Run results for: Lodash cloneDeep vs structuredClone vs JSON.parse clone vs RFDC 322KB input

Run details:

User agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36

Browser: Chrome 115

Operating system: Linux

Device Platform: Desktop

Date tested: one year ago

Test name	Executions per second
Lodash cloneDeep	128.2 Ops/sec
Native structuredClone	189.9 Ops/sec
JSON.parse(JSON.stringify)	262.7 Ops/sec

HTML Preparation code:

<script src='https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js'></script>
<script src='https://cdn.jsdelivr.net/npm/rfdc@1.3.0/index.js'></script>

Script Preparation code:

var MyObject = {"filebeat-7.16.3-2023.07.24-000001":{"mappings":{"_meta":{"beat":"filebeat","version":"7.16.3"},"dynamic_templates":[{"labels":{"path_match":"labels.*","match_mapping_type":"string","mapping":{"type":"keyword"}}},{"container.labels":{"path_match":"container.labels.*","match_mapping_type":"string","mapping":{"type":"keyword"}}},{"fields":{"path_match":"fields.*","match_mapping_type":"string","mapping":{"type":"keyword"}}},{"docker.container.labels":{"path_match":"docker.container.labels.*","match_mapping_type":"string","mapping":{"type":"keyword"}}},{"kubernetes.labels.*":{"path_match":"kubernetes.labels.*","mapping":{"type":"keyword"}}},{"kubernetes.annotations.*":{"path_match":"kubernetes.annotations.*","mapping":{"type":"keyword"}}},{"kubernetes.selectors.*":{"path_match":"kubernetes.selectors.*","mapping":{"type":"keyword"}}},{"docker.attrs":{"path_match":"docker.attrs.*","match_mapping_type":"string","mapping":{"type":"keyword"}}},{"azure.activitylogs.identity.claims.*":{"path_match":"azure.activitylogs.identity.claims.*","mapping":{"type":"keyword"}}},{"kibana.log.meta":{"path_match":"kibana.log.meta.*","match_mapping_type":"string","mapping":{"type":"keyword"}}},{"strings_as_keyword":{"match_mapping_type":"string","mapping":{"ignore_above":1024,"type":"keyword"}}}],"date_detection":false,"properties":{"@timestamp":{"type":"date"},"activemq":{"properties":{"caller":{"type":"keyword","ignore_above":1024},"log":{"properties":{"stack_trace":{"type":"keyword","ignore_above":1024}}},"thread":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024}}},"agent":{"properties":{"build":{"properties":{"original":{"type":"keyword","ignore_above":1024}}},"ephemeral_id":{"type":"keyword","ignore_above":1024},"hostname":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"apache":{"properties":{"access":{"properties":{"ssl":{"properties":{"cipher":{"type":"keyword","ignore_above":1024},"protocol":{"type":"keyword","ignore_above":1024}}}}},"error":{"properties":{"module":{"type":"keyword","ignore_above":1024}}}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}}}},"auditd":{"properties":{"log":{"properties":{"a0":{"type":"keyword","ignore_above":1024},"addr":{"type":"ip"},"item":{"type":"keyword","ignore_above":1024},"items":{"type":"keyword","ignore_above":1024},"laddr":{"type":"ip"},"lport":{"type":"long"},"new_auid":{"type":"keyword","ignore_above":1024},"new_ses":{"type":"keyword","ignore_above":1024},"old_auid":{"type":"keyword","ignore_above":1024},"old_ses":{"type":"keyword","ignore_above":1024},"rport":{"type":"long"},"sequence":{"type":"long"},"tty":{"type":"keyword","ignore_above":1024}}}}},"aws":{"properties":{"cloudtrail":{"properties":{"additional_eventdata":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}},"api_version":{"type":"keyword","ignore_above":1024},"console_login":{"properties":{"additional_eventdata":{"properties":{"login_to":{"type":"keyword","ignore_above":1024},"mfa_used":{"type":"boolean"},"mobile_version":{"type":"boolean"}}}}},"digest":{"properties":{"end_time":{"type":"date"},"log_files":{"type":"nested"},"newest_event_time":{"type":"date"},"oldest_event_time":{"type":"date"},"previous_hash_algorithm":{"type":"keyword","ignore_above":1024},"previous_s3_bucket":{"type":"keyword","ignore_above":1024},"public_key_fingerprint":{"type":"keyword","ignore_above":1024},"s3_bucket":{"type":"keyword","ignore_above":1024},"s3_object":{"type":"keyword","ignore_above":1024},"signature_algorithm":{"type":"keyword","ignore_above":1024},"start_time":{"type":"date"}}},"error_code":{"type":"keyword","ignore_above":1024},"error_message":{"type":"keyword","ignore_above":1024},"event_category":{"type":"keyword","ignore_above":1024},"event_type":{"type":"keyword","ignore_above":1024},"event_version":{"type":"keyword","ignore_above":1024},"flattened":{"properties":{"additional_eventdata":{"type":"flattened"},"request_parameters":{"type":"flattened"},"response_elements":{"type":"flattened"},"service_event_details":{"type":"flattened"}}},"insight_details":{"type":"flattened"},"management_event":{"type":"keyword","ignore_above":1024},"read_only":{"type":"keyword","ignore_above":1024},"recipient_account_id":{"type":"keyword","ignore_above":1024},"request_id":{"type":"keyword","ignore_above":1024},"request_parameters":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}},"resources":{"properties":{"account_id":{"type":"keyword","ignore_above":1024},"arn":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"response_elements":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}},"service_event_details":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}},"shared_event_id":{"type":"keyword","ignore_above":1024},"user_identity":{"properties":{"access_key_id":{"type":"keyword","ignore_above":1024},"arn":{"type":"keyword","ignore_above":1024},"invoked_by":{"type":"keyword","ignore_above":1024},"session_context":{"properties":{"creation_date":{"type":"date"},"mfa_authenticated":{"type":"keyword","ignore_above":1024},"session_issuer":{"properties":{"account_id":{"type":"keyword","ignore_above":1024},"arn":{"type":"keyword","ignore_above":1024},"principal_id":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}}}},"type":{"type":"keyword","ignore_above":1024}}},"vpc_endpoint_id":{"type":"keyword","ignore_above":1024}}},"cloudwatch":{"properties":{"message":{"type":"text","norms":false}}},"ec2":{"properties":{"ip_address":{"type":"keyword","ignore_above":1024}}},"elb":{"properties":{"action_executed":{"type":"keyword","ignore_above":1024},"backend":{"properties":{"http":{"properties":{"response":{"properties":{"status_code":{"type":"keyword","ignore_above":1024}}}}},"ip":{"type":"keyword","ignore_above":1024},"port":{"type":"keyword","ignore_above":1024}}},"backend_processing_time":{"properties":{"sec":{"type":"float"}}},"chosen_cert":{"properties":{"arn":{"type":"keyword","ignore_above":1024},"serial":{"type":"keyword","ignore_above":1024}}},"classification":{"type":"keyword","ignore_above":1024},"classification_reason":{"type":"keyword","ignore_above":1024},"connection_time":{"properties":{"ms":{"type":"long"}}},"error":{"properties":{"reason":{"type":"keyword","ignore_above":1024}}},"incoming_tls_alert":{"type":"keyword","ignore_above":1024},"listener":{"type":"keyword","ignore_above":1024},"matched_rule_priority":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"protocol":{"type":"keyword","ignore_above":1024},"redirect_url":{"type":"keyword","ignore_above":1024},"request_processing_time":{"properties":{"sec":{"type":"float"}}},"response_processing_time":{"properties":{"sec":{"type":"float"}}},"ssl_cipher":{"type":"keyword","ignore_above":1024},"ssl_protocol":{"type":"keyword","ignore_above":1024},"target_group":{"properties":{"arn":{"type":"keyword","ignore_above":1024}}},"target_port":{"type":"keyword","ignore_above":1024},"target_status_code":{"type":"keyword","ignore_above":1024},"tls_handshake_time":{"properties":{"ms":{"type":"long"}}},"tls_named_group":{"type":"keyword","ignore_above":1024},"trace_id":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"s3access":{"properties":{"authentication_type":{"type":"keyword","ignore_above":1024},"bucket":{"type":"keyword","ignore_above":1024},"bucket_owner":{"type":"keyword","ignore_above":1024},"bytes_sent":{"type":"long"},"cipher_suite":{"type":"keyword","ignore_above":1024},"error_code":{"type":"keyword","ignore_above":1024},"host_header":{"type":"keyword","ignore_above":1024},"host_id":{"type":"keyword","ignore_above":1024},"http_status":{"type":"long"},"key":{"type":"keyword","ignore_above":1024},"object_size":{"type":"long"},"operation":{"type":"keyword","ignore_above":1024},"referrer":{"type":"keyword","ignore_above":1024},"remote_ip":{"type":"ip"},"request_id":{"type":"keyword","ignore_above":1024},"request_uri":{"type":"keyword","ignore_above":1024},"requester":{"type":"keyword","ignore_above":1024},"signature_version":{"type":"keyword","ignore_above":1024},"tls_version":{"type":"keyword","ignore_above":1024},"total_time":{"type":"long"},"turn_around_time":{"type":"long"},"user_agent":{"type":"keyword","ignore_above":1024},"version_id":{"type":"keyword","ignore_above":1024}}},"vpcflow":{"properties":{"account_id":{"type":"keyword","ignore_above":1024},"action":{"type":"keyword","ignore_above":1024},"instance_id":{"type":"keyword","ignore_above":1024},"interface_id":{"type":"keyword","ignore_above":1024},"log_status":{"type":"keyword","ignore_above":1024},"pkt_dstaddr":{"type":"ip"},"pkt_srcaddr":{"type":"ip"},"subnet_id":{"type":"keyword","ignore_above":1024},"tcp_flags":{"type":"keyword","ignore_above":1024},"tcp_flags_array":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024},"vpc_id":{"type":"keyword","ignore_above":1024}}}}},"aws-cloudwatch":{"properties":{"ingestion_time":{"type":"keyword","ignore_above":1024},"log_group":{"type":"keyword","ignore_above":1024},"log_stream":{"type":"keyword","ignore_above":1024}}},"azure":{"properties":{"activitylogs":{"properties":{"category":{"type":"keyword","ignore_above":1024},"event_category":{"type":"keyword","ignore_above":1024},"identity":{"properties":{"authorization":{"properties":{"action":{"type":"keyword","ignore_above":1024},"evidence":{"properties":{"principal_id":{"type":"keyword","ignore_above":1024},"principal_type":{"type":"keyword","ignore_above":1024},"role":{"type":"keyword","ignore_above":1024},"role_assignment_id":{"type":"keyword","ignore_above":1024},"role_assignment_scope":{"type":"keyword","ignore_above":1024},"role_definition_id":{"type":"keyword","ignore_above":1024}}},"scope":{"type":"keyword","ignore_above":1024}}},"claims":{"properties":{"*":{"type":"object"}}},"claims_initiated_by_user":{"properties":{"fullname":{"type":"keyword","ignore_above":1024},"givenname":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"schema":{"type":"keyword","ignore_above":1024},"surname":{"type":"keyword","ignore_above":1024}}}}},"operation_name":{"type":"keyword","ignore_above":1024},"properties":{"type":"flattened"},"result_signature":{"type":"keyword","ignore_above":1024},"result_type":{"type":"keyword","ignore_above":1024}}},"auditlogs":{"properties":{"category":{"type":"keyword","ignore_above":1024},"identity":{"type":"keyword","ignore_above":1024},"operation_name":{"type":"keyword","ignore_above":1024},"operation_version":{"type":"keyword","ignore_above":1024},"properties":{"properties":{"activity_datetime":{"type":"date"},"activity_display_name":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"correlation_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"initiated_by":{"properties":{"app":{"properties":{"appId":{"type":"keyword","ignore_above":1024},"displayName":{"type":"keyword","ignore_above":1024},"servicePrincipalId":{"type":"keyword","ignore_above":1024},"servicePrincipalName":{"type":"keyword","ignore_above":1024}}},"user":{"properties":{"displayName":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"ipAddress":{"type":"keyword","ignore_above":1024},"userPrincipalName":{"type":"keyword","ignore_above":1024}}}}},"logged_by_service":{"type":"keyword","ignore_above":1024},"operation_type":{"type":"keyword","ignore_above":1024},"result":{"type":"keyword","ignore_above":1024},"result_reason":{"type":"keyword","ignore_above":1024},"target_resources":{"properties":{"*":{"properties":{"display_name":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"ip_address":{"type":"keyword","ignore_above":1024},"modified_properties":{"properties":{"*":{"properties":{"display_name":{"type":"keyword","ignore_above":1024},"new_value":{"type":"keyword","ignore_above":1024},"old_value":{"type":"keyword","ignore_above":1024}}}}},"type":{"type":"keyword","ignore_above":1024},"user_principal_name":{"type":"keyword","ignore_above":1024}}}}}}},"result_signature":{"type":"keyword","ignore_above":1024},"tenant_id":{"type":"keyword","ignore_above":1024}}},"consumer_group":{"type":"keyword","ignore_above":1024},"correlation_id":{"type":"keyword","ignore_above":1024},"enqueued_time":{"type":"date"},"eventhub":{"type":"keyword","ignore_above":1024},"offset":{"type":"long"},"partition_id":{"type":"long"},"platformlogs":{"properties":{"ActivityId":{"type":"keyword","ignore_above":1024},"Caller":{"type":"keyword","ignore_above":1024},"Cloud":{"type":"keyword","ignore_above":1024},"Environment":{"type":"keyword","ignore_above":1024},"EventTimeString":{"type":"keyword","ignore_above":1024},"ScaleUnit":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"ccpNamespace":{"type":"keyword","ignore_above":1024},"event_category":{"type":"keyword","ignore_above":1024},"operation_name":{"type":"keyword","ignore_above":1024},"properties":{"type":"flattened"},"result_signature":{"type":"keyword","ignore_above":1024},"result_type":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024}}},"resource":{"properties":{"authorization_rule":{"type":"keyword","ignore_above":1024},"group":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"namespace":{"type":"keyword","ignore_above":1024},"provider":{"type":"keyword","ignore_above":1024}}},"sequence_number":{"type":"long"},"signinlogs":{"properties":{"category":{"type":"keyword","ignore_above":1024},"identity":{"type":"keyword","ignore_above":1024},"operation_name":{"type":"keyword","ignore_above":1024},"operation_version":{"type":"keyword","ignore_above":1024},"properties":{"properties":{"app_display_name":{"type":"keyword","ignore_above":1024},"app_id":{"type":"keyword","ignore_above":1024},"authentication_processing_details":{"type":"flattened"},"authentication_requirement":{"type":"keyword","ignore_above":1024},"authentication_requirement_policies":{"type":"keyword","ignore_above":1024},"autonomous_system_number":{"type":"long"},"client_app_used":{"type":"keyword","ignore_above":1024},"conditional_access_status":{"type":"keyword","ignore_above":1024},"correlation_id":{"type":"keyword","ignore_above":1024},"created_at":{"type":"date"},"cross_tenant_access_type":{"type":"keyword","ignore_above":1024},"device_detail":{"properties":{"browser":{"type":"keyword","ignore_above":1024},"device_id":{"type":"keyword","ignore_above":1024},"display_name":{"type":"keyword","ignore_above":1024},"operating_system":{"type":"keyword","ignore_above":1024},"trust_type":{"type":"keyword","ignore_above":1024}}},"flagged_for_review":{"type":"boolean"},"home_tenant_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"is_interactive":{"type":"boolean"},"is_tenant_restricted":{"type":"boolean"},"original_request_id":{"type":"keyword","ignore_above":1024},"processing_time_ms":{"type":"float"},"resource_display_name":{"type":"keyword","ignore_above":1024},"resource_id":{"type":"keyword","ignore_above":1024},"resource_tenant_id":{"type":"keyword","ignore_above":1024},"risk_detail":{"type":"keyword","ignore_above":1024},"risk_event_types":{"type":"keyword","ignore_above":1024},"risk_event_types_v2":{"type":"keyword","ignore_above":1024},"risk_level_aggregated":{"type":"keyword","ignore_above":1024},"risk_level_during_signin":{"type":"keyword","ignore_above":1024},"risk_state":{"type":"keyword","ignore_above":1024},"service_principal_id":{"type":"keyword","ignore_above":1024},"service_principal_name":{"type":"keyword","ignore_above":1024},"sso_extension_version":{"type":"keyword","ignore_above":1024},"status":{"properties":{"error_code":{"type":"long"}}},"token_issuer_name":{"type":"keyword","ignore_above":1024},"token_issuer_type":{"type":"keyword","ignore_above":1024},"user_display_name":{"type":"keyword","ignore_above":1024},"user_id":{"type":"keyword","ignore_above":1024},"user_principal_name":{"type":"keyword","ignore_above":1024},"user_type":{"type":"keyword","ignore_above":1024}}},"result_description":{"type":"keyword","ignore_above":1024},"result_signature":{"type":"keyword","ignore_above":1024},"result_type":{"type":"keyword","ignore_above":1024},"tenant_id":{"type":"keyword","ignore_above":1024}}},"subscription_id":{"type":"keyword","ignore_above":1024},"tenant_id":{"type":"keyword","ignore_above":1024}}},"bucket":{"properties":{"arn":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"cef":{"properties":{"device":{"properties":{"event_class_id":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024},"vendor":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"extensions":{"properties":{"Reason":{"type":"keyword","ignore_above":1024},"agentAddress":{"type":"ip"},"agentDnsDomain":{"type":"keyword","ignore_above":1024},"agentHostName":{"type":"keyword","ignore_above":1024},"agentId":{"type":"keyword","ignore_above":1024},"agentMacAddress":{"type":"keyword","ignore_above":1024},"agentNtDomain":{"type":"keyword","ignore_above":1024},"agentReceiptTime":{"type":"date"},"agentTimeZone":{"type":"keyword","ignore_above":1024},"agentTranslatedAddress":{"type":"ip"},"agentTranslatedZoneExternalID":{"type":"keyword","ignore_above":1024},"agentTranslatedZoneURI":{"type":"keyword","ignore_above":1024},"agentType":{"type":"keyword","ignore_above":1024},"agentVersion":{"type":"keyword","ignore_above":1024},"agentZoneExternalID":{"type":"keyword","ignore_above":1024},"agentZoneURI":{"type":"keyword","ignore_above":1024},"applicationProtocol":{"type":"keyword","ignore_above":1024},"baseEventCount":{"type":"long"},"bytesIn":{"type":"long"},"bytesOut":{"type":"long"},"categoryBehavior":{"type":"keyword","ignore_above":1024},"categoryDeviceGroup":{"type":"keyword","ignore_above":1024},"categoryDeviceType":{"type":"keyword","ignore_above":1024},"categoryObject":{"type":"keyword","ignore_above":1024},"categoryOutcome":{"type":"keyword","ignore_above":1024},"categorySignificance":{"type":"keyword","ignore_above":1024},"categoryTechnique":{"type":"keyword","ignore_above":1024},"cp_app_risk":{"type":"keyword","ignore_above":1024},"cp_severity":{"type":"keyword","ignore_above":1024},"customerExternalID":{"type":"keyword","ignore_above":1024},"customerURI":{"type":"keyword","ignore_above":1024},"destinationAddress":{"type":"ip"},"destinationDnsDomain":{"type":"keyword","ignore_above":1024},"destinationGeoLatitude":{"type":"double"},"destinationGeoLongitude":{"type":"double"},"destinationHostName":{"type":"keyword","ignore_above":1024},"destinationMacAddress":{"type":"keyword","ignore_above":1024},"destinationNtDomain":{"type":"keyword","ignore_above":1024},"destinationPort":{"type":"long"},"destinationProcessId":{"type":"long"},"destinationProcessName":{"type":"keyword","ignore_above":1024},"destinationServiceName":{"type":"keyword","ignore_above":1024},"destinationTranslatedAddress":{"type":"ip"},"destinationTranslatedPort":{"type":"long"},"destinationTranslatedZoneExternalID":{"type":"keyword","ignore_above":1024},"destinationTranslatedZoneURI":{"type":"keyword","ignore_above":1024},"destinationUserId":{"type":"keyword","ignore_above":1024},"destinationUserName":{"type":"keyword","ignore_above":1024},"destinationUserPrivileges":{"type":"keyword","ignore_above":1024},"destinationZoneExternalID":{"type":"keyword","ignore_above":1024},"destinationZoneURI":{"type":"keyword","ignore_above":1024},"deviceAction":{"type":"keyword","ignore_above":1024},"deviceAddress":{"type":"ip"},"deviceCustomDate1":{"type":"date"},"deviceCustomDate1Label":{"type":"keyword","ignore_above":1024},"deviceCustomDate2":{"type":"date"},"deviceCustomDate2Label":{"type":"keyword","ignore_above":1024},"deviceCustomFloatingPoint1":{"type":"double"},"deviceCustomFloatingPoint1Label":{"type":"keyword","ignore_above":1024},"deviceCustomFloatingPoint2":{"type":"double"},"deviceCustomFloatingPoint2Label":{"type":"keyword","ignore_above":1024},"deviceCustomFloatingPoint3":{"type":"double"},"deviceCustomFloatingPoint3Label":{"type":"keyword","ignore_above":1024},"deviceCustomFloatingPoint4":{"type":"double"},"deviceCustomFloatingPoint4Label":{"type":"keyword","ignore_above":1024},"deviceCustomIPv6Address1":{"type":"ip"},"deviceCustomIPv6Address1Label":{"type":"keyword","ignore_above":1024},"deviceCustomIPv6Address2":{"type":"ip"},"deviceCustomIPv6Address2Label":{"type":"keyword","ignore_above":1024},"deviceCustomIPv6Address3":{"type":"ip"},"deviceCustomIPv6Address3Label":{"type":"keyword","ignore_above":1024},"deviceCustomIPv6Address4":{"type":"ip"},"deviceCustomIPv6Address4Label":{"type":"keyword","ignore_above":1024},"deviceCustomNumber1":{"type":"long"},"deviceCustomNumber1Label":{"type":"keyword","ignore_above":1024},"deviceCustomNumber2":{"type":"long"},"deviceCustomNumber2Label":{"type":"keyword","ignore_above":1024},"deviceCustomNumber3":{"type":"long"},"deviceCustomNumber3Label":{"type":"keyword","ignore_above":1024},"deviceCustomString1":{"type":"keyword","ignore_above":1024},"deviceCustomString1Label":{"type":"keyword","ignore_above":1024},"deviceCustomString2":{"type":"keyword","ignore_above":1024},"deviceCustomString2Label":{"type":"keyword","ignore_above":1024},"deviceCustomString3":{"type":"keyword","ignore_above":1024},"deviceCustomString3Label":{"type":"keyword","ignore_above":1024},"deviceCustomString4":{"type":"keyword","ignore_above":1024},"deviceCustomString4Label":{"type":"keyword","ignore_above":1024},"deviceCustomString5":{"type":"keyword","ignore_above":1024},"deviceCustomString5Label":{"type":"keyword","ignore_above":1024},"deviceCustomString6":{"type":"keyword","ignore_above":1024},"deviceCustomString6Label":{"type":"keyword","ignore_above":1024},"deviceDirection":{"type":"long"},"deviceDnsDomain":{"type":"keyword","ignore_above":1024},"deviceEventCategory":{"type":"keyword","ignore_above":1024},"deviceExternalId":{"type":"keyword","ignore_above":1024},"deviceFacility":{"type":"keyword","ignore_above":1024},"deviceFlexNumber1":{"type":"long"},"deviceFlexNumber1Label":{"type":"keyword","ignore_above":1024},"deviceFlexNumber2":{"type":"long"},"deviceFlexNumber2Label":{"type":"keyword","ignore_above":1024},"deviceHostName":{"type":"keyword","ignore_above":1024},"deviceInboundInterface":{"type":"keyword","ignore_above":1024},"deviceMacAddress":{"type":"keyword","ignore_above":1024},"deviceNtDomain":{"type":"keyword","ignore_above":1024},"deviceOutboundInterface":{"type":"keyword","ignore_above":1024},"devicePayloadId":{"type":"keyword","ignore_above":1024},"deviceProcessId":{"type":"long"},"deviceProcessName":{"type":"keyword","ignore_above":1024},"deviceReceiptTime":{"type":"date"},"deviceTimeZone":{"type":"keyword","ignore_above":1024},"deviceTranslatedAddress":{"type":"ip"},"deviceTranslatedZoneExternalID":{"type":"keyword","ignore_above":1024},"deviceTranslatedZoneURI":{"type":"keyword","ignore_above":1024},"deviceZoneExternalID":{"type":"keyword","ignore_above":1024},"deviceZoneURI":{"type":"keyword","ignore_above":1024},"endTime":{"type":"date"},"eventId":{"type":"long"},"eventOutcome":{"type":"keyword","ignore_above":1024},"externalId":{"type":"keyword","ignore_above":1024},"fileCreateTime":{"type":"date"},"fileHash":{"type":"keyword","ignore_above":1024},"fileId":{"type":"keyword","ignore_above":1024},"fileModificationTime":{"type":"date"},"filePath":{"type":"keyword","ignore_above":1024},"filePermission":{"type":"keyword","ignore_above":1024},"fileSize":{"type":"long"},"fileType":{"type":"keyword","ignore_above":1024},"filename":{"type":"keyword","ignore_above":1024},"flexDate1":{"type":"date"},"flexDate1Label":{"type":"keyword","ignore_above":1024},"flexString1":{"type":"keyword","ignore_above":1024},"flexString1Label":{"type":"keyword","ignore_above":1024},"flexString2":{"type":"keyword","ignore_above":1024},"flexString2Label":{"type":"keyword","ignore_above":1024},"ifname":{"type":"keyword","ignore_above":1024},"inzone":{"type":"keyword","ignore_above":1024},"layer_name":{"type":"keyword","ignore_above":1024},"layer_uuid":{"type":"keyword","ignore_above":1024},"logid":{"type":"keyword","ignore_above":1024},"loguid":{"type":"keyword","ignore_above":1024},"managerReceiptTime":{"type":"date"},"match_id":{"type":"keyword","ignore_above":1024},"message":{"type":"keyword","ignore_above":1024},"nat_addtnl_rulenum":{"type":"keyword","ignore_above":1024},"nat_rulenum":{"type":"keyword","ignore_above":1024},"oldFileCreateTime":{"type":"date"},"oldFileHash":{"type":"keyword","ignore_above":1024},"oldFileId":{"type":"keyword","ignore_above":1024},"oldFileModificationTime":{"type":"date"},"oldFileName":{"type":"keyword","ignore_above":1024},"oldFilePath":{"type":"keyword","ignore_above":1024},"oldFilePermission":{"type":"keyword","ignore_above":1024},"oldFileSize":{"type":"long"},"oldFileType":{"type":"keyword","ignore_above":1024},"origin":{"type":"keyword","ignore_above":1024},"originsicname":{"type":"keyword","ignore_above":1024},"outzone":{"type":"keyword","ignore_above":1024},"parent_rule":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024},"rawEvent":{"type":"keyword","ignore_above":1024},"requestClientApplication":{"type":"keyword","ignore_above":1024},"requestContext":{"type":"keyword","ignore_above":1024},"requestCookies":{"type":"keyword","ignore_above":1024},"requestMethod":{"type":"keyword","ignore_above":1024},"requestUrl":{"type":"keyword","ignore_above":1024},"rule_action":{"type":"keyword","ignore_above":1024},"rule_uid":{"type":"keyword","ignore_above":1024},"sequencenum":{"type":"keyword","ignore_above":1024},"service_id":{"type":"keyword","ignore_above":1024},"sourceAddress":{"type":"ip"},"sourceDnsDomain":{"type":"keyword","ignore_above":1024},"sourceGeoLatitude":{"type":"double"},"sourceGeoLongitude":{"type":"double"},"sourceHostName":{"type":"keyword","ignore_above":1024},"sourceMacAddress":{"type":"keyword","ignore_above":1024},"sourceNtDomain":{"type":"keyword","ignore_above":1024},"sourcePort":{"type":"long"},"sourceProcessId":{"type":"long"},"sourceProcessName":{"type":"keyword","ignore_above":1024},"sourceServiceName":{"type":"keyword","ignore_above":1024},"sourceTranslatedAddress":{"type":"ip"},"sourceTranslatedPort":{"type":"long"},"sourceTranslatedZoneExternalID":{"type":"keyword","ignore_above":1024},"sourceTranslatedZoneURI":{"type":"keyword","ignore_above":1024},"sourceUserId":{"type":"keyword","ignore_above":1024},"sourceUserName":{"type":"keyword","ignore_above":1024},"sourceUserPrivileges":{"type":"keyword","ignore_above":1024},"sourceZoneExternalID":{"type":"keyword","ignore_above":1024},"sourceZoneURI":{"type":"keyword","ignore_above":1024},"startTime":{"type":"date"},"transportProtocol":{"type":"keyword","ignore_above":1024},"type":{"type":"long"},"version":{"type":"keyword","ignore_above":1024}}},"name":{"type":"keyword","ignore_above":1024},"severity":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"checkpoint":{"properties":{"action_reason":{"type":"long"},"action_reason_msg":{"type":"keyword","ignore_above":1024},"additional_info":{"type":"keyword","ignore_above":1024},"additional_ip":{"type":"keyword","ignore_above":1024},"additional_rdata":{"type":"keyword","ignore_above":1024},"alert":{"type":"keyword","ignore_above":1024},"allocated_ports":{"type":"long"},"analyzed_on":{"type":"keyword","ignore_above":1024},"answer_rdata":{"type":"keyword","ignore_above":1024},"anti_virus_type":{"type":"keyword","ignore_above":1024},"app_desc":{"type":"keyword","ignore_above":1024},"app_id":{"type":"long"},"app_package":{"type":"keyword","ignore_above":1024},"app_properties":{"type":"keyword","ignore_above":1024},"app_repackaged":{"type":"keyword","ignore_above":1024},"app_risk":{"type":"keyword","ignore_above":1024},"app_severity":{"type":"keyword","ignore_above":1024},"app_sid_id":{"type":"keyword","ignore_above":1024},"app_sig_id":{"type":"keyword","ignore_above":1024},"app_version":{"type":"keyword","ignore_above":1024},"appi_name":{"type":"keyword","ignore_above":1024},"arrival_time":{"type":"keyword","ignore_above":1024},"attachments_num":{"type":"long"},"attack_status":{"type":"keyword","ignore_above":1024},"audit_status":{"type":"keyword","ignore_above":1024},"auth_method":{"type":"keyword","ignore_above":1024},"authority_rdata":{"type":"keyword","ignore_above":1024},"authorization":{"type":"keyword","ignore_above":1024},"bcc":{"type":"keyword","ignore_above":1024},"blade_name":{"type":"keyword","ignore_above":1024},"broker_publisher":{"type":"ip"},"browse_time":{"type":"keyword","ignore_above":1024},"c_bytes":{"type":"long"},"calc_desc":{"type":"keyword","ignore_above":1024},"capacity":{"type":"long"},"capture_uuid":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"cc":{"type":"keyword","ignore_above":1024},"certificate_resource":{"type":"keyword","ignore_above":1024},"certificate_validation":{"type":"keyword","ignore_above":1024},"cgnet":{"type":"keyword","ignore_above":1024},"chunk_type":{"type":"keyword","ignore_above":1024},"client_name":{"type":"keyword","ignore_above":1024},"client_type":{"type":"keyword","ignore_above":1024},"client_type_os":{"type":"keyword","ignore_above":1024},"client_version":{"type":"keyword","ignore_above":1024},"cluster_info":{"type":"keyword","ignore_above":1024},"community":{"type":"keyword","ignore_above":1024},"confidence_level":{"type":"long"},"connection_uid":{"type":"keyword","ignore_above":1024},"connectivity_level":{"type":"keyword","ignore_above":1024},"connectivity_state":{"type":"keyword","ignore_above":1024},"conns_amount":{"type":"long"},"content_disposition":{"type":"keyword","ignore_above":1024},"content_length":{"type":"keyword","ignore_above":1024},"content_risk":{"type":"long"},"content_type":{"type":"keyword","ignore_above":1024},"context_num":{"type":"long"},"cookie":{"type":"keyword","ignore_above":1024},"cookieI":{"type":"keyword","ignore_above":1024},"cookieR":{"type":"keyword","ignore_above":1024},"cp_message":{"type":"long"},"cvpn_category":{"type":"keyword","ignore_above":1024},"cvpn_resource":{"type":"keyword","ignore_above":1024},"data_type_name":{"type":"keyword","ignore_above":1024},"dce-rpc_interface_uuid":{"type":"keyword","ignore_above":1024},"delivery_time":{"type":"keyword","ignore_above":1024},"desc":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"destination_object":{"type":"keyword","ignore_above":1024},"detected_on":{"type":"keyword","ignore_above":1024},"developer_certificate_name":{"type":"keyword","ignore_above":1024},"diameter_app_ID":{"type":"long"},"diameter_cmd_code":{"type":"long"},"diameter_msg_type":{"type":"keyword","ignore_above":1024},"dlp_action_reason":{"type":"keyword","ignore_above":1024},"dlp_additional_action":{"type":"keyword","ignore_above":1024},"dlp_categories":{"type":"keyword","ignore_above":1024},"dlp_data_type_name":{"type":"keyword","ignore_above":1024},"dlp_data_type_uid":{"type":"keyword","ignore_above":1024},"dlp_fingerprint_files_number":{"type":"long"},"dlp_fingerprint_long_status":{"type":"keyword","ignore_above":1024},"dlp_fingerprint_short_status":{"type":"keyword","ignore_above":1024},"dlp_incident_uid":{"type":"keyword","ignore_above":1024},"dlp_recipients":{"type":"keyword","ignore_above":1024},"dlp_related_incident_uid":{"type":"keyword","ignore_above":1024},"dlp_relevant_data_types":{"type":"keyword","ignore_above":1024},"dlp_repository_directories_number":{"type":"long"},"dlp_repository_files_number":{"type":"long"},"dlp_repository_id":{"type":"keyword","ignore_above":1024},"dlp_repository_not_scanned_directories_percentage":{"type":"long"},"dlp_repository_reached_directories_number":{"type":"long"},"dlp_repository_root_path":{"type":"keyword","ignore_above":1024},"dlp_repository_scan_progress":{"type":"long"},"dlp_repository_scanned_directories_number":{"type":"long"},"dlp_repository_scanned_files_number":{"type":"long"},"dlp_repository_scanned_total_size":{"type":"long"},"dlp_repository_skipped_files_number":{"type":"long"},"dlp_repository_total_size":{"type":"long"},"dlp_repository_unreachable_directories_number":{"type":"long"},"dlp_rule_name":{"type":"keyword","ignore_above":1024},"dlp_subject":{"type":"keyword","ignore_above":1024},"dlp_template_score":{"type":"keyword","ignore_above":1024},"dlp_transint":{"type":"keyword","ignore_above":1024},"dlp_violation_description":{"type":"keyword","ignore_above":1024},"dlp_watermark_profile":{"type":"keyword","ignore_above":1024},"dlp_word_list":{"type":"keyword","ignore_above":1024},"dns_query":{"type":"keyword","ignore_above":1024},"drop_reason":{"type":"keyword","ignore_above":1024},"dropped_file_hash":{"type":"keyword","ignore_above":1024},"dropped_file_name":{"type":"keyword","ignore_above":1024},"dropped_file_type":{"type":"keyword","ignore_above":1024},"dropped_file_verdict":{"type":"keyword","ignore_above":1024},"dropped_incoming":{"type":"long"},"dropped_outgoing":{"type":"long"},"dropped_total":{"type":"long"},"drops_amount":{"type":"long"},"dst_country":{"type":"keyword","ignore_above":1024},"dst_phone_number":{"type":"keyword","ignore_above":1024},"dst_user_name":{"type":"keyword","ignore_above":1024},"dstkeyid":{"type":"keyword","ignore_above":1024},"duplicate":{"type":"keyword","ignore_above":1024},"duration":{"type":"keyword","ignore_above":1024},"elapsed":{"type":"keyword","ignore_above":1024},"email_content":{"type":"keyword","ignore_above":1024},"email_control":{"type":"keyword","ignore_above":1024},"email_control_analysis":{"type":"keyword","ignore_above":1024},"email_headers":{"type":"keyword","ignore_above":1024},"email_id":{"type":"keyword","ignore_above":1024},"email_message_id":{"type":"keyword","ignore_above":1024},"email_queue_id":{"type":"keyword","ignore_above":1024},"email_queue_name":{"type":"keyword","ignore_above":1024},"email_recipients_num":{"type":"long"},"email_session_id":{"type":"keyword","ignore_above":1024},"email_spam_category":{"type":"keyword","ignore_above":1024},"email_spool_id":{"type":"keyword","ignore_above":1024},"email_status":{"type":"keyword","ignore_above":1024},"email_subject":{"type":"keyword","ignore_above":1024},"emulated_on":{"type":"keyword","ignore_above":1024},"encryption_failure":{"type":"keyword","ignore_above":1024},"end_time":{"type":"keyword","ignore_above":1024},"end_user_firewall_type":{"type":"keyword","ignore_above":1024},"esod_access_status":{"type":"keyword","ignore_above":1024},"esod_associated_policies":{"type":"keyword","ignore_above":1024},"esod_noncompliance_reason":{"type":"keyword","ignore_above":1024},"esod_rule_action":{"type":"keyword","ignore_above":1024},"esod_rule_name":{"type":"keyword","ignore_above":1024},"esod_rule_type":{"type":"keyword","ignore_above":1024},"esod_scan_status":{"type":"keyword","ignore_above":1024},"event_count":{"type":"long"},"expire_time":{"type":"keyword","ignore_above":1024},"extension_version":{"type":"keyword","ignore_above":1024},"extracted_file_hash":{"type":"keyword","ignore_above":1024},"extracted_file_names":{"type":"keyword","ignore_above":1024},"extracted_file_type":{"type":"keyword","ignore_above":1024},"extracted_file_uid":{"type":"keyword","ignore_above":1024},"extracted_file_verdict":{"type":"keyword","ignore_above":1024},"failure_impact":{"type":"keyword","ignore_above":1024},"failure_reason":{"type":"keyword","ignore_above":1024},"file_direction":{"type":"keyword","ignore_above":1024},"file_name":{"type":"keyword","ignore_above":1024},"files_names":{"type":"keyword","ignore_above":1024},"first_hit_time":{"type":"long"},"frequency":{"type":"keyword","ignore_above":1024},"fs-proto":{"type":"keyword","ignore_above":1024},"ftp_user":{"type":"keyword","ignore_above":1024},"fw_message":{"type":"keyword","ignore_above":1024},"fw_subproduct":{"type":"keyword","ignore_above":1024},"hide_ip":{"type":"ip"},"hit":{"type":"long"},"host_time":{"type":"keyword","ignore_above":1024},"http_host":{"type":"keyword","ignore_above":1024},"http_location":{"type":"keyword","ignore_above":1024},"http_server":{"type":"keyword","ignore_above":1024},"https_inspection_action":{"type":"keyword","ignore_above":1024},"https_inspection_rule_id":{"type":"keyword","ignore_above":1024},"https_inspection_rule_name":{"type":"keyword","ignore_above":1024},"https_validation":{"type":"keyword","ignore_above":1024},"icap_more_info":{"type":"long"},"icap_server_name":{"type":"keyword","ignore_above":1024},"icap_server_service":{"type":"keyword","ignore_above":1024},"icap_service_id":{"type":"long"},"icmp":{"type":"keyword","ignore_above":1024},"icmp_code":{"type":"long"},"icmp_type":{"type":"long"},"id":{"type":"long"},"identity_type":{"type":"keyword","ignore_above":1024},"ike":{"type":"keyword","ignore_above":1024},"ike_ids":{"type":"keyword","ignore_above":1024},"impacted_files":{"type":"keyword","ignore_above":1024},"incident_extension":{"type":"keyword","ignore_above":1024