mirror of
https://github.com/elastic/kibana.git
synced 2025-04-18 23:21:39 -04:00
875 lines
No EOL
525 KiB
JSON
875 lines
No EOL
525 KiB
JSON
{
|
|
"id": "fieldsMetadata",
|
|
"client": {
|
|
"classes": [],
|
|
"functions": [],
|
|
"interfaces": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-public.FieldsMetadataPublicSetupDeps",
|
|
"type": "Interface",
|
|
"tags": [],
|
|
"label": "FieldsMetadataPublicSetupDeps",
|
|
"description": [],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/public/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [],
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-public.FieldsMetadataPublicStartDeps",
|
|
"type": "Interface",
|
|
"tags": [],
|
|
"label": "FieldsMetadataPublicStartDeps",
|
|
"description": [],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/public/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [],
|
|
"initialIsOpen": false
|
|
}
|
|
],
|
|
"enums": [],
|
|
"misc": [],
|
|
"objects": [],
|
|
"setup": {
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-public.FieldsMetadataPublicSetup",
|
|
"type": "Interface",
|
|
"tags": [],
|
|
"label": "FieldsMetadataPublicSetup",
|
|
"description": [],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/public/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [],
|
|
"lifecycle": "setup",
|
|
"initialIsOpen": true
|
|
},
|
|
"start": {
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-public.FieldsMetadataPublicStart",
|
|
"type": "Interface",
|
|
"tags": [],
|
|
"label": "FieldsMetadataPublicStart",
|
|
"description": [],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/public/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-public.FieldsMetadataPublicStart.getClient",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "getClient",
|
|
"description": [],
|
|
"signature": [
|
|
"() => Promise<",
|
|
"IFieldsMetadataClient",
|
|
">"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/public/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"returnComment": [],
|
|
"children": []
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-public.FieldsMetadataPublicStart.useFieldsMetadata",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "useFieldsMetadata",
|
|
"description": [],
|
|
"signature": [
|
|
"(params?: ",
|
|
"FindFieldsMetadataRequestQuery",
|
|
" | undefined, deps?: React.DependencyList | undefined) => ",
|
|
"UseFieldsMetadataReturnType"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/public/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"returnComment": [],
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-public.FieldsMetadataPublicStart.useFieldsMetadata.$1",
|
|
"type": "CompoundType",
|
|
"tags": [],
|
|
"label": "params",
|
|
"description": [],
|
|
"signature": [
|
|
"FindFieldsMetadataRequestQuery",
|
|
" | undefined"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/public/hooks/use_fields_metadata/use_fields_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-public.FieldsMetadataPublicStart.useFieldsMetadata.$2",
|
|
"type": "Object",
|
|
"tags": [],
|
|
"label": "deps",
|
|
"description": [],
|
|
"signature": [
|
|
"React.DependencyList | undefined"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/public/hooks/use_fields_metadata/use_fields_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"lifecycle": "start",
|
|
"initialIsOpen": true
|
|
}
|
|
},
|
|
"server": {
|
|
"classes": [],
|
|
"functions": [],
|
|
"interfaces": [],
|
|
"enums": [],
|
|
"misc": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.DatasetName",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "DatasetName",
|
|
"description": [],
|
|
"signature": [
|
|
"string"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/services/fields_metadata/repositories/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.ExtractedDatasetFields",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "ExtractedDatasetFields",
|
|
"description": [],
|
|
"signature": [
|
|
"{ [x: string]: { name: string; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/services/fields_metadata/repositories/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.ExtractedIntegrationFields",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "ExtractedIntegrationFields",
|
|
"description": [],
|
|
"signature": [
|
|
"{ [x: string]: ",
|
|
{
|
|
"pluginId": "fieldsMetadata",
|
|
"scope": "server",
|
|
"docId": "kibFieldsMetadataPluginApi",
|
|
"section": "def-server.ExtractedDatasetFields",
|
|
"text": "ExtractedDatasetFields"
|
|
},
|
|
"; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/services/fields_metadata/repositories/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.IntegrationName",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "IntegrationName",
|
|
"description": [],
|
|
"signature": [
|
|
"string"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/services/fields_metadata/repositories/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
}
|
|
],
|
|
"objects": [],
|
|
"setup": {
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerSetup",
|
|
"type": "Interface",
|
|
"tags": [],
|
|
"label": "FieldsMetadataServerSetup",
|
|
"description": [],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerSetup.registerIntegrationFieldsExtractor",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "registerIntegrationFieldsExtractor",
|
|
"description": [],
|
|
"signature": [
|
|
"(extractor: ",
|
|
"IntegrationFieldsExtractor",
|
|
") => void"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"returnComment": [],
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerSetup.registerIntegrationFieldsExtractor.$1",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "extractor",
|
|
"description": [],
|
|
"signature": [
|
|
"(params: ",
|
|
"IntegrationFieldsSearchParams",
|
|
") => Promise<",
|
|
{
|
|
"pluginId": "fieldsMetadata",
|
|
"scope": "server",
|
|
"docId": "kibFieldsMetadataPluginApi",
|
|
"section": "def-server.ExtractedIntegrationFields",
|
|
"text": "ExtractedIntegrationFields"
|
|
},
|
|
">"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/services/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"returnComment": [],
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerSetup.registerIntegrationFieldsExtractor.$1.$1",
|
|
"type": "Object",
|
|
"tags": [],
|
|
"label": "params",
|
|
"description": [],
|
|
"signature": [
|
|
"IntegrationFieldsSearchParams"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/services/fields_metadata/repositories/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerSetup.registerIntegrationListExtractor",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "registerIntegrationListExtractor",
|
|
"description": [],
|
|
"signature": [
|
|
"(extractor: ",
|
|
"IntegrationListExtractor",
|
|
") => void"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"returnComment": [],
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerSetup.registerIntegrationListExtractor.$1",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "extractor",
|
|
"description": [],
|
|
"signature": [
|
|
"() => Promise<",
|
|
"ExtractedIntegration",
|
|
"[]>"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/services/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"returnComment": [],
|
|
"children": []
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"lifecycle": "setup",
|
|
"initialIsOpen": true
|
|
},
|
|
"start": {
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerStart",
|
|
"type": "Interface",
|
|
"tags": [],
|
|
"label": "FieldsMetadataServerStart",
|
|
"description": [],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerStart.getClient",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "getClient",
|
|
"description": [],
|
|
"signature": [
|
|
"(request: ",
|
|
"KibanaRequest",
|
|
"<unknown, unknown, unknown, any>) => Promise<",
|
|
"IFieldsMetadataClient",
|
|
">"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"returnComment": [],
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-server.FieldsMetadataServerStart.getClient.$1",
|
|
"type": "Object",
|
|
"tags": [],
|
|
"label": "request",
|
|
"description": [],
|
|
"signature": [
|
|
"KibanaRequest",
|
|
"<unknown, unknown, unknown, any>"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/server/services/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"lifecycle": "start",
|
|
"initialIsOpen": true
|
|
}
|
|
},
|
|
"common": {
|
|
"classes": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldMetadata",
|
|
"type": "Class",
|
|
"tags": [],
|
|
"label": "FieldMetadata",
|
|
"description": [],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/field_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldMetadata.pick",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "pick",
|
|
"description": [],
|
|
"signature": [
|
|
"(props: (\"source\" | \"type\" | \"normalize\" | \"short\" | \"format\" | \"name\" | \"index\" | \"description\" | \"pattern\" | \"doc_values\" | \"ignore_above\" | \"required\" | \"beta\" | \"level\" | \"allowed_values\" | \"dashed_name\" | \"example\" | \"expected_values\" | \"flat_name\" | \"input_format\" | \"multi_fields\" | \"object_type\" | \"original_fieldset\" | \"output_format\" | \"output_precision\" | \"scaling_factor\" | \"documentation_url\")[]) => { name?: string | undefined; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/field_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldMetadata.pick.$1",
|
|
"type": "Array",
|
|
"tags": [],
|
|
"label": "props",
|
|
"description": [],
|
|
"signature": [
|
|
"(\"source\" | \"type\" | \"normalize\" | \"short\" | \"format\" | \"name\" | \"index\" | \"description\" | \"pattern\" | \"doc_values\" | \"ignore_above\" | \"required\" | \"beta\" | \"level\" | \"allowed_values\" | \"dashed_name\" | \"example\" | \"expected_values\" | \"flat_name\" | \"input_format\" | \"multi_fields\" | \"object_type\" | \"original_fieldset\" | \"output_format\" | \"output_precision\" | \"scaling_factor\" | \"documentation_url\")[]"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/field_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"isRequired": true
|
|
}
|
|
],
|
|
"returnComment": []
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldMetadata.toPlain",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "toPlain",
|
|
"description": [],
|
|
"signature": [
|
|
"() => { name: string; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/field_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [],
|
|
"returnComment": []
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldMetadata.create",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "create",
|
|
"description": [],
|
|
"signature": [
|
|
"(fieldMetadata: { name: string; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }) => ",
|
|
{
|
|
"pluginId": "fieldsMetadata",
|
|
"scope": "common",
|
|
"docId": "kibFieldsMetadataPluginApi",
|
|
"section": "def-common.FieldMetadata",
|
|
"text": "FieldMetadata"
|
|
}
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/field_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldMetadata.create.$1",
|
|
"type": "CompoundType",
|
|
"tags": [],
|
|
"label": "fieldMetadata",
|
|
"description": [],
|
|
"signature": [
|
|
"{ name: string; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/field_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"isRequired": true
|
|
}
|
|
],
|
|
"returnComment": []
|
|
}
|
|
],
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldsMetadataDictionary",
|
|
"type": "Class",
|
|
"tags": [],
|
|
"label": "FieldsMetadataDictionary",
|
|
"description": [],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/fields_metadata_dictionary.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldsMetadataDictionary.getFields",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "getFields",
|
|
"description": [],
|
|
"signature": [
|
|
"() => ",
|
|
"FieldsMetadataMap"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/fields_metadata_dictionary.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [],
|
|
"returnComment": []
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldsMetadataDictionary.pick",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "pick",
|
|
"description": [],
|
|
"signature": [
|
|
"(attributes: (\"source\" | \"type\" | \"normalize\" | \"short\" | \"format\" | \"name\" | \"index\" | \"description\" | \"pattern\" | \"doc_values\" | \"ignore_above\" | \"required\" | \"beta\" | \"level\" | \"allowed_values\" | \"dashed_name\" | \"example\" | \"expected_values\" | \"flat_name\" | \"input_format\" | \"multi_fields\" | \"object_type\" | \"original_fieldset\" | \"output_format\" | \"output_precision\" | \"scaling_factor\" | \"documentation_url\")[]) => Record<string, { name?: string | undefined; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }>"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/fields_metadata_dictionary.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldsMetadataDictionary.pick.$1",
|
|
"type": "Array",
|
|
"tags": [],
|
|
"label": "attributes",
|
|
"description": [],
|
|
"signature": [
|
|
"(\"source\" | \"type\" | \"normalize\" | \"short\" | \"format\" | \"name\" | \"index\" | \"description\" | \"pattern\" | \"doc_values\" | \"ignore_above\" | \"required\" | \"beta\" | \"level\" | \"allowed_values\" | \"dashed_name\" | \"example\" | \"expected_values\" | \"flat_name\" | \"input_format\" | \"multi_fields\" | \"object_type\" | \"original_fieldset\" | \"output_format\" | \"output_precision\" | \"scaling_factor\" | \"documentation_url\")[]"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/fields_metadata_dictionary.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"isRequired": true
|
|
}
|
|
],
|
|
"returnComment": []
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldsMetadataDictionary.toPlain",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "toPlain",
|
|
"description": [],
|
|
"signature": [
|
|
"() => Record<string, { name: string; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }>"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/fields_metadata_dictionary.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [],
|
|
"returnComment": []
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldsMetadataDictionary.create",
|
|
"type": "Function",
|
|
"tags": [],
|
|
"label": "create",
|
|
"description": [],
|
|
"signature": [
|
|
"(fields: ",
|
|
"FieldsMetadataMap",
|
|
") => ",
|
|
{
|
|
"pluginId": "fieldsMetadata",
|
|
"scope": "common",
|
|
"docId": "kibFieldsMetadataPluginApi",
|
|
"section": "def-common.FieldsMetadataDictionary",
|
|
"text": "FieldsMetadataDictionary"
|
|
}
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/fields_metadata_dictionary.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldsMetadataDictionary.create.$1",
|
|
"type": "Object",
|
|
"tags": [],
|
|
"label": "fields",
|
|
"description": [],
|
|
"signature": [
|
|
"FieldsMetadataMap"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/fields_metadata_dictionary.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"isRequired": true
|
|
}
|
|
],
|
|
"returnComment": []
|
|
}
|
|
],
|
|
"initialIsOpen": false
|
|
}
|
|
],
|
|
"functions": [],
|
|
"interfaces": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldMetadata",
|
|
"type": "Interface",
|
|
"tags": [],
|
|
"label": "FieldMetadata",
|
|
"description": [],
|
|
"signature": [
|
|
{
|
|
"pluginId": "fieldsMetadata",
|
|
"scope": "common",
|
|
"docId": "kibFieldsMetadataPluginApi",
|
|
"section": "def-common.FieldMetadata",
|
|
"text": "FieldMetadata"
|
|
},
|
|
" extends { name: string; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/models/field_metadata.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"children": [],
|
|
"initialIsOpen": false
|
|
}
|
|
],
|
|
"enums": [],
|
|
"misc": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.AnyFieldName",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "AnyFieldName",
|
|
"description": [],
|
|
"signature": [
|
|
"string & {}"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.EcsFieldName",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "EcsFieldName",
|
|
"description": [],
|
|
"signature": [
|
|
"\"@timestamp\" | \"event.sequence\" | \"event.start\" | \"event.end\" | \"event.provider\" | \"event.duration\" | \"event.action\" | \"message\" | \"event.outcome\" | \"tags\" | \"event.kind\" | \"event.original\" | \"agent.name\" | \"container.id\" | \"host.name\" | \"labels\" | \"service.environment\" | \"service.name\" | \"ecs.version\" | \"agent.build.original\" | \"agent.ephemeral_id\" | \"agent.id\" | \"agent.type\" | \"agent.version\" | \"client.address\" | \"client.as.number\" | \"client.as.organization.name\" | \"client.bytes\" | \"client.domain\" | \"client.geo.city_name\" | \"client.geo.continent_code\" | \"client.geo.continent_name\" | \"client.geo.country_iso_code\" | \"client.geo.country_name\" | \"client.geo.location\" | \"client.geo.name\" | \"client.geo.postal_code\" | \"client.geo.region_iso_code\" | \"client.geo.region_name\" | \"client.geo.timezone\" | \"client.ip\" | \"client.mac\" | \"client.nat.ip\" | \"client.nat.port\" | \"client.packets\" | \"client.port\" | \"client.registered_domain\" | \"client.subdomain\" | \"client.top_level_domain\" | \"client.user.domain\" | \"client.user.email\" | \"client.user.full_name\" | \"client.user.group.domain\" | \"client.user.group.id\" | \"client.user.group.name\" | \"client.user.hash\" | \"client.user.id\" | \"client.user.name\" | \"client.user.roles\" | \"cloud.account.id\" | \"cloud.account.name\" | \"cloud.availability_zone\" | \"cloud.instance.id\" | \"cloud.instance.name\" | \"cloud.machine.type\" | \"cloud.origin.account.id\" | \"cloud.origin.account.name\" | \"cloud.origin.availability_zone\" | \"cloud.origin.instance.id\" | \"cloud.origin.instance.name\" | \"cloud.origin.machine.type\" | \"cloud.origin.project.id\" | \"cloud.origin.project.name\" | \"cloud.origin.provider\" | \"cloud.origin.region\" | \"cloud.origin.service.name\" | \"cloud.project.id\" | \"cloud.project.name\" | \"cloud.provider\" | \"cloud.region\" | \"cloud.service.name\" | \"cloud.target.account.id\" | \"cloud.target.account.name\" | \"cloud.target.availability_zone\" | \"cloud.target.instance.id\" | \"cloud.target.instance.name\" | \"cloud.target.machine.type\" | \"cloud.target.project.id\" | \"cloud.target.project.name\" | \"cloud.target.provider\" | \"cloud.target.region\" | \"cloud.target.service.name\" | \"container.cpu.usage\" | \"container.disk.read.bytes\" | \"container.disk.write.bytes\" | \"container.image.hash.all\" | \"container.image.name\" | \"container.image.tag\" | \"container.labels\" | \"container.memory.usage\" | \"container.name\" | \"container.network.egress.bytes\" | \"container.network.ingress.bytes\" | \"container.runtime\" | \"container.security_context.privileged\" | \"destination.address\" | \"destination.as.number\" | \"destination.as.organization.name\" | \"destination.bytes\" | \"destination.domain\" | \"destination.geo.city_name\" | \"destination.geo.continent_code\" | \"destination.geo.continent_name\" | \"destination.geo.country_iso_code\" | \"destination.geo.country_name\" | \"destination.geo.location\" | \"destination.geo.name\" | \"destination.geo.postal_code\" | \"destination.geo.region_iso_code\" | \"destination.geo.region_name\" | \"destination.geo.timezone\" | \"destination.ip\" | \"destination.mac\" | \"destination.nat.ip\" | \"destination.nat.port\" | \"destination.packets\" | \"destination.port\" | \"destination.registered_domain\" | \"destination.subdomain\" | \"destination.top_level_domain\" | \"destination.user.domain\" | \"destination.user.email\" | \"destination.user.full_name\" | \"destination.user.group.domain\" | \"destination.user.group.id\" | \"destination.user.group.name\" | \"destination.user.hash\" | \"destination.user.id\" | \"destination.user.name\" | \"destination.user.roles\" | \"device.id\" | \"device.manufacturer\" | \"device.model.identifier\" | \"device.model.name\" | \"dll.code_signature.digest_algorithm\" | \"dll.code_signature.exists\" | \"dll.code_signature.signing_id\" | \"dll.code_signature.status\" | \"dll.code_signature.subject_name\" | \"dll.code_signature.team_id\" | \"dll.code_signature.timestamp\" | \"dll.code_signature.trusted\" | \"dll.code_signature.valid\" | \"dll.hash.md5\" | \"dll.hash.sha1\" | \"dll.hash.sha256\" | \"dll.hash.sha384\" | \"dll.hash.sha512\" | \"dll.hash.ssdeep\" | \"dll.hash.tlsh\" | \"dll.name\" | \"dll.path\" | \"dll.pe.architecture\" | \"dll.pe.company\" | \"dll.pe.description\" | \"dll.pe.file_version\" | \"dll.pe.go_import_hash\" | \"dll.pe.go_imports\" | \"dll.pe.go_imports_names_entropy\" | \"dll.pe.go_imports_names_var_entropy\" | \"dll.pe.go_stripped\" | \"dll.pe.imphash\" | \"dll.pe.import_hash\" | \"dll.pe.imports\" | \"dll.pe.imports_names_entropy\" | \"dll.pe.imports_names_var_entropy\" | \"dll.pe.original_file_name\" | \"dll.pe.pehash\" | \"dll.pe.product\" | \"dll.pe.sections\" | \"dns.answers\" | \"dns.header_flags\" | \"dns.id\" | \"dns.op_code\" | \"dns.question.class\" | \"dns.question.name\" | \"dns.question.registered_domain\" | \"dns.question.subdomain\" | \"dns.question.top_level_domain\" | \"dns.question.type\" | \"dns.resolved_ip\" | \"dns.response_code\" | \"dns.type\" | \"email.attachments\" | \"file.extension\" | \"file.hash.md5\" | \"file.hash.sha1\" | \"file.hash.sha256\" | \"file.hash.sha384\" | \"file.hash.sha512\" | \"file.hash.ssdeep\" | \"file.hash.tlsh\" | \"file.mime_type\" | \"file.name\" | \"file.size\" | \"email.bcc.address\" | \"email.cc.address\" | \"email.content_type\" | \"email.delivery_timestamp\" | \"email.direction\" | \"email.from.address\" | \"email.local_id\" | \"email.message_id\" | \"email.origination_timestamp\" | \"email.reply_to.address\" | \"email.sender.address\" | \"email.subject\" | \"email.to.address\" | \"email.x_mailer\" | \"error.code\" | \"error.id\" | \"error.message\" | \"error.stack_trace\" | \"error.type\" | \"event.agent_id_status\" | \"event.category\" | \"event.code\" | \"event.created\" | \"event.dataset\" | \"event.hash\" | \"event.id\" | \"event.ingested\" | \"event.module\" | \"event.reason\" | \"event.reference\" | \"event.risk_score\" | \"event.risk_score_norm\" | \"event.severity\" | \"event.timezone\" | \"event.type\" | \"event.url\" | \"faas.coldstart\" | \"faas.execution\" | \"faas.id\" | \"faas.name\" | \"faas.version\" | \"file.accessed\" | \"file.attributes\" | \"file.code_signature.digest_algorithm\" | \"file.code_signature.exists\" | \"file.code_signature.signing_id\" | \"file.code_signature.status\" | \"file.code_signature.subject_name\" | \"file.code_signature.team_id\" | \"file.code_signature.timestamp\" | \"file.code_signature.trusted\" | \"file.code_signature.valid\" | \"file.created\" | \"file.ctime\" | \"file.device\" | \"file.directory\" | \"file.drive_letter\" | \"file.elf.architecture\" | \"file.elf.byte_order\" | \"file.elf.cpu_type\" | \"file.elf.creation_date\" | \"file.elf.exports\" | \"file.elf.go_import_hash\" | \"file.elf.go_imports\" | \"file.elf.go_imports_names_entropy\" | \"file.elf.go_imports_names_var_entropy\" | \"file.elf.go_stripped\" | \"file.elf.header.abi_version\" | \"file.elf.header.class\" | \"file.elf.header.data\" | \"file.elf.header.entrypoint\" | \"file.elf.header.object_version\" | \"file.elf.header.os_abi\" | \"file.elf.header.type\" | \"file.elf.header.version\" | \"file.elf.import_hash\" | \"file.elf.imports\" | \"file.elf.imports_names_entropy\" | \"file.elf.imports_names_var_entropy\" | \"file.elf.sections\" | \"file.elf.segments\" | \"file.elf.shared_libraries\" | \"file.elf.telfhash\" | \"file.fork_name\" | \"file.gid\" | \"file.group\" | \"file.inode\" | \"file.macho.go_import_hash\" | \"file.macho.go_imports\" | \"file.macho.go_imports_names_entropy\" | \"file.macho.go_imports_names_var_entropy\" | \"file.macho.go_stripped\" | \"file.macho.import_hash\" | \"file.macho.imports\" | \"file.macho.imports_names_entropy\" | \"file.macho.imports_names_var_entropy\" | \"file.macho.sections\" | \"file.macho.symhash\" | \"file.mode\" | \"file.mtime\" | \"file.owner\" | \"file.path\" | \"file.pe.architecture\" | \"file.pe.company\" | \"file.pe.description\" | \"file.pe.file_version\" | \"file.pe.go_import_hash\" | \"file.pe.go_imports\" | \"file.pe.go_imports_names_entropy\" | \"file.pe.go_imports_names_var_entropy\" | \"file.pe.go_stripped\" | \"file.pe.imphash\" | \"file.pe.import_hash\" | \"file.pe.imports\" | \"file.pe.imports_names_entropy\" | \"file.pe.imports_names_var_entropy\" | \"file.pe.original_file_name\" | \"file.pe.pehash\" | \"file.pe.product\" | \"file.pe.sections\" | \"file.target_path\" | \"file.type\" | \"file.uid\" | \"file.x509.alternative_names\" | \"file.x509.issuer.common_name\" | \"file.x509.issuer.country\" | \"file.x509.issuer.distinguished_name\" | \"file.x509.issuer.locality\" | \"file.x509.issuer.organization\" | \"file.x509.issuer.organizational_unit\" | \"file.x509.issuer.state_or_province\" | \"file.x509.not_after\" | \"file.x509.not_before\" | \"file.x509.public_key_algorithm\" | \"file.x509.public_key_curve\" | \"file.x509.public_key_exponent\" | \"file.x509.public_key_size\" | \"file.x509.serial_number\" | \"file.x509.signature_algorithm\" | \"file.x509.subject.common_name\" | \"file.x509.subject.country\" | \"file.x509.subject.distinguished_name\" | \"file.x509.subject.locality\" | \"file.x509.subject.organization\" | \"file.x509.subject.organizational_unit\" | \"file.x509.subject.state_or_province\" | \"file.x509.version_number\" | \"group.domain\" | \"group.id\" | \"group.name\" | \"host.architecture\" | \"host.boot.id\" | \"host.cpu.usage\" | \"host.disk.read.bytes\" | \"host.disk.write.bytes\" | \"host.domain\" | \"host.geo.city_name\" | \"host.geo.continent_code\" | \"host.geo.continent_name\" | \"host.geo.country_iso_code\" | \"host.geo.country_name\" | \"host.geo.location\" | \"host.geo.name\" | \"host.geo.postal_code\" | \"host.geo.region_iso_code\" | \"host.geo.region_name\" | \"host.geo.timezone\" | \"host.hostname\" | \"host.id\" | \"host.ip\" | \"host.mac\" | \"host.network.egress.bytes\" | \"host.network.egress.packets\" | \"host.network.ingress.bytes\" | \"host.network.ingress.packets\" | \"host.os.family\" | \"host.os.full\" | \"host.os.kernel\" | \"host.os.name\" | \"host.os.platform\" | \"host.os.type\" | \"host.os.version\" | \"host.pid_ns_ino\" | \"host.risk.calculated_level\" | \"host.risk.calculated_score\" | \"host.risk.calculated_score_norm\" | \"host.risk.static_level\" | \"host.risk.static_score\" | \"host.risk.static_score_norm\" | \"host.type\" | \"host.uptime\" | \"http.request.body.bytes\" | \"http.request.body.content\" | \"http.request.bytes\" | \"http.request.id\" | \"http.request.method\" | \"http.request.mime_type\" | \"http.request.referrer\" | \"http.response.body.bytes\" | \"http.response.body.content\" | \"http.response.bytes\" | \"http.response.mime_type\" | \"http.response.status_code\" | \"http.version\" | \"log.file.path\" | \"log.level\" | \"log.logger\" | \"log.origin.file.line\" | \"log.origin.file.name\" | \"log.origin.function\" | \"log.syslog\" | \"network.application\" | \"network.bytes\" | \"network.community_id\" | \"network.direction\" | \"network.forwarded_ip\" | \"network.iana_number\" | \"network.inner\" | \"network.name\" | \"network.packets\" | \"network.protocol\" | \"network.transport\" | \"network.type\" | \"network.vlan.id\" | \"network.vlan.name\" | \"observer.egress\" | \"observer.geo.city_name\" | \"observer.geo.continent_code\" | \"observer.geo.continent_name\" | \"observer.geo.country_iso_code\" | \"observer.geo.country_name\" | \"observer.geo.location\" | \"observer.geo.name\" | \"observer.geo.postal_code\" | \"observer.geo.region_iso_code\" | \"observer.geo.region_name\" | \"observer.geo.timezone\" | \"observer.hostname\" | \"observer.ingress\" | \"observer.ip\" | \"observer.mac\" | \"observer.name\" | \"observer.os.family\" | \"observer.os.full\" | \"observer.os.kernel\" | \"observer.os.name\" | \"observer.os.platform\" | \"observer.os.type\" | \"observer.os.version\" | \"observer.product\" | \"observer.serial_number\" | \"observer.type\" | \"observer.vendor\" | \"observer.version\" | \"orchestrator.api_version\" | \"orchestrator.cluster.id\" | \"orchestrator.cluster.name\" | \"orchestrator.cluster.url\" | \"orchestrator.cluster.version\" | \"orchestrator.namespace\" | \"orchestrator.organization\" | \"orchestrator.resource.annotation\" | \"orchestrator.resource.id\" | \"orchestrator.resource.ip\" | \"orchestrator.resource.label