast": {
|
|
"type": "keyword"
|
|
},
|
|
"metric": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"os": {
|
|
"properties": {
|
|
"hostname": {
|
|
"type": "keyword"
|
|
},
|
|
"architecture": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"version": {
|
|
"type": "keyword"
|
|
},
|
|
"codename": {
|
|
"type": "keyword"
|
|
},
|
|
"major": {
|
|
"type": "keyword"
|
|
},
|
|
"minor": {
|
|
"type": "keyword"
|
|
},
|
|
"build": {
|
|
"type": "keyword"
|
|
},
|
|
"platform": {
|
|
"type": "keyword"
|
|
},
|
|
"sysname": {
|
|
"type": "keyword"
|
|
},
|
|
"release": {
|
|
"type": "keyword"
|
|
},
|
|
"release_version": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"port": {
|
|
"properties": {
|
|
"protocol": {
|
|
"type": "keyword"
|
|
},
|
|
"local_ip": {
|
|
"type": "ip"
|
|
},
|
|
"local_port": {
|
|
"type": "long"
|
|
},
|
|
"remote_ip": {
|
|
"type": "ip"
|
|
},
|
|
"remote_port": {
|
|
"type": "long"
|
|
},
|
|
"tx_queue": {
|
|
"type": "long"
|
|
},
|
|
"rx_queue": {
|
|
"type": "long"
|
|
},
|
|
"inode": {
|
|
"type": "long"
|
|
},
|
|
"state": {
|
|
"type": "keyword"
|
|
},
|
|
"pid": {
|
|
"type": "long"
|
|
},
|
|
"process": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"hardware": {
|
|
"properties": {
|
|
"serial": {
|
|
"type": "keyword"
|
|
},
|
|
"cpu_name": {
|
|
"type": "keyword"
|
|
},
|
|
"cpu_cores": {
|
|
"type": "long"
|
|
},
|
|
"cpu_mhz": {
|
|
"type": "double"
|
|
},
|
|
"ram_total": {
|
|
"type": "long"
|
|
},
|
|
"ram_free": {
|
|
"type": "long"
|
|
},
|
|
"ram_usage": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
},
|
|
"program": {
|
|
"properties": {
|
|
"format": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"priority": {
|
|
"type": "keyword"
|
|
},
|
|
"section": {
|
|
"type": "keyword"
|
|
},
|
|
"size": {
|
|
"type": "long"
|
|
},
|
|
"vendor": {
|
|
"type": "keyword"
|
|
},
|
|
"install_time": {
|
|
"type": "keyword"
|
|
},
|
|
"version": {
|
|
"type": "keyword"
|
|
},
|
|
"architecture": {
|
|
"type": "keyword"
|
|
},
|
|
"multiarch": {
|
|
"type": "keyword"
|
|
},
|
|
"source": {
|
|
"type": "keyword"
|
|
},
|
|
"description": {
|
|
"type": "keyword"
|
|
},
|
|
"location": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"process": {
|
|
"properties": {
|
|
"pid": {
|
|
"type": "long"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"state": {
|
|
"type": "keyword"
|
|
},
|
|
"ppid": {
|
|
"type": "long"
|
|
},
|
|
"utime": {
|
|
"type": "long"
|
|
},
|
|
"stime": {
|
|
"type": "long"
|
|
},
|
|
"cmd": {
|
|
"type": "keyword"
|
|
},
|
|
"args": {
|
|
"type": "keyword"
|
|
},
|
|
"euser": {
|
|
"type": "keyword"
|
|
},
|
|
"ruser": {
|
|
"type": "keyword"
|
|
},
|
|
"suser": {
|
|
"type": "keyword"
|
|
},
|
|
"egroup": {
|
|
"type": "keyword"
|
|
},
|
|
"sgroup": {
|
|
"type": "keyword"
|
|
},
|
|
"fgroup": {
|
|
"type": "keyword"
|
|
},
|
|
"rgroup": {
|
|
"type": "keyword"
|
|
},
|
|
"priority": {
|
|
"type": "long"
|
|
},
|
|
"nice": {
|
|
"type": "long"
|
|
},
|
|
"size": {
|
|
"type": "long"
|
|
},
|
|
"vm_size": {
|
|
"type": "long"
|
|
},
|
|
"resident": {
|
|
"type": "long"
|
|
},
|
|
"share": {
|
|
"type": "long"
|
|
},
|
|
"start_time": {
|
|
"type": "long"
|
|
},
|
|
"pgrp": {
|
|
"type": "long"
|
|
},
|
|
"session": {
|
|
"type": "long"
|
|
},
|
|
"nlwp": {
|
|
"type": "long"
|
|
},
|
|
"tgid": {
|
|
"type": "long"
|
|
},
|
|
"tty": {
|
|
"type": "long"
|
|
},
|
|
"processor": {
|
|
"type": "long"
|
|
}
|
|
}
|
|
},
|
|
"sca": {
|
|
"properties": {
|
|
"type": {
|
|
"type": "keyword"
|
|
},
|
|
"scan_id": {
|
|
"type": "keyword"
|
|
},
|
|
"policy": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"file": {
|
|
"type": "keyword"
|
|
},
|
|
"description": {
|
|
"type": "keyword"
|
|
},
|
|
"passed": {
|
|
"type": "integer"
|
|
},
|
|
"failed": {
|
|
"type": "integer"
|
|
},
|
|
"score": {
|
|
"type": "long"
|
|
},
|
|
"check": {
|
|
"properties": {
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"title": {
|
|
"type": "keyword"
|
|
},
|
|
"description": {
|
|
"type": "keyword"
|
|
},
|
|
"rationale": {
|
|
"type": "keyword"
|
|
},
|
|
"remediation": {
|
|
"type": "keyword"
|
|
},
|
|
"compliance": {
|
|
"properties": {
|
|
"cis": {
|
|
"type": "keyword"
|
|
},
|
|
"cis_csc": {
|
|
"type": "keyword"
|
|
},
|
|
"pci_dss": {
|
|
"type": "keyword"
|
|
},
|
|
"hipaa": {
|
|
"type": "keyword"
|
|
},
|
|
"nist_800_53": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"references": {
|
|
"type": "keyword"
|
|
},
|
|
"file": {
|
|
"type": "keyword"
|
|
},
|
|
"directory": {
|
|
"type": "keyword"
|
|
},
|
|
"registry": {
|
|
"type": "keyword"
|
|
},
|
|
"process": {
|
|
"type": "keyword"
|
|
},
|
|
"result": {
|
|
"type": "keyword"
|
|
},
|
|
"previous_result": {
|
|
"type": "keyword"
|
|
},
|
|
"reason": {
|
|
"type": "keyword"
|
|
},
|
|
"status": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"invalid": {
|
|
"type": "keyword"
|
|
},
|
|
"policy_id": {
|
|
"type": "keyword"
|
|
},
|
|
"total_checks": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"command": {
|
|
"type": "keyword"
|
|
},
|
|
"integration": {
|
|
"type": "keyword"
|
|
},
|
|
"timestamp": {
|
|
"type": "date"
|
|
},
|
|
"title": {
|
|
"type": "keyword"
|
|
},
|
|
"uid": {
|
|
"type": "keyword"
|
|
},
|
|
"virustotal": {
|
|
"properties": {
|
|
"description": {
|
|
"type": "keyword"
|
|
},
|
|
"error": {
|
|
"type": "keyword"
|
|
},
|
|
"found": {
|
|
"type": "keyword"
|
|
},
|
|
"malicious": {
|
|
"type": "keyword"
|
|
},
|
|
"permalink": {
|
|
"type": "keyword"
|
|
},
|
|
"positives": {
|
|
"type": "keyword"
|
|
},
|
|
"scan_date": {
|
|
"type": "keyword"
|
|
},
|
|
"sha1": {
|
|
"type": "keyword"
|
|
},
|
|
"source": {
|
|
"properties": {
|
|
"alert_id": {
|
|
"type": "keyword"
|
|
},
|
|
"file": {
|
|
"type": "keyword"
|
|
},
|
|
"md5": {
|
|
"type": "keyword"
|
|
},
|
|
"sha1": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"total": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"vulnerability": {
|
|
"properties": {
|
|
"advisories": {
|
|
"type": "keyword"
|
|
},
|
|
"bugzilla_reference": {
|
|
"type": "keyword"
|
|
},
|
|
"cve": {
|
|
"type": "keyword"
|
|
},
|
|
"cvss": {
|
|
"properties": {
|
|
"cvss2": {
|
|
"properties": {
|
|
"base_score": {
|
|
"type": "keyword"
|
|
},
|
|
"exploitability_score": {
|
|
"type": "keyword"
|
|
},
|
|
"impact_score": {
|
|
"type": "keyword"
|
|
},
|
|
"vector": {
|
|
"properties": {
|
|
"access_complexity": {
|
|
"type": "keyword"
|
|
},
|
|
"attack_vector": {
|
|
"type": "keyword"