},"indicator_description":{"type":"keyword","ignore_above":1024},"indicator_name":{"type":"keyword","ignore_above":1024},"indicator_reference":{"type":"keyword","ignore_above":1024},"indicator_uuid":{"type":"keyword","ignore_above":1024},"info":{"type":"keyword","ignore_above":1024},"information":{"type":"keyword","ignore_above":1024},"inspection_category":{"type":"keyword","ignore_above":1024},"inspection_item":{"type":"keyword","ignore_above":1024},"inspection_profile":{"type":"keyword","ignore_above":1024},"inspection_settings_log":{"type":"keyword","ignore_above":1024},"installed_products":{"type":"keyword","ignore_above":1024},"int_end":{"type":"long"},"int_start":{"type":"long"},"integrity_av_invoke_type":{"type":"keyword","ignore_above":1024},"interface_name":{"type":"keyword","ignore_above":1024},"internal_error":{"type":"keyword","ignore_above":1024},"invalid_file_size":{"type":"long"},"ip_option":{"type":"long"},"isp_link":{"type":"keyword","ignore_above":1024},"last_hit_time":{"type":"long"},"last_rematch_time":{"type":"keyword","ignore_above":1024},"layer_name":{"type":"keyword","ignore_above":1024},"layer_uuid":{"type":"keyword","ignore_above":1024},"limit_applied":{"type":"long"},"limit_requested":{"type":"long"},"link_probing_status_update":{"type":"keyword","ignore_above":1024},"links_num":{"type":"long"},"log_delay":{"type":"long"},"log_id":{"type":"long"},"logid":{"type":"keyword","ignore_above":1024},"long_desc":{"type":"keyword","ignore_above":1024},"machine":{"type":"keyword","ignore_above":1024},"malware_family":{"type":"keyword","ignore_above":1024},"match_fk":{"type":"long"},"match_id":{"type":"long"},"matched_file":{"type":"keyword","ignore_above":1024},"matched_file_percentage":{"type":"long"},"matched_file_text_segments":{"type":"long"},"media_type":{"type":"keyword","ignore_above":1024},"message":{"type":"keyword","ignore_above":1024},"message_info":{"type":"keyword","ignore_above":1024},"message_size":{"type":"long"},"method":{"type":"keyword","ignore_above":1024},"methods":{"type":"keyword","ignore_above":1024},"mime_from":{"type":"keyword","ignore_above":1024},"mime_to":{"type":"keyword","ignore_above":1024},"mirror_and_decrypt_type":{"type":"keyword","ignore_above":1024},"mitre_collection":{"type":"keyword","ignore_above":1024},"mitre_command_and_control":{"type":"keyword","ignore_above":1024},"mitre_credential_access":{"type":"keyword","ignore_above":1024},"mitre_defense_evasion":{"type":"keyword","ignore_above":1024},"mitre_discovery":{"type":"keyword","ignore_above":1024},"mitre_execution":{"type":"keyword","ignore_above":1024},"mitre_exfiltration":{"type":"keyword","ignore_above":1024},"mitre_impact":{"type":"keyword","ignore_above":1024},"mitre_initial_access":{"type":"keyword","ignore_above":1024},"mitre_lateral_movement":{"type":"keyword","ignore_above":1024},"mitre_persistence":{"type":"keyword","ignore_above":1024},"mitre_privilege_escalation":{"type":"keyword","ignore_above":1024},"monitor_reason":{"type":"keyword","ignore_above":1024},"msgid":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"nat46":{"type":"keyword","ignore_above":1024},"nat_addtnl_rulenum":{"type":"long"},"nat_exhausted_pool":{"type":"keyword","ignore_above":1024},"nat_rulenum":{"type":"long"},"needs_browse_time":{"type":"long"},"next_hop_ip":{"type":"keyword","ignore_above":1024},"next_scheduled_scan_date":{"type":"keyword","ignore_above":1024},"number_of_errors":{"type":"long"},"objecttable":{"type":"keyword","ignore_above":1024},"objecttype":{"type":"keyword","ignore_above":1024},"observable_comment":{"type":"keyword","ignore_above":1024},"observable_id":{"type":"keyword","ignore_above":1024},"observable_name":{"type":"keyword","ignore_above":1024},"operation":{"type":"keyword","ignore_above":1024},"operation_number":{"type":"keyword","ignore_above":1024},"origin_sic_name":{"type":"keyword","ignore_above":1024},"original_queue_id":{"type":"keyword","ignore_above":1024},"outgoing_url":{"type":"keyword","ignore_above":1024},"packet_amount":{"type":"long"},"packet_capture_unique_id":{"type":"keyword","ignore_above":1024},"parent_file_hash":{"type":"keyword","ignore_above":1024},"parent_file_name":{"type":"keyword","ignore_above":1024},"parent_file_uid":{"type":"keyword","ignore_above":1024},"parent_process_username":{"type":"keyword","ignore_above":1024},"parent_rule":{"type":"long"},"peer_gateway":{"type":"ip"},"peer_ip":{"type":"keyword","ignore_above":1024},"peer_ip_probing_status_update":{"type":"keyword","ignore_above":1024},"performance_impact":{"type":"long"},"policy_mgmt":{"type":"keyword","ignore_above":1024},"policy_name":{"type":"keyword","ignore_above":1024},"ports_usage":{"type":"long"},"ppp":{"type":"keyword","ignore_above":1024},"precise_error":{"type":"keyword","ignore_above":1024},"process_username":{"type":"keyword","ignore_above":1024},"properties":{"type":"keyword","ignore_above":1024},"protection_id":{"type":"keyword","ignore_above":1024},"protection_name":{"type":"keyword","ignore_above":1024},"protection_type":{"type":"keyword","ignore_above":1024},"protocol":{"type":"keyword","ignore_above":1024},"proxy_machine_name":{"type":"long"},"proxy_src_ip":{"type":"ip"},"proxy_user_dn":{"type":"keyword","ignore_above":1024},"proxy_user_name":{"type":"keyword","ignore_above":1024},"query":{"type":"keyword","ignore_above":1024},"question_rdata":{"type":"keyword","ignore_above":1024},"referrer":{"type":"keyword","ignore_above":1024},"referrer_parent_uid":{"type":"keyword","ignore_above":1024},"referrer_self_uid":{"type":"keyword","ignore_above":1024},"registered_ip-phones":{"type":"keyword","ignore_above":1024},"reject_category":{"type":"keyword","ignore_above":1024},"reject_id":{"type":"keyword","ignore_above":1024},"rematch_info":{"type":"keyword","ignore_above":1024},"remediated_files":{"type":"keyword","ignore_above":1024},"reply_status":{"type":"long"},"risk":{"type":"keyword","ignore_above":1024},"rpc_prog":{"type":"long"},"rule":{"type":"long"},"rule_action":{"type":"keyword","ignore_above":1024},"rulebase_id":{"type":"long"},"scan_direction":{"type":"keyword","ignore_above":1024},"scan_hosts_day":{"type":"long"},"scan_hosts_hour":{"type":"long"},"scan_hosts_week":{"type":"long"},"scan_id":{"type":"keyword","ignore_above":1024},"scan_mail":{"type":"long"},"scan_result":{"type":"keyword","ignore_above":1024},"scan_results":{"type":"keyword","ignore_above":1024},"scheme":{"type":"keyword","ignore_above":1024},"scope":{"type":"keyword","ignore_above":1024},"scrub_activity":{"type":"keyword","ignore_above":1024},"scrub_download_time":{"type":"keyword","ignore_above":1024},"scrub_time":{"type":"keyword","ignore_above":1024},"scrub_total_time":{"type":"keyword","ignore_above":1024},"scrubbed_content":{"type":"keyword","ignore_above":1024},"sctp_association_state":{"type":"keyword","ignore_above":1024},"sctp_error":{"type":"keyword","ignore_above":1024},"scv_message_info":{"type":"keyword","ignore_above":1024},"scv_user":{"type":"keyword","ignore_above":1024},"securexl_message":{"type":"keyword","ignore_above":1024},"sensor_mode":{"type":"keyword","ignore_above":1024},"session_id":{"type":"keyword","ignore_above":1024},"session_uid":{"type":"keyword","ignore_above":1024},"severity":{"type":"keyword","ignore_above":1024},"short_desc":{"type":"keyword","ignore_above":1024},"sig_id":{"type":"keyword","ignore_above":1024},"similar_communication":{"type":"keyword","ignore_above":1024},"similar_hashes":{"type":"keyword","ignore_above":1024},"similar_strings":{"type":"keyword","ignore_above":1024},"similiar_iocs":{"type":"keyword","ignore_above":1024},"sip_reason":{"type":"keyword","ignore_above":1024},"site_name":{"type":"keyword","ignore_above":1024},"source_interface":{"type":"keyword","ignore_above":1024},"source_object":{"type":"keyword","ignore_above":1024},"source_os":{"type":"keyword","ignore_above":1024},"special_properties":{"type":"long"},"specific_data_type_name":{"type":"keyword","ignore_above":1024},"speed":{"type":"long"},"spyware_name":{"type":"keyword","ignore_above":1024},"spyware_status":{"type":"keyword","ignore_above":1024},"spyware_type":{"type":"keyword","ignore_above":1024},"src_country":{"type":"keyword","ignore_above":1024},"src_phone_number":{"type":"keyword","ignore_above":1024},"src_user_dn":{"type":"keyword","ignore_above":1024},"src_user_name":{"type":"keyword","ignore_above":1024},"srckeyid":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"status_update":{"type":"keyword","ignore_above":1024},"sub_policy_name":{"type":"keyword","ignore_above":1024},"sub_policy_uid":{"type":"keyword","ignore_above":1024},"subs_exp":{"type":"date"},"subscriber":{"type":"ip"},"summary":{"type":"keyword","ignore_above":1024},"suppressed_logs":{"type":"long"},"sync":{"type":"keyword","ignore_above":1024},"sys_message":{"type":"keyword","ignore_above":1024},"tcp_end_reason":{"type":"keyword","ignore_above":1024},"tcp_flags":{"type":"keyword","ignore_above":1024},"tcp_packet_out_of_state":{"type":"keyword","ignore_above":1024},"tcp_state":{"type":"keyword","ignore_above":1024},"te_verdict_determined_by":{"type":"keyword","ignore_above":1024},"termination_reason":{"type":"keyword","ignore_above":1024},"ticket_id":{"type":"keyword","ignore_above":1024},"tls_server_host_name":{"type":"keyword","ignore_above":1024},"top_archive_file_name":{"type":"keyword","ignore_above":1024},"total_attachments":{"type":"long"},"triggered_by":{"type":"keyword","ignore_above":1024},"trusted_domain":{"type":"keyword","ignore_above":1024},"unique_detected_day":{"type":"long"},"unique_detected_hour":{"type":"long"},"unique_detected_week":{"type":"long"},"update_status":{"type":"keyword","ignore_above":1024},"url":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024},"user_agent":{"type":"keyword","ignore_above":1024},"user_status":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024},"vendor_list":{"type":"keyword","ignore_above":1024},"verdict":{"type":"keyword","ignore_above":1024},"via":{"type":"keyword","ignore_above":1024},"virus_name":{"type":"keyword","ignore_above":1024},"voip_attach_action_info":{"type":"keyword","ignore_above":1024},"voip_attach_sz":{"type":"long"},"voip_call_dir":{"type":"keyword","ignore_above":1024},"voip_call_id":{"type":"keyword","ignore_above":1024},"voip_call_state":{"type":"keyword","ignore_above":1024},"voip_call_term_time":{"type":"keyword","ignore_above":1024},"voip_config":{"type":"keyword","ignore_above":1024},"voip_duration":{"type":"keyword","ignore_above":1024},"voip_est_codec":{"type":"keyword","ignore_above":1024},"voip_exp":{"type":"long"},"voip_from_user_type":{"type":"keyword","ignore_above":1024},"voip_log_type":{"type":"keyword","ignore_above":1024},"voip_media_codec":{"type":"keyword","ignore_above":1024},"voip_media_ipp":{"type":"keyword","ignore_above":1024},"voip_media_port":{"type":"keyword","ignore_above":1024},"voip_method":{"type":"keyword","ignore_above":1024},"voip_reason_info":{"type":"keyword","ignore_above":1024},"voip_reg_int":{"type":"long"},"voip_reg_ipp":{"type":"long"},"voip_reg_period":{"type":"long"},"voip_reg_server":{"type":"ip"},"voip_reg_user_type":{"type":"keyword","ignore_above":1024},"voip_reject_reason":{"type":"keyword","ignore_above":1024},"voip_to_user_type":{"type":"keyword","ignore_above":1024},"vpn_feature_name":{"type":"keyword","ignore_above":1024},"watermark":{"type":"keyword","ignore_above":1024},"web_server_type":{"type":"keyword","ignore_above":1024},"word_list":{"type":"keyword","ignore_above":1024}}},"cisco":{"properties":{"amp":{"properties":{"bp_data":{"type":"flattened"},"cloud_ioc":{"properties":{"description":{"type":"keyword","ignore_above":1024},"short_description":{"type":"keyword","ignore_above":1024}}},"command_line":{"properties":{"arguments":{"type":"keyword","ignore_above":1024}}},"computer":{"properties":{"active":{"type":"boolean"},"connector_guid":{"type":"keyword","ignore_above":1024},"external_ip":{"type":"ip"},"network_addresses":{"type":"flattened"}}},"connector_guid":{"type":"keyword","ignore_above":1024},"detection":{"type":"keyword","ignore_above":1024},"detection_id":{"type":"keyword","ignore_above":1024},"error":{"properties":{"description":{"type":"keyword","ignore_above":1024},"error_code":{"type":"keyword","ignore_above":1024}}},"event_type_id":{"type":"keyword","ignore_above":1024},"file":{"properties":{"archived_file":{"properties":{"disposition":{"type":"keyword","ignore_above":1024},"identity":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024}}}}},"attack_details":{"properties":{"application":{"type":"keyword","ignore_above":1024},"attacked_module":{"type":"keyword","ignore_above":1024},"base_address":{"type":"keyword","ignore_above":1024},"indicators":{"type":"flattened"},"suspicious_files":{"type":"keyword","ignore_above":1024}}},"disposition":{"type":"keyword","ignore_above":1024},"parent":{"properties":{"disposition":{"type":"keyword","ignore_above":1024}}}}},"group_guids":{"type":"keyword","ignore_above":1024},"mitre_tactics":{"type":"keyword","ignore_above":1024},"mitre_techniques":{"type":"keyword","ignore_above":1024},"network_info":{"properties":{"disposition":{"type":"keyword","ignore_above":1024},"nfm":{"properties":{"direction":{"type":"keyword","ignore_above":1024}}},"parent":{"properties":{"disposition":{"type":"keyword","ignore_above":1024},"identify":{"properties":{"sha256":{"type":"keyword","ignore_above":1024}}},"identity":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024}}}}}}},"related":{"properties":{"cve":{"type":"keyword","ignore_above":1024},"mac":{"type":"keyword","ignore_above":1024}}},"scan":{"properties":{"clean":{"type":"boolean"},"description":{"type":"keyword","ignore_above":1024},"malicious_detections":{"type":"long"},"scanned_files":{"type":"long"},"scanned_paths":{"type":"long"},"scanned_processes":{"type":"long"}}},"tactics":{"type":"flattened"},"techniques":{"type":"flattened"},"threat_hunting":{"properties":{"incident_end_time":{"type":"date"},"incident_hunt_guid":{"type":"keyword","ignore_above":1024},"incident_id":{"type":"keyword","ignore_above":1024},"incident_remediation":{"type":"keyword","ignore_above":1024},"incident_report_guid":{"type":"keyword","ignore_above":1024},"incident_start_time":{"type":"date"},"incident_summary":{"type":"keyword","ignore_above":1024},"incident_title":{"type":"keyword","ignore_above":1024},"severity":{"type":"keyword","ignore_above":1024},"tactics":{"type":"flattened"},"techniques":{"type":"flattened"}}},"timestamp_nanoseconds":{"type":"date"},"vulnerabilities":{"type":"flattened"}}},"asa":{"properties":{"assigned_ip":{"type":"ip"},"burst":{"properties":{"avg_rate":{"type":"keyword","ignore_above":1024},"configured_avg_rate":{"type":"keyword","ignore_above":1024},"configured_rate":{"type":"keyword","ignore_above":1024},"cumulative_count":{"type":"keyword","ignore_above":1024},"current_rate":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"object":{"type":"keyword","ignore_above":1024}}},"command_line_arguments":{"type":"keyword","ignore_above":1024},"connection_id":{"type":"keyword","ignore_above":1024},"connection_type":{"type":"keyword","ignore_above":1024},"dap_records":{"type":"keyword","ignore_above":1024},"destination_interface":{"type":"keyword","ignore_above":1024},"destination_username":{"type":"keyword","ignore_above":1024},"icmp_code":{"type":"short"},"icmp_type":{"type":"short"},"mapped_destination_host":{"type":"keyword","ignore_above":1024},"mapped_destination_ip":{"type":"ip"},"mapped_destination_port":{"type":"long"},"mapped_source_host":{"type":"keyword","ignore_above":1024},"mapped_source_ip":{"type":"ip"},"mapped_source_port":{"type":"long"},"message_id":{"type":"keyword","ignore_above":1024},"privilege":{"properties":{"new":{"type":"keyword","ignore_above":1024},"old":{"type":"keyword","ignore_above":1024}}},"rule_name":{"type":"keyword","ignore_above":1024},"session_type":{"type":"keyword","ignore_above":1024},"source_interface":{"type":"keyword","ignore_above":1024},"source_username":{"type":"keyword","ignore_above":1024},"suffix":{"type":"keyword","ignore_above":1024},"termination_initiator":{"type":"keyword","ignore_above":1024},"termination_user":{"type":"keyword","ignore_above":1024},"threat_category":{"type":"keyword","ignore_above":1024},"threat_level":{"type":"keyword","ignore_above":1024},"tunnel_type":{"type":"keyword","ignore_above":1024},"webvpn":{"properties":{"group_name":{"type":"keyword","ignore_above":1024}}}}},"ftd":{"properties":{"connection_id":{"type":"keyword","ignore_above":1024},"connection_type":{"type":"keyword","ignore_above":1024},"dap_records":{"type":"keyword","ignore_above":1024},"destination_interface":{"type":"keyword","ignore_above":1024},"destination_username":{"type":"keyword","ignore_above":1024},"icmp_code":{"type":"short"},"icmp_type":{"type":"short"},"mapped_destination_host":{"type":"keyword","ignore_above":1024},"mapped_destination_ip":{"type":"ip"},"mapped_destination_port":{"type":"long"},"mapped_source_host":{"type":"keyword","ignore_above":1024},"mapped_source_ip":{"type":"ip"},"mapped_source_port":{"type":"long"},"message_id":{"type":"keyword","ignore_above":1024},"rule_name":{"type":"keyword","ignore_above":1024},"security":{"type":"object"},"source_interface":{"type":"keyword","ignore_above":1024},"source_username":{"type":"keyword","ignore_above":1024},"suffix":{"type":"keyword","ignore_above":1024},"termination_initiator":{"type":"keyword","ignore_above":1024},"termination_user":{"type":"keyword","ignore_above":1024},"threat_category":{"type":"keyword","ignore_above":1024},"threat_level":{"type":"keyword","ignore_above":1024},"webvpn":{"properties":{"group_name":{"type":"keyword","ignore_above":1024}}}}},"ios":{"properties":{"access_list":{"type":"keyword","ignore_above":1024},"facility":{"type":"keyword","ignore_above":1024}}},"umbrella":{"properties":{"amp_disposition":{"type":"keyword","ignore_above":1024},"amp_malware_name":{"type":"keyword","ignore_above":1024},"amp_score":{"type":"keyword","ignore_above":1024},"av_detections":{"type":"keyword","ignore_above":1024},"blocked_categories":{"type":"keyword","ignore_above":1024},"categories":{"type":"keyword","ignore_above":1024},"content_type":{"type":"keyword","ignore_above":1024},"datacenter":{"type":"keyword","ignore_above":1024},"identities":{"type":"keyword","ignore_above":1024},"identity_types":{"type":"keyword","ignore_above":1024},"origin_id":{"type":"keyword","ignore_above":1024},"policy_identity_type":{"type":"keyword","ignore_above":1024},"puas":{"type":"keyword","ignore_above":1024},"sha_sha256":{"type":"keyword","ignore_above":1024}}}}},"client":{"properties":{"address":{"type":"keyword","ignore_above":1024},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}}}},"bytes":{"type":"long"},"domain":{"type":"keyword","ignore_above":1024},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"mac":{"type":"keyword","ignore_above":1024},"nat":{"properties":{"ip":{"type":"ip"},"port":{"type":"long"}}},"packets":{"type":"long"},"port":{"type":"long"},"registered_domain":{"type":"keyword","ignore_above":1024},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"user":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"roles":{"type":"keyword","ignore_above":1024}}}}},"cloud":{"properties":{"account":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"availability_zone":{"type":"keyword","ignore_above":1024},"image":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"instance":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"machine":{"properties":{"type":{"type":"keyword","ignore_above":1024}}},"project":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"provider":{"type":"keyword","ignore_above":1024},"region":{"type":"keyword","ignore_above":1024},"service":{"properties":{"name":{"type":"keyword","ignore_above":1024}}}}},"code_signature":{"properties":{"digest_algorithm":{"type":"keyword","ignore_above":1024},"exists":{"type":"boolean"},"signing_id":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"subject_name":{"type":"keyword","ignore_above":1024},"team_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"trusted":{"type":"boolean"},"valid":{"type":"boolean"}}},"container":{"properties":{"id":{"type":"keyword","ignore_above":1024},"image":{"properties":{"name":{"type":"keyword","ignore_above":1024},"tag":{"type":"keyword","ignore_above":1024}}},"labels":{"type":"object"},"name":{"type":"keyword","ignore_above":1024},"runtime":{"type":"keyword","ignore_above":1024}}},"coredns":{"properties":{"dnssec_ok":{"type":"boolean"},"id":{"type":"keyword","ignore_above":1024},"query":{"properties":{"class":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024}}},"response":{"properties":{"code":{"type":"keyword","ignore_above":1024},"flags":{"type":"keyword","ignore_above":1024},"size":{"type":"long"}}}}},"crowdstrike":{"properties":{"event":{"properties":{"AuditKeyValues":{"type":"nested"},"CommandLine":{"type":"keyword","ignore_above":1024},"Commands":{"type":"keyword","ignore_above":1024},"ComputerName":{"type":"keyword","ignore_above":1024},"ConnectionDirection":{"type":"keyword","ignore_above":1024},"CustomerId":{"type":"keyword","ignore_above":1024},"DetectDescription":{"type":"keyword","ignore_above":1024},"DetectId":{"type":"keyword","ignore_above":1024},"DetectName":{"type":"keyword","ignore_above":1024},"DeviceId":{"type":"keyword","ignore_above":1024},"EndTimestamp":{"type":"date"},"EventType":{"type":"keyword","ignore_above":1024},"ExecutablesWritten":{"type":"nested"},"FalconHostLink":{"type":"keyword","ignore_above":1024},"FileName":{"type":"keyword","ignore_above":1024},"FilePath":{"type":"keyword","ignore_above":1024},"FineScore":{"type":"float"},"Flags":{"properties":{"Audit":{"type":"boolean"},"Log":{"type":"boolean"},"Monitor":{"type":"boolean"}}},"GrandparentCommandLine":{"type":"keyword","ignore_above":1024},"GrandparentImageFileName":{"type":"keyword","ignore_above":1024},"HostName":{"type":"keyword","ignore_above":1024},"HostnameField":{"type":"keyword","ignore_above":1024},"ICMPCode":{"type":"keyword","ignore_above":1024},"ICMPType":{"type":"keyword","ignore_above":1024},"IOCType":{"type":"keyword","ignore_above":1024},"IOCValue":{"type":"keyword","ignore_above":1024},"ImageFileName":{"type":"keyword","ignore_above":1024},"IncidentEndTime":{"type":"date"},"IncidentStartTime":{"type":"date"},"Ipv":{"type":"keyword","ignore_above":1024},"LateralMovement":{"type":"long"},"LocalAddress":{"type":"ip"},"LocalIP":{"type":"keyword","ignore_above":1024},"LocalPort":{"type":"long"},"MACAddress":{"type":"keyword","ignore_above":1024},"MD5String":{"type":"keyword","ignore_above":1024},"MachineDomain":{"type":"keyword","ignore_above":1024},"MatchCount":{"type":"long"},"MatchCountSinceLastReport":{"type":"long"},"NetworkProfile":{"type":"keyword","ignore_above":1024},"Objective":{"type":"keyword","ignore_above":1024},"OperationName":{"type":"keyword","ignore_above":1024},"PID":{"type":"long"},"ParentCommandLine":{"type":"keyword","ignore_above":1024},"ParentImageFileName":{"type":"keyword","ignore_above":1024},"ParentProcessId":{"type":"long"},"PatternDispositionDescription":{"type":"keyword","ignore_above":1024},"PatternDispositionFlags":{"type":"object"},"PatternDispositionValue":{"type":"long"},"PolicyID":{"type":"keyword","ignore_above":1024},"PolicyName":{"type":"keyword","ignore_above":1024},"ProcessEndTime":{"type":"date"},"ProcessId":{"type":"long"},"ProcessStartTime":{"type":"date"},"Protocol":{"type":"keyword","ignore_above":1024},"RemoteAddress":{"type":"ip"},"RemotePort":{"type":"long"},"RuleAction":{"type":"keyword","ignore_above":1024},"RuleDescription":{"type":"keyword","ignore_above":1024},"RuleFamilyID":{"type":"keyword","ignore_above":1024},"RuleGroupName":{"type":"keyword","ignore_above":1024},"RuleId":{"type":"keyword","ignore_above":1024},"RuleName":{"type":"keyword","ignore_above":1024},"SHA1String":{"type":"keyword","ignore_above":1024},"SHA256String":{"type":"keyword","ignore_above":1024},"SensorId":{"type":"keyword","ignore_above":1024},"ServiceName":{"type":"keyword","ignore_above":1024},"SessionId":{"type":"keyword","ignore_above":1024},"Severity":{"type":"long"},"SeverityName":{"type":"keyword","ignore_above":1024},"StartTimestamp":{"type":"date"},"State":{"type":"keyword","ignore_above":1024},"Status":{"type":"keyword","ignore_above":1024},"Success":{"type":"boolean"},"Tactic":{"type":"keyword","ignore_above":1024},"Technique":{"type":"keyword","ignore_above":1024},"Timestamp":{"type":"date"},"TreeID":{"type":"keyword","ignore_above":1024},"UTCTimestamp":{"type":"date"},"UserId":{"type":"keyword","ignore_above":1024},"UserIp":{"type":"keyword","ignore_above":1024},"UserName":{"type":"keyword","ignore_above":1024}}},"metadata":{"properties":{"customerIDString":{"type":"keyword","ignore_above":1024},"eventCreationTime":{"type":"date"},"eventType":{"type":"keyword","ignore_above":1024},"offset":{"type":"long"},"version":{"type":"keyword","ignore_above":1024}}}}},"cyberarkpas":{"properties":{"audit":{"properties":{"action":{"type":"keyword","ignore_above":1024},"ca_properties":{"properties":{"address":{"type":"keyword","ignore_above":1024},"cpm_disabled":{"type":"keyword","ignore_above":1024},"cpm_error_details":{"type":"keyword","ignore_above":1024},"cpm_status":{"type":"keyword","ignore_above":1024},"creation_method":{"type":"keyword","ignore_above":1024},"customer":{"type":"keyword","ignore_above":1024},"database":{"type":"keyword","ignore_above":1024},"device_type":{"type":"keyword","ignore_above":1024},"dual_account_status":{"type":"keyword","ignore_above":1024},"group_name":{"type":"keyword","ignore_above":1024},"in_process":{"type":"keyword","ignore_above":1024},"index":{"type":"keyword","ignore_above":1024},"last_fail_date":{"type":"keyword","ignore_above":1024},"last_success_change":{"type":"keyword","ignore_above":1024},"last_success_reconciliation":{"type":"keyword","ignore_above":1024},"last_success_verification":{"type":"keyword","ignore_above":1024},"last_task":{"type":"keyword","ignore_above":1024},"logon_domain":{"type":"keyword","ignore_above":1024},"other":{"type":"flattened"},"policy_id":{"type":"keyword","ignore_above":1024},"port":{"type":"keyword","ignore_above":1024},"privcloud":{"type":"keyword","ignore_above":1024},"reset_immediately":{"type":"keyword","ignore_above":1024},"retries_count":{"type":"keyword","ignore_above":1024},"sequence_id":{"type":"keyword","ignore_above":1024},"tags":{"type":"keyword","ignore_above":1024},"user_dn":{"type":"keyword","ignore_above":1024},"user_name":{"type":"keyword","ignore_above":1024},"virtual_username":{"type":"keyword","ignore_above":1024}}},"category":{"type":"keyword","ignore_above":1024},"desc":{"type":"keyword","ignore_above":1024},"extra_details":{"properties":{"ad_process_id":{"type":"keyword","ignore_above":1024},"ad_process_name":{"type":"keyword","ignore_above":1024},"application_type":{"type":"keyword","ignore_above":1024},"command":{"type":"keyword","ignore_above":1024},"connection_component_id":{"type":"keyword","ignore_above":1024},"dst_host":{"type":"keyword","ignore_above":1024},"logon_account":{"type":"keyword","ignore_above":1024},"managed_account":{"type":"keyword","ignore_above":1024},"other":{"type":"flattened"},"process_id":{"type":"keyword","ignore_above":1024},"process_name":{"type":"keyword","ignore_above":1024},"protocol":{"type":"keyword","ignore_above":1024},"psmid":{"type":"keyword","ignore_above":1024},"session_duration":{"type":"keyword","ignore_above":1024},"session_id":{"type":"keyword","ignore_above":1024},"src_host":{"type":"keyword","ignore_above":1024},"username":{"type":"keyword","ignore_above":1024}}},"file":{"type":"keyword","ignore_above":1024},"gateway_station":{"type":"ip"},"hostname":{"type":"keyword","ignore_above":1024},"iso_timestamp":{"type":"date"},"issuer":{"type":"keyword","ignore_above":1024},"location":{"type":"keyword","index":false,"doc_values":false,"ignore_above":4096},"message":{"type":"keyword","ignore_above":1024},"message_id":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024},"pvwa_details":{"type":"flattened"},"raw":{"type":"keyword","index":false,"doc_values":false,"ignore_above":4096},"reason":{"type":"text","norms":false},"rfc5424":{"type":"boolean"},"safe":{"type":"keyword","ignore_above":1024},"severity":{"type":"keyword","ignore_above":1024},"source_user":{"type":"keyword","ignore_above":1024},"station":{"type":"ip"},"target_user":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"keyword","ignore_above":1024},"vendor":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}}}},"data_stream":{"properties":{"dataset":{"type":"constant_keyword"},"namespace":{"type":"constant_keyword"},"type":{"type":"constant_keyword"}}},"destination":{"properties":{"address":{"type":"keyword","ignore_above":1024},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}}}},"bytes":{"type":"long"},"domain":{"type":"keyword","ignore_above":1024},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"mac":{"type":"keyword","ignore_above":1024},"nat":{"properties":{"ip":{"type":"ip"},"port":{"type":"long"}}},"packets":{"type":"long"},"port":{"type":"long"},"registered_domain":{"type":"keyword","ignore_above":1024},"service":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"user":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"roles":{"type":"keyword","ignore_above":1024}}}}},"dll":{"properties":{"code_signature":{"properties":{"digest_algorithm":{"type":"keyword","ignore_above":1024},"exists":{"type":"boolean"},"signing_id":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"subject_name":{"type":"keyword","ignore_above":1024},"team_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"trusted":{"type":"boolean"},"valid":{"type":"boolean"}}},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"sha512":{"type":"keyword","ignore_above":1024},"ssdeep":{"type":"keyword","ignore_above":1024}}},"name":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"pe":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"company":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"file_version":{"type":"keyword","ignore_above":1024},"imphash":{"type":"keyword","ignore_above":1024},"original_file_name":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024}}}}},"dns":{"properties":{"answers":{"properties":{"class":{"type":"keyword","ignore_above":1024},"data":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"ttl":{"type":"long"},"type":{"type":"keyword","ignore_above":1024}}},"header_flags":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"op_code":{"type":"keyword","ignore_above":1024},"question":{"properties":{"class":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"registered_domain":{"type":"keyword","ignore_above":1024},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"resolved_ip":{"type":"ip"},"response_code":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"docker":{"properties":{"attrs":{"type":"object"},"container":{"properties":{"labels":{"properties":{"description":{"type":"keyword"},"io_k8s_description":{"type":"keyword"},"io_k8s_display-name":{"type":"keyword"},"license":{"type":"keyword"},"maintainer":{"type":"keyword"},"name":{"type":"keyword"},"org_label-schema_build-date":{"type":"keyword"},"org_label-schema_license":{"type":"keyword"},"org_label-schema_name":{"type":"keyword"},"org_label-schema_schema-version":{"type":"keyword"},"org_label-schema_url":{"type":"keyword"},"org_label-schema_vcs-ref":{"type":"keyword"},"org_label-schema_vcs-url":{"type":"keyword"},"org_label-schema_vendor":{"type":"keyword"},"org_label-schema_version":{"type":"keyword"},"org_opencontainers_image_created":{"type":"keyword"},"org_opencontainers_image_licenses":{"type":"keyword"},"org_opencontainers_image_title":{"type":"keyword"},"org_opencontainers_image_vendor":{"type":"keyword"},"release":{"type":"keyword"},"summary":{"type":"keyword"},"url":{"type":"keyword"},"vendor":{"type":"keyword"},"version":{"type":"keyword"}}}}}}},"ecs":{"properties":{"version":{"type":"keyword","ignore_above":1024}}},"elasticsearch":{"properties":{"audit":{"properties":{"action":{"type":"keyword","ignore_above":1024},"component":{"type":"keyword","ignore_above":1024},"event_type":{"type":"keyword","ignore_above":1024},"indices":{"type":"keyword","ignore_above":1024},"invalidate":{"properties":{"apikeys":{"properties":{"owned_by_authenticated_user":{"type":"boolean"}}}}},"layer":{"type":"keyword","ignore_above":1024},"message":{"type":"text","norms":false},"origin":{"properties":{"type":{"type":"keyword","ignore_above":1024}}},"realm":{"type":"keyword","ignore_above":1024},"request":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"url":{"properties":{"params":{"type":"keyword","ignore_above":1024}}},"user":{"properties":{"realm":{"type":"keyword","ignore_above":1024},"roles":{"type":"keyword","ignore_above":1024},"run_as":{"properties":{"name":{"type":"keyword","ignore_above":1024},"realm":{"type":"keyword","ignore_above":1024}}}}}}},"cluster":{"properties":{"name":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024}}},"component":{"type":"keyword","ignore_above":1024},"gc":{"properties":{"heap":{"properties":{"size_kb":{"type":"long"},"used_kb":{"type":"long"}}},"jvm_runtime_sec":{"type":"float"},"old_gen":{"properties":{"size_kb":{"type":"long"},"used_kb":{"type":"long"}}},"phase":{"properties":{"class_unload_time_sec":{"type":"float"},"cpu_time":{"properties":{"real_sec":{"type":"float"},"sys_sec":{"type":"float"},"user_sec":{"type":"float"}}},"duration_sec":{"type":"float"},"name":{"type":"keyword","ignore_above":1024},"parallel_rescan_time_sec":{"type":"float"},"scrub_string_table_time_sec":{"type":"float"},"scrub_symbol_table_time_sec":{"type":"float"},"weak_refs_processing_time_sec":{"type":"float"}}},"stopping_threads_time_sec":{"type":"float"},"tags":{"type":"keyword","ignore_above":1024},"threads_total_stop_time_sec":{"type":"float"},"young_gen":{"properties":{"size_kb":{"type":"long"},"used_kb":{"type":"long"}}}}},"index":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"node":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"server":{"properties":{"gc":{"properties":{"collection_duration":{"properties":{"ms":{"type":"float"}}},"observation_duration":{"properties":{"ms":{"type":"float"}}},"overhead_seq":{"type":"long"},"young":{"properties":{"one":{"type":"long"},"two":{"type":"long"}}}}},"stacktrace":{"type":"keyword","index":false,"ignore_above":1024}}},"shard":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"slowlog":{"properties":{"extra_source":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"logger":{"type":"keyword","ignore_above":1024},"routing":{"type":"keyword","ignore_above":1024},"search_type":{"type":"keyword","ignore_above":1024},"source":{"type":"keyword","ignore_above":1024},"source_query":{"type":"keyword","ignore_above":1024},"stats":{"type":"keyword","ignore_above":1024},"took":{"type":"keyword","ignore_above":1024},"total_hits":{"type":"keyword","ignore_above":1024},"total_shards":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"types":{"type":"keyword","ignore_above":1024}}}}},"elf":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"byte_order":{"type":"keyword","ignore_above":1024},"cpu_type":{"type":"keyword","ignore_above":1024},"creation_date":{"type":"date"},"exports":{"type":"flattened"},"header":{"properties":{"abi_version":{"type":"keyword","ignore_above":1024},"class":{"type":"keyword","ignore_above":1024},"data":{"type":"keyword","ignore_above":1024},"entrypoint":{"type":"long"},"object_version":{"type":"keyword","ignore_above":1024},"os_abi":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"imports":{"type":"flattened"},"sections":{"type":"nested","properties":{"chi2":{"type":"long"},"entropy":{"type":"long"},"flags":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"physical_offset":{"type":"keyword","ignore_above":1024},"physical_size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"virtual_address":{"type":"long"},"virtual_size":{"type":"long"}}},"segments":{"type":"nested","properties":{"sections":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"shared_libraries":{"type":"keyword","ignore_above":1024},"telfhash":{"type":"keyword","ignore_above":1024}}},"envoyproxy":{"properties":{"authority":{"type":"keyword","ignore_above":1024},"log_type":{"type":"keyword","ignore_above":1024},"proxy_type":{"type":"keyword","ignore_above":1024},"request_id":{"type":"keyword","ignore_above":1024},"response_flags":{"type":"keyword","ignore_above":1024},"upstream_service_time":{"type":"long"}}},"error":{"properties":{"code":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"message":{"type":"match_only_text"},"stack_trace":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"type":{"type":"keyword","ignore_above":1024}}},"event":{"properties":{"action":{"type":"keyword","ignore_above":1024},"agent_id_status":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"code":{"type":"keyword","ignore_above":1024},"created