{ "order": 0, "index_patterns": "mozdefstate", "settings": { "number_of_shards": 1, "number_of_replicas": 0 }, "mappings": { "_doc": { "dynamic_templates": [ { "string_fields": { "match": "*", "match_mapping_type": "string", "mapping": { "type": "keyword" } } } ], "properties": { "category": { "type": "keyword" }, "details": { "properties": { "counts": { "properties": { "AUDIT_FAILURE": { "type": "keyword" }, "AUDIT_SUCCESS": { "type": "keyword" }, "AwsApiCall": { "type": "keyword" }, "AwsServiceEvent": { "type": "keyword" }, "ERROR": { "type": "keyword" }, "General": { "type": "keyword" }, "INFO": { "type": "keyword" }, "Provider Lifecycle": { "type": "keyword" }, "UNKNOWN": { "type": "keyword" }, "VERBOSE": { "type": "keyword" }, "WARNING": { "type": "keyword" }, "allowedEmailDomains": { "properties": { "refresh": { "type": "keyword" } } }, "allowedIPs": { "properties": { "refresh": { "type": "keyword" }, "validate": { "properties": { "err": { "type": "keyword" } } } } }, "allowedPhoneNumbers": { "properties": { "refresh": { "type": "keyword" } } }, "audit": { "type": "keyword" }, "auditd": { "type": "keyword" }, "bro": { "type": "keyword" }, "chmod": { "type": "keyword" }, "event": { "type": "keyword" }, "execve": { "type": "keyword" }, "squid": { "type": "keyword" }, "fetchIPReputation": { "type": "keyword" }, "Guest Library API": { "type": "keyword" }, "fxa": { "properties": { "customs": { "properties": { "blocklist": { "properties": { "check": { "type": "keyword" }, "hit": { "type": "keyword" } } } } } } }, "fxa:request": { "properties": { "check": { "properties": { "block": { "properties": { "accountCreate": { "properties": { "sendViolation": { "type": "keyword" } } }, "accountLogin": { "properties": { "sendViolation": { "type": "keyword" } } }, "passwordForgotSendCode": { "properties": { "sendViolation": { "type": "keyword" } } }, "sendUnblockCode": { "properties": { "sendViolation": { "type": "keyword" } } } } } } } } }, "limits": { "properties": { "refresh": { "type": "keyword" }, "validate": { "properties": { "err": { "type": "keyword" } } } } }, "request": { "properties": { "check": { "type": "keyword" }, "checkAuthenticated": { "type": "keyword" }, "checkIpOnly": { "type": "keyword" }, "failedLoginAttempt": { "type": "keyword" }, "passwordReset": { "type": "keyword" } } }, "requestChecks": { "properties": { "refresh": { "type": "keyword" } } }, "suricata_event_log": { "type": "keyword" }, "syslog": { "type": "keyword" }, "write": { "type": "keyword" } } } } }, "loadaverage": { "type": "float" }, "username": { "type": "keyword" }, "hostname": { "type": "keyword" }, "mozdefhostname": { "type": "keyword" }, "processid": { "type": "keyword" }, "processname": { "type": "keyword" }, "receivedtimestamp": { "type": "date", "format": "dateOptionalTime" }, "severity": { "type": "keyword" }, "source": { "type": "keyword" }, "tags": { "type": "keyword" }, "timestamp": { "type": "date" }, "utctimestamp": { "type": "date", "format": "dateOptionalTime" }, "queues": { "properties": { "deliver_eps": { "type": "float" }, "messages_ready": { "type": "long" }, "messages_unacknowledged": { "type": "long" }, "publish_eps": { "type": "float" }, "messages_inflight": { "type": "long" }, "messages_delayed": { "type": "long" }, "queue": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "vhost": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "total_deliver_eps": { "type": "float" }, "total_feeds": { "type": "long" }, "total_messages_ready": { "type": "long" }, "total_publish_eps": { "type": "float" }, "summary": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }