-
Notifications
You must be signed in to change notification settings - Fork 339
/
Copy pathmalcolm_common.json
80 lines (80 loc) · 3.01 KB
/
malcolm_common.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
{
"template": {
"mappings": {
"properties": {
"destination.ip_reverse_dns": { "type": "keyword" },
"destination.oui": { "type": "keyword" },
"destination.device": {
"properties": {
"cluster": { "type": "keyword" },
"device_type": { "type": "keyword" },
"id": { "type": "integer" },
"manufacturer": { "type": "keyword" },
"name": { "type": "keyword" },
"role": { "type": "keyword" },
"service": { "type": "keyword" },
"site": { "type": "keyword" },
"url": { "type": "keyword" },
"details": { "type": "nested" }
}
},
"destination.segment": {
"properties": {
"id": { "type": "integer" },
"name": { "type": "keyword" },
"site": { "type": "keyword" },
"tenant": { "type": "keyword" },
"url": { "type": "keyword" },
"details": { "type": "nested" }
}
},
"event.freq_score_v1": { "type": "float" },
"event.freq_score_v2": { "type": "float" },
"event.hits": { "type": "long" },
"event.result": { "type": "keyword" },
"event.severity_tags": { "type": "keyword" },
"file.source": { "type": "keyword" },
"network.is_orig": { "type": "keyword" },
"network.protocol_version": { "type": "keyword" },
"related.mac": { "type": "keyword" },
"related.oui": { "type": "keyword" },
"related.password": { "type": "keyword", "ignore_above": 256, "fields": { "text": { "type": "text" } } },
"related.device_id": { "type": "integer" },
"related.device_name": { "type": "keyword" },
"related.device_type": { "type": "keyword" },
"related.manufacturer": { "type": "keyword" },
"related.role": { "type": "keyword" },
"related.service": { "type": "keyword" },
"related.site": { "type": "keyword" },
"source.ip_reverse_dns": { "type": "keyword" },
"source.oui": { "type": "keyword" },
"source.device": {
"properties": {
"cluster": { "type": "keyword" },
"device_type": { "type": "keyword" },
"id": { "type": "integer" },
"manufacturer": { "type": "keyword" },
"name": { "type": "keyword" },
"role": { "type": "keyword" },
"service": { "type": "keyword" },
"site": { "type": "keyword" },
"url": { "type": "keyword" },
"details": { "type": "nested" }
}
},
"source.segment": {
"properties": {
"id": { "type": "integer" },
"name": { "type": "keyword" },
"site": { "type": "keyword" },
"tenant": { "type": "keyword" },
"url": { "type": "keyword" },
"details": { "type": "nested" }
}
},
"tls.client.ja4": { "type": "keyword" },
"tls.server.ja4s": { "type": "keyword" }
}
}
}
}