":{"type":"date"},"dataset":{"type":"keyword","ignore_above":1024},"duration":{"type":"long"},"end":{"type":"date"},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"ingested":{"type":"date"},"kind":{"type":"keyword","ignore_above":1024},"module":{"type":"keyword","ignore_above":1024},"original":{"type":"keyword","index":false,"doc_values":false,"ignore_above":1024},"outcome":{"type":"keyword","ignore_above":1024},"provider":{"type":"keyword","ignore_above":1024},"reason":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024},"risk_score":{"type":"float"},"risk_score_norm":{"type":"float"},"sequence":{"type":"long"},"severity":{"type":"long"},"start":{"type":"date"},"timezone":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"url":{"type":"keyword","ignore_above":1024}}},"fields":{"type":"object"},"file":{"properties":{"accessed":{"type":"date"},"attributes":{"type":"keyword","ignore_above":1024},"code_signature":{"properties":{"digest_algorithm":{"type":"keyword","ignore_above":1024},"exists":{"type":"boolean"},"signing_id":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"subject_name":{"type":"keyword","ignore_above":1024},"team_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"trusted":{"type":"boolean"},"valid":{"type":"boolean"}}},"created":{"type":"date"},"ctime":{"type":"date"},"device":{"type":"keyword","ignore_above":1024},"directory":{"type":"keyword","ignore_above":1024},"drive_letter":{"type":"keyword","ignore_above":1},"elf":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"byte_order":{"type":"keyword","ignore_above":1024},"cpu_type":{"type":"keyword","ignore_above":1024},"creation_date":{"type":"date"},"exports":{"type":"flattened"},"header":{"properties":{"abi_version":{"type":"keyword","ignore_above":1024},"class":{"type":"keyword","ignore_above":1024},"data":{"type":"keyword","ignore_above":1024},"entrypoint":{"type":"long"},"object_version":{"type":"keyword","ignore_above":1024},"os_abi":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"imports":{"type":"flattened"},"sections":{"type":"nested","properties":{"chi2":{"type":"long"},"entropy":{"type":"long"},"flags":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"physical_offset":{"type":"keyword","ignore_above":1024},"physical_size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"virtual_address":{"type":"long"},"virtual_size":{"type":"long"}}},"segments":{"type":"nested","properties":{"sections":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"shared_libraries":{"type":"keyword","ignore_above":1024},"telfhash":{"type":"keyword","ignore_above":1024}}},"extension":{"type":"keyword","ignore_above":1024},"fork_name":{"type":"keyword","ignore_above":1024},"gid":{"type":"keyword","ignore_above":1024},"group":{"type":"keyword","ignore_above":1024},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"sha512":{"type":"keyword","ignore_above":1024},"ssdeep":{"type":"keyword","ignore_above":1024}}},"inode":{"type":"keyword","ignore_above":1024},"mime_type":{"type":"keyword","ignore_above":1024},"mode":{"type":"keyword","ignore_above":1024},"mtime":{"type":"date"},"name":{"type":"keyword","ignore_above":1024},"owner":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"pe":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"company":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"file_version":{"type":"keyword","ignore_above":1024},"imphash":{"type":"keyword","ignore_above":1024},"original_file_name":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024}}},"size":{"type":"long"},"target_path":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"type":{"type":"keyword","ignore_above":1024},"uid":{"type":"keyword","ignore_above":1024},"x509":{"properties":{"alternative_names":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"not_after":{"type":"date"},"not_before":{"type":"date"},"public_key_algorithm":{"type":"keyword","ignore_above":1024},"public_key_curve":{"type":"keyword","ignore_above":1024},"public_key_exponent":{"type":"long","index":false,"doc_values":false},"public_key_size":{"type":"long"},"serial_number":{"type":"keyword","ignore_above":1024},"signature_algorithm":{"type":"keyword","ignore_above":1024},"subject":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"version_number":{"type":"keyword","ignore_above":1024}}}}},"fileset":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"forcepoint":{"properties":{"virus_id":{"type":"keyword","ignore_above":1024}}},"fortinet":{"properties":{"file":{"properties":{"hash":{"properties":{"crc32":{"type":"keyword","ignore_above":1024}}}}},"firewall":{"properties":{"acct_stat":{"type":"keyword","ignore_above":1024},"acktime":{"type":"keyword","ignore_above":1024},"act":{"type":"keyword","ignore_above":1024},"action":{"type":"keyword","ignore_above":1024},"activity":{"type":"keyword","ignore_above":1024},"addr":{"type":"ip"},"addr_type":{"type":"keyword","ignore_above":1024},"addrgrp":{"type":"keyword","ignore_above":1024},"adgroup":{"type":"keyword","ignore_above":1024},"admin":{"type":"keyword","ignore_above":1024},"age":{"type":"long"},"agent":{"type":"keyword","ignore_above":1024},"alarmid":{"type":"long"},"alert":{"type":"keyword","ignore_above":1024},"analyticscksum":{"type":"keyword","ignore_above":1024},"analyticssubmit":{"type":"keyword","ignore_above":1024},"ap":{"type":"keyword","ignore_above":1024},"app-type":{"type":"keyword","ignore_above":1024},"appact":{"type":"keyword","ignore_above":1024},"appid":{"type":"long"},"applist":{"type":"keyword","ignore_above":1024},"apprisk":{"type":"keyword","ignore_above":1024},"apscan":{"type":"keyword","ignore_above":1024},"apsn":{"type":"keyword","ignore_above":1024},"apstatus":{"type":"keyword","ignore_above":1024},"aptype":{"type":"keyword","ignore_above":1024},"assigned":{"type":"ip"},"assignip":{"type":"ip"},"attachment":{"type":"keyword","ignore_above":1024},"attack":{"type":"keyword","ignore_above":1024},"attackcontext":{"type":"keyword","ignore_above":1024},"attackcontextid":{"type":"keyword","ignore_above":1024},"attackid":{"type":"long"},"auditid":{"type":"long"},"auditscore":{"type":"keyword","ignore_above":1024},"audittime":{"type":"long"},"authgrp":{"type":"keyword","ignore_above":1024},"authid":{"type":"keyword","ignore_above":1024},"authproto":{"type":"keyword","ignore_above":1024},"authserver":{"type":"keyword","ignore_above":1024},"bandwidth":{"type":"keyword","ignore_above":1024},"banned_rule":{"type":"keyword","ignore_above":1024},"banned_src":{"type":"keyword","ignore_above":1024},"banword":{"type":"keyword","ignore_above":1024},"botnetdomain":{"type":"keyword","ignore_above":1024},"botnetip":{"type":"ip"},"bssid":{"type":"keyword","ignore_above":1024},"call_id":{"type":"keyword","ignore_above":1024},"carrier_ep":{"type":"keyword","ignore_above":1024},"cat":{"type":"long"},"category":{"type":"keyword","ignore_above":1024},"cc":{"type":"keyword","ignore_above":1024},"cdrcontent":{"type":"keyword","ignore_above":1024},"centralnatid":{"type":"long"},"cert":{"type":"keyword","ignore_above":1024},"cert-type":{"type":"keyword","ignore_above":1024},"certhash":{"type":"keyword","ignore_above":1024},"cfgattr":{"type":"keyword","ignore_above":1024},"cfgobj":{"type":"keyword","ignore_above":1024},"cfgpath":{"type":"keyword","ignore_above":1024},"cfgtid":{"type":"keyword","ignore_above":1024},"cfgtxpower":{"type":"long"},"channel":{"type":"long"},"channeltype":{"type":"keyword","ignore_above":1024},"chassisid":{"type":"long"},"checksum":{"type":"keyword","ignore_above":1024},"chgheaders":{"type":"keyword","ignore_above":1024},"cldobjid":{"type":"keyword","ignore_above":1024},"client_addr":{"type":"keyword","ignore_above":1024},"cloudaction":{"type":"keyword","ignore_above":1024},"clouduser":{"type":"keyword","ignore_above":1024},"column":{"type":"long"},"command":{"type":"keyword","ignore_above":1024},"community":{"type":"keyword","ignore_above":1024},"configcountry":{"type":"keyword","ignore_above":1024},"connection_type":{"type":"keyword","ignore_above":1024},"conserve":{"type":"keyword","ignore_above":1024},"constraint":{"type":"keyword","ignore_above":1024},"contentdisarmed":{"type":"keyword","ignore_above":1024},"contenttype":{"type":"keyword","ignore_above":1024},"cookies":{"type":"keyword","ignore_above":1024},"count":{"type":"long"},"countapp":{"type":"long"},"countav":{"type":"long"},"countcifs":{"type":"long"},"countdlp":{"type":"long"},"countdns":{"type":"long"},"countemail":{"type":"long"},"countff":{"type":"long"},"countips":{"type":"long"},"countssh":{"type":"long"},"countssl":{"type":"long"},"countwaf":{"type":"long"},"countweb":{"type":"long"},"cpu":{"type":"long"},"craction":{"type":"long"},"criticalcount":{"type":"long"},"crl":{"type":"keyword","ignore_above":1024},"crlevel":{"type":"keyword","ignore_above":1024},"crscore":{"type":"long"},"cveid":{"type":"keyword","ignore_above":1024},"daemon":{"type":"keyword","ignore_above":1024},"datarange":{"type":"keyword","ignore_above":1024},"date":{"type":"keyword","ignore_above":1024},"ddnsserver":{"type":"ip"},"desc":{"type":"keyword","ignore_above":1024},"detectionmethod":{"type":"keyword","ignore_above":1024},"devcategory":{"type":"keyword","ignore_above":1024},"devintfname":{"type":"keyword","ignore_above":1024},"devtype":{"type":"keyword","ignore_above":1024},"dhcp_msg":{"type":"keyword","ignore_above":1024},"dintf":{"type":"keyword","ignore_above":1024},"disk":{"type":"keyword","ignore_above":1024},"disklograte":{"type":"long"},"dlpextra":{"type":"keyword","ignore_above":1024},"docsource":{"type":"keyword","ignore_above":1024},"domainctrlauthstate":{"type":"long"},"domainctrlauthtype":{"type":"long"},"domainctrldomain":{"type":"keyword","ignore_above":1024},"domainctrlip":{"type":"ip"},"domainctrlname":{"type":"keyword","ignore_above":1024},"domainctrlprotocoltype":{"type":"long"},"domainctrlusername":{"type":"keyword","ignore_above":1024},"domainfilteridx":{"type":"long"},"domainfilterlist":{"type":"keyword","ignore_above":1024},"ds":{"type":"keyword","ignore_above":1024},"dst_int":{"type":"keyword","ignore_above":1024},"dstcountry":{"type":"keyword","ignore_above":1024},"dstdevcategory":{"type":"keyword","ignore_above":1024},"dstdevtype":{"type":"keyword","ignore_above":1024},"dstfamily":{"type":"keyword","ignore_above":1024},"dsthwvendor":{"type":"keyword","ignore_above":1024},"dsthwversion":{"type":"keyword","ignore_above":1024},"dstinetsvc":{"type":"keyword","ignore_above":1024},"dstintfrole":{"type":"keyword","ignore_above":1024},"dstosname":{"type":"keyword","ignore_above":1024},"dstosversion":{"type":"keyword","ignore_above":1024},"dstserver":{"type":"long"},"dstssid":{"type":"keyword","ignore_above":1024},"dstswversion":{"type":"keyword","ignore_above":1024},"dstunauthusersource":{"type":"keyword","ignore_above":1024},"dstuuid":{"type":"keyword","ignore_above":1024},"duid":{"type":"keyword","ignore_above":1024},"eapolcnt":{"type":"long"},"eapoltype":{"type":"keyword","ignore_above":1024},"encrypt":{"type":"long"},"encryption":{"type":"keyword","ignore_above":1024},"epoch":{"type":"long"},"espauth":{"type":"keyword","ignore_above":1024},"esptransform":{"type":"keyword","ignore_above":1024},"eventtype":{"type":"keyword","ignore_above":1024},"exch":{"type":"keyword","ignore_above":1024},"exchange":{"type":"keyword","ignore_above":1024},"expectedsignature":{"type":"keyword","ignore_above":1024},"expiry":{"type":"keyword","ignore_above":1024},"fams_pause":{"type":"long"},"fazlograte":{"type":"long"},"fctemssn":{"type":"keyword","ignore_above":1024},"fctuid":{"type":"keyword","ignore_above":1024},"field":{"type":"keyword","ignore_above":1024},"filefilter":{"type":"keyword","ignore_above":1024},"filehashsrc":{"type":"keyword","ignore_above":1024},"filtercat":{"type":"keyword","ignore_above":1024},"filteridx":{"type":"long"},"filtername":{"type":"keyword","ignore_above":1024},"filtertype":{"type":"keyword","ignore_above":1024},"fortiguardresp":{"type":"keyword","ignore_above":1024},"forwardedfor":{"type":"keyword","ignore_above":1024},"fqdn":{"type":"keyword","ignore_above":1024},"frametype":{"type":"keyword","ignore_above":1024},"freediskstorage":{"type":"long"},"from":{"type":"keyword","ignore_above":1024},"from_vcluster":{"type":"long"},"fsaverdict":{"type":"keyword","ignore_above":1024},"fwserver_name":{"type":"keyword","ignore_above":1024},"gateway":{"type":"ip"},"green":{"type":"keyword","ignore_above":1024},"groupid":{"type":"long"},"ha-prio":{"type":"long"},"ha_group":{"type":"keyword","ignore_above":1024},"ha_role":{"type":"keyword","ignore_above":1024},"handshake":{"type":"keyword","ignore_above":1024},"hash":{"type":"keyword","ignore_above":1024},"hbdn_reason":{"type":"keyword","ignore_above":1024},"highcount":{"type":"long"},"host":{"type":"keyword","ignore_above":1024},"iaid":{"type":"keyword","ignore_above":1024},"icmpcode":{"type":"keyword","ignore_above":1024},"icmpid":{"type":"keyword","ignore_above":1024},"icmptype":{"type":"keyword","ignore_above":1024},"identifier":{"type":"long"},"in_spi":{"type":"keyword","ignore_above":1024},"incidentserialno":{"type":"long"},"infected":{"type":"long"},"infectedfilelevel":{"type":"long"},"informationsource":{"type":"keyword","ignore_above":1024},"init":{"type":"keyword","ignore_above":1024},"initiator":{"type":"keyword","ignore_above":1024},"interface":{"type":"keyword","ignore_above":1024},"intf":{"type":"keyword","ignore_above":1024},"invalidmac":{"type":"keyword","ignore_above":1024},"ip":{"type":"ip"},"iptype":{"type":"keyword","ignore_above":1024},"keyword":{"type":"keyword","ignore_above":1024},"kind":{"type":"keyword","ignore_above":1024},"lanin":{"type":"long"},"lanout":{"type":"long"},"lease":{"type":"long"},"license_limit":{"type":"keyword","ignore_above":1024},"limit":{"type":"long"},"line":{"type":"keyword","ignore_above":1024},"live":{"type":"long"},"local":{"type":"ip"},"log":{"type":"keyword","ignore_above":1024},"login":{"type":"keyword","ignore_above":1024},"lowcount":{"type":"long"},"mac":{"type":"keyword","ignore_above":1024},"malform_data":{"type":"long"},"malform_desc":{"type":"keyword","ignore_above":1024},"manuf":{"type":"keyword","ignore_above":1024},"masterdstmac":{"type":"keyword","ignore_above":1024},"mastersrcmac":{"type":"keyword","ignore_above":1024},"mediumcount":{"type":"long"},"mem":{"type":"long"},"meshmode":{"type":"keyword","ignore_above":1024},"message_type":{"type":"keyword","ignore_above":1024},"method":{"type":"keyword","ignore_above":1024},"mgmtcnt":{"type":"long"},"mode":{"type":"keyword","ignore_above":1024},"module":{"type":"keyword","ignore_above":1024},"monitor-name":{"type":"keyword","ignore_above":1024},"monitor-type":{"type":"keyword","ignore_above":1024},"mpsk":{"type":"keyword","ignore_above":1024},"msgproto":{"type":"keyword","ignore_above":1024},"mtu":{"type":"long"},"name":{"type":"keyword","ignore_above":1024},"nat":{"type":"keyword","ignore_above":1024},"netid":{"type":"keyword","ignore_above":1024},"new_status":{"type":"keyword","ignore_above":1024},"new_value":{"type":"keyword","ignore_above":1024},"newchannel":{"type":"long"},"newchassisid":{"type":"long"},"newslot":{"type":"long"},"nextstat":{"type":"long"},"nf_type":{"type":"keyword","ignore_above":1024},"noise":{"type":"long"},"old_status":{"type":"keyword","ignore_above":1024},"old_value":{"type":"keyword","ignore_above":1024},"oldchannel":{"type":"long"},"oldchassisid":{"type":"long"},"oldslot":{"type":"long"},"oldsn":{"type":"keyword","ignore_above":1024},"oldwprof":{"type":"keyword","ignore_above":1024},"onwire":{"type":"keyword","ignore_above":1024},"opercountry":{"type":"keyword","ignore_above":1024},"opertxpower":{"type":"long"},"osname":{"type":"keyword","ignore_above":1024},"osversion":{"type":"keyword","ignore_above":1024},"out_spi":{"type":"keyword","ignore_above":1024},"outintf":{"type":"keyword","ignore_above":1024},"passedcount":{"type":"long"},"passwd":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"peer":{"type":"keyword","ignore_above":1024},"peer_notif":{"type":"keyword","ignore_above":1024},"phase2_name":{"type":"keyword","ignore_above":1024},"phone":{"type":"keyword","ignore_above":1024},"pid":{"type":"long"},"policytype":{"type":"keyword","ignore_above":1024},"poolname":{"type":"keyword","ignore_above":1024},"port":{"type":"long"},"portbegin":{"type":"long"},"portend":{"type":"long"},"probeproto":{"type":"keyword","ignore_above":1024},"process":{"type":"keyword","ignore_above":1024},"processtime":{"type":"long"},"profile":{"type":"keyword","ignore_above":1024},"profile_vd":{"type":"keyword","ignore_above":1024},"profilegroup":{"type":"keyword","ignore_above":1024},"profiletype":{"type":"keyword","ignore_above":1024},"qtypeval":{"type":"long"},"quarskip":{"type":"keyword","ignore_above":1024},"quotaexceeded":{"type":"keyword","ignore_above":1024},"quotamax":{"type":"long"},"quotatype":{"type":"keyword","ignore_above":1024},"quotaused":{"type":"long"},"radioband":{"type":"keyword","ignore_above":1024},"radioid":{"type":"long"},"radioidclosest":{"type":"long"},"radioiddetected":{"type":"long"},"rate":{"type":"keyword","ignore_above":1024},"rawdata":{"type":"keyword","ignore_above":1024},"rawdataid":{"type":"keyword","ignore_above":1024},"rcvddelta":{"type":"keyword","ignore_above":1024},"reason":{"type":"keyword","ignore_above":1024},"received":{"type":"long"},"receivedsignature":{"type":"keyword","ignore_above":1024},"red":{"type":"keyword","ignore_above":1024},"referralurl":{"type":"keyword","ignore_above":1024},"remote":{"type":"ip"},"remotewtptime":{"type":"keyword","ignore_above":1024},"reporttype":{"type":"keyword","ignore_above":1024},"reqtype":{"type":"keyword","ignore_above":1024},"request_name":{"type":"keyword","ignore_above":1024},"result":{"type":"keyword","ignore_above":1024},"role":{"type":"keyword","ignore_above":1024},"rssi":{"type":"long"},"rsso_key":{"type":"keyword","ignore_above":1024},"ruledata":{"type":"keyword","ignore_above":1024},"ruletype":{"type":"keyword","ignore_above":1024},"scanned":{"type":"long"},"scantime":{"type":"long"},"scope":{"type":"keyword","ignore_above":1024},"security":{"type":"keyword","ignore_above":1024},"sensitivity":{"type":"keyword","ignore_above":1024},"sensor":{"type":"keyword","ignore_above":1024},"sentdelta":{"type":"keyword","ignore_above":1024},"seq":{"type":"keyword","ignore_above":1024},"serial":{"type":"keyword","ignore_above":1024},"serialno":{"type":"keyword","ignore_above":1024},"server":{"type":"keyword","ignore_above":1024},"session_id":{"type":"keyword","ignore_above":1024},"sessionid":{"type":"long"},"setuprate":{"type":"long"},"severity":{"type":"keyword","ignore_above":1024},"shaperdroprcvdbyte":{"type":"long"},"shaperdropsentbyte":{"type":"long"},"shaperperipdropbyte":{"type":"long"},"shaperperipname":{"type":"keyword","ignore_above":1024},"shaperrcvdname":{"type":"keyword","ignore_above":1024},"shapersentname":{"type":"keyword","ignore_above":1024},"shapingpolicyid":{"type":"long"},"signal":{"type":"long"},"size":{"type":"long"},"slot":{"type":"long"},"sn":{"type":"keyword","ignore_above":1024},"snclosest":{"type":"keyword","ignore_above":1024},"sndetected":{"type":"keyword","ignore_above":1024},"snmeshparent":{"type":"keyword","ignore_above":1024},"spi":{"type":"keyword","ignore_above":1024},"src_int":{"type":"keyword","ignore_above":1024},"srccountry":{"type":"keyword","ignore_above":1024},"srcfamily":{"type":"keyword","ignore_above":1024},"srchwvendor":{"type":"keyword","ignore_above":1024},"srchwversion":{"type":"keyword","ignore_above":1024},"srcinetsvc":{"type":"keyword","ignore_above":1024},"srcintfrole":{"type":"keyword","ignore_above":1024},"srcname":{"type":"keyword","ignore_above":1024},"srcserver":{"type":"long"},"srcssid":{"type":"keyword","ignore_above":1024},"srcswversion":{"type":"keyword","ignore_above":1024},"srcuuid":{"type":"keyword","ignore_above":1024},"sscname":{"type":"keyword","ignore_above":1024},"ssid":{"type":"keyword","ignore_above":1024},"sslaction":{"type":"keyword","ignore_above":1024},"ssllocal":{"type":"keyword","ignore_above":1024},"sslremote":{"type":"keyword","ignore_above":1024},"stacount":{"type":"long"},"stage":{"type":"keyword","ignore_above":1024},"stamac":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"stitch":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024},"submodule":{"type":"keyword","ignore_above":1024},"subservice":{"type":"keyword","ignore_above":1024},"subtype":{"type":"keyword","ignore_above":1024},"suspicious":{"type":"long"},"switchproto":{"type":"keyword","ignore_above":1024},"sync_status":{"type":"keyword","ignore_above":1024},"sync_type":{"type":"keyword","ignore_above":1024},"sysuptime":{"type":"keyword","ignore_above":1024},"tamac":{"type":"keyword","ignore_above":1024},"threattype":{"type":"keyword","ignore_above":1024},"time":{"type":"keyword","ignore_above":1024},"to":{"type":"keyword","ignore_above":1024},"to_vcluster":{"type":"long"},"total":{"type":"long"},"totalsession":{"type":"long"},"trace_id":{"type":"keyword","ignore_above":1024},"trandisp":{"type":"keyword","ignore_above":1024},"transid":{"type":"long"},"translationid":{"type":"keyword","ignore_above":1024},"trigger":{"type":"keyword","ignore_above":1024},"trueclntip":{"type":"ip"},"tunnelid":{"type":"long"},"tunnelip":{"type":"ip"},"tunneltype":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"ui":{"type":"keyword","ignore_above":1024},"unauthusersource":{"type":"keyword","ignore_above":1024},"unit":{"type":"long"},"urlfilteridx":{"type":"long"},"urlfilterlist":{"type":"keyword","ignore_above":1024},"urlsource":{"type":"keyword","ignore_above":1024},"urltype":{"type":"keyword","ignore_above":1024},"used":{"type":"long"},"used_for_type":{"type":"long"},"utmaction":{"type":"keyword","ignore_above":1024},"utmref":{"type":"keyword","ignore_above":1024},"vap":{"type":"keyword","ignore_above":1024},"vapmode":{"type":"keyword","ignore_above":1024},"vcluster":{"type":"long"},"vcluster_member":{"type":"long"},"vcluster_state":{"type":"keyword","ignore_above":1024},"vd":{"type":"keyword","ignore_above":1024},"vdname":{"type":"keyword","ignore_above":1024},"vendorurl":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024},"vip":{"type":"keyword","ignore_above":1024},"virus":{"type":"keyword","ignore_above":1024},"virusid":{"type":"long"},"voip_proto":{"type":"keyword","ignore_above":1024},"vpn":{"type":"keyword","ignore_above":1024},"vpntunnel":{"type":"keyword","ignore_above":1024},"vpntype":{"type":"keyword","ignore_above":1024},"vrf":{"type":"long"},"vulncat":{"type":"keyword","ignore_above":1024},"vulnid":{"type":"long"},"vulnname":{"type":"keyword","ignore_above":1024},"vwlid":{"type":"long"},"vwlquality":{"type":"keyword","ignore_above":1024},"vwlservice":{"type":"keyword","ignore_above":1024},"vwpvlanid":{"type":"long"},"wanin":{"type":"long"},"wanoptapptype":{"type":"keyword","ignore_above":1024},"wanout":{"type":"long"},"weakwepiv":{"type":"keyword","ignore_above":1024},"xauthgroup":{"type":"keyword","ignore_above":1024},"xauthuser":{"type":"keyword","ignore_above":1024},"xid":{"type":"long"}}}}},"gcp":{"properties":{"audit":{"properties":{"authentication_info":{"properties":{"authority_selector":{"type":"keyword","ignore_above":1024},"principal_email":{"type":"keyword","ignore_above":1024}}},"method_name":{"type":"keyword","ignore_above":1024},"num_response_items":{"type":"long"},"request":{"properties":{"filter":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"proto_name":{"type":"keyword","ignore_above":1024},"resource_name":{"type":"keyword","ignore_above":1024}}},"request_metadata":{"properties":{"caller_ip":{"type":"ip"},"caller_supplied_user_agent":{"type":"keyword","ignore_above":1024}}},"resource_location":{"properties":{"current_locations":{"type":"keyword","ignore_above":1024}}},"resource_name":{"type":"keyword","ignore_above":1024},"response":{"properties":{"details":{"properties":{"group":{"type":"keyword","ignore_above":1024},"kind":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"uid":{"type":"keyword","ignore_above":1024}}},"proto_name":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024}}},"service_name":{"type":"keyword","ignore_above":1024},"status":{"properties":{"code":{"type":"long"},"message":{"type":"keyword","ignore_above":1024}}},"type":{"type":"keyword","ignore_above":1024}}},"destination":{"properties":{"instance":{"properties":{"project_id":{"type":"keyword","ignore_above":1024},"region":{"type":"keyword","ignore_above":1024},"zone":{"type":"keyword","ignore_above":1024}}},"vpc":{"properties":{"project_id":{"type":"keyword","ignore_above":1024},"subnetwork_name":{"type":"keyword","ignore_above":1024},"vpc_name":{"type":"keyword","ignore_above":1024}}}}},"firewall":{"properties":{"rule_details":{"properties":{"action":{"type":"keyword","ignore_above":1024},"destination_range":{"type":"keyword","ignore_above":1024},"direction":{"type":"keyword","ignore_above":1024},"priority":{"type":"long"},"reference":{"type":"keyword","ignore_above":1024},"source_range":{"type":"keyword","ignore_above":1024},"source_service_account":{"type":"keyword","ignore_above":1024},"source_tag":{"type":"keyword","ignore_above":1024},"target_service_account":{"type":"keyword","ignore_above":1024},"target_tag":{"type":"keyword","ignore_above":1024}}}}},"source":{"properties":{"instance":{"properties":{"project_id":{"type":"keyword","ignore_above":1024},"region":{"type":"keyword","ignore_above":1024},"zone":{"type":"keyword","ignore_above":1024}}},"vpc":{"properties":{"project_id":{"type":"keyword","ignore_above":1024},"subnetwork_name":{"type":"keyword","ignore_above":1024},"vpc_name":{"type":"keyword","ignore_above":1024}}}}},"vpcflow":{"properties":{"reporter":{"type":"keyword","ignore_above":1024},"rtt":{"properties":{"ms":{"type":"long"}}}}}}},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"google_workspace":{"properties":{"actor":{"properties":{"key":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"admin":{"properties":{"alert":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"api":{"properties":{"client":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"scopes":{"type":"keyword","ignore_above":1024}}},"application":{"properties":{"asp_id":{"type":"keyword","ignore_above":1024},"edition":{"type":"keyword","ignore_above":1024},"enabled":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"licences_order_number":{"type":"keyword","ignore_above":1024},"licences_purchased":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"package_id":{"type":"keyword","ignore_above":1024}}},"bulk_upload":{"properties":{"failed":{"type":"long"},"total":{"type":"long"}}},"chrome_licenses":{"properties":{"allowed":{"type":"keyword","ignore_above":1024},"enabled":{"type":"keyword","ignore_above":1024}}},"chrome_os":{"properties":{"session_type":{"type":"keyword","ignore_above":1024}}},"device":{"properties":{"command_details":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"serial_number":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"distribution":{"properties":{"entity":{"properties":{"name":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}}}},"domain":{"properties":{"alias":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"secondary_name":{"type":"keyword","ignore_above":1024}}},"email":{"properties":{"log_search_filter":{"properties":{"end_date":{"type":"date"},"message_id":{"type":"keyword","ignore_above":1024},"recipient":{"properties":{"ip":{"type":"ip"},"value":{"type":"keyword","ignore_above":1024}}},"sender":{"properties":{"ip":{"type":"ip"},"value":{"type":"keyword","ignore_above":1024}}},"start_date":{"type":"date"}}},"quarantine_name":{"type":"keyword","ignore_above":1024}}},"email_dump":{"properties":{"include_deleted":{"type":"boolean"},"package_content":{"type":"keyword","ignore_above":1024},"query":{"type":"keyword","ignore_above":1024}}},"email_monitor":{"properties":{"dest_email":{"type":"keyword","ignore_above":1024},"level":{"properties":{"chat":{"type":"keyword","ignore_above":1024},"draft":{"type":"keyword","ignore_above":1024},"incoming":{"type":"keyword","ignore_above":1024},"outgoing":{"type":"keyword","ignore_above":1024}}}}},"field":{"type":"keyword","ignore_above":1024},"gateway":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"group":{"properties":{"allowed_list":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"priorities":{"type":"keyword","ignore_above":1024}}},"info_type":{"type":"keyword","ignore_above":1024},"managed_configuration":{"type":"keyword","ignore_above":1024},"mdm":{"properties":{"token":{"type":"keyword","ignore_above":1024},"vendor":{"type":"keyword","ignore_above":1024}}},"mobile":{"properties":{"action":{"properties":{"id":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"certificate":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"company_owned_devices":{"type":"long"}}},"new_value":{"type":"keyword","ignore_above":1024},"non_featured_services_selection":{"type":"keyword","ignore_above":1024},"oauth2":{"properties":{"application":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"service":{"properties":{"name":{"type":"keyword","ignore_above":1024}}}}},"old_value":{"type":"keyword","ignore_above":1024},"org_unit":{"properties":{"full":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"print_server":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"printer":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"privilege":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"product":{"properties":{"name":{"type":"keyword","ignore_above":1024},"sku":{"type":"keyword","ignore_above":1024}}},"request":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"resource":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"role":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"rule":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"service":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"setting":{"properties":{"description":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"url":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"user":{"properties":{"birthdate":{"type":"date"},"email":{"type":"keyword","ignore_above":1024},"nickname":{"type":"keyword","ignore_above":1024}}},"user_defined_setting":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"verification_method":{"type":"keyword","ignore_above":1024}}},"drive":{"properties":{"added_role":{"type":"keyword","ignore_above":1024},"billable":{"type":"boolean"},"destination_folder_id":{"type":"keyword","ignore_above":1024},"destination_folder_title":{"type":"keyword","ignore_above":1024},"file":{"properties":{"id":{"type":"keyword","ignore_above":1024},"owner":{"properties":{"email":{"type":"keyword","ignore_above":1024},"is_shared_drive":{"type":"boolean"}}},"type":{"type":"keyword","ignore_above":1024}}},"membership_change_type":{"type":"keyword","ignore_above":1024},"new_value":{"type":"keyword","ignore_above":1024},"old_value":{"type":"keyword","ignore_above":1024},"old_visibility":{"type":"keyword","ignore_above":1024},"originating_app_id":{"type":"keyword","ignore_above":1024},"primary_event":{"type":"boolean"},"removed_role":{"type":"keyword","ignore_above":1024},"shared_drive_id":{"type":"keyword","ignore_above":1024},"shared_drive_settings_change_type":{"type":"keyword","ignore_above":1024},"sheets_import_range_recipient_doc":{"type":"keyword","ignore_above":1024},"source_folder_id":{"type":"keyword","ignore_above":1024},"source_folder_title":{"type":"keyword","ignore_above":1024},"target":{"type":"keyword","ignore_above":1024},"target_domain":{"type":"keyword","ignore_above":1024},"visibility":{"type":"keyword","ignore_above":1024},"visibility_change":{"type":"keyword","ignore_above":1024}}},"event":{"properties":{"type":{"type":"keyword","ignore_above":1024}}},"groups":{"properties":{"acl_permission":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"member":{"properties":{"email":{"type":"keyword","ignore_above":1024},"role":{"type":"keyword","ignore_above":1024}}},"message":{"properties":{"id":{"type":"keyword","ignore_above":1024},"moderation_action":{"type":"keyword","ignore_above":1024}}},"new_value":{"type":"keyword","ignore_above":1024},"old_value":{"type":"keyword","ignore_above":1024},"setting":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"kind":{"type":"keyword","ignore_above":1024},"login":{"properties":{"affected_email_address":{"type":"keyword","ignore_above":1024},"challenge_method":{"type":"keyword","ignore_above":1024},"failure_type":{"type":"keyword","ignore_above":1024},"is_second_factor":{"type":"boolean"},"is_suspicious":{"type":"boolean"},"type":{"type":"keyword","ignore_above":1024}}},"organization":{"properties":{"domain":{"type":"keyword","ignore_above":1024}}},"saml":{"properties":{"application_name":{"type":"keyword","ignore_above":1024},"failure_type":{"type":"keyword","ignore_above":1024},"initiated_by":{"type":"keyword","ignore_above":1024},"orgunit_path":{"type":"keyword","ignore_above":1024},"second_level_status_code":{"type":"keyword","ignore_above":1024},"status_code":{"type":"keyword","ignore_above":1024}}}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"gsuite":{"properties":{"actor":{"properties":{"key":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"admin":{"properties":{"alert":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"api":{"properties":{"client":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"scopes":{"type":"keyword","ignore_above":1024}}},"application":{"properties":{"asp_id":{"type":"keyword","ignore_above":1024},"edition":{"type":"keyword","ignore_above":1024},"enabled":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"licences_order_number":{"type":"keyword","ignore_above":1024},"licences_purchased":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"package_id":{"type":"keyword","ignore_above":1024}}},"bulk_upload":{"properties":{"failed":{"type":"long"},"total":{"type":"long"}}},"chrome_licenses":{"properties":{"allowed":{"type":"keyword","ignore_above":1024},"enabled":{"type":"keyword","ignore_above":1024}}},"chrome_os":{"properties":{"session_type":{"type":"keyword","ignore_above":1024}}},"device":{"properties":{"command_details":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"serial_number":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"distribution":{"properties":{"entity":{"properties":{"name":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}}}},"domain":{"properties":{"alias":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"secondary_name":{"type":"keyword","ignore_above":1024}}},"email":{"properties":{"log_search_filter":{"properties":{"end_date":{"type":"date"},"message_id":{"type":"keyword","ignore_above":1024},"recipient":{"properties":{"ip":{"type":"ip"},"value":{"type":"keyword","ignore_above":1024}}},"sender":{"properties":{"ip":{"type":"ip"},"value":{"type":"keyword","ignore_above":1024}}},"start_date":{"type":"date"}}},"quarantine_name":{"type":"keyword","ignore_above":1024}}},"email_dump":{"properties":{"include_deleted":{"type":"boolean"},"package_content":{"type":"keyword","ignore_above":1024},"query":{"type":"keyword","ignore_above":1024}}},"email_monitor":{"properties":{"dest_email":{"type":"keyword","ignore_above":1024},"level":{"properties":{"chat":{"type":"keyword","ignore_above":1024},"draft":{"type":"keyword","ignore_above":1024},"incoming":{"type":"keyword","ignore_above":1024},"outgoing":{"type":"keyword","ignore_above":1024}}}}},"field":{"type":"keyword","ignore_above":1024},"gateway":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"group":{"properties":{"allowed_list":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"priorities":{"type":"keyword","ignore_above":1024}}},"info_type":{"type":"keyword","ignore_above":1024},"managed_configuration":{"type":"keyword","ignore_above":1024},"mdm":{"properties":{"token":{"type":"keyword","ignore_above":1024},"vendor":{"type":"keyword","ignore_above":1024}}},"mobile":{"properties":{"action":{"properties":{"id":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"certificate":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"company_owned_devices":{"type":"long"}}},"new_value":{"type":"keyword","ignore_above":1024},"non_featured_services_selection":{"type":"keyword","ignore_above":1024},"oauth2":{"properties":{"application":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"service":{"properties":{"name":{"type":"keyword","ignore_above":1024}}}}},"old_value":{"type":"keyword","ignore_above":1024},"org_unit":{"properties":{"full":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"print_server":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"printer":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"privilege":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"product":{"properties":{"name":{"type":"keyword","ignore_above":1024},"sku":{"type":"keyword","ignore_above":1024}}},"request":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"resource":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"role":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"rule":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"service":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"setting":{"properties":{"description":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"url":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"user":{"properties":{"birthdate":{"type":"date"},"email":{"type":"keyword","ignore_above":1024},"nickname":{"type":"keyword","ignore_above":1024}}},"user_defined_setting":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"verification_method":{"type":"keyword","ignore_above":1024}}},"drive":{"properties":{"added_role":{"type":"keyword","ignore_above":1024},"billable":{"type":"boolean"},"destination_folder_id":{"type":"keyword","ignore_above":1024},"destination_folder_title":{"type":"keyword","ignore_above":1024},"file":{"properties":{"id":{"type":"keyword","ignore_above":1024},"owner":{"properties":{"email":{"type":"keyword","ignore_above":1024},"is_shared_drive":{"type":"boolean"}}},"type":{"type":"keyword","ignore_above":1024}}},"membership_change_type":{"type":"keyword","ignore_above":1024},"new_value":{"type":"keyword","ignore_above":1024},"old_value":{"type":"keyword","ignore_above":1024},"old_visibility":{"type":"keyword","ignore_above":1024},"originating_app_id":{"type":"keyword","ignore_above":1024},"primary_event":{"type":"boolean"},"removed_role":{"type":"keyword","ignore_above":1024},"shared_drive_id":{"type":"keyword","ignore_above":1024},"shared_drive_settings_change_type":{"type":"keyword","ignore_above":1024},"sheets_import_range_recipient_doc":{"type":"keyword","ignore_above":1024},"source_folder_id":{"type":"keyword","ignore_above":1024},"source_folder_title":{"type":"keyword","ignore_above":1024},"target":{"type":"keyword","ignore_above":1024},"target_domain":{"type":"keyword","ignore_above":1024},"visibility":{"type":"keyword","ignore_above":1024},"visibility_change":{"type":"keyword","ignore_above":1024}}},"event":{"properties":{"type":{"type":"keyword","ignore_above":1024}}},"groups":{"properties":{"acl_permission":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"member":{"properties":{"email":{"type":"keyword","ignore_above":1024},"role":{"type":"keyword","ignore_above":1024}}},"message":{"properties":{"id":{"type":"keyword","ignore_above":1024},"moderation_action":{"type":"keyword","ignore_above":1024}}},"new_value":{"type":"keyword","ignore_above":1024},"old_value":{"type":"keyword","ignore_above":1024},"setting":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"kind":{"type":"keyword","ignore_above":1024},"login":{"properties":{"affected_email_address":{"type":"keyword","ignore_above":1024},"challenge_method":{"type":"keyword","ignore_above":1024},"failure_type":{"type":"keyword","ignore_above":1024},"is_second_factor":{"type":"boolean"},"is_suspicious":{"type":"boolean"},"type":{"type":"keyword","ignore_above":1024}}},"organization":{"properties":{"domain":{"type":"keyword","ignore_above":1024}}},"saml":{"properties":{"application_name":{"type":"keyword","ignore_above":1024},"failure_type":{"type":"keyword","ignore_above":1024},"initiated_by":{"type":"keyword","ignore_above":1024},"orgunit_path":{"type":"keyword","ignore_above":1024},"second_level_status_code":{"type":"keyword","ignore_above":1024},"status_code":{"type":"keyword","ignore_above":1024}}}}},"haproxy":{"properties":{"backend_name":{"type":"keyword","ignore_above":1024},"backend_queue":{"type":"long"},"bind_name":{"type":"keyword","ignore_above":1024},"bytes_read":{"type":"long"},"connection_wait_time_ms":{"type":"long"},"connections":{"properties":{"active":{"type":"long"},"backend":{"type":"long"},"frontend":{"type":"long"},"retries":{"type":"long"},"server":{"type":"long"}}},"error_message":{"type":"text","norms":false},"frontend_name":{"type":"keyword","ignore_above":1024},"http":{"properties":{"request":{"properties":{"captured_cookie":{"type":"keyword","ignore_above":1024},"captured_headers":{"type":"keyword","ignore_above":1024},"raw_request_line":{"type":"keyword","ignore_above":1024},"time_wait_ms":{"type":"long"},"time_wait_without_data_ms":{"type":"long"}}},"response":{"properties":{"captured_cookie":{"type":"keyword","ignore_above":1024},"captured_headers":{"type":"keyword","ignore_above":1024}}}}},"mode":{"type":"keyword","ignore_above":1024},"server_name":{"type":"keyword","ignore_above":1024},"server_queue":{"type":"long"},"source":{"type":"keyword","ignore_above":1024},"tcp":{"properties":{"connection_waiting_time_ms":{"type":"long"}}},"termination_state":{"type":"keyword","ignore_above":1024},"time_backend_connect":{"type":"long"},"time_queue":{"type":"long"},"total_waiting_time_ms":{"type":"long"}}},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"sha512":{"type":"keyword","ignore_above":1024},"ssdeep":{"type":"keyword","ignore_above":1024}}},"host":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"containerized":{"type":"boolean"},"cpu":{"properties":{"usage":{"type":"scaled_float","scaling_factor":1000.0}}},"disk":{"properties":{"read":{"properties":{"bytes":{"type":"long"}}},"write":{"properties":{"bytes":{"type":"long"}}}}},"domain":{"type":"keyword","ignore_above":1024},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"hostname":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"ip":{"type":"ip"},"mac":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"network":{"properties":{"egress":{"properties":{"bytes":{"type":"long"},"packets":{"type":"long"}}},"ingress":{"properties":{"bytes":{"type":"long"},"packets":{"type":"long"}}}}},"os":{"properties":{"build":{"type":"keyword","ignore_above":1024},"codename":{"type":"keyword","ignore_above":1024},"family":{"type":"keyword","ignore_above":1024},"full":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"kernel":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"platform":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"type":{"type":"keyword","ignore_above":1024},"uptime":{"type":"long"},"user":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"roles":{"type":"keyword","ignore_above":1024}}}}},"http":{"properties":{"request":{"properties":{"body":{"properties":{"bytes":{"type":"long"},"content":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}},"bytes":{"type":"long"},"id":{"type":"keyword","ignore_above":1024},"method":{"type":"keyword","ignore_above":1024},"mime_type":{"type":"keyword","ignore_above":1024},"referrer":{"type":"keyword","ignore_above":1024}}},"response":{"properties":{"body":{"properties":{"bytes":{"type":"long"},"content":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}},"bytes":{"type":"long"},"mime_type":{"type":"keyword","ignore_above":1024},"status_code":{"type":"long"}}},"version":{"type":"keyword","ignore_above":1024}}},"ibmmq":{"properties":{"errorlog":{"properties":{"action":{"type":"keyword","ignore_above":1024},"arithinsert":{"type":"keyword","ignore_above":1024},"code":{"type":"keyword","ignore_above":1024},"commentinsert":{"type":"keyword","ignore_above":1024},"errordescription":{"type":"text","norms":false},"explanation":{"type":"keyword","ignore_above":1024},"installation":{"type":"keyword","ignore_above":1024},"qmgr":{"type":"keyword","ignore_above":1024}}}}},"icinga":{"properties":{"debug":{"properties":{"facility":{"type":"keyword","ignore_above":1024}}},"main":{"properties":{"facility":{"type":"keyword","ignore_above":1024}}},"startup":{"properties":{"facility":{"type":"keyword","ignore_above":1024}}}}},"icmp":{"properties":{"code":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"igmp":{"properties":{"type":{"type":"keyword","ignore_above":1024}}},"iis":{"properties":{"access":{"properties":{"cookie":{"type":"keyword","ignore_above":1024},"server_name":{"type":"keyword","ignore_above":1024},"site_name":{"type":"keyword","ignore_above":1024},"sub_status":{"type":"long"},"win32_status":{"type":"long"}}},"error":{"properties":{"queue_name":{"type":"keyword","ignore_above":1024},"reason_phrase":{"type":"keyword","ignore_above":1024}}}}},"input":{"properties":{"type":{"type":"keyword","ignore_above":1024}}},"interface":{"properties":{"alias":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"iptables":{"properties":{"ether_type":{"type":"long"},"flow_label":{"type":"long"},"fragment_flags":{"type":"keyword","ignore_above":1024},"fragment_offset":{"type":"long"},"icmp":{"properties":{"code":{"type":"long"},"id":{"type":"long"},"parameter":{"type":"long"},"redirect":{"type":"ip"},"seq":{"type":"long"},"type":{"type":"long"}}},"id":{"type":"long"},"incomplete_bytes":{"type":"long"},"input_device":{"type":"keyword","ignore_above":1024},"length":{"type":"long"},"output_device":{"type":"keyword","ignore_above":1024},"precedence_bits":{"type":"short"},"tcp":{"properties":{"ack":{"type":"long"},"flags":{"type":"keyword","ignore_above":1024},"reserved_bits":{"type":"short"},"seq":{"type":"long"},"window":{"type":"long"}}},"tos":{"type":"long"},"ttl":{"type":"long"},"ubiquiti":{"properties":{"input_zone":{"type":"keyword","ignore_above":1024},"output_zone":{"type":"keyword","ignore_above":1024},"rule_number":{"type":"keyword","ignore_above":1024},"rule_set":{"type":"keyword","ignore_above":1024}}},"udp":{"properties":{"length":{"type":"long"}}}}},"jolokia":{"properties":{"agent":{"properties":{"id":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"secured":{"type":"boolean"},"server":{"properties":{"product":{"type":"keyword","ignore_above":1024},"vendor":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"url":{"type":"keyword","ignore_above":1024}}},"juniper":{"properties":{"srx":{"properties":{"action":{"type":"keyword","ignore_above":1024},"action_detail":{"type":"keyword","ignore_above":1024},"alert":{"type":"keyword","ignore_above":1024},"apbr_rule_type":{"type":"keyword","ignore_above":1024},"application":{"type":"keyword","ignore_above":1024},"application_category":{"type":"keyword","ignore_above":1024},"application_characteristics":{"type":"keyword","ignore_above":1024},"application_name":{"type":"keyword","ignore_above":1024},"application_sub_category":{"type":"keyword","ignore_above":1024},"attack_name":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"client_ip":{"type":"ip"},"connection_hit_rate":{"type":"long"},"connection_tag":{"type":"keyword","ignore_above":1024},"context_hit_rate":{"type":"long"},"context_name":{"type":"keyword","ignore_above":1024},"context_value":{"type":"keyword","ignore_above":1024},"context_value_hit_rate":{"type":"long"},"ddos_application_name":{"type":"keyword","ignore_above":1024},"dscp_value":{"type":"long"},"dst_nat_rule_name":{"type":"keyword","ignore_above":1024},"dst_nat_rule_type":{"type":"keyword","ignore_above":1024},"dst_vrf_grp":{"type":"keyword","ignore_above":1024},"elapsed_time":{"type":"date"},"encrypted":{"type":"keyword","ignore_above":1024},"epoch_time":{"type":"date"},"error_code":{"type":"keyword","ignore_above":1024},"error_message":{"type":"keyword","ignore_above":1024},"export_id":{"type":"long"},"feed_name":{"type":"keyword","ignore_above":1024},"file_category":{"type":"keyword","ignore_above":1024},"file_hash_lookup":{"type":"keyword","ignore_above":1024},"file_name":{"type":"keyword","ignore_above":1024},"filename":{"type":"keyword","ignore_above":1024},"hostname":{"type":"keyword","ignore_above":1024},"icmp_type":{"type":"long"},"inbound_bytes":{"type":"long"},"inbound_packets":{"type":"long"},"index":{"type":"keyword","ignore_above":1024},"logical_system_name":{"type":"keyword","ignore_above":1024},"malware_info":{"type":"keyword","ignore_above":1024},"message":{"type":"keyword","ignore_above":1024},"message_type":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"nat_connection_tag":{"type":"keyword","ignore_above":1024},"nested_application":{"type":"keyword","ignore_above":1024},"obj":{"type":"keyword","ignore_above":1024},"occur_count":{"type":"long"},"outbound_bytes":{"type":"long"},"outbound_packets":{"type":"long"},"packet_log_id":{"type":"long"},"peer_destination_address":{"type":"ip"},"peer_destination_port":{"type":"long"},"peer_session_id":{"type":"keyword","ignore_above":1024},"peer_source_address":{"type":"ip"},"peer_source_port":{"type":"long"},"policy_name":{"type":"keyword","ignore_above":1024},"process":{"type":"keyword","ignore_above":1024},"profile":{"type":"keyword","ignore_above":1024},"profile_name":{"type":"keyword","ignore_above":1024},"protocol":{"type":"keyword","ignore_above":1024},"protocol_id":{"type":"keyword","ignore_above":1024},"protocol_name":{"type":"keyword","ignore_above":1024},"reason":{"type":"keyword","ignore_above":1024},"repeat_count":{"type":"long"},"roles":{"type":"keyword","ignore_above":1024},"routing_instance":{"type":"keyword","ignore_above":1024},"rule_name":{"type":"keyword","ignore_above":1024},"ruleebase_name":{"type":"keyword","ignore_above":1024},"sample_sha256":{"type":"keyword","ignore_above":1024},"secure_web_proxy_session_type":{"type":"keyword","ignore_above":1024},"service_name":{"type":"keyword","ignore_above":1024},"session_id":{"type":"keyword","ignore_above":1024},"session_id_32":{"type":"keyword","ignore_above":1024},"src_nat_rule_name":{"type":"keyword","ignore_above":1024},"src_nat_rule_type":{"type":"keyword","ignore_above":1024},"src_vrf_grp":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"sub_category":{"type":"keyword","ignore_above":1024},"tag":{"type":"keyword","ignore_above":1024},"temporary_filename":{"type":"keyword","ignore_above":1024},"tenant_id":{"type":"keyword","ignore_above":1024},"th":{"type":"keyword","ignore_above":1024},"threat_severity":{"type":"keyword","ignore_above":1024},"time_count":{"type":"long"},"time_period":{"type":"long"},"time_scope":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"type":{"type":"keyword","ignore_above":1024},"uplink_rx_bytes":{"type":"long"},"uplink_tx_bytes":{"type":"long"},"url":{"type":"keyword","ignore_above":1024},"username":{"type":"keyword","ignore_above":1024},"verdict_number":{"type":"long"},"verdict_source":{"type":"keyword","ignore_above":1024}}}}},"kafka":{"properties":{"block_timestamp":{"type":"date"},"key":{"type":"keyword","ignore_above":1024},"log":{"properties":{"class":{"type":"keyword","ignore_above":1024},"component":{"type":"keyword","ignore_above":1024},"thread":{"type":"keyword","ignore_above":1024},"trace":{"properties":{"class":{"type":"keyword","ignore_above":1024},"message":{"type":"text","norms":false}}}}},"offset":{"type":"long"},"partition":{"type":"long"},"topic":{"type":"keyword","ignore_above":1024}}},"kibana":{"properties":{"add_to_spaces":{"type":"keyword","ignore_above":1024},"authentication_provider":{"type":"keyword","ignore_above":1024},"authentication_realm":{"type":"keyword","ignore_above":1024},"authentication_type":{"type":"keyword","ignore_above":1024},"delete_from_spaces":{"type":"keyword","ignore_above":1024},"log":{"properties":{"meta":{"type":"object"},"state":{"type":"keyword","ignore_above":1024},"tags":{"type":"keyword","ignore_above":1024}}},"lookup_realm":{"type":"keyword","ignore_above":1024},"saved_object":{"properties":{"id":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"session_id":{"type":"keyword","ignore_above":1024},"space_id":{"type":"keyword","ignore_above":1024}}},"kubernetes":{"properties":{"annotations":{"properties":{"*":{"type":"object"}}},"container":{"properties":{"image":{"type":"alias","path":"container.image.name"},"name":{"type":"keyword","ignore_above":1024}}},"deployment":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"labels":{"properties":{"*":{"type":"object"}}},"namespace":{"type":"keyword","ignore_above":1024},"node":{"properties":{"hostname":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"pod":{"properties":{"ip":{"type":"ip"},"name":{"type":"keyword","ignore_above":1024},"uid":{"type":"keyword","ignore_above":1024}}},"replicaset":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"selectors":{"properties":{"*":{"type":"object"}}},"statefulset":{"properties":{"name":{"type":"keyword","ignore_above":1024}}}}},"labels":{"type":"object"},"log":{"properties":{"file":{"properties":{"path":{"type":"keyword","ignore_above":1024}}},"flags":{"type":"keyword","ignore_above":1024},"level":{"type":"keyword","ignore_above":1024},"logger":{"type":"keyword","ignore_above":1024},"offset":{"type":"long"},"origin":{"properties":{"file":{"properties":{"line":{"type":"long"},"name":{"type":"keyword","ignore_above":1024}}},"function":{"type":"keyword","ignore_above":1024}}},"original":{"type":"keyword","index":false,"doc_values":false,"ignore_above":1024},"source":{"properties":{"address":{"type":"keyword","ignore_above":1024}}},"syslog":{"properties":{"facility":{"properties":{"code":{"type":"long"},"name":{"type":"keyword","ignore_above":1024}}},"priority":{"type":"long"},"severity":{"properties":{"code":{"type":"long"},"name":{"type":"keyword","ignore_above":1024}}}}}}},"logstash":{"properties":{"log":{"properties":{"log_event":{"properties":{"action":{"type":"keyword","ignore_above":1024}}},"module":{"type":"keyword","ignore_above":1024},"pipeline_id":{"type":"keyword","ignore_above":1024},"thread":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}}}},"slowlog":{"properties":{"event":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}},"module":{"type":"keyword","ignore_above":1024},"plugin_name":{"type":"keyword","ignore_above":1024},"plugin_params":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}},"plugin_params_object":{"type":"object"},"plugin_type":{"type":"keyword","ignore_above":1024},"thread":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}},"took_in_millis":{"type":"long"}}}}},"message":{"type":"match_only_text"},"metadata":{"type":"flattened"},"microsoft":{"properties":{"defender_atp":{"properties":{"assignedTo":{"type":"keyword","ignore_above":1024},"classification":{"type":"keyword","ignore_above":1024},"determination":{"type":"keyword","ignore_above":1024},"evidence":{"properties":{"aadUserId":{"type":"keyword","ignore_above":1024},"accountName":{"type":"keyword","ignore_above":1024},"domainName":{"type":"keyword","ignore_above":1024},"entityType":{"type":"keyword","ignore_above":1024},"ipAddress":{"type":"ip"},"userPrincipalName":{"type":"keyword","ignore_above":1024}}},"incidentId":{"type":"keyword","ignore_above":1024},"investigationId":{"type":"keyword","ignore_above":1024},"investigationState":{"type":"keyword","ignore_above":1024},"lastUpdateTime":{"type":"date"},"rbacGroupName":{"type":"keyword","ignore_above":1024},"resolvedTime":{"type":"date"},"status":{"type":"keyword","ignore_above":1024},"threatFamilyName":{"type":"keyword","ignore_above":1024}}},"m365_defender":{"properties":{"alerts":{"properties":{"actorName":{"type":"keyword","ignore_above":1024},"assignedTo":{"type":"keyword","ignore_above":1024},"classification":{"type":"keyword","ignore_above":1024},"creationTime":{"type":"date"},"detectionSource":{"type":"keyword","ignore_above":1024},"determination":{"type":"keyword","ignore_above":1024},"devices":{"type":"flattened"},"entities":{"properties":{"accountName":{"type":"keyword","ignore_above":1024},"clusterBy":{"type":"keyword","ignore_above":1024},"deliveryAction":{"type":"keyword","ignore_above":1024},"deviceId":{"type":"keyword","ignore_above":1024},"entityType":{"type":"keyword","ignore_above":1024},"ipAddress":{"type":"keyword","ignore_above":1024},"mailboxAddress":{"type":"keyword","ignore_above":1024},"mailboxDisplayName":{"type":"keyword","ignore_above":1024},"recipient":{"type":"keyword","ignore_above":1024},"registryHive":{"type":"keyword","ignore_above":1024},"registryKey":{"type":"keyword","ignore_above":1024},"registryValueType":{"type":"keyword","ignore_above":1024},"securityGroupId":{"type":"keyword","ignore_above":1024},"securityGroupName":{"type":"keyword","ignore_above":1024},"sender":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024}}},"incidentId":{"type":"keyword","ignore_above":1024},"investigationId":{"type":"keyword","ignore_above":1024},"investigationState":{"type":"keyword","ignore_above":1024},"lastUpdatedTime":{"type":"date"},"mitreTechniques":{"type":"keyword","ignore_above":1024},"resolvedTime":{"type":"date"},"severity":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"threatFamilyName":{"type":"keyword","ignore_above":1024},"userSid":{"type":"keyword","ignore_above":1024}}},"assignedTo":{"type":"keyword","ignore_above":1024},"classification":{"type":"keyword","ignore_above":1024},"determination":{"type":"keyword","ignore_above":1024},"incidentId":{"type":"keyword","ignore_above":1024},"incidentName":{"type":"keyword","ignore_above":1024},"investigationState":{"type":"keyword","ignore_above":1024},"redirectIncidentId":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"tags":{"type":"keyword","ignore_above":1024}}}}},"misp":{"properties":{"attack_pattern":{"properties":{"description":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"kill_chain_phases":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"campaign":{"properties":{"aliases":{"type":"text","norms":false},"description":{"type":"text","norms":false},"first_seen":{"type":"date"},"id":{"type":"keyword","ignore_above":1024},"last_seen":{"type":"date"},"name":{"type":"keyword","ignore_above":1024},"objective":{"type":"keyword","ignore_above":1024}}},"course_of_action":{"properties":{"description":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"identity":{"properties":{"contact_information":{"type":"text","norms":false},"description":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"identity_class":{"type":"keyword","ignore_above":1024},"labels":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"sectors":{"type":"keyword","ignore_above":1024}}},"intrusion_set":{"properties":{"aliases":{"type":"text","norms":false},"description":{"type":"text","norms":false},"first_seen":{"type":"date"},"goals":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"last_seen":{"type":"date"},"name":{"type":"keyword","ignore_above":1024},"primary_motivation":{"type":"text","norms":false},"resource_level":{"type":"text","norms":false},"secondary_motivations":{"type":"text","norms":false}}},"malware":{"properties":{"description":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"kill_chain_phases":{"type":"keyword","ignore_above":1024},"labels":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"note":{"properties":{"authors":{"type":"keyword","ignore_above":1024},"description":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"object_refs":{"type":"keyword","ignore_above":1024},"summary":{"type":"keyword","ignore_above":1024}}},"observed_data":{"properties":{"first_observed":{"type":"date"},"id":{"type":"keyword","ignore_above":1024},"last_observed":{"type":"date"},"number_observed":{"type":"long"},"objects":{"type":"keyword","ignore_above":1024}}},"report":{"properties":{"description":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"labels":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"object_refs":{"type":"text","norms":false},"published":{"type":"date"}}},"threat_actor":{"properties":{"aliases":{"type":"text","norms":false},"description":{"type":"text","norms":false},"goals":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"labels":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"personal_motivations":{"type":"text","norms":false},"primary_motivation":{"type":"text","norms":false},"resource_level":{"type":"text","norms":false},"roles":{"type":"text","norms":false},"secondary_motivations":{"type":"text","norms":false},"sophistication":{"type":"text","norms":false}}},"threat_indicator":{"properties":{"attack_pattern":{"type":"keyword","ignore_above":1024},"attack_pattern_kql":{"type":"keyword","ignore_above":1024},"campaign":{"type":"keyword","ignore_above":1024},"confidence":{"type":"keyword","ignore_above":1024},"description":{"type":"text","norms":false},"feed":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"intrusion_set":{"type":"keyword","ignore_above":1024},"kill_chain_phases":{"type":"keyword","ignore_above":1024},"labels":{"type":"keyword","ignore_above":1024},"mitre_tactic":{"type":"keyword","ignore_above":1024},"mitre_technique":{"type":"keyword","ignore_above":1024},"negate":{"type":"boolean"},"severity":{"type":"keyword","ignore_above":1024},"threat_actor":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"valid_from":{"type":"date"},"valid_until":{"type":"date"},"version":{"type":"keyword","ignore_above":1024}}},"tool":{"properties":{"description":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"kill_chain_phases":{"type":"text","norms":false},"labels":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"tool_version":{"type":"keyword","ignore_above":1024}}},"vulnerability":{"properties":{"description":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}}}},"mongodb":{"properties":{"log":{"properties":{"component":{"type":"keyword","ignore_above":1024},"context":{"type":"keyword","ignore_above":1024},"id":{"type":"long"}}}}},"mssql":{"properties":{"log":{"properties":{"origin":{"type":"keyword","ignore_above":1024}}}}},"mysql":{"properties":{"slowlog":{"properties":{"bytes_received":{"type":"long"},"bytes_sent":{"type":"long"},"current_user":{"type":"keyword","ignore_above":1024},"filesort":{"type":"boolean"},"filesort_on_disk":{"type":"boolean"},"full_join":{"type":"boolean"},"full_scan":{"type":"boolean"},"innodb":{"properties":{"io_r_bytes":{"type":"long"},"io_r_ops":{"type":"long"},"io_r_wait":{"properties":{"sec":{"type":"long"}}},"pages_distinct":{"type":"long"},"queue_wait":{"properties":{"sec":{"type":"long"}}},"rec_lock_wait":{"properties":{"sec":{"type":"long"}}},"trx_id":{"type":"keyword","ignore_above":1024}}},"killed":{"type":"keyword","ignore_above":1024},"last_errno":{"type":"keyword","ignore_above":1024},"lock_time":{"properties":{"sec":{"type":"float"}}},"log_slow_rate_limit":{"type":"keyword","ignore_above":1024},"log_slow_rate_type":{"type":"keyword","ignore_above":1024},"merge_passes":{"type":"long"},"priority_queue":{"type":"boolean"},"query":{"type":"keyword","ignore_above":1024},"query_cache_hit":{"type":"boolean"},"read_first":{"type":"long"},"read_key":{"type":"long"},"read_last":{"type":"long"},"read_next":{"type":"long"},"read_prev":{"type":"long"},"read_rnd":{"type":"long"},"read_rnd_next":{"type":"long"},"rows_affected":{"type":"long"},"rows_examined":{"type":"long"},"rows_sent":{"type":"long"},"schema":{"type":"keyword","ignore_above":1024},"sort_merge_passes":{"type":"long"},"sort_range_count":{"type":"long"},"sort_rows":{"type":"long"},"sort_scan_count":{"type":"long"},"tmp_disk_tables":{"type":"long"},"tmp_table":{"type":"boolean"},"tmp_table_on_disk":{"type":"boolean"},"tmp_table_sizes":{"type":"long"},"tmp_tables":{"type":"long"}}},"thread_id":{"type":"long"}}},"mysqlenterprise":{"properties":{"audit":{"properties":{"account":{"properties":{"host":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024}}},"class":{"type":"keyword","ignore_above":1024},"connection_data":{"properties":{"connection_attributes":{"type":"flattened"},"connection_type":{"type":"keyword","ignore_above":1024},"db":{"type":"keyword","ignore_above":1024},"status":{"type":"long"}}},"connection_id":{"type":"keyword","ignore_above":1024},"general_data":{"properties":{"command":{"type":"keyword","ignore_above":1024},"query":{"type":"keyword","ignore_above":1024},"sql_command":{"type":"keyword","ignore_above":1024},"status":{"type":"long"}}},"id":{"type":"keyword","ignore_above":1024},"login":{"properties":{"os":{"type":"keyword","ignore_above":1024},"proxy":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024}}},"shutdown_data":{"properties":{"server_id":{"type":"keyword","ignore_above":1024}}},"startup_data":{"properties":{"mysql_version":{"type":"keyword","ignore_above":1024},"server_id":{"type":"keyword","ignore_above":1024}}},"table_access_data":{"properties":{"db":{"type":"keyword","ignore_above":1024},"query":{"type":"keyword","ignore_above":1024},"sql_command":{"type":"keyword","ignore_above":1024},"table":{"type":"keyword","ignore_above":1024}}}}}}},"nats":{"properties":{"log":{"properties":{"client":{"properties":{"id":{"type":"long"}}},"msg":{"properties":{"bytes":{"type":"long"},"error":{"properties":{"message":{"type":"text","norms":false}}},"max_messages":{"type":"long"},"queue_group":{"type":"text","norms":false},"reply_to":{"type":"keyword","ignore_above":1024},"sid":{"type":"long"},"subject":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}}}}}},"netflow":{"properties":{"absolute_error":{"type":"double"},"address_pool_high_threshold":{"type":"long"},"address_pool_low_threshold":{"type":"long"},"address_port_mapping_high_threshold":{"type":"long"},"address_port_mapping_low_threshold":{"type":"long"},"address_port_mapping_per_user_high_threshold":{"type":"long"},"anonymization_flags":{"type":"long"},"anonymization_technique":{"type":"long"},"application_category_name":{"type":"keyword","ignore_above":1024},"application_description":{"type":"keyword","ignore_above":1024},"application_group_name":{"type":"keyword","ignore_above":1024},"application_id":{"type":"short"},"application_name":{"type":"keyword","ignore_above":1024},"application_sub_category_name":{"type":"keyword","ignore_above":1024},"bgp_destination_as_number":{"type":"long"},"bgp_next_adjacent_as_number":{"type":"long"},"bgp_next_hop_ipv4_address":{"type":"ip"},"bgp_next_hop_ipv6_address":{"type":"ip"},"bgp_prev_adjacent_as_number":{"type":"long"},"bgp_source_as_number":{"type":"long"},"bgp_validity_state":{"type":"short"},"biflow_direction":{"type":"short"},"class_id":{"type":"long"},"class_name":{"type":"keyword","ignore_above":1024},"classification_engine_id":{"type":"short"},"collection_time_milliseconds":{"type":"date"},"collector_certificate":{"type":"short"},"collector_ipv4_address":{"type":"ip"},"collector_ipv6_address":{"type":"ip"},"collector_transport_port":{"type":"long"},"common_properties_id":{"type":"long"},"confidence_level":{"type":"double"},"connection_sum_duration_seconds":{"type":"long"},"connection_transaction_id":{"type":"long"},"data_link_frame_section":{"type":"short"},"data_link_frame_size":{"type":"long"},"data_link_frame_type":{"type":"long"},"data_records_reliability":{"type":"boolean"},"delta_flow_count":{"type":"long"},"destination_ipv4_address":{"type":"ip"},"destination_ipv4_prefix":{"type":"ip"},"destination_ipv4_prefix_length":{"type":"short"},"destination_ipv6_address":{"type":"ip"},"destination_ipv6_prefix":{"type":"ip"},"destination_ipv6_prefix_length":{"type":"short"},"destination_mac_address":{"type":"keyword","ignore_above":1024},"destination_transport_port":{"type":"long"},"digest_hash_value":{"type":"long"},"distinct_count_of_destination_ip_address":{"type":"long"},"distinct_count_of_destination_ipv4_address":{"type":"long"},"distinct_count_of_destination_ipv6_address":{"type":"long"},"distinct_count_of_source_ip_address":{"type":"long"},"distinct_count_of_source_ipv4_address":{"type":"long"},"distinct_count_of_source_ipv6_address":{"type":"long"},"dot1q_customer_dei":{"type":"boolean"},"dot1q_customer_destination_mac_address":{"type":"keyword","ignore_above":1024},"dot1q_customer_priority":{"type":"short"},"dot1q_customer_source_mac_address":{"type":"keyword","ignore_above":1024},"dot1q_customer_vlan_id":{"type":"long"},"dot1q_dei":{"type":"boolean"},"dot1q_priority":{"type":"short"},"dot1q_service_instance_id":{"type":"long"},"dot1q_service_instance_priority":{"type":"short"},"dot1q_service_instance_tag":{"type":"short"},"dot1q_vlan_id":{"type":"long"},"dropped_layer2_octet_delta_count":{"type":"long"},"dropped_layer2_octet_total_count":{"type":"long"},"dropped_octet_delta_count":{"type":"long"},"dropped_octet_total_count":{"type":"long"},"dropped_packet_delta_count":{"type":"long"},"dropped_packet_total_count":{"type":"long"},"dst_traffic_index":{"type":"long"},"egress_broadcast_packet_total_count":{"type":"long"},"egress_interface":{"type":"long"},"egress_interface_type":{"type":"long"},"egress_physical_interface":{"type":"long"},"egress_unicast_packet_total_count":{"type":"long"},"egress_vrfid":{"type":"long"},"encrypted_technology":{"type":"keyword","ignore_above":1024},"engine_id":{"type":"short"},"engine_type":{"type":"short"},"ethernet_header_length":{"type":"short"},"ethernet_payload_length":{"type":"long"},"ethernet_total_length":{"type":"long"},"ethernet_type":{"type":"long"},"export_interface":{"type":"long"},"export_protocol_version":{"type":"short"},"export_sctp_stream_id":{"type":"long"},"export_transport_protocol":{"type":"short"},"exported_flow_record_total_count":{"type":"long"},"exported_message_total_count":{"type":"long"},"exported_octet_total_count":{"type":"long"},"exporter":{"properties":{"address":{"type":"keyword","ignore_above":1024},"source_id":{"type":"long"},"timestamp":{"type":"date"},"uptime_millis":{"type":"long"},"version":{"type":"long"}}},"exporter_certificate":{"type":"short"},"exporter_ipv4_address":{"type":"ip"},"exporter_ipv6_address":{"type":"ip"},"exporter_transport_port":{"type":"long"},"exporting_process_id":{"type":"long"},"external_address_realm":{"type":"short"},"firewall_event":{"type":"short"},"flags_and_sampler_id":{"type":"long"},"flow_active_timeout":{"type":"long"},"flow_direction":{"type":"short"},"flow_duration_microseconds":{"type":"long"},"flow_duration_milliseconds":{"type":"long"},"flow_end_delta_microseconds":{"type":"long"},"flow_end_microseconds":{"type":"date"},"flow_end_milliseconds":{"type":"date"},"flow_end_nanoseconds":{"type":"date"},"flow_end_reason":{"type":"short"},"flow_end_seconds":{"type":"date"},"flow_end_sys_up_time":{"type":"long"},"flow_id":{"type":"long"},"flow_idle_timeout":{"type":"long"},"flow_key_indicator":{"type":"long"},"flow_label_ipv6":{"type":"long"},"flow_sampling_time_interval":{"type":"long"},"flow_sampling_time_spacing":{"type":"long"},"flow_selected_flow_delta_count":{"type":"long"},"flow_selected_octet_delta_count":{"type":"long"},"flow_selected_packet_delta_count":{"type":"long"},"flow_selector_algorithm":{"type":"long"},"flow_start_delta_microseconds":{"type":"long"},"flow_start_microseconds":{"type":"date"},"flow_start_milliseconds":{"type":"date"},"flow_start_nanoseconds":{"type":"date"},"flow_start_seconds":{"type":"date"},"flow_start_sys_up_time":{"type":"long"},"forwarding_status":{"type":"short"},"fragment_flags":{"type":"short"},"fragment_identification":{"type":"long"},"fragment_offset":{"type":"long"},"global_address_mapping_high_threshold":{"type":"long"},"gre_key":{"type":"long"},"hash_digest_output":{"type":"boolean"},"hash_flow_domain":{"type":"long"},"hash_initialiser_value":{"type":"long"},"hash_ip_payload_offset":{"type":"long"},"hash_ip_payload_size":{"type":"long"},"hash_output_range_max":{"type":"long"},"hash_output_range_min":{"type":"long"},"hash_selected_range_max":{"type":"long"},"hash_selected_range_min":{"type":"long"},"http_content_type":{"type":"keyword","ignore_above":1024},"http_message_version":{"type":"keyword","ignore_above":1024},"http_reason_phrase":{"type":"keyword","ignore_above":1024},"http_request_host":{"type":"keyword","ignore_above":1024},"http_request_method":{"type":"keyword","ignore_above":1024},"http_request_target":{"type":"keyword","ignore_above":1024},"http_status_code":{"type":"long"},"http_user_agent":{"type":"keyword","ignore_above":1024},"icmp_code_ipv4":{"type":"short"},"icmp_code_ipv6":{"type":"short"},"icmp_type_code_ipv4":{"type":"long"},"icmp_type_code_ipv6":{"type":"long"},"icmp_type_ipv4":{"type":"short"},"icmp_type_ipv6":{"type":"short"},"igmp_type":{"type":"short"},"ignored_data_record_total_count":{"type":"long"},"ignored_layer2_frame_total_count":{"type":"long"},"ignored_layer2_octet_total_count":{"type":"long"},"ignored_octet_total_count":{"type":"long"},"ignored_packet_total_count":{"type":"long"},"information_element_data_type":{"type":"short"},"information_element_description":{"type":"keyword","ignore_above":1024},"information_element_id":{"type":"long"},"information_element_index":{"type":"long"},"information_element_name":{"type":"keyword","ignore_above":1024},"information_element_range_begin":{"type":"long"},"information_element_range_end":{"type":"long"},"information_element_semantics":{"type":"short"},"information_element_units":{"type":"long"},"ingress_broadcast_packet_total_count":{"type":"long"},"ingress_interface":{"type":"long"},"ingress_interface_type":{"type":"long"},"ingress_multicast_packet_total_count":{"type":"long"},"ingress_physical_interface":{"type":"long"},"ingress_unicast_packet_total_count":{"type":"long"},"ingress_vrfid":{"type":"long"},"initiator_octets":{"type":"long"},"initiator_packets":{"type":"long"},"interface_description":{"type":"keyword","ignore_above":1024},"interface_name":{"type":"keyword","ignore_above":1024},"intermediate_process_id":{"type":"long"},"internal_address_realm":{"type":"short"},"ip_class_of_service":{"type":"short"},"ip_diff_serv_code_point":{"type":"short"},"ip_header_length":{"type":"short"},"ip_header_packet_section":{"type":"short"},"ip_next_hop_ipv4_address":{"type":"ip"},"ip_next_hop_ipv6_address":{"type":"ip"},"ip_payload_length":{"type":"long"},"ip_payload_packet_section":{"type":"short"},"ip_precedence":{"type":"short"},"ip_sec_spi":{"type":"long"},"ip_total_length":{"type":"long"},"ip_ttl":{"type":"short"},"ip_version":{"type":"short"},"ipv4_ihl":{"type":"short"},"ipv4_options":{"type":"long"},"ipv4_router_sc":{"type":"ip"},"ipv6_extension_headers":{"type":"long"},"is_multicast":{"type":"short"},"layer2_frame_delta_count":{"type":"long"},"layer2_frame_total_count":{"type":"long"},"layer2_octet_delta_count":{"type":"long"},"layer2_octet_delta_sum_of_squares":{"type":"long"},"layer2_octet_total_count":{"type":"long"},"layer2_octet_total_sum_of_squares":{"type":"long"},"layer2_segment_id":{"type":"long"},"layer2packet_section_data":{"type":"short"},"layer2packet_section_offset":{"type":"long"},"layer2packet_section_size":{"type":"long"},"line_card_id":{"type":"long"},"lower_ci_limit":{"type":"double"},"max_bib_entries":{"type":"long"},"max_entries_per_user":{"type":"long"},"max_export_seconds":{"type":"date"},"max_flow_end_microseconds":{"type":"date"},"max_flow_end_milliseconds":{"type":"date"},"max_flow_end_nanoseconds":{"type":"date"},"max_flow_end_seconds":{"type":"date"},"max_fragments_pending_reassembly":{"type":"long"},"max_session_entries":{"type":"long"},"max_subscribers":{"type":"long"},"maximum_ip_total_length":{"type":"long"},"maximum_layer2_total_length":{"type":"long"},"maximum_ttl":{"type":"short"},"message_md5_checksum":{"type":"short"},"message_scope":{"type":"short"},"metering_process_id":{"type":"long"},"metro_evc_id":{"type":"keyword","ignore_above":1024},"metro_evc_type":{"type":"short"},"mib_capture_time_semantics":{"type":"short"},"mib_context_engine_id":{"type":"short"},"mib_context_name":{"type":"keyword","ignore_above":1024},"mib_index_indicator":{"type":"long"},"mib_module_name":{"type":"keyword","ignore_above":1024},"mib_object_description":{"type":"keyword","ignore_above":1024},"mib_object_identifier":{"type":"short"},"mib_object_name":{"type":"keyword","ignore_above":1024},"mib_object_syntax":{"type":"keyword","ignore_above":1024},"mib_object_value_bits":{"type":"short"},"mib_object_value_counter":{"type":"long"},"mib_object_value_gauge":{"type":"long"},"mib_object_value_integer":{"type":"long"},"mib_object_value_ip_address":{"type":"ip"},"mib_object_value_octet_string":{"type":"short"},"mib_object_value_oid":{"type":"short"},"mib_object_value_time_ticks":{"type":"long"},"mib_object_value_unsigned":{"type":"long"},"mib_sub_identifier":{"type":"long"},"min_export_seconds":{"type":"date"},"min_flow_start_microseconds":{"type":"date"},"min_flow_start_milliseconds":{"type":"date"},"min_flow_start_nanoseconds":{"type":"date"},"min_flow_start_seconds":{"type":"date"},"minimum_ip_total_length":{"type":"long"},"minimum_layer2_total_length":{"type":"long"},"minimum_ttl":{"type":"short"},"mobile_imsi":{"type":"keyword","ignore_above":1024},"mobile_msisdn":{"type":"keyword","ignore_above":1024},"monitoring_interval_end_milli_seconds":{"type":"date"},"monitoring_interval_start_milli_seconds":{"type":"date"},"mpls_label_stack_depth":{"type":"long"},"mpls_label_stack_length":{"type":"long"},"mpls_label_stack_section":{"type":"short"},"mpls_label_stack_section10":{"type":"short"},"mpls_label_stack_section2":{"type":"short"},"mpls_label_stack_section3":{"type":"short"},"mpls_label_stack_section4":{"type":"short"},"mpls_label_stack_section5":{"type":"short"},"mpls_label_stack_section6":{"type":"short"},"mpls_label_stack_section7":{"type":"short"},"mpls_label_stack_section8":{"type":"short"},"mpls_label_stack_section9":{"type":"short"},"mpls_payload_length":{"type":"long"},"mpls_payload_packet_section":{"type":"short"},"mpls_top_label_exp":{"type":"short"},"mpls_top_label_ipv4_address":{"type":"ip"},"mpls_top_label_ipv6_address":{"type":"ip"},"mpls_top_label_prefix_length":{"type":"short"},"mpls_top_label_stack_section":{"type":"short"},"mpls_top_label_ttl":{"type":"short"},"mpls_top_label_type":{"type":"short"},"mpls_vpn_route_distinguisher":{"type":"short"},"multicast_replication_factor":{"type":"long"},"nat_event":{"type":"short"},"nat_instance_id":{"type":"long"},"nat_originating_address_realm":{"type":"short"},"nat_pool_id":{"type":"long"},"nat_pool_name":{"type":"keyword","ignore_above":1024},"nat_quota_exceeded_event":{"type":"long"},"nat_threshold_event":{"type":"long"},"nat_type":{"type":"short"},"new_connection_delta_count":{"type":"long"},"next_header_ipv6":{"type":"short"},"not_sent_flow_total_count":{"type":"long"},"not_sent_layer2_octet_total_count":{"type":"long"},"not_sent_octet_total_count":{"type":"long"},"not_sent_packet_total_count":{"type":"long"},"observation_domain_id":{"type":"long"},"observation_domain_name":{"type":"keyword","ignore_above":1024},"observation_point_id":{"type":"long"},"observation_point_type":{"type":"short"},"observation_time_microseconds":{"type":"date"},"observation_time_milliseconds":{"type":"date"},"observation_time_nanoseconds":{"type":"date"},"observation_time_seconds":{"type":"date"},"observed_flow_total_count":{"type":"long"},"octet_delta_count":{"type":"long"},"octet_delta_sum_of_squares":{"type":"long"},"octet_total_count":{"type":"long"},"octet_total_sum_of_squares":{"type":"long"},"opaque_octets":{"type":"short"},"original_exporter_ipv4_address":{"type":"ip"},"original_exporter_ipv6_address":{"type":"ip"},"original_flows_completed":{"type":"long"},"original_flows_initiated":{"type":"long"},"original_flows_present":{"type":"long"},"original_observation_domain_id":{"type":"long"},"p2p_technology":{"type":"keyword","ignore_above":1024},"packet_delta_count":{"type":"long"},"packet_total_count":{"type":"long"},"padding_octets":{"type":"short"},"payload_length_ipv6":{"type":"long"},"port_id":{"type":"long"},"port_range_end":{"type":"long"},"port_range_num_ports":{"type":"long"},"port_range_start":{"type":"long"},"port_range_step_size":{"type":"long"},"post_destination_mac_address":{"type":"keyword","ignore_above":1024},"post_dot1q_customer_vlan_id":{"type":"long"},"post_dot1q_vlan_id":{"type":"long"},"post_ip_class_of_service":{"type":"short"},"post_ip_diff_serv_code_point":{"type":"short"},"post_ip_precedence":{"type":"short"},"post_layer2_octet_delta_count":{"type":"long"},"post_layer2_octet_total_count":{"type":"long"},"post_mcast_layer2_octet_delta_count":{"type":"long"},"post_mcast_layer2_octet_total_count":{"type":"long"},"post_mcast_octet_delta_count":{"type":"long"},"post_mcast_octet_total_count":{"type":"long"},"post_mcast_packet_delta_count":{"type":"long"},"post_mcast_packet_total_count":{"type":"long"},"post_mpls_top_label_exp":{"type":"short"},"post_napt_destination_transport_port":{"type":"long"},"post_napt_source_transport_port":{"type":"long"},"post_nat_destination_ipv4_address":{"type":"ip"},"post_nat_destination_ipv6_address":{"type":"ip"},"post_nat_source_ipv4_address":{"type":"ip"},"post_nat_source_ipv6_address":{"type":"ip"},"post_octet_delta_count":{"type":"long"},"post_octet_total_count":{"type":"long"},"post_packet_delta_count":{"type":"long"},"post_packet_total_count":{"type":"long"},"post_source_mac_address":{"type":"keyword","ignore_above":1024},"post_vlan_id":{"type":"long"},"private_enterprise_number":{"type":"long"},"protocol_identifier":{"type":"short"},"pseudo_wire_control_word":{"type":"long"},"pseudo_wire_destination_ipv4_address":{"type":"ip"},"pseudo_wire_id":{"type":"long"},"pseudo_wire_type":{"type":"long"},"relative_error":{"type":"double"},"responder_octets":{"type":"long"},"responder_packets":{"type":"long"},"rfc3550_jitter_microseconds":{"type":"long"},"rfc3550_jitter_milliseconds":{"type":"long"},"rfc3550_jitter_nanoseconds":{"type":"long"},"rtp_sequence_number":{"type":"long"},"sampler_id":{"type":"short"},"sampler_mode":{"type":"short"},"sampler_name":{"type":"keyword","ignore_above":1024},"sampler_random_interval":{"type":"long"},"sampling_algorithm":{"type":"short"},"sampling_flow_interval":{"type":"long"},"sampling_flow_spacing":{"type":"long"},"sampling_interval":{"type":"long"},"sampling_packet_interval":{"type":"long"},"sampling_packet_space":{"type":"long"},"sampling_population":{"type":"long"},"sampling_probability":{"type":"double"},"sampling_size":{"type":"long"},"sampling_time_interval":{"type":"long"},"sampling_time_space":{"type":"long"},"section_exported_octets":{"type":"long"},"section_offset":{"type":"long"},"selection_sequence_id":{"type":"long"},"selector_algorithm":{"type":"long"},"selector_id":{"type":"long"},"selector_id_total_flows_observed":{"type":"long"},"selector_id_total_flows_selected":{"type":"long"},"selector_id_total_pkts_observed":{"type":"long"},"selector_id_total_pkts_selected":{"type":"long"},"selector_name":{"type":"keyword","ignore_above":1024},"session_scope":{"type":"short"},"source_ipv4_address":{"type":"ip"},"source_ipv4_prefix":{"type":"ip"},"source_ipv4_prefix_length":{"type":"short"},"source_ipv6_address":{"type":"ip"},"source_ipv6_prefix":{"type":"ip"},"source_ipv6_prefix_length":{"type":"short"},"source_mac_address":{"type":"keyword","ignore_above":1024},"source_transport_port":{"type":"long"},"source_transport_ports_limit":{"type":"long"},"src_traffic_index":{"type":"long"},"sta_ipv4_address":{"type":"ip"},"sta_mac_address":{"type":"keyword","ignore_above":1024},"system_init_time_milliseconds":{"type":"date"},"tcp_ack_total_count":{"type":"long"},"tcp_acknowledgement_number":{"type":"long"},"tcp_control_bits":{"type":"long"},"tcp_destination_port":{"type":"long"},"tcp_fin_total_count":{"type":"long"},"tcp_header_length":{"type":"short"},"tcp_options":{"type":"long"},"tcp_psh_total_count":{"type":"long"},"tcp_rst_total_count":{"type":"long"},"tcp_sequence_number":{"type":"long"},"tcp_source_port":{"type":"long"},"tcp_syn_total_count":{"type":"long"},"tcp_urg_total_count":{"type":"long"},"tcp_urgent_pointer":{"type":"long"},"tcp_window_scale":{"type":"long"},"tcp_window_size":{"type":"long"},"template_id":{"type":"long"},"total_length_ipv4":{"type":"long"},"transport_octet_delta_count":{"type":"long"},"transport_packet_delta_count":{"type":"long"},"tunnel_technology":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"udp_destination_port":{"type":"long"},"udp_message_length":{"type":"long"},"udp_source_port":{"type":"long"},"upper_ci_limit":{"type":"double"},"user_name":{"type":"keyword","ignore_above":1024},"value_distribution_method":{"type":"short"},"virtual_station_interface_id":{"type":"short"},"virtual_station_interface_name":{"type":"keyword","ignore_above":1024},"virtual_station_name":{"type":"keyword","ignore_above":1024},"virtual_station_uuid":{"type":"short"},"vlan_id":{"type":"long"},"vpn_identifier":{"type":"short"},"vr_fname":{"type":"keyword","ignore_above":1024},"wlan_channel_id":{"type":"short"},"wlan_ssid":{"type":"keyword","ignore_above":1024},"wtp_mac_address":{"type":"keyword","ignore_above":1024}}},"network":{"properties":{"application":{"type":"keyword","ignore_above":1024},"bytes":{"type":"long"},"community_id":{"type":"keyword","ignore_above":1024},"direction":{"type":"keyword","ignore_above":1024},"forwarded_ip":{"type":"ip"},"iana_number":{"type":"keyword","ignore_above":1024},"inner":{"properties":{"vlan":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}}}},"interface":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"name":{"type":"keyword","ignore_above":1024},"packets":{"type":"long"},"protocol":{"type":"keyword","ignore_above":1024},"transport":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"vlan":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}}}},"nginx":{"properties":{"error":{"properties":{"connection_id":{"type":"long"}}},"ingress_controller":{"properties":{"http":{"properties":{"request":{"properties":{"id":{"type":"keyword","ignore_above":1024},"length":{"type":"long"},"time":{"type":"double"}}}}},"upstream":{"properties":{"alternative_name":{"type":"keyword","ignore_above":1024},"ip":{"type":"ip"},"name":{"type":"keyword","ignore_above":1024},"port":{"type":"long"},"response":{"properties":{"length":{"type":"long"},"length_list":{"type":"keyword","ignore_above":1024},"status_code":{"type":"long"},"status_code_list":{"type":"keyword","ignore_above":1024},"time":{"type":"double"},"time_list":{"type":"keyword","ignore_above":1024}}}}},"upstream_address_list":{"type":"keyword","ignore_above":1024}}}}},"o365":{"properties":{"audit":{"properties":{"AADGroupId":{"type":"keyword","ignore_above":1024},"ActorContextId":{"type":"keyword","ignore_above":1024},"ActorIpAddress":{"type":"keyword","ignore_above":1024},"ActorUserId":{"type":"keyword","ignore_above":1024},"ActorYammerUserId":{"type":"keyword","ignore_above":1024},"AlertEntityId":{"type":"keyword","ignore_above":1024},"AlertId":{"type":"keyword","ignore_above":1024},"AlertType":{"type":"keyword","ignore_above":1024},"AppId":{"type":"keyword","ignore_above":1024},"ApplicationDisplayName":{"type":"keyword","ignore_above":1024},"ApplicationId":{"type":"keyword","ignore_above":1024},"AzureActiveDirectoryEventType":{"type":"keyword","ignore_above":1024},"Category":{"type":"keyword","ignore_above":1024},"ClientAppId":{"type":"keyword","ignore_above":1024},"ClientIP":{"type":"keyword","ignore_above":1024},"ClientIPAddress":{"type":"keyword","ignore_above":1024},"ClientInfoString":{"type":"keyword","ignore_above":1024},"Comments":{"type":"text","norms":false},"CommunicationType":{"type":"keyword","ignore_above":1024},"CorrelationId":{"type":"keyword","ignore_above":1024},"CreationTime":{"type":"keyword","ignore_above":1024},"CustomUniqueId":{"type":"keyword","ignore_above":1024},"Data":{"type":"keyword","ignore_above":1024},"DataType":{"type":"keyword","ignore_above":1024},"DoNotDistributeEvent":{"type":"boolean"},"EntityType":{"type":"keyword","ignore_above":1024},"ErrorNumber":{"type":"keyword","ignore_above":1024},"EventData":{"type":"keyword","ignore_above":1024},"EventSource":{"type":"keyword","ignore_above":1024},"ExceptionInfo":{"properties":{"*":{"type":"object"}}},"ExchangeMetaData":{"properties":{"*":{"type":"object"}}},"ExtendedProperties":{"properties":{"*":{"type":"object"}}},"ExternalAccess":{"type":"keyword","ignore_above":1024},"FromApp":{"type":"boolean"},"GroupName":{"type":"keyword","ignore_above":1024},"Id":{"type":"keyword","ignore_above":1024},"ImplicitShare":{"type":"keyword","ignore_above":1024},"IncidentId":{"type":"keyword","ignore_above":1024},"InterSystemsId":{"type":"keyword","ignore_above":1024},"InternalLogonType":{"type":"keyword","ignore_above":1024},"IntraSystemId":{"type":"keyword","ignore_above":1024},"IsDocLib":{"type":"boolean"},"Item":{"properties":{"*":{"properties":{"*":{"type":"object"}}}}},"ItemCount":{"type":"long"},"ItemName":{"type":"keyword","ignore_above":1024},"ItemType":{"type":"keyword","ignore_above":1024},"ListBaseTemplateType":{"type":"keyword","ignore_above":1024},"ListBaseType":{"type":"keyword","ignore_above":1024},"ListColor":{"type":"keyword","ignore_above":1024},"ListIcon":{"type":"keyword","ignore_above":1024},"ListId":{"type":"keyword","ignore_above":1024},"ListItemUniqueId":{"type":"keyword","ignore_above":1024},"ListTitle":{"type":"keyword","ignore_above":1024},"LogonError":{"type":"keyword","ignore_above":1024},"LogonType":{"type":"keyword","ignore_above":1024},"LogonUserSid":{"type":"keyword","ignore_above":1024},"MailboxGuid":{"type":"keyword","ignore_above":1024},"MailboxOwnerMasterAccountSid":{"type":"keyword","ignore_above":1024},"MailboxOwnerSid":{"type":"keyword","ignore_above":1024},"MailboxOwnerUPN":{"type":"keyword","ignore_above":1024},"Members":{"properties":{"*":{"type":"object"}}},"ModifiedProperties":{"properties":{"*":{"properties":{"*":{"type":"object"}}}}},"Name":{"type":"keyword","ignore_above":1024},"ObjectId":{"type":"keyword","ignore_above":1024},"Operation":{"type":"keyword","ignore_above":1024},"OrganizationId":{"type":"keyword","ignore_above":1024},"OrganizationName":{"type":"keyword","ignore_above":1024},"OriginatingServer":{"type":"keyword","ignore_above":1024},"Parameters":{"properties":{"*":{"type":"object"}}},"PolicyId":{"type":"keyword","ignore_above":1024},"RecordType":{"type":"keyword","ignore_above":1024},"ResultStatus":{"type":"keyword","ignore_above":1024},"SensitiveInfoDetectionIsIncluded":{"type":"keyword","ignore_above":1024},"SessionId":{"type":"keyword","ignore_above":1024},"Severity":{"type":"keyword","ignore_above":1024},"SharePointMetaData":{"properties":{"*":{"type":"object"}}},"Site":{"type":"keyword","ignore_above":1024},"SiteUrl":{"type":"keyword","ignore_above":1024},"Source":{"type":"keyword","ignore_above":1024},"SourceFileExtension":{"type":"keyword","ignore_above":1024},"SourceFileName":{"type":"keyword","ignore_above":1024},"SourceRelativeUrl":{"type":"keyword","ignore_above":1024},"Status":{"type":"keyword","ignore_above":1024},"SupportTicketId":{"type":"keyword","ignore_above":1024},"TargetContextId":{"type":"keyword","ignore_above":1024},"TargetUserOrGroupName":{"type":"keyword","ignore_above":1024},"TargetUserOrGroupType":{"type":"keyword","ignore_above":1024},"TeamGuid":{"type":"keyword","ignore_above":1024},"TeamName":{"type":"keyword","ignore_above":1024},"TemplateTypeId":{"type":"keyword","ignore_above":1024},"UniqueSharingId":{"type":"keyword","ignore_above":1024},"UserAgent":{"type":"keyword","ignore_above":1024},"UserId":{"type":"keyword","ignore_above":1024},"UserKey":{"type":"keyword","ignore_above":1024},"UserType":{"type":"keyword","ignore_above":1024},"Version":{"type":"keyword","ignore_above":1024},"WebId":{"type":"keyword","ignore_above":1024},"Workload":{"type":"keyword","ignore_above":1024},"YammerNetworkId":{"type":"keyword","ignore_above":1024}}}}},"object":{"properties":{"key":{"type":"keyword","ignore_above":1024}}},"observer":{"properties":{"egress":{"properties":{"interface":{"properties":{"alias":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"vlan":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"zone":{"type":"keyword","ignore_above":1024}}},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"hostname":{"type":"keyword","ignore_above":1024},"ingress":{"properties":{"interface":{"properties":{"alias":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"vlan":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"zone":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"mac":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"os":{"properties":{"family":{"type":"keyword","ignore_above":1024},"full":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"kernel":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"platform":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"product":{"type":"keyword","ignore_above":1024},"serial_number":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"vendor":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"okta":{"properties":{"actor":{"properties":{"alternate_id":{"type":"keyword","ignore_above":1024},"display_name":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"authentication_context":{"properties":{"authentication_provider":{"type":"keyword","ignore_above":1024},"authentication_step":{"type":"long"},"credential_provider":{"type":"keyword","ignore_above":1024},"credential_type":{"type":"keyword","ignore_above":1024},"external_session_id":{"type":"keyword","ignore_above":1024},"interface":{"type":"keyword","ignore_above":1024}}},"client":{"properties":{"device":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"ip":{"type":"ip"},"user_agent":{"properties":{"browser":{"type":"keyword","ignore_above":1024},"os":{"type":"keyword","ignore_above":1024},"raw_user_agent":{"type":"keyword","ignore_above":1024}}},"zone":{"type":"keyword","ignore_above":1024}}},"debug_context":{"properties":{"debug_data":{"properties":{"device_fingerprint":{"type":"keyword","ignore_above":1024},"request_id":{"type":"keyword","ignore_above":1024},"request_uri":{"type":"keyword","ignore_above":1024},"suspicious_activity":{"properties":{"browser":{"type":"keyword","ignore_above":1024},"event_city":{"type":"keyword","ignore_above":1024},"event_country":{"type":"keyword","ignore_above":1024},"event_id":{"type":"keyword","ignore_above":1024},"event_ip":{"type":"ip"},"event_latitude":{"type":"float"},"event_longitude":{"type":"float"},"event_state":{"type":"keyword","ignore_above":1024},"event_transaction_id":{"type":"keyword","ignore_above":1024},"event_type":{"type":"keyword","ignore_above":1024},"os":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"}}},"threat_suspected":{"type":"keyword","ignore_above":1024},"url":{"type":"keyword","ignore_above":1024}}}}},"display_message":{"type":"keyword","ignore_above":1024},"event_type":{"type":"keyword","ignore_above":1024},"outcome":{"properties":{"reason":{"type":"keyword","ignore_above":1024},"result":{"type":"keyword","ignore_above":1024}}},"request":{"properties":{"ip_chain":{"properties":{"geographical_context":{"properties":{"city":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"geolocation":{"type":"geo_point"},"postal_code":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"source":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}}}},"security_context":{"properties":{"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024}}}}},"domain":{"type":"keyword","ignore_above":1024},"is_proxy":{"type":"boolean"},"isp":{"type":"keyword","ignore_above":1024}}},"severity":{"type":"keyword","ignore_above":1024},"target":{"type":"flattened"},"transaction":{"properties":{"id":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"uuid":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"oracle":{"properties":{"database_audit":{"properties":{"action":{"type":"keyword","ignore_above":1024},"action_number":{"type":"keyword","ignore_above":1024},"client":{"properties":{"address":{"type":"keyword","ignore_above":1024},"terminal":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024}}},"database":{"properties":{"host":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024}}},"entry":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"length":{"type":"long"},"privilege":{"type":"keyword","ignore_above":1024},"session_id":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024}}}}},"orchestrator":{"properties":{"api_version":{"type":"keyword","ignore_above":1024},"cluster":{"properties":{"name":{"type":"keyword","ignore_above":1024},"url":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"namespace":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"resource":{"properties":{"name":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"type":{"type":"keyword","ignore_above":1024}}},"organization":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}},"os":{"properties":{"family":{"type":"keyword","ignore_above":1024},"full":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"kernel":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"platform":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"osquery":{"properties":{"result":{"properties":{"action":{"type":"keyword","ignore_above":1024},"calendar_time":{"type":"keyword","ignore_above":1024},"host_identifier":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"unix_time":{"type":"long"}}}}},"package":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"build_version":{"type":"keyword","ignore_above":1024},"checksum":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"install_scope":{"type":"keyword","ignore_above":1024},"installed":{"type":"date"},"license":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024},"size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"panw":{"properties":{"panos":{"properties":{"action":{"type":"keyword","ignore_above":1024},"actionflags":{"type":"keyword","ignore_above":1024},"attempted_gateways":{"type":"keyword","ignore_above":1024},"auth_method":{"type":"keyword","ignore_above":1024},"client_os":{"type":"keyword","ignore_above":1024},"client_os_ver":{"type":"keyword","ignore_above":1024},"client_ver":{"type":"keyword","ignore_above":1024},"connect_method":{"type":"keyword","ignore_above":1024},"datasource":{"type":"keyword","ignore_above":1024},"datasourcename":{"type":"keyword","ignore_above":1024},"datasourcetype":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"destination":{"properties":{"interface":{"type":"keyword","ignore_above":1024},"nat":{"properties":{"ip":{"type":"ip"},"port":{"type":"long"}}},"zone":{"type":"keyword","ignore_above":1024}}},"device_group_hierarchy":{"properties":{"level_1":{"type":"keyword","ignore_above":1024},"level_2":{"type":"keyword","ignore_above":1024},"level_3":{"type":"keyword","ignore_above":1024},"level_4":{"type":"keyword","ignore_above":1024}}},"endreason":{"type":"keyword","ignore_above":1024},"error":{"type":"keyword","ignore_above":1024},"error_code":{"type":"long"},"factorcompletiontime":{"type":"date"},"factorno":{"type":"long"},"factortype":{"type":"keyword","ignore_above":1024},"file":{"properties":{"hash":{"type":"keyword","ignore_above":1024}}},"flow_id":{"type":"keyword","ignore_above":1024},"gateway":{"type":"keyword","ignore_above":1024},"matchname":{"type":"keyword","ignore_above":1024},"matchtype":{"type":"keyword","ignore_above":1024},"network":{"properties":{"nat":{"properties":{"community_id":{"type":"keyword","ignore_above":1024}}},"pcap_id":{"type":"keyword","ignore_above":1024}}},"priority":{"type":"keyword","ignore_above":1024},"repeatcnt":{"type":"long"},"response_time":{"type":"keyword","ignore_above":1024},"ruleset":{"type":"keyword","ignore_above":1024},"selection_type":{"type":"keyword","ignore_above":1024},"sequence_number":{"type":"long"},"serial_number":{"type":"keyword","ignore_above":1024},"source":{"properties":{"interface":{"type":"keyword","ignore_above":1024},"nat":{"properties":{"ip":{"type":"ip"},"port":{"type":"long"}}},"zone":{"type":"keyword","ignore_above":1024}}},"stage":{"type":"keyword","ignore_above":1024},"sub_type":{"type":"keyword","ignore_above":1024},"threat":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"resource":{"type":"keyword","ignore_above":1024}}},"timeout":{"type":"long"},"tunnel_type":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"ugflags":{"type":"keyword","ignore_above":1024},"url":{"properties":{"category":{"type":"keyword","ignore_above":1024}}},"virtual_sys":{"type":"keyword","ignore_above":1024},"vsys_id":{"type":"keyword","ignore_above":1024},"vsys_name":{"type":"keyword","ignore_above":1024}}}}},"pe":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"company":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"file_version":{"type":"keyword","ignore_above":1024},"imphash":{"type":"keyword","ignore_above":1024},"original_file_name":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024}}},"pensando":{"properties":{"dfw":{"properties":{"action":{"type":"keyword","ignore_above":1024},"app_id":{"type":"long"},"destination_address":{"type":"keyword","ignore_above":1024},"destination_port":{"type":"long"},"direction":{"type":"keyword","ignore_above":1024},"protocol":{"type":"keyword","ignore_above":1024},"rule_id":{"type":"keyword","ignore_above":1024},"session_id":{"type":"long"},"session_state":{"type":"keyword","ignore_above":1024},"source_address":{"type":"keyword","ignore_above":1024},"source_port":{"type":"long"},"timestamp":{"type":"date"}}}}},"postgresql":{"properties":{"log":{"properties":{"application_name":{"type":"keyword","ignore_above":1024},"backend_type":{"type":"keyword","ignore_above":1024},"client_addr":{"type":"keyword","ignore_above":1024},"client_port":{"type":"keyword","ignore_above":1024},"command_tag":{"type":"keyword","ignore_above":1024},"context":{"type":"keyword","ignore_above":1024},"core_id":{"type":"alias","path":"postgresql.log.session_line_number"},"database":{"type":"keyword","ignore_above":1024},"detail":{"type":"keyword","ignore_above":1024},"error":{"properties":{"code":{"type":"alias","path":"postgresql.log.sql_state_code"}}},"hint":{"type":"keyword","ignore_above":1024},"internal_query":{"type":"keyword","ignore_above":1024},"internal_query_pos":{"type":"long"},"location":{"type":"keyword","ignore_above":1024},"query":{"type":"keyword","ignore_above":1024},"query_name":{"type":"keyword","ignore_above":1024},"query_pos":{"type":"long"},"query_step":{"type":"keyword","ignore_above":1024},"session_id":{"type":"keyword","ignore_above":1024},"session_line_number":{"type":"long"},"session_start_time":{"type":"date"},"sql_state_code":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"keyword","ignore_above":1024},"transaction_id":{"type":"long"},"virtual_transaction_id":{"type":"keyword","ignore_above":1024}}}}},"process":{"properties":{"args":{"type":"keyword","ignore_above":1024},"args_count":{"type":"long"},"code_signature":{"properties":{"digest_algorithm":{"type":"keyword","ignore_above":1024},"exists":{"type":"boolean"},"signing_id":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"subject_name":{"type":"keyword","ignore_above":1024},"team_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"trusted":{"type":"boolean"},"valid":{"type":"boolean"}}},"command_line":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"elf":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"byte_order":{"type":"keyword","ignore_above":1024},"cpu_type":{"type":"keyword","ignore_above":1024},"creation_date":{"type":"date"},"exports":{"type":"flattened"},"header":{"properties":{"abi_version":{"type":"keyword","ignore_above":1024},"class":{"type":"keyword","ignore_above":1024},"data":{"type":"keyword","ignore_above":1024},"entrypoint":{"type":"long"},"object_version":{"type":"keyword","ignore_above":1024},"os_abi":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"imports":{"type":"flattened"},"sections":{"type":"nested","properties":{"chi2":{"type":"long"},"entropy":{"type":"long"},"flags":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"physical_offset":{"type":"keyword","ignore_above":1024},"physical_size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"virtual_address":{"type":"long"},"virtual_size":{"type":"long"}}},"segments":{"type":"nested","properties":{"sections":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"shared_libraries":{"type":"keyword","ignore_above":1024},"telfhash":{"type":"keyword","ignore_above":1024}}},"end":{"type":"date"},"entity_id":{"type":"keyword","ignore_above":1024},"executable":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"exit_code":{"type":"long"},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"sha512":{"type":"keyword","ignore_above":1024},"ssdeep":{"type":"keyword","ignore_above":1024}}},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"parent":{"properties":{"args":{"type":"keyword","ignore_above":1024},"args_count":{"type":"long"},"code_signature":{"properties":{"digest_algorithm":{"type":"keyword","ignore_above":1024},"exists":{"type":"boolean"},"signing_id":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"subject_name":{"type":"keyword","ignore_above":1024},"team_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"trusted":{"type":"boolean"},"valid":{"type":"boolean"}}},"command_line":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"elf":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"byte_order":{"type":"keyword","ignore_above":1024},"cpu_type":{"type":"keyword","ignore_above":1024},"creation_date":{"type":"date"},"exports":{"type":"flattened"},"header":{"properties":{"abi_version":{"type":"keyword","ignore_above":1024},"class":{"type":"keyword","ignore_above":1024},"data":{"type":"keyword","ignore_above":1024},"entrypoint":{"type":"long"},"object_version":{"type":"keyword","ignore_above":1024},"os_abi":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"imports":{"type":"flattened"},"sections":{"type":"nested","properties":{"chi2":{"type":"long"},"entropy":{"type":"long"},"flags":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"physical_offset":{"type":"keyword","ignore_above":1024},"physical_size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"virtual_address":{"type":"long"},"virtual_size":{"type":"long"}}},"segments":{"type":"nested","properties":{"sections":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"shared_libraries":{"type":"keyword","ignore_above":1024},"telfhash":{"type":"keyword","ignore_above":1024}}},"end":{"type":"date"},"entity_id":{"type":"keyword","ignore_above":1024},"executable":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"exit_code":{"type":"long"},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"sha512":{"type":"keyword","ignore_above":1024},"ssdeep":{"type":"keyword","ignore_above":1024}}},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"pe":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"company":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"file_version":{"type":"keyword","ignore_above":1024},"imphash":{"type":"keyword","ignore_above":1024},"original_file_name":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024}}},"pgid":{"type":"long"},"pid":{"type":"long"},"ppid":{"type":"long"},"start":{"type":"date"},"thread":{"properties":{"id":{"type":"long"},"name":{"type":"keyword","ignore_above":1024}}},"title":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"uptime":{"type":"long"},"working_directory":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}},"pe":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"company":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"file_version":{"type":"keyword","ignore_above":1024},"imphash":{"type":"keyword","ignore_above":1024},"original_file_name":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024}}},"pgid":{"type":"long"},"pid":{"type":"long"},"ppid":{"type":"long"},"program":{"type":"keyword","ignore_above":1024},"start":{"type":"date"},"thread":{"properties":{"id":{"type":"long"},"name":{"type":"keyword","ignore_above":1024}}},"title":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"uptime":{"type":"long"},"working_directory":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}},"rabbitmq":{"properties":{"log":{"properties":{"pid":{"type":"keyword","ignore_above":1024}}}}},"redis":{"properties":{"log":{"properties":{"role":{"type":"keyword","ignore_above":1024}}},"slowlog":{"properties":{"args":{"type":"keyword","ignore_above":1024},"cmd":{"type":"keyword","ignore_above":1024},"duration":{"properties":{"us":{"type":"long"}}},"id":{"type":"long"},"key":{"type":"keyword","ignore_above":1024}}}}},"registry":{"properties":{"data":{"properties":{"bytes":{"type":"keyword","ignore_above":1024},"strings":{"type":"wildcard","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"hive":{"type":"keyword","ignore_above":1024},"key":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"related":{"properties":{"hash":{"type":"keyword","ignore_above":1024},"hosts":{"type":"keyword","ignore_above":1024},"ip":{"type":"ip"},"user":{"type":"keyword","ignore_above":1024}}},"rsa":{"properties":{"counters":{"properties":{"dclass_c1":{"type":"long"},"dclass_c1_str":{"type":"keyword","ignore_above":1024},"dclass_c2":{"type":"long"},"dclass_c2_str":{"type":"keyword","ignore_above":1024},"dclass_c3":{"type":"long"},"dclass_c3_str":{"type":"keyword","ignore_above":1024},"dclass_r1":{"type":"keyword","ignore_above":1024},"dclass_r1_str":{"type":"keyword","ignore_above":1024},"dclass_r2":{"type":"keyword","ignore_above":1024},"dclass_r2_str":{"type":"keyword","ignore_above":1024},"dclass_r3":{"type":"keyword","ignore_above":1024},"dclass_r3_str":{"type":"keyword","ignore_above":1024},"event_counter":{"type":"long"}}},"crypto":{"properties":{"cert_ca":{"type":"keyword","ignore_above":1024},"cert_checksum":{"type":"keyword","ignore_above":1024},"cert_common":{"type":"keyword","ignore_above":1024},"cert_error":{"type":"keyword","ignore_above":1024},"cert_host_cat":{"type":"keyword","ignore_above":1024},"cert_host_name":{"type":"keyword","ignore_above":1024},"cert_issuer":{"type":"keyword","ignore_above":1024},"cert_keysize":{"type":"keyword","ignore_above":1024},"cert_serial":{"type":"keyword","ignore_above":1024},"cert_status":{"type":"keyword","ignore_above":1024},"cert_subject":{"type":"keyword","ignore_above":1024},"cert_username":{"type":"keyword","ignore_above":1024},"cipher_dst":{"type":"keyword","ignore_above":1024},"cipher_size_dst":{"type":"long"},"cipher_size_src":{"type":"long"},"cipher_src":{"type":"keyword","ignore_above":1024},"crypto":{"type":"keyword","ignore_above":1024},"d_certauth":{"type":"keyword","ignore_above":1024},"https_insact":{"type":"keyword","ignore_above":1024},"https_valid":{"type":"keyword","ignore_above":1024},"ike":{"type":"keyword","ignore_above":1024},"ike_cookie1":{"type":"keyword","ignore_above":1024},"ike_cookie2":{"type":"keyword","ignore_above":1024},"peer":{"type":"keyword","ignore_above":1024},"peer_id":{"type":"keyword","ignore_above":1024},"s_certauth":{"type":"keyword","ignore_above":1024},"scheme":{"type":"keyword","ignore_above":1024},"sig_type":{"type":"keyword","ignore_above":