\" | \"orchestrator.resource.name\" | \"orchestrator.resource.parent.type\" | \"orchestrator.resource.type\" | \"orchestrator.type\" | \"organization.id\" | \"organization.name\" | \"package.architecture\" | \"package.build_version\" | \"package.checksum\" | \"package.description\" | \"package.install_scope\" | \"package.installed\" | \"package.license\" | \"package.name\" | \"package.path\" | \"package.reference\" | \"package.size\" | \"package.type\" | \"package.version\" | \"process.args\" | \"process.args_count\" | \"process.code_signature.digest_algorithm\" | \"process.code_signature.exists\" | \"process.code_signature.signing_id\" | \"process.code_signature.status\" | \"process.code_signature.subject_name\" | \"process.code_signature.team_id\" | \"process.code_signature.timestamp\" | \"process.code_signature.trusted\" | \"process.code_signature.valid\" | \"process.command_line\" | \"process.elf.architecture\" | \"process.elf.byte_order\" | \"process.elf.cpu_type\" | \"process.elf.creation_date\" | \"process.elf.exports\" | \"process.elf.go_import_hash\" | \"process.elf.go_imports\" | \"process.elf.go_imports_names_entropy\" | \"process.elf.go_imports_names_var_entropy\" | \"process.elf.go_stripped\" | \"process.elf.header.abi_version\" | \"process.elf.header.class\" | \"process.elf.header.data\" | \"process.elf.header.entrypoint\" | \"process.elf.header.object_version\" | \"process.elf.header.os_abi\" | \"process.elf.header.type\" | \"process.elf.header.version\" | \"process.elf.import_hash\" | \"process.elf.imports\" | \"process.elf.imports_names_entropy\" | \"process.elf.imports_names_var_entropy\" | \"process.elf.sections\" | \"process.elf.segments\" | \"process.elf.shared_libraries\" | \"process.elf.telfhash\" | \"process.end\" | \"process.entity_id\" | \"process.entry_leader.args\" | \"process.entry_leader.args_count\" | \"process.entry_leader.attested_groups.name\" | \"process.entry_leader.attested_user.id\" | \"process.entry_leader.attested_user.name\" | \"process.entry_leader.command_line\" | \"process.entry_leader.entity_id\" | \"process.entry_leader.entry_meta.source.ip\" | \"process.entry_leader.entry_meta.type\" | \"process.entry_leader.executable\" | \"process.entry_leader.group.id\" | \"process.entry_leader.group.name\" | \"process.entry_leader.interactive\" | \"process.entry_leader.name\" | \"process.entry_leader.parent.entity_id\" | \"process.entry_leader.parent.pid\" | \"process.entry_leader.parent.session_leader.entity_id\" | \"process.entry_leader.parent.session_leader.pid\" | \"process.entry_leader.parent.session_leader.start\" | \"process.entry_leader.parent.session_leader.vpid\" | \"process.entry_leader.parent.start\" | \"process.entry_leader.parent.vpid\" | \"process.entry_leader.pid\" | \"process.entry_leader.real_group.id\" | \"process.entry_leader.real_group.name\" | \"process.entry_leader.real_user.id\" | \"process.entry_leader.real_user.name\" | \"process.entry_leader.same_as_process\" | \"process.entry_leader.saved_group.id\" | \"process.entry_leader.saved_group.name\" | \"process.entry_leader.saved_user.id\" | \"process.entry_leader.saved_user.name\" | \"process.entry_leader.start\" | \"process.entry_leader.supplemental_groups.id\" | \"process.entry_leader.supplemental_groups.name\" | \"process.entry_leader.tty\" | \"process.entry_leader.user.id\" | \"process.entry_leader.user.name\" | \"process.entry_leader.vpid\" | \"process.entry_leader.working_directory\" | \"process.env_vars\" | \"process.executable\" | \"process.exit_code\" | \"process.group_leader.args\" | \"process.group_leader.args_count\" | \"process.group_leader.command_line\" | \"process.group_leader.entity_id\" | \"process.group_leader.executable\" | \"process.group_leader.group.id\" | \"process.group_leader.group.name\" | \"process.group_leader.interactive\" | \"process.group_leader.name\" | \"process.group_leader.pid\" | \"process.group_leader.real_group.id\" | \"process.group_leader.real_group.name\" | \"process.group_leader.real_user.id\" | \"process.group_leader.real_user.name\" | \"process.group_leader.same_as_process\" | \"process.group_leader.saved_group.id\" | \"process.group_leader.saved_group.name\" | \"process.group_leader.saved_user.id\" | \"process.group_leader.saved_user.name\" | \"process.group_leader.start\" | \"process.group_leader.supplemental_groups.id\" | \"process.group_leader.supplemental_groups.name\" | \"process.group_leader.tty\" | \"process.group_leader.user.id\" | \"process.group_leader.user.name\" | \"process.group_leader.vpid\" | \"process.group_leader.working_directory\" | \"process.hash.md5\" | \"process.hash.sha1\" | \"process.hash.sha256\" | \"process.hash.sha384\" | \"process.hash.sha512\" | \"process.hash.ssdeep\" | \"process.hash.tlsh\" | \"process.interactive\" | \"process.io\" | \"process.macho.go_import_hash\" | \"process.macho.go_imports\" | \"process.macho.go_imports_names_entropy\" | \"process.macho.go_imports_names_var_entropy\" | \"process.macho.go_stripped\" | \"process.macho.import_hash\" | \"process.macho.imports\" | \"process.macho.imports_names_entropy\" | \"process.macho.imports_names_var_entropy\" | \"process.macho.sections\" | \"process.macho.symhash\" | \"process.name\" | \"process.parent.args\" | \"process.parent.args_count\" | \"process.parent.code_signature.digest_algorithm\" | \"process.parent.code_signature.exists\" | \"process.parent.code_signature.signing_id\" | \"process.parent.code_signature.status\" | \"process.parent.code_signature.subject_name\" | \"process.parent.code_signature.team_id\" | \"process.parent.code_signature.timestamp\" | \"process.parent.code_signature.trusted\" | \"process.parent.code_signature.valid\" | \"process.parent.command_line\" | \"process.parent.elf.architecture\" | \"process.parent.elf.byte_order\" | \"process.parent.elf.cpu_type\" | \"process.parent.elf.creation_date\" | \"process.parent.elf.exports\" | \"process.parent.elf.go_import_hash\" | \"process.parent.elf.go_imports\" | \"process.parent.elf.go_imports_names_entropy\" | \"process.parent.elf.go_imports_names_var_entropy\" | \"process.parent.elf.go_stripped\" | \"process.parent.elf.header.abi_version\" | \"process.parent.elf.header.class\" | \"process.parent.elf.header.data\" | \"process.parent.elf.header.entrypoint\" | \"process.parent.elf.header.object_version\" | \"process.parent.elf.header.os_abi\" | \"process.parent.elf.header.type\" | \"process.parent.elf.header.version\" | \"process.parent.elf.import_hash\" | \"process.parent.elf.imports\" | \"process.parent.elf.imports_names_entropy\" | \"process.parent.elf.imports_names_var_entropy\" | \"process.parent.elf.sections\" | \"process.parent.elf.segments\" | \"process.parent.elf.shared_libraries\" | \"process.parent.elf.telfhash\" | \"process.parent.end\" | \"process.parent.entity_id\" | \"process.parent.executable\" | \"process.parent.exit_code\" | \"process.parent.group.id\" | \"process.parent.group.name\" | \"process.parent.group_leader.entity_id\" | \"process.parent.group_leader.pid\" | \"process.parent.group_leader.start\" | \"process.parent.group_leader.vpid\" | \"process.parent.hash.md5\" | \"process.parent.hash.sha1\" | \"process.parent.hash.sha256\" | \"process.parent.hash.sha384\" | \"process.parent.hash.sha512\" | \"process.parent.hash.ssdeep\" | \"process.parent.hash.tlsh\" | \"process.parent.interactive\" | \"process.parent.macho.go_import_hash\" | \"process.parent.macho.go_imports\" | \"process.parent.macho.go_imports_names_entropy\" | \"process.parent.macho.go_imports_names_var_entropy\" | \"process.parent.macho.go_stripped\" | \"process.parent.macho.import_hash\" | \"process.parent.macho.imports\" | \"process.parent.macho.imports_names_entropy\" | \"process.parent.macho.imports_names_var_entropy\" | \"process.parent.macho.sections\" | \"process.parent.macho.symhash\" | \"process.parent.name\" | \"process.parent.pe.architecture\" | \"process.parent.pe.company\" | \"process.parent.pe.description\" | \"process.parent.pe.file_version\" | \"process.parent.pe.go_import_hash\" | \"process.parent.pe.go_imports\" | \"process.parent.pe.go_imports_names_entropy\" | \"process.parent.pe.go_imports_names_var_entropy\" | \"process.parent.pe.go_stripped\" | \"process.parent.pe.imphash\" | \"process.parent.pe.import_hash\" | \"process.parent.pe.imports\" | \"process.parent.pe.imports_names_entropy\" | \"process.parent.pe.imports_names_var_entropy\" | \"process.parent.pe.original_file_name\" | \"process.parent.pe.pehash\" | \"process.parent.pe.product\" | \"process.parent.pe.sections\" | \"process.parent.pgid\" | \"process.parent.pid\" | \"process.parent.real_group.id\" | \"process.parent.real_group.name\" | \"process.parent.real_user.id\" | \"process.parent.real_user.name\" | \"process.parent.saved_group.id\" | \"process.parent.saved_group.name\" | \"process.parent.saved_user.id\" | \"process.parent.saved_user.name\" | \"process.parent.start\" | \"process.parent.supplemental_groups.id\" | \"process.parent.supplemental_groups.name\" | \"process.parent.thread.capabilities.effective\" | \"process.parent.thread.capabilities.permitted\" | \"process.parent.thread.id\" | \"process.parent.thread.name\" | \"process.parent.title\" | \"process.parent.tty\" | \"process.parent.uptime\" | \"process.parent.user.id\" | \"process.parent.user.name\" | \"process.parent.vpid\" | \"process.parent.working_directory\" | \"process.pe.architecture\" | \"process.pe.company\" | \"process.pe.description\" | \"process.pe.file_version\" | \"process.pe.go_import_hash\" | \"process.pe.go_imports\" | \"process.pe.go_imports_names_entropy\" | \"process.pe.go_imports_names_var_entropy\" | \"process.pe.go_stripped\" | \"process.pe.imphash\" | \"process.pe.import_hash\" | \"process.pe.imports\" | \"process.pe.imports_names_entropy\" | \"process.pe.imports_names_var_entropy\" | \"process.pe.original_file_name\" | \"process.pe.pehash\" | \"process.pe.product\" | \"process.pe.sections\" | \"process.pgid\" | \"process.pid\" | \"process.previous.args\" | \"process.previous.args_count\" | \"process.previous.executable\" | \"process.real_group.id\" | \"process.real_group.name\" | \"process.real_user.id\" | \"process.real_user.name\" | \"process.saved_group.id\" | \"process.saved_group.name\" | \"process.saved_user.id\" | \"process.saved_user.name\" | \"process.session_leader.args\" | \"process.session_leader.args_count\" | \"process.session_leader.command_line\" | \"process.session_leader.entity_id\" | \"process.session_leader.executable\" | \"process.session_leader.group.id\" | \"process.session_leader.group.name\" | \"process.session_leader.interactive\" | \"process.session_leader.name\" | \"process.session_leader.parent.entity_id\" | \"process.session_leader.parent.pid\" | \"process.session_leader.parent.session_leader.entity_id\" | \"process.session_leader.parent.session_leader.pid\" | \"process.session_leader.parent.session_leader.start\" | \"process.session_leader.parent.session_leader.vpid\" | \"process.session_leader.parent.start\" | \"process.session_leader.parent.vpid\" | \"process.session_leader.pid\" | \"process.session_leader.real_group.id\" | \"process.session_leader.real_group.name\" | \"process.session_leader.real_user.id\" | \"process.session_leader.real_user.name\" | \"process.session_leader.same_as_process\" | \"process.session_leader.saved_group.id\" | \"process.session_leader.saved_group.name\" | \"process.session_leader.saved_user.id\" | \"process.session_leader.saved_user.name\" | \"process.session_leader.start\" | \"process.session_leader.supplemental_groups.id\" | \"process.session_leader.supplemental_groups.name\" | \"process.session_leader.tty\" | \"process.session_leader.user.id\" | \"process.session_leader.user.name\" | \"process.session_leader.vpid\" | \"process.session_leader.working_directory\" | \"process.start\" | \"process.supplemental_groups.id\" | \"process.supplemental_groups.name\" | \"process.thread.capabilities.effective\" | \"process.thread.capabilities.permitted\" | \"process.thread.id\" | \"process.thread.name\" | \"process.title\" | \"process.tty\" | \"process.uptime\" | \"process.user.id\" | \"process.user.name\" | \"process.vpid\" | \"process.working_directory\" | \"registry.data.bytes\" | \"registry.data.strings\" | \"registry.data.type\" | \"registry.hive\" | \"registry.key\" | \"registry.path\" | \"registry.value\" | \"related.hash\" | \"related.hosts\" | \"related.ip\" | \"related.user\" | \"rule.author\" | \"rule.category\" | \"rule.description\" | \"rule.id\" | \"rule.license\" | \"rule.name\" | \"rule.reference\" | \"rule.ruleset\" | \"rule.uuid\" | \"rule.version\" | \"server.address\" | \"server.as.number\" | \"server.as.organization.name\" | \"server.bytes\" | \"server.domain\" | \"server.geo.city_name\" | \"server.geo.continent_code\" | \"server.geo.continent_name\" | \"server.geo.country_iso_code\" | \"server.geo.country_name\" | \"server.geo.location\" | \"server.geo.name\" | \"server.geo.postal_code\" | \"server.geo.region_iso_code\" | \"server.geo.region_name\" | \"server.geo.timezone\" | \"server.ip\" | \"server.mac\" | \"server.nat.ip\" | \"server.nat.port\" | \"server.packets\" | \"server.port\" | \"server.registered_domain\" | \"server.subdomain\" | \"server.top_level_domain\" | \"server.user.domain\" | \"server.user.email\" | \"server.user.full_name\" | \"server.user.group.domain\" | \"server.user.group.id\" | \"server.user.group.name\" | \"server.user.hash\" | \"server.user.id\" | \"server.user.name\" | \"server.user.roles\" | \"service.address\" | \"service.ephemeral_id\" | \"service.id\" | \"service.node.name\" | \"service.node.role\" | \"service.node.roles\" | \"service.origin.address\" | \"service.origin.environment\" | \"service.origin.ephemeral_id\" | \"service.origin.id\" | \"service.origin.name\" | \"service.origin.node.name\" | \"service.origin.node.role\" | \"service.origin.node.roles\" | \"service.origin.state\" | \"service.origin.type\" | \"service.origin.version\" | \"service.state\" | \"service.target.address\" | \"service.target.environment\" | \"service.target.ephemeral_id\" | \"service.target.id\" | \"service.target.name\" | \"service.target.node.name\" | \"service.target.node.role\" | \"service.target.node.roles\" | \"service.target.state\" | \"service.target.type\" | \"service.target.version\" | \"service.type\" | \"service.version\" | \"source.address\" | \"source.as.number\" | \"source.as.organization.name\" | \"source.bytes\" | \"source.domain\" | \"source.geo.city_name\" | \"source.geo.continent_code\" | \"source.geo.continent_name\" | \"source.geo.country_iso_code\" | \"source.geo.country_name\" | \"source.geo.location\" | \"source.geo.name\" | \"source.geo.postal_code\" | \"source.geo.region_iso_code\" | \"source.geo.region_name\" | \"source.geo.timezone\" | \"source.ip\" | \"source.mac\" | \"source.nat.ip\" | \"source.nat.port\" | \"source.packets\" | \"source.port\" | \"source.registered_domain\" | \"source.subdomain\" | \"source.top_level_domain\" | \"source.user.domain\" | \"source.user.email\" | \"source.user.full_name\" | \"source.user.group.domain\" | \"source.user.group.id\" | \"source.user.group.name\" | \"source.user.hash\" | \"source.user.id\" | \"source.user.name\" | \"source.user.roles\" | \"span.id\" | \"threat.enrichments\" | \"threat.feed.dashboard_id\" | \"threat.feed.description\" | \"threat.feed.name\" | \"threat.feed.reference\" | \"threat.framework\" | \"threat.group.alias\" | \"threat.group.id\" | \"threat.group.name\" | \"threat.group.reference\" | \"threat.indicator.as.number\" | \"threat.indicator.as.organization.name\" | \"threat.indicator.confidence\" | \"threat.indicator.description\" | \"threat.indicator.email.address\" | \"threat.indicator.file.accessed\" | \"threat.indicator.file.attributes\" | \"threat.indicator.file.code_signature.digest_algorithm\" | \"threat.indicator.file.code_signature.exists\" | \"threat.indicator.file.code_signature.signing_id\" | \"threat.indicator.file.code_signature.status\" | \"threat.indicator.file.code_signature.subject_name\" | \"threat.indicator.file.code_signature.team_id\" | \"threat.indicator.file.code_signature.timestamp\" | \"threat.indicator.file.code_signature.trusted\" | \"threat.indicator.file.code_signature.valid\" | \"threat.indicator.file.created\" | \"threat.indicator.file.ctime\" | \"threat.indicator.file.device\" | \"threat.indicator.file.directory\" | \"threat.indicator.file.drive_letter\" | \"threat.indicator.file.elf.architecture\" | \"threat.indicator.file.elf.byte_order\" | \"threat.indicator.file.elf.cpu_type\" | \"threat.indicator.file.elf.creation_date\" | \"threat.indicator.file.elf.exports\" | \"threat.indicator.file.elf.go_import_hash\" | \"threat.indicator.file.elf.go_imports\" | \"threat.indicator.file.elf.go_imports_names_entropy\" | \"threat.indicator.file.elf.go_imports_names_var_entropy\" | \"threat.indicator.file.elf.go_stripped\" | \"threat.indicator.file.elf.header.abi_version\" | \"threat.indicator.file.elf.header.class\" | \"threat.indicator.file.elf.header.data\" | \"threat.indicator.file.elf.header.entrypoint\" | \"threat.indicator.file.elf.header.object_version\" | \"threat.indicator.file.elf.header.os_abi\" | \"threat.indicator.file.elf.header.type\" | \"threat.indicator.file.elf.header.version\" | \"threat.indicator.file.elf.import_hash\" | \"threat.indicator.file.elf.imports\" | \"threat.indicator.file.elf.imports_names_entropy\" | \"threat.indicator.file.elf.imports_names_var_entropy\" | \"threat.indicator.file.elf.sections\" | \"threat.indicator.file.elf.segments\" | \"threat.indicator.file.elf.shared_libraries\" | \"threat.indicator.file.elf.telfhash\" | \"threat.indicator.file.extension\" | \"threat.indicator.file.fork_name\" | \"threat.indicator.file.gid\" | \"threat.indicator.file.group\" | \"threat.indicator.file.hash.md5\" | \"threat.indicator.file.hash.sha1\" | \"threat.indicator.file.hash.sha256\" | \"threat.indicator.file.hash.sha384\" | \"threat.indicator.file.hash.sha512\" | \"threat.indicator.file.hash.ssdeep\" | \"threat.indicator.file.hash.tlsh\" | \"threat.indicator.file.inode\" | \"threat.indicator.file.mime_type\" | \"threat.indicator.file.mode\" | \"threat.indicator.file.mtime\" | \"threat.indicator.file.name\" | \"threat.indicator.file.owner\" | \"threat.indicator.file.path\" | \"threat.indicator.file.pe.architecture\" | \"threat.indicator.file.pe.company\" | \"threat.indicator.file.pe.description\" | \"threat.indicator.file.pe.file_version\" | \"threat.indicator.file.pe.go_import_hash\" | \"threat.indicator.file.pe.go_imports\" | \"threat.indicator.file.pe.go_imports_names_entropy\" | \"threat.indicator.file.pe.go_imports_names_var_entropy\" | \"threat.indicator.file.pe.go_stripped\" | \"threat.indicator.file.pe.imphash\" | \"threat.indicator.file.pe.import_hash\" | \"threat.indicator.file.pe.imports\" | \"threat.indicator.file.pe.imports_names_entropy\" | \"threat.indicator.file.pe.imports_names_var_entropy\" | \"threat.indicator.file.pe.original_file_name\" | \"threat.indicator.file.pe.pehash\" | \"threat.indicator.file.pe.product\" | \"threat.indicator.file.pe.sections\" | \"threat.indicator.file.size\" | \"threat.indicator.file.target_path\" | \"threat.indicator.file.type\" | \"threat.indicator.file.uid\" | \"threat.indicator.file.x509.alternative_names\" | \"threat.indicator.file.x509.issuer.common_name\" | \"threat.indicator.file.x509.issuer.country\" | \"threat.indicator.file.x509.issuer.distinguished_name\" | \"threat.indicator.file.x509.issuer.locality\" | \"threat.indicator.file.x509.issuer.organization\" | \"threat.indicator.file.x509.issuer.organizational_unit\" | \"threat.indicator.file.x509.issuer.state_or_province\" | \"threat.indicator.file.x509.not_after\" | \"threat.indicator.file.x509.not_before\" | \"threat.indicator.file.x509.public_key_algorithm\" | \"threat.indicator.file.x509.public_key_curve\" | \"threat.indicator.file.x509.public_key_exponent\" | \"threat.indicator.file.x509.public_key_size\" | \"threat.indicator.file.x509.serial_number\" | \"threat.indicator.file.x509.signature_algorithm\" | \"threat.indicator.file.x509.subject.common_name\" | \"threat.indicator.file.x509.subject.country\" | \"threat.indicator.file.x509.subject.distinguished_name\" | \"threat.indicator.file.x509.subject.locality\" | \"threat.indicator.file.x509.subject.organization\" | \"threat.indicator.file.x509.subject.organizational_unit\" | \"threat.indicator.file.x509.subject.state_or_province\" | \"threat.indicator.file.x509.version_number\" | \"threat.indicator.first_seen\" | \"threat.indicator.geo.city_name\" | \"threat.indicator.geo.continent_code\" | \"threat.indicator.geo.continent_name\" | \"threat.indicator.geo.country_iso_code\" | \"threat.indicator.geo.country_name\" | \"threat.indicator.geo.location\" | \"threat.indicator.geo.name\" | \"threat.indicator.geo.postal_code\" | \"threat.indicator.geo.region_iso_code\" | \"threat.indicator.geo.region_name\" | \"threat.indicator.geo.timezone\" | \"threat.indicator.ip\" | \"threat.indicator.last_seen\" | \"threat.indicator.marking.tlp\" | \"threat.indicator.marking.tlp_version\" | \"threat.indicator.modified_at\" | \"threat.indicator.name\" | \"threat.indicator.port\" | \"threat.indicator.provider\" | \"threat.indicator.reference\" | \"threat.indicator.registry.data.bytes\" | \"threat.indicator.registry.data.strings\" | \"threat.indicator.registry.data.type\" | \"threat.indicator.registry.hive\" | \"threat.indicator.registry.key\" | \"threat.indicator.registry.path\" | \"threat.indicator.registry.value\" | \"threat.indicator.scanner_stats\" | \"threat.indicator.sightings\" | \"threat.indicator.type\" | \"threat.indicator.url.domain\" | \"threat.indicator.url.extension\" | \"threat.indicator.url.fragment\" | \"threat.indicator.url.full\" | \"threat.indicator.url.original\" | \"threat.indicator.url.password\" | \"threat.indicator.url.path\" | \"threat.indicator.url.port\" | \"threat.indicator.url.query\" | \"threat.indicator.url.registered_domain\" | \"threat.indicator.url.scheme\" | \"threat.indicator.url.subdomain\" | \"threat.indicator.url.top_level_domain\" | \"threat.indicator.url.username\" | \"threat.indicator.x509.alternative_names\" | \"threat.indicator.x509.issuer.common_name\" | \"threat.indicator.x509.issuer.country\" | \"threat.indicator.x509.issuer.distinguished_name\" | \"threat.indicator.x509.issuer.locality\" | \"threat.indicator.x509.issuer.organization\" | \"threat.indicator.x509.issuer.organizational_unit\" | \"threat.indicator.x509.issuer.state_or_province\" | \"threat.indicator.x509.not_after\" | \"threat.indicator.x509.not_before\" | \"threat.indicator.x509.public_key_algorithm\" | \"threat.indicator.x509.public_key_curve\" | \"threat.indicator.x509.public_key_exponent\" | \"threat.indicator.x509.public_key_size\" | \"threat.indicator.x509.serial_number\" | \"threat.indicator.x509.signature_algorithm\" | \"threat.indicator.x509.subject.common_name\" | \"threat.indicator.x509.subject.country\" | \"threat.indicator.x509.subject.distinguished_name\" | \"threat.indicator.x509.subject.locality\" | \"threat.indicator.x509.subject.organization\" | \"threat.indicator.x509.subject.organizational_unit\" | \"threat.indicator.x509.subject.state_or_province\" | \"threat.indicator.x509.version_number\" | \"threat.software.alias\" | \"threat.software.id\" | \"threat.software.name\" | \"threat.software.platforms\" | \"threat.software.reference\" | \"threat.software.type\" | \"threat.tactic.id\" | \"threat.tactic.name\" | \"threat.tactic.reference\" | \"threat.technique.id\" | \"threat.technique.name\" | \"threat.technique.reference\" | \"threat.technique.subtechnique.id\" | \"threat.technique.subtechnique.name\" | \"threat.technique.subtechnique.reference\" | \"tls.cipher\" | \"tls.client.certificate\" | \"tls.client.certificate_chain\" | \"tls.client.hash.md5\" | \"tls.client.hash.sha1\" | \"tls.client.hash.sha256\" | \"tls.client.issuer\" | \"tls.client.ja3\" | \"tls.client.not_after\" | \"tls.client.not_before\" | \"tls.client.server_name\" | \"tls.client.subject\" | \"tls.client.supported_ciphers\" | \"tls.client.x509.alternative_names\" | \"tls.client.x509.issuer.common_name\" | \"tls.client.x509.issuer.country\" | \"tls.client.x509.issuer.distinguished_name\" | \"tls.client.x509.issuer.locality\" | \"tls.client.x509.issuer.organization\" | \"tls.client.x509.issuer.organizational_unit\" | \"tls.client.x509.issuer.state_or_province\" | \"tls.client.x509.not_after\" | \"tls.client.x509.not_before\" | \"tls.client.x509.public_key_algorithm\" | \"tls.client.x509.public_key_curve\" | \"tls.client.x509.public_key_exponent\" | \"tls.client.x509.public_key_size\" | \"tls.client.x509.serial_number\" | \"tls.client.x509.signature_algorithm\" | \"tls.client.x509.subject.common_name\" | \"tls.client.x509.subject.country\" | \"tls.client.x509.subject.distinguished_name\" | \"tls.client.x509.subject.locality\" | \"tls.client.x509.subject.organization\" | \"tls.client.x509.subject.organizational_unit\" | \"tls.client.x509.subject.state_or_province\" | \"tls.client.x509.version_number\" | \"tls.curve\" | \"tls.established\" | \"tls.next_protocol\" | \"tls.resumed\" | \"tls.server.certificate\" | \"tls.server.certificate_chain\" | \"tls.server.hash.md5\" | \"tls.server.hash.sha1\" | \"tls.server.hash.sha256\" | \"tls.server.issuer\" | \"tls.server.ja3s\" | \"tls.server.not_after\" | \"tls.server.not_before\" | \"tls.server.subject\" | \"tls.server.x509.alternative_names\" | \"tls.server.x509.issuer.common_name\" | \"tls.server.x509.issuer.country\" | \"tls.server.x509.issuer.distinguished_name\" | \"tls.server.x509.issuer.locality\" | \"tls.server.x509.issuer.organization\" | \"tls.server.x509.issuer.organizational_unit\" | \"tls.server.x509.issuer.state_or_province\" | \"tls.server.x509.not_after\" | \"tls.server.x509.not_before\" | \"tls.server.x509.public_key_algorithm\" | \"tls.server.x509.public_key_curve\" | \"tls.server.x509.public_key_exponent\" | \"tls.server.x509.public_key_size\" | \"tls.server.x509.serial_number\" | \"tls.server.x509.signature_algorithm\" | \"tls.server.x509.subject.common_name\" | \"tls.server.x509.subject.country\" | \"tls.server.x509.subject.distinguished_name\" | \"tls.server.x509.subject.locality\" | \"tls.server.x509.subject.organization\" | \"tls.server.x509.subject.organizational_unit\" | \"tls.server.x509.subject.state_or_province\" | \"tls.server.x509.version_number\" | \"tls.version\" | \"tls.version_protocol\" | \"trace.id\" | \"transaction.id\" | \"url.domain\" | \"url.extension\" | \"url.fragment\" | \"url.full\" | \"url.original\" | \"url.password\" | \"url.path\" | \"url.port\" | \"url.query\" | \"url.registered_domain\" | \"url.scheme\" | \"url.subdomain\" | \"url.top_level_domain\" | \"url.username\" | \"user.changes.domain\" | \"user.changes.email\" | \"user.changes.full_name\" | \"user.changes.group.domain\" | \"user.changes.group.id\" | \"user.changes.group.name\" | \"user.changes.hash\" | \"user.changes.id\" | \"user.changes.name\" | \"user.changes.roles\" | \"user.domain\" | \"user.effective.domain\" | \"user.effective.email\" | \"user.effective.full_name\" | \"user.effective.group.domain\" | \"user.effective.group.id\" | \"user.effective.group.name\" | \"user.effective.hash\" | \"user.effective.id\" | \"user.effective.name\" | \"user.effective.roles\" | \"user.email\" | \"user.full_name\" | \"user.group.domain\" | \"user.group.id\" | \"user.group.name\" | \"user.hash\" | \"user.id\" | \"user.name\" | \"user.risk.calculated_level\" | \"user.risk.calculated_score\" | \"user.risk.calculated_score_norm\" | \"user.risk.static_level\" | \"user.risk.static_score\" | \"user.risk.static_score_norm\" | \"user.roles\" | \"user.target.domain\" | \"user.target.email\" | \"user.target.full_name\" | \"user.target.group.domain\" | \"user.target.group.id\" | \"user.target.group.name\" | \"user.target.hash\" | \"user.target.id\" | \"user.target.name\" | \"user.target.roles\" | \"user_agent.device.name\" | \"user_agent.name\" | \"user_agent.original\" | \"user_agent.os.family\" | \"user_agent.os.full\" | \"user_agent.os.kernel\" | \"user_agent.os.name\" | \"user_agent.os.platform\" | \"user_agent.os.type\" | \"user_agent.os.version\" | \"user_agent.version\" | \"vulnerability.category\" | \"vulnerability.classification\" | \"vulnerability.description\" | \"vulnerability.enumeration\" | \"vulnerability.id\" | \"vulnerability.reference\" | \"vulnerability.report_id\" | \"vulnerability.scanner.vendor\" | \"vulnerability.score.base\" | \"vulnerability.score.environmental\" | \"vulnerability.score.temporal\" | \"vulnerability.score.version\" | \"vulnerability.severity\" | \"data_stream.dataset\" | \"data_stream.namespace\" | \"data_stream.type\" | \"dll.pe.sections.entropy\" | \"dll.pe.sections.name\" | \"dll.pe.sections.physical_size\" | \"dll.pe.sections.var_entropy\" | \"dll.pe.sections.virtual_size\" | \"dns.answers.class\" | \"dns.answers.data\" | \"dns.answers.name\" | \"dns.answers.ttl\" | \"dns.answers.type\" | \"email.attachments.file.extension\" | \"email.attachments.file.hash.md5\" | \"email.attachments.file.hash.sha1\" | \"email.attachments.file.hash.sha256\" | \"email.attachments.file.hash.sha384\" | \"email.attachments.file.hash.sha512\" | \"email.attachments.file.hash.ssdeep\" | \"email.attachments.file.hash.tlsh\" | \"email.attachments.file.mime_type\" | \"email.attachments.file.name\" | \"email.attachments.file.size\" | \"faas.trigger.request_id\" | \"faas.trigger.type\" | \"file.elf.sections.chi2\" | \"file.elf.sections.entropy\" | \"file.elf.sections.flags\" | \"file.elf.sections.name\" | \"file.elf.sections.physical_offset\" | \"file.elf.sections.physical_size\" | \"file.elf.sections.type\" | \"file.elf.sections.var_entropy\" | \"file.elf.sections.virtual_address\" | \"file.elf.sections.virtual_size\" | \"file.elf.segments.sections\" | \"file.elf.segments.type\" | \"file.macho.sections.entropy\" | \"file.macho.sections.name\" | \"file.macho.sections.physical_size\" | \"file.macho.sections.var_entropy\" | \"file.macho.sections.virtual_size\" | \"file.pe.sections.entropy\" | \"file.pe.sections.name\" | \"file.pe.sections.physical_size\" | \"file.pe.sections.var_entropy\" | \"file.pe.sections.virtual_size\" | \"log.syslog.appname\" | \"log.syslog.facility.code\" | \"log.syslog.facility.name\" | \"log.syslog.hostname\" | \"log.syslog.msgid\" | \"log.syslog.priority\" | \"log.syslog.procid\" | \"log.syslog.severity.code\" | \"log.syslog.severity.name\" | \"log.syslog.structured_data\" | \"log.syslog.version\" | \"network.inner.vlan.id\" | \"network.inner.vlan.name\" | \"observer.egress.interface.alias\" | \"observer.egress.interface.id\" | \"observer.egress.interface.name\" | \"observer.egress.vlan.id\" | \"observer.egress.vlan.name\" | \"observer.egress.zone\" | \"observer.ingress.interface.alias\" | \"observer.ingress.interface.id\" | \"observer.ingress.interface.name\" | \"observer.ingress.vlan.id\" | \"observer.ingress.vlan.name\" | \"observer.ingress.zone\" | \"process.elf.sections.chi2\" | \"process.elf.sections.entropy\" | \"process.elf.sections.flags\" | \"process.elf.sections.name\" | \"process.elf.sections.physical_offset\" | \"process.elf.sections.physical_size\" | \"process.elf.sections.type\" | \"process.elf.sections.var_entropy\" | \"process.elf.sections.virtual_address\" | \"process.elf.sections.virtual_size\" | \"process.elf.segments.sections\" | \"process.elf.segments.type\" | \"process.entry_leader.tty.char_device.major\" | \"process.entry_leader.tty.char_device.minor\" | \"process.group_leader.tty.char_device.major\" | \"process.group_leader.tty.char_device.minor\" | \"process.io.bytes_skipped\" | \"process.io.bytes_skipped.length\" | \"process.io.bytes_skipped.offset\" | \"process.io.max_bytes_per_process_exceeded\" | \"process.io.text\" | \"process.io.total_bytes_captured\" | \"process.io.total_bytes_skipped\" | \"process.io.type\" | \"process.macho.sections.entropy\" | \"process.macho.sections.name\" | \"process.macho.sections.physical_size\" | \"process.macho.sections.var_entropy\" | \"process.macho.sections.virtual_size\" | \"process.parent.elf.sections.chi2\" | \"process.parent.elf.sections.entropy\" | \"process.parent.elf.sections.flags\" | \"process.parent.elf.sections.name\" | \"process.parent.elf.sections.physical_offset\" | \"process.parent.elf.sections.physical_size\" | \"process.parent.elf.sections.type\" | \"process.parent.elf.sections.var_entropy\" | \"process.parent.elf.sections.virtual_address\" | \"process.parent.elf.sections.virtual_size\" | \"process.parent.elf.segments.sections\" | \"process.parent.elf.segments.type\" | \"process.parent.macho.sections.entropy\" | \"process.parent.macho.sections.name\" | \"process.parent.macho.sections.physical_size\" | \"process.parent.macho.sections.var_entropy\" | \"process.parent.macho.sections.virtual_size\" | \"process.parent.pe.sections.entropy\" | \"process.parent.pe.sections.name\" | \"process.parent.pe.sections.physical_size\" | \"process.parent.pe.sections.var_entropy\" | \"process.parent.pe.sections.virtual_size\" | \"process.parent.tty.char_device.major\" | \"process.parent.tty.char_device.minor\" | \"process.pe.sections.entropy\" | \"process.pe.sections.name\" | \"process.pe.sections.physical_size\" | \"process.pe.sections.var_entropy\" | \"process.pe.sections.virtual_size\" | \"process.session_leader.tty.char_device.major\" | \"process.session_leader.tty.char_device.minor\" | \"process.tty.char_device.major\" | \"process.tty.char_device.minor\" | \"process.tty.columns\" | \"process.tty.rows\" | \"threat.enrichments.indicator\" | \"threat.enrichments.indicator.as.number\" | \"threat.enrichments.indicator.as.organization.name\" | \"threat.enrichments.indicator.confidence\" | \"threat.enrichments.indicator.description\" | \"threat.enrichments.indicator.email.address\" | \"threat.enrichments.indicator.file.accessed\" | \"threat.enrichments.indicator.file.attributes\" | \"threat.enrichments.indicator.file.code_signature.digest_algorithm\" | \"threat.enrichments.indicator.file.code_signature.exists\" | \"threat.enrichments.indicator.file.code_signature.signing_id\" | \"threat.enrichments.indicator.file.code_signature.status\" | \"threat.enrichments.indicator.file.code_signature.subject_name\" | \"threat.enrichments.indicator.file.code_signature.team_id\" | \"threat.enrichments.indicator.file.code_signature.timestamp\" | \"threat.enrichments.indicator.file.code_signature.trusted\" | \"threat.enrichments.indicator.file.code_signature.valid\" | \"threat.enrichments.indicator.file.created\" | \"threat.enrichments.indicator.file.ctime\" | \"threat.enrichments.indicator.file.device\" | \"threat.enrichments.indicator.file.directory\" | \"threat.enrichments.indicator.file.drive_letter\" | \"threat.enrichments.indicator.file.elf.architecture\" | \"threat.enrichments.indicator.file.elf.byte_order\" | \"threat.enrichments.indicator.file.elf.cpu_type\" | \"threat.enrichments.indicator.file.elf.creation_date\" | \"threat.enrichments.indicator.file.elf.exports\" | \"threat.enrichments.indicator.file.elf.go_import_hash\" | \"threat.enrichments.indicator.file.elf.go_imports\" | \"threat.enrichments.indicator.file.elf.go_imports_names_entropy\" | \"threat.enrichments.indicator.file.elf.go_imports_names_var_entropy\" | \"threat.enrichments.indicator.file.elf.go_stripped\" | \"threat.enrichments.indicator.file.elf.header.abi_version\" | \"threat.enrichments.indicator.file.elf.header.class\" | \"threat.enrichments.indicator.file.elf.header.data\" | \"threat.enrichments.indicator.file.elf.header.entrypoint\" | \"threat.enrichments.indicator.file.elf.header.object_version\" | \"threat.enrichments.indicator.file.elf.header.os_abi\" | \"threat.enrichments.indicator.file.elf.header.type\" | \"threat.enrichments.indicator.file.elf.header.version\" | \"threat.enrichments.indicator.file.elf.import_hash\" | \"threat.enrichments.indicator.file.elf.imports\" | \"threat.enrichments.indicator.file.elf.imports_names_entropy\" | \"threat.enrichments.indicator.file.elf.imports_names_var_entropy\" | \"threat.enrichments.indicator.file.elf.sections\" | \"threat.enrichments.indicator.file.elf.sections.chi2\" | \"threat.enrichments.indicator.file.elf.sections.entropy\" | \"threat.enrichments.indicator.file.elf.sections.flags\" | \"threat.enrichments.indicator.file.elf.sections.name\" | \"threat.enrichments.indicator.file.elf.sections.physical_offset\" | \"threat.enrichments.indicator.file.elf.sections.physical_size\" | \"threat.enrichments.indicator.file.elf.sections.type\" | \"threat.enrichments.indicator.file.elf.sections.var_entropy\" | \"threat.enrichments.indicator.file.elf.sections.virtual_address\" | \"threat.enrichments.indicator.file.elf.sections.virtual_size\" | \"threat.enrichments.indicator.file.elf.segments\" | \"threat.enrichments.indicator.file.elf.segments.sections\" | \"threat.enrichments.indicator.file.elf.segments.type\" | \"threat.enrichments.indicator.file.elf.shared_libraries\" | \"threat.enrichments.indicator.file.elf.telfhash\" | \"threat.enrichments.indicator.file.extension\" | \"threat.enrichments.indicator.file.fork_name\" | \"threat.enrichments.indicator.file.gid\" | \"threat.enrichments.indicator.file.group\" | \"threat.enrichments.indicator.file.hash.md5\" | \"threat.enrichments.indicator.file.hash.sha1\" | \"threat.enrichments.indicator.file.hash.sha256\" | \"threat.enrichments.indicator.file.hash.sha384\" | \"threat.enrichments.indicator.file.hash.sha512\" | \"threat.enrichments.indicator.file.hash.ssdeep\" | \"threat.enrichments.indicator.file.hash.tlsh\" | \"threat.enrichments.indicator.file.inode\" | \"threat.enrichments.indicator.file.mime_type\" | \"threat.enrichments.indicator.file.mode\" | \"threat.enrichments.indicator.file.mtime\" | \"threat.enrichments.indicator.file.name\" | \"threat.enrichments.indicator.file.owner\" | \"threat.enrichments.indicator.file.path\" | \"threat.enrichments.indicator.file.pe.architecture\" | \"threat.enrichments.indicator.file.pe.company\" | \"threat.enrichments.indicator.file.pe.description\" | \"threat.enrichments.indicator.file.pe.file_version\" | \"threat.enrichments.indicator.file.pe.go_import_hash\" | \"threat.enrichments.indicator.file.pe.go_imports\" | \"threat.enrichments.indicator.file.pe.go_imports_names_entropy\" | \"threat.enrichments.indicator.file.pe.go_imports_names_var_entropy\" | \"threat.enrichments.indicator.file.pe.go_stripped\" | \"threat.enrichments.indicator.file.pe.imphash\" | \"threat.enrichments.indicator.file.pe.import_hash\" | \"threat.enrichments.indicator.file.pe.imports\" | \"threat.enrichments.indicator.file.pe.imports_names_entropy\" | \"threat.enrichments.indicator.file.pe.imports_names_var_entropy\" | \"threat.enrichments.indicator.file.pe.original_file_name\" | \"threat.enrichments.indicator.file.pe.pehash\" | \"threat.enrichments.indicator.file.pe.product\" | \"threat.enrichments.indicator.file.pe.sections\" | \"threat.enrichments.indicator.file.pe.sections.entropy\" | \"threat.enrichments.indicator.file.pe.sections.name\" | \"threat.enrichments.indicator.file.pe.sections.physical_size\" | \"threat.enrichments.indicator.file.pe.sections.var_entropy\" | \"threat.enrichments.indicator.file.pe.sections.virtual_size\" | \"threat.enrichments.indicator.file.size\" | \"threat.enrichments.indicator.file.target_path\" | \"threat.enrichments.indicator.file.type\" | \"threat.enrichments.indicator.file.uid\" | \"threat.enrichments.indicator.file.x509.alternative_names\" | \"threat.enrichments.indicator.file.x509.issuer.common_name\" | \"threat.enrichments.indicator.file.x509.issuer.country\" | \"threat.enrichments.indicator.file.x509.issuer.distinguished_name\" | \"threat.enrichments.indicator.file.x509.issuer.locality\" | \"threat.enrichments.indicator.file.x509.issuer.organization\" | \"threat.enrichments.indicator.file.x509.issuer.organizational_unit\" | \"threat.enrichments.indicator.file.x509.issuer.state_or_province\" | \"threat.enrichments.indicator.file.x509.not_after\" | \"threat.enrichments.indicator.file.x509.not_before\" | \"threat.enrichments.indicator.file.x509.public_key_algorithm\" | \"threat.enrichments.indicator.file.x509.public_key_curve\" | \"threat.enrichments.indicator.file.x509.public_key_exponent\" | \"threat.enrichments.indicator.file.x509.public_key_size\" | \"threat.enrichments.indicator.file.x509.serial_number\" | \"threat.enrichments.indicator.file.x509.signature_algorithm\" | \"threat.enrichments.indicator.file.x509.subject.common_name\" | \"threat.enrichments.indicator.file.x509.subject.country\" | \"threat.enrichments.indicator.file.x509.subject.distinguished_name\" | \"threat.enrichments.indicator.file.x509.subject.locality\" | \"threat.enrichments.indicator.file.x509.subject.organization\" | \"threat.enrichments.indicator.file.x509.subject.organizational_unit\" | \"threat.enrichments.indicator.file.x509.subject.state_or_province\" | \"threat.enrichments.indicator.file.x509.version_number\" | \"threat.enrichments.indicator.first_seen\" | \"threat.enrichments.indicator.geo.city_name\" | \"threat.enrichments.indicator.geo.continent_code\" | \"threat.enrichments.indicator.geo.continent_name\" | \"threat.enrichments.indicator.geo.country_iso_code\" | \"threat.enrichments.indicator.geo.country_name\" | \"threat.enrichments.indicator.geo.location\" | \"threat.enrichments.indicator.geo.name\" | \"threat.enrichments.indicator.geo.postal_code\" | \"threat.enrichments.indicator.geo.region_iso_code\" | \"threat.enrichments.indicator.geo.region_name\" | \"threat.enrichments.indicator.geo.timezone\" | \"threat.enrichments.indicator.ip\" | \"threat.enrichments.indicator.last_seen\" | \"threat.enrichments.indicator.marking.tlp\" | \"threat.enrichments.indicator.marking.tlp_version\" | \"threat.enrichments.indicator.modified_at\" | \"threat.enrichments.indicator.name\" | \"threat.enrichments.indicator.port\" | \"threat.enrichments.indicator.provider\" | \"threat.enrichments.indicator.reference\" | \"threat.enrichments.indicator.registry.data.bytes\" | \"threat.enrichments.indicator.registry.data.strings\" | \"threat.enrichments.indicator.registry.data.type\" | \"threat.enrichments.indicator.registry.hive\" | \"threat.enrichments.indicator.registry.key\" | \"threat.enrichments.indicator.registry.path\" | \"threat.enrichments.indicator.registry.value\" | \"threat.enrichments.indicator.scanner_stats\" | \"threat.enrichments.indicator.sightings\" | \"threat.enrichments.indicator.type\" | \"threat.enrichments.indicator.url.domain\" | \"threat.enrichments.indicator.url.extension\" | \"threat.enrichments.indicator.url.fragment\" | \"threat.enrichments.indicator.url.full\" | \"threat.enrichments.indicator.url.original\" | \"threat.enrichments.indicator.url.password\" | \"threat.enrichments.indicator.url.path\" | \"threat.enrichments.indicator.url.port\" | \"threat.enrichments.indicator.url.query\" | \"threat.enrichments.indicator.url.registered_domain\" | \"threat.enrichments.indicator.url.scheme\" | \"threat.enrichments.indicator.url.subdomain\" | \"threat.enrichments.indicator.url.top_level_domain\" | \"threat.enrichments.indicator.url.username\" | \"threat.enrichments.indicator.x509.alternative_names\" | \"threat.enrichments.indicator.x509.issuer.common_name\" | \"threat.enrichments.indicator.x509.issuer.country\" | \"threat.enrichments.indicator.x509.issuer.distinguished_name\" | \"threat.enrichments.indicator.x509.issuer.locality\" | \"threat.enrichments.indicator.x509.issuer.organization\" | \"threat.enrichments.indicator.x509.issuer.organizational_unit\" | \"threat.enrichments.indicator.x509.issuer.state_or_province\" | \"threat.enrichments.indicator.x509.not_after\" | \"threat.enrichments.indicator.x509.not_before\" | \"threat.enrichments.indicator.x509.public_key_algorithm\" | \"threat.enrichments.indicator.x509.public_key_curve\" | \"threat.enrichments.indicator.x509.public_key_exponent\" | \"threat.enrichments.indicator.x509.public_key_size\" | \"threat.enrichments.indicator.x509.serial_number\" | \"threat.enrichments.indicator.x509.signature_algorithm\" | \"threat.enrichments.indicator.x509.subject.common_name\" | \"threat.enrichments.indicator.x509.subject.country\" | \"threat.enrichments.indicator.x509.subject.distinguished_name\" | \"threat.enrichments.indicator.x509.subject.locality\" | \"threat.enrichments.indicator.x509.subject.organization\" | \"threat.enrichments.indicator.x509.subject.organizational_unit\" | \"threat.enrichments.indicator.x509.subject.state_or_province\" | \"threat.enrichments.indicator.x509.version_number\" | \"threat.enrichments.matched.atomic\" | \"threat.enrichments.matched.field\" | \"threat.enrichments.matched.id\" | \"threat.enrichments.matched.index\" | \"threat.enrichments.matched.occurred\" | \"threat.enrichments.matched.type\" | \"threat.indicator.file.elf.sections.chi2\" | \"threat.indicator.file.elf.sections.entropy\" | \"threat.indicator.file.elf.sections.flags\" | \"threat.indicator.file.elf.sections.name\" | \"threat.indicator.file.elf.sections.physical_offset\" | \"threat.indicator.file.elf.sections.physical_size\" | \"threat.indicator.file.elf.sections.type\" | \"threat.indicator.file.elf.sections.var_entropy\" | \"threat.indicator.file.elf.sections.virtual_address\" | \"threat.indicator.file.elf.sections.virtual_size\" | \"threat.indicator.file.elf.segments.sections\" | \"threat.indicator.file.elf.segments.type\" | \"threat.indicator.file.pe.sections.entropy\" | \"threat.indicator.file.pe.sections.name\" | \"threat.indicator.file.pe.sections.physical_size\" | \"threat.indicator.file.pe.sections.var_entropy\" | \"threat.indicator.file.pe.sections.virtual_size\""
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldAttribute",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "FieldAttribute",
|
|
"description": [],
|
|
"signature": [
|
|
"\"source\" | \"type\" | \"normalize\" | \"short\" | \"format\" | \"name\" | \"index\" | \"description\" | \"pattern\" | \"doc_values\" | \"ignore_above\" | \"required\" | \"beta\" | \"level\" | \"allowed_values\" | \"dashed_name\" | \"example\" | \"expected_values\" | \"flat_name\" | \"input_format\" | \"multi_fields\" | \"object_type\" | \"original_fieldset\" | \"output_format\" | \"output_precision\" | \"scaling_factor\" | \"documentation_url\""
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldMetadataPlain",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "FieldMetadataPlain",
|
|
"description": [],
|
|
"signature": [
|
|
"{ name: string; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.FieldName",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "FieldName",
|
|
"description": [],
|
|
"signature": [
|
|
"\"@timestamp\" | \"event.sequence\" | \"event.start\" | \"event.end\" | \"event.provider\" | \"event.duration\" | \"event.action\" | \"message\" | \"event.outcome\" | \"tags\" | \"event.kind\" | \"event.original\" | \"agent.name\" | \"container.id\" | \"host.name\" | \"labels\" | \"service.environment\" | \"service.name\" | \"ecs.version\" | \"agent.build.original\" | \"agent.ephemeral_id\" | \"agent.id\" | \"agent.type\" | \"agent.version\" | \"client.address\" | \"client.as.number\" | \"client.as.organization.name\" | \"client.bytes\" | \"client.domain\" | \"client.geo.city_name\" | \"client.geo.continent_code\" | \"client.geo.continent_name\" | \"client.geo.country_iso_code\" | \"client.geo.country_name\" | \"client.geo.location\" | \"client.geo.name\" | \"client.geo.postal_code\" | \"client.geo.region_iso_code\" | \"client.geo.region_name\" | \"client.geo.timezone\" | \"client.ip\" | \"client.mac\" | \"client.nat.ip\" | \"client.nat.port\" | \"client.packets\" | \"client.port\" | \"client.registered_domain\" | \"client.subdomain\" | \"client.top_level_domain\" | \"client.user.domain\" | \"client.user.email\" | \"client.user.full_name\" | \"client.user.group.domain\" | \"client.user.group.id\" | \"client.user.group.name\" | \"client.user.hash\" | \"client.user.id\" | \"client.user.name\" | \"client.user.roles\" | \"cloud.account.id\" | \"cloud.account.name\" | \"cloud.availability_zone\" | \"cloud.instance.id\" | \"cloud.instance.name\" | \"cloud.machine.type\" | \"cloud.origin.account.id\" | \"cloud.origin.account.name\" | \"cloud.origin.availability_zone\" | \"cloud.origin.instance.id\" | \"cloud.origin.instance.name\" | \"cloud.origin.machine.type\" | \"cloud.origin.project.id\" | \"cloud.origin.project.name\" | \"cloud.origin.provider\" | \"cloud.origin.region\" | \"cloud.origin.service.name\" | \"cloud.project.id\" | \"cloud.project.name\" | \"cloud.provider\" | \"cloud.region\" | \"cloud.service.name\" | \"cloud.target.account.id\" | \"cloud.target.account.name\" | \"cloud.target.availability_zone\" | \"cloud.target.instance.id\" | \"cloud.target.instance.name\" | \"cloud.target.machine.type\" | \"cloud.target.project.id\" | \"cloud.target.project.name\" | \"cloud.target.provider\" | \"cloud.target.region\" | \"cloud.target.service.name\" | \"container.cpu.usage\" | \"container.disk.read.bytes\" | \"container.disk.write.bytes\" | \"container.image.hash.all\" | \"container.image.name\" | \"container.image.tag\" | \"container.labels\" | \"container.memory.usage\" | \"container.name\" | \"container.network.egress.bytes\" | \"container.network.ingress.bytes\" | \"container.runtime\" | \"container.security_context.privileged\" | \"destination.address\" | \"destination.as.number\" | \"destination.as.organization.name\" | \"destination.bytes\" | \"destination.domain\" | \"destination.geo.city_name\" | \"destination.geo.continent_code\" | \"destination.geo.continent_name\" | \"destination.geo.country_iso_code\" | \"destination.geo.country_name\" | \"destination.geo.location\" | \"destination.geo.name\" | \"destination.geo.postal_code\" | \"destination.geo.region_iso_code\" | \"destination.geo.region_name\" | \"destination.geo.timezone\" | \"destination.ip\" | \"destination.mac\" | \"destination.nat.ip\" | \"destination.nat.port\" | \"destination.packets\" | \"destination.port\" | \"destination.registered_domain\" | \"destination.subdomain\" | \"destination.top_level_domain\" | \"destination.user.domain\" | \"destination.user.email\" | \"destination.user.full_name\" | \"destination.user.group.domain\" | \"destination.user.group.id\" | \"destination.user.group.name\" | \"destination.user.hash\" | \"destination.user.id\" | \"destination.user.name\" | \"destination.user.roles\" | \"device.id\" | \"device.manufacturer\" | \"device.model.identifier\" | \"device.model.name\" | \"dll.code_signature.digest_algorithm\" | \"dll.code_signature.exists\" | \"dll.code_signature.signing_id\" | \"dll.code_signature.status\" | \"dll.code_signature.subject_name\" | \"dll.code_signature.team_id\" | \"dll.code_signature.timestamp\" | \"dll.code_signature.trusted\" | \"dll.code_signature.valid\" | \"dll.hash.md5\" | \"dll.hash.sha1\" | \"dll.hash.sha256\" | \"dll.hash.sha384\" | \"dll.hash.sha512\" | \"dll.hash.ssdeep\" | \"dll.hash.tlsh\" | \"dll.name\" | \"dll.path\" | \"dll.pe.architecture\" | \"dll.pe.company\" | \"dll.pe.description\" | \"dll.pe.file_version\" | \"dll.pe.go_import_hash\" | \"dll.pe.go_imports\" | \"dll.pe.go_imports_names_entropy\" | \"dll.pe.go_imports_names_var_entropy\" | \"dll.pe.go_stripped\" | \"dll.pe.imphash\" | \"dll.pe.import_hash\" | \"dll.pe.imports\" | \"dll.pe.imports_names_entropy\" | \"dll.pe.imports_names_var_entropy\" | \"dll.pe.original_file_name\" | \"dll.pe.pehash\" | \"dll.pe.product\" | \"dll.pe.sections\" | \"dns.answers\" | \"dns.header_flags\" | \"dns.id\" | \"dns.op_code\" | \"dns.question.class\" | \"dns.question.name\" | \"dns.question.registered_domain\" | \"dns.question.subdomain\" | \"dns.question.top_level_domain\" | \"dns.question.type\" | \"dns.resolved_ip\" | \"dns.response_code\" | \"dns.type\" | \"email.attachments\" | \"file.extension\" | \"file.hash.md5\" | \"file.hash.sha1\" | \"file.hash.sha256\" | \"file.hash.sha384\" | \"file.hash.sha512\" | \"file.hash.ssdeep\" | \"file.hash.tlsh\" | \"file.mime_type\" | \"file.name\" | \"file.size\" | \"email.bcc.address\" | \"email.cc.address\" | \"email.content_type\" | \"email.delivery_timestamp\" | \"email.direction\" | \"email.from.address\" | \"email.local_id\" | \"email.message_id\" | \"email.origination_timestamp\" | \"email.reply_to.address\" | \"email.sender.address\" | \"email.subject\" | \"email.to.address\" | \"email.x_mailer\" | \"error.code\" | \"error.id\" | \"error.message\" | \"error.stack_trace\" | \"error.type\" | \"event.agent_id_status\" | \"event.category\" | \"event.code\" | \"event.created\" | \"event.dataset\" | \"event.hash\" | \"event.id\" | \"event.ingested\" | \"event.module\" | \"event.reason\" | \"event.reference\" | \"event.risk_score\" | \"event.risk_score_norm\" | \"event.severity\" | \"event.timezone\" | \"event.type\" | \"event.url\" | \"faas.coldstart\" | \"faas.execution\" | \"faas.id\" | \"faas.name\" | \"faas.version\" | \"file.accessed\" | \"file.attributes\" | \"file.code_signature.digest_algorithm\" | \"file.code_signature.exists\" | \"file.code_signature.signing_id\" | \"file.code_signature.status\" | \"file.code_signature.subject_name\" | \"file.code_signature.team_id\" | \"file.code_signature.timestamp\" | \"file.code_signature.trusted\" | \"file.code_signature.valid\" | \"file.created\" | \"file.ctime\" | \"file.device\" | \"file.directory\" | \"file.drive_letter\" | \"file.elf.architecture\" | \"file.elf.byte_order\" | \"file.elf.cpu_type\" | \"file.elf.creation_date\" | \"file.elf.exports\" | \"file.elf.go_import_hash\" | \"file.elf.go_imports\" | \"file.elf.go_imports_names_entropy\" | \"file.elf.go_imports_names_var_entropy\" | \"file.elf.go_stripped\" | \"file.elf.header.abi_version\" | \"file.elf.header.class\" | \"file.elf.header.data\" | \"file.elf.header.entrypoint\" | \"file.elf.header.object_version\" | \"file.elf.header.os_abi\" | \"file.elf.header.type\" | \"file.elf.header.version\" | \"file.elf.import_hash\" | \"file.elf.imports\" | \"file.elf.imports_names_entropy\" | \"file.elf.imports_names_var_entropy\" | \"file.elf.sections\" | \"file.elf.segments\" | \"file.elf.shared_libraries\" | \"file.elf.telfhash\" | \"file.fork_name\" | \"file.gid\" | \"file.group\" | \"file.inode\" | \"file.macho.go_import_hash\" | \"file.macho.go_imports\" | \"file.macho.go_imports_names_entropy\" | \"file.macho.go_imports_names_var_entropy\" | \"file.macho.go_stripped\" | \"file.macho.import_hash\" | \"file.macho.imports\" | \"file.macho.imports_names_entropy\" | \"file.macho.imports_names_var_entropy\" | \"file.macho.sections\" | \"file.macho.symhash\" | \"file.mode\" | \"file.mtime\" | \"file.owner\" | \"file.path\" | \"file.pe.architecture\" | \"file.pe.company\" | \"file.pe.description\" | \"file.pe.file_version\" | \"file.pe.go_import_hash\" | \"file.pe.go_imports\" | \"file.pe.go_imports_names_entropy\" | \"file.pe.go_imports_names_var_entropy\" | \"file.pe.go_stripped\" | \"file.pe.imphash\" | \"file.pe.import_hash\" | \"file.pe.imports\" | \"file.pe.imports_names_entropy\" | \"file.pe.imports_names_var_entropy\" | \"file.pe.original_file_name\" | \"file.pe.pehash\" | \"file.pe.product\" | \"file.pe.sections\" | \"file.target_path\" | \"file.type\" | \"file.uid\" | \"file.x509.alternative_names\" | \"file.x509.issuer.common_name\" | \"file.x509.issuer.country\" | \"file.x509.issuer.distinguished_name\" | \"file.x509.issuer.locality\" | \"file.x509.issuer.organization\" | \"file.x509.issuer.organizational_unit\" | \"file.x509.issuer.state_or_province\" | \"file.x509.not_after\" | \"file.x509.not_before\" | \"file.x509.public_key_algorithm\" | \"file.x509.public_key_curve\" | \"file.x509.public_key_exponent\" | \"file.x509.public_key_size\" | \"file.x509.serial_number\" | \"file.x509.signature_algorithm\" | \"file.x509.subject.common_name\" | \"file.x509.subject.country\" | \"file.x509.subject.distinguished_name\" | \"file.x509.subject.locality\" | \"file.x509.subject.organization\" | \"file.x509.subject.organizational_unit\" | \"file.x509.subject.state_or_province\" | \"file.x509.version_number\" | \"group.domain\" | \"group.id\" | \"group.name\" | \"host.architecture\" | \"host.boot.id\" | \"host.cpu.usage\" | \"host.disk.read.bytes\" | \"host.disk.write.bytes\" | \"host.domain\" | \"host.geo.city_name\" | \"host.geo.continent_code\" | \"host.geo.continent_name\" | \"host.geo.country_iso_code\" | \"host.geo.country_name\" | \"host.geo.location\" | \"host.geo.name\" | \"host.geo.postal_code\" | \"host.geo.region_iso_code\" | \"host.geo.region_name\" | \"host.geo.timezone\" | \"host.hostname\" | \"host.id\" | \"host.ip\" | \"host.mac\" | \"host.network.egress.bytes\" | \"host.network.egress.packets\" | \"host.network.ingress.bytes\" | \"host.network.ingress.packets\" | \"host.os.family\" | \"host.os.full\" | \"host.os.kernel\" | \"host.os.name\" | \"host.os.platform\" | \"host.os.type\" | \"host.os.version\" | \"host.pid_ns_ino\" | \"host.risk.calculated_level\" | \"host.risk.calculated_score\" | \"host.risk.calculated_score_norm\" | \"host.risk.static_level\" | \"host.risk.static_score\" | \"host.risk.static_score_norm\" | \"host.type\" | \"host.uptime\" | \"http.request.body.bytes\" | \"http.request.body.content\" | \"http.request.bytes\" | \"http.request.id\" | \"http.request.method\" | \"http.request.mime_type\" | \"http.request.referrer\" | \"http.response.body.bytes\" | \"http.response.body.content\" | \"http.response.bytes\" | \"http.response.mime_type\" | \"http.response.status_code\" | \"http.version\" | \"log.file.path\" | \"log.level\" | \"log.logger\" | \"log.origin.file.line\" | \"log.origin.file.name\" | \"log.origin.function\" | \"log.syslog\" | \"network.application\" | \"network.bytes\" | \"network.community_id\" | \"network.direction\" | \"network.forwarded_ip\" | \"network.iana_number\" | \"network.inner\" | \"network.name\" | \"network.packets\" | \"network.protocol\" | \"network.transport\" | \"network.type\" | \"network.vlan.id\" | \"network.vlan.name\" | \"observer.egress\" | \"observer.geo.city_name\" | \"observer.geo.continent_code\" | \"observer.geo.continent_name\" | \"observer.geo.country_iso_code\" | \"observer.geo.country_name\" | \"observer.geo.location\" | \"observer.geo.name\" | \"observer.geo.postal_code\" | \"observer.geo.region_iso_code\" | \"observer.geo.region_name\" | \"observer.geo.timezone\" | \"observer.hostname\" | \"observer.ingress\" | \"observer.ip\" | \"observer.mac\" | \"observer.name\" | \"observer.os.family\" | \"observer.os.full\" | \"observer.os.kernel\" | \"observer.os.name\" | \"observer.os.platform\" | \"observer.os.type\" | \"observer.os.version\" | \"observer.product\" | \"observer.serial_number\" | \"observer.type\" | \"observer.vendor\" | \"observer.version\" | \"orchestrator.api_version\" | \"orchestrator.cluster.id\" | \"orchestrator.cluster.name\" | \"orchestrator.cluster.url\" | \"orchestrator.cluster.version\" | \"orchestrator.namespace\" | \"orchestrator.organization\" | \"orchestrator.resource.annotation\" | \"orchestrator.resource.id\" | \"orchestrator.resource.ip\" | \"orchestrator.resource.label\" | \"orchestrator.resource.name\" | \"orchestrator.resource.parent.type\" | \"orchestrator.resource.type\" | \"orchestrator.type\" | \"organization.id\" | \"organization.name\" | \"package.architecture\" | \"package.build_version\" | \"package.checksum\" | \"package.description\" | \"package.install_scope\" | \"package.installed\" | \"package.license\" | \"package.name\" | \"package.path\" | \"package.reference\" | \"package.size\" | \"package.type\" | \"package.version\" | \"process.args\" | \"process.args_count\" | \"process.code_signature.digest_algorithm\" | \"process.code_signature.exists\" | \"process.code_signature.signing_id\" | \"process.code_signature.status\" | \"process.code_signature.subject_name\" | \"process.code_signature.team_id\" | \"process.code_signature.timestamp\" | \"process.code_signature.trusted\" | \"process.code_signature.valid\" | \"process.command_line\" | \"process.elf.architecture\" | \"process.elf.byte_order\" | \"process.elf.cpu_type\" | \"process.elf.creation_date\" | \"process.elf.exports\" | \"process.elf.go_import_hash\" | \"process.elf.go_imports\" | \"process.elf.go_imports_names_entropy\" | \"process.elf.go_imports_names_var_entropy\" | \"process.elf.go_stripped\" | \"process.elf.header.abi_version\" | \"process.elf.header.class\" | \"process.elf.header.data\" | \"process.elf.header.entrypoint\" | \"process.elf.header.object_version\" | \"process.elf.header.os_abi\" | \"process.elf.header.type\" | \"process.elf.header.version\" | \"process.elf.import_hash\" | \"process.elf.imports\" | \"process.elf.imports_names_entropy\" | \"process.elf.imports_names_var_entropy\" | \"process.elf.sections\" | \"process.elf.segments\" | \"process.elf.shared_libraries\" | \"process.elf.telfhash\" | \"process.end\" | \"process.entity_id\" | \"process.entry_leader.args\" | \"process.entry_leader.args_count\" | \"process.entry_leader.attested_groups.name\" | \"process.entry_leader.attested_user.id\" | \"process.entry_leader.attested_user.name\" | \"process.entry_leader.command_line\" | \"process.entry_leader.entity_id\" | \"process.entry_leader.entry_meta.source.ip\" | \"process.entry_leader.entry_meta.type\" | \"process.entry_leader.executable\" | \"process.entry_leader.group.id\" | \"process.entry_leader.group.name\" | \"process.entry_leader.interactive\" | \"process.entry_leader.name\" | \"process.entry_leader.parent.entity_id\" | \"process.entry_leader.parent.pid\" | \"process.entry_leader.parent.session_leader.entity_id\" | \"process.entry_leader.parent.session_leader.pid\" | \"process.entry_leader.parent.session_leader.start\" | \"process.entry_leader.parent.session_leader.vpid\" | \"process.entry_leader.parent.start\" | \"process.entry_leader.parent.vpid\" | \"process.entry_leader.pid\" | \"process.entry_leader.real_group.id\" | \"process.entry_leader.real_group.name\" | \"process.entry_leader.real_user.id\" | \"process.entry_leader.real_user.name\" | \"process.entry_leader.same_as_process\" | \"process.entry_leader.saved_group.id\" | \"process.entry_leader.saved_group.name\" | \"process.entry_leader.saved_user.id\" | \"process.entry_leader.saved_user.name\" | \"process.entry_leader.start\" | \"process.entry_leader.supplemental_groups.id\" | \"process.entry_leader.supplemental_groups.name\" | \"process.entry_leader.tty\" | \"process.entry_leader.user.id\" | \"process.entry_leader.user.name\" | \"process.entry_leader.vpid\" | \"process.entry_leader.working_directory\" | \"process.env_vars\" | \"process.executable\" | \"process.exit_code\" | \"process.group_leader.args\" | \"process.group_leader.args_count\" | \"process.group_leader.command_line\" | \"process.group_leader.entity_id\" | \"process.group_leader.executable\" | \"process.group_leader.group.id\" | \"process.group_leader.group.name\" | \"process.group_leader.interactive\" | \"process.group_leader.name\" | \"process.group_leader.pid\" | \"process.group_leader.real_group.id\" | \"process.group_leader.real_group.name\" | \"process.group_leader.real_user.id\" | \"process.group_leader.real_user.name\" | \"process.group_leader.same_as_process\" | \"process.group_leader.saved_group.id\" | \"process.group_leader.saved_group.name\" | \"process.group_leader.saved_user.id\" | \"process.group_leader.saved_user.name\" | \"process.group_leader.start\" | \"process.group_leader.supplemental_groups.id\" | \"process.group_leader.supplemental_groups.name\" | \"process.group_leader.tty\" | \"process.group_leader.user.id\" | \"process.group_leader.user.name\" | \"process.group_leader.vpid\" | \"process.group_leader.working_directory\" | \"process.hash.md5\" | \"process.hash.sha1\" | \"process.hash.sha256\" | \"process.hash.sha384\" | \"process.hash.sha512\" | \"process.hash.ssdeep\" | \"process.hash.tlsh\" | \"process.interactive\" | \"process.io\" | \"process.macho.go_import_hash\" | \"process.macho.go_imports\" | \"process.macho.go_imports_names_entropy\" | \"process.macho.go_imports_names_var_entropy\" | \"process.macho.go_stripped\" | \"process.macho.import_hash\" | \"process.macho.imports\" | \"process.macho.imports_names_entropy\" | \"process.macho.imports_names_var_entropy\" | \"process.macho.sections\" | \"process.macho.symhash\" | \"process.name\" | \"process.parent.args\" | \"process.parent.args_count\" | \"process.parent.code_signature.digest_algorithm\" | \"process.parent.code_signature.exists\" | \"process.parent.code_signature.signing_id\" | \"process.parent.code_signature.status\" | \"process.parent.code_signature.subject_name\" | \"process.parent.code_signature.team_id\" | \"process.parent.code_signature.timestamp\" | \"process.parent.code_signature.trusted\" | \"process.parent.code_signature.valid\" | \"process.parent.command_line\" | \"process.parent.elf.architecture\" | \"process.parent.elf.byte_order\" | \"process.parent.elf.cpu_type\" | \"process.parent.elf.creation_date\" | \"process.parent.elf.exports\" | \"process.parent.elf.go_import_hash\" | \"process.parent.elf.go_imports\" | \"process.parent.elf.go_imports_names_entropy\" | \"process.parent.elf.go_imports_names_var_entropy\" | \"process.parent.elf.go_stripped\" | \"process.parent.elf.header.abi_version\" | \"process.parent.elf.header.class\" | \"process.parent.elf.header.data\" | \"process.parent.elf.header.entrypoint\" | \"process.parent.elf.header.object_version\" | \"process.parent.elf.header.os_abi\" | \"process.parent.elf.header.type\" | \"process.parent.elf.header.version\" | \"process.parent.elf.import_hash\" | \"process.parent.elf.imports\" | \"process.parent.elf.imports_names_entropy\" | \"process.parent.elf.imports_names_var_entropy\" | \"process.parent.elf.sections\" | \"process.parent.elf.segments\" | \"process.parent.elf.shared_libraries\" | \"process.parent.elf.telfhash\" | \"process.parent.end\" | \"process.parent.entity_id\" | \"process.parent.executable\" | \"process.parent.exit_code\" | \"process.parent.group.id\" | \"process.parent.group.name\" | \"process.parent.group_leader.entity_id\" | \"process.parent.group_leader.pid\" | \"process.parent.group_leader.start\" | \"process.parent.group_leader.vpid\" | \"process.parent.hash.md5\" | \"process.parent.hash.sha1\" | \"process.parent.hash.sha256\" | \"process.parent.hash.sha384\" | \"process.parent.hash.sha512\" | \"process.parent.hash.ssdeep\" | \"process.parent.hash.tlsh\" | \"process.parent.interactive\" | \"process.parent.macho.go_import_hash\" | \"process.parent.macho.go_imports\" | \"process.parent.macho.go_imports_names_entropy\" | \"process.parent.macho.go_imports_names_var_entropy\" | \"process.parent.macho.go_stripped\" | \"process.parent.macho.import_hash\" | \"process.parent.macho.imports\" | \"process.parent.macho.imports_names_entropy\" | \"process.parent.macho.imports_names_var_entropy\" | \"process.parent.macho.sections\" | \"process.parent.macho.symhash\" | \"process.parent.name\" | \"process.parent.pe.architecture\" | \"process.parent.pe.company\" | \"process.parent.pe.description\" | \"process.parent.pe.file_version\" | \"process.parent.pe.go_import_hash\" | \"process.parent.pe.go_imports\" | \"process.parent.pe.go_imports_names_entropy\" | \"process.parent.pe.go_imports_names_var_entropy\" | \"process.parent.pe.go_stripped\" | \"process.parent.pe.imphash\" | \"process.parent.pe.import_hash\" | \"process.parent.pe.imports\" | \"process.parent.pe.imports_names_entropy\" | \"process.parent.pe.imports_names_var_entropy\" | \"process.parent.pe.original_file_name\" | \"process.parent.pe.pehash\" | \"process.parent.pe.product\" | \"process.parent.pe.sections\" | \"process.parent.pgid\" | \"process.parent.pid\" | \"process.parent.real_group.id\" | \"process.parent.real_group.name\" | \"process.parent.real_user.id\" | \"process.parent.real_user.name\" | \"process.parent.saved_group.id\" | \"process.parent.saved_group.name\" | \"process.parent.saved_user.id\" | \"process.parent.saved_user.name\" | \"process.parent.start\" | \"process.parent.supplemental_groups.id\" | \"process.parent.supplemental_groups.name\" | \"process.parent.thread.capabilities.effective\" | \"process.parent.thread.capabilities.permitted\" | \"process.parent.thread.id\" | \"process.parent.thread.name\" | \"process.parent.title\" | \"process.parent.tty\" | \"process.parent.uptime\" | \"process.parent.user.id\" | \"process.parent.user.name\" | \"process.parent.vpid\" | \"process.parent.working_directory\" | \"process.pe.architecture\" | \"process.pe.company\" | \"process.pe.description\" | \"process.pe.file_version\" | \"process.pe.go_import_hash\" | \"process.pe.go_imports\" | \"process.pe.go_imports_names_entropy\" | \"process.pe.go_imports_names_var_entropy\" | \"process.pe.go_stripped\" | \"process.pe.imphash\" | \"process.pe.import_hash\" | \"process.pe.imports\" | \"process.pe.imports_names_entropy\" | \"process.pe.imports_names_var_entropy\" | \"process.pe.original_file_name\" | \"process.pe.pehash\" | \"process.pe.product\" | \"process.pe.sections\" | \"process.pgid\" | \"process.pid\" | \"process.previous.args\" | \"process.previous.args_count\" | \"process.previous.executable\" | \"process.real_group.id\" | \"process.real_group.name\" | \"process.real_user.id\" | \"process.real_user.name\" | \"process.saved_group.id\" | \"process.saved_group.name\" | \"process.saved_user.id\" | \"process.saved_user.name\" | \"process.session_leader.args\" | \"process.session_leader.args_count\" | \"process.session_leader.command_line\" | \"process.session_leader.entity_id\" | \"process.session_leader.executable\" | \"process.session_leader.group.id\" | \"process.session_leader.group.name\" | \"process.session_leader.interactive\" | \"process.session_leader.name\" | \"process.session_leader.parent.entity_id\" | \"process.session_leader.parent.pid\" | \"process.session_leader.parent.session_leader.entity_id\" | \"process.session_leader.parent.session_leader.pid\" | \"process.session_leader.parent.session_leader.start\" | \"process.session_leader.parent.session_leader.vpid\" | \"process.session_leader.parent.start\" | \"process.session_leader.parent.vpid\" | \"process.session_leader.pid\" | \"process.session_leader.real_group.id\" | \"process.session_leader.real_group.name\" | \"process.session_leader.real_user.id\" | \"process.session_leader.real_user.name\" | \"process.session_leader.same_as_process\" | \"process.session_leader.saved_group.id\" | \"process.session_leader.saved_group.name\" | \"process.session_leader.saved_user.id\" | \"process.session_leader.saved_user.name\" | \"process.session_leader.start\" | \"process.session_leader.supplemental_groups.id\" | \"process.session_leader.supplemental_groups.name\" | \"process.session_leader.tty\" | \"process.session_leader.user.id\" | \"process.session_leader.user.name\" | \"process.session_leader.vpid\" | \"process.session_leader.working_directory\" | \"process.start\" | \"process.supplemental_groups.id\" | \"process.supplemental_groups.name\" | \"process.thread.capabilities.effective\" | \"process.thread.capabilities.permitted\" | \"process.thread.id\" | \"process.thread.name\" | \"process.title\" | \"process.tty\" | \"process.uptime\" | \"process.user.id\" | \"process.user.name\" | \"process.vpid\" | \"process.working_directory\" | \"registry.data.bytes\" | \"registry.data.strings\" | \"registry.data.type\" | \"registry.hive\" | \"registry.key\" | \"registry.path\" | \"registry.value\" | \"related.hash\" | \"related.hosts\" | \"related.ip\" | \"related.user\" | \"rule.author\" | \"rule.category\" | \"rule.description\" | \"rule.id\" | \"rule.license\" | \"rule.name\" | \"rule.reference\" | \"rule.ruleset\" | \"rule.uuid\" | \"rule.version\" | \"server.address\" | \"server.as.number\" | \"server.as.organization.name\" | \"server.bytes\" | \"server.domain\" | \"server.geo.city_name\" | \"server.geo.continent_code\" | \"server.geo.continent_name\" | \"server.geo.country_iso_code\" | \"server.geo.country_name\" | \"server.geo.location\" | \"server.geo.name\" | \"server.geo.postal_code\" | \"server.geo.region_iso_code\" | \"server.geo.region_name\" | \"server.geo.timezone\" | \"server.ip\" | \"server.mac\" | \"server.nat.ip\" | \"server.nat.port\" | \"server.packets\" | \"server.port\" | \"server.registered_domain\" | \"server.subdomain\" | \"server.top_level_domain\" | \"server.user.domain\" | \"server.user.email\" | \"server.user.full_name\" | \"server.user.group.domain\" | \"server.user.group.id\" | \"server.user.group.name\" | \"server.user.hash\" | \"server.user.id\" | \"server.user.name\" | \"server.user.roles\" | \"service.address\" | \"service.ephemeral_id\" | \"service.id\" | \"service.node.name\" | \"service.node.role\" | \"service.node.roles\" | \"service.origin.address\" | \"service.origin.environment\" | \"service.origin.ephemeral_id\" | \"service.origin.id\" | \"service.origin.name\" | \"service.origin.node.name\" | \"service.origin.node.role\" | \"service.origin.node.roles\" | \"service.origin.state\" | \"service.origin.type\" | \"service.origin.version\" | \"service.state\" | \"service.target.address\" | \"service.target.environment\" | \"service.target.ephemeral_id\" | \"service.target.id\" | \"service.target.name\" | \"service.target.node.name\" | \"service.target.node.role\" | \"service.target.node.roles\" | \"service.target.state\" | \"service.target.type\" | \"service.target.version\" | \"service.type\" | \"service.version\" | \"source.address\" | \"source.as.number\" | \"source.as.organization.name\" | \"source.bytes\" | \"source.domain\" | \"source.geo.city_name\" | \"source.geo.continent_code\" | \"source.geo.continent_name\" | \"source.geo.country_iso_code\" | \"source.geo.country_name\" | \"source.geo.location\" | \"source.geo.name\" | \"source.geo.postal_code\" | \"source.geo.region_iso_code\" | \"source.geo.region_name\" | \"source.geo.timezone\" | \"source.ip\" | \"source.mac\" | \"source.nat.ip\" | \"source.nat.port\" | \"source.packets\" | \"source.port\" | \"source.registered_domain\" | \"source.subdomain\" | \"source.top_level_domain\" | \"source.user.domain\" | \"source.user.email\" | \"source.user.full_name\" | \"source.user.group.domain\" | \"source.user.group.id\" | \"source.user.group.name\" | \"source.user.hash\" | \"source.user.id\" | \"source.user.name\" | \"source.user.roles\" | \"span.id\" | \"threat.enrichments\" | \"threat.feed.dashboard_id\" | \"threat.feed.description\" | \"threat.feed.name\" | \"threat.feed.reference\" | \"threat.framework\" | \"threat.group.alias\" | \"threat.group.id\" | \"threat.group.name\" | \"threat.group.reference\" | \"threat.indicator.as.number\" | \"threat.indicator.as.organization.name\" | \"threat.indicator.confidence\" | \"threat.indicator.description\" | \"threat.indicator.email.address\" | \"threat.indicator.file.accessed\" | \"threat.indicator.file.attributes\" | \"threat.indicator.file.code_signature.digest_algorithm\" | \"threat.indicator.file.code_signature.exists\" | \"threat.indicator.file.code_signature.signing_id\" | \"threat.indicator.file.code_signature.status\" | \"threat.indicator.file.code_signature.subject_name\" | \"threat.indicator.file.code_signature.team_id\" | \"threat.indicator.file.code_signature.timestamp\" | \"threat.indicator.file.code_signature.trusted\" | \"threat.indicator.file.code_signature.valid\" | \"threat.indicator.file.created\" | \"threat.indicator.file.ctime\" | \"threat.indicator.file.device\" | \"threat.indicator.file.directory\" | \"threat.indicator.file.drive_letter\" | \"threat.indicator.file.elf.architecture\" | \"threat.indicator.file.elf.byte_order\" | \"threat.indicator.file.elf.cpu_type\" | \"threat.indicator.file.elf.creation_date\" | \"threat.indicator.file.elf.exports\" | \"threat.indicator.file.elf.go_import_hash\" | \"threat.indicator.file.elf.go_imports\" | \"threat.indicator.file.elf.go_imports_names_entropy\" | \"threat.indicator.file.elf.go_imports_names_var_entropy\" | \"threat.indicator.file.elf.go_stripped\" | \"threat.indicator.file.elf.header.abi_version\" | \"threat.indicator.file.elf.header.class\" | \"threat.indicator.file.elf.header.data\" | \"threat.indicator.file.elf.header.entrypoint\" | \"threat.indicator.file.elf.header.object_version\" | \"threat.indicator.file.elf.header.os_abi\" | \"threat.indicator.file.elf.header.type\" | \"threat.indicator.file.elf.header.version\" | \"threat.indicator.file.elf.import_hash\" | \"threat.indicator.file.elf.imports\" | \"threat.indicator.file.elf.imports_names_entropy\" | \"threat.indicator.file.elf.imports_names_var_entropy\" | \"threat.indicator.file.elf.sections\" | \"threat.indicator.file.elf.segments\" | \"threat.indicator.file.elf.shared_libraries\" | \"threat.indicator.file.elf.telfhash\" | \"threat.indicator.file.extension\" | \"threat.indicator.file.fork_name\" | \"threat.indicator.file.gid\" | \"threat.indicator.file.group\" | \"threat.indicator.file.hash.md5\" | \"threat.indicator.file.hash.sha1\" | \"threat.indicator.file.hash.sha256\" | \"threat.indicator.file.hash.sha384\" | \"threat.indicator.file.hash.sha512\" | \"threat.indicator.file.hash.ssdeep\" | \"threat.indicator.file.hash.tlsh\" | \"threat.indicator.file.inode\" | \"threat.indicator.file.mime_type\" | \"threat.indicator.file.mode\" | \"threat.indicator.file.mtime\" | \"threat.indicator.file.name\" | \"threat.indicator.file.owner\" | \"threat.indicator.file.path\" | \"threat.indicator.file.pe.architecture\" | \"threat.indicator.file.pe.company\" | \"threat.indicator.file.pe.description\" | \"threat.indicator.file.pe.file_version\" | \"threat.indicator.file.pe.go_import_hash\" | \"threat.indicator.file.pe.go_imports\" | \"threat.indicator.file.pe.go_imports_names_entropy\" | \"threat.indicator.file.pe.go_imports_names_var_entropy\" | \"threat.indicator.file.pe.go_stripped\" | \"threat.indicator.file.pe.imphash\" | \"threat.indicator.file.pe.import_hash\" | \"threat.indicator.file.pe.imports\" | \"threat.indicator.file.pe.imports_names_entropy\" | \"threat.indicator.file.pe.imports_names_var_entropy\" | \"threat.indicator.file.pe.original_file_name\" | \"threat.indicator.file.pe.pehash\" | \"threat.indicator.file.pe.product\" | \"threat.indicator.file.pe.sections\" | \"threat.indicator.file.size\" | \"threat.indicator.file.target_path\" | \"threat.indicator.file.type\" | \"threat.indicator.file.uid\" | \"threat.indicator.file.x509.alternative_names\" | \"threat.indicator.file.x509.issuer.common_name\" | \"threat.indicator.file.x509.issuer.country\" | \"threat.indicator.file.x509.issuer.distinguished_name\" | \"threat.indicator.file.x509.issuer.locality\" | \"threat.indicator.file.x509.issuer.organization\" | \"threat.indicator.file.x509.issuer.organizational_unit\" | \"threat.indicator.file.x509.issuer.state_or_province\" | \"threat.indicator.file.x509.not_after\" | \"threat.indicator.file.x509.not_before\" | \"threat.indicator.file.x509.public_key_algorithm\" | \"threat.indicator.file.x509.public_key_curve\" | \"threat.indicator.file.x509.public_key_exponent\" | \"threat.indicator.file.x509.public_key_size\" | \"threat.indicator.file.x509.serial_number\" | \"threat.indicator.file.x509.signature_algorithm\" | \"threat.indicator.file.x509.subject.common_name\" | \"threat.indicator.file.x509.subject.country\" | \"threat.indicator.file.x509.subject.distinguished_name\" | \"threat.indicator.file.x509.subject.locality\" | \"threat.indicator.file.x509.subject.organization\" | \"threat.indicator.file.x509.subject.organizational_unit\" | \"threat.indicator.file.x509.subject.state_or_province\" | \"threat.indicator.file.x509.version_number\" | \"threat.indicator.first_seen\" | \"threat.indicator.geo.city_name\" | \"threat.indicator.geo.continent_code\" | \"threat.indicator.geo.continent_name\" | \"threat.indicator.geo.country_iso_code\" | \"threat.indicator.geo.country_name\" | \"threat.indicator.geo.location\" | \"threat.indicator.geo.name\" | \"threat.indicator.geo.postal_code\" | \"threat.indicator.geo.region_iso_code\" | \"threat.indicator.geo.region_name\" | \"threat.indicator.geo.timezone\" | \"threat.indicator.ip\" | \"threat.indicator.last_seen\" | \"threat.indicator.marking.tlp\" | \"threat.indicator.marking.tlp_version\" | \"threat.indicator.modified_at\" | \"threat.indicator.name\" | \"threat.indicator.port\" | \"threat.indicator.provider\" | \"threat.indicator.reference\" | \"threat.indicator.registry.data.bytes\" | \"threat.indicator.registry.data.strings\" | \"threat.indicator.registry.data.type\" | \"threat.indicator.registry.hive\" | \"threat.indicator.registry.key\" | \"threat.indicator.registry.path\" | \"threat.indicator.registry.value\" | \"threat.indicator.scanner_stats\" | \"threat.indicator.sightings\" | \"threat.indicator.type\" | \"threat.indicator.url.domain\" | \"threat.indicator.url.extension\" | \"threat.indicator.url.fragment\" | \"threat.indicator.url.full\" | \"threat.indicator.url.original\" | \"threat.indicator.url.password\" | \"threat.indicator.url.path\" | \"threat.indicator.url.port\" | \"threat.indicator.url.query\" | \"threat.indicator.url.registered_domain\" | \"threat.indicator.url.scheme\" | \"threat.indicator.url.subdomain\" | \"threat.indicator.url.top_level_domain\" | \"threat.indicator.url.username\" | \"threat.indicator.x509.alternative_names\" | \"threat.indicator.x509.issuer.common_name\" | \"threat.indicator.x509.issuer.country\" | \"threat.indicator.x509.issuer.distinguished_name\" | \"threat.indicator.x509.issuer.locality\" | \"threat.indicator.x509.issuer.organization\" | \"threat.indicator.x509.issuer.organizational_unit\" | \"threat.indicator.x509.issuer.state_or_province\" | \"threat.indicator.x509.not_after\" | \"threat.indicator.x509.not_before\" | \"threat.indicator.x509.public_key_algorithm\" | \"threat.indicator.x509.public_key_curve\" | \"threat.indicator.x509.public_key_exponent\" | \"threat.indicator.x509.public_key_size\" | \"threat.indicator.x509.serial_number\" | \"threat.indicator.x509.signature_algorithm\" | \"threat.indicator.x509.subject.common_name\" | \"threat.indicator.x509.subject.country\" | \"threat.indicator.x509.subject.distinguished_name\" | \"threat.indicator.x509.subject.locality\" | \"threat.indicator.x509.subject.organization\" | \"threat.indicator.x509.subject.organizational_unit\" | \"threat.indicator.x509.subject.state_or_province\" | \"threat.indicator.x509.version_number\" | \"threat.software.alias\" | \"threat.software.id\" | \"threat.software.name\" | \"threat.software.platforms\" | \"threat.software.reference\" | \"threat.software.type\" | \"threat.tactic.id\" | \"threat.tactic.name\" | \"threat.tactic.reference\" | \"threat.technique.id\" | \"threat.technique.name\" | \"threat.technique.reference\" | \"threat.technique.subtechnique.id\" | \"threat.technique.subtechnique.name\" | \"threat.technique.subtechnique.reference\" | \"tls.cipher\" | \"tls.client.certificate\" | \"tls.client.certificate_chain\" | \"tls.client.hash.md5\" | \"tls.client.hash.sha1\" | \"tls.client.hash.sha256\" | \"tls.client.issuer\" | \"tls.client.ja3\" | \"tls.client.not_after\" | \"tls.client.not_before\" | \"tls.client.server_name\" | \"tls.client.subject\" | \"tls.client.supported_ciphers\" | \"tls.client.x509.alternative_names\" | \"tls.client.x509.issuer.common_name\" | \"tls.client.x509.issuer.country\" | \"tls.client.x509.issuer.distinguished_name\" | \"tls.client.x509.issuer.locality\" | \"tls.client.x509.issuer.organization\" | \"tls.client.x509.issuer.organizational_unit\" | \"tls.client.x509.issuer.state_or_province\" | \"tls.client.x509.not_after\" | \"tls.client.x509.not_before\" | \"tls.client.x509.public_key_algorithm\" | \"tls.client.x509.public_key_curve\" | \"tls.client.x509.public_key_exponent\" | \"tls.client.x509.public_key_size\" | \"tls.client.x509.serial_number\" | \"tls.client.x509.signature_algorithm\" | \"tls.client.x509.subject.common_name\" | \"tls.client.x509.subject.country\" | \"tls.client.x509.subject.distinguished_name\" | \"tls.client.x509.subject.locality\" | \"tls.client.x509.subject.organization\" | \"tls.client.x509.subject.organizational_unit\" | \"tls.client.x509.subject.state_or_province\" | \"tls.client.x509.version_number\" | \"tls.curve\" | \"tls.established\" | \"tls.next_protocol\" | \"tls.resumed\" | \"tls.server.certificate\" | \"tls.server.certificate_chain\" | \"tls.server.hash.md5\" | \"tls.server.hash.sha1\" | \"tls.server.hash.sha256\" | \"tls.server.issuer\" | \"tls.server.ja3s\" | \"tls.server.not_after\" | \"tls.server.not_before\" | \"tls.server.subject\" | \"tls.server.x509.alternative_names\" | \"tls.server.x509.issuer.common_name\" | \"tls.server.x509.issuer.country\" | \"tls.server.x509.issuer.distinguished_name\" | \"tls.server.x509.issuer.locality\" | \"tls.server.x509.issuer.organization\" | \"tls.server.x509.issuer.organizational_unit\" | \"tls.server.x509.issuer.state_or_province\" | \"tls.server.x509.not_after\" | \"tls.server.x509.not_before\" | \"tls.server.x509.public_key_algorithm\" | \"tls.server.x509.public_key_curve\" | \"tls.server.x509.public_key_exponent\" | \"tls.server.x509.public_key_size\" | \"tls.server.x509.serial_number\" | \"tls.server.x509.signature_algorithm\" | \"tls.server.x509.subject.common_name\" | \"tls.server.x509.subject.country\" | \"tls.server.x509.subject.distinguished_name\" | \"tls.server.x509.subject.locality\" | \"tls.server.x509.subject.organization\" | \"tls.server.x509.subject.organizational_unit\" | \"tls.server.x509.subject.state_or_province\" | \"tls.server.x509.version_number\" | \"tls.version\" | \"tls.version_protocol\" | \"trace.id\" | \"transaction.id\" | \"url.domain\" | \"url.extension\" | \"url.fragment\" | \"url.full\" | \"url.original\" | \"url.password\" | \"url.path\" | \"url.port\" | \"url.query\" | \"url.registered_domain\" | \"url.scheme\" | \"url.subdomain\" | \"url.top_level_domain\" | \"url.username\" | \"user.changes.domain\" | \"user.changes.email\" | \"user.changes.full_name\" | \"user.changes.group.domain\" | \"user.changes.group.id\" | \"user.changes.group.name\" | \"user.changes.hash\" | \"user.changes.id\" | \"user.changes.name\" | \"user.changes.roles\" | \"user.domain\" | \"user.effective.domain\" | \"user.effective.email\" | \"user.effective.full_name\" | \"user.effective.group.domain\" | \"user.effective.group.id\" | \"user.effective.group.name\" | \"user.effective.hash\" | \"user.effective.id\" | \"user.effective.name\" | \"user.effective.roles\" | \"user.email\" | \"user.full_name\" | \"user.group.domain\" | \"user.group.id\" | \"user.group.name\" | \"user.hash\" | \"user.id\" | \"user.name\" | \"user.risk.calculated_level\" | \"user.risk.calculated_score\" | \"user.risk.calculated_score_norm\" | \"user.risk.static_level\" | \"user.risk.static_score\" | \"user.risk.static_score_norm\" | \"user.roles\" | \"user.target.domain\" | \"user.target.email\" | \"user.target.full_name\" | \"user.target.group.domain\" | \"user.target.group.id\" | \"user.target.group.name\" | \"user.target.hash\" | \"user.target.id\" | \"user.target.name\" | \"user.target.roles\" | \"user_agent.device.name\" | \"user_agent.name\" | \"user_agent.original\" | \"user_agent.os.family\" | \"user_agent.os.full\" | \"user_agent.os.kernel\" | \"user_agent.os.name\" | \"user_agent.os.platform\" | \"user_agent.os.type\" | \"user_agent.os.version\" | \"user_agent.version\" | \"vulnerability.category\" | \"vulnerability.classification\" | \"vulnerability.description\" | \"vulnerability.enumeration\" | \"vulnerability.id\" | \"vulnerability.reference\" | \"vulnerability.report_id\" | \"vulnerability.scanner.vendor\" | \"vulnerability.score.base\" | \"vulnerability.score.environmental\" | \"vulnerability.score.temporal\" | \"vulnerability.score.version\" | \"vulnerability.severity\" | \"_source\" | \"_index\" | \"_id\" | \"_ignored\" | \"_routing\" | ",