|
|
},
|
|
"authentication": {
|
|
"type": "keyword"
|
|
},
|
|
"availability": {
|
|
"type": "keyword"
|
|
},
|
|
"confidentiality_impact": {
|
|
"type": "keyword"
|
|
},
|
|
"integrity_impact": {
|
|
"type": "keyword"
|
|
},
|
|
"privileges_required": {
|
|
"type": "keyword"
|
|
},
|
|
"scope": {
|
|
"type": "keyword"
|
|
},
|
|
"user_interaction": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"cvss3": {
|
|
"properties": {
|
|
"base_score": {
|
|
"type": "keyword"
|
|
},
|
|
"exploitability_score": {
|
|
"type": "keyword"
|
|
},
|
|
"impact_score": {
|
|
"type": "keyword"
|
|
},
|
|
"vector": {
|
|
"properties": {
|
|
"access_complexity": {
|
|
"type": "keyword"
|
|
},
|
|
"attack_vector": {
|
|
"type": "keyword"
|
|
},
|
|
"authentication": {
|
|
"type": "keyword"
|
|
},
|
|
"availability": {
|
|
"type": "keyword"
|
|
},
|
|
"confidentiality_impact": {
|
|
"type": "keyword"
|
|
},
|
|
"integrity_impact": {
|
|
"type": "keyword"
|
|
},
|
|
"privileges_required": {
|
|
"type": "keyword"
|
|
},
|
|
"scope": {
|
|
"type": "keyword"
|
|
},
|
|
"user_interaction": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"cwe_reference": {
|
|
"type": "keyword"
|
|
},
|
|
"package": {
|
|
"properties": {
|
|
"architecture": {
|
|
"type": "keyword"
|
|
},
|
|
"condition": {
|
|
"type": "keyword"
|
|
},
|
|
"generated_cpe": {
|
|
"type": "keyword"
|
|
},
|
|
"name": {
|
|
"type": "keyword"
|
|
},
|
|
"version": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"published": {
|
|
"type": "date"
|
|
},
|
|
"updated": {
|
|
"type": "date"
|
|
},
|
|
"rationale": {
|
|
"type": "keyword"
|
|
},
|
|
"reference": {
|
|
"type": "keyword"
|
|
},
|
|
"severity": {
|
|
"type": "keyword"
|
|
},
|
|
"state": {
|
|
"type": "keyword"
|
|
},
|
|
"title": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"aws": {
|
|
"properties": {
|
|
"bytes": {
|
|
"type": "long"
|
|
},
|
|
"dstaddr": {
|
|
"type": "ip"
|
|
},
|
|
"srcaddr": {
|
|
"type": "ip"
|
|
},
|
|
"end": {
|
|
"type": "date"
|
|
},
|
|
"start": {
|
|
"type": "date"
|
|
},
|
|
"source_ip_address": {
|
|
"type": "ip"
|
|
},
|
|
"service": {
|
|
"properties": {
|
|
"count": {
|
|
"type": "long"
|
|
},
|
|
"action.networkConnectionAction.remoteIpDetails": {
|
|
"properties": {
|
|
"ipAddressV4": {
|
|
"type": "ip"
|
|
},
|
|
"geoLocation": {
|
|
"type": "geo_point"
|
|
}
|
|
}
|
|
},
|
|
"eventFirstSeen": {
|
|
"type": "date"
|
|
},
|
|
"eventLastSeen": {
|
|
"type": "date"
|
|
}
|
|
}
|
|
},
|
|
"createdAt": {
|
|
"type": "date"
|
|
},
|
|
"updatedAt": {
|
|
"type": "date"
|
|
},
|
|
"resource.instanceDetails": {
|
|
"properties": {
|
|
"launchTime": {
|
|
"type": "date"
|
|
},
|
|
"networkInterfaces": {
|
|
"properties": {
|
|
"privateIpAddress": {
|
|
"type": "ip"
|
|
},
|
|
"publicIp": {
|
|
"type": "ip"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"program_name": {
|
|
"type": "keyword"
|
|
},
|
|
"command": {
|
|
"type": "keyword"
|
|
},
|
|
"type": {
|
|
"type": "text"
|
|
},
|
|
"title": {
|
|
"type": "keyword"
|
|
},
|
|
"id": {
|
|
"type": "keyword"
|
|
},
|
|
"input": {
|
|
"properties": {
|
|
"type": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"previous_output": {
|
|
"type": "keyword"
|
|
}
|
|
}
|
|
},
|
|
"version": 1
|
|
}
|