1024},"ssl_ver_dst":{"type":"keyword","ignore_above":1024},"ssl_ver_src":{"type":"keyword","ignore_above":1024}}},"db":{"properties":{"database":{"type":"keyword","ignore_above":1024},"db_id":{"type":"keyword","ignore_above":1024},"db_pid":{"type":"long"},"index":{"type":"keyword","ignore_above":1024},"instance":{"type":"keyword","ignore_above":1024},"lread":{"type":"long"},"lwrite":{"type":"long"},"permissions":{"type":"keyword","ignore_above":1024},"pread":{"type":"long"},"table_name":{"type":"keyword","ignore_above":1024},"transact_id":{"type":"keyword","ignore_above":1024}}},"email":{"properties":{"email":{"type":"keyword","ignore_above":1024},"email_dst":{"type":"keyword","ignore_above":1024},"email_src":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024},"trans_from":{"type":"keyword","ignore_above":1024},"trans_to":{"type":"keyword","ignore_above":1024}}},"endpoint":{"properties":{"host_state":{"type":"keyword","ignore_above":1024},"registry_key":{"type":"keyword","ignore_above":1024},"registry_value":{"type":"keyword","ignore_above":1024}}},"file":{"properties":{"attachment":{"type":"keyword","ignore_above":1024},"binary":{"type":"keyword","ignore_above":1024},"directory_dst":{"type":"keyword","ignore_above":1024},"directory_src":{"type":"keyword","ignore_above":1024},"file_entropy":{"type":"double"},"file_vendor":{"type":"keyword","ignore_above":1024},"filename_dst":{"type":"keyword","ignore_above":1024},"filename_src":{"type":"keyword","ignore_above":1024},"filename_tmp":{"type":"keyword","ignore_above":1024},"filesystem":{"type":"keyword","ignore_above":1024},"privilege":{"type":"keyword","ignore_above":1024},"task_name":{"type":"keyword","ignore_above":1024}}},"healthcare":{"properties":{"patient_fname":{"type":"keyword","ignore_above":1024},"patient_id":{"type":"keyword","ignore_above":1024},"patient_lname":{"type":"keyword","ignore_above":1024},"patient_mname":{"type":"keyword","ignore_above":1024}}},"identity":{"properties":{"accesses":{"type":"keyword","ignore_above":1024},"auth_method":{"type":"keyword","ignore_above":1024},"dn":{"type":"keyword","ignore_above":1024},"dn_dst":{"type":"keyword","ignore_above":1024},"dn_src":{"type":"keyword","ignore_above":1024},"federated_idp":{"type":"keyword","ignore_above":1024},"federated_sp":{"type":"keyword","ignore_above":1024},"firstname":{"type":"keyword","ignore_above":1024},"host_role":{"type":"keyword","ignore_above":1024},"lastname":{"type":"keyword","ignore_above":1024},"ldap":{"type":"keyword","ignore_above":1024},"ldap_query":{"type":"keyword","ignore_above":1024},"ldap_response":{"type":"keyword","ignore_above":1024},"logon_type":{"type":"keyword","ignore_above":1024},"logon_type_desc":{"type":"keyword","ignore_above":1024},"middlename":{"type":"keyword","ignore_above":1024},"org":{"type":"keyword","ignore_above":1024},"owner":{"type":"keyword","ignore_above":1024},"password":{"type":"keyword","ignore_above":1024},"profile":{"type":"keyword","ignore_above":1024},"realm":{"type":"keyword","ignore_above":1024},"service_account":{"type":"keyword","ignore_above":1024},"user_dept":{"type":"keyword","ignore_above":1024},"user_role":{"type":"keyword","ignore_above":1024},"user_sid_dst":{"type":"keyword","ignore_above":1024},"user_sid_src":{"type":"keyword","ignore_above":1024}}},"internal":{"properties":{"audit_class":{"type":"keyword","ignore_above":1024},"cid":{"type":"keyword","ignore_above":1024},"data":{"type":"keyword","ignore_above":1024},"dead":{"type":"long"},"device_class":{"type":"keyword","ignore_above":1024},"device_group":{"type":"keyword","ignore_above":1024},"device_host":{"type":"keyword","ignore_above":1024},"device_ip":{"type":"ip"},"device_ipv6":{"type":"ip"},"device_type":{"type":"keyword","ignore_above":1024},"device_type_id":{"type":"long"},"did":{"type":"keyword","ignore_above":1024},"entropy_req":{"type":"long"},"entropy_res":{"type":"long"},"entry":{"type":"keyword","ignore_above":1024},"event_desc":{"type":"keyword","ignore_above":1024},"event_name":{"type":"keyword","ignore_above":1024},"feed_category":{"type":"keyword","ignore_above":1024},"feed_desc":{"type":"keyword","ignore_above":1024},"feed_name":{"type":"keyword","ignore_above":1024},"forward_ip":{"type":"ip"},"forward_ipv6":{"type":"ip"},"hcode":{"type":"keyword","ignore_above":1024},"header_id":{"type":"keyword","ignore_above":1024},"inode":{"type":"long"},"lc_cid":{"type":"keyword","ignore_above":1024},"lc_ctime":{"type":"date"},"level":{"type":"long"},"mcb_req":{"type":"long"},"mcb_res":{"type":"long"},"mcbc_req":{"type":"long"},"mcbc_res":{"type":"long"},"medium":{"type":"long"},"message":{"type":"keyword","ignore_above":1024},"messageid":{"type":"keyword","ignore_above":1024},"msg":{"type":"keyword","ignore_above":1024},"msg_id":{"type":"keyword","ignore_above":1024},"msg_vid":{"type":"keyword","ignore_above":1024},"node_name":{"type":"keyword","ignore_above":1024},"nwe_callback_id":{"type":"keyword","ignore_above":1024},"obj_id":{"type":"keyword","ignore_above":1024},"obj_server":{"type":"keyword","ignore_above":1024},"obj_val":{"type":"keyword","ignore_above":1024},"parse_error":{"type":"keyword","ignore_above":1024},"payload_req":{"type":"long"},"payload_res":{"type":"long"},"process_vid_dst":{"type":"keyword","ignore_above":1024},"process_vid_src":{"type":"keyword","ignore_above":1024},"resource":{"type":"keyword","ignore_above":1024},"resource_class":{"type":"keyword","ignore_above":1024},"rid":{"type":"long"},"session_split":{"type":"keyword","ignore_above":1024},"site":{"type":"keyword","ignore_above":1024},"size":{"type":"long"},"sourcefile":{"type":"keyword","ignore_above":1024},"statement":{"type":"keyword","ignore_above":1024},"time":{"type":"date"},"ubc_req":{"type":"long"},"ubc_res":{"type":"long"},"word":{"type":"keyword","ignore_above":1024}}},"investigations":{"properties":{"analysis_file":{"type":"keyword","ignore_above":1024},"analysis_service":{"type":"keyword","ignore_above":1024},"analysis_session":{"type":"keyword","ignore_above":1024},"boc":{"type":"keyword","ignore_above":1024},"ec_activity":{"type":"keyword","ignore_above":1024},"ec_outcome":{"type":"keyword","ignore_above":1024},"ec_subject":{"type":"keyword","ignore_above":1024},"ec_theme":{"type":"keyword","ignore_above":1024},"eoc":{"type":"keyword","ignore_above":1024},"event_cat":{"type":"long"},"event_cat_name":{"type":"keyword","ignore_above":1024},"event_vcat":{"type":"keyword","ignore_above":1024},"inv_category":{"type":"keyword","ignore_above":1024},"inv_context":{"type":"keyword","ignore_above":1024},"ioc":{"type":"keyword","ignore_above":1024}}},"misc":{"properties":{"OS":{"type":"keyword","ignore_above":1024},"acl_id":{"type":"keyword","ignore_above":1024},"acl_op":{"type":"keyword","ignore_above":1024},"acl_pos":{"type":"keyword","ignore_above":1024},"acl_table":{"type":"keyword","ignore_above":1024},"action":{"type":"keyword","ignore_above":1024},"admin":{"type":"keyword","ignore_above":1024},"agent_id":{"type":"keyword","ignore_above":1024},"alarm_id":{"type":"keyword","ignore_above":1024},"alarmname":{"type":"keyword","ignore_above":1024},"alert_id":{"type":"keyword","ignore_above":1024},"app_id":{"type":"keyword","ignore_above":1024},"audit":{"type":"keyword","ignore_above":1024},"audit_object":{"type":"keyword","ignore_above":1024},"auditdata":{"type":"keyword","ignore_above":1024},"autorun_type":{"type":"keyword","ignore_above":1024},"benchmark":{"type":"keyword","ignore_above":1024},"bypass":{"type":"keyword","ignore_above":1024},"cache":{"type":"keyword","ignore_above":1024},"cache_hit":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"cc_number":{"type":"long"},"cefversion":{"type":"keyword","ignore_above":1024},"cfg_attr":{"type":"keyword","ignore_above":1024},"cfg_obj":{"type":"keyword","ignore_above":1024},"cfg_path":{"type":"keyword","ignore_above":1024},"change_attrib":{"type":"keyword","ignore_above":1024},"change_new":{"type":"keyword","ignore_above":1024},"change_old":{"type":"keyword","ignore_above":1024},"changes":{"type":"keyword","ignore_above":1024},"checksum":{"type":"keyword","ignore_above":1024},"checksum_dst":{"type":"keyword","ignore_above":1024},"checksum_src":{"type":"keyword","ignore_above":1024},"client":{"type":"keyword","ignore_above":1024},"client_ip":{"type":"keyword","ignore_above":1024},"clustermembers":{"type":"keyword","ignore_above":1024},"cmd":{"type":"keyword","ignore_above":1024},"cn_acttimeout":{"type":"keyword","ignore_above":1024},"cn_asn_src":{"type":"keyword","ignore_above":1024},"cn_bgpv4nxthop":{"type":"keyword","ignore_above":1024},"cn_ctr_dst_code":{"type":"keyword","ignore_above":1024},"cn_dst_tos":{"type":"keyword","ignore_above":1024},"cn_dst_vlan":{"type":"keyword","ignore_above":1024},"cn_engine_id":{"type":"keyword","ignore_above":1024},"cn_engine_type":{"type":"keyword","ignore_above":1024},"cn_f_switch":{"type":"keyword","ignore_above":1024},"cn_flowsampid":{"type":"keyword","ignore_above":1024},"cn_flowsampintv":{"type":"keyword","ignore_above":1024},"cn_flowsampmode":{"type":"keyword","ignore_above":1024},"cn_inacttimeout":{"type":"keyword","ignore_above":1024},"cn_inpermbyts":{"type":"keyword","ignore_above":1024},"cn_inpermpckts":{"type":"keyword","ignore_above":1024},"cn_invalid":{"type":"keyword","ignore_above":1024},"cn_ip_proto_ver":{"type":"keyword","ignore_above":1024},"cn_ipv4_ident":{"type":"keyword","ignore_above":1024},"cn_l_switch":{"type":"keyword","ignore_above":1024},"cn_log_did":{"type":"keyword","ignore_above":1024},"cn_log_rid":{"type":"keyword","ignore_above":1024},"cn_max_ttl":{"type":"keyword","ignore_above":1024},"cn_maxpcktlen":{"type":"keyword","ignore_above":1024},"cn_min_ttl":{"type":"keyword","ignore_above":1024},"cn_minpcktlen":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_1":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_10":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_2":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_3":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_4":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_5":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_6":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_7":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_8":{"type":"keyword","ignore_above":1024},"cn_mpls_lbl_9":{"type":"keyword","ignore_above":1024},"cn_mplstoplabel":{"type":"keyword","ignore_above":1024},"cn_mplstoplabip":{"type":"keyword","ignore_above":1024},"cn_mul_dst_byt":{"type":"keyword","ignore_above":1024},"cn_mul_dst_pks":{"type":"keyword","ignore_above":1024},"cn_muligmptype":{"type":"keyword","ignore_above":1024},"cn_sampalgo":{"type":"keyword","ignore_above":1024},"cn_sampint":{"type":"keyword","ignore_above":1024},"cn_seqctr":{"type":"keyword","ignore_above":1024},"cn_spackets":{"type":"keyword","ignore_above":1024},"cn_src_tos":{"type":"keyword","ignore_above":1024},"cn_src_vlan":{"type":"keyword","ignore_above":1024},"cn_sysuptime":{"type":"keyword","ignore_above":1024},"cn_template_id":{"type":"keyword","ignore_above":1024},"cn_totbytsexp":{"type":"keyword","ignore_above":1024},"cn_totflowexp":{"type":"keyword","ignore_above":1024},"cn_totpcktsexp":{"type":"keyword","ignore_above":1024},"cn_unixnanosecs":{"type":"keyword","ignore_above":1024},"cn_v6flowlabel":{"type":"keyword","ignore_above":1024},"cn_v6optheaders":{"type":"keyword","ignore_above":1024},"code":{"type":"keyword","ignore_above":1024},"command":{"type":"keyword","ignore_above":1024},"comments":{"type":"keyword","ignore_above":1024},"comp_class":{"type":"keyword","ignore_above":1024},"comp_name":{"type":"keyword","ignore_above":1024},"comp_rbytes":{"type":"keyword","ignore_above":1024},"comp_sbytes":{"type":"keyword","ignore_above":1024},"comp_version":{"type":"keyword","ignore_above":1024},"connection_id":{"type":"keyword","ignore_above":1024},"content":{"type":"keyword","ignore_above":1024},"content_type":{"type":"keyword","ignore_above":1024},"content_version":{"type":"keyword","ignore_above":1024},"context":{"type":"keyword","ignore_above":1024},"context_subject":{"type":"keyword","ignore_above":1024},"context_target":{"type":"keyword","ignore_above":1024},"count":{"type":"keyword","ignore_above":1024},"cpu":{"type":"long"},"cpu_data":{"type":"keyword","ignore_above":1024},"criticality":{"type":"keyword","ignore_above":1024},"cs_agency_dst":{"type":"keyword","ignore_above":1024},"cs_analyzedby":{"type":"keyword","ignore_above":1024},"cs_av_other":{"type":"keyword","ignore_above":1024},"cs_av_primary":{"type":"keyword","ignore_above":1024},"cs_av_secondary":{"type":"keyword","ignore_above":1024},"cs_bgpv6nxthop":{"type":"keyword","ignore_above":1024},"cs_bit9status":{"type":"keyword","ignore_above":1024},"cs_context":{"type":"keyword","ignore_above":1024},"cs_control":{"type":"keyword","ignore_above":1024},"cs_data":{"type":"keyword","ignore_above":1024},"cs_datecret":{"type":"keyword","ignore_above":1024},"cs_dst_tld":{"type":"keyword","ignore_above":1024},"cs_eth_dst_ven":{"type":"keyword","ignore_above":1024},"cs_eth_src_ven":{"type":"keyword","ignore_above":1024},"cs_event_uuid":{"type":"keyword","ignore_above":1024},"cs_filetype":{"type":"keyword","ignore_above":1024},"cs_fld":{"type":"keyword","ignore_above":1024},"cs_if_desc":{"type":"keyword","ignore_above":1024},"cs_if_name":{"type":"keyword","ignore_above":1024},"cs_ip_next_hop":{"type":"keyword","ignore_above":1024},"cs_ipv4dstpre":{"type":"keyword","ignore_above":1024},"cs_ipv4srcpre":{"type":"keyword","ignore_above":1024},"cs_lifetime":{"type":"keyword","ignore_above":1024},"cs_log_medium":{"type":"keyword","ignore_above":1024},"cs_loginname":{"type":"keyword","ignore_above":1024},"cs_modulescore":{"type":"keyword","ignore_above":1024},"cs_modulesign":{"type":"keyword","ignore_above":1024},"cs_opswatresult":{"type":"keyword","ignore_above":1024},"cs_payload":{"type":"keyword","ignore_above":1024},"cs_registrant":{"type":"keyword","ignore_above":1024},"cs_registrar":{"type":"keyword","ignore_above":1024},"cs_represult":{"type":"keyword","ignore_above":1024},"cs_rpayload":{"type":"keyword","ignore_above":1024},"cs_sampler_name":{"type":"keyword","ignore_above":1024},"cs_sourcemodule":{"type":"keyword","ignore_above":1024},"cs_streams":{"type":"keyword","ignore_above":1024},"cs_targetmodule":{"type":"keyword","ignore_above":1024},"cs_v6nxthop":{"type":"keyword","ignore_above":1024},"cs_whois_server":{"type":"keyword","ignore_above":1024},"cs_yararesult":{"type":"keyword","ignore_above":1024},"cve":{"type":"keyword","ignore_above":1024},"data_type":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"device_name":{"type":"keyword","ignore_above":1024},"devvendor":{"type":"keyword","ignore_above":1024},"disposition":{"type":"keyword","ignore_above":1024},"distance":{"type":"keyword","ignore_above":1024},"doc_number":{"type":"long"},"dstburb":{"type":"keyword","ignore_above":1024},"edomain":{"type":"keyword","ignore_above":1024},"edomaub":{"type":"keyword","ignore_above":1024},"ein_number":{"type":"long"},"error":{"type":"keyword","ignore_above":1024},"euid":{"type":"keyword","ignore_above":1024},"event_category":{"type":"keyword","ignore_above":1024},"event_computer":{"type":"keyword","ignore_above":1024},"event_desc":{"type":"keyword","ignore_above":1024},"event_id":{"type":"keyword","ignore_above":1024},"event_log":{"type":"keyword","ignore_above":1024},"event_source":{"type":"keyword","ignore_above":1024},"event_state":{"type":"keyword","ignore_above":1024},"event_type":{"type":"keyword","ignore_above":1024},"event_user":{"type":"keyword","ignore_above":1024},"expected_val":{"type":"keyword","ignore_above":1024},"facility":{"type":"keyword","ignore_above":1024},"facilityname":{"type":"keyword","ignore_above":1024},"fcatnum":{"type":"keyword","ignore_above":1024},"filter":{"type":"keyword","ignore_above":1024},"finterface":{"type":"keyword","ignore_above":1024},"flags":{"type":"keyword","ignore_above":1024},"forensic_info":{"type":"keyword","ignore_above":1024},"found":{"type":"keyword","ignore_above":1024},"fresult":{"type":"long"},"gaddr":{"type":"keyword","ignore_above":1024},"group":{"type":"keyword","ignore_above":1024},"group_id":{"type":"keyword","ignore_above":1024},"group_object":{"type":"keyword","ignore_above":1024},"hardware_id":{"type":"keyword","ignore_above":1024},"id3":{"type":"keyword","ignore_above":1024},"im_buddyid":{"type":"keyword","ignore_above":1024},"im_buddyname":{"type":"keyword","ignore_above":1024},"im_client":{"type":"keyword","ignore_above":1024},"im_croomid":{"type":"keyword","ignore_above":1024},"im_croomtype":{"type":"keyword","ignore_above":1024},"im_members":{"type":"keyword","ignore_above":1024},"im_userid":{"type":"keyword","ignore_above":1024},"im_username":{"type":"keyword","ignore_above":1024},"index":{"type":"keyword","ignore_above":1024},"inout":{"type":"keyword","ignore_above":1024},"ipkt":{"type":"keyword","ignore_above":1024},"ipscat":{"type":"keyword","ignore_above":1024},"ipspri":{"type":"keyword","ignore_above":1024},"job_num":{"type":"keyword","ignore_above":1024},"jobname":{"type":"keyword","ignore_above":1024},"language":{"type":"keyword","ignore_above":1024},"latitude":{"type":"keyword","ignore_above":1024},"library":{"type":"keyword","ignore_above":1024},"lifetime":{"type":"long"},"linenum":{"type":"keyword","ignore_above":1024},"link":{"type":"keyword","ignore_above":1024},"list_name":{"type":"keyword","ignore_above":1024},"listnum":{"type":"keyword","ignore_above":1024},"load_data":{"type":"keyword","ignore_above":1024},"location_floor":{"type":"keyword","ignore_above":1024},"location_mark":{"type":"keyword","ignore_above":1024},"log_id":{"type":"keyword","ignore_above":1024},"log_session_id":{"type":"keyword","ignore_above":1024},"log_session_id1":{"type":"keyword","ignore_above":1024},"log_type":{"type":"keyword","ignore_above":1024},"logid":{"type":"keyword","ignore_above":1024},"logip":{"type":"keyword","ignore_above":1024},"logname":{"type":"keyword","ignore_above":1024},"longitude":{"type":"keyword","ignore_above":1024},"lport":{"type":"keyword","ignore_above":1024},"mail_id":{"type":"keyword","ignore_above":1024},"match":{"type":"keyword","ignore_above":1024},"mbug_data":{"type":"keyword","ignore_above":1024},"message_body":{"type":"keyword","ignore_above":1024},"misc":{"type":"keyword","ignore_above":1024},"misc_name":{"type":"keyword","ignore_above":1024},"mode":{"type":"keyword","ignore_above":1024},"msgIdPart1":{"type":"keyword","ignore_above":1024},"msgIdPart2":{"type":"keyword","ignore_above":1024},"msgIdPart3":{"type":"keyword","ignore_above":1024},"msgIdPart4":{"type":"keyword","ignore_above":1024},"msg_type":{"type":"keyword","ignore_above":1024},"msgid":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"netsessid":{"type":"keyword","ignore_above":1024},"node":{"type":"keyword","ignore_above":1024},"ntype":{"type":"keyword","ignore_above":1024},"num":{"type":"keyword","ignore_above":1024},"number":{"type":"keyword","ignore_above":1024},"number1":{"type":"keyword","ignore_above":1024},"number2":{"type":"keyword","ignore_above":1024},"nwwn":{"type":"keyword","ignore_above":1024},"obj_name":{"type":"keyword","ignore_above":1024},"obj_type":{"type":"keyword","ignore_above":1024},"object":{"type":"keyword","ignore_above":1024},"observed_val":{"type":"keyword","ignore_above":1024},"operation":{"type":"keyword","ignore_above":1024},"operation_id":{"type":"keyword","ignore_above":1024},"opkt":{"type":"keyword","ignore_above":1024},"orig_from":{"type":"keyword","ignore_above":1024},"owner_id":{"type":"keyword","ignore_above":1024},"p_action":{"type":"keyword","ignore_above":1024},"p_filter":{"type":"keyword","ignore_above":1024},"p_group_object":{"type":"keyword","ignore_above":1024},"p_id":{"type":"keyword","ignore_above":1024},"p_msgid":{"type":"keyword","ignore_above":1024},"p_msgid1":{"type":"keyword","ignore_above":1024},"p_msgid2":{"type":"keyword","ignore_above":1024},"p_result1":{"type":"keyword","ignore_above":1024},"param":{"type":"keyword","ignore_above":1024},"param_dst":{"type":"keyword","ignore_above":1024},"param_src":{"type":"keyword","ignore_above":1024},"parent_node":{"type":"keyword","ignore_above":1024},"password_chg":{"type":"keyword","ignore_above":1024},"password_expire":{"type":"keyword","ignore_above":1024},"payload_dst":{"type":"keyword","ignore_above":1024},"payload_src":{"type":"keyword","ignore_above":1024},"permgranted":{"type":"keyword","ignore_above":1024},"permwanted":{"type":"keyword","ignore_above":1024},"pgid":{"type":"keyword","ignore_above":1024},"phone":{"type":"keyword","ignore_above":1024},"pid":{"type":"keyword","ignore_above":1024},"policy":{"type":"keyword","ignore_above":1024},"policyUUID":{"type":"keyword","ignore_above":1024},"policy_id":{"type":"keyword","ignore_above":1024},"policy_name":{"type":"keyword","ignore_above":1024},"policy_value":{"type":"keyword","ignore_above":1024},"policy_waiver":{"type":"keyword","ignore_above":1024},"pool_id":{"type":"keyword","ignore_above":1024},"pool_name":{"type":"keyword","ignore_above":1024},"port_name":{"type":"keyword","ignore_above":1024},"priority":{"type":"keyword","ignore_above":1024},"process_id_val":{"type":"keyword","ignore_above":1024},"prog_asp_num":{"type":"keyword","ignore_above":1024},"program":{"type":"keyword","ignore_above":1024},"real_data":{"type":"keyword","ignore_above":1024},"reason":{"type":"keyword","ignore_above":1024},"rec_asp_device":{"type":"keyword","ignore_above":1024},"rec_asp_num":{"type":"keyword","ignore_above":1024},"rec_library":{"type":"keyword","ignore_above":1024},"recordnum":{"type":"keyword","ignore_above":1024},"reference_id":{"type":"keyword","ignore_above":1024},"reference_id1":{"type":"keyword","ignore_above":1024},"reference_id2":{"type":"keyword","ignore_above":1024},"result":{"type":"keyword","ignore_above":1024},"result_code":{"type":"keyword","ignore_above":1024},"risk":{"type":"keyword","ignore_above":1024},"risk_info":{"type":"keyword","ignore_above":1024},"risk_num":{"type":"double"},"risk_num_comm":{"type":"double"},"risk_num_next":{"type":"double"},"risk_num_sand":{"type":"double"},"risk_num_static":{"type":"double"},"risk_suspicious":{"type":"keyword","ignore_above":1024},"risk_warning":{"type":"keyword","ignore_above":1024},"ruid":{"type":"keyword","ignore_above":1024},"rule":{"type":"keyword","ignore_above":1024},"rule_group":{"type":"keyword","ignore_above":1024},"rule_name":{"type":"keyword","ignore_above":1024},"rule_template":{"type":"keyword","ignore_above":1024},"rule_uid":{"type":"keyword","ignore_above":1024},"sburb":{"type":"keyword","ignore_above":1024},"sdomain_fld":{"type":"keyword","ignore_above":1024},"search_text":{"type":"keyword","ignore_above":1024},"sec":{"type":"keyword","ignore_above":1024},"second":{"type":"keyword","ignore_above":1024},"sensor":{"type":"keyword","ignore_above":1024},"sensorname":{"type":"keyword","ignore_above":1024},"seqnum":{"type":"keyword","ignore_above":1024},"serial_number":{"type":"keyword","ignore_above":1024},"session":{"type":"keyword","ignore_above":1024},"sessiontype":{"type":"keyword","ignore_above":1024},"severity":{"type":"keyword","ignore_above":1024},"sigUUID":{"type":"keyword","ignore_above":1024},"sig_id":{"type":"long"},"sig_id1":{"type":"long"},"sig_id_str":{"type":"keyword","ignore_above":1024},"sig_name":{"type":"keyword","ignore_above":1024},"sigcat":{"type":"keyword","ignore_above":1024},"snmp_oid":{"type":"keyword","ignore_above":1024},"snmp_value":{"type":"keyword","ignore_above":1024},"space":{"type":"keyword","ignore_above":1024},"space1":{"type":"keyword","ignore_above":1024},"spi":{"type":"keyword","ignore_above":1024},"spi_dst":{"type":"keyword","ignore_above":1024},"spi_src":{"type":"keyword","ignore_above":1024},"sql":{"type":"keyword","ignore_above":1024},"srcburb":{"type":"keyword","ignore_above":1024},"srcdom":{"type":"keyword","ignore_above":1024},"srcservice":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"status1":{"type":"keyword","ignore_above":1024},"streams":{"type":"long"},"subcategory":{"type":"keyword","ignore_above":1024},"svcno":{"type":"keyword","ignore_above":1024},"system":{"type":"keyword","ignore_above":1024},"tbdstr1":{"type":"keyword","ignore_above":1024},"tbdstr2":{"type":"keyword","ignore_above":1024},"tcp_flags":{"type":"long"},"terminal":{"type":"keyword","ignore_above":1024},"tgtdom":{"type":"keyword","ignore_above":1024},"tgtdomain":{"type":"keyword","ignore_above":1024},"threshold":{"type":"keyword","ignore_above":1024},"tos":{"type":"long"},"trigger_desc":{"type":"keyword","ignore_above":1024},"trigger_val":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"type1":{"type":"keyword","ignore_above":1024},"udb_class":{"type":"keyword","ignore_above":1024},"url_fld":{"type":"keyword","ignore_above":1024},"user_div":{"type":"keyword","ignore_above":1024},"userid":{"type":"keyword","ignore_above":1024},"username_fld":{"type":"keyword","ignore_above":1024},"utcstamp":{"type":"keyword","ignore_above":1024},"v_instafname":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024},"virt_data":{"type":"keyword","ignore_above":1024},"virusname":{"type":"keyword","ignore_above":1024},"vm_target":{"type":"keyword","ignore_above":1024},"vpnid":{"type":"keyword","ignore_above":1024},"vsys":{"type":"keyword","ignore_above":1024},"vuln_ref":{"type":"keyword","ignore_above":1024},"workspace":{"type":"keyword","ignore_above":1024}}},"network":{"properties":{"ad_computer_dst":{"type":"keyword","ignore_above":1024},"addr":{"type":"keyword","ignore_above":1024},"alias_host":{"type":"keyword","ignore_above":1024},"dinterface":{"type":"keyword","ignore_above":1024},"dmask":{"type":"keyword","ignore_above":1024},"dns_a_record":{"type":"keyword","ignore_above":1024},"dns_cname_record":{"type":"keyword","ignore_above":1024},"dns_id":{"type":"keyword","ignore_above":1024},"dns_opcode":{"type":"keyword","ignore_above":1024},"dns_ptr_record":{"type":"keyword","ignore_above":1024},"dns_resp":{"type":"keyword","ignore_above":1024},"dns_type":{"type":"keyword","ignore_above":1024},"domain":{"type":"keyword","ignore_above":1024},"domain1":{"type":"keyword","ignore_above":1024},"eth_host":{"type":"keyword","ignore_above":1024},"eth_type":{"type":"long"},"faddr":{"type":"keyword","ignore_above":1024},"fhost":{"type":"keyword","ignore_above":1024},"fport":{"type":"keyword","ignore_above":1024},"gateway":{"type":"keyword","ignore_above":1024},"host_dst":{"type":"keyword","ignore_above":1024},"host_orig":{"type":"keyword","ignore_above":1024},"host_type":{"type":"keyword","ignore_above":1024},"icmp_code":{"type":"long"},"icmp_type":{"type":"long"},"interface":{"type":"keyword","ignore_above":1024},"ip_proto":{"type":"long"},"laddr":{"type":"keyword","ignore_above":1024},"lhost":{"type":"keyword","ignore_above":1024},"linterface":{"type":"keyword","ignore_above":1024},"mask":{"type":"keyword","ignore_above":1024},"netname":{"type":"keyword","ignore_above":1024},"network_port":{"type":"long"},"network_service":{"type":"keyword","ignore_above":1024},"origin":{"type":"keyword","ignore_above":1024},"packet_length":{"type":"keyword","ignore_above":1024},"paddr":{"type":"ip"},"phost":{"type":"keyword","ignore_above":1024},"port":{"type":"long"},"protocol_detail":{"type":"keyword","ignore_above":1024},"remote_domain_id":{"type":"keyword","ignore_above":1024},"rpayload":{"type":"keyword","ignore_above":1024},"sinterface":{"type":"keyword","ignore_above":1024},"smask":{"type":"keyword","ignore_above":1024},"vlan":{"type":"long"},"vlan_name":{"type":"keyword","ignore_above":1024},"zone":{"type":"keyword","ignore_above":1024},"zone_dst":{"type":"keyword","ignore_above":1024},"zone_src":{"type":"keyword","ignore_above":1024}}},"physical":{"properties":{"org_dst":{"type":"keyword","ignore_above":1024},"org_src":{"type":"keyword","ignore_above":1024}}},"storage":{"properties":{"disk_volume":{"type":"keyword","ignore_above":1024},"lun":{"type":"keyword","ignore_above":1024},"pwwn":{"type":"keyword","ignore_above":1024}}},"threat":{"properties":{"alert":{"type":"keyword","ignore_above":1024},"threat_category":{"type":"keyword","ignore_above":1024},"threat_desc":{"type":"keyword","ignore_above":1024},"threat_source":{"type":"keyword","ignore_above":1024}}},"time":{"properties":{"date":{"type":"keyword","ignore_above":1024},"datetime":{"type":"keyword","ignore_above":1024},"day":{"type":"keyword","ignore_above":1024},"duration_str":{"type":"keyword","ignore_above":1024},"duration_time":{"type":"double"},"effective_time":{"type":"date"},"endtime":{"type":"date"},"event_queue_time":{"type":"date"},"event_time":{"type":"date"},"event_time_str":{"type":"keyword","ignore_above":1024},"eventtime":{"type":"keyword","ignore_above":1024},"expire_time":{"type":"date"},"expire_time_str":{"type":"keyword","ignore_above":1024},"gmtdate":{"type":"keyword","ignore_above":1024},"gmttime":{"type":"keyword","ignore_above":1024},"hour":{"type":"keyword","ignore_above":1024},"min":{"type":"keyword","ignore_above":1024},"month":{"type":"keyword","ignore_above":1024},"p_date":{"type":"keyword","ignore_above":1024},"p_month":{"type":"keyword","ignore_above":1024},"p_time":{"type":"keyword","ignore_above":1024},"p_time1":{"type":"keyword","ignore_above":1024},"p_time2":{"type":"keyword","ignore_above":1024},"p_year":{"type":"keyword","ignore_above":1024},"process_time":{"type":"keyword","ignore_above":1024},"recorded_time":{"type":"date"},"stamp":{"type":"date"},"starttime":{"type":"date"},"timestamp":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024},"tzone":{"type":"keyword","ignore_above":1024},"year":{"type":"keyword","ignore_above":1024}}},"web":{"properties":{"alias_host":{"type":"keyword","ignore_above":1024},"cn_asn_dst":{"type":"keyword","ignore_above":1024},"cn_rpackets":{"type":"keyword","ignore_above":1024},"fqdn":{"type":"keyword","ignore_above":1024},"p_url":{"type":"keyword","ignore_above":1024},"p_user_agent":{"type":"keyword","ignore_above":1024},"p_web_cookie":{"type":"keyword","ignore_above":1024},"p_web_method":{"type":"keyword","ignore_above":1024},"p_web_referer":{"type":"keyword","ignore_above":1024},"remote_domain":{"type":"keyword","ignore_above":1024},"reputation_num":{"type":"double"},"urlpage":{"type":"keyword","ignore_above":1024},"urlroot":{"type":"keyword","ignore_above":1024},"web_cookie":{"type":"keyword","ignore_above":1024},"web_extension_tmp":{"type":"keyword","ignore_above":1024},"web_page":{"type":"keyword","ignore_above":1024},"web_ref_domain":{"type":"keyword","ignore_above":1024},"web_ref_page":{"type":"keyword","ignore_above":1024},"web_ref_query":{"type":"keyword","ignore_above":1024},"web_ref_root":{"type":"keyword","ignore_above":1024}}},"wireless":{"properties":{"access_point":{"type":"keyword","ignore_above":1024},"wlan_channel":{"type":"long"},"wlan_name":{"type":"keyword","ignore_above":1024},"wlan_ssid":{"type":"keyword","ignore_above":1024}}}}},"rule":{"properties":{"author":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"license":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024},"ruleset":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"santa":{"properties":{"action":{"type":"keyword","ignore_above":1024},"certificate":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024}}},"decision":{"type":"keyword","ignore_above":1024},"disk":{"properties":{"bsdname":{"type":"keyword","ignore_above":1024},"bus":{"type":"keyword","ignore_above":1024},"fs":{"type":"keyword","ignore_above":1024},"model":{"type":"keyword","ignore_above":1024},"mount":{"type":"keyword","ignore_above":1024},"serial":{"type":"keyword","ignore_above":1024},"volume":{"type":"keyword","ignore_above":1024}}},"mode":{"type":"keyword","ignore_above":1024},"reason":{"type":"keyword","ignore_above":1024}}},"server":{"properties":{"address":{"type":"keyword","ignore_above":1024},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}}}},"bytes":{"type":"long"},"domain":{"type":"keyword","ignore_above":1024},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"mac":{"type":"keyword","ignore_above":1024},"nat":{"properties":{"ip":{"type":"ip"},"port":{"type":"long"}}},"packets":{"type":"long"},"port":{"type":"long"},"registered_domain":{"type":"keyword","ignore_above":1024},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"user":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"roles":{"type":"keyword","ignore_above":1024}}}}},"service":{"properties":{"address":{"type":"keyword","ignore_above":1024},"environment":{"type":"keyword","ignore_above":1024},"ephemeral_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"node":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"state":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"snyk":{"properties":{"audit":{"properties":{"content":{"type":"flattened"},"org_id":{"type":"keyword","ignore_above":1024},"project_id":{"type":"keyword","ignore_above":1024}}},"projects":{"type":"flattened"},"related":{"properties":{"projects":{"type":"keyword","ignore_above":1024}}},"vulnerabilities":{"properties":{"credit":{"type":"keyword","ignore_above":1024},"cvss3":{"type":"keyword","ignore_above":1024},"disclosure_time":{"type":"date"},"exploit_maturity":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"identifiers":{"properties":{"alternative":{"type":"keyword","ignore_above":1024},"cwe":{"type":"keyword","ignore_above":1024}}},"introduced_date":{"type":"date"},"is_fixed":{"type":"boolean"},"is_ignored":{"type":"boolean"},"is_patchable":{"type":"boolean"},"is_patched":{"type":"boolean"},"is_pinnable":{"type":"boolean"},"is_upgradable":{"type":"boolean"},"jira_issue_url":{"type":"keyword","ignore_above":1024},"language":{"type":"keyword","ignore_above":1024},"original_severity":{"type":"long"},"package":{"type":"keyword","ignore_above":1024},"package_manager":{"type":"keyword","ignore_above":1024},"patches":{"type":"flattened"},"priority_score":{"type":"long"},"publication_time":{"type":"date"},"reachability":{"type":"keyword","ignore_above":1024},"semver":{"type":"flattened"},"title":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"unique_severities_list":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}}}},"sophos":{"properties":{"xg":{"properties":{"Configuration":{"type":"float"},"Mode":{"type":"keyword","ignore_above":1024},"PHPSESSID":{"type":"keyword","ignore_above":1024},"Reports":{"type":"float"},"Signature":{"type":"float"},"SysLog_SERVER_NAME":{"type":"keyword","ignore_above":1024},"Temp":{"type":"float"},"action":{"type":"keyword","ignore_above":1024},"activityname":{"type":"keyword","ignore_above":1024},"ap":{"type":"keyword","ignore_above":1024},"app_is_cloud":{"type":"keyword","ignore_above":1024},"appfilter_policy_id":{"type":"long"},"application":{"type":"keyword","ignore_above":1024},"application_category":{"type":"keyword","ignore_above":1024},"application_filter_policy":{"type":"long"},"application_name":{"type":"keyword","ignore_above":1024},"application_risk":{"type":"keyword","ignore_above":1024},"application_technology":{"type":"keyword","ignore_above":1024},"appresolvedby":{"type":"keyword","ignore_above":1024},"auth_client":{"type":"keyword","ignore_above":1024},"auth_mechanism":{"type":"keyword","ignore_above":1024},"av_policy_name":{"type":"keyword","ignore_above":1024},"backup_mode":{"type":"keyword","ignore_above":1024},"branch_name":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"category_type":{"type":"keyword","ignore_above":1024},"classification":{"type":"keyword","ignore_above":1024},"client_host_name":{"type":"keyword","ignore_above":1024},"client_physical_address":{"type":"keyword","ignore_above":1024},"clients_conn_ssid":{"type":"keyword","ignore_above":1024},"collisions":{"type":"long"},"con_id":{"type":"long"},"conn_id":{"type":"long"},"connectionname":{"type":"keyword","ignore_above":1024},"connectiontype":{"type":"keyword","ignore_above":1024},"connevent":{"type":"keyword","ignore_above":1024},"connid":{"type":"keyword","ignore_above":1024},"contenttype":{"type":"keyword","ignore_above":1024},"context_match":{"type":"keyword","ignore_above":1024},"context_prefix":{"type":"keyword","ignore_above":1024},"context_suffix":{"type":"keyword","ignore_above":1024},"cookie":{"type":"keyword","ignore_above":1024},"date":{"type":"date"},"destinationip":{"type":"ip"},"device":{"type":"keyword","ignore_above":1024},"device_id":{"type":"keyword","ignore_above":1024},"device_name":{"type":"keyword","ignore_above":1024},"dictionary_name":{"type":"keyword","ignore_above":1024},"dir_disp":{"type":"keyword","ignore_above":1024},"direction":{"type":"keyword","ignore_above":1024},"domainname":{"type":"keyword","ignore_above":1024},"download_file_name":{"type":"keyword","ignore_above":1024},"download_file_type":{"type":"keyword","ignore_above":1024},"dst_country_code":{"type":"keyword","ignore_above":1024},"dst_domainname":{"type":"keyword","ignore_above":1024},"dst_ip":{"type":"ip"},"dst_port":{"type":"long"},"dstdomain":{"type":"keyword","ignore_above":1024},"dstzone":{"type":"keyword","