forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
os.yml
56 lines (50 loc) · 1.3 KB
/
os.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
- name: os
title: Operating System
group: 2
short: OS fields contain information about the operating system.
description: >
The OS fields contain information about the operating system.
reusable:
top_level: false
expected:
- observer
- host
- user_agent
type: group
fields:
- name: platform
level: extended
type: keyword
description: >
Operating system platform (such centos, ubuntu, windows).
example: darwin
- name: name
level: extended
type: keyword
example: "Mac OS X"
description: >
Operating system name, without the version.
- name: full
level: extended
type: keyword
example: "Mac OS Mojave"
description: >
Operating system name, including the version or code name.
- name: family
level: extended
type: keyword
example: "debian"
description: >
OS family (such as redhat, debian, freebsd, windows).
- name: version
level: extended
type: keyword
example: "10.14.1"
description: >
Operating system version as a raw string.
- name: kernel
level: extended
type: keyword
example: "4.4.0-112-generic"
description: >
Operating system kernel version as a raw string.