github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/api_docs/kbn_alerts_as_data_utils.devdocs.json

477 lines
No EOL
348 KiB
JSON
Raw Blame History

{
"id": "@kbn/alerts-as-data-utils",
"client": {
"classes": [],
"functions": [],
"interfaces": [],
"enums": [],
"misc": [],
"objects": []
},
"server": {
"classes": [],
"functions": [],
"interfaces": [],
"enums": [],
"misc": [],
"objects": []
},
"common": {
"classes": [],
"functions": [
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.buildAlertFieldsRequest",
"type": "Function",
"tags": [],
"label": "buildAlertFieldsRequest",
"description": [],
"signature": [
"(fields: string[], excludeEcsData?: boolean | undefined) => { format?: string | undefined; field: string; include_unmapped: boolean; }[]"
],
"path": "packages/kbn-alerts-as-data-utils/src/search/security/build_fields_request.ts",
"deprecated": false,
"trackAdoption": false,
"children": [
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.buildAlertFieldsRequest.$1",
"type": "Array",
"tags": [],
"label": "fields",
"description": [],
"signature": [
"string[]"
],
"path": "packages/kbn-alerts-as-data-utils/src/search/security/build_fields_request.ts",
"deprecated": false,
"trackAdoption": false,
"isRequired": true
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.buildAlertFieldsRequest.$2",
"type": "CompoundType",
"tags": [],
"label": "excludeEcsData",
"description": [],
"signature": [
"boolean | undefined"
],
"path": "packages/kbn-alerts-as-data-utils/src/search/security/build_fields_request.ts",
"deprecated": false,
"trackAdoption": false,
"isRequired": false
}
],
"returnComment": [],
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.createSchemaFromFieldMap",
"type": "Function",
"tags": [],
"label": "createSchemaFromFieldMap",
"description": [],
"signature": [
"({ outputFile, fieldMap, schemaPrefix, useAlert, useEcs, useLegacyAlerts, flattened, }: CreateSchemaFromFieldMapOpts) => void"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/create_schema_from_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"children": [
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.createSchemaFromFieldMap.$1",
"type": "Object",
"tags": [],
"label": "{\n outputFile,\n fieldMap,\n schemaPrefix,\n useAlert = false,\n useEcs = false,\n useLegacyAlerts = false,\n flattened = false,\n}",
"description": [],
"signature": [
"CreateSchemaFromFieldMapOpts"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/create_schema_from_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"isRequired": true
}
],
"returnComment": [],
"initialIsOpen": false
}
],
"interfaces": [
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.FieldMap",
"type": "Interface",
"tags": [],
"label": "FieldMap",
"description": [],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/types.ts",
"deprecated": false,
"trackAdoption": false,
"children": [
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.FieldMap.Unnamed",
"type": "IndexSignature",
"tags": [],
"label": "[key: string]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; ... 4 more ...; dynamic?: boolean | ... 1 more ... | undefined; }",
"description": [],
"signature": [
"[key: string]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; multi_fields?: ",
{
"pluginId": "@kbn/alerts-as-data-utils",
"scope": "common",
"docId": "kibKbnAlertsAsDataUtilsPluginApi",
"section": "def-common.MultiField",
"text": "MultiField"
},
"[] | undefined; index?: boolean | undefined; path?: string | undefined; scaling_factor?: number | undefined; dynamic?: boolean | \"strict\" | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/types.ts",
"deprecated": false,
"trackAdoption": false
}
],
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.MultiField",
"type": "Interface",
"tags": [],
"label": "MultiField",
"description": [],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/types.ts",
"deprecated": false,
"trackAdoption": false,
"children": [
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.MultiField.flat_name",
"type": "string",
"tags": [],
"label": "flat_name",
"description": [],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/types.ts",
"deprecated": false,
"trackAdoption": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.MultiField.name",
"type": "string",
"tags": [],
"label": "name",
"description": [],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/types.ts",
"deprecated": false,
"trackAdoption": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.MultiField.type",
"type": "string",
"tags": [],
"label": "type",
"description": [],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/types.ts",
"deprecated": false,
"trackAdoption": false
}
],
"initialIsOpen": false
}
],
"enums": [],
"misc": [
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.AADAlert",
"type": "Type",
"tags": [],
"label": "AADAlert",
"description": [],
"signature": [
"({ '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; }) | ({} & { agent?: { name?: string | undefined; } | undefined; error?: { grouping_key?: string | undefined; grouping_name?: string | undefined; } | undefined; kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; processor?: { event?: string | undefined; } | undefined; service?: { environment?: string | undefined; language?: { name?: string | undefined; } | undefined; name?: string | undefined; } | undefined; transaction?: { name?: string | undefined; type?: string | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }) | ({} & { kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & { '@timestamp': string; ecs: { version: string; }; } & { agent?: { build?: { original?: string | undefined; } | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; client?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; cloud?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; origin?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; target?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; } | undefined; container?: { cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; id?: string | undefined; image?: { hash?: { all?: string[] | undefined; } | undefined; name?: string | undefined; tag?: string[] | undefined; } | undefined; memory?: { usage?: string | number | undefined; } | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; } | undefined; } | undefined; runtime?: string | undefined; } | undefined; destination?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; device?: { id?: string | undefined; manufacturer?: string | undefined; model?: { identifier?: string | undefined; name?: string | undefined; } | undefined; } | undefined; dll?: { code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; name?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; } | undefined; dns?: { answers?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; header_flags?: string[] | undefined; id?: string | undefined; op_code?: string | undefined; question?: { class?: string | undefined; name?: string | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; type?: string | undefined; } | undefined; resolved_ip?: string[] | undefined; response_code?: string | undefined; type?: string | undefined; } | undefined; email?: { attachments?: { file?: { extension?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; mime_type?: string | undefined; name?: string | undefined; size?: string | number | undefined; } | undefined; }[] | undefined; bcc?: { address?: string[] | undefined; } | undefined; cc?: { address?: string[] | undefined; } | undefined; content_type?: string | undefined; delivery_timestamp?: string | undefined; direction?: string | undefined; from?: { address?: string[] | undefined; } | undefined; local_id?: string | undefined; message_id?: string | undefined; origination_timestamp?: string | undefined; reply_to?: { address?: string[] | undefined; } | undefined; sender?: { address?: string | undefined; } | undefined; subject?: string | undefined; to?: { address?: string[] | undefined; } | undefined; x_mailer?: string | undefined; } | undefined; error?: { code?: string | undefined; id?: string | undefined; message?: string | undefined; stack_trace?: string | undefined; type?: string | undefined; } | undefined; event?: { action?: string | undefined; agent_id_status?: string | undefined; category?: string[] | undefined; code?: string | undefined; created?: string | undefined; dataset?: string | undefined; duration?: string | number | undefined; end?: string | undefined; hash?: string | undefined; id?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; outcome?: string | undefined; provider?: string | undefined; reason?: string | undefined; reference?: string | undefined; risk_score?: number | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; severity?: string | number | undefined; start?: string | undefined; timezone?: string | undefined; type?: string[] | undefined; url?: string | undefined; } | undefined; faas?: { coldstart?: boolean | undefined; execution?: string | undefined; id?: string | undefined; name?: string | undefined; version?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; host?: { architecture?: string | undefined; boot?: { id?: string | undefined; } | undefined; cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; id?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; } | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; pid_ns_ino?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; type?: string | undefined; uptime?: string | number | undefined; } | undefined; http?: { request?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; id?: string | undefined; method?: string | undefined; mime_type?: string | undefined; referrer?: string | undefined; } | undefined; response?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; mime_type?: string | undefined; status_code?: string | number | undefined; } | undefined; version?: string | undefined; } | undefined; log?: { file?: { path?: string | undefined; } | undefined; level?: string | undefined; logger?: string | undefined; origin?: { file?: { line?: string | number | undefined; name?: string | undefined; } | undefined; function?: string | undefined; } | undefined; } | undefined; message?: string | undefined; network?: { application?: string | undefined; bytes?: string | number | undefined; community_id?: string | undefined; direction?: string | undefined; forwarded_ip?: string | undefined; iana_number?: string | undefined; name?: string | undefined; packets?: string | number | undefined; protocol?: string | undefined; transport?: string | undefined; type?: string | undefined; vlan?: { id?: string | undefined; name?: string | undefined; } | undefined; } | undefined; observer?: { geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; product?: string | undefined; serial_number?: string | undefined; type?: string | undefined; vendor?: string | undefined; version?: string | undefined; } | undefined; orchestrator?: { api_version?: string | undefined; cluster?: { id?: string | undefined; name?: string | undefined; url?: string | undefined; version?: string | undefined; } | undefined; namespace?: string | undefined; organization?: string | undefined; resource?: { id?: string | undefined; ip?: string[] | undefined; name?: string | undefined; parent?: { type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; organization?: { id?: string | undefined; name?: string | undefined; } | undefined; package?: { architecture?: string | undefined; build_version?: string | undefined; checksum?: string | undefined; description?: string | undefined; install_scope?: string | undefined; installed?: string | undefined; license?: string | undefined; name?: string | undefined; path?: string | undefined; reference?: string | undefined; size?: string | number | undefined; type?: string | undefined; version?: string | undefined; } | undefined; process?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; entry_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; attested_groups?: { name?: string | undefined; } | undefined; attested_user?: { id?: string | undefined; name?: string | undefined; } | undefined; command_line?: string | undefined; entity_id?: string | undefined; entry_meta?: { source?: { ip?: string | undefined; } | undefined; type?: string | undefined; } | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; env_vars?: string[] | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; group_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; previous?: { args?: string[] | undefined; args_count?: string | number | undefined; executable?: string | undefined; } | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; session_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; related?: { hash?: string[] | undefined; hosts?: string[] | undefined; ip?: string[] | undefined; user?: string[] | undefined; } | undefined; rule?: { author?: string[] | undefined; category?: string | undefined; description?: string | undefined; id?: string | undefined; license?: string | undefined; name?: string | undefined; reference?: string | undefined; ruleset?: string | undefined; uuid?: string | undefined; version?: string | undefined; } | undefined; server?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; service?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; origin?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; state?: string | undefined; target?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; type?: string | undefined; version?: string | undefined; } | undefined; source?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; span?: { id?: string | undefined; } | undefined; tags?: string[] | undefined; threat?: { enrichments?: { matched?: { atomic?: string | undefined; field?: string | undefined; id?: string | undefined; index?: string | undefined; occurred?: string | undefined; type?: string | undefined; } | undefined; }[] | undefined; feed?: { dashboard_id?: string | undefined; description?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; framework?: string | undefined; group?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; indicator?: { as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; confidence?: string | undefined; description?: string | undefined; email?: { address?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; first_seen?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; last_seen?: string | undefined; marking?: { tlp?: string | undefined; tlp_version?: string | undefined; } | undefined; modified_at?: string | undefined; port?: string | number | undefined; provider?: string | undefined; reference?: string | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; scanner_stats?: string | number | undefined; sightings?: string | number | undefined; type?: string | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; software?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; platforms?: string[] | undefined; reference?: string | undefined; type?: string | undefined; } | undefined; tactic?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; technique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; subtechnique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; } | undefined; } | undefined; tls?: { cipher?: string | undefined; client?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; server_name?: string | undefined; subject?: string | undefined; supported_ciphers?: string[] | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; curve?: string | undefined; established?: boolean | undefined; next_protocol?: string | undefined; resumed?: boolean | undefined; server?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3s?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; subject?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; version?: string | undefined; version_protocol?: string | undefined; } | undefined; trace?: { id?: string | undefined; } | undefined; transaction?: { id?: string | undefined; } | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; user?: { changes?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; domain?: string | undefined; effective?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; roles?: string[] | undefined; target?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; user_agent?: { device?: { name?: string | undefined; } | undefined; name?: string | undefined; original?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; version?: string | undefined; } | undefined; vulnerability?: { category?: string[] | undefined; classification?: string | undefined; description?: string | undefined; enumeration?: string | undefined; id?: string | undefined; reference?: string | undefined; report_id?: string | undefined; scanner?: { vendor?: string | undefined; } | undefined; score?: { base?: number | undefined; environmental?: number | undefined; temporal?: number | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; } | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }) | ({} & { kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & { '@timestamp': string; ecs: { version: string; }; } & { agent?: { build?: { original?: string | undefined; } | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; client?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; cloud?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; origin?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; target?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; } | undefined; container?: { cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; id?: string | undefined; image?: { hash?: { all?: string[] | undefined; } | undefined; name?: string | undefined; tag?: string[] | undefined; } | undefined; memory?: { usage?: string | number | undefined; } | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; } | undefined; } | undefined; runtime?: string | undefined; } | undefined; destination?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; device?: { id?: string | undefined; manufacturer?: string | undefined; model?: { identifier?: string | undefined; name?: string | undefined; } | undefined; } | undefined; dll?: { code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; name?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; } | undefined; dns?: { answers?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; header_flags?: string[] | undefined; id?: string | undefined; op_code?: string | undefined; question?: { class?: string | undefined; name?: string | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; type?: string | undefined; } | undefined; resolved_ip?: string[] | undefined; response_code?: string | undefined; type?: string | undefined; } | undefined; email?: { attachments?: { file?: { extension?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; mime_type?: string | undefined; name?: string | undefined; size?: string | number | undefined; } | undefined; }[] | undefined; bcc?: { address?: string[] | undefined; } | undefined; cc?: { address?: string[] | undefined; } | undefined; content_type?: string | undefined; delivery_timestamp?: string | undefined; direction?: string | undefined; from?: { address?: string[] | undefined; } | undefined; local_id?: string | undefined; message_id?: string | undefined; origination_timestamp?: string | undefined; reply_to?: { address?: string[] | undefined; } | undefined; sender?: { address?: string | undefined; } | undefined; subject?: string | undefined; to?: { address?: string[] | undefined; } | undefined; x_mailer?: string | undefined; } | undefined; error?: { code?: string | undefined; id?: string | undefined; message?: string | undefined; stack_trace?: string | undefined; type?: string | undefined; } | undefined; event?: { action?: string | undefined; agent_id_status?: string | undefined; category?: string[] | undefined; code?: string | undefined; created?: string | undefined; dataset?: string | undefined; duration?: string | number | undefined; end?: string | undefined; hash?: string | undefined; id?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; outcome?: string | undefined; provider?: string | undefined; reason?: string | undefined; reference?: string | undefined; risk_score?: number | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; severity?: string | number | undefined; start?: string | undefined; timezone?: string | undefined; type?: string[] | undefined; url?: string | undefined; } | undefined; faas?: { coldstart?: boolean | undefined; execution?: string | undefined; id?: string | undefined; name?: string | undefined; version?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; host?: { architecture?: string | undefined; boot?: { id?: string | undefined; } | undefined; cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; id?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; } | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; pid_ns_ino?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; type?: string | undefined; uptime?: string | number | undefined; } | undefined; http?: { request?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; id?: string | undefined; method?: string | undefined; mime_type?: string | undefined; referrer?: string | undefined; } | undefined; response?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; mime_type?: string | undefined; status_code?: string | number | undefined; } | undefined; version?: string | undefined; } | undefined; log?: { file?: { path?: string | undefined; } | undefined; level?: string | undefined; logger?: string | undefined; origin?: { file?: { line?: string | number | undefined; name?: string | undefined; } | undefined; function?: string | undefined; } | undefined; } | undefined; message?: string | undefined; network?: { application?: string | undefined; bytes?: string | number | undefined; community_id?: string | undefined; direction?: string | undefined; forwarded_ip?: string | undefined; iana_number?: string | undefined; name?: string | undefined; packets?: string | number | undefined; protocol?: string | undefined; transport?: string | undefined; type?: string | undefined; vlan?: { id?: string | undefined; name?: string | undefined; } | undefined; } | undefined; observer?: { geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; product?: string | undefined; serial_number?: string | undefined; type?: string | undefined; vendor?: string | undefined; version?: string | undefined; } | undefined; orchestrator?: { api_version?: string | undefined; cluster?: { id?: string | undefined; name?: string | undefined; url?: string | undefined; version?: string | undefined; } | undefined; namespace?: string | undefined; organization?: string | undefined; resource?: { id?: string | undefined; ip?: string[] | undefined; name?: string | undefined; parent?: { type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; organization?: { id?: string | undefined; name?: string | undefined; } | undefined; package?: { architecture?: string | undefined; build_version?: string | undefined; checksum?: string | undefined; description?: string | undefined; install_scope?: string | undefined; installed?: string | undefined; license?: string | undefined; name?: string | undefined; path?: string | undefined; reference?: string | undefined; size?: string | number | undefined; type?: string | undefined; version?: string | undefined; } | undefined; process?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; entry_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; attested_groups?: { name?: string | undefined; } | undefined; attested_user?: { id?: string | undefined; name?: string | undefined; } | undefined; command_line?: string | undefined; entity_id?: string | undefined; entry_meta?: { source?: { ip?: string | undefined; } | undefined; type?: string | undefined; } | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; env_vars?: string[] | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; group_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; previous?: { args?: string[] | undefined; args_count?: string | number | undefined; executable?: string | undefined; } | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; session_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; related?: { hash?: string[] | undefined; hosts?: string[] | undefined; ip?: string[] | undefined; user?: string[] | undefined; } | undefined; rule?: { author?: string[] | undefined; category?: string | undefined; description?: string | undefined; id?: string | undefined; license?: string | undefined; name?: string | undefined; reference?: string | undefined; ruleset?: string | undefined; uuid?: string | undefined; version?: string | undefined; } | undefined; server?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; service?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; origin?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; state?: string | undefined; target?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; type?: string | undefined; version?: string | undefined; } | undefined; source?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; span?: { id?: string | undefined; } | undefined; tags?: string[] | undefined; threat?: { enrichments?: { matched?: { atomic?: string | undefined; field?: string | undefined; id?: string | undefined; index?: string | undefined; occurred?: string | undefined; type?: string | undefined; } | undefined; }[] | undefined; feed?: { dashboard_id?: string | undefined; description?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; framework?: string | undefined; group?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; indicator?: { as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; confidence?: string | undefined; description?: string | undefined; email?: { address?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; first_seen?