ignore_above":1024},"dstzonetype":{"type":"keyword","ignore_above":1024},"duration":{"type":"long"},"email_subject":{"type":"keyword","ignore_above":1024},"ep_uuid":{"type":"keyword","ignore_above":1024},"eventid":{"type":"keyword","ignore_above":1024},"eventtime":{"type":"date"},"eventtype":{"type":"keyword","ignore_above":1024},"exceptions":{"type":"keyword","ignore_above":1024},"execution_path":{"type":"keyword","ignore_above":1024},"extra":{"type":"keyword","ignore_above":1024},"file_name":{"type":"keyword","ignore_above":1024},"file_path":{"type":"keyword","ignore_above":1024},"file_size":{"type":"long"},"filename":{"type":"keyword","ignore_above":1024},"filepath":{"type":"keyword","ignore_above":1024},"filesize":{"type":"long"},"free":{"type":"long"},"from_email_address":{"type":"keyword","ignore_above":1024},"ftp_direction":{"type":"keyword","ignore_above":1024},"ftp_url":{"type":"keyword","ignore_above":1024},"ftpcommand":{"type":"keyword","ignore_above":1024},"fw_rule_id":{"type":"long"},"hb_health":{"type":"keyword","ignore_above":1024},"host":{"type":"keyword","ignore_above":1024},"httpresponsecode":{"type":"long"},"iap":{"type":"keyword","ignore_above":1024},"icmp_code":{"type":"keyword","ignore_above":1024},"icmp_type":{"type":"keyword","ignore_above":1024},"idle_cpu":{"type":"float"},"idp_policy_id":{"type":"long"},"idp_policy_name":{"type":"keyword","ignore_above":1024},"in_interface":{"type":"keyword","ignore_above":1024},"interface":{"type":"keyword","ignore_above":1024},"ipaddress":{"type":"keyword","ignore_above":1024},"ips_policy_id":{"type":"long"},"localgateway":{"type":"keyword","ignore_above":1024},"localnetwork":{"type":"keyword","ignore_above":1024},"log_component":{"type":"keyword","ignore_above":1024},"log_id":{"type":"keyword","ignore_above":1024},"log_subtype":{"type":"keyword","ignore_above":1024},"log_type":{"type":"keyword","ignore_above":1024},"login_user":{"type":"keyword","ignore_above":1024},"mailid":{"type":"keyword","ignore_above":1024},"mailsize":{"type":"long"},"message":{"type":"keyword","ignore_above":1024},"message_id":{"type":"keyword","ignore_above":1024},"newversion":{"type":"keyword","ignore_above":1024},"oldversion":{"type":"keyword","ignore_above":1024},"out_interface":{"type":"keyword","ignore_above":1024},"override_authorizer":{"type":"keyword","ignore_above":1024},"override_name":{"type":"keyword","ignore_above":1024},"override_token":{"type":"keyword","ignore_above":1024},"platform":{"type":"keyword","ignore_above":1024},"policy_type":{"type":"keyword","ignore_above":1024},"priority":{"type":"keyword","ignore_above":1024},"protocol":{"type":"keyword","ignore_above":1024},"quarantine":{"type":"keyword","ignore_above":1024},"quarantine_reason":{"type":"keyword","ignore_above":1024},"querystring":{"type":"keyword","ignore_above":1024},"raw_data":{"type":"keyword","ignore_above":1024},"reason":{"type":"keyword","ignore_above":1024},"received_pkts":{"type":"long"},"receiveddrops":{"type":"long"},"receivederrors":{"type":"keyword","ignore_above":1024},"receivedkbits":{"type":"long"},"recv_bytes":{"type":"long"},"red_id":{"type":"keyword","ignore_above":1024},"referer":{"type":"keyword","ignore_above":1024},"remote_ip":{"type":"ip"},"remotenetwork":{"type":"keyword","ignore_above":1024},"responsetime":{"type":"long"},"rule_priority":{"type":"keyword","ignore_above":1024},"sent_bytes":{"type":"long"},"sent_pkts":{"type":"long"},"server":{"type":"keyword","ignore_above":1024},"sessionid":{"type":"keyword","ignore_above":1024},"sha1sum":{"type":"keyword","ignore_above":1024},"signature_id":{"type":"keyword","ignore_above":1024},"signature_msg":{"type":"keyword","ignore_above":1024},"site_category":{"type":"keyword","ignore_above":1024},"source":{"type":"keyword","ignore_above":1024},"sourceip":{"type":"ip"},"spamaction":{"type":"keyword","ignore_above":1024},"sqli":{"type":"keyword","ignore_above":1024},"src_country_code":{"type":"keyword","ignore_above":1024},"src_domainname":{"type":"keyword","ignore_above":1024},"src_ip":{"type":"ip"},"src_mac":{"type":"keyword","ignore_above":1024},"src_port":{"type":"long"},"srczone":{"type":"keyword","ignore_above":1024},"srczonetype":{"type":"keyword","ignore_above":1024},"ssid":{"type":"keyword","ignore_above":1024},"start_time":{"type":"date"},"starttime":{"type":"date"},"status":{"type":"keyword","ignore_above":1024},"status_code":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024},"system_cpu":{"type":"float"},"target":{"type":"keyword","ignore_above":1024},"threatname":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"timezone":{"type":"keyword","ignore_above":1024},"to_email_address":{"type":"keyword","ignore_above":1024},"total_memory":{"type":"long"},"trans_dst_ip":{"type":"ip"},"trans_dst_port":{"type":"long"},"trans_src_ip":{"type":"ip"},"trans_src_port":{"type":"long"},"transaction_id":{"type":"keyword","ignore_above":1024},"transactionid":{"type":"keyword","ignore_above":1024},"transmitteddrops":{"type":"long"},"transmittederrors":{"type":"keyword","ignore_above":1024},"transmittedkbits":{"type":"long"},"unit":{"type":"keyword","ignore_above":1024},"updatedip":{"type":"ip"},"upload_file_name":{"type":"keyword","ignore_above":1024},"upload_file_type":{"type":"keyword","ignore_above":1024},"url":{"type":"keyword","ignore_above":1024},"used":{"type":"long"},"user":{"type":"keyword","ignore_above":1024},"user_cpu":{"type":"float"},"user_gp":{"type":"keyword","ignore_above":1024},"user_group":{"type":"keyword","ignore_above":1024},"user_name":{"type":"keyword","ignore_above":1024},"users":{"type":"keyword","ignore_above":1024},"vconn_id":{"type":"long"},"virus":{"type":"keyword","ignore_above":1024},"website":{"type":"keyword","ignore_above":1024},"xss":{"type":"keyword","ignore_above":1024}}}}},"source":{"properties":{"address":{"type":"keyword","ignore_above":1024},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}}}},"bytes":{"type":"long"},"domain":{"type":"keyword","ignore_above":1024},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"mac":{"type":"keyword","ignore_above":1024},"nat":{"properties":{"ip":{"type":"ip"},"port":{"type":"long"}}},"packets":{"type":"long"},"port":{"type":"long"},"registered_domain":{"type":"keyword","ignore_above":1024},"service":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"user":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"roles":{"type":"keyword","ignore_above":1024}}}}},"span":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"stream":{"type":"keyword","ignore_above":1024},"suricata":{"properties":{"eve":{"properties":{"alert":{"properties":{"affected_product":{"type":"keyword","ignore_above":1024},"attack_target":{"type":"keyword","ignore_above":1024},"capec_id":{"type":"keyword","ignore_above":1024},"category":{"type":"keyword","ignore_above":1024},"classtype":{"type":"keyword","ignore_above":1024},"created_at":{"type":"date"},"cve":{"type":"keyword","ignore_above":1024},"cvss_v2_base":{"type":"keyword","ignore_above":1024},"cvss_v2_temporal":{"type":"keyword","ignore_above":1024},"cvss_v3_base":{"type":"keyword","ignore_above":1024},"cvss_v3_temporal":{"type":"keyword","ignore_above":1024},"cwe_id":{"type":"keyword","ignore_above":1024},"deployment":{"type":"keyword","ignore_above":1024},"former_category":{"type":"keyword","ignore_above":1024},"gid":{"type":"long"},"hostile":{"type":"keyword","ignore_above":1024},"infected":{"type":"keyword","ignore_above":1024},"malware":{"type":"keyword","ignore_above":1024},"metadata":{"type":"flattened"},"mitre_tool_id":{"type":"keyword","ignore_above":1024},"performance_impact":{"type":"keyword","ignore_above":1024},"priority":{"type":"keyword","ignore_above":1024},"protocols":{"type":"keyword","ignore_above":1024},"rev":{"type":"long"},"rule_source":{"type":"keyword","ignore_above":1024},"sid":{"type":"keyword","ignore_above":1024},"signature":{"type":"keyword","ignore_above":1024},"signature_id":{"type":"long"},"signature_severity":{"type":"keyword","ignore_above":1024},"tag":{"type":"keyword","ignore_above":1024},"updated_at":{"type":"date"}}},"app_proto_expected":{"type":"keyword","ignore_above":1024},"app_proto_orig":{"type":"keyword","ignore_above":1024},"app_proto_tc":{"type":"keyword","ignore_above":1024},"app_proto_ts":{"type":"keyword","ignore_above":1024},"community_id":{"type":"keyword","ignore_above":1024},"dns":{"properties":{"id":{"type":"long"},"query":{"properties":{"id":{"type":"long"},"rrname":{"type":"keyword","ignore_above":1024},"rrtype":{"type":"keyword","ignore_above":1024},"tx_id":{"type":"long"},"type":{"type":"keyword","ignore_above":1024}}},"rcode":{"type":"keyword","ignore_above":1024},"rdata":{"type":"keyword","ignore_above":1024},"rrname":{"type":"keyword","ignore_above":1024},"rrtype":{"type":"keyword","ignore_above":1024},"ttl":{"type":"long"},"tx_id":{"type":"long"},"type":{"type":"keyword","ignore_above":1024}}},"email":{"properties":{"status":{"type":"keyword","ignore_above":1024}}},"ether":{"type":"object"},"event_type":{"type":"keyword","ignore_above":1024},"fileinfo":{"properties":{"gaps":{"type":"boolean"},"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024},"stored":{"type":"boolean"},"tx_id":{"type":"long"}}},"flow":{"properties":{"age":{"type":"long"},"alerted":{"type":"boolean"},"reason":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024}}},"flow_id":{"type":"keyword","ignore_above":1024},"http":{"properties":{"http_content_type":{"type":"keyword","ignore_above":1024},"protocol":{"type":"keyword","ignore_above":1024},"redirect":{"type":"keyword","ignore_above":1024}}},"icmp_code":{"type":"long"},"icmp_type":{"type":"long"},"in_iface":{"type":"keyword","ignore_above":1024},"metadata":{"properties":{"flowbits":{"type":"keyword","ignore_above":1024}}},"payload":{"type":"keyword","ignore_above":1024},"payload_printable":{"type":"keyword","ignore_above":1024},"pcap_cnt":{"type":"long"},"smtp":{"properties":{"helo":{"type":"keyword","ignore_above":1024},"mail_from":{"type":"keyword","ignore_above":1024},"rcpt_to":{"type":"keyword","ignore_above":1024}}},"ssh":{"properties":{"client":{"properties":{"proto_version":{"type":"keyword","ignore_above":1024},"software_version":{"type":"keyword","ignore_above":1024}}},"server":{"properties":{"proto_version":{"type":"keyword","ignore_above":1024},"software_version":{"type":"keyword","ignore_above":1024}}}}},"stats":{"properties":{"app_layer":{"properties":{"flow":{"properties":{"dcerpc_tcp":{"type":"long"},"dcerpc_udp":{"type":"long"},"dns_tcp":{"type":"long"},"dns_udp":{"type":"long"},"failed_tcp":{"type":"long"},"failed_udp":{"type":"long"},"ftp":{"type":"long"},"http":{"type":"long"},"imap":{"type":"long"},"msn":{"type":"long"},"smb":{"type":"long"},"smtp":{"type":"long"},"ssh":{"type":"long"},"tls":{"type":"long"}}},"tx":{"properties":{"dcerpc_tcp":{"type":"long"},"dcerpc_udp":{"type":"long"},"dns_tcp":{"type":"long"},"dns_udp":{"type":"long"},"ftp":{"type":"long"},"http":{"type":"long"},"smb":{"type":"long"},"smtp":{"type":"long"},"ssh":{"type":"long"},"tls":{"type":"long"}}}}},"capture":{"properties":{"kernel_drops":{"type":"long"},"kernel_ifdrops":{"type":"long"},"kernel_packets":{"type":"long"}}},"decoder":{"properties":{"avg_pkt_size":{"type":"long"},"bytes":{"type":"long"},"dce":{"properties":{"pkt_too_small":{"type":"long"}}},"erspan":{"type":"long"},"ethernet":{"type":"long"},"gre":{"type":"long"},"icmpv4":{"type":"long"},"icmpv6":{"type":"long"},"ieee8021ah":{"type":"long"},"invalid":{"type":"long"},"ipraw":{"properties":{"invalid_ip_version":{"type":"long"}}},"ipv4":{"type":"long"},"ipv4_in_ipv6":{"type":"long"},"ipv6":{"type":"long"},"ipv6_in_ipv6":{"type":"long"},"ltnull":{"properties":{"pkt_too_small":{"type":"long"},"unsupported_type":{"type":"long"}}},"max_pkt_size":{"type":"long"},"mpls":{"type":"long"},"null":{"type":"long"},"pkts":{"type":"long"},"ppp":{"type":"long"},"pppoe":{"type":"long"},"raw":{"type":"long"},"sctp":{"type":"long"},"sll":{"type":"long"},"tcp":{"type":"long"},"teredo":{"type":"long"},"udp":{"type":"long"},"vlan":{"type":"long"},"vlan_qinq":{"type":"long"}}},"defrag":{"properties":{"ipv4":{"properties":{"fragments":{"type":"long"},"reassembled":{"type":"long"},"timeouts":{"type":"long"}}},"ipv6":{"properties":{"fragments":{"type":"long"},"reassembled":{"type":"long"},"timeouts":{"type":"long"}}},"max_frag_hits":{"type":"long"}}},"detect":{"properties":{"alert":{"type":"long"}}},"dns":{"properties":{"memcap_global":{"type":"long"},"memcap_state":{"type":"long"},"memuse":{"type":"long"}}},"file_store":{"properties":{"open_files":{"type":"long"}}},"flow":{"properties":{"emerg_mode_entered":{"type":"long"},"emerg_mode_over":{"type":"long"},"icmpv4":{"type":"long"},"icmpv6":{"type":"long"},"memcap":{"type":"long"},"memuse":{"type":"long"},"spare":{"type":"long"},"tcp":{"type":"long"},"tcp_reuse":{"type":"long"},"udp":{"type":"long"}}},"flow_mgr":{"properties":{"bypassed_pruned":{"type":"long"},"closed_pruned":{"type":"long"},"est_pruned":{"type":"long"},"flows_checked":{"type":"long"},"flows_notimeout":{"type":"long"},"flows_removed":{"type":"long"},"flows_timeout":{"type":"long"},"flows_timeout_inuse":{"type":"long"},"new_pruned":{"type":"long"},"rows_busy":{"type":"long"},"rows_checked":{"type":"long"},"rows_empty":{"type":"long"},"rows_maxlen":{"type":"long"},"rows_skipped":{"type":"long"}}},"http":{"properties":{"memcap":{"type":"long"},"memuse":{"type":"long"}}},"tcp":{"properties":{"insert_data_normal_fail":{"type":"long"},"insert_data_overlap_fail":{"type":"long"},"insert_list_fail":{"type":"long"},"invalid_checksum":{"type":"long"},"memuse":{"type":"long"},"no_flow":{"type":"long"},"overlap":{"type":"long"},"overlap_diff_data":{"type":"long"},"pseudo":{"type":"long"},"pseudo_failed":{"type":"long"},"reassembly_gap":{"type":"long"},"reassembly_memuse":{"type":"long"},"rst":{"type":"long"},"segment_memcap_drop":{"type":"long"},"sessions":{"type":"long"},"ssn_memcap_drop":{"type":"long"},"stream_depth_reached":{"type":"long"},"syn":{"type":"long"},"synack":{"type":"long"}}},"uptime":{"type":"long"}}},"stream":{"type":"long"},"tcp":{"properties":{"ack":{"type":"boolean"},"fin":{"type":"boolean"},"psh":{"type":"boolean"},"rst":{"type":"boolean"},"state":{"type":"keyword","ignore_above":1024},"syn":{"type":"boolean"},"tcp_flags":{"type":"keyword","ignore_above":1024},"tcp_flags_tc":{"type":"keyword","ignore_above":1024},"tcp_flags_ts":{"type":"keyword","ignore_above":1024}}},"tls":{"properties":{"fingerprint":{"type":"keyword","ignore_above":1024},"issuerdn":{"type":"keyword","ignore_above":1024},"ja3":{"properties":{"hash":{"type":"keyword","ignore_above":1024},"string":{"type":"keyword","ignore_above":1024}}},"ja3s":{"properties":{"hash":{"type":"keyword","ignore_above":1024},"string":{"type":"keyword","ignore_above":1024}}},"notafter":{"type":"date"},"notbefore":{"type":"date"},"serial":{"type":"keyword","ignore_above":1024},"session_resumed":{"type":"boolean"},"sni":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"tx_id":{"type":"long"},"vlan":{"type":"long"}}}}},"syslog":{"properties":{"facility":{"type":"long"},"facility_label":{"type":"keyword","ignore_above":1024},"priority":{"type":"long"},"severity_label":{"type":"keyword","ignore_above":1024}}},"system":{"properties":{"auth":{"properties":{"ssh":{"properties":{"dropped_ip":{"type":"ip"},"event":{"type":"keyword","ignore_above":1024},"method":{"type":"keyword","ignore_above":1024},"signature":{"type":"keyword","ignore_above":1024}}},"sudo":{"properties":{"command":{"type":"keyword","ignore_above":1024},"error":{"type":"keyword","ignore_above":1024},"pwd":{"type":"keyword","ignore_above":1024},"tty":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024}}},"useradd":{"properties":{"home":{"type":"keyword","ignore_above":1024},"shell":{"type":"keyword","ignore_above":1024}}}}}}},"tags":{"type":"keyword","ignore_above":1024},"threat":{"properties":{"enrichments":{"type":"nested","properties":{"indicator":{"properties":{"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}}}},"confidence":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"email":{"properties":{"address":{"type":"keyword","ignore_above":1024}}},"file":{"properties":{"accessed":{"type":"date"},"attributes":{"type":"keyword","ignore_above":1024},"code_signature":{"properties":{"digest_algorithm":{"type":"keyword","ignore_above":1024},"exists":{"type":"boolean"},"signing_id":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"subject_name":{"type":"keyword","ignore_above":1024},"team_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"trusted":{"type":"boolean"},"valid":{"type":"boolean"}}},"created":{"type":"date"},"ctime":{"type":"date"},"device":{"type":"keyword","ignore_above":1024},"directory":{"type":"keyword","ignore_above":1024},"drive_letter":{"type":"keyword","ignore_above":1},"elf":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"byte_order":{"type":"keyword","ignore_above":1024},"cpu_type":{"type":"keyword","ignore_above":1024},"creation_date":{"type":"date"},"exports":{"type":"flattened"},"header":{"properties":{"abi_version":{"type":"keyword","ignore_above":1024},"class":{"type":"keyword","ignore_above":1024},"data":{"type":"keyword","ignore_above":1024},"entrypoint":{"type":"long"},"object_version":{"type":"keyword","ignore_above":1024},"os_abi":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"imports":{"type":"flattened"},"sections":{"type":"nested","properties":{"chi2":{"type":"long"},"entropy":{"type":"long"},"flags":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"physical_offset":{"type":"keyword","ignore_above":1024},"physical_size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"virtual_address":{"type":"long"},"virtual_size":{"type":"long"}}},"segments":{"type":"nested","properties":{"sections":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"shared_libraries":{"type":"keyword","ignore_above":1024},"telfhash":{"type":"keyword","ignore_above":1024}}},"extension":{"type":"keyword","ignore_above":1024},"fork_name":{"type":"keyword","ignore_above":1024},"gid":{"type":"keyword","ignore_above":1024},"group":{"type":"keyword","ignore_above":1024},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"sha512":{"type":"keyword","ignore_above":1024},"ssdeep":{"type":"keyword","ignore_above":1024}}},"inode":{"type":"keyword","ignore_above":1024},"mime_type":{"type":"keyword","ignore_above":1024},"mode":{"type":"keyword","ignore_above":1024},"mtime":{"type":"date"},"name":{"type":"keyword","ignore_above":1024},"owner":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"pe":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"company":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"file_version":{"type":"keyword","ignore_above":1024},"imphash":{"type":"keyword","ignore_above":1024},"original_file_name":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024}}},"size":{"type":"long"},"target_path":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"type":{"type":"keyword","ignore_above":1024},"uid":{"type":"keyword","ignore_above":1024}}},"first_seen":{"type":"date"},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"last_seen":{"type":"date"},"marking":{"properties":{"tlp":{"type":"keyword","ignore_above":1024}}},"modified_at":{"type":"date"},"port":{"type":"long"},"provider":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024},"registry":{"properties":{"data":{"properties":{"bytes":{"type":"keyword","ignore_above":1024},"strings":{"type":"wildcard","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"hive":{"type":"keyword","ignore_above":1024},"key":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"scanner_stats":{"type":"long"},"sightings":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"url":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"extension":{"type":"keyword","ignore_above":1024},"fragment":{"type":"keyword","ignore_above":1024},"full":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"original":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"password":{"type":"keyword","ignore_above":1024},"path":{"type":"wildcard","ignore_above":1024},"port":{"type":"long"},"query":{"type":"keyword","ignore_above":1024},"registered_domain":{"type":"keyword","ignore_above":1024},"scheme":{"type":"keyword","ignore_above":1024},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"username":{"type":"keyword","ignore_above":1024}}},"x509":{"properties":{"alternative_names":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"not_after":{"type":"date"},"not_before":{"type":"date"},"public_key_algorithm":{"type":"keyword","ignore_above":1024},"public_key_curve":{"type":"keyword","ignore_above":1024},"public_key_exponent":{"type":"long","index":false,"doc_values":false},"public_key_size":{"type":"long"},"serial_number":{"type":"keyword","ignore_above":1024},"signature_algorithm":{"type":"keyword","ignore_above":1024},"subject":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"version_number":{"type":"keyword","ignore_above":1024}}}}},"matched":{"properties":{"atomic":{"type":"keyword","ignore_above":1024},"field":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"index":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}}}},"framework":{"type":"keyword","ignore_above":1024},"group":{"properties":{"alias":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024}}},"indicator":{"properties":{"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}}}}}},"confidence":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"email":{"properties":{"address":{"type":"keyword","ignore_above":1024}}},"file":{"properties":{"accessed":{"type":"date"},"attributes":{"type":"keyword","ignore_above":1024},"code_signature":{"properties":{"digest_algorithm":{"type":"keyword","ignore_above":1024},"exists":{"type":"boolean"},"signing_id":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"subject_name":{"type":"keyword","ignore_above":1024},"team_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"trusted":{"type":"boolean"},"valid":{"type":"boolean"}}},"created":{"type":"date"},"ctime":{"type":"date"},"device":{"type":"keyword","ignore_above":1024},"directory":{"type":"keyword","ignore_above":1024},"drive_letter":{"type":"keyword","ignore_above":1},"elf":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"byte_order":{"type":"keyword","ignore_above":1024},"cpu_type":{"type":"keyword","ignore_above":1024},"creation_date":{"type":"date"},"exports":{"type":"flattened"},"header":{"properties":{"abi_version":{"type":"keyword","ignore_above":1024},"class":{"type":"keyword","ignore_above":1024},"data":{"type":"keyword","ignore_above":1024},"entrypoint":{"type":"long"},"object_version":{"type":"keyword","ignore_above":1024},"os_abi":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"imports":{"type":"flattened"},"sections":{"type":"nested","properties":{"chi2":{"type":"long"},"entropy":{"type":"long"},"flags":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"physical_offset":{"type":"keyword","ignore_above":1024},"physical_size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"virtual_address":{"type":"long"},"virtual_size":{"type":"long"}}},"segments":{"type":"nested","properties":{"sections":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"shared_libraries":{"type":"keyword","ignore_above":1024},"telfhash":{"type":"keyword","ignore_above":1024}}},"extension":{"type":"keyword","ignore_above":1024},"fork_name":{"type":"keyword","ignore_above":1024},"gid":{"type":"keyword","ignore_above":1024},"group":{"type":"keyword","ignore_above":1024},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"sha512":{"type":"keyword","ignore_above":1024},"ssdeep":{"type":"keyword","ignore_above":1024}}},"inode":{"type":"keyword","ignore_above":1024},"mime_type":{"type":"keyword","ignore_above":1024},"mode":{"type":"keyword","ignore_above":1024},"mtime":{"type":"date"},"name":{"type":"keyword","ignore_above":1024},"owner":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"pe":{"properties":{"architecture":{"type":"keyword","ignore_above":1024},"company":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"file_version":{"type":"keyword","ignore_above":1024},"imphash":{"type":"keyword","ignore_above":1024},"original_file_name":{"type":"keyword","ignore_above":1024},"product":{"type":"keyword","ignore_above":1024}}},"size":{"type":"long"},"target_path":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"type":{"type":"keyword","ignore_above":1024},"uid":{"type":"keyword","ignore_above":1024}}},"first_seen":{"type":"date"},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_code":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"name":{"type":"keyword","ignore_above":1024},"postal_code":{"type":"keyword","ignore_above":1024},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"last_seen":{"type":"date"},"marking":{"properties":{"tlp":{"type":"keyword","ignore_above":1024}}},"modified_at":{"type":"date"},"port":{"type":"long"},"provider":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024},"registry":{"properties":{"data":{"properties":{"bytes":{"type":"keyword","ignore_above":1024},"strings":{"type":"wildcard","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"hive":{"type":"keyword","ignore_above":1024},"key":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"scanner_stats":{"type":"long"},"sightings":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"url":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"extension":{"type":"keyword","ignore_above":1024},"fragment":{"type":"keyword","ignore_above":1024},"full":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"original":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"password":{"type":"keyword","ignore_above":1024},"path":{"type":"wildcard","ignore_above":1024},"port":{"type":"long"},"query":{"type":"keyword","ignore_above":1024},"registered_domain":{"type":"keyword","ignore_above":1024},"scheme":{"type":"keyword","ignore_above":1024},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"username":{"type":"keyword","ignore_above":1024}}},"x509":{"properties":{"alternative_names":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"not_after":{"type":"date"},"not_before":{"type":"date"},"public_key_algorithm":{"type":"keyword","ignore_above":1024},"public_key_curve":{"type":"keyword","ignore_above":1024},"public_key_exponent":{"type":"long","index":false,"doc_values":false},"public_key_size":{"type":"long"},"serial_number":{"type":"keyword","ignore_above":1024},"signature_algorithm":{"type":"keyword","ignore_above":1024},"subject":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"version_number":{"type":"keyword","ignore_above":1024}}}}},"software":{"properties":{"alias":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"platforms":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"tactic":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024}}},"technique":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"reference":{"type":"keyword","ignore_above":1024},"subtechnique":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"reference":{"type":"keyword","ignore_above":1024}}}}}}},"threatintel":{"properties":{"abusemalware":{"properties":{"file_type":{"type":"keyword","ignore_above":1024},"signature":{"type":"keyword","ignore_above":1024},"urlhaus_download":{"type":"keyword","ignore_above":1024},"virustotal":{"properties":{"link":{"type":"keyword","ignore_above":1024},"percent":{"type":"float"},"result":{"type":"keyword","ignore_above":1024}}}}},"abuseurl":{"properties":{"blacklists":{"properties":{"spamhaus_dbl":{"type":"keyword","ignore_above":1024},"surbl":{"type":"keyword","ignore_above":1024}}},"id":{"type":"keyword","ignore_above":1024},"larted":{"type":"boolean"},"reporter":{"type":"keyword","ignore_above":1024},"tags":{"type":"keyword","ignore_above":1024},"threat":{"type":"keyword","ignore_above":1024},"url_status":{"type":"keyword","ignore_above":1024},"urlhaus_reference":{"type":"keyword","ignore_above":1024}}},"anomali":{"properties":{"content":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"indicator":{"type":"keyword","ignore_above":1024},"labels":{"type":"keyword","ignore_above":1024},"modified":{"type":"date"},"name":{"type":"keyword","ignore_above":1024},"object_marking_refs":{"type":"keyword","ignore_above":1024},"pattern":{"type":"keyword","ignore_above":1024},"title":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"valid_from":{"type":"date"}}},"anomalithreatstream":{"properties":{"classification":{"type":"keyword","ignore_above":1024},"confidence":{"type":"short"},"detail2":{"type":"text","norms":false},"id":{"type":"keyword","ignore_above":1024},"import_session_id":{"type":"keyword","ignore_above":1024},"itype":{"type":"keyword","ignore_above":1024},"maltype":{"type":"wildcard","ignore_above":1024},"md5":{"type":"keyword","ignore_above":1024},"resource_uri":{"type":"keyword","ignore_above":1024},"severity":{"type":"keyword","ignore_above":1024},"source":{"type":"keyword","ignore_above":1024},"source_feed_id":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024},"trusted_circle_ids":{"type":"keyword","ignore_above":1024},"update_id":{"type":"keyword","ignore_above":1024},"url":{"type":"keyword","ignore_above":1024},"value_type":{"type":"keyword","ignore_above":1024}}},"indicator":{"properties":{"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}}}}}},"confidence":{"type":"keyword","ignore_above":1024},"dataset":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"email":{"properties":{"address":{"type":"keyword","ignore_above":1024}}},"file":{"properties":{"extension":{"type":"keyword","ignore_above":1024},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"sha384":{"type":"keyword","ignore_above":1024},"sha512":{"type":"keyword","ignore_above":1024},"ssdeep":{"type":"keyword","ignore_above":1024},"tlsh":{"type":"keyword","ignore_above":1024}}},"mime_type":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"pe":{"properties":{"imphash":{"type":"keyword","ignore_above":1024}}},"size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024}}},"first_seen":{"type":"date"},"geo":{"properties":{"city_name":{"type":"keyword","ignore_above":1024},"continent_name":{"type":"keyword","ignore_above":1024},"country_iso_code":{"type":"keyword","ignore_above":1024},"country_name":{"type":"keyword","ignore_above":1024},"location":{"type":"geo_point"},"region_iso_code":{"type":"keyword","ignore_above":1024},"region_name":{"type":"keyword","ignore_above":1024}}},"ip":{"type":"ip"},"last_seen":{"type":"date"},"marking":{"properties":{"tlp":{"type":"keyword","ignore_above":1024}}},"matched":{"properties":{"atomic":{"type":"keyword","ignore_above":1024},"field":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"module":{"type":"keyword","ignore_above":1024},"port":{"type":"long"},"provider":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024},"registry":{"properties":{"data":{"properties":{"strings":{"type":"keyword","ignore_above":1024}}},"key":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"scanner_stats":{"type":"long"},"sightings":{"type":"long"},"signature":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"url":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"extension":{"type":"keyword","ignore_above":1024},"fragment":{"type":"keyword","ignore_above":1024},"full":{"type":"keyword","ignore_above":1024},"original":{"type":"keyword","ignore_above":1024},"password":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"port":{"type":"long"},"query":{"type":"keyword","ignore_above":1024},"registered_domain":{"type":"keyword","ignore_above":1024},"scheme":{"type":"keyword","ignore_above":1024},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"username":{"type":"keyword","ignore_above":1024}}},"x509":{"properties":{"alternative_names":{"type":"keyword","ignore_above":1024},"issuer":{"type":"keyword","ignore_above":1024},"serial_number":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024}}}}},"malwarebazaar":{"properties":{"anonymous":{"type":"long"},"code_sign":{"type":"keyword","ignore_above":1024},"file_type":{"type":"keyword","ignore_above":1024},"intelligence":{"properties":{"downloads":{"type":"long"},"mail":{"properties":{"Generic":{"type":"keyword","ignore_above":1024},"IT":{"type":"keyword","ignore_above":1024}}},"uploads":{"type":"long"}}},"signature":{"type":"keyword","ignore_above":1024},"tags":{"type":"keyword","ignore_above":1024}}},"misp":{"properties":{"attribute":{"properties":{"category":{"type":"keyword","ignore_above":1024},"comment":{"type":"keyword","ignore_above":1024},"deleted":{"type":"boolean"},"disable_correlation":{"type":"boolean"},"distribution":{"type":"long"},"event_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"object_id":{"type":"keyword","ignore_above":1024},"object_relation":{"type":"keyword","ignore_above":1024},"sharing_group_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"to_ids":{"type":"boolean"},"type":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"attribute_count":{"type":"long"},"context":{"properties":{"attribute":{"properties":{"category":{"type":"keyword","ignore_above":1024},"comment":{"type":"keyword","ignore_above":1024},"deleted":{"type":"boolean"},"disable_correlation":{"type":"boolean"},"distribution":{"type":"long"},"event_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"object_id":{"type":"keyword","ignore_above":1024},"object_relation":{"type":"keyword","ignore_above":1024},"sharing_group_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"to_ids":{"type":"boolean"},"type":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}}}},"date":{"type":"date"},"disable_correlation":{"type":"boolean"},"distribution":{"type":"keyword","ignore_above":1024},"extends_uuid":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"info":{"type":"keyword","ignore_above":1024},"locked":{"type":"boolean"},"org":{"properties":{"id":{"type":"keyword","ignore_above":1024},"local":{"type":"boolean"},"name":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024}}},"org_id":{"type":"keyword","ignore_above":1024},"orgc":{"properties":{"id":{"type":"keyword","ignore_above":1024},"local":{"type":"boolean"},"name":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024}}},"orgc_id":{"type":"keyword","ignore_above":1024},"proposal_email_lock":{"type":"boolean"},"publish_timestamp":{"type":"date"},"published":{"type":"boolean"},"sharing_group_id":{"type":"keyword","ignore_above":1024},"threat_level_id":{"type":"long"},"timestamp":{"type":"date"},"uuid":{"type":"keyword","ignore_above":1024}}},"otx":{"properties":{"content":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"indicator":{"type":"keyword","ignore_above":1024},"title":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"recordedfuture":{"properties":{"entity":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"intelCard":{"type":"keyword","ignore_above":1024},"ip_range":{"type":"ip_range"},"risk":{"properties":{"criticality":{"type":"byte"},"criticalityLabel":{"type":"keyword","ignore_above":1024},"evidenceDetails":{"type":"flattened"},"riskString":{"type":"keyword","ignore_above":1024},"riskSummary":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"text","norms":false}}},"rules":{"type":"long"},"score":{"type":"short"}}}}}}},"timeseries":{"properties":{"instance":{"type":"keyword","ignore_above":1024}}},"tls":{"properties":{"cipher":{"type":"keyword","ignore_above":1024},"client":{"properties":{"certificate":{"type":"keyword","ignore_above":1024},"certificate_chain":{"type":"keyword","ignore_above":1024},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024}}},"issuer":{"type":"keyword","ignore_above":1024},"ja3":{"type":"keyword","ignore_above":1024},"not_after":{"type":"date"},"not_before":{"type":"date"},"server_name":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024},"supported_ciphers":{"type":"keyword","ignore_above":1024},"x509":{"properties":{"alternative_names":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"not_after":{"type":"date"},"not_before":{"type":"date"},"public_key_algorithm":{"type":"keyword","ignore_above":1024},"public_key_curve":{"type":"keyword","ignore_above":1024},"public_key_exponent":{"type":"long","index":false,"doc_values":false},"public_key_size":{"type":"long"},"serial_number":{"type":"keyword","ignore_above":1024},"signature_algorithm":{"type":"keyword","ignore_above":1024},"subject":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"version_number":{"type":"keyword","ignore_above":1024}}}}},"curve":{"type":"keyword","ignore_above":1024},"established":{"type":"boolean"},"next_protocol":{"type":"keyword","ignore_above":1024},"resumed":{"type":"boolean"},"server":{"properties":{"certificate":{"type":"keyword","ignore_above":1024},"certificate_chain":{"type":"keyword","ignore_above":1024},"hash":{"properties":{"md5":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024}}},"issuer":{"type":"keyword","ignore_above":1024},"ja3s":{"type":"keyword","ignore_above