diff --git a/x-pack/test/functional/es_archives/endpoint/resolver/api_feature/data.json.gz b/x-pack/test/functional/es_archives/endpoint/resolver/api_feature/data.json.gz index a266bca31779e..92e4af68bf22e 100644 Binary files a/x-pack/test/functional/es_archives/endpoint/resolver/api_feature/data.json.gz and b/x-pack/test/functional/es_archives/endpoint/resolver/api_feature/data.json.gz differ diff --git a/x-pack/test/functional/es_archives/endpoint/resolver/api_feature/mappings.json b/x-pack/test/functional/es_archives/endpoint/resolver/api_feature/mappings.json index a9667d2178175..e1c41ed7111ba 100644 --- a/x-pack/test/functional/es_archives/endpoint/resolver/api_feature/mappings.json +++ b/x-pack/test/functional/es_archives/endpoint/resolver/api_feature/mappings.json @@ -551,598 +551,10 @@ }, "endgame": { "properties": { - "activity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "authentication_id": { - "type": "long" - }, - "bytes_written": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes_written_count": { - "type": "long" - }, - "bytes_written_string": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes_written_string_list": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes_written_u32": { - "type": "long" - }, - "bytes_written_u64": { - "type": "long" - }, - "channel_name": { - "ignore_above": 1024, - "type": "keyword" - }, "command_line": { "ignore_above": 1024, "type": "keyword" }, - "computer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "connection_id": { - "type": "long" - }, - "create_disposition": { - "type": "long" - }, - "create_options": { - "type": "long" - }, - "data": { - "properties": { - "alert_details": { - "properties": { - "acting_process": { - "properties": { - "authenticode": { - "properties": { - "cert_signer": { - "properties": { - "issuer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cert_timestamp": { - "properties": { - "issuer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp_string": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "more_info_link": { - "ignore_above": 1024, - "type": "keyword" - }, - "program_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "publisher_link": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cmdline": { - "ignore_above": 1024, - "type": "keyword" - }, - "create_time": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "exe": { - "ignore_above": 1024, - "type": "keyword" - }, - "hashes": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_sensor": { - "type": "boolean" - }, - "malware_classification": { - "properties": { - "identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "score": { - "type": "float" - }, - "threshold": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "modules": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "authenticode": { - "properties": { - "cert_signer": { - "properties": { - "issuer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "cert_timestamp": { - "properties": { - "issuer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp_string": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "more_info_link": { - "ignore_above": 1024, - "type": "keyword" - }, - "program_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "publisher_link": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "compile_time": { - "type": "long" - }, - "hashes": { - "properties": { - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "malware_classification": { - "properties": { - "identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "score": { - "type": "long" - }, - "threshold": { - "type": "long" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "mapped_address": { - "type": "long" - }, - "mapped_size": { - "type": "long" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_signer": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_exe": { - "ignore_above": 1024, - "type": "keyword" - }, - "parent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "primary_token": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "integrity_level": { - "type": "long" - }, - "integrity_level_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_appcontainer": { - "type": "boolean" - }, - "privileges": { - "properties": { - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "enabled": { - "type": "boolean" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sid": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sid": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_signer": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "threads": { - "properties": { - "create_time": { - "type": "long" - }, - "entrypoint": { - "type": "long" - }, - "thread_id": { - "type": "long" - }, - "up_time": { - "type": "long" - } - } - }, - "unique_pid": { - "type": "long" - }, - "unique_ppid": { - "type": "long" - }, - "up_time": { - "type": "long" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "acting_thread": { - "properties": { - "call_stack": { - "properties": { - "instruction_pointer": { - "type": "long" - }, - "memory_section": { - "properties": { - "memory_address": { - "type": "long" - }, - "memory_size": { - "type": "long" - }, - "protection": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "module_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "symbol_info": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "create_time": { - "type": "long" - }, - "thread_id": { - "type": "long" - }, - "thread_start_address": { - "type": "long" - }, - "thread_start_address_module": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "captured_file": { - "type": "boolean" - }, - "file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_operation": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_size": { - "type": "long" - }, - "hashes": { - "properties": { - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "is_signature_trusted": { - "type": "boolean" - }, - "malware_classification": { - "properties": { - "compressed_malware_features": { - "properties": { - "data_buffer": { - "ignore_above": 1024, - "type": "keyword" - }, - "decompressed_size": { - "type": "long" - }, - "encoding": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "prevention_threshold": { - "type": "float" - }, - "score": { - "type": "float" - }, - "threshold": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "rule_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "rule_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_signer": { - "ignore_above": 