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; last_seen?: string | undefined; marking?: { tlp?: string | undefined; tlp_version?: string | undefined; } | undefined; modified_at?: string | undefined; port?: string | number | undefined; provider?: string | undefined; reference?: string | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; scanner_stats?: string | number | undefined; sightings?: string | number | undefined; type?: string | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; software?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; platforms?: string[] | undefined; reference?: string | undefined; type?: string | undefined; } | undefined; tactic?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; technique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; subtechnique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; } | undefined; } | undefined; tls?: { cipher?: string | undefined; client?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; server_name?: string | undefined; subject?: string | undefined; supported_ciphers?: string[] | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; curve?: string | undefined; established?: boolean | undefined; next_protocol?: string | undefined; resumed?: boolean | undefined; server?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3s?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; subject?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; version?: string | undefined; version_protocol?: string | undefined; } | undefined; trace?: { id?: string | undefined; } | undefined; transaction?: { id?: string | undefined; } | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; user?: { changes?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; domain?: string | undefined; effective?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; roles?: string[] | undefined; target?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; user_agent?: { device?: { name?: string | undefined; } | undefined; name?: string | undefined; original?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; version?: string | undefined; } | undefined; vulnerability?: { category?: string[] | undefined; classification?: string | undefined; description?: string | undefined; enumeration?: string | undefined; id?: string | undefined; reference?: string | undefined; report_id?: string | undefined; scanner?: { vendor?: string | undefined; } | undefined; score?: { base?: number | undefined; environmental?: number | undefined; temporal?: number | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; } | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }) | ({} & { kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; slo?: { id?: string | undefined; instanceId?: string | undefined; revision?: string | number | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }) | ({} & { agent?: { name?: string | undefined; } | undefined; anomaly?: { bucket_span?: { minutes?: string | undefined; } | undefined; start?: string | undefined; } | undefined; error?: { message?: string | undefined; } | undefined; kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; monitor?: { id?: string | undefined; name?: string | undefined; type?: string | undefined; } | undefined; observer?: { geo?: { name?: string | undefined; } | undefined; } | undefined; tls?: { server?: { hash?: { sha256?: string | undefined; } | undefined; x509?: { issuer?: { common_name?: string | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; subject?: { common_name?: string | undefined; } | undefined; } | undefined; } | undefined; } | undefined; url?: { full?: string | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }) | ({ '@timestamp': string; kibana: { alert: { ancestors: { depth: string | number; id: string; index: string; type: string; }[]; depth: string | number; instance: { id: string; }; original_event: { action: string; category: string[]; created: string; dataset: string; id: string; ingested: string; kind: string; module: string; original: string; outcome: string; provider: string; sequence: string | number; type: string[]; }; original_time: string; rule: { category: string; consumer: string; false_positives: string[]; max_signals: (string | number)[]; name: string; producer: string; revision: string | number; rule_type_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique: { id: string; name: string; reference: string; subtechnique: { id: string; name: string; reference: string; }; }; }; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { ecs?: { version?: string | undefined; } | undefined; event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; ancestors?: { rule?: string | undefined; } | undefined; building_block_type?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; group?: { id?: string | undefined; index?: number | undefined; } | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; new_terms?: string[] | undefined; original_event?: { agent_id_status?: string | undefined; code?: string | undefined; duration?: string | undefined; end?: string | undefined; hash?: string | undefined; reason?: string | undefined; reference?: string | undefined; risk_score?: number | undefined; risk_score_norm?: number | undefined; severity?: string | number | undefined; start?: string | undefined; timezone?: string | undefined; url?: string | undefined; } | undefined; reason?: string | undefined; risk_score?: number | undefined; rule?: { author?: string | undefined; building_block_type?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; execution?: { uuid?: string | undefined; } | undefined; from?: string | undefined; immutable?: string[] | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; parameters?: unknown; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; tags?: string[] | undefined; timeline_id?: string[] | undefined; timeline_title?: string[] | undefined; timestamp_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; start?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; threshold_result?: { count?: string | number | undefined; from?: string | undefined; terms?: { field?: string | undefined; value?: string | undefined; }[] | undefined; } | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_reason?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; workflow_user?: string | undefined; } | undefined; version?: string | undefined; } | undefined; signal?: { ancestors?: { depth?: unknown; id?: unknown; index?: unknown; type?: unknown; } | undefined; depth?: unknown; group?: { id?: unknown; index?: unknown; } | undefined; original_event?: { action?: unknown; category?: unknown; code?: unknown; created?: unknown; dataset?: unknown; duration?: unknown; end?: unknown; hash?: unknown; id?: unknown; kind?: unknown; module?: unknown; outcome?: unknown; provider?: unknown; reason?: unknown; risk_score?: unknown; risk_score_norm?: unknown; sequence?: unknown; severity?: unknown; start?: unknown; timezone?: unknown; type?: unknown; } | undefined; original_time?: unknown; reason?: unknown; rule?: { author?: unknown; building_block_type?: unknown; created_at?: unknown; created_by?: unknown; description?: unknown; enabled?: unknown; false_positives?: unknown; from?: unknown; id?: unknown; immutable?: unknown; interval?: unknown; license?: unknown; max_signals?: unknown; name?: unknown; note?: unknown; references?: unknown; risk_score?: unknown; rule_id?: unknown; rule_name_override?: unknown; severity?: unknown; tags?: unknown; threat?: { framework?: unknown; tactic?: { id?: unknown; name?: unknown; reference?: unknown; } | undefined; technique?: { id?: unknown; name?: unknown; reference?: unknown; subtechnique?: { id?: unknown; name?: unknown; reference?: unknown; } | undefined; } | undefined; } | undefined; timeline_id?: unknown; timeline_title?: unknown; timestamp_override?: unknown; to?: unknown; type?: unknown; updated_at?: unknown; updated_by?: unknown; version?: unknown; } | undefined; status?: unknown; threshold_result?: { cardinality?: { field?: unknown; value?: unknown; } | undefined; count?: unknown; from?: unknown; terms?: { field?: unknown; value?: unknown; } | undefined; } | undefined; } | undefined; tags?: string[] | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & { '@timestamp': string; ecs: { version: string; }; } & { agent?: { build?: { original?: string | undefined; } | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; client?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; cloud?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; origin?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; target?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; } | undefined; container?: { cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; id?: string | undefined; image?: { hash?: { all?: string[] | undefined; } | undefined; name?: string | undefined; tag?: string[] | undefined; } | undefined; memory?: { usage?: string | number | undefined; } | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; } | undefined; } | undefined; runtime?: string | undefined; } | undefined; destination?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; device?: { id?: string | undefined; manufacturer?: string | undefined; model?: { identifier?: string | undefined; name?: string | undefined; } | undefined; } | undefined; dll?: { code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; name?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; } | undefined; dns?: { answers?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; header_flags?: string[] | undefined; id?: string | undefined; op_code?: string | undefined; question?: { class?: string | undefined; name?: string | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; type?: string | undefined; } | undefined; resolved_ip?: string[] | undefined; response_code?: string | undefined; type?: string | undefined; } | undefined; email?: { attachments?: { file?: { extension?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; mime_type?: string | undefined; name?: string | undefined; size?: string | number | undefined; } | undefined; }[] | undefined; bcc?: { address?: string[] | undefined; } | undefined; cc?: { address?: string[] | undefined; } | undefined; content_type?: string | undefined; delivery_timestamp?: string | undefined; direction?: string | undefined; from?: { address?: string[] | undefined; } | undefined; local_id?: string | undefined; message_id?: string | undefined; origination_timestamp?: string | undefined; reply_to?: { address?: string[] | undefined; } | undefined; sender?: { address?: string | undefined; } | undefined; subject?: string | undefined; to?: { address?: string[] | undefined; } | undefined; x_mailer?: string | undefined; } | undefined; error?: { code?: string | undefined; id?: string | undefined; message?: string | undefined; stack_trace?: string | undefined; type?: string | undefined; } | undefined; event?: { action?: string | undefined; agent_id_status?: string | undefined; category?: string[] | undefined; code?: string | undefined; created?: string | undefined; dataset?: string | undefined; duration?: string | number | undefined; end?: string | undefined; hash?: string | undefined; id?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; outcome?: string | undefined; provider?: string | undefined; reason?: string | undefined; reference?: string | undefined; risk_score?: number | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; severity?: string | number | undefined; start?: string | undefined; timezone?: string | undefined; type?: string[] | undefined; url?: string | undefined; } | undefined; faas?: { coldstart?: boolean | undefined; execution?: string | undefined; id?: string | undefined; name?: string | undefined; version?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; host?: { architecture?: string | undefined; boot?: { id?: string | undefined; } | undefined; cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; id?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; } | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; pid_ns_ino?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; type?: string | undefined; uptime?: string | number | undefined; } | undefined; http?: { request?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; id?: string | undefined; method?: string | undefined; mime_type?: string | undefined; referrer?: string | undefined; } | undefined; response?