|
|
{
|
|
"pluginId": "fieldsMetadata",
|
|
"scope": "common",
|
|
"docId": "kibFieldsMetadataPluginApi",
|
|
"section": "def-common.AnyFieldName",
|
|
"text": "AnyFieldName"
|
|
},
|
|
" | \"data_stream.dataset\" | \"data_stream.namespace\" | \"data_stream.type\" | \"dll.pe.sections.entropy\" | \"dll.pe.sections.name\" | \"dll.pe.sections.physical_size\" | \"dll.pe.sections.var_entropy\" | \"dll.pe.sections.virtual_size\" | \"dns.answers.class\" | \"dns.answers.data\" | \"dns.answers.name\" | \"dns.answers.ttl\" | \"dns.answers.type\" | \"email.attachments.file.extension\" | \"email.attachments.file.hash.md5\" | \"email.attachments.file.hash.sha1\" | \"email.attachments.file.hash.sha256\" | \"email.attachments.file.hash.sha384\" | \"email.attachments.file.hash.sha512\" | \"email.attachments.file.hash.ssdeep\" | \"email.attachments.file.hash.tlsh\" | \"email.attachments.file.mime_type\" | \"email.attachments.file.name\" | \"email.attachments.file.size\" | \"faas.trigger.request_id\" | \"faas.trigger.type\" | \"file.elf.sections.chi2\" | \"file.elf.sections.entropy\" | \"file.elf.sections.flags\" | \"file.elf.sections.name\" | \"file.elf.sections.physical_offset\" | \"file.elf.sections.physical_size\" | \"file.elf.sections.type\" | \"file.elf.sections.var_entropy\" | \"file.elf.sections.virtual_address\" | \"file.elf.sections.virtual_size\" | \"file.elf.segments.sections\" | \"file.elf.segments.type\" | \"file.macho.sections.entropy\" | \"file.macho.sections.name\" | \"file.macho.sections.physical_size\" | \"file.macho.sections.var_entropy\" | \"file.macho.sections.virtual_size\" | \"file.pe.sections.entropy\" | \"file.pe.sections.name\" | \"file.pe.sections.physical_size\" | \"file.pe.sections.var_entropy\" | \"file.pe.sections.virtual_size\" | \"log.syslog.appname\" | \"log.syslog.facility.code\" | \"log.syslog.facility.name\" | \"log.syslog.hostname\" | \"log.syslog.msgid\" | \"log.syslog.priority\" | \"log.syslog.procid\" | \"log.syslog.severity.code\" | \"log.syslog.severity.name\" | \"log.syslog.structured_data\" | \"log.syslog.version\" | \"network.inner.vlan.id\" | \"network.inner.vlan.name\" | \"observer.egress.interface.alias\" | \"observer.egress.interface.id\" | \"observer.egress.interface.name\" | \"observer.egress.vlan.id\" | \"observer.egress.vlan.name\" | \"observer.egress.zone\" | \"observer.ingress.interface.alias\" | \"observer.ingress.interface.id\" | \"observer.ingress.interface.name\" | \"observer.ingress.vlan.id\" | \"observer.ingress.vlan.name\" | \"observer.ingress.zone\" | \"process.elf.sections.chi2\" | \"process.elf.sections.entropy\" | \"process.elf.sections.flags\" | \"process.elf.sections.name\" | \"process.elf.sections.physical_offset\" | \"process.elf.sections.physical_size\" | \"process.elf.sections.type\" | \"process.elf.sections.var_entropy\" | \"process.elf.sections.virtual_address\" | \"process.elf.sections.virtual_size\" | \"process.elf.segments.sections\" | \"process.elf.segments.type\" | \"process.entry_leader.tty.char_device.major\" | \"process.entry_leader.tty.char_device.minor\" | \"process.group_leader.tty.char_device.major\" | \"process.group_leader.tty.char_device.minor\" | \"process.io.bytes_skipped\" | \"process.io.bytes_skipped.length\" | \"process.io.bytes_skipped.offset\" | \"process.io.max_bytes_per_process_exceeded\" | \"process.io.text\" | \"process.io.total_bytes_captured\" | \"process.io.total_bytes_skipped\" | \"process.io.type\" | \"process.macho.sections.entropy\" | \"process.macho.sections.name\" | \"process.macho.sections.physical_size\" | \"process.macho.sections.var_entropy\" | \"process.macho.sections.virtual_size\" | \"process.parent.elf.sections.chi2\" | \"process.parent.elf.sections.entropy\" | \"process.parent.elf.sections.flags\" | \"process.parent.elf.sections.name\" | \"process.parent.elf.sections.physical_offset\" | \"process.parent.elf.sections.physical_size\" | \"process.parent.elf.sections.type\" | \"process.parent.elf.sections.var_entropy\" | \"process.parent.elf.sections.virtual_address\" | \"process.parent.elf.sections.virtual_size\" | \"process.parent.elf.segments.sections\" | \"process.parent.elf.segments.type\" | \"process.parent.macho.sections.entropy\" | \"process.parent.macho.sections.name\" | \"process.parent.macho.sections.physical_size\" | \"process.parent.macho.sections.var_entropy\" | \"process.parent.macho.sections.virtual_size\" | \"process.parent.pe.sections.entropy\" | \"process.parent.pe.sections.name\" | \"process.parent.pe.sections.physical_size\" | \"process.parent.pe.sections.var_entropy\" | \"process.parent.pe.sections.virtual_size\" | \"process.parent.tty.char_device.major\" | \"process.parent.tty.char_device.minor\" | \"process.pe.sections.entropy\" | \"process.pe.sections.name\" | \"process.pe.sections.physical_size\" | \"process.pe.sections.var_entropy\" | \"process.pe.sections.virtual_size\" | \"process.session_leader.tty.char_device.major\" | \"process.session_leader.tty.char_device.minor\" | \"process.tty.char_device.major\" | \"process.tty.char_device.minor\" | \"process.tty.columns\" | \"process.tty.rows\" | \"threat.enrichments.indicator\" | \"threat.enrichments.indicator.as.number\" | \"threat.enrichments.indicator.as.organization.name\" | \"threat.enrichments.indicator.confidence\" | \"threat.enrichments.indicator.description\" | \"threat.enrichments.indicator.email.address\" | \"threat.enrichments.indicator.file.accessed\" | \"threat.enrichments.indicator.file.attributes\" | \"threat.enrichments.indicator.file.code_signature.digest_algorithm\" | \"threat.enrichments.indicator.file.code_signature.exists\" | \"threat.enrichments.indicator.file.code_signature.signing_id\" | \"threat.enrichments.indicator.file.code_signature.status\" | \"threat.enrichments.indicator.file.code_signature.subject_name\" | \"threat.enrichments.indicator.file.code_signature.team_id\" | \"threat.enrichments.indicator.file.code_signature.timestamp\" | \"threat.enrichments.indicator.file.code_signature.trusted\" | \"threat.enrichments.indicator.file.code_signature.valid\" | \"threat.enrichments.indicator.file.created\" | \"threat.enrichments.indicator.file.ctime\" | \"threat.enrichments.indicator.file.device\" | \"threat.enrichments.indicator.file.directory\" | \"threat.enrichments.indicator.file.drive_letter\" | \"threat.enrichments.indicator.file.elf.architecture\" | \"threat.enrichments.indicator.file.elf.byte_order\" | \"threat.enrichments.indicator.file.elf.cpu_type\" | \"threat.enrichments.indicator.file.elf.creation_date\" | \"threat.enrichments.indicator.file.elf.exports\" | \"threat.enrichments.indicator.file.elf.go_import_hash\" | \"threat.enrichments.indicator.file.elf.go_imports\" | \"threat.enrichments.indicator.file.elf.go_imports_names_entropy\" | \"threat.enrichments.indicator.file.elf.go_imports_names_var_entropy\" | \"threat.enrichments.indicator.file.elf.go_stripped\" | \"threat.enrichments.indicator.file.elf.header.abi_version\" | \"threat.enrichments.indicator.file.elf.header.class\" | \"threat.enrichments.indicator.file.elf.header.data\" | \"threat.enrichments.indicator.file.elf.header.entrypoint\" | \"threat.enrichments.indicator.file.elf.header.object_version\" | \"threat.enrichments.indicator.file.elf.header.os_abi\" | \"threat.enrichments.indicator.file.elf.header.type\" | \"threat.enrichments.indicator.file.elf.header.version\" | \"threat.enrichments.indicator.file.elf.import_hash\" | \"threat.enrichments.indicator.file.elf.imports\" | \"threat.enrichments.indicator.file.elf.imports_names_entropy\" | \"threat.enrichments.indicator.file.elf.imports_names_var_entropy\" | \"threat.enrichments.indicator.file.elf.sections\" | \"threat.enrichments.indicator.file.elf.sections.chi2\" | \"threat.enrichments.indicator.file.elf.sections.entropy\" | \"threat.enrichments.indicator.file.elf.sections.flags\" | \"threat.enrichments.indicator.file.elf.sections.name\" | \"threat.enrichments.indicator.file.elf.sections.physical_offset\" | \"threat.enrichments.indicator.file.elf.sections.physical_size\" | \"threat.enrichments.indicator.file.elf.sections.type\" | \"threat.enrichments.indicator.file.elf.sections.var_entropy\" | \"threat.enrichments.indicator.file.elf.sections.virtual_address\" | \"threat.enrichments.indicator.file.elf.sections.virtual_size\" | \"threat.enrichments.indicator.file.elf.segments\" | \"threat.enrichments.indicator.file.elf.segments.sections\" | \"threat.enrichments.indicator.file.elf.segments.type\" | \"threat.enrichments.indicator.file.elf.shared_libraries\" | \"threat.enrichments.indicator.file.elf.telfhash\" | \"threat.enrichments.indicator.file.extension\" | \"threat.enrichments.indicator.file.fork_name\" | \"threat.enrichments.indicator.file.gid\" | \"threat.enrichments.indicator.file.group\" | \"threat.enrichments.indicator.file.hash.md5\" | \"threat.enrichments.indicator.file.hash.sha1\" | \"threat.enrichments.indicator.file.hash.sha256\" | \"threat.enrichments.indicator.file.hash.sha384\" | \"threat.enrichments.indicator.file.hash.sha512\" | \"threat.enrichments.indicator.file.hash.ssdeep\" | \"threat.enrichments.indicator.file.hash.tlsh\" | \"threat.enrichments.indicator.file.inode\" | \"threat.enrichments.indicator.file.mime_type\" | \"threat.enrichments.indicator.file.mode\" | \"threat.enrichments.indicator.file.mtime\" | \"threat.enrichments.indicator.file.name\" | \"threat.enrichments.indicator.file.owner\" | \"threat.enrichments.indicator.file.path\" | \"threat.enrichments.indicator.file.pe.architecture\" | \"threat.enrichments.indicator.file.pe.company\" | \"threat.enrichments.indicator.file.pe.description\" | \"threat.enrichments.indicator.file.pe.file_version\" | \"threat.enrichments.indicator.file.pe.go_import_hash\" | \"threat.enrichments.indicator.file.pe.go_imports\" | \"threat.enrichments.indicator.file.pe.go_imports_names_entropy\" | \"threat.enrichments.indicator.file.pe.go_imports_names_var_entropy\" | \"threat.enrichments.indicator.file.pe.go_stripped\" | \"threat.enrichments.indicator.file.pe.imphash\" | \"threat.enrichments.indicator.file.pe.import_hash\" | \"threat.enrichments.indicator.file.pe.imports\" | \"threat.enrichments.indicator.file.pe.imports_names_entropy\" | \"threat.enrichments.indicator.file.pe.imports_names_var_entropy\" | \"threat.enrichments.indicator.file.pe.original_file_name\" | \"threat.enrichments.indicator.file.pe.pehash\" | \"threat.enrichments.indicator.file.pe.product\" | \"threat.enrichments.indicator.file.pe.sections\" | \"threat.enrichments.indicator.file.pe.sections.entropy\" | \"threat.enrichments.indicator.file.pe.sections.name\" | \"threat.enrichments.indicator.file.pe.sections.physical_size\" | \"threat.enrichments.indicator.file.pe.sections.var_entropy\" | \"threat.enrichments.indicator.file.pe.sections.virtual_size\" | \"threat.enrichments.indicator.file.size\" | \"threat.enrichments.indicator.file.target_path\" | \"threat.enrichments.indicator.file.type\" | \"threat.enrichments.indicator.file.uid\" | \"threat.enrichments.indicator.file.x509.alternative_names\" | \"threat.enrichments.indicator.file.x509.issuer.common_name\" | \"threat.enrichments.indicator.file.x509.issuer.country\" | \"threat.enrichments.indicator.file.x509.issuer.distinguished_name\" | \"threat.enrichments.indicator.file.x509.issuer.locality\" | \"threat.enrichments.indicator.file.x509.issuer.organization\" | \"threat.enrichments.indicator.file.x509.issuer.organizational_unit\" | \"threat.enrichments.indicator.file.x509.issuer.state_or_province\" | \"threat.enrichments.indicator.file.x509.not_after\" | \"threat.enrichments.indicator.file.x509.not_before\" | \"threat.enrichments.indicator.file.x509.public_key_algorithm\" | \"threat.enrichments.indicator.file.x509.public_key_curve\" | \"threat.enrichments.indicator.file.x509.public_key_exponent\" | \"threat.enrichments.indicator.file.x509.public_key_size\" | \"threat.enrichments.indicator.file.x509.serial_number\" | \"threat.enrichments.indicator.file.x509.signature_algorithm\" | \"threat.enrichments.indicator.file.x509.subject.common_name\" | \"threat.enrichments.indicator.file.x509.subject.country\" | \"threat.enrichments.indicator.file.x509.subject.distinguished_name\" | \"threat.enrichments.indicator.file.x509.subject.locality\" | \"threat.enrichments.indicator.file.x509.subject.organization\" | \"threat.enrichments.indicator.file.x509.subject.organizational_unit\" | \"threat.enrichments.indicator.file.x509.subject.state_or_province\" | \"threat.enrichments.indicator.file.x509.version_number\" | \"threat.enrichments.indicator.first_seen\" | \"threat.enrichments.indicator.geo.city_name\" | \"threat.enrichments.indicator.geo.continent_code\" | \"threat.enrichments.indicator.geo.continent_name\" | \"threat.enrichments.indicator.geo.country_iso_code\" | \"threat.enrichments.indicator.geo.country_name\" | \"threat.enrichments.indicator.geo.location\" | \"threat.enrichments.indicator.geo.name\" | \"threat.enrichments.indicator.geo.postal_code\" | \"threat.enrichments.indicator.geo.region_iso_code\" | \"threat.enrichments.indicator.geo.region_name\" | \"threat.enrichments.indicator.geo.timezone\" | \"threat.enrichments.indicator.ip\" | \"threat.enrichments.indicator.last_seen\" | \"threat.enrichments.indicator.marking.tlp\" | \"threat.enrichments.indicator.marking.tlp_version\" | \"threat.enrichments.indicator.modified_at\" | \"threat.enrichments.indicator.name\" | \"threat.enrichments.indicator.port\" | \"threat.enrichments.indicator.provider\" | \"threat.enrichments.indicator.reference\" | \"threat.enrichments.indicator.registry.data.bytes\" | \"threat.enrichments.indicator.registry.data.strings\" | \"threat.enrichments.indicator.registry.data.type\" | \"threat.enrichments.indicator.registry.hive\" | \"threat.enrichments.indicator.registry.key\" | \"threat.enrichments.indicator.registry.path\" | \"threat.enrichments.indicator.registry.value\" | \"threat.enrichments.indicator.scanner_stats\" | \"threat.enrichments.indicator.sightings\" | \"threat.enrichments.indicator.type\" | \"threat.enrichments.indicator.url.domain\" | \"threat.enrichments.indicator.url.extension\" | \"threat.enrichments.indicator.url.fragment\" | \"threat.enrichments.indicator.url.full\" | \"threat.enrichments.indicator.url.original\" | \"threat.enrichments.indicator.url.password\" | \"threat.enrichments.indicator.url.path\" | \"threat.enrichments.indicator.url.port\" | \"threat.enrichments.indicator.url.query\" | \"threat.enrichments.indicator.url.registered_domain\" | \"threat.enrichments.indicator.url.scheme\" | \"threat.enrichments.indicator.url.subdomain\" | \"threat.enrichments.indicator.url.top_level_domain\" | \"threat.enrichments.indicator.url.username\" | \"threat.enrichments.indicator.x509.alternative_names\" | \"threat.enrichments.indicator.x509.issuer.common_name\" | \"threat.enrichments.indicator.x509.issuer.country\" | \"threat.enrichments.indicator.x509.issuer.distinguished_name\" | \"threat.enrichments.indicator.x509.issuer.locality\" | \"threat.enrichments.indicator.x509.issuer.organization\" | \"threat.enrichments.indicator.x509.issuer.organizational_unit\" | \"threat.enrichments.indicator.x509.issuer.state_or_province\" | \"threat.enrichments.indicator.x509.not_after\" | \"threat.enrichments.indicator.x509.not_before\" | \"threat.enrichments.indicator.x509.public_key_algorithm\" | \"threat.enrichments.indicator.x509.public_key_curve\" | \"threat.enrichments.indicator.x509.public_key_exponent\" | \"threat.enrichments.indicator.x509.public_key_size\" | \"threat.enrichments.indicator.x509.serial_number\" | \"threat.enrichments.indicator.x509.signature_algorithm\" | \"threat.enrichments.indicator.x509.subject.common_name\" | \"threat.enrichments.indicator.x509.subject.country\" | \"threat.enrichments.indicator.x509.subject.distinguished_name\" | \"threat.enrichments.indicator.x509.subject.locality\" | \"threat.enrichments.indicator.x509.subject.organization\" | \"threat.enrichments.indicator.x509.subject.organizational_unit\" | \"threat.enrichments.indicator.x509.subject.state_or_province\" | \"threat.enrichments.indicator.x509.version_number\" | \"threat.enrichments.matched.atomic\" | \"threat.enrichments.matched.field\" | \"threat.enrichments.matched.id\" | \"threat.enrichments.matched.index\" | \"threat.enrichments.matched.occurred\" | \"threat.enrichments.matched.type\" | \"threat.indicator.file.elf.sections.chi2\" | \"threat.indicator.file.elf.sections.entropy\" | \"threat.indicator.file.elf.sections.flags\" | \"threat.indicator.file.elf.sections.name\" | \"threat.indicator.file.elf.sections.physical_offset\" | \"threat.indicator.file.elf.sections.physical_size\" | \"threat.indicator.file.elf.sections.type\" | \"threat.indicator.file.elf.sections.var_entropy\" | \"threat.indicator.file.elf.sections.virtual_address\" | \"threat.indicator.file.elf.sections.virtual_size\" | \"threat.indicator.file.elf.segments.sections\" | \"threat.indicator.file.elf.segments.type\" | \"threat.indicator.file.pe.sections.entropy\" | \"threat.indicator.file.pe.sections.name\" | \"threat.indicator.file.pe.sections.physical_size\" | \"threat.indicator.file.pe.sections.var_entropy\" | \"threat.indicator.file.pe.sections.virtual_size\" | \"_size\" | \"_doc_count\" | \"_field_names\" | \"_meta\" | \"_tier\""
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.IntegrationFieldName",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "IntegrationFieldName",
|
|
"description": [],
|
|
"signature": [
|
|
"string & {}"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.PartialFieldMetadataPlain",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "PartialFieldMetadataPlain",
|
|
"description": [],
|
|
"signature": [
|
|
"{ name?: string | undefined; } & { allowed_values?: ({ description: string; name: string; } & { expected_event_types?: string[] | undefined; beta?: string | undefined; })[] | undefined; beta?: string | undefined; dashed_name?: string | undefined; description?: string | undefined; doc_values?: boolean | undefined; example?: unknown; expected_values?: string[] | undefined; flat_name?: string | undefined; format?: string | undefined; ignore_above?: number | undefined; index?: boolean | undefined; input_format?: string | undefined; level?: string | undefined; multi_fields?: { flat_name: string; name: string; type: string; }[] | undefined; normalize?: string[] | undefined; object_type?: string | undefined; original_fieldset?: string | undefined; output_format?: string | undefined; output_precision?: number | undefined; pattern?: string | undefined; required?: boolean | undefined; scaling_factor?: number | undefined; short?: string | undefined; source?: \"unknown\" | \"ecs\" | \"metadata\" | \"integration\" | undefined; type?: string | undefined; documentation_url?: string | undefined; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.TEcsFields",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "TEcsFields",
|
|
"description": [],
|
|
"signature": [
|
|
"{ '@timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; required: boolean; short: string; type: string; }; 'agent.build.original': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'agent.ephemeral_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'agent.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'agent.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'agent.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'agent.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.address': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.as.number': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.as.organization.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.geo.city_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.continent_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.continent_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.country_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.country_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.location': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.postal_code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.region_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.region_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.geo.timezone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.mac': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; pattern: string; short: string; type: string; }; 'client.nat.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.nat.port': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.packets': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.port': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.registered_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.subdomain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.top_level_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'client.user.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.email': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.full_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'client.user.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'cloud.account.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.account.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.availability_zone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.instance.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.instance.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.machine.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.origin.account.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.account.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.availability_zone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.instance.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.instance.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.machine.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.project.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.project.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.provider': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.region': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.origin.service.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.project.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.project.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.provider': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.region': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.service.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'cloud.target.account.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.account.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.availability_zone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.instance.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.instance.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.machine.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.project.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.project.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.provider': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.region': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'cloud.target.service.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'container.cpu.usage': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; scaling_factor: number; short: string; type: string; }; 'container.disk.read.bytes': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'container.disk.write.bytes': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'container.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'container.image.hash.all': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'container.image.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'container.image.tag': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'container.labels': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; object_type: string; short: string; type: string; }; 'container.memory.usage': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; scaling_factor: number; short: string; type: string; }; 'container.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'container.network.egress.bytes': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'container.network.ingress.bytes': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'container.runtime': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'container.security_context.privileged': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'data_stream.dataset': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'data_stream.namespace': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'data_stream.type': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.address': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.as.number': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.as.organization.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.geo.city_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.continent_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.continent_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.country_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.country_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.location': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.postal_code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.region_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.region_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.geo.timezone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.mac': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; pattern: string; short: string; type: string; }; 'destination.nat.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.nat.port': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.packets': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.port': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.registered_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.subdomain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.top_level_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'destination.user.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.email': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.full_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'destination.user.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'device.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'device.manufacturer': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'device.model.identifier': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'device.model.