1024, - "type": "keyword" - }, - "temp_file_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "properties": { - "accessed": { - "type": "long" - }, - "created": { - "type": "long" - }, - "modified": { - "type": "long" - } - } - }, - "triggering_fact_array": { - "properties": { - "data_buffer": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_timestamp": { - "type": "long" - }, - "event_type": { - "type": "long" - }, - "serial_event_id": { - "type": "long" - } - } - }, - "triggering_fact_ids_array": { - "type": "long" - }, - "user_blacklisted": { - "type": "boolean" - } - } - }, - "desired_access": { - "type": "long" - }, "destination_address": { "ignore_above": 1024, "type": "keyword" @@ -1150,9 +562,6 @@ "destination_port": { "type": "long" }, - "destination_port32": { - "type": "long" - }, "effective_gid": { "type": "long" }, @@ -1167,37 +576,10 @@ "ignore_above": 1024, "type": "keyword" }, - "elevated": { - "type": "boolean" - }, - "elevation_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_data_process_id": { - "type": "long" - }, - "event_data_process_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_data_process_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_id": { - "type": "long" - }, "event_message": { "ignore_above": 1024, "type": "keyword" }, - "event_record_high": { - "type": "long" - }, - "event_record_low": { - "type": "long" - }, "event_subtype_full": { "ignore_above": 1024, "type": "keyword" @@ -1212,9 +594,6 @@ "exit_code_full": { "type": "long" }, - "file_attributes": { - "type": "long" - }, "file_name": { "ignore_above": 1024, "type": "keyword" @@ -1223,138 +602,10 @@ "ignore_above": 1024, "type": "keyword" }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "image_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "image_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "imp_hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "integrity_level": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip_address": { - "ignore_above": 1024, - "type": "keyword" - }, - "is_driver": { - "type": "boolean" - }, - "key_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "key_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "keyword": { - "type": "long" - }, - "keyword_high": { - "type": "long" - }, - "keyword_low": { - "type": "long" - }, - "level": { - "type": "long" - }, - "level_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "logon_type": { - "type": "long" - }, "md5": { "ignore_above": 1024, "type": "keyword" }, - "metadata": { - "properties": { - "chunk_id": { - "type": "long" - }, - "collection_time": { - "type": "long" - }, - "correlation_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "destination_plugin": { - "ignore_above": 1024, - "type": "keyword" - }, - "final": { - "type": "boolean" - }, - "is_alert": { - "type": "boolean" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "message_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "origination_task_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "priority": { - "type": "long" - }, - "result": { - "properties": { - "local_code": { - "type": "long" - }, - "local_msg": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "semantic_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "sensor_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "task_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "old_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, "old_file_path": { "ignore_above": 1024, "type": "keyword" @@ -1362,14 +613,6 @@ "opcode": { "type": "long" }, - "opcode_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, "parent_process_name": { "ignore_above": 1024, "type": "keyword" @@ -1384,10 +627,6 @@ "ppid": { "type": "long" }, - "privilege_list": { - "ignore_above": 1024, - "type": "keyword" - }, "process_name": { "ignore_above": 1024, "type": "keyword" @@ -1396,39 +635,10 @@ "ignore_above": 1024, "type": "keyword" }, - "product_version": { - "ignore_above": 1024, - "type": "keyword" - }, "protocol": { "ignore_above": 1024, "type": "keyword" }, - "provider_guid": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "query_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "query_options": { - "type": "long" - }, - "query_results": { - "ignore_above": 1024, - "type": "keyword" - }, - "query_status": { - "type": "long" - }, - "query_type": { - "type": "long" - }, "real_gid": { "type": "long" }, @@ -1457,17 +667,6 @@ "ignore_above": 1024, "type": "keyword" }, - "share_mode": { - "type": "long" - }, - "signature_signer": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_status": { - "ignore_above": 1024, - "type": "keyword" - }, "source_address": { "ignore_above": 1024, "type": "keyword" @@ -1475,126 +674,23 @@ "source_port": { "type": "long" }, - "subject_domain_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_logon_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_user_sid": { - "ignore_above": 1024, - "type": "keyword" - }, - "system_pid": { - "type": "long" - }, - "system_process_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "system_process_path": { - "ignore_above": 1024, - "type": "keyword" - }, - "system_thread_id": { - "type": "long" - }, - "target_domain_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_logon_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "target_user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "task": { - "type": "long" - }, - "task_name": { - "ignore_above": 1024, - "type": "keyword" - }, "tid": { "type": "long" }, "timestamp": { "type": "long" }, - "timestamp_high": { - "type": "long" - }, - "timestamp_low": { - "type": "long" - }, - "timestamp_string": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp_utc": { - "ignore_above": 1024, - "type": "keyword" - }, "total_in_bytes": { "type": "long" }, "total_out_bytes": { "type": "long" }, - "true_ppid": { - "type": "long" - }, "unique_pid": { "type": "long" }, "unique_ppid": { "type": "long" - }, - "unique_true_ppid": { - "type": "long" - }, - "unknown_properties": { - "properties": { - "Address": { - "ignore_above": 1024, - "type": "keyword" - }, - "AddressLength": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "user_sid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "type": "long" - }, - "xml_message": { - "ignore_above": 1024, - "type": "keyword" - }, - "zone_id": { - "type": "long" } } }, @@ -3579,34 +2675,8 @@ }, "winlog": { "properties": { - "channel": { - "ignore_above": 1024, - "type": "keyword" - }, - "computer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_id": { - "type": "long" - }, - "message": { - "ignore_above": 1024, - "type": "keyword" - }, "opcode": { "type": "long" - }, - "provider_guid": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "task": { - "type": "long" } } }