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; mime_type?: string | undefined; status_code?: string | number | undefined; } | undefined; version?: string | undefined; } | undefined; log?: { file?: { path?: string | undefined; } | undefined; level?: string | undefined; logger?: string | undefined; origin?: { file?: { line?: string | number | undefined; name?: string | undefined; } | undefined; function?: string | undefined; } | undefined; } | undefined; message?: string | undefined; network?: { application?: string | undefined; bytes?: string | number | undefined; community_id?: string | undefined; direction?: string | undefined; forwarded_ip?: string | undefined; iana_number?: string | undefined; name?: string | undefined; packets?: string | number | undefined; protocol?: string | undefined; transport?: string | undefined; type?: string | undefined; vlan?: { id?: string | undefined; name?: string | undefined; } | undefined; } | undefined; observer?: { geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; product?: string | undefined; serial_number?: string | undefined; type?: string | undefined; vendor?: string | undefined; version?: string | undefined; } | undefined; orchestrator?: { api_version?: string | undefined; cluster?: { id?: string | undefined; name?: string | undefined; url?: string | undefined; version?: string | undefined; } | undefined; namespace?: string | undefined; organization?: string | undefined; resource?: { id?: string | undefined; ip?: string[] | undefined; name?: string | undefined; parent?: { type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; organization?: { id?: string | undefined; name?: string | undefined; } | undefined; package?: { architecture?: string | undefined; build_version?: string | undefined; checksum?: string | undefined; description?: string | undefined; install_scope?: string | undefined; installed?: string | undefined; license?: string | undefined; name?: string | undefined; path?: string | undefined; reference?: string | undefined; size?: string | number | undefined; type?: string | undefined; version?: string | undefined; } | undefined; process?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; entry_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; attested_groups?: { name?: string | undefined; } | undefined; attested_user?: { id?: string | undefined; name?: string | undefined; } | undefined; command_line?: string | undefined; entity_id?: string | undefined; entry_meta?: { source?: { ip?: string | undefined; } | undefined; type?: string | undefined; } | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; env_vars?: string[] | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; group_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; previous?: { args?: string[] | undefined; args_count?: string | number | undefined; executable?: string | undefined; } | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; session_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; related?: { hash?: string[] | undefined; hosts?: string[] | undefined; ip?: string[] | undefined; user?: string[] | undefined; } | undefined; rule?: { author?: string[] | undefined; category?: string | undefined; description?: string | undefined; id?: string | undefined; license?: string | undefined; name?: string | undefined; reference?: string | undefined; ruleset?: string | undefined; uuid?: string | undefined; version?: string | undefined; } | undefined; server?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; service?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; origin?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; state?: string | undefined; target?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; type?: string | undefined; version?: string | undefined; } | undefined; source?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; span?: { id?: string | undefined; } | undefined; tags?: string[] | undefined; threat?: { enrichments?: { matched?: { atomic?: string | undefined; field?: string | undefined; id?: string | undefined; index?: string | undefined; occurred?: string | undefined; type?: string | undefined; } | undefined; }[] | undefined; feed?: { dashboard_id?: string | undefined; description?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; framework?: string | undefined; group?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; indicator?: { as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; confidence?: string | undefined; description?: string | undefined; email?: { address?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; first_seen?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; last_seen?: string | undefined; marking?: { tlp?: string | undefined; tlp_version?: string | undefined; } | undefined; modified_at?: string | undefined; port?: string | number | undefined; provider?: string | undefined; reference?: string | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; scanner_stats?: string | number | undefined; sightings?: string | number | undefined; type?: string | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; software?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; platforms?: string[] | undefined; reference?: string | undefined; type?: string | undefined; } | undefined; tactic?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; technique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; subtechnique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; } | undefined; } | undefined; tls?: { cipher?: string | undefined; client?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; server_name?: string | undefined; subject?: string | undefined; supported_ciphers?: string[] | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; curve?: string | undefined; established?: boolean | undefined; next_protocol?: string | undefined; resumed?: boolean | undefined; server?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3s?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; subject?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; version?: string | undefined; version_protocol?: string | undefined; } | undefined; trace?: { id?: string | undefined; } | undefined; transaction?: { id?: string | undefined; } | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; user?: { changes?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; domain?: string | undefined; effective?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; roles?: string[] | undefined; target?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; user_agent?: { device?: { name?: string | undefined; } | undefined; name?: string | undefined; original?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; version?: string | undefined; } | undefined; vulnerability?: { category?: string[] | undefined; classification?: string | undefined; description?: string | undefined; enumeration?: string | undefined; id?: string | undefined; reference?: string | undefined; report_id?: string | undefined; scanner?: { vendor?: string | undefined; } | undefined; score?: { base?: number | undefined; environmental?: number | undefined; temporal?: number | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; } | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; })"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/index.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.Alert",
"type": "Type",
"tags": [],
"label": "Alert",
"description": [],
"signature": [
"{ '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.ALERT_EVENTS_FIELDS",
"type": "Array",
"tags": [],
"label": "ALERT_EVENTS_FIELDS",
"description": [],
"signature": [
"string[]"
],
"path": "packages/kbn-alerts-as-data-utils/src/search/security/fields.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.AlertFieldMap",
"type": "Type",
"tags": [],
"label": "AlertFieldMap",
"description": [],
"signature": [
"{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.EcsFieldMap",
"type": "Type",
"tags": [],
"label": "EcsFieldMap",
"description": [],
"signature": [
{
"pluginId": "@kbn/alerts-as-data-utils",
"scope": "common",
"docId": "kibKbnAlertsAsDataUtilsPluginApi",
"section": "def-common.FieldMap",
"text": "FieldMap"
}
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/ecs_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.ExperimentalRuleFieldMap",
"type": "Type",
"tags": [],
"label": "ExperimentalRuleFieldMap",
"description": [],
"signature": [
"{ readonly \"kibana.alert.evaluation.threshold\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.evaluation.value\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.context\": { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.evaluation.values\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; readonly array: true; }; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/legacy_experimental_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.LegacyAlertFieldMap",
"type": "Type",
"tags": [],
"label": "LegacyAlertFieldMap",
"description": [],
"signature": [
"{ readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/legacy_alert_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.ObservabilityApmAlert",
"type": "Type",
"tags": [],
"label": "ObservabilityApmAlert",
"description": [],
"signature": [
"{} & { agent?: { name?: string | undefined; } | undefined; error?: { grouping_key?: string | undefined; grouping_name?: string | undefined; } | undefined; kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; processor?: { event?: string | undefined; } | undefined; service?: { environment?: string | undefined; language?: { name?: string | undefined; } | undefined; name?: string | undefined; } | undefined; transaction?: { name?: string | undefined; type?: string | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_apm_schema.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.ObservabilityLogsAlert",
"type": "Type",
"tags": [],
"label": "ObservabilityLogsAlert",
"description": [],
"signature": [
"{} & { kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & { '@timestamp': string; ecs: { version: string; }; } & { agent?: { build?: { original?: string | undefined; } | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; client?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; cloud?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; origin?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; target?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; } | undefined; container?: { cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; id?: string | undefined; image?: { hash?: { all?: string[] | undefined; } | undefined; name?: string | undefined; tag?: string[] | undefined; } | undefined; memory?: { usage?: string | number | undefined; } | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; } | undefined; } | undefined; runtime?: string | undefined; } | undefined; destination?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; device?: { id?: string | undefined; manufacturer?: string | undefined; model?: { identifier?: string | undefined; name?: string | undefined; } | undefined; } | undefined; dll?: { code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; name?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; } | undefined; dns?: { answers?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; header_flags?: string[] | undefined; id?: string | undefined; op_code?: string | undefined; question?: { class?: string | undefined; name?: string | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; type?: string | undefined; } | undefined; resolved_ip?: string[] | undefined; response_code?: string | undefined; type?: string | undefined; } | undefined; email?: { attachments?: { file?: { extension?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; mime_type?: string | undefined; name?: string | undefined; size?: string | number | undefined; } | undefined; }[] | undefined; bcc?: { address?: string[] | undefined; } | undefined; cc?: { address?: string[] | undefined; } | undefined; content_type?: string | undefined; delivery_timestamp?: string | undefined; direction?: string | undefined; from?: { address?: string[] | undefined; } | undefined; local_id?: string | undefined; message_id?: string | undefined; origination_timestamp?: string | undefined; reply_to?: { address?: string[] | undefined; } | undefined; sender?: { address?: string | undefined; } | undefined; subject?: string | undefined; to?: { address?: string[] | undefined; } | undefined; x_mailer?: string | undefined; } | undefined; error?: { code?: string | undefined; id?: string | undefined; message?: string | undefined; stack_trace?: string | undefined; type?: string | undefined; } | undefined; event?: { action?: string | undefined; agent_id_status?: string | undefined; category?: string[] | undefined; code?: string | undefined; created?: string | undefined; dataset?: string | undefined; duration?: string | number | undefined; end?: string | undefined; hash?: string | undefined; id?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; outcome?: string | undefined; provider?: string | undefined; reason?: string | undefined; reference?: string | undefined; risk_score?: number | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; severity?: string | number | undefined; start?: string | undefined; timezone?: string | undefined; type?: string[] | undefined; url?: string | undefined; } | undefined; faas?: { coldstart?: boolean | undefined; execution?: string | undefined; id?: string | undefined; name?: string | undefined; version?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; host?: { architecture?: string | undefined; boot?: { id?: string | undefined; } | undefined; cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; id?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; } | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; pid_ns_ino?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; type?: string | undefined; uptime?: string | number | undefined; } | undefined; http?: { request?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; id?: string | undefined; method?: string | undefined; mime_type?: string | undefined; referrer?: string | undefined; } | undefined; response?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; mime_type?: string | undefined; status_code?: string | number | undefined; } | undefined; version?: string | undefined; } | undefined; log?: { file?: { path?: string | undefined; } | undefined; level?: string | undefined; logger?: string | undefined; origin?: { file?: { line?: string | number | undefined; name?: string | undefined; } | undefined; function?: string | undefined; } | undefined; } | undefined; message?: string | undefined; network?: { application?: string | undefined; bytes?: string | number | undefined; community_id?: string | undefined; direction?: string | undefined; forwarded_ip?: string | undefined; iana_number?: string | undefined; name?: string | undefined; packets?: string | number | undefined; protocol?: string | undefined; transport?: string | undefined; type?: string | undefined; vlan?: { id?: string | undefined; name?: string | undefined; } | undefined; } | undefined; observer?: { geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; product?: string | undefined; serial_number?: string | undefined; type?: string | undefined; vendor?: string | undefined; version?: string | undefined; } | undefined; orchestrator?: { api_version?: string | undefined; cluster?: { id?: string | undefined; name?: string | undefined; url?: string | undefined; version?: string | undefined; } | undefined; namespace?: string | undefined; organization?: string | undefined; resource?: { id?: string | undefined; ip?: string[] | undefined; name?: string | undefined; parent?: { type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; organization?: { id?: string | undefined; name?: string | undefined; } | undefined; package?: { architecture?: string | undefined; build_version?: string | undefined; checksum?: string | undefined; description?: string | undefined; install_scope?: string | undefined; installed?: string | undefined; license?: string | undefined; name?: string | undefined; path?: string | undefined; reference?: string | undefined; size?: string | number | undefined; type?: string | undefined; version?: string | undefined; } | undefined; process?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; entry_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; attested_groups?: { name?: string | undefined; } | undefined; attested_user?: { id?: string | undefined; name?: string | undefined; } | undefined; command_line?: string | undefined; entity_id?: string | undefined; entry_meta?: { source?: { ip?: string | undefined; } | undefined; type?: string | undefined; } | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; env_vars?: string[] | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; group_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; previous?: { args?: string[] | undefined; args_count?: string | number | undefined; executable?: string | undefined; } | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; session_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; related?: { hash?: string[] | undefined; hosts?: string[] | undefined; ip?: string[] | undefined; user?: string[] | undefined; } | undefined; rule?: { author?: string[] | undefined; category?: string | undefined; description?: string | undefined; id?: string | undefined; license?: string | undefined; name?: string | undefined; reference?: string | undefined; ruleset?: string | undefined; uuid?: string | undefined; version?: string | undefined; } | undefined; server?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; service?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; origin?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; state?: string | undefined; target?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; type?: string | undefined; version?: string | undefined; } | undefined; source?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; span?: { id?: string | undefined; } | undefined; tags?: string[] | undefined; threat?: { enrichments?: { matched?: { atomic?: string | undefined; field?: string | undefined; id?: string | undefined; index?: string | undefined; occurred?: string | undefined; type?: string | undefined; } | undefined; }[] | undefined; feed?: { dashboard_id?: string | undefined; description?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; framework?: string | undefined; group?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; indicator?: { as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; confidence?: string | undefined; description?: string | undefined; email?: { address?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; first_seen?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; last_seen?: string | undefined; marking?: { tlp?: string | undefined; tlp_version?: string | undefined; } | undefined; modified_at?: string | undefined; port?: string | number | undefined; provider?: string | undefined; reference?: string | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; scanner_stats?: string | number | undefined; sightings?: string | number | undefined; type?: string | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; software?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; platforms?: string[] | undefined; reference?: string | undefined; type?: string | undefined; } | undefined; tactic?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; technique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; subtechnique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; } | undefined; } | undefined; tls?: { cipher?: string | undefined; client?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; server_name?: string | undefined; subject?: string | undefined; supported_ciphers?: string[] | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; curve?: string | undefined; established?: boolean | undefined; next_protocol?: string | undefined; resumed?: boolean | undefined; server?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3s?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; subject?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; version?: string | undefined; version_protocol?: string | undefined; } | undefined; trace?: { id?: string | undefined; } | undefined; transaction?: { id?: string | undefined; } | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; user?: { changes?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; domain?: string | undefined; effective?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; roles?: string[] | undefined; target?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; user_agent?: { device?: { name?: string | undefined; } | undefined; name?: string | undefined; original?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; version?: string | undefined; } | undefined; vulnerability?: { category?: string[] | undefined; classification?: string | undefined; description?: string | undefined; enumeration?: string | undefined; id?: string | undefined; reference?: string | undefined; report_id?: string | undefined; scanner?: { vendor?: string | undefined; } | undefined; score?: { base?: number | undefined; environmental?: number | undefined; temporal?: number | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; } | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_logs_schema.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.ObservabilityMetricsAlert",
"type": "Type",
"tags": [],
"label": "ObservabilityMetricsAlert",
"description": [],
"signature": [
"{} & { kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & { '@timestamp': string; ecs: { version: string; }; } & { agent?: { build?: { original?: string | undefined; } | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; client?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; cloud?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; origin?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; target?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; } | undefined; container?: { cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; id?: string | undefined; image?: { hash?: { all?: string[] | undefined; } | undefined; name?: string | undefined; tag?: string[] | undefined; } | undefined; memory?: { usage?: string | number | undefined; } | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; } | undefined; } | undefined; runtime?: string | undefined; } | undefined; destination?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; device?: { id?: string | undefined; manufacturer?: string | undefined; model?: { identifier?: string | undefined; name?: string | undefined; } | undefined; } | undefined; dll?: { code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; name?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; } | undefined; dns?: { answers?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; header_flags?: string[] | undefined; id?: string | undefined; op_code?: string | undefined; question?: { class?: string | undefined; name?: string | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; type?: string | undefined; } | undefined; resolved_ip?: string[] | undefined; response_code?: string | undefined; type?: string | undefined; } | undefined; email?: { attachments?: { file?: { extension?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; mime_type?: string | undefined; name?: string | undefined; size?: string | number | undefined; } | undefined; }[] | undefined; bcc?: { address?: string[] | undefined; } | undefined; cc?: { address?: string[] | undefined; } | undefined; content_type?: string | undefined; delivery_timestamp?: string | undefined; direction?: string | undefined; from?: { address?: string[] | undefined; } | undefined; local_id?: string | undefined; message_id?: string | undefined; origination_timestamp?: string | undefined; reply_to?: { address?: string[] | undefined; } | undefined; sender?: { address?: string | undefined; } | undefined; subject?: string | undefined; to?: { address?: string[] | undefined; } | undefined; x_mailer?: string | undefined; } | undefined; error?: { code?: string | undefined; id?: string | undefined; message?: string | undefined; stack_trace?: string | undefined; type?: string | undefined; } | undefined; event?: { action?: string | undefined; agent_id_status?: string | undefined; category?: string[] | undefined; code?: string | undefined; created?: string | undefined; dataset?: string | undefined; duration?: string | number | undefined; end?: string | undefined; hash?: string | undefined; id?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; outcome?: string | undefined; provider?: string | undefined; reason?: string | undefined; reference?: string | undefined; risk_score?: number | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; severity?: string | number | undefined; start?: string | undefined; timezone?: string | undefined; type?: string[] | undefined; url?: string | undefined; } | undefined; faas?: { coldstart?: boolean | undefined; execution?: string | undefined; id?: string | undefined; name?: string | undefined; version?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; host?: { architecture?: string | undefined; boot?: { id?: string | undefined; } | undefined; cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; id?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; } | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; pid_ns_ino?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; type?: string | undefined; uptime?: string | number | undefined; } | undefined; http?: { request?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; id?: string | undefined; method?: string | undefined; mime_type?: string | undefined; referrer?: string | undefined; } | undefined; response?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; mime_type?: string | undefined; status_code?: string | number | undefined; } | undefined; version?: string | undefined; } | undefined; log?: { file?: { path?: string | undefined; } | undefined; level?: string | undefined; logger?: string | undefined; origin?: { file?: { line?: string | number | undefined; name?: string | undefined; } | undefined; function?: string | undefined; } | undefined; } | undefined; message?: string | undefined; network?: { application?: string | undefined; bytes?: string | number | undefined; community_id?: string | undefined; direction?: string | undefined; forwarded_ip?: string | undefined; iana_number?: string | undefined; name?: string | undefined; packets?: string | number | undefined; protocol?: string | undefined; transport?: string | undefined; type?: string | undefined; vlan?: { id?: string | undefined; name?: string | undefined; } | undefined; } | undefined; observer?: { geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; product?: string | undefined; serial_number?: string | undefined; type?: string | undefined; vendor?: string | undefined; version?: string | undefined; } | undefined; orchestrator?: { api_version?: string | undefined; cluster?: { id?: string | undefined; name?: string | undefined; url?: string | undefined; version?: string | undefined; } | undefined; namespace?: string | undefined; organization?: string | undefined; resource?: { id?: string | undefined; ip?: string[] | undefined; name?: string | undefined; parent?: { type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; organization?: { id?: string | undefined; name?: string | undefined; } | undefined; package?: { architecture?: string | undefined; build_version?: string | undefined; checksum?: string | undefined; description?: string | undefined; install_scope?: string | undefined; installed?: string | undefined; license?: string | undefined; name?: string | undefined; path?: string | undefined; reference?: string | undefined; size?: string | number | undefined; type?: string | undefined; version?: string | undefined; } | undefined; process?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; entry_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; attested_groups?: { name?: string | undefined; } | undefined; attested_user?: { id?: string | undefined; name?: string | undefined; } | undefined; command_line?: string | undefined; entity_id?: string | undefined; entry_meta?: { source?: { ip?: string | undefined; } | undefined; type?: string | undefined; } | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; env_vars?: string[] | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; group_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; previous?: { args?: string[] | undefined; args_count?: string | number | undefined; executable?: string | undefined; } | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; session_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; related?: { hash?: string[] | undefined; hosts?: string[] | undefined; ip?: string[] | undefined; user?: string[] | undefined; } | undefined; rule?: { author?: string[] | undefined; category?: string | undefined; description?: string | undefined; id?: string | undefined; license?: string | undefined; name?: string | undefined; reference?: string | undefined; ruleset?: string | undefined; uuid?: string | undefined; version?: string | undefined; } | undefined; server?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; service?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; origin?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; state?: string | undefined; target?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; type?: string | undefined; version?: string | undefined; } | undefined; source?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; span?: { id?: string | undefined; } | undefined; tags?: string[] | undefined; threat?: { enrichments?: { matched?: { atomic?: string | undefined; field?: string | undefined; id?: string | undefined; index?: string | undefined; occurred?: string | undefined; type?: string | undefined; } | undefined; }[] | undefined; feed?: { dashboard_id?: string | undefined; description?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; framework?: string | undefined; group?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; indicator?: { as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; confidence?: string | undefined; description?: string | undefined; email?: { address?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; first_seen?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; last_seen?: string | undefined; marking?: { tlp?: string | undefined; tlp_version?: string | undefined; } | undefined; modified_at?: string | undefined; port?: string | number | undefined; provider?: string | undefined; reference?: string | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; scanner_stats?: string | number | undefined; sightings?: string | number | undefined; type?: string | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; software?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; platforms?: string[] | undefined; reference?: string | undefined; type?: string | undefined; } | undefined; tactic?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; technique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; subtechnique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; } | undefined; } | undefined; tls?: { cipher?: string | undefined; client?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; server_name?: string | undefined; subject?: string | undefined; supported_ciphers?: string[] | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; curve?: string | undefined; established?: boolean | undefined; next_protocol?: string | undefined; resumed?: boolean | undefined; server?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3s?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; subject?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; version?: string | undefined; version_protocol?: string | undefined; } | undefined; trace?: { id?: string | undefined; } | undefined; transaction?: { id?: string | undefined; } | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; user?: { changes?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; domain?: string | undefined; effective?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; roles?: string[] | undefined; target?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; user_agent?: { device?: { name?: string | undefined; } | undefined; name?: string | undefined; original?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; version?: string | undefined; } | undefined; vulnerability?: { category?: string[] | undefined; classification?: string | undefined; description?: string | undefined; enumeration?: string | undefined; id?: string | undefined; reference?: string | undefined; report_id?: string | undefined; scanner?: { vendor?: string | undefined; } | undefined; score?: { base?: number | undefined; environmental?: number | undefined; temporal?: number | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; } | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_metrics_schema.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.ObservabilitySloAlert",
"type": "Type",
"tags": [],
"label": "ObservabilitySloAlert",
"description": [],
"signature": [
"{} & { kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; slo?: { id?: string | undefined; instanceId?: string | undefined; revision?: string | number | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_slo_schema.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.ObservabilityUptimeAlert",
"type": "Type",
"tags": [],
"label": "ObservabilityUptimeAlert",
"description": [],
"signature": [
"{} & { agent?: { name?: string | undefined; } | undefined; anomaly?: { bucket_span?: { minutes?: string | undefined; } | undefined; start?: string | undefined; } | undefined; error?: { message?: string | undefined; } | undefined; kibana?: { alert?: { evaluation?: { threshold?: string | number | undefined; value?: string | number | undefined; values?: (string | number)[] | undefined; } | undefined; } | undefined; } | undefined; monitor?: { id?: string | undefined; name?: string | undefined; type?: string | undefined; } | undefined; observer?: { geo?: { name?: string | undefined; } | undefined; } | undefined; tls?: { server?: { hash?: { sha256?: string | undefined; } | undefined; x509?: { issuer?: { common_name?: string | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; subject?: { common_name?: string | undefined; } | undefined; } | undefined; } | undefined; } | undefined; url?: { full?: string | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_uptime_schema.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.SecurityAlert",
"type": "Type",
"tags": [],
"label": "SecurityAlert",
"description": [],
"signature": [
"{ '@timestamp': string; kibana: { alert: { ancestors: { depth: string | number; id: string; index: string; type: string; }[]; depth: string | number; instance: { id: string; }; original_event: { action: string; category: string[]; created: string; dataset: string; id: string; ingested: string; kind: string; module: string; original: string; outcome: string; provider: string; sequence: string | number; type: string[]; }; original_time: string; rule: { category: string; consumer: string; false_positives: string[]; max_signals: (string | number)[]; name: string; producer: string; revision: string | number; rule_type_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique: { id: string; name: string; reference: string; subtechnique: { id: string; name: string; reference: string; }; }; }; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { ecs?: { version?: string | undefined; } | undefined; event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; ancestors?: { rule?: string | undefined; } | undefined; building_block_type?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; group?: { id?: string | undefined; index?: number | undefined; } | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; new_terms?: string[] | undefined; original_event?: { agent_id_status?: string | undefined; code?: string | undefined; duration?: string | undefined; end?: string | undefined; hash?: string | undefined; reason?: string | undefined; reference?: string | undefined; risk_score?: number | undefined; risk_score_norm?: number | undefined; severity?: string | number | undefined; start?: string | undefined; timezone?: string | undefined; url?: string | undefined; } | undefined; reason?: string | undefined; risk_score?: number | undefined; rule?: { author?: string | undefined; building_block_type?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; execution?: { uuid?: string | undefined; } | undefined; from?: string | undefined; immutable?: string[] | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; parameters?: unknown; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; tags?: string[] | undefined; timeline_id?: string[] | undefined; timeline_title?: string[] | undefined; timestamp_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; start?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; threshold_result?: { count?: string | number | undefined; from?: string | undefined; terms?: { field?: string | undefined; value?: string | undefined; }[] | undefined; } | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_reason?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; workflow_user?: string | undefined; } | undefined; version?: string | undefined; } | undefined; signal?: { ancestors?: { depth?: unknown; id?: unknown; index?: unknown; type?: unknown; } | undefined; depth?: unknown; group?: { id?: unknown; index?: unknown; } | undefined; original_event?: { action?: unknown; category?: unknown; code?: unknown; created?: unknown; dataset?: unknown; duration?: unknown; end?: unknown; hash?: unknown; id?: unknown; kind?: unknown; module?: unknown; outcome?: unknown; provider?: unknown; reason?: unknown; risk_score?: unknown; risk_score_norm?: unknown; sequence?: unknown; severity?: unknown; start?: unknown; timezone?: unknown; type?: unknown; } | undefined; original_time?: unknown; reason?: unknown; rule?: { author?: unknown; building_block_type?: unknown; created_at?: unknown; created_by?: unknown; description?: unknown; enabled?: unknown; false_positives?: unknown; from?: unknown; id?: unknown; immutable?: unknown; interval?: unknown; license?: unknown; max_signals?: unknown; name?: unknown; note?: unknown; references?: unknown; risk_score?: unknown; rule_id?: unknown; rule_name_override?: unknown; severity?: unknown; tags?: unknown; threat?: { framework?: unknown; tactic?: { id?: unknown; name?: unknown; reference?: unknown; } | undefined; technique?: { id?: unknown; name?: unknown; reference?: unknown; subtechnique?: { id?: unknown; name?: unknown; reference?: unknown; } | undefined; } | undefined; } | undefined; timeline_id?: unknown; timeline_title?: unknown; timestamp_override?: unknown; to?: unknown; type?: unknown; updated_at?: unknown; updated_by?: unknown; version?: unknown; } | undefined; status?: unknown; threshold_result?: { cardinality?: { field?: unknown; value?: unknown; } | undefined; count?: unknown; from?: unknown; terms?: { field?: unknown; value?: unknown; } | undefined; } | undefined; } | undefined; tags?: string[] | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; } & { '@timestamp': string; ecs: { version: string; }; } & { agent?: { build?: { original?: string | undefined; } | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; client?