| { | |
| "order": 0, | |
| "index_patterns": "mozdefstate", | |
| "settings": { | |
| "number_of_shards": 1, | |
| "number_of_replicas": 0 | |
| }, | |
| "mappings": { | |
| "_doc": { | |
| "dynamic_templates": [ | |
| { | |
| "string_fields": { | |
| "match": "*", | |
| "match_mapping_type": "string", | |
| "mapping": { | |
| "type": "keyword" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "category": { | |
| "type": "keyword" | |
| }, | |
| "details": { | |
| "properties": { | |
| "counts": { | |
| "properties": { | |
| "AUDIT_FAILURE": { | |
| "type": "keyword" | |
| }, | |
| "AUDIT_SUCCESS": { | |
| "type": "keyword" | |
| }, | |
| "AwsApiCall": { | |
| "type": "keyword" | |
| }, | |
| "AwsServiceEvent": { | |
| "type": "keyword" | |
| }, | |
| "ERROR": { | |
| "type": "keyword" | |
| }, | |
| "General": { | |
| "type": "keyword" | |
| }, | |
| "INFO": { | |
| "type": "keyword" | |
| }, | |
| "Provider Lifecycle": { | |
| "type": "keyword" | |
| }, | |
| "UNKNOWN": { | |
| "type": "keyword" | |
| }, | |
| "VERBOSE": { | |
| "type": "keyword" | |
| }, | |
| "WARNING": { | |
| "type": "keyword" | |
| }, | |
| "allowedEmailDomains": { | |
| "properties": { | |
| "refresh": { | |
| "type": "keyword" | |
| } | |
| } | |
| }, | |
| "allowedIPs": { | |
| "properties": { | |
| "refresh": { | |
| "type": "keyword" | |
| }, | |
| "validate": { | |
| "properties": { | |
| "err": { | |
| "type": "keyword" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "allowedPhoneNumbers": { | |
| "properties": { | |
| "refresh": { | |
| "type": "keyword" | |
| } | |
| } | |
| }, | |
| "audit": { | |
| "type": "keyword" | |
| }, | |
| "auditd": { | |
| "type": "keyword" | |
| }, | |
| "bro": { | |
| "type": "keyword" | |
| }, | |
| "chmod": { | |
| "type": "keyword" | |
| }, | |
| "event": { | |
| "type": "keyword" | |
| }, | |
| "execve": { | |
| "type": "keyword" | |
| }, | |
| "squid": { | |
| "type": "keyword" | |
| }, | |
| "fetchIPReputation": { | |
| "type": "keyword" | |
| }, | |
| "Guest Library API": { | |
| "type": "keyword" | |
| }, | |
| "fxa": { | |
| "properties": { | |
| "customs": { | |
| "properties": { | |
| "blocklist": { | |
| "properties": { | |
| "check": { | |
| "type": "keyword" | |
| }, | |
| "hit": { | |
| "type": "keyword" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "fxa:request": { | |
| "properties": { | |
| "check": { | |
| "properties": { | |
| "block": { | |
| "properties": { | |
| "accountCreate": { | |
| "properties": { | |
| "sendViolation": { | |
| "type": "keyword" | |
| } | |
| } | |
| }, | |
| "accountLogin": { | |
| "properties": { | |
| "sendViolation": { | |
| "type": "keyword" | |
| } | |
| } | |
| }, | |
| "passwordForgotSendCode": { | |
| "properties": { | |
| "sendViolation": { | |
| "type": "keyword" | |
| } | |
| } | |
| }, | |
| "sendUnblockCode": { | |
| "properties": { | |
| "sendViolation": { | |
| "type": "keyword" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "limits": { | |
| "properties": { | |
| "refresh": { | |
| "type": "keyword" | |
| }, | |
| "validate": { | |
| "properties": { | |
| "err": { | |
| "type": "keyword" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "request": { | |
| "properties": { | |
| "check": { | |
| "type": "keyword" | |
| }, | |
| "checkAuthenticated": { | |
| "type": "keyword" | |
| }, | |
| "checkIpOnly": { | |
| "type": "keyword" | |
| }, | |
| "failedLoginAttempt": { | |
| "type": "keyword" | |
| }, | |
| "passwordReset": { | |
| "type": "keyword" | |
| } | |
| } | |
| }, | |
| "requestChecks": { | |
| "properties": { | |
| "refresh": { | |
| "type": "keyword" | |
| } | |
| } | |
| }, | |
| "suricata_event_log": { | |
| "type": "keyword" | |
| }, | |
| "syslog": { | |
| "type": "keyword" | |
| }, | |
| "write": { | |
| "type": "keyword" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "loadaverage": { | |
| "type": "float" | |
| }, | |
| "username": { | |
| "type": "keyword" | |
| }, | |
| "hostname": { | |
| "type": "keyword" | |
| }, | |
| "mozdefhostname": { | |
| "type": "keyword" | |
| }, | |
| "processid": { | |
| "type": "keyword" | |
| }, | |
| "processname": { | |
| "type": "keyword" | |
| }, | |
| "receivedtimestamp": { | |
| "type": "date", | |
| "format": "dateOptionalTime" | |
| }, | |
| "severity": { | |
| "type": "keyword" | |
| }, | |
| "source": { | |
| "type": "keyword" | |
| }, | |
| "tags": { | |
| "type": "keyword" | |
| }, | |
| "timestamp": { | |
| "type": "date" | |
| }, | |
| "utctimestamp": { | |
| "type": "date", | |
| "format": "dateOptionalTime" | |
| }, | |
| "queues": { | |
| "properties": { | |
| "deliver_eps": { | |
| "type": "float" | |
| }, | |
| "messages_ready": { | |
| "type": "long" | |
| }, | |
| "messages_unacknowledged": { | |
| "type": "long" | |
| }, | |
| "publish_eps": { | |
| "type": "float" | |
| }, | |
| "messages_inflight": { | |
| "type": "long" | |
| }, | |
| "messages_delayed": { | |
| "type": "long" | |
| }, | |
| "queue": { | |
| "type": "text", | |
| "fields": { | |
| "keyword": { | |
| "type": "keyword", | |
| "ignore_above": 256 | |
| } | |
| } | |
| }, | |
| "vhost": { | |
| "type": "text", | |
| "fields": { | |
| "keyword": { | |
| "type": "keyword", | |
| "ignore_above": 256 | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "total_deliver_eps": { | |
| "type": "float" | |
| }, | |
| "total_feeds": { | |
| "type": "long" | |
| }, | |
| "total_messages_ready": { | |
| "type": "long" | |
| }, | |
| "total_publish_eps": { | |
| "type": "float" | |
| }, | |
| "summary": { | |
| "type": "text", | |
| "fields": { | |
| "keyword": { | |
| "type": "keyword", | |
| "ignore_above": 256 | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |