Skip to content

0.4.0
Compare
Choose a tag to compare
@BenB196 BenB196 released this 06 Oct 20:34
· 32 commits to master since this release
v0.4.0
5ed1b42
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This release contains MAJOR BREAKING CHANGES

Breaking Changes

  1. Removed support for Elasticsearch Half Output (issue #110)
    • This was determined to not be worth continuing development
  2. Config setting for esStandardized no longer supports, half or full. New supported value is ecs, which enables ECS standardized output
  3. ECS output has completely changed from the Elasticsearch Full Output version, new schema below (issue #109)

Fields:

event.action - keyword
event.category - keyword
event.created - date
event.dataset - keyword
event.id - keyword
event.ingested - date
event.kind - keyword
event.module - keyword
event.outcome - keyword
event.provider - keyword
event.type - keyword
@\timestamp - date
file.created - date
file.directory - keyword
file.extension - keyword
file.mime_type - keyword
file.mtime - date
file.name - keyword
file.owner - keyword
file.path - keyword/text
file.size - long
file.type - keyword
file.hash.md5 - keyword
file.hash.sha256 - keyword
host.id - keyword
host.name - keyword
host.hostname - keyword
host.user.email - keyword
host.user.id - keyword
host.user.name - keyword
host.user.domain - keyword
host.ip - keyword
host.geo.status - keyword
host.geo.message - keyword
host.geo.continent_name - keyword
host.geo.continent_iso_code - keyword
host.geo.country_name - keyword
host.geo.country_iso_code - keyword
host.geo.region_name - keyword
host.geo.region_iso_code - keyword
host.geo.city_name - keyword
host.geo.district - keyword
host.geo.postal_code - keyword
host.geo.lat - float
host.geo.lon - float
host.geo.timezone - keyword
host.geo.currency - keyword
host.geo.isp - keyword
host.geo.org - keyword
host.geo.as - keyword
host.geo.as_name - keyword
host.geo.reverse - keyword
host.geo.mobile - bool
host.geo.proxy - bool
host.geo.hosting - bool
host.geo.query - string
host.geo.location - geo_point
code_42.event.id - keyword
code_42.event.type - keyword
code_42.event.timestamp - date
code_42.insertion_timestamp - date
code_42.file.path - keyword/text
code_42.file.name - keyword
code_42.file.type - keyword
code_42.file.category - keyword
code_42.file.identified_extension_category - keyword
code_42.file.current_extension_category - keyword
code_42.file.size - long
code_42.file.owner - keyword
code_42.file.hash.md5 - keyword
code_42.file.hash.sha256 - keyword
code_42.file.created_timestamp - date
code_42.file.modify_timestamp - date
code_42.file.id - keyword
code_42.file.identified_extension_mime_type - keyword
code_42.file.current_extension_mime_type - keyword
code_42.file.suspicious_file_type_mismatch - bool
code_42.device.username - keyword
code_42.device.uid - keyword
code_42.os_host_name - keyword
code_42.domain_name - keyword
code_42.public_ip_address - ip
code_42.private_ip_addresses - ip
code_42.actor - keyword
code_42.directory_id - keyword
code_42.source - keyword
code_42.url.full - keyword/text
code_42.url.domain - keyword
code_42.url.extension - keyword
code_42.url.fragment - keyword
code_42.url.path - keyword
code_42.url.port - long
code_42.url.query - keyword
code_42.url.scheme - keyword
code_42.url.username - keyword
code_42.url.password - keyword
code_42.url.registered_domain - keyword
code_42.url.top_level_domain - keyword
code_42.shared - bool
code_42.shared_with - keyword
code_42.sharing_type_added - keyword
code_42.cloud_drive_id - keyword
code_42.detection_source_alias - keyword
code_42.exposure - keyword
code_42.process.owner - keyword
code_42.process.name - keyword/text
code_42.tab.window_title - keyword/text
code_42.tab.url.full - keyword/text
code_42.tab.url.domain - keyword
code_42.tab.url.extension - keyword
code_42.tab.url.fragment - keyword
code_42.tab.url.path - keyword
code_42.tab.url.port - long
code_42.tab.url.query - keyword
code_42.tab.url.scheme - keyword
code_42.tab.url.username - keyword
code_42.tab.url.password - keyword
code_42.tab.url.registered_domain - keyword
code_42.tab.url.top_level_domain - keyword
code_42.removable_media.vendor - keyword
code_42.removable_media.name - keyword
code_42.removable_media.serial_number - keyword
code_42.removable_media.capacity - long
code_42.removable_media.bus_type - keyword
code_42.removable_media.media_name - keyword
code_42.removable_media.volume_name - keyword
code_42.removable_media.partition_id - keyword
code_42.sync_destination - keyword
code_42.sync_destination_username - keyword
code_42.email_dlp.policy_names - keyword
code_42.email_dlp.subject - keyword
code_42.email_dlp.sender - keyword
code_42.email_dlp.from - keyword
code_42.email_dlp.recipients - keyword
code_42.outside_active_hours - bool
code_42.print.job_name - keyword
code_42.print.printer_name - keyword
code_42.print.printed_files_backup_path - keyword
code_42.remote_activity - keyword
code_42.trusted - keyword
code_42.logged_in_operating_system_user - keyword
code_42.destination.category - keyword
code_42.destination.name - keyword/text

Assets 4
Loading