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dll.code_signature.digest_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.code_signature.exists': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.code_signature.signing_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.code_signature.status': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.code_signature.subject_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.code_signature.team_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.code_signature.timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.code_signature.trusted': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.code_signature.valid': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.hash.md5': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.hash.sha1': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.hash.sha256': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.hash.sha384': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.hash.sha512': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.hash.ssdeep': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.hash.tlsh': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dll.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dll.pe.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.company': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.file_version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.imphash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.original_file_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.pehash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.product': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dll.pe.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'dns.answers': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'dns.answers.class': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.answers.data': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.answers.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.answers.ttl': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.answers.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.header_flags': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'dns.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.op_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.question.class': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.question.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.question.registered_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.question.subdomain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.question.top_level_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.question.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.resolved_ip': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'dns.response_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'dns.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'ecs.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; required: boolean; short: string; type: string; }; 'email.attachments': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'email.attachments.file.extension': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.attachments.file.hash.md5': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'email.attachments.file.hash.sha1': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'email.attachments.file.hash.sha256': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'email.attachments.file.hash.sha384': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'email.attachments.file.hash.sha512': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'email.attachments.file.hash.ssdeep': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'email.attachments.file.hash.tlsh': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'email.attachments.file.mime_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.attachments.file.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.attachments.file.size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.bcc.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'email.cc.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'email.content_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.delivery_timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.direction': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.from.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'email.local_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.message_id': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.origination_timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.reply_to.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'email.sender.address': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'email.subject': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'email.to.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'email.x_mailer': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'error.code': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'error.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'error.message': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'error.stack_trace': { dashed_name: string; description: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'error.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.action': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.agent_id_status': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.category': { allowed_values: { description: string; expected_event_types: string[]; name: string; }[]; dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'event.code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.created': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.dataset': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.duration': { dashed_name: string; description: string; flat_name: string; format: string; input_format: string; level: string; name: string; normalize: never[]; output_format: string; output_precision: number; short: string; type: string; }; 'event.end': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.ingested': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.kind': { allowed_values: ({ description: string; name: string; beta?: undefined; } | { beta: string; description: string; name: string; })[]; dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.module': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.original': { dashed_name: string; description: string; doc_values: boolean; example: string; flat_name: string; index: boolean; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.outcome': { allowed_values: { description: string; name: string; }[]; dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.provider': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.reason': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.risk_score': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.risk_score_norm': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.sequence': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.severity': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.start': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.timezone': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'event.type': { allowed_values: { description: string; name: string; }[]; dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'event.url': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'faas.coldstart': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'faas.execution': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'faas.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'faas.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'faas.trigger.request_id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'faas.trigger.type': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'faas.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.accessed': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.attributes': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'file.code_signature.digest_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.code_signature.exists': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.code_signature.signing_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.code_signature.status': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.code_signature.subject_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.code_signature.team_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.code_signature.timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.code_signature.trusted': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.code_signature.valid': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.created': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.ctime': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.device': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.directory': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.drive_letter': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.elf.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.byte_order': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.cpu_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.creation_date': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.exports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.elf.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.header.abi_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.header.class': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.header.data': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.header.entrypoint': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.header.object_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.header.os_abi': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.header.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.header.version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.elf.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.chi2': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.flags': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.physical_offset': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.virtual_address': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.segments': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.elf.segments.sections': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.segments.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.elf.shared_libraries': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.elf.telfhash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.extension': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.fork_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.gid': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.group': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.hash.md5': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.hash.sha1': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.hash.sha256': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.hash.sha384': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.hash.sha512': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.hash.ssdeep': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.hash.tlsh': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.inode': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.macho.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.macho.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.macho.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.macho.symhash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.mime_type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.mode': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.mtime': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.owner': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'file.pe.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.company': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.file_version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.imphash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.pe.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.original_file_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.pehash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.product': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.pe.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.pe.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.target_path': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'file.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.uid': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'file.x509.alternative_names': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.issuer.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.issuer.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.issuer.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.issuer.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.issuer.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.issuer.organizational_unit': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.issuer.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.public_key_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.public_key_curve': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.public_key_exponent': { dashed_name: string; description: string; doc_values: boolean; example: number; flat_name: string; index: boolean; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.public_key_size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.serial_number': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.signature_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.subject.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.subject.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.subject.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'file.x509.subject.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.subject.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.subject.organizational_unit': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.subject.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'file.x509.version_number': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.boot.id': { beta: string; dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.cpu.usage': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; scaling_factor: number; short: string; type: string; }; 'host.disk.read.bytes': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.disk.write.bytes': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.geo.city_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.continent_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.continent_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.country_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.country_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.location': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.postal_code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.region_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.region_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.geo.timezone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.hostname': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'host.mac': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; pattern: string; short: string; type: string; }; 'host.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.network.egress.bytes': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.network.egress.packets': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.network.ingress.bytes': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.network.ingress.packets': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.os.family': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.os.full': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.os.kernel': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.os.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.os.platform': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.os.type': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.os.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.pid_ns_ino': { beta: string; dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.risk.calculated_level': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.risk.calculated_score': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.risk.calculated_score_norm': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.risk.static_level': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.risk.static_score': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.risk.static_score_norm': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'host.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'host.uptime': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.request.body.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.request.body.content': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'http.request.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.request.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.request.method': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.request.mime_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.request.referrer': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.response.body.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.response.body.content': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'http.response.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.response.mime_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.response.status_code': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'http.version': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; labels: { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; object_type: string; short: string; type: string; }; 'log.file.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.level': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.logger': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.origin.file.line': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.origin.file.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.origin.function': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.appname': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.facility.code': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.facility.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.hostname': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.msgid': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.priority': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.procid': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.severity.code': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.severity.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.structured_data': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'log.syslog.version': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; message: { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.application': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.community_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.direction': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.forwarded_ip': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.iana_number': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.inner': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.inner.vlan.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'network.inner.vlan.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'network.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.packets': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.protocol': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.transport': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'network.vlan.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'network.vlan.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.egress': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.egress.interface.alias': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.egress.interface.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.egress.interface.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.egress.vlan.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.egress.vlan.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.egress.zone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.geo.city_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.continent_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.continent_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.country_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.country_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.location': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.postal_code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.region_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.region_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.geo.timezone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.hostname': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.ingress': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.ingress.interface.alias': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.ingress.interface.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.ingress.interface.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.ingress.vlan.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.ingress.vlan.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.ingress.zone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'observer.mac': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; pattern: string; short: string; type: string; }; 'observer.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.os.family': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.os.full': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.os.kernel': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.os.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.os.platform': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.os.type': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.os.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'observer.product': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.serial_number': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.vendor': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'observer.version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.api_version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.cluster.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.cluster.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.cluster.url': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.cluster.version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.namespace': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.resource.annotation': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'orchestrator.resource.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.resource.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'orchestrator.resource.label': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'orchestrator.resource.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.resource.parent.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.resource.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'orchestrator.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'organization.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'organization.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'package.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.build_version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.checksum': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.install_scope': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.installed': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.license': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.size': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'package.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.args': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'process.args_count': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.code_signature.digest_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.code_signature.exists': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.code_signature.signing_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.code_signature.status': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.code_signature.subject_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.code_signature.team_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.code_signature.timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.code_signature.trusted': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.code_signature.valid': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.command_line': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'process.elf.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.byte_order': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.cpu_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.creation_date': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.exports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.elf.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.header.abi_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.header.class': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.header.data': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.header.entrypoint': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.header.object_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.header.os_abi': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.header.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.header.version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.elf.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.chi2': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.flags': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.physical_offset': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.virtual_address': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.segments': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.elf.segments.sections': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.segments.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.elf.shared_libraries': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.elf.telfhash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.end': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.entry_leader.args': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.args_count': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.attested_groups.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.attested_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.attested_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.command_line': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.entry_meta.source.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.entry_meta.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.executable': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.interactive': { dashed_name: string; description: string; example: boolean; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.parent.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.parent.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.parent.session_leader.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.parent.session_leader.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.parent.session_leader.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.parent.session_leader.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.parent.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.parent.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.real_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.real_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.real_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.real_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.same_as_process': { dashed_name: string; description: string; example: boolean; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.saved_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.saved_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.saved_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.saved_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.supplemental_groups.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.supplemental_groups.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.tty': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.tty.char_device.major': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.tty.char_device.minor': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.entry_leader.working_directory': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.env_vars': { beta: string; dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'process.executable': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'process.exit_code': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.group_leader.args': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.args_count': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.command_line': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.executable': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.interactive': { dashed_name: string; description: string; example: boolean; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.real_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.real_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.real_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.real_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.same_as_process': { dashed_name: string; description: string; example: boolean; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.saved_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.saved_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.saved_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.saved_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.supplemental_groups.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.supplemental_groups.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.tty': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.tty.char_device.major': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.tty.char_device.minor': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.group_leader.working_directory': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.hash.md5': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.hash.sha1': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.hash.sha256': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.hash.sha384': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.hash.sha512': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.hash.ssdeep': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.hash.tlsh': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.interactive': { dashed_name: string; description: string; example: boolean; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.io': { beta: string; dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.io.bytes_skipped': { beta: string; dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'process.io.bytes_skipped.length': { beta: string; dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.io.bytes_skipped.offset': { beta: string; dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.io.max_bytes_per_process_exceeded': { beta: string; dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.io.text': { beta: string; dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.io.total_bytes_captured': { beta: string; dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.io.total_bytes_skipped': { beta: string; dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.io.type': { beta: string; dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.macho.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.macho.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.macho.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.macho.symhash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'process.parent.args': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.args_count': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.digest_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.exists': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.signing_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.status': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.subject_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.team_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.trusted': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.code_signature.valid': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.command_line': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.byte_order': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.cpu_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.creation_date': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.exports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.header.abi_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.header.class': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.header.data': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.header.entrypoint': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.header.object_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.header.os_abi': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.header.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.header.version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.chi2': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.flags': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.physical_offset': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.virtual_address': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.segments': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.segments.sections': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.segments.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.shared_libraries': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.elf.telfhash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.end': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.executable': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.exit_code': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.group_leader.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.group_leader.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.group_leader.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.group_leader.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.hash.md5': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.hash.sha1': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.hash.sha256': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.hash.sha384': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.hash.sha512': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.hash.ssdeep': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.hash.tlsh': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.interactive': { dashed_name: string; description: string; example: boolean; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.macho.symhash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.company': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.file_version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.imphash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.original_file_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.pehash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.product': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pe.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pgid': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.real_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.real_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.real_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.real_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.saved_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.saved_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.saved_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.saved_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.supplemental_groups.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.supplemental_groups.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.thread.capabilities.effective': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; pattern: string; short: string; type: string; }; 'process.parent.thread.capabilities.permitted': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; pattern: string; short: string; type: string; }; 'process.parent.thread.id': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.thread.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.title': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.tty': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.tty.char_device.major': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.tty.char_device.minor': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.uptime': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.parent.working_directory': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.company': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.file_version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.imphash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.pe.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.original_file_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.pehash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.product': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.pe.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pe.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.pgid': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.previous.args': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.previous.args_count': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.previous.executable': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.real_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.real_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.real_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.real_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.saved_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.saved_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.saved_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.saved_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.args': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.args_count': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.command_line': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.executable': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.interactive': { dashed_name: string; description: string; example: boolean; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.parent.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.parent.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.parent.session_leader.entity_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.parent.session_leader.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.parent.session_leader.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.parent.session_leader.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.parent.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.parent.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.pid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.real_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.real_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.real_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.real_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.same_as_process': { dashed_name: string; description: string; example: boolean; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.saved_group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.saved_group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.saved_user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.saved_user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.supplemental_groups.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.supplemental_groups.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.tty': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.tty.char_device.major': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.tty.char_device.minor': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.session_leader.working_directory': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.start': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.supplemental_groups.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.supplemental_groups.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.thread.capabilities.effective': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; pattern: string; short: string; type: string; }; 'process.thread.capabilities.permitted': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; pattern: string; short: string; type: string; }; 'process.thread.id': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.thread.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.title': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'process.tty': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.tty.char_device.major': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.tty.char_device.minor': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.tty.columns': { beta: string; dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.tty.rows': { beta: string; dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.uptime': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'process.vpid': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'process.working_directory': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'registry.data.bytes': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'registry.data.strings': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'registry.data.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'registry.hive': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'registry.key': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'registry.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'registry.value': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'related.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'related.hosts': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'related.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'related.user': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'rule.author': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'rule.category': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'rule.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'rule.id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'rule.license': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'rule.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'rule.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'rule.ruleset': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'rule.uuid': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'rule.version': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.address': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.as.number': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.as.organization.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.geo.city_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.continent_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.continent_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.country_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.country_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.location': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.postal_code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.region_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.region_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.geo.timezone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.mac': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; pattern: string; short: string; type: string; }; 'server.nat.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.nat.port': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.packets': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.port': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.registered_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.subdomain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.top_level_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'server.user.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.email': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.full_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'server.user.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'service.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.environment': { beta: string; dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.ephemeral_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.node.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.node.role': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.node.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'service.origin.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.environment': { beta: string; dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.ephemeral_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.node.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.node.role': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.node.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'service.origin.state': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.origin.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.state': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.target.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.environment': { beta: string; dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.ephemeral_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.node.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.node.role': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.node.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'service.target.state': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.target.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'service.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'service.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.address': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.as.number': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.as.organization.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.bytes': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.geo.city_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.continent_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.continent_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.country_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.country_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.location': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.postal_code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.region_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.region_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.geo.timezone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.mac': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; pattern: string; short: string; type: string; }; 'source.nat.ip': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.nat.port': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.packets': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.port': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.registered_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.subdomain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.top_level_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'source.user.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.email': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.full_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'source.user.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'span.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; tags: { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.enrichments': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.enrichments.indicator': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.as.number': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.as.organization.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.confidence': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.email.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.file.accessed': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.attributes': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.digest_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.exists': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.signing_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.status': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.subject_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.team_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.trusted': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.code_signature.valid': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.created': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.ctime': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.device': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.directory': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.drive_letter': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.byte_order': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.cpu_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.creation_date': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.exports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.header.abi_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.header.class': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.header.data': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.header.entrypoint': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.header.object_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.header.os_abi': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.header.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.header.version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.chi2': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.flags': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.physical_offset': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.virtual_address': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.segments': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.segments.sections': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.segments.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.shared_libraries': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.elf.telfhash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.extension': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.fork_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.gid': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.group': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.hash.md5': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.hash.sha1': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.hash.sha256': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.hash.sha384': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.hash.sha512': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.hash.ssdeep': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.hash.tlsh': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.inode': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.mime_type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.mode': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.mtime': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.owner': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.company': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.file_version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.imphash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.original_file_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.pehash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.product': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.pe.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.target_path': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.uid': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.alternative_names': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.issuer.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.issuer.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.issuer.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.issuer.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.issuer.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.issuer.organizational_unit': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.issuer.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.public_key_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.public_key_curve': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.public_key_exponent': { dashed_name: string; description: string; doc_values: boolean; example: number; flat_name: string; index: boolean; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.public_key_size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.serial_number': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.signature_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.subject.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.subject.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.subject.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.subject.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.subject.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.subject.organizational_unit': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.subject.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.file.x509.version_number': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.first_seen': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.geo.city_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.continent_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.continent_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.country_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.country_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.location': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.postal_code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.region_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.region_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.geo.timezone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.ip': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.last_seen': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.marking.tlp': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.marking.tlp_version': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.modified_at': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.port': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.provider': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.registry.data.bytes': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.registry.data.strings': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.registry.data.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.registry.hive': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.registry.key': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.registry.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.registry.value': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.scanner_stats': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.sightings': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.type': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.indicator.url.domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.extension': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.fragment': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.full': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.original': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.password': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.path': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.port': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.query': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.registered_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.scheme': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.subdomain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.top_level_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.url.username': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.alternative_names': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.issuer.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.issuer.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.issuer.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.issuer.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.issuer.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.issuer.organizational_unit': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.issuer.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.public_key_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.public_key_curve': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.public_key_exponent': { dashed_name: string; description: string; doc_values: boolean; example: number; flat_name: string; index: boolean; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.public_key_size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.serial_number': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.signature_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.subject.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.subject.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.subject.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.subject.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.subject.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.subject.organizational_unit': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.subject.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.indicator.x509.version_number': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.enrichments.matched.atomic': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.matched.field': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.matched.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.matched.index': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.matched.occurred': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.enrichments.matched.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.feed.dashboard_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.feed.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.feed.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.feed.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.framework': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.group.alias': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.group.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.group.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.group.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.as.number': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.as.organization.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.confidence': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.email.address': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.file.accessed': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.attributes': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.digest_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.exists': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.signing_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.status': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.subject_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.team_id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.timestamp': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.trusted': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.code_signature.valid': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.created': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.ctime': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.device': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.directory': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.drive_letter': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.byte_order': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.cpu_type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.creation_date': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.exports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.header.abi_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.header.class': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.header.data': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.header.entrypoint': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.header.object_version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.header.os_abi': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.header.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.header.version': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.chi2': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.flags': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.physical_offset': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.virtual_address': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.segments': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.segments.sections': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.segments.type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.shared_libraries': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.elf.telfhash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.extension': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.fork_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.gid': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.group': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.hash.md5': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.hash.sha1': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.hash.sha256': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.hash.sha384': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.hash.sha512': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.hash.ssdeep': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.hash.tlsh': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.inode': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.mime_type': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.mode': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.mtime': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.owner': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.architecture': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.company': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.file_version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.go_import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.go_imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.go_imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.go_imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.go_stripped': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.imphash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.import_hash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.imports': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.imports_names_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.imports_names_var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.original_file_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.pehash': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.product': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.sections': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.sections.entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.sections.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.sections.physical_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.sections.var_entropy': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.pe.sections.virtual_size': { dashed_name: string; description: string; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.target_path': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.uid': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.alternative_names': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.issuer.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.issuer.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.issuer.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.issuer.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.issuer.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.issuer.organizational_unit': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.issuer.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.public_key_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.public_key_curve': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.public_key_exponent': { dashed_name: string; description: string; doc_values: boolean; example: number; flat_name: string; index: boolean; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.public_key_size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.serial_number': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.signature_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.subject.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.subject.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.subject.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.subject.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.subject.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.subject.organizational_unit': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.subject.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.file.x509.version_number': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.first_seen': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.geo.city_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.continent_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.continent_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.country_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.country_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.location': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.postal_code': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.region_iso_code': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.region_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.geo.timezone': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.ip': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.last_seen': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.marking.tlp': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.marking.tlp_version': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.modified_at': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.port': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.provider': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.registry.data.bytes': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.registry.data.strings': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.registry.data.type': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.registry.hive': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.registry.key': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.registry.path': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.registry.value': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.scanner_stats': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.sightings': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.type': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.indicator.url.domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.extension': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.fragment': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.full': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.original': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.password': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.path': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.port': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.query': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.registered_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.scheme': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.subdomain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.top_level_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.url.username': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.alternative_names': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.issuer.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.issuer.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.issuer.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.issuer.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.issuer.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.issuer.organizational_unit': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.issuer.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.public_key_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.public_key_curve': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.public_key_exponent': { dashed_name: string; description: string; doc_values: boolean; example: number; flat_name: string; index: boolean; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.public_key_size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.serial_number': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.signature_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.subject.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.subject.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.subject.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.subject.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.subject.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.subject.organizational_unit': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.subject.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'threat.indicator.x509.version_number': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'threat.software.alias': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.software.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.software.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.software.platforms': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.software.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.software.type': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'threat.tactic.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.tactic.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.tactic.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.technique.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.technique.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: string[]; short: string; type: string; }; 'threat.technique.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.technique.subtechnique.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'threat.technique.subtechnique.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: string[]; short: string; type: string; }; 'threat.technique.subtechnique.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'tls.cipher': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.certificate': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.certificate_chain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'tls.client.hash.md5': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.hash.sha1': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.hash.sha256': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.issuer': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.ja3': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.server_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.subject': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.client.supported_ciphers': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'tls.client.x509.alternative_names': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.issuer.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.issuer.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.issuer.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.issuer.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.issuer.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.issuer.organizational_unit': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.issuer.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.public_key_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.public_key_curve': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.public_key_exponent': { dashed_name: string; description: string; doc_values: boolean; example: number; flat_name: string; index: boolean; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.public_key_size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.serial_number': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.signature_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.subject.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.subject.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.subject.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.subject.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.subject.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.subject.organizational_unit': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.subject.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.client.x509.version_number': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.curve': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.established': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.next_protocol': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.resumed': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.certificate': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.certificate_chain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'tls.server.hash.md5': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.hash.sha1': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.hash.sha256': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.issuer': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.ja3s': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.subject': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.server.x509.alternative_names': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.issuer.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.issuer.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.issuer.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.issuer.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.issuer.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.issuer.organizational_unit': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.issuer.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.not_after': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.not_before': { dashed_name: string; description: string; example: string; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.public_key_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.public_key_curve': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.public_key_exponent': { dashed_name: string; description: string; doc_values: boolean; example: number; flat_name: string; index: boolean; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.public_key_size': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.serial_number': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.signature_algorithm': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.subject.common_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.subject.country': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.subject.distinguished_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.subject.locality': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.subject.organization': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.subject.organizational_unit': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.subject.state_or_province': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'tls.server.x509.version_number': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'tls.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'tls.version_protocol': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'trace.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'transaction.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.extension': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.fragment': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.full': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'url.original': { dashed_name: string; description: string; example: string; flat_name: string; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'url.password': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.path': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.port': { dashed_name: string; description: string; example: number; flat_name: string; format: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.query': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.registered_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.scheme': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.subdomain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.top_level_domain': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'url.username': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'user.changes.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.email': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.full_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.changes.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'user.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'user.effective.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.email': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.full_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.effective.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'user.email': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'user.full_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'user.group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'user.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'user.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'user.risk.calculated_level': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.risk.calculated_score': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.risk.calculated_score_norm': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.risk.static_level': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.risk.static_score': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.risk.static_score_norm': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'user.target.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.email': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.full_name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.group.domain': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.group.id': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.group.name': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.hash': { dashed_name: string; description: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user.target.roles': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; original_fieldset: string; short: string; type: string; }; 'user_agent.device.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'user_agent.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'user_agent.original': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'user_agent.os.family': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user_agent.os.full': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user_agent.os.kernel': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user_agent.os.name': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user_agent.os.platform': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user_agent.os.type': { dashed_name: string; description: string; example: string; expected_values: string[]; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user_agent.os.version': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; original_fieldset: string; short: string; type: string; }; 'user_agent.version': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.category': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: string[]; short: string; type: string; }; 'vulnerability.classification': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.description': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; multi_fields: { flat_name: string; name: string; type: string; }[]; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.enumeration': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.id': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.reference': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.report_id': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.scanner.vendor': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.score.base': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.score.environmental': { dashed_name: string; description: string; example: number; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.score.temporal': { dashed_name: string; description: string; flat_name: string; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.score.version': { dashed_name: string; description: string; example: number; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; 'vulnerability.severity': { dashed_name: string; description: string; example: string; flat_name: string; ignore_above: number; level: string; name: string; normalize: never[]; short: string; type: string; }; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
},
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.TMetadataFields",
|
|
"type": "Type",
|
|
"tags": [],
|
|
"label": "TMetadataFields",
|
|
"description": [],
|
|
"signature": [
|
|
"{ _index: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; type: string; documentation_url: string; }; _id: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; type: string; documentation_url: string; }; _source: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; documentation_url: string; }; _size: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; documentation_url: string; }; _doc_count: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; documentation_url: string; }; _field_names: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; documentation_url: string; }; _ignored: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; documentation_url: string; }; _routing: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; type: string; documentation_url: string; }; _meta: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; documentation_url: string; }; _tier: { dashed_name: string; description: string; example: string; flat_name: string; name: string; short: string; documentation_url: string; }; }"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
}
|
|
],
|
|
"objects": [
|
|
{
|
|
"parentPluginId": "fieldsMetadata",
|
|
"id": "def-common.fieldMetadataPlainRT",
|
|
"type": "Object",
|
|
"tags": [],
|
|
"label": "fieldMetadataPlainRT",
|
|
"description": [],
|
|
"signature": [
|
|
"IntersectionC",
|
|
"<[",
|
|
"TypeC",
|
|
"<{ name: ",
|
|
"StringC",
|
|
"; }>, ",
|
|
"PartialC",
|
|
"<{ allowed_values: ",
|
|
"ArrayC",
|
|
"<",
|
|
"IntersectionC",
|
|
"<[",
|
|
"TypeC",
|
|
"<{ description: ",
|
|
"StringC",
|
|
"; name: ",
|
|
"StringC",
|
|
"; }>, ",
|
|
"PartialC",
|
|
"<{ expected_event_types: ",
|
|
"ArrayC",
|
|
"<",
|
|
"StringC",
|
|
">; beta: ",
|
|
"StringC",
|
|
"; }>]>>; beta: ",
|
|
"StringC",
|
|
"; dashed_name: ",
|
|
"StringC",
|
|
"; description: ",
|
|
"StringC",
|
|
"; doc_values: ",
|
|
"BooleanC",
|
|
"; example: ",
|
|
"UnknownC",
|
|
"; expected_values: ",
|
|
"ArrayC",
|
|
"<",
|
|
"StringC",
|
|
">; flat_name: ",
|
|
"StringC",
|
|
"; format: ",
|
|
"StringC",
|
|
"; ignore_above: ",
|
|
"NumberC",
|
|
"; index: ",
|
|
"BooleanC",
|
|
"; input_format: ",
|
|
"StringC",
|
|
"; level: ",
|
|
"StringC",
|
|
"; multi_fields: ",
|
|
"ArrayC",
|
|
"<",
|
|
"TypeC",
|
|
"<{ flat_name: ",
|
|
"StringC",
|
|
"; name: ",
|
|
"StringC",
|
|
"; type: ",
|
|
"StringC",
|
|
"; }>>; normalize: ",
|
|
"ArrayC",
|
|
"<",
|
|
"StringC",
|
|
">; object_type: ",
|
|
"StringC",
|
|
"; original_fieldset: ",
|
|
"StringC",
|
|
"; output_format: ",
|
|
"StringC",
|
|
"; output_precision: ",
|
|
"NumberC",
|
|
"; pattern: ",
|
|
"StringC",
|
|
"; required: ",
|
|
"BooleanC",
|
|
"; scaling_factor: ",
|
|
"NumberC",
|
|
"; short: ",
|
|
"StringC",
|
|
"; source: ",
|
|
"KeyofC",
|
|
"<{ ecs: null; integration: null; metadata: null; unknown: null; }>; type: ",
|
|
"StringC",
|
|
"; documentation_url: ",
|
|
"StringC",
|
|
"; }>]>"
|
|
],
|
|
"path": "x-pack/platform/plugins/shared/fields_metadata/common/fields_metadata/types.ts",
|
|
"deprecated": false,
|
|
"trackAdoption": false,
|
|
"initialIsOpen": false
|
|
}
|
|
]
|
|
}
|
|
} |