custom_subsets/elastic_endpoint/network/network.yaml (211 lines of code) (raw):
---
name: network
fields:
base:
fields:
"@timestamp": {}
message: {}
data_stream:
fields: "*"
ecs:
fields:
version: {}
host:
fields:
architecture: {}
domain: {}
hostname: {}
id: {}
ip: {}
mac: {}
name: {}
type: {}
uptime: {}
os:
fields:
family: {}
full: {}
kernel: {}
platform: {}
version: {}
name: {}
type: {}
Ext:
fields:
variant: {}
event:
fields:
action: {}
category: {}
created: {}
code: {}
dataset: {}
hash: {}
id: {}
ingested: {}
kind: {}
module: {}
outcome: {}
provider: {}
sequence: {}
severity: {}
type: {}
agent:
fields:
version: {}
type: {}
id: {}
group:
fields:
domain: {}
id: {}
name: {}
Ext:
fields:
real:
fields:
id: {}
name: {}
user:
fields:
domain: {}
email: {}
full_name: {}
hash: {}
id: {}
name: {}
group:
fields:
domain: {}
id: {}
name: {}
Ext:
fields:
real:
fields:
id: {}
name: {}
Ext:
fields:
real:
fields:
id: {}
name: {}
process:
fields:
pid: {}
name: {}
executable: {}
entity_id: {}
parent:
fields:
entity_id: {}
group_leader:
fields:
entity_id: {}
entry_leader:
fields:
entity_id: {}
parent:
fields:
entity_id: {}
session_leader:
fields:
entity_id: {}
group_leader:
fields:
entity_id: {}
code_signature:
fields:
exists: {}
signing_id: {}
status: {}
subject_name: {}
team_id: {}
trusted: {}
valid: {}
thread:
fields:
id: {}
Ext:
fields:
ancestry: {}
code_signature:
fields:
exists: {}
status: {}
subject_name: {}
trusted: {}
valid: {}
network:
fields:
type: {}
iana_number: {}
transport: {}
protocol: {}
direction: {}
community_id: {}
bytes: {}
packets: {}
source:
fields:
geo:
fields: "*"
address: {}
as:
fields: "*"
ip: {}
port: {}
domain: {}
registered_domain: {}
top_level_domain: {}
bytes: {}
packets: {}
destination:
fields:
geo:
fields: "*"
address: {}
as:
fields: "*"
ip: {}
port: {}
domain: {}
registered_domain: {}
top_level_domain: {}
bytes: {}
packets: {}
http:
fields:
response:
fields:
status_code: {}
body:
fields:
content: {}
bytes: {}
bytes: {}
Ext:
fields:
version: {}
request:
fields:
body:
fields:
content: {}
bytes: {}
bytes: {}
dns:
fields:
question:
fields:
name: {}
type: {}
registered_domain: {}
top_level_domain: {}
subdomain: {}
resolved_ip: {}
Ext:
fields:
status: {}
options: {}