custom_subsets/legacy/dns.yaml (93 lines of code) (raw):
---
name: dns
fields:
base:
fields:
"@timestamp": {}
labels: {}
message: {}
host:
fields:
os:
fields:
platform: {}
name: {}
version: {}
ip: {}
hostname: {}
name: {}
event:
fields:
id: {}
module: {}
dataset: {}
action: {}
kind: {}
category: {}
type: {}
agent:
fields:
version: {}
type: {}
id: {}
network:
fields:
transport: {}
protocol: {}
community_id: {}
bytes: {}
packets: {}
source:
fields:
address: {}
ip: {}
port: {}
bytes: {}
packets: {}
destination:
fields:
address: {}
ip: {}
port: {}
bytes: {}
packets: {}
dns:
fields:
question:
fields:
name: {}
type: {}
registered_domain: {}
resolved_ip: {}
endgame:
fields:
serial_event_id: {}
opcode: {}
event_type_full: {}
event_subtype_full: {}
timestamp: {}
timestamp_utc: {}
event_message: {}
unknown_properties: {}
pid: {}
process_path: {}
process_name: {}
unique_pid: {}
user_name: {}
user_domain: {}
user_sid: {}
tid: {}
real_user_name: {}
effective_user_name: {}
real_group_name: {}
effective_group_name: {}
real_uid: {}
effective_uid: {}
real_gid: {}
effective_gid: {}
query_name: {}
event_id: {}
query_type: {}
query_status: {}
query_options: {}
query_results: {}