maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/api_docs/rule_registry.json
Stacey Gammon 88f9c4ae02
Add support for building a deprecation list with usage (#99154) (#99538) 
* Add support for building a deprecation list with usage

* Update API docs
2021-05-06 17:59:11 -04:00

1073 lines
No EOL
193 KiB
JSON
Raw Blame History

{
"id": "ruleRegistry",
"client": {
"classes": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry",
"type": "Class",
"tags": [],
"label": "RuleRegistry",
"description": [],
"signature": [
{
"pluginId": "ruleRegistry",
"scope": "public",
"docId": "kibRuleRegistryPluginApi",
"section": "def-public.RuleRegistry",
"text": "RuleRegistry"
},
"<TFieldMap, TRuleType>"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 11
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.types",
"type": "Array",
"tags": [],
"label": "types",
"description": [],
"signature": [
"TRuleType[]"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 12
},
"deprecated": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.Unnamed",
"type": "Function",
"tags": [],
"label": "Constructor",
"description": [],
"signature": [
"any"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 14
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.Unnamed.$1",
"type": "Object",
"tags": [],
"label": "options",
"description": [],
"signature": [
"RuleRegistryConstructorOptions",
"<TFieldMap>"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 14
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.getTypes",
"type": "Function",
"tags": [],
"label": "getTypes",
"description": [],
"signature": [
"() => TRuleType[]"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 16
},
"deprecated": false,
"children": [],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.getTypeByRuleId",
"type": "Function",
"tags": [],
"label": "getTypeByRuleId",
"description": [],
"signature": [
"(id: string) => TRuleType | undefined"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 20
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.getTypeByRuleId.$1",
"type": "string",
"tags": [],
"label": "id",
"description": [],
"signature": [
"string"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 20
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.registerType",
"type": "Function",
"tags": [],
"label": "registerType",
"description": [],
"signature": [
"(type: TRuleType) => void"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 24
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.registerType.$1",
"type": "Uncategorized",
"tags": [],
"label": "type",
"description": [],
"signature": [
"TRuleType"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 24
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.create",
"type": "Function",
"tags": [],
"label": "create",
"description": [],
"signature": [
"<TNextFieldMap extends ",
{
"pluginId": "ruleRegistry",
"scope": "common",
"docId": "kibRuleRegistryPluginApi",
"section": "def-common.FieldMap",
"text": "FieldMap"
},
", TRuleRegistryInstance extends ",
{
"pluginId": "ruleRegistry",
"scope": "public",
"docId": "kibRuleRegistryPluginApi",
"section": "def-public.IRuleRegistry",
"text": "IRuleRegistry"
},
"<TFieldMap & TNextFieldMap, any, undefined> = ",
{
"pluginId": "ruleRegistry",
"scope": "public",
"docId": "kibRuleRegistryPluginApi",
"section": "def-public.IRuleRegistry",
"text": "IRuleRegistry"
},
"<TFieldMap & TNextFieldMap, TRuleType, undefined>>({ fieldMap, ctor }: { fieldMap: TNextFieldMap; ctor?: (new (options: ",
"RuleRegistryConstructorOptions",
"<TFieldMap & TNextFieldMap>) => TRuleRegistryInstance) | undefined; }) => any"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 33
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistry.create.$1",
"type": "Object",
"tags": [],
"label": "{ fieldMap, ctor }",
"description": [],
"signature": [
"{ fieldMap: TNextFieldMap; ctor?: (new (options: ",
"RuleRegistryConstructorOptions",
"<TFieldMap & TNextFieldMap>) => TRuleRegistryInstance) | undefined; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/index.ts",
"lineNumber": 33
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
}
],
"initialIsOpen": false
}
],
"functions": [],
"interfaces": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.IRuleRegistry",
"type": "Interface",
"tags": [],
"label": "IRuleRegistry",
"description": [],
"signature": [
{
"pluginId": "ruleRegistry",
"scope": "public",
"docId": "kibRuleRegistryPluginApi",
"section": "def-public.IRuleRegistry",
"text": "IRuleRegistry"
},
"<TFieldMap, TRuleType, TInstanceType>"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/types.ts",
"lineNumber": 47
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.IRuleRegistry.create",
"type": "Function",
"tags": [],
"label": "create",
"description": [],
"signature": [
"CreateRuleRegistry",
"<TFieldMap, TRuleType, TInstanceType>"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/types.ts",
"lineNumber": 52
},
"deprecated": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.IRuleRegistry.registerType",
"type": "Function",
"tags": [],
"label": "registerType",
"description": [],
"signature": [
"(type: TRuleType) => void"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/types.ts",
"lineNumber": 53
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.IRuleRegistry.registerType.$1",
"type": "Uncategorized",
"tags": [],
"label": "type",
"description": [],
"signature": [
"TRuleType"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/types.ts",
"lineNumber": 53
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.IRuleRegistry.getTypeByRuleId",
"type": "Function",
"tags": [],
"label": "getTypeByRuleId",
"description": [],
"signature": [
"(ruleId: string) => TRuleType"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/types.ts",
"lineNumber": 54
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.IRuleRegistry.getTypeByRuleId.$1",
"type": "string",
"tags": [],
"label": "ruleId",
"description": [],
"signature": [
"string"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/types.ts",
"lineNumber": 54
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.IRuleRegistry.getTypes",
"type": "Function",
"tags": [],
"label": "getTypes",
"description": [],
"signature": [
"() => TRuleType[]"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/types.ts",
"lineNumber": 55
},
"deprecated": false,
"children": [],
"returnComment": []
}
],
"initialIsOpen": false
}
],
"enums": [],
"misc": [
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleRegistryPublicPluginSetupContract",
"type": "Type",
"tags": [],
"label": "RuleRegistryPublicPluginSetupContract",
"description": [],
"signature": [
"{ registry: RuleRegistry<{ readonly 'kibana.rac.producer': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.uuid': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.id': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.start': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.end': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.duration.us': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.severity.level': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.severity.value': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.status': { readonly type: \"keyword\"; }; readonly '@timestamp': { readonly type: \"date\"; readonly array: false; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.kind': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.action': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.uuid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.category': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }, ",
{
"pluginId": "triggersActionsUi",
"scope": "public",
"docId": "kibTriggersActionsUiPluginApi",
"section": "def-public.AlertTypeModel",
"text": "AlertTypeModel"
},
"<Record<string, unknown>>>; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/plugin.ts",
"lineNumber": 35
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-public.RuleType",
"type": "Type",
"tags": [],
"label": "RuleType",
"description": [],
"signature": [
{
"pluginId": "triggersActionsUi",
"scope": "public",
"docId": "kibTriggersActionsUiPluginApi",
"section": "def-public.AlertTypeModel",
"text": "AlertTypeModel"
},
"<Record<string, unknown>>"
],
"source": {
"path": "x-pack/plugins/rule_registry/public/rule_registry/types.ts",
"lineNumber": 16
},
"deprecated": false,
"initialIsOpen": false
}
],
"objects": []
},
"server": {
"classes": [],
"functions": [
{
"parentPluginId": "ruleRegistry",
"id": "def-server.createLifecycleRuleTypeFactory",
"type": "Function",
"tags": [],
"label": "createLifecycleRuleTypeFactory",
"description": [],
"signature": [
"() => TRuleRegistry extends ",
"RuleRegistry",
"<infer TFieldMap> ? CreateLifecycleRuleType<TFieldMap> : never"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/rule_type_helpers/create_lifecycle_rule_type_factory.ts",
"lineNumber": 54
},
"deprecated": false,
"children": [],
"returnComment": [],
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-server.createLifecycleRuleTypeFactory",
"type": "Function",
"tags": [],
"label": "createLifecycleRuleTypeFactory",
"description": [],
"signature": [
"() => CreateLifecycleRuleType<{ readonly 'kibana.rac.producer': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.uuid': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.id': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.start': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.end': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.duration.us': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.severity.level': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.severity.value': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.status': { readonly type: \"keyword\"; }; readonly '@timestamp': { readonly type: \"date\"; readonly array: false; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.kind': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.action': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.uuid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.category': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }>"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/rule_type_helpers/create_lifecycle_rule_type_factory.ts",
"lineNumber": 60
},
"deprecated": false,
"children": [],
"returnComment": [],
"initialIsOpen": false
}
],
"interfaces": [
{
"parentPluginId": "ruleRegistry",
"id": "def-server.ScopedRuleRegistryClient",
"type": "Interface",
"tags": [],
"label": "ScopedRuleRegistryClient",
"description": [],
"signature": [
{
"pluginId": "ruleRegistry",
"scope": "server",
"docId": "kibRuleRegistryPluginApi",
"section": "def-server.ScopedRuleRegistryClient",
"text": "ScopedRuleRegistryClient"
},
"<TFieldMap>"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/create_scoped_rule_registry_client/types.ts",
"lineNumber": 41
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-server.ScopedRuleRegistryClient.search",
"type": "Function",
"tags": [],
"label": "search",
"description": [],
"signature": [
"<TSearchRequest extends FieldsESSearchRequest<TFieldMap>>(request: TSearchRequest) => Promise<{ body: ",
"InferSearchResponseOf",
"<unknown, TSearchRequest, { restTotalHitsAsInt: false; }>; events: ",
"EventsOf",
"<TSearchRequest, TFieldMap>; }>"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/create_scoped_rule_registry_client/types.ts",
"lineNumber": 42
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-server.ScopedRuleRegistryClient.search.$1",
"type": "Uncategorized",
"tags": [],
"label": "request",
"description": [],
"signature": [
"TSearchRequest"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/create_scoped_rule_registry_client/types.ts",
"lineNumber": 43
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-server.ScopedRuleRegistryClient.getDynamicIndexPattern",
"type": "Function",
"tags": [],
"label": "getDynamicIndexPattern",
"description": [],
"signature": [
"() => Promise<{ title: string; timeFieldName: string; fields: ",
{
"pluginId": "data",
"scope": "server",
"docId": "kibDataIndexPatternsPluginApi",
"section": "def-server.FieldDescriptor",
"text": "FieldDescriptor"
},
"[]; }>"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/create_scoped_rule_registry_client/types.ts",
"lineNumber": 48
},
"deprecated": false,
"children": [],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-server.ScopedRuleRegistryClient.index",
"type": "Function",
"tags": [],
"label": "index",
"description": [],
"signature": [
"(doc: Pick<OutputOf<",
"Optional",
"<TFieldMap, { [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap]>>, Exclude<{ [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap], \"rule.uuid\" | \"rule.id\" | \"rule.name\" | \"rule.category\" | \"kibana.rac.producer\"> | Exclude<",
"SetDifference",
"<keyof TFieldMap, { [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap]>, \"rule.uuid\" | \"rule.id\" | \"rule.name\" | \"rule.category\" | \"kibana.rac.producer\">>) => void"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/create_scoped_rule_registry_client/types.ts",
"lineNumber": 53
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-server.ScopedRuleRegistryClient.index.$1",
"type": "Object",
"tags": [],
"label": "doc",
"description": [],
"signature": [
"Pick<OutputOf<",
"Optional",
"<TFieldMap, { [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap]>>, Exclude<{ [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap], \"rule.uuid\" | \"rule.id\" | \"rule.name\" | \"rule.category\" | \"kibana.rac.producer\"> | Exclude<",
"SetDifference",
"<keyof TFieldMap, { [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap]>, \"rule.uuid\" | \"rule.id\" | \"rule.name\" | \"rule.category\" | \"kibana.rac.producer\">>"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/create_scoped_rule_registry_client/types.ts",
"lineNumber": 53
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
},
{
"parentPluginId": "ruleRegistry",
"id": "def-server.ScopedRuleRegistryClient.bulkIndex",
"type": "Function",
"tags": [],
"label": "bulkIndex",
"description": [],
"signature": [
"(doc: Pick<OutputOf<",
"Optional",
"<TFieldMap, { [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap]>>, Exclude<{ [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap], \"rule.uuid\" | \"rule.id\" | \"rule.name\" | \"rule.category\" | \"kibana.rac.producer\"> | Exclude<",
"SetDifference",
"<keyof TFieldMap, { [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap]>, \"rule.uuid\" | \"rule.id\" | \"rule.name\" | \"rule.category\" | \"kibana.rac.producer\">>[]) => Promise<void>"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/create_scoped_rule_registry_client/types.ts",
"lineNumber": 54
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-server.ScopedRuleRegistryClient.bulkIndex.$1",
"type": "Array",
"tags": [],
"label": "doc",
"description": [],
"signature": [
"Pick<OutputOf<",
"Optional",
"<TFieldMap, { [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap]>>, Exclude<{ [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap], \"rule.uuid\" | \"rule.id\" | \"rule.name\" | \"rule.category\" | \"kibana.rac.producer\"> | Exclude<",
"SetDifference",
"<keyof TFieldMap, { [key in keyof TFieldMap]: TFieldMap[key][\"required\"] extends true ? never : key; }[keyof TFieldMap]>, \"rule.uuid\" | \"rule.id\" | \"rule.name\" | \"rule.category\" | \"kibana.rac.producer\">>[]"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/rule_registry/create_scoped_rule_registry_client/types.ts",
"lineNumber": 55
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": []
}
],
"initialIsOpen": false
}
],
"enums": [],
"misc": [
{
"parentPluginId": "ruleRegistry",
"id": "def-server.FieldMapOf",
"type": "Type",
"tags": [],
"label": "FieldMapOf",
"description": [],
"signature": [
"TRuleRegistry extends RuleRegistry<infer TFieldMap> ? TFieldMap : never"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/types.ts",
"lineNumber": 98
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-server.RuleRegistryConfig",
"type": "Type",
"tags": [],
"label": "RuleRegistryConfig",
"description": [],
"signature": [
"{ readonly enabled: boolean; readonly unsafe: Readonly<{} & { write: Readonly<{} & { enabled: boolean; }>; }>; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/index.ts",
"lineNumber": 26
},
"deprecated": false,
"initialIsOpen": false
}
],
"objects": [],
"setup": {
"parentPluginId": "ruleRegistry",
"id": "def-server.RuleRegistryPluginSetupContract",
"type": "Type",
"tags": [],
"label": "RuleRegistryPluginSetupContract",
"description": [],
"signature": [
"RuleRegistry<{ readonly 'kibana.rac.producer': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.uuid': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.id': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.start': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.end': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.duration.us': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.severity.level': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.severity.value': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.status': { readonly type: \"keyword\"; }; readonly '@timestamp': { readonly type: \"date\"; readonly array: false; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.kind': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.action': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.uuid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.category': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }>"
],
"source": {
"path": "x-pack/plugins/rule_registry/server/plugin.ts",
"lineNumber": 15
},
"deprecated": false,
"lifecycle": "setup",
"initialIsOpen": true
}
},
"common": {
"classes": [],
"functions": [
{
"parentPluginId": "ruleRegistry",
"id": "def-common.mergeFieldMaps",
"type": "Function",
"tags": [],
"label": "mergeFieldMaps",
"description": [],
"signature": [
"(first: T1, second: T2) => T1 & T2"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/merge_field_maps.ts",
"lineNumber": 9
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-common.mergeFieldMaps.$1",
"type": "Uncategorized",
"tags": [],
"label": "first",
"description": [],
"signature": [
"T1"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/merge_field_maps.ts",
"lineNumber": 10
},
"deprecated": false,
"isRequired": true
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.mergeFieldMaps.$2",
"type": "Uncategorized",
"tags": [],
"label": "second",
"description": [],
"signature": [
"T2"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/merge_field_maps.ts",
"lineNumber": 11
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": [],
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.pickWithPatterns",
"type": "Function",
"tags": [],
"label": "pickWithPatterns",
"description": [],
"signature": [
"(map: T, patterns: TPatterns) => Pick<{ [TFieldName in keyof T]: ",
"SetIntersection",
"<",
"ValuesType",
"<TPatterns>, PatternMapOf<T>[TFieldName]> extends never ? never : T[TFieldName]; }, { [Key in keyof { [TFieldName in keyof T]: ",
"SetIntersection",
"<",
"ValuesType",
"<TPatterns>, PatternMapOf<T>[TFieldName]> extends never ? never : T[TFieldName]; }]-?: [{ [TFieldName in keyof T]: ",
"SetIntersection"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/pick_with_patterns/index.ts",
"lineNumber": 39
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-common.pickWithPatterns.$1",
"type": "Uncategorized",
"tags": [],
"label": "map",
"description": [],
"signature": [
"T"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/pick_with_patterns/index.ts",
"lineNumber": 42
},
"deprecated": false,
"isRequired": true
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.pickWithPatterns.$2",
"type": "Uncategorized",
"tags": [],
"label": "patterns",
"description": [],
"signature": [
"TPatterns"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/pick_with_patterns/index.ts",
"lineNumber": 42
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": [],
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.runtimeTypeFromFieldMap",
"type": "Function",
"tags": [],
"label": "runtimeTypeFromFieldMap",
"description": [],
"signature": [
"(fieldMap: TFieldMap) => ",
{
"pluginId": "ruleRegistry",
"scope": "common",
"docId": "kibRuleRegistryPluginApi",
"section": "def-common.FieldMapType",
"text": "FieldMapType"
},
"<TFieldMap>"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/runtime_type_from_fieldmap.ts",
"lineNumber": 85
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-common.runtimeTypeFromFieldMap.$1",
"type": "Uncategorized",
"tags": [],
"label": "fieldMap",
"description": [],
"signature": [
"TFieldMap"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/runtime_type_from_fieldmap.ts",
"lineNumber": 86
},
"deprecated": false,
"isRequired": true
}
],
"returnComment": [],
"initialIsOpen": false
}
],
"interfaces": [
{
"parentPluginId": "ruleRegistry",
"id": "def-common.FieldMap",
"type": "Interface",
"tags": [],
"label": "FieldMap",
"description": [],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/types.ts",
"lineNumber": 8
},
"deprecated": false,
"children": [
{
"parentPluginId": "ruleRegistry",
"id": "def-common.FieldMap.Unnamed",
"type": "Any",
"tags": [],
"label": "Unnamed",
"description": [],
"signature": [
"any"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/types.ts",
"lineNumber": 9
},
"deprecated": false
}
],
"initialIsOpen": false
}
],
"enums": [],
"misc": [
{
"parentPluginId": "ruleRegistry",
"id": "def-common.BaseRuleFieldMap",
"type": "Type",
"tags": [],
"label": "BaseRuleFieldMap",
"description": [],
"signature": [
"{ readonly 'kibana.rac.producer': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.uuid': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.id': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.start': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.end': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.duration.us': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.severity.level': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.severity.value': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.status': { readonly type: \"keyword\"; }; readonly '@timestamp': { readonly type: \"date\"; readonly array: false; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.kind': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.action': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.uuid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.category': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/base_rule_field_map.ts",
"lineNumber": 33
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.EcsFieldMap",
"type": "Type",
"tags": [],
"label": "EcsFieldMap",
"description": [],
"signature": [
"{ readonly '@timestamp': { readonly type: \"date\"; readonly array: false; readonly required: true; }; readonly 'agent.build.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.ephemeral_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.address': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.as.number': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.as.organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'client.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'client.mac': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.nat.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'client.nat.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'cloud.account.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.account.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.availability_zone': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.instance.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.instance.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.machine.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.project.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.project.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.provider': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.region': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'container.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'container.image.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'container.image.tag': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'container.labels': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'container.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'container.runtime': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.address': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.as.number': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.as.organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'destination.mac': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.nat.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'destination.nat.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'dll.code_signature.exists': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'dll.code_signature.status': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.code_signature.subject_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.code_signature.trusted': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'dll.code_signature.valid': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'dll.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.hash.sha512': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.company': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.file_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.imphash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.original_file_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.answers': { readonly type: \"object\"; readonly array: true; readonly required: false; }; readonly 'dns.answers.class': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.answers.data': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.answers.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.answers.ttl': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'dns.answers.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.header_flags': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'dns.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.op_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.class': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.resolved_ip': { readonly type: \"ip\"; readonly array: true; readonly required: false; }; readonly 'dns.response_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'ecs.version': { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly 'error.code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'error.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'error.message': { readonly type: \"text\"; readonly array: false; readonly required: false; }; readonly 'error.stack_trace': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'error.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.action': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.category': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.created': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'event.dataset': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.duration': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'event.end': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'event.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.ingested': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'event.kind': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.module': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.outcome': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.provider': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.reason': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.reference': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.risk_score': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'event.risk_score_norm': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'event.sequence': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'event.severity': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'event.start': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'event.timezone': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.type': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.url': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.accessed': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.attributes': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.code_signature.exists': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'file.code_signature.status': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.code_signature.subject_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.code_signature.trusted': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'file.code_signature.valid': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'file.created': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.ctime': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.device': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.directory': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.drive_letter': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.extension': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.gid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.group': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.hash.sha512': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.inode': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.mime_type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.mode': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.mtime': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.owner': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.company': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.file_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.imphash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.original_file_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'file.target_path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.uid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.alternative_names': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.issuer.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.x509.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.x509.public_key_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.public_key_curve': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.public_key_exponent': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'file.x509.public_key_size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'file.x509.serial_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.signature_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.subject.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.subject.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.version_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'host.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.hostname': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.ip': { readonly type: \"ip\"; readonly array: true; readonly required: false; }; readonly 'host.mac': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'host.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.family': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.full': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.kernel': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.platform': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.uptime': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'host.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'http.request.body.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.request.body.content': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.request.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.request.method': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.request.mime_type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.request.referrer': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.response.body.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.response.body.content': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.response.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.response.mime_type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.response.status_code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly labels: { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'log.file.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.level': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.logger': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.origin.file.line': { readonly type: \"integer\"; readonly array: false; readonly required: false; }; readonly 'log.origin.file.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.origin.function': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.syslog': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.facility.code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.facility.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.priority': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.severity.code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.severity.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly message: { readonly type: \"text\"; readonly array: false; readonly required: false; }; readonly 'network.application': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'network.community_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.direction': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.forwarded_ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'network.iana_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.inner': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'network.inner.vlan.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.inner.vlan.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'network.protocol': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.transport': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.vlan.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.vlan.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.interface.alias': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.interface.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.interface.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.vlan.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.vlan.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.zone': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.hostname': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.interface.alias': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.interface.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.interface.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.vlan.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.vlan.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.zone': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ip': { readonly type: \"ip\"; readonly array: true; readonly required: false; }; readonly 'observer.mac': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'observer.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.family': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.full': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.kernel': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.platform': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.serial_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.vendor': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'organization.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.build_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.checksum': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.install_scope': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.installed': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'package.license': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.reference': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'package.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.args': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'process.args_count': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.exists': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.status': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.subject_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.trusted': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.valid': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.command_line': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.entity_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.executable': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.exit_code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.hash.sha512': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.args': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'process.parent.args_count': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.exists': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.status': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.subject_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.trusted': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.valid': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.parent.command_line': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.entity_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.executable': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.exit_code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.hash.sha512': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.company': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.file_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.imphash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.original_file_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pgid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.ppid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.start': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'process.parent.thread.id': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.thread.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.title': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.uptime': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.working_directory': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.company': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.file_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.imphash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.original_file_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pgid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.pid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.ppid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.start': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'process.thread.id': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.thread.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.title': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.uptime': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.working_directory': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.data.bytes': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.data.strings': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'registry.data.