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; cloud?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; origin?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; target?: { account?: { id?: string | undefined; name?: string | undefined; } | undefined; availability_zone?: string | undefined; instance?: { id?: string | undefined; name?: string | undefined; } | undefined; machine?: { type?: string | undefined; } | undefined; project?: { id?: string | undefined; name?: string | undefined; } | undefined; provider?: string | undefined; region?: string | undefined; service?: { name?: string | undefined; } | undefined; } | undefined; } | undefined; container?: { cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; id?: string | undefined; image?: { hash?: { all?: string[] | undefined; } | undefined; name?: string | undefined; tag?: string[] | undefined; } | undefined; memory?: { usage?: string | number | undefined; } | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; } | undefined; } | undefined; runtime?: string | undefined; } | undefined; destination?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; device?: { id?: string | undefined; manufacturer?: string | undefined; model?: { identifier?: string | undefined; name?: string | undefined; } | undefined; } | undefined; dll?: { code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; name?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; } | undefined; dns?: { answers?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; header_flags?: string[] | undefined; id?: string | undefined; op_code?: string | undefined; question?: { class?: string | undefined; name?: string | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; type?: string | undefined; } | undefined; resolved_ip?: string[] | undefined; response_code?: string | undefined; type?: string | undefined; } | undefined; email?: { attachments?: { file?: { extension?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; mime_type?: string | undefined; name?: string | undefined; size?: string | number | undefined; } | undefined; }[] | undefined; bcc?: { address?: string[] | undefined; } | undefined; cc?: { address?: string[] | undefined; } | undefined; content_type?: string | undefined; delivery_timestamp?: string | undefined; direction?: string | undefined; from?: { address?: string[] | undefined; } | undefined; local_id?: string | undefined; message_id?: string | undefined; origination_timestamp?: string | undefined; reply_to?: { address?: string[] | undefined; } | undefined; sender?: { address?: string | undefined; } | undefined; subject?: string | undefined; to?: { address?: string[] | undefined; } | undefined; x_mailer?: string | undefined; } | undefined; error?: { code?: string | undefined; id?: string | undefined; message?: string | undefined; stack_trace?: string | undefined; type?: string | undefined; } | undefined; event?: { action?: string | undefined; agent_id_status?: string | undefined; category?: string[] | undefined; code?: string | undefined; created?: string | undefined; dataset?: string | undefined; duration?: string | number | undefined; end?: string | undefined; hash?: string | undefined; id?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; outcome?: string | undefined; provider?: string | undefined; reason?: string | undefined; reference?: string | undefined; risk_score?: number | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; severity?: string | number | undefined; start?: string | undefined; timezone?: string | undefined; type?: string[] | undefined; url?: string | undefined; } | undefined; faas?: { coldstart?: boolean | undefined; execution?: string | undefined; id?: string | undefined; name?: string | undefined; version?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; host?: { architecture?: string | undefined; boot?: { id?: string | undefined; } | undefined; cpu?: { usage?: string | number | undefined; } | undefined; disk?: { read?: { bytes?: string | number | undefined; } | undefined; write?: { bytes?: string | number | undefined; } | undefined; } | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; id?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; network?: { egress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; ingress?: { bytes?: string | number | undefined; packets?: string | number | undefined; } | undefined; } | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; pid_ns_ino?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; type?: string | undefined; uptime?: string | number | undefined; } | undefined; http?: { request?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; id?: string | undefined; method?: string | undefined; mime_type?: string | undefined; referrer?: string | undefined; } | undefined; response?: { body?: { bytes?: string | number | undefined; content?: string | undefined; } | undefined; bytes?: string | number | undefined; mime_type?: string | undefined; status_code?: string | number | undefined; } | undefined; version?: string | undefined; } | undefined; log?: { file?: { path?: string | undefined; } | undefined; level?: string | undefined; logger?: string | undefined; origin?: { file?: { line?: string | number | undefined; name?: string | undefined; } | undefined; function?: string | undefined; } | undefined; } | undefined; message?: string | undefined; network?: { application?: string | undefined; bytes?: string | number | undefined; community_id?: string | undefined; direction?: string | undefined; forwarded_ip?: string | undefined; iana_number?: string | undefined; name?: string | undefined; packets?: string | number | undefined; protocol?: string | undefined; transport?: string | undefined; type?: string | undefined; vlan?: { id?: string | undefined; name?: string | undefined; } | undefined; } | undefined; observer?: { geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; hostname?: string | undefined; ip?: string[] | undefined; mac?: string[] | undefined; name?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; product?: string | undefined; serial_number?: string | undefined; type?: string | undefined; vendor?: string | undefined; version?: string | undefined; } | undefined; orchestrator?: { api_version?: string | undefined; cluster?: { id?: string | undefined; name?: string | undefined; url?: string | undefined; version?: string | undefined; } | undefined; namespace?: string | undefined; organization?: string | undefined; resource?: { id?: string | undefined; ip?: string[] | undefined; name?: string | undefined; parent?: { type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; type?: string | undefined; } | undefined; organization?: { id?: string | undefined; name?: string | undefined; } | undefined; package?: { architecture?: string | undefined; build_version?: string | undefined; checksum?: string | undefined; description?: string | undefined; install_scope?: string | undefined; installed?: string | undefined; license?: string | undefined; name?: string | undefined; path?: string | undefined; reference?: string | undefined; size?: string | number | undefined; type?: string | undefined; version?: string | undefined; } | undefined; process?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; entry_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; attested_groups?: { name?: string | undefined; } | undefined; attested_user?: { id?: string | undefined; name?: string | undefined; } | undefined; command_line?: string | undefined; entity_id?: string | undefined; entry_meta?: { source?: { ip?: string | undefined; } | undefined; type?: string | undefined; } | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; env_vars?: string[] | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { args?: string[] | undefined; args_count?: string | number | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; command_line?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; end?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; exit_code?: string | number | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; group_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; pgid?: string | number | undefined; pid?: string | number | undefined; previous?: { args?: string[] | undefined; args_count?: string | number | undefined; executable?: string | undefined; } | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; session_leader?: { args?: string[] | undefined; args_count?: string | number | undefined; command_line?: string | undefined; entity_id?: string | undefined; executable?: string | undefined; group?: { id?: string | undefined; name?: string | undefined; } | undefined; interactive?: boolean | undefined; name?: string | undefined; parent?: { entity_id?: string | undefined; pid?: string | number | undefined; session_leader?: { entity_id?: string | undefined; pid?: string | number | undefined; start?: string | undefined; } | undefined; start?: string | undefined; } | undefined; pid?: string | number | undefined; real_group?: { id?: string | undefined; name?: string | undefined; } | undefined; real_user?: { id?: string | undefined; name?: string | undefined; } | undefined; same_as_process?: boolean | undefined; saved_group?: { id?: string | undefined; name?: string | undefined; } | undefined; saved_user?: { id?: string | undefined; name?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; start?: string | undefined; supplemental_groups?: { id?: string | undefined; name?: string | undefined; } | undefined; thread?: { id?: string | number | undefined; name?: string | undefined; } | undefined; title?: string | undefined; uptime?: string | number | undefined; user?: { id?: string | undefined; name?: string | undefined; } | undefined; working_directory?: string | undefined; } | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; related?: { hash?: string[] | undefined; hosts?: string[] | undefined; ip?: string[] | undefined; user?: string[] | undefined; } | undefined; rule?: { author?: string[] | undefined; category?: string | undefined; description?: string | undefined; id?: string | undefined; license?: string | undefined; name?: string | undefined; reference?: string | undefined; ruleset?: string | undefined; uuid?: string | undefined; version?: string | undefined; } | undefined; server?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; service?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; origin?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; state?: string | undefined; target?: { address?: string | undefined; environment?: string | undefined; ephemeral_id?: string | undefined; id?: string | undefined; name?: string | undefined; node?: { name?: string | undefined; role?: string | undefined; roles?: string[] | undefined; } | undefined; state?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; type?: string | undefined; version?: string | undefined; } | undefined; source?: { address?: string | undefined; as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; bytes?: string | number | undefined; domain?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; mac?: string | undefined; nat?: { ip?: string | undefined; port?: string | number | undefined; } | undefined; packets?: string | number | undefined; port?: string | number | undefined; registered_domain?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; user?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; span?: { id?: string | undefined; } | undefined; tags?: string[] | undefined; threat?: { enrichments?: { matched?: { atomic?: string | undefined; field?: string | undefined; id?: string | undefined; index?: string | undefined; occurred?: string | undefined; type?: string | undefined; } | undefined; }[] | undefined; feed?: { dashboard_id?: string | undefined; description?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; framework?: string | undefined; group?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; reference?: string | undefined; } | undefined; indicator?: { as?: { number?: string | number | undefined; organization?: { name?: string | undefined; } | undefined; } | undefined; confidence?: string | undefined; description?: string | undefined; email?: { address?: string | undefined; } | undefined; file?: { accessed?: string | undefined; attributes?: string[] | undefined; code_signature?: { digest_algorithm?: string | undefined; exists?: boolean | undefined; signing_id?: string | undefined; status?: string | undefined; subject_name?: string | undefined; team_id?: string | undefined; timestamp?: string | undefined; trusted?: boolean | undefined; valid?: boolean | undefined; } | undefined; created?: string | undefined; ctime?: string | undefined; device?: string | undefined; directory?: string | undefined; drive_letter?: string | undefined; elf?: { architecture?: string | undefined; byte_order?: string | undefined; cpu_type?: string | undefined; creation_date?: string | undefined; exports?: unknown[] | undefined; header?: { abi_version?: string | undefined; class?: string | undefined; data?: string | undefined; entrypoint?: string | number | undefined; object_version?: string | undefined; os_abi?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; imports?: unknown[] | undefined; sections?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; segments?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; shared_libraries?: string[] | undefined; telfhash?: string | undefined; } | undefined; extension?: string | undefined; fork_name?: string | undefined; gid?: string | undefined; group?: string | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; sha384?: string | undefined; sha512?: string | undefined; ssdeep?: string | undefined; tlsh?: string | undefined; } | undefined; inode?: string | undefined; mime_type?: string | undefined; mode?: string | undefined; mtime?: string | undefined; name?: string | undefined; owner?: string | undefined; path?: string | undefined; pe?: { architecture?: string | undefined; company?: string | undefined; description?: string | undefined; file_version?: string | undefined; imphash?: string | undefined; original_file_name?: string | undefined; pehash?: string | undefined; product?: string | undefined; } | undefined; size?: string | number | undefined; target_path?: string | undefined; type?: string | undefined; uid?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; first_seen?: string | undefined; geo?: { city_name?: string | undefined; continent_code?: string | undefined; continent_name?: string | undefined; country_iso_code?: string | undefined; country_name?: string | undefined; location?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; name?: string | undefined; postal_code?: string | undefined; region_iso_code?: string | undefined; region_name?: string | undefined; timezone?: string | undefined; } | undefined; ip?: string | undefined; last_seen?: string | undefined; marking?: { tlp?: string | undefined; tlp_version?: string | undefined; } | undefined; modified_at?: string | undefined; port?: string | number | undefined; provider?: string | undefined; reference?: string | undefined; registry?: { data?: { bytes?: string | undefined; strings?: string[] | undefined; type?: string | undefined; } | undefined; hive?: string | undefined; key?: string | undefined; path?: string | undefined; value?: string | undefined; } | undefined; scanner_stats?: string | number | undefined; sightings?: string | number | undefined; type?: string | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; software?: { alias?: string[] | undefined; id?: string | undefined; name?: string | undefined; platforms?: string[] | undefined; reference?: string | undefined; type?: string | undefined; } | undefined; tactic?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; technique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; subtechnique?: { id?: string[] | undefined; name?: string[] | undefined; reference?: string[] | undefined; } | undefined; } | undefined; } | undefined; tls?: { cipher?: string | undefined; client?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; server_name?: string | undefined; subject?: string | undefined; supported_ciphers?: string[] | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; curve?: string | undefined; established?: boolean | undefined; next_protocol?: string | undefined; resumed?: boolean | undefined; server?: { certificate?: string | undefined; certificate_chain?: string[] | undefined; hash?: { md5?: string | undefined; sha1?: string | undefined; sha256?: string | undefined; } | undefined; issuer?: string | undefined; ja3s?: string | undefined; not_after?: string | undefined; not_before?: string | undefined; subject?: string | undefined; x509?: { alternative_names?: string[] | undefined; issuer?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; not_after?: string | undefined; not_before?: string | undefined; public_key_algorithm?: string | undefined; public_key_curve?: string | undefined; public_key_exponent?: string | number | undefined; public_key_size?: string | number | undefined; serial_number?: string | undefined; signature_algorithm?: string | undefined; subject?: { common_name?: string[] | undefined; country?: string[] | undefined; distinguished_name?: string | undefined; locality?: string[] | undefined; organization?: string[] | undefined; organizational_unit?: string[] | undefined; state_or_province?: string[] | undefined; } | undefined; version_number?: string | undefined; } | undefined; } | undefined; version?: string | undefined; version_protocol?: string | undefined; } | undefined; trace?: { id?: string | undefined; } | undefined; transaction?: { id?: string | undefined; } | undefined; url?: { domain?: string | undefined; extension?: string | undefined; fragment?: string | undefined; full?: string | undefined; original?: string | undefined; password?: string | undefined; path?: string | undefined; port?: string | number | undefined; query?: string | undefined; registered_domain?: string | undefined; scheme?: string | undefined; subdomain?: string | undefined; top_level_domain?: string | undefined; username?: string | undefined; } | undefined; user?: { changes?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; domain?: string | undefined; effective?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; risk?: { calculated_level?: string | undefined; calculated_score?: number | undefined; calculated_score_norm?: number | undefined; static_level?: string | undefined; static_score?: number | undefined; static_score_norm?: number | undefined; } | undefined; roles?: string[] | undefined; target?: { domain?: string | undefined; email?: string | undefined; full_name?: string | undefined; group?: { domain?: string | undefined; id?: string | undefined; name?: string | undefined; } | undefined; hash?: string | undefined; id?: string | undefined; name?: string | undefined; roles?: string[] | undefined; } | undefined; } | undefined; user_agent?: { device?: { name?: string | undefined; } | undefined; name?: string | undefined; original?: string | undefined; os?: { family?: string | undefined; full?: string | undefined; kernel?: string | undefined; name?: string | undefined; platform?: string | undefined; type?: string | undefined; version?: string | undefined; } | undefined; version?: string | undefined; } | undefined; vulnerability?: { category?: string[] | undefined; classification?: string | undefined; description?: string | undefined; enumeration?: string | undefined; id?: string | undefined; reference?: string | undefined; report_id?: string | undefined; scanner?: { vendor?: string | undefined; } | undefined; score?: { base?: number | undefined; environmental?: number | undefined; temporal?: number | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; } | undefined; } & {} & { ecs?: { version?: string | undefined; } | undefined; kibana?: { alert?: { risk_score?: number | undefined; rule?: { author?: string | undefined; created_at?: string | undefined; created_by?: string | undefined; description?: string | undefined; enabled?: string | undefined; from?: string | undefined; interval?: string | undefined; license?: string | undefined; note?: string | undefined; references?: string[] | undefined; rule_id?: string | undefined; rule_name_override?: string | undefined; to?: string | undefined; type?: string | undefined; updated_at?: string | undefined; updated_by?: string | undefined; version?: string | undefined; } | undefined; severity?: string | undefined; suppression?: { docs_count?: string | number | undefined; end?: string | undefined; start?: string | undefined; terms?: { field?: string[] | undefined; value?: string[] | undefined; } | undefined; } | undefined; system_status?: string | undefined; workflow_reason?: string | undefined; workflow_user?: string | undefined; } | undefined; } | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.StackAlert",
"type": "Type",
"tags": [],
"label": "StackAlert",
"description": [],
"signature": [
"{} & { kibana?: { alert?: { evaluation?: { conditions?: string | undefined; value?: string | undefined; } | undefined; title?: string | undefined; } | undefined; } | undefined; } & { '@timestamp': string; kibana: { alert: { instance: { id: string; }; rule: { category: string; consumer: string; name: string; producer: string; revision: string | number; rule_type_id: string; uuid: string; }; status: string; uuid: string; }; space_ids: string[]; }; } & { event?: { action?: string | undefined; kind?: string | undefined; } | undefined; kibana?: { alert?: { action_group?: string | undefined; case_ids?: string[] | undefined; duration?: { us?: string | number | undefined; } | undefined; end?: string | undefined; flapping?: boolean | undefined; flapping_history?: boolean[] | undefined; last_detected?: string | undefined; maintenance_window_ids?: string[] | undefined; reason?: string | undefined; rule?: { execution?: { uuid?: string | undefined; } | undefined; parameters?: unknown; tags?: string[] | undefined; } | undefined; start?: string | undefined; time_range?: { gte?: string | undefined; lte?: string | undefined; } | undefined; url?: string | undefined; workflow_status?: string | undefined; workflow_tags?: string[] | undefined; } | undefined; version?: string | undefined; } | undefined; tags?: string[] | undefined; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/stack_schema.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
}
],
"objects": [
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.alertFieldMap",
"type": "Object",
"tags": [],
"label": "alertFieldMap",
"description": [],
"signature": [
"{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.ecsFieldMap",
"type": "Object",
"tags": [],
"label": "ecsFieldMap",
"description": [],
"signature": [
{
"pluginId": "@kbn/alerts-as-data-utils",
"scope": "common",
"docId": "kibKbnAlertsAsDataUtilsPluginApi",
"section": "def-common.FieldMap",
"text": "FieldMap"
}
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/ecs_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.legacyAlertFieldMap",
"type": "Object",
"tags": [],
"label": "legacyAlertFieldMap",
"description": [],
"signature": [
"{ readonly \"kibana.alert.risk_score\": { readonly type: \"float\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.author\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.created_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.description\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.enabled\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.from\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.interval\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.license\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.note\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.references\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.rule_name_override\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.to\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.type\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_at\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.updated_by\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.severity\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.docs_count\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.field\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.suppression.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.suppression.terms.value\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.system_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_user\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"ecs.version\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/legacy_alert_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
},
{
"parentPluginId": "@kbn/alerts-as-data-utils",
"id": "def-common.legacyExperimentalFieldMap",
"type": "Object",
"tags": [],
"label": "legacyExperimentalFieldMap",
"description": [],
"signature": [
"{ readonly \"kibana.alert.evaluation.threshold\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.evaluation.value\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; }; readonly \"kibana.alert.context\": { readonly type: \"object\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.evaluation.values\": { readonly type: \"scaled_float\"; readonly scaling_factor: 100; readonly required: false; readonly array: true; }; }"
],
"path": "packages/kbn-alerts-as-data-utils/src/field_maps/legacy_experimental_field_map.ts",
"deprecated": false,
"trackAdoption": false,
"initialIsOpen": false
}
]
}
}
Reference in a new issue View git blame Copy permalink