":1024},"not_after":{"type":"date"},"not_before":{"type":"date"},"subject":{"type":"keyword","ignore_above":1024},"x509":{"properties":{"alternative_names":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"not_after":{"type":"date"},"not_before":{"type":"date"},"public_key_algorithm":{"type":"keyword","ignore_above":1024},"public_key_curve":{"type":"keyword","ignore_above":1024},"public_key_exponent":{"type":"long","index":false,"doc_values":false},"public_key_size":{"type":"long"},"serial_number":{"type":"keyword","ignore_above":1024},"signature_algorithm":{"type":"keyword","ignore_above":1024},"subject":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"version_number":{"type":"keyword","ignore_above":1024}}}}},"version":{"type":"keyword","ignore_above":1024},"version_protocol":{"type":"keyword","ignore_above":1024}}},"trace":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"traefik":{"properties":{"access":{"properties":{"backend_url":{"type":"keyword","ignore_above":1024},"frontend_name":{"type":"keyword","ignore_above":1024},"geoip":{"properties":{"city_name":{"type":"alias","path":"source.geo.city_name"},"continent_name":{"type":"alias","path":"source.geo.continent_name"},"country_iso_code":{"type":"alias","path":"source.geo.country_iso_code"},"location":{"type":"alias","path":"source.geo.location"},"region_iso_code":{"type":"alias","path":"source.geo.region_iso_code"},"region_name":{"type":"alias","path":"source.geo.region_name"}}},"request_count":{"type":"long"},"user_agent":{"properties":{"name":{"type":"alias","path":"user_agent.name"},"original":{"type":"alias","path":"user_agent.original"},"os":{"type":"alias","path":"user_agent.os.full_name"},"os_name":{"type":"alias","path":"user_agent.os.name"}}},"user_identifier":{"type":"keyword","ignore_above":1024}}}}},"transaction":{"properties":{"id":{"type":"keyword","ignore_above":1024}}},"url":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"extension":{"type":"keyword","ignore_above":1024},"fragment":{"type":"keyword","ignore_above":1024},"full":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"original":{"type":"wildcard","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"password":{"type":"keyword","ignore_above":1024},"path":{"type":"wildcard","ignore_above":1024},"port":{"type":"long"},"query":{"type":"keyword","ignore_above":1024},"registered_domain":{"type":"keyword","ignore_above":1024},"scheme":{"type":"keyword","ignore_above":1024},"subdomain":{"type":"keyword","ignore_above":1024},"top_level_domain":{"type":"keyword","ignore_above":1024},"username":{"type":"keyword","ignore_above":1024}}},"user":{"properties":{"audit":{"properties":{"group":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"changes":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"roles":{"type":"keyword","ignore_above":1024}}},"domain":{"type":"keyword","ignore_above":1024},"effective":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"roles":{"type":"keyword","ignore_above":1024}}},"email":{"type":"keyword","ignore_above":1024},"filesystem":{"properties":{"group":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"owner":{"properties":{"group":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"roles":{"type":"keyword","ignore_above":1024},"saved":{"properties":{"group":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"target":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"full_name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"group":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"hash":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"roles":{"type":"keyword","ignore_above":1024}}},"terminal":{"type":"keyword","ignore_above":1024}}},"user_agent":{"properties":{"device":{"properties":{"name":{"type":"keyword","ignore_above":1024}}},"name":{"type":"keyword","ignore_above":1024},"original":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"os":{"properties":{"family":{"type":"keyword","ignore_above":1024},"full":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"full_name":{"type":"keyword","ignore_above":1024},"kernel":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"platform":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"version":{"type":"keyword","ignore_above":1024}}},"vlan":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}},"vulnerability":{"properties":{"category":{"type":"keyword","ignore_above":1024},"classification":{"type":"keyword","ignore_above":1024},"description":{"type":"keyword","ignore_above":1024,"fields":{"text":{"type":"match_only_text"}}},"enumeration":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"reference":{"type":"keyword","ignore_above":1024},"report_id":{"type":"keyword","ignore_above":1024},"scanner":{"properties":{"vendor":{"type":"keyword","ignore_above":1024}}},"score":{"properties":{"base":{"type":"float"},"environmental":{"type":"float"},"temporal":{"type":"float"},"version":{"type":"keyword","ignore_above":1024}}},"severity":{"type":"keyword","ignore_above":1024}}},"x509":{"properties":{"alternative_names":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"not_after":{"type":"date"},"not_before":{"type":"date"},"public_key_algorithm":{"type":"keyword","ignore_above":1024},"public_key_curve":{"type":"keyword","ignore_above":1024},"public_key_exponent":{"type":"long","index":false,"doc_values":false},"public_key_size":{"type":"long"},"serial_number":{"type":"keyword","ignore_above":1024},"signature_algorithm":{"type":"keyword","ignore_above":1024},"subject":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"distinguished_name":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state_or_province":{"type":"keyword","ignore_above":1024}}},"version_number":{"type":"keyword","ignore_above":1024}}},"zeek":{"properties":{"capture_loss":{"properties":{"acks":{"type":"long"},"gaps":{"type":"long"},"peer":{"type":"keyword","ignore_above":1024},"percent_lost":{"type":"double"},"ts_delta":{"type":"long"}}},"connection":{"properties":{"history":{"type":"keyword","ignore_above":1024},"icmp":{"properties":{"code":{"type":"long"},"type":{"type":"long"}}},"inner_vlan":{"type":"long"},"local_orig":{"type":"boolean"},"local_resp":{"type":"boolean"},"missed_bytes":{"type":"long"},"state":{"type":"keyword","ignore_above":1024},"state_message":{"type":"keyword","ignore_above":1024},"vlan":{"type":"long"}}},"dce_rpc":{"properties":{"endpoint":{"type":"keyword","ignore_above":1024},"named_pipe":{"type":"keyword","ignore_above":1024},"operation":{"type":"keyword","ignore_above":1024},"rtt":{"type":"long"}}},"dhcp":{"properties":{"address":{"properties":{"assigned":{"type":"ip"},"client":{"type":"ip"},"mac":{"type":"keyword","ignore_above":1024},"requested":{"type":"ip"},"server":{"type":"ip"}}},"client_fqdn":{"type":"keyword","ignore_above":1024},"domain":{"type":"keyword","ignore_above":1024},"duration":{"type":"double"},"hostname":{"type":"keyword","ignore_above":1024},"id":{"properties":{"circuit":{"type":"keyword","ignore_above":1024},"remote_agent":{"type":"keyword","ignore_above":1024},"subscriber":{"type":"keyword","ignore_above":1024}}},"lease_time":{"type":"long"},"msg":{"properties":{"client":{"type":"keyword","ignore_above":1024},"origin":{"type":"ip"},"server":{"type":"keyword","ignore_above":1024},"types":{"type":"keyword","ignore_above":1024}}},"software":{"properties":{"client":{"type":"keyword","ignore_above":1024},"server":{"type":"keyword","ignore_above":1024}}}}},"dnp3":{"properties":{"function":{"properties":{"reply":{"type":"keyword","ignore_above":1024},"request":{"type":"keyword","ignore_above":1024}}},"id":{"type":"long"}}},"dns":{"properties":{"AA":{"type":"boolean"},"RA":{"type":"boolean"},"RD":{"type":"boolean"},"TC":{"type":"boolean"},"TTLs":{"type":"double"},"answers":{"type":"keyword","ignore_above":1024},"qclass":{"type":"long"},"qclass_name":{"type":"keyword","ignore_above":1024},"qtype":{"type":"long"},"qtype_name":{"type":"keyword","ignore_above":1024},"query":{"type":"keyword","ignore_above":1024},"rcode":{"type":"long"},"rcode_name":{"type":"keyword","ignore_above":1024},"rejected":{"type":"boolean"},"rtt":{"type":"double"},"saw_query":{"type":"boolean"},"saw_reply":{"type":"boolean"},"total_answers":{"type":"long"},"total_replies":{"type":"long"},"trans_id":{"type":"keyword","ignore_above":1024}}},"dpd":{"properties":{"analyzer":{"type":"keyword","ignore_above":1024},"failure_reason":{"type":"keyword","ignore_above":1024},"packet_segment":{"type":"keyword","ignore_above":1024}}},"files":{"properties":{"analyzers":{"type":"keyword","ignore_above":1024},"depth":{"type":"long"},"duration":{"type":"double"},"entropy":{"type":"double"},"extracted":{"type":"keyword","ignore_above":1024},"extracted_cutoff":{"type":"boolean"},"extracted_size":{"type":"long"},"filename":{"type":"keyword","ignore_above":1024},"fuid":{"type":"keyword","ignore_above":1024},"is_orig":{"type":"boolean"},"local_orig":{"type":"boolean"},"md5":{"type":"keyword","ignore_above":1024},"mime_type":{"type":"keyword","ignore_above":1024},"missing_bytes":{"type":"long"},"overflow_bytes":{"type":"long"},"parent_fuid":{"type":"keyword","ignore_above":1024},"rx_host":{"type":"ip"},"seen_bytes":{"type":"long"},"session_ids":{"type":"keyword","ignore_above":1024},"sha1":{"type":"keyword","ignore_above":1024},"sha256":{"type":"keyword","ignore_above":1024},"source":{"type":"keyword","ignore_above":1024},"timedout":{"type":"boolean"},"total_bytes":{"type":"long"},"tx_host":{"type":"ip"}}},"ftp":{"properties":{"arg":{"type":"keyword","ignore_above":1024},"capture_password":{"type":"boolean"},"cmdarg":{"properties":{"arg":{"type":"keyword","ignore_above":1024},"cmd":{"type":"keyword","ignore_above":1024},"seq":{"type":"long"}}},"command":{"type":"keyword","ignore_above":1024},"cwd":{"type":"keyword","ignore_above":1024},"data_channel":{"properties":{"originating_host":{"type":"ip"},"passive":{"type":"boolean"},"response_host":{"type":"ip"},"response_port":{"type":"long"}}},"file":{"properties":{"fuid":{"type":"keyword","ignore_above":1024},"mime_type":{"type":"keyword","ignore_above":1024},"size":{"type":"long"},"uid":{"type":"keyword","ignore_above":1024}}},"last_auth_requested":{"type":"keyword","ignore_above":1024},"passive":{"type":"boolean"},"password":{"type":"keyword","ignore_above":1024},"pending_commands":{"type":"long"},"reply":{"properties":{"code":{"type":"long"},"msg":{"type":"keyword","ignore_above":1024}}},"user":{"type":"keyword","ignore_above":1024}}},"http":{"properties":{"captured_password":{"type":"boolean"},"client_header_names":{"type":"keyword","ignore_above":1024},"info_code":{"type":"long"},"info_msg":{"type":"keyword","ignore_above":1024},"orig_filenames":{"type":"keyword","ignore_above":1024},"orig_fuids":{"type":"keyword","ignore_above":1024},"orig_mime_depth":{"type":"long"},"orig_mime_types":{"type":"keyword","ignore_above":1024},"origin":{"type":"keyword","ignore_above":1024},"password":{"type":"keyword","ignore_above":1024},"proxied":{"type":"keyword","ignore_above":1024},"range_request":{"type":"boolean"},"resp_filenames":{"type":"keyword","ignore_above":1024},"resp_fuids":{"type":"keyword","ignore_above":1024},"resp_mime_depth":{"type":"long"},"resp_mime_types":{"type":"keyword","ignore_above":1024},"server_header_names":{"type":"keyword","ignore_above":1024},"status_msg":{"type":"keyword","ignore_above":1024},"tags":{"type":"keyword","ignore_above":1024},"trans_depth":{"type":"long"}}},"intel":{"properties":{"file_desc":{"type":"keyword","ignore_above":1024},"file_mime_type":{"type":"keyword","ignore_above":1024},"fuid":{"type":"keyword","ignore_above":1024},"matched":{"type":"keyword","ignore_above":1024},"seen":{"properties":{"conn":{"type":"keyword","ignore_above":1024},"f":{"type":"object"},"fuid":{"type":"keyword","ignore_above":1024},"host":{"type":"keyword","ignore_above":1024},"indicator":{"type":"keyword","ignore_above":1024},"indicator_type":{"type":"keyword","ignore_above":1024},"node":{"type":"keyword","ignore_above":1024},"uid":{"type":"keyword","ignore_above":1024},"where":{"type":"keyword","ignore_above":1024}}},"sources":{"type":"keyword","ignore_above":1024}}},"irc":{"properties":{"addl":{"type":"keyword","ignore_above":1024},"command":{"type":"keyword","ignore_above":1024},"dcc":{"properties":{"file":{"properties":{"name":{"type":"keyword","ignore_above":1024},"size":{"type":"long"}}},"mime_type":{"type":"keyword","ignore_above":1024}}},"fuid":{"type":"keyword","ignore_above":1024},"nick":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"kerberos":{"properties":{"cert":{"properties":{"client":{"properties":{"fuid":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}},"server":{"properties":{"fuid":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024},"value":{"type":"keyword","ignore_above":1024}}}}},"cipher":{"type":"keyword","ignore_above":1024},"client":{"type":"keyword","ignore_above":1024},"error":{"properties":{"code":{"type":"long"},"msg":{"type":"keyword","ignore_above":1024}}},"forwardable":{"type":"boolean"},"renewable":{"type":"boolean"},"request_type":{"type":"keyword","ignore_above":1024},"service":{"type":"keyword","ignore_above":1024},"success":{"type":"boolean"},"ticket":{"properties":{"auth":{"type":"keyword","ignore_above":1024},"new":{"type":"keyword","ignore_above":1024}}},"valid":{"properties":{"days":{"type":"long"},"from":{"type":"date"},"until":{"type":"date"}}}}},"modbus":{"properties":{"exception":{"type":"keyword","ignore_above":1024},"function":{"type":"keyword","ignore_above":1024},"track_address":{"type":"long"}}},"mysql":{"properties":{"arg":{"type":"keyword","ignore_above":1024},"cmd":{"type":"keyword","ignore_above":1024},"response":{"type":"keyword","ignore_above":1024},"rows":{"type":"long"},"success":{"type":"boolean"}}},"notice":{"properties":{"actions":{"type":"keyword","ignore_above":1024},"connection_id":{"type":"keyword","ignore_above":1024},"dropped":{"type":"boolean"},"email_body_sections":{"type":"text","norms":false},"email_delay_tokens":{"type":"keyword","ignore_above":1024},"false":{"type":"long"},"ffile":{"properties":{"total_bytes":{"type":"long"}}},"file":{"properties":{"id":{"type":"keyword","ignore_above":1024},"is_orig":{"type":"boolean"},"mime_type":{"type":"keyword","ignore_above":1024},"missing_bytes":{"type":"long"},"overflow_bytes":{"type":"long"},"parent_id":{"type":"keyword","ignore_above":1024},"seen_bytes":{"type":"long"},"source":{"type":"keyword","ignore_above":1024}}},"fuid":{"type":"keyword","ignore_above":1024},"icmp_id":{"type":"keyword","ignore_above":1024},"id":{"properties":{"orig_h":{"type":"keyword","ignore_above":1024},"resp_h":{"type":"keyword","ignore_above":1024},"resp_p":{"type":"long"}}},"identifier":{"type":"keyword","ignore_above":1024},"msg":{"type":"keyword","ignore_above":1024},"note":{"type":"keyword","ignore_above":1024},"peer_descr":{"type":"text","norms":false},"peer_name":{"type":"keyword","ignore_above":1024},"sub":{"type":"keyword","ignore_above":1024},"suppress_for":{"type":"double"}}},"ntlm":{"properties":{"domain":{"type":"keyword","ignore_above":1024},"hostname":{"type":"keyword","ignore_above":1024},"server":{"properties":{"name":{"properties":{"dns":{"type":"keyword","ignore_above":1024},"netbios":{"type":"keyword","ignore_above":1024},"tree":{"type":"keyword","ignore_above":1024}}}}},"success":{"type":"boolean"},"username":{"type":"keyword","ignore_above":1024}}},"ntp":{"properties":{"mode":{"type":"long"},"num_exts":{"type":"long"},"org_time":{"type":"date"},"poll":{"type":"double"},"precision":{"type":"double"},"rec_time":{"type":"date"},"ref_id":{"type":"keyword","ignore_above":1024},"ref_time":{"type":"date"},"root_delay":{"type":"double"},"root_disp":{"type":"double"},"stratum":{"type":"long"},"version":{"type":"long"},"xmt_time":{"type":"date"}}},"ocsp":{"properties":{"file_id":{"type":"keyword","ignore_above":1024},"hash":{"properties":{"algorithm":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"key":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024}}}}},"revoke":{"properties":{"reason":{"type":"keyword","ignore_above":1024},"time":{"type":"date"}}},"serial_number":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"update":{"properties":{"next":{"type":"date"},"this":{"type":"date"}}}}},"pe":{"properties":{"client":{"type":"keyword","ignore_above":1024},"compile_time":{"type":"date"},"has_cert_table":{"type":"boolean"},"has_debug_data":{"type":"boolean"},"has_export_table":{"type":"boolean"},"has_import_table":{"type":"boolean"},"id":{"type":"keyword","ignore_above":1024},"is_64bit":{"type":"boolean"},"is_exe":{"type":"boolean"},"machine":{"type":"keyword","ignore_above":1024},"os":{"type":"keyword","ignore_above":1024},"section_names":{"type":"keyword","ignore_above":1024},"subsystem":{"type":"keyword","ignore_above":1024},"uses_aslr":{"type":"boolean"},"uses_code_integrity":{"type":"boolean"},"uses_dep":{"type":"boolean"},"uses_seh":{"type":"boolean"}}},"radius":{"properties":{"connect_info":{"type":"keyword","ignore_above":1024},"framed_addr":{"type":"ip"},"logged":{"type":"boolean"},"mac":{"type":"keyword","ignore_above":1024},"remote_ip":{"type":"ip"},"reply_msg":{"type":"keyword","ignore_above":1024},"result":{"type":"keyword","ignore_above":1024},"ttl":{"type":"long"},"username":{"type":"keyword","ignore_above":1024}}},"rdp":{"properties":{"cert":{"properties":{"count":{"type":"long"},"permanent":{"type":"boolean"},"type":{"type":"keyword","ignore_above":1024}}},"client":{"properties":{"build":{"type":"keyword","ignore_above":1024},"client_name":{"type":"keyword","ignore_above":1024},"product_id":{"type":"keyword","ignore_above":1024}}},"cookie":{"type":"keyword","ignore_above":1024},"desktop":{"properties":{"color_depth":{"type":"keyword","ignore_above":1024},"height":{"type":"long"},"width":{"type":"long"}}},"done":{"type":"boolean"},"encryption":{"properties":{"level":{"type":"keyword","ignore_above":1024},"method":{"type":"keyword","ignore_above":1024}}},"keyboard_layout":{"type":"keyword","ignore_above":1024},"result":{"type":"keyword","ignore_above":1024},"security_protocol":{"type":"keyword","ignore_above":1024},"ssl":{"type":"boolean"}}},"rfb":{"properties":{"auth":{"properties":{"method":{"type":"keyword","ignore_above":1024},"success":{"type":"boolean"}}},"desktop_name":{"type":"keyword","ignore_above":1024},"height":{"type":"long"},"share_flag":{"type":"boolean"},"version":{"properties":{"client":{"properties":{"major":{"type":"keyword","ignore_above":1024},"minor":{"type":"keyword","ignore_above":1024}}},"server":{"properties":{"major":{"type":"keyword","ignore_above":1024},"minor":{"type":"keyword","ignore_above":1024}}}}},"width":{"type":"long"}}},"session_id":{"type":"keyword","ignore_above":1024},"signature":{"properties":{"event_msg":{"type":"keyword","ignore_above":1024},"host_count":{"type":"long"},"note":{"type":"keyword","ignore_above":1024},"sig_count":{"type":"long"},"sig_id":{"type":"keyword","ignore_above":1024},"sub_msg":{"type":"keyword","ignore_above":1024}}},"sip":{"properties":{"call_id":{"type":"keyword","ignore_above":1024},"content_type":{"type":"keyword","ignore_above":1024},"date":{"type":"keyword","ignore_above":1024},"reply_to":{"type":"keyword","ignore_above":1024},"request":{"properties":{"body_length":{"type":"long"},"from":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"to":{"type":"keyword","ignore_above":1024}}},"response":{"properties":{"body_length":{"type":"long"},"from":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"to":{"type":"keyword","ignore_above":1024}}},"sequence":{"properties":{"method":{"type":"keyword","ignore_above":1024},"number":{"type":"keyword","ignore_above":1024}}},"status":{"properties":{"code":{"type":"long"},"msg":{"type":"keyword","ignore_above":1024}}},"subject":{"type":"keyword","ignore_above":1024},"transaction_depth":{"type":"long"},"uri":{"type":"keyword","ignore_above":1024},"user_agent":{"type":"keyword","ignore_above":1024},"warning":{"type":"keyword","ignore_above":1024}}},"smb_cmd":{"properties":{"argument":{"type":"keyword","ignore_above":1024},"command":{"type":"keyword","ignore_above":1024},"file":{"properties":{"action":{"type":"keyword","ignore_above":1024},"host":{"properties":{"rx":{"type":"ip"},"tx":{"type":"ip"}}},"name":{"type":"keyword","ignore_above":1024},"uid":{"type":"keyword","ignore_above":1024}}},"rtt":{"type":"double"},"smb1_offered_dialects":{"type":"keyword","ignore_above":1024},"smb2_offered_dialects":{"type":"long"},"status":{"type":"keyword","ignore_above":1024},"sub_command":{"type":"keyword","ignore_above":1024},"tree":{"type":"keyword","ignore_above":1024},"tree_service":{"type":"keyword","ignore_above":1024},"username":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"smb_files":{"properties":{"action":{"type":"keyword","ignore_above":1024},"data_len_req":{"type":"long"},"data_offset_req":{"type":"long"},"fid":{"type":"long"},"fuid":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"previous_name":{"type":"keyword","ignore_above":1024},"size":{"type":"long"},"times":{"properties":{"accessed":{"type":"date"},"changed":{"type":"date"},"created":{"type":"date"},"modified":{"type":"date"}}},"uuid":{"type":"keyword","ignore_above":1024}}},"smb_mapping":{"properties":{"native_file_system":{"type":"keyword","ignore_above":1024},"path":{"type":"keyword","ignore_above":1024},"service":{"type":"keyword","ignore_above":1024},"share_type":{"type":"keyword","ignore_above":1024}}},"smtp":{"properties":{"cc":{"type":"keyword","ignore_above":1024},"date":{"type":"date"},"first_received":{"type":"keyword","ignore_above":1024},"from":{"type":"keyword","ignore_above":1024},"fuids":{"type":"keyword","ignore_above":1024},"has_client_activity":{"type":"boolean"},"helo":{"type":"keyword","ignore_above":1024},"in_reply_to":{"type":"keyword","ignore_above":1024},"is_webmail":{"type":"boolean"},"last_reply":{"type":"keyword","ignore_above":1024},"mail_from":{"type":"keyword","ignore_above":1024},"msg_id":{"type":"keyword","ignore_above":1024},"path":{"type":"ip"},"process_received_from":{"type":"boolean"},"rcpt_to":{"type":"keyword","ignore_above":1024},"reply_to":{"type":"keyword","ignore_above":1024},"second_received":{"type":"keyword","ignore_above":1024},"subject":{"type":"keyword","ignore_above":1024},"tls":{"type":"boolean"},"to":{"type":"keyword","ignore_above":1024},"transaction_depth":{"type":"long"},"user_agent":{"type":"keyword","ignore_above":1024},"x_originating_ip":{"type":"keyword","ignore_above":1024}}},"snmp":{"properties":{"community":{"type":"keyword","ignore_above":1024},"display_string":{"type":"keyword","ignore_above":1024},"duration":{"type":"double"},"get":{"properties":{"bulk_requests":{"type":"long"},"requests":{"type":"long"},"responses":{"type":"long"}}},"set":{"properties":{"requests":{"type":"long"}}},"up_since":{"type":"date"},"version":{"type":"keyword","ignore_above":1024}}},"socks":{"properties":{"bound":{"properties":{"host":{"type":"keyword","ignore_above":1024},"port":{"type":"long"}}},"capture_password":{"type":"boolean"},"password":{"type":"keyword","ignore_above":1024},"request":{"properties":{"host":{"type":"keyword","ignore_above":1024},"port":{"type":"long"}}},"status":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024},"version":{"type":"long"}}},"ssh":{"properties":{"algorithm":{"properties":{"cipher":{"type":"keyword","ignore_above":1024},"compression":{"type":"keyword","ignore_above":1024},"host_key":{"type":"keyword","ignore_above":1024},"key_exchange":{"type":"keyword","ignore_above":1024},"mac":{"type":"keyword","ignore_above":1024}}},"auth":{"properties":{"attempts":{"type":"long"},"success":{"type":"boolean"}}},"client":{"type":"keyword","ignore_above":1024},"cshka":{"type":"keyword","ignore_above":1024},"direction":{"type":"keyword","ignore_above":1024},"hassh":{"type":"keyword","ignore_above":1024},"hasshAlgorithms":{"type":"keyword","ignore_above":1024},"hasshServer":{"type":"keyword","ignore_above":1024},"hasshServerAlgorithms":{"type":"keyword","ignore_above":1024},"hasshVersion":{"type":"keyword","ignore_above":1024},"host_key":{"type":"keyword","ignore_above":1024},"server":{"type":"keyword","ignore_above":1024},"sshka":{"type":"keyword","ignore_above":1024},"version":{"type":"long"}}},"ssl":{"properties":{"cipher":{"type":"keyword","ignore_above":1024},"client":{"properties":{"cert_chain":{"type":"keyword","ignore_above":1024},"cert_chain_fuids":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"DC":{"type":"keyword","ignore_above":1024},"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"emailAddress":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024}}},"subject":{"properties":{"1":{"properties":{"3":{"properties":{"6":{"properties":{"1":{"properties":{"4":{"properties":{"1":{"properties":{"25461":{"properties":{"4":{"properties":{"22":{"properties":{"1":{"type":"keyword","ignore_above":1024},"2":{"type":"keyword","ignore_above":1024},"3":{"type":"keyword","ignore_above":1024}}}}}}}}}}}}}}}}}}},"DC":{"type":"keyword","ignore_above":1024},"SN":{"type":"keyword","ignore_above":1024},"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"emailAddress":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"pseudonym":{"type":"keyword","ignore_above":1024},"serialNumber":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024},"x500UniqueIdentifier":{"type":"keyword","ignore_above":1024}}}}},"curve":{"type":"keyword","ignore_above":1024},"established":{"type":"boolean"},"last_alert":{"type":"keyword","ignore_above":1024},"next_protocol":{"type":"keyword","ignore_above":1024},"resumed":{"type":"boolean"},"server":{"properties":{"cert_chain":{"type":"keyword","ignore_above":1024},"cert_chain_fuids":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"DC":{"type":"keyword","ignore_above":1024},"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"emailAddress":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024}}},"name":{"type":"keyword","ignore_above":1024},"subject":{"properties":{"businessCategory":{"type":"keyword","ignore_above":1024},"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"emailAddress":{"type":"keyword","ignore_above":1024},"jurisdictionC":{"type":"keyword","ignore_above":1024},"jurisdictionST":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"serialNumber":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024}}}}},"validation":{"properties":{"code":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024}}},"version":{"type":"keyword","ignore_above":1024}}},"stats":{"properties":{"bytes":{"properties":{"received":{"type":"long"}}},"connections":{"properties":{"icmp":{"properties":{"active":{"type":"long"},"count":{"type":"long"}}},"tcp":{"properties":{"active":{"type":"long"},"count":{"type":"long"}}},"udp":{"properties":{"active":{"type":"long"},"count":{"type":"long"}}}}},"dns_requests":{"properties":{"active":{"type":"long"},"count":{"type":"long"}}},"events":{"properties":{"processed":{"type":"long"},"queued":{"type":"long"}}},"files":{"properties":{"active":{"type":"long"},"count":{"type":"long"}}},"memory":{"type":"long"},"packets":{"properties":{"dropped":{"type":"long"},"processed":{"type":"long"},"received":{"type":"long"}}},"peer":{"type":"keyword","ignore_above":1024},"reassembly_size":{"properties":{"file":{"type":"long"},"frag":{"type":"long"},"tcp":{"type":"long"},"unknown":{"type":"long"}}},"timers":{"properties":{"active":{"type":"long"},"count":{"type":"long"}}},"timestamp_lag":{"type":"long"}}},"syslog":{"properties":{"facility":{"type":"keyword","ignore_above":1024},"message":{"type":"keyword","ignore_above":1024},"severity":{"type":"keyword","ignore_above":1024}}},"tunnel":{"properties":{"action":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"weird":{"properties":{"additional_info":{"type":"keyword","ignore_above":1024},"identifier":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"notice":{"type":"boolean"},"peer":{"type":"keyword","ignore_above":1024}}},"x509":{"properties":{"basic_constraints":{"properties":{"certificate_authority":{"type":"boolean"},"path_length":{"type":"long"}}},"certificate":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"curve":{"type":"keyword","ignore_above":1024},"exponent":{"type":"keyword","ignore_above":1024},"issuer":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024}}},"key":{"properties":{"algorithm":{"type":"keyword","ignore_above":1024},"length":{"type":"long"},"type":{"type":"keyword","ignore_above":1024}}},"serial":{"type":"keyword","ignore_above":1024},"signature_algorithm":{"type":"keyword","ignore_above":1024},"subject":{"properties":{"common_name":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"locality":{"type":"keyword","ignore_above":1024},"organization":{"type":"keyword","ignore_above":1024},"organizational_unit":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024}}},"valid":{"properties":{"from":{"type":"date"},"until":{"type":"date"}}},"version":{"type":"long"}}},"id":{"type":"keyword","ignore_above":1024},"log_cert":{"type":"boolean"},"san":{"properties":{"dns":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"ip":{"type":"ip"},"other_fields":{"type":"boolean"},"uri":{"type":"keyword","ignore_above":1024}}}}}}},"zookeeper":{"properties":{"audit":{"properties":{"acl":{"type":"keyword","ignore_above":1024},"result":{"type":"keyword","ignore_above":1024},"session":{"type":"keyword","ignore_above":1024},"user":{"type":"keyword","ignore_above":1024},"znode":{"type":"keyword","ignore_above":1024},"znode_type":{"type":"keyword","ignore_above":1024}}}}},"zoom":{"properties":{"account":{"properties":{"account_alias":{"type":"keyword","ignore_above":1024},"account_name":{"type":"keyword","ignore_above":1024},"account_support_email":{"type":"keyword","ignore_above":1024},"account_support_name":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"owner_email":{"type":"keyword","ignore_above":1024},"owner_id":{"type":"keyword","ignore_above":1024}}},"account_id":{"type":"keyword","ignore_above":1024},"chat_channel":{"properties":{"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"chat_message":{"properties":{"channel_id":{"type":"keyword","ignore_above":1024},"channel_name":{"type":"keyword","ignore_above":1024},"contact_email":{"type":"keyword","ignore_above":1024},"contact_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"message":{"type":"keyword","ignore_above":1024},"session_id":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024}}},"creation_type":{"type":"keyword","ignore_above":1024},"master_account_id":{"type":"keyword","ignore_above":1024},"meeting":{"properties":{"duration":{"type":"long"},"host_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"issues":{"type":"keyword","ignore_above":1024},"password":{"type":"keyword","ignore_above":1024},"start_time":{"type":"date"},"timezone":{"type":"keyword","ignore_above":1024},"topic":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024}}},"old_values":{"type":"flattened"},"operator":{"type":"keyword","ignore_above":1024},"operator_id":{"type":"keyword","ignore_above":1024},"participant":{"properties":{"id":{"type":"keyword","ignore_above":1024},"join_time":{"type":"date"},"leave_time":{"type":"date"},"sharing_details":{"properties":{"content":{"type":"keyword","ignore_above":1024},"date_time":{"type":"keyword","ignore_above":1024},"file_link":{"type":"keyword","ignore_above":1024},"link_source":{"type":"keyword","ignore_above":1024},"source":{"type":"keyword","ignore_above":1024}}},"user_id":{"type":"keyword","ignore_above":1024},"user_name":{"type":"keyword","ignore_above":1024}}},"phone":{"properties":{"answer_start_time":{"type":"date"},"call_end_time":{"type":"date"},"call_id":{"type":"keyword","ignore_above":1024},"callee":{"properties":{"device_type":{"type":"keyword","ignore_above":1024},"extension_number":{"type":"keyword","ignore_above":1024},"extension_type":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"number_type":{"type":"keyword","ignore_above":1024},"phone_number":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024},"user_id":{"type":"keyword","ignore_above":1024}}},"caller":{"properties":{"device_type":{"type":"keyword","ignore_above":1024},"extension_number":{"type":"keyword","ignore_above":1024},"extension_type":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"name":{"type":"keyword","ignore_above":1024},"number_type":{"type":"keyword","ignore_above":1024},"phone_number":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024},"user_id":{"type":"keyword","ignore_above":1024}}},"connected_start_time":{"type":"date"},"date_time":{"type":"date"},"download_url":{"type":"keyword","ignore_above":1024},"duration":{"type":"long"},"id":{"type":"keyword","ignore_above":1024},"ringing_start_time":{"type":"date"},"user_id":{"type":"keyword","ignore_above":1024}}},"recording":{"properties":{"duration":{"type":"long"},"host_email":{"type":"keyword","ignore_above":1024},"host_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"recording_count":{"type":"long"},"recording_file":{"properties":{"recording_end":{"type":"date"},"recording_start":{"type":"date"}}},"share_url":{"type":"keyword","ignore_above":1024},"start_time":{"type":"date"},"timezone":{"type":"keyword","ignore_above":1024},"topic":{"type":"keyword","ignore_above":1024},"total_size":{"type":"long"},"type":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024}}},"registrant":{"properties":{"address":{"type":"keyword","ignore_above":1024},"city":{"type":"keyword","ignore_above":1024},"comments":{"type":"keyword","ignore_above":1024},"country":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"first_name":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"industry":{"type":"keyword","ignore_above":1024},"job_title":{"type":"keyword","ignore_above":1024},"join_url":{"type":"keyword","ignore_above":1024},"last_name":{"type":"keyword","ignore_above":1024},"no_of_employees":{"type":"keyword","ignore_above":1024},"org":{"type":"keyword","ignore_above":1024},"phone":{"type":"keyword","ignore_above":1024},"purchasing_time_frame":{"type":"keyword","ignore_above":1024},"role_in_purchase_process":{"type":"keyword","ignore_above":1024},"state":{"type":"keyword","ignore_above":1024},"status":{"type":"keyword","ignore_above":1024},"zip":{"type":"keyword","ignore_above":1024}}},"settings":{"type":"flattened"},"sub_account_id":{"type":"keyword","ignore_above":1024},"timestamp":{"type":"date"},"user":{"properties":{"client_type":{"type":"keyword","ignore_above":1024},"company":{"type":"keyword","ignore_above":1024},"dept":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"first_name":{"type":"keyword","ignore_above":1024},"host_key":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"language":{"type":"keyword","ignore_above":1024},"last_name":{"type":"keyword","ignore_above":1024},"personal_notes":{"type":"keyword","ignore_above":1024},"phone_country":{"type":"keyword","ignore_above":1024},"phone_number":{"type":"keyword","ignore_above":1024},"pic_url":{"type":"keyword","ignore_above":1024},"pmi":{"type":"keyword","ignore_above":1024},"presence_status":{"type":"keyword","ignore_above":1024},"role":{"type":"keyword","ignore_above":1024},"timezone":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"use_pmi":{"type":"boolean"},"vanity_name":{"type":"keyword","ignore_above":1024},"version":{"type":"keyword","ignore_above":1024}}},"webinar":{"properties":{"agenda":{"type":"keyword","ignore_above":1024},"duration":{"type":"long"},"host_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"issues":{"type":"keyword","ignore_above":1024},"join_url":{"type":"keyword","ignore_above":1024},"password":{"type":"keyword","ignore_above":1024},"start_time":{"type":"date"},"timezone":{"type":"keyword","ignore_above":1024},"topic":{"type":"keyword","ignore_above":1024},"type":{"type":"keyword","ignore_above":1024},"uuid":{"type":"keyword","ignore_above":1024}}},"zoomroom":{"properties":{"alert_kind":{"type":"keyword","ignore_above":1024},"alert_type":{"type":"keyword","ignore_above":1024},"calendar_id":{"type":"keyword","ignore_above":1024},"calendar_name":{"type":"keyword","ignore_above":1024},"change_key":{"type":"keyword","ignore_above":1024},"component":{"type":"keyword","ignore_above":1024},"email":{"type":"keyword","ignore_above":1024},"event_id":{"type":"keyword","ignore_above":1024},"id":{"type":"keyword","ignore_above":1024},"issue":{"type":"keyword","ignore_above":1024},"resource_email":{"type":"keyword","ignore_above":1024},"room_name":{"type":"keyword","ignore_above":1024}}}}}}}}}

var myCopy = null;

Tests:

Lodash cloneDeep
myCopy = _.cloneDeep(MyObject);
Native structuredClone
myCopy = structuredClone(MyObject);
JSON.parse clone
myCopy = JSON.parse(JSON.stringify(MyObject));
RFDC
myCopy = rfdc()(MyObject);

Run results for: Lodash cloneDeep vs structuredClone vs JSON.parse clone vs RFDC 322KB input

https://developer.mozilla.org/en-US/docs/Web/API/structuredClone

Lodash cloneDeep

Native structuredClone

JSON.parse clone

RFDC