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.hive': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.key': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.value': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'related.hash': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'related.hosts': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'related.ip': { readonly type: \"ip\"; readonly array: true; readonly required: false; }; readonly 'related.user': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'rule.author': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'rule.category': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.license': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.reference': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.ruleset': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.uuid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.address': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.as.number': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.as.organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'server.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'server.mac': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.nat.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'server.nat.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'service.ephemeral_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.node.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.state': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.address': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.as.number': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.as.organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'source.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'source.mac': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.nat.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'source.nat.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'span.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.framework': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'threat.tactic.id': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.tactic.name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.tactic.reference': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.id': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.reference': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.subtechnique.id': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.subtechnique.name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.subtechnique.reference': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.cipher': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.certificate': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.certificate_chain': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.issuer': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.ja3': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.client.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.client.server_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.subject': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.supported_ciphers': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.alternative_names': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.issuer.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.public_key_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.public_key_curve': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.public_key_exponent': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.public_key_size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.serial_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.signature_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.subject.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.subject.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.version_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.curve': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.established': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'tls.next_protocol': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.resumed': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'tls.server.certificate': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.certificate_chain': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.issuer': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.ja3s': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.server.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.server.subject': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.alternative_names': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.issuer.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.public_key_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.public_key_curve': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.public_key_exponent': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.public_key_size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.serial_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.signature_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.subject.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.subject.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.version_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.version_protocol': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'trace.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'transaction.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.extension': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.fragment': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.full': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.password': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'url.query': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.scheme': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.username': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'user.target.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'user_agent.device.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.family': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.full': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.kernel': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.platform': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.category': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'vulnerability.classification': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.enumeration': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.reference': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.report_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.scanner.vendor': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.score.base': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.score.environmental': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.score.temporal': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.score.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.severity': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/ecs_field_map.ts",
"lineNumber": 3380
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.FieldMapType",
"type": "Type",
"tags": [],
"label": "FieldMapType",
"description": [],
"signature": [
"t.Type<TypeOf<Optional<T, { [key in keyof T]: T[key][\"required\"] extends true ? never : key; }[keyof T]>>, OutputOf<Optional<T, { [key in keyof T]: T[key][\"required\"] extends true ? never : key; }[keyof T]>>, unknown>"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/runtime_type_from_fieldmap.ts",
"lineNumber": 83
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.OutputOfFieldMap",
"type": "Type",
"tags": [],
"label": "OutputOfFieldMap",
"description": [],
"signature": [
"{ [key in keyof Optional<T, { [key in keyof T]: T[key][\"required\"] extends true ? never : key; }[keyof T]>]: OutputOfField<Exclude<Optional<T, { [key in keyof T]: T[key][\"required\"] extends true ? never : key; }[keyof T]>[key], undefined>>; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/runtime_type_from_fieldmap.ts",
"lineNumber": 81
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.PatternsUnionOf",
"type": "Type",
"tags": [],
"label": "PatternsUnionOf",
"description": [],
"signature": [
"\"*\" | ",
"ValuesType",
"<PatternMapOf<T>>"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/pick_with_patterns/index.ts",
"lineNumber": 37
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.PickWithPatterns",
"type": "Type",
"tags": [],
"label": "PickWithPatterns",
"description": [],
"signature": [
"{ [P in { [Key in keyof { [TFieldName in keyof T]: SetIntersection<ValuesType<TPatterns>, PatternMapOf<T>[TFieldName]> extends never ? never : T[TFieldName]; }]-?: [{ [TFieldName in keyof T]: SetIntersection<ValuesType<TPatterns>, PatternMapOf<T>[TFieldName]> extends never ? never : T[TFieldName]; }[Key]] extends [never] ? never : Key; }[keyof T]]: { [TFieldName in keyof T]: SetIntersection<ValuesType<TPatterns>, PatternMapOf<T>[TFieldName]> extends never ? never : T[TFieldName]; }[P]; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/pick_with_patterns/index.ts",
"lineNumber": 22
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.TypeOfFieldMap",
"type": "Type",
"tags": [],
"label": "TypeOfFieldMap",
"description": [],
"signature": [
"{ [key in keyof Optional<T, { [key in keyof T]: T[key][\"required\"] extends true ? never : key; }[keyof T]>]: TypeOfField<Exclude<Optional<T, { [key in keyof T]: T[key][\"required\"] extends true ? never : key; }[keyof T]>[key], undefined>>; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/runtime_type_from_fieldmap.ts",
"lineNumber": 80
},
"deprecated": false,
"initialIsOpen": false
}
],
"objects": [
{
"parentPluginId": "ruleRegistry",
"id": "def-common.baseRuleFieldMap",
"type": "Object",
"tags": [],
"label": "baseRuleFieldMap",
"description": [],
"signature": [
"{ readonly 'kibana.rac.producer': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.uuid': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.id': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.start': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.end': { readonly type: \"date\"; }; readonly 'kibana.rac.alert.duration.us': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.severity.level': { readonly type: \"keyword\"; }; readonly 'kibana.rac.alert.severity.value': { readonly type: \"long\"; }; readonly 'kibana.rac.alert.status': { readonly type: \"keyword\"; }; readonly '@timestamp': { readonly type: \"date\"; readonly array: false; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.kind': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.action': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.uuid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.category': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/base_rule_field_map.ts",
"lineNumber": 10
},
"deprecated": false,
"initialIsOpen": false
},
{
"parentPluginId": "ruleRegistry",
"id": "def-common.ecsFieldMap",
"type": "Object",
"tags": [],
"label": "ecsFieldMap",
"description": [],
"signature": [
"{ readonly '@timestamp': { readonly type: \"date\"; readonly array: false; readonly required: true; }; readonly 'agent.build.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.ephemeral_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'agent.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.address': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.as.number': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.as.organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'client.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'client.mac': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.nat.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'client.nat.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'client.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'client.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'cloud.account.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.account.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.availability_zone': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.instance.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.instance.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.machine.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.project.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.project.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.provider': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'cloud.region': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'container.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'container.image.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'container.image.tag': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'container.labels': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'container.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'container.runtime': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.address': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.as.number': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.as.organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'destination.mac': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.nat.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'destination.nat.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'destination.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'destination.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'dll.code_signature.exists': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'dll.code_signature.status': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.code_signature.subject_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.code_signature.trusted': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'dll.code_signature.valid': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'dll.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.hash.sha512': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.company': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.file_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.imphash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.original_file_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dll.pe.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.answers': { readonly type: \"object\"; readonly array: true; readonly required: false; }; readonly 'dns.answers.class': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.answers.data': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.answers.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.answers.ttl': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'dns.answers.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.header_flags': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'dns.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.op_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.class': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.question.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.resolved_ip': { readonly type: \"ip\"; readonly array: true; readonly required: false; }; readonly 'dns.response_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'dns.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'ecs.version': { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly 'error.code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'error.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'error.message': { readonly type: \"text\"; readonly array: false; readonly required: false; }; readonly 'error.stack_trace': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'error.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.action': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.category': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.created': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'event.dataset': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.duration': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'event.end': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'event.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.ingested': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'event.kind': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.module': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.outcome': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.provider': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.reason': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.reference': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.risk_score': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'event.risk_score_norm': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'event.sequence': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'event.severity': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'event.start': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'event.timezone': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'event.type': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'event.url': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.accessed': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.attributes': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.code_signature.exists': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'file.code_signature.status': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.code_signature.subject_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.code_signature.trusted': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'file.code_signature.valid': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'file.created': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.ctime': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.device': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.directory': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.drive_letter': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.extension': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.gid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.group': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.hash.sha512': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.inode': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.mime_type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.mode': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.mtime': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.owner': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.company': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.file_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.imphash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.original_file_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.pe.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'file.target_path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.uid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.alternative_names': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.issuer.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.issuer.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.x509.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'file.x509.public_key_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.public_key_curve': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.public_key_exponent': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'file.x509.public_key_size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'file.x509.serial_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.signature_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.subject.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'file.x509.subject.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.subject.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'file.x509.version_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'host.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.hostname': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.ip': { readonly type: \"ip\"; readonly array: true; readonly required: false; }; readonly 'host.mac': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'host.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.family': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.full': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.kernel': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.platform': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.os.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.uptime': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'host.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'host.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'http.request.body.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.request.body.content': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.request.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.request.method': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.request.mime_type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.request.referrer': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.response.body.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.response.body.content': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.response.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.response.mime_type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'http.response.status_code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'http.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly labels: { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'log.file.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.level': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.logger': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.origin.file.line': { readonly type: \"integer\"; readonly array: false; readonly required: false; }; readonly 'log.origin.file.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.origin.function': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.syslog': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.facility.code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.facility.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.priority': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.severity.code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'log.syslog.severity.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly message: { readonly type: \"text\"; readonly array: false; readonly required: false; }; readonly 'network.application': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'network.community_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.direction': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.forwarded_ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'network.iana_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.inner': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'network.inner.vlan.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.inner.vlan.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'network.protocol': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.transport': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.vlan.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'network.vlan.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.interface.alias': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.interface.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.interface.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.vlan.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.vlan.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.egress.zone': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.hostname': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress': { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.interface.alias': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.interface.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.interface.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.vlan.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.vlan.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ingress.zone': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.ip': { readonly type: \"ip\"; readonly array: true; readonly required: false; }; readonly 'observer.mac': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'observer.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.family': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.full': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.kernel': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.platform': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.os.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.serial_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.vendor': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'observer.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'organization.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.build_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.checksum': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.install_scope': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.installed': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'package.license': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.reference': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'package.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'package.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.args': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'process.args_count': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.exists': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.status': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.subject_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.trusted': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.code_signature.valid': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.command_line': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.entity_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.executable': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.exit_code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.hash.sha512': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.args': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'process.parent.args_count': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.exists': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.status': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.subject_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.trusted': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.parent.code_signature.valid': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'process.parent.command_line': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.entity_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.executable': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.exit_code': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.hash.sha512': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.company': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.file_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.imphash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.original_file_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pe.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pgid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.pid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.ppid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.start': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'process.parent.thread.id': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.thread.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.title': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.parent.uptime': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.parent.working_directory': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.architecture': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.company': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.file_version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.imphash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.original_file_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pe.product': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.pgid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.pid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.ppid': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.start': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'process.thread.id': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.thread.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.title': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'process.uptime': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'process.working_directory': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.data.bytes': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.data.strings': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'registry.data.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.hive': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.key': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'registry.value': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'related.hash': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'related.hosts': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'related.ip': { readonly type: \"ip\"; readonly array: true; readonly required: false; }; readonly 'related.user': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'rule.author': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'rule.category': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.license': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.reference': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.ruleset': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.uuid': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'rule.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.address': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.as.number': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.as.organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'server.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'server.mac': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.nat.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'server.nat.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'server.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'server.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'service.ephemeral_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.node.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.state': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'service.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.address': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.as.number': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.as.organization.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.bytes': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.city_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.continent_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.country_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.country_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.location': { readonly type: \"geo_point\"; readonly array: false; readonly required: false; }; readonly 'source.geo.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.region_iso_code': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.geo.region_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'source.mac': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.nat.ip': { readonly type: \"ip\"; readonly array: false; readonly required: false; }; readonly 'source.nat.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.packets': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'source.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'source.user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'span.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.framework': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'threat.tactic.id': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.tactic.name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.tactic.reference': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.id': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.reference': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.subtechnique.id': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.subtechnique.name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'threat.technique.subtechnique.reference': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.cipher': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.certificate': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.certificate_chain': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.issuer': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.ja3': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.client.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.client.server_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.subject': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.supported_ciphers': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.alternative_names': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.issuer.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.issuer.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.public_key_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.public_key_curve': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.public_key_exponent': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.public_key_size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.serial_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.signature_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.subject.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.client.x509.subject.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.subject.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.client.x509.version_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.curve': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.established': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'tls.next_protocol': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.resumed': { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly 'tls.server.certificate': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.certificate_chain': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.hash.md5': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.hash.sha1': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.hash.sha256': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.issuer': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.ja3s': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.server.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.server.subject': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.alternative_names': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.issuer.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.issuer.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.not_after': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.not_before': { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.public_key_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.public_key_curve': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.public_key_exponent': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.public_key_size': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.serial_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.signature_algorithm': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.subject.common_name': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.country': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.distinguished_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.server.x509.subject.locality': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.organization': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.organizational_unit': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.subject.state_or_province': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'tls.server.x509.version_number': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'tls.version_protocol': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'trace.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'transaction.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.extension': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.fragment': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.full': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.password': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.path': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.port': { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly 'url.query': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.registered_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.scheme': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.subdomain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.top_level_domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'url.username': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.changes.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'user.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.effective.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'user.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'user.target.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.email': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.full_name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.group.domain': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.group.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.group.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.hash': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user.target.roles': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'user_agent.device.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.original': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.family': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.full': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.kernel': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.name': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.platform': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.type': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.os.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'user_agent.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.category': { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly 'vulnerability.classification': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.description': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.enumeration': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.reference': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.report_id': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.scanner.vendor': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.score.base': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.score.environmental': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.score.temporal': { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.score.version': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly 'vulnerability.severity': { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }"
],
"source": {
"path": "x-pack/plugins/rule_registry/common/field_map/ecs_field_map.ts",
"lineNumber": 12
},
"deprecated": false,
"initialIsOpen": false
}
]
}
}
Reference in a new issue View git blame Copy permalink