Untitled
unknown
plain_text
2 months ago
41 kB
4
Indexable
{
"index.auto_expand_replicas": "0-1",
"index.creation_date": "1736903771537",
"index.mapping.total_fields.limit": "10000",
"index.number_of_replicas": "0",
"index.number_of_shards": "3",
"index.provided_name": "<wazuh-alerts-4.x-{2025.01.15||/d{yyyy.MM.dd|UTC}}>",
"index.query.default_field.0": "GeoLocation.city_name",
"index.query.default_field.1": "GeoLocation.continent_code",
"index.query.default_field.2": "GeoLocation.country_code2",
"index.query.default_field.3": "GeoLocation.country_code3",
"index.query.default_field.4": "GeoLocation.country_name",
"index.query.default_field.5": "GeoLocation.ip",
"index.query.default_field.6": "GeoLocation.postal_code",
"index.query.default_field.7": "GeoLocation.real_region_name",
"index.query.default_field.8": "GeoLocation.region_name",
"index.query.default_field.9": "GeoLocation.timezone",
"index.query.default_field.10": "agent.id",
"index.query.default_field.11": "agent.ip",
"index.query.default_field.12": "agent.name",
"index.query.default_field.13": "cluster.name",
"index.query.default_field.14": "cluster.node",
"index.query.default_field.15": "command",
"index.query.default_field.16": "data",
"index.query.default_field.17": "data.action",
"index.query.default_field.18": "data.audit",
"index.query.default_field.19": "data.audit.acct",
"index.query.default_field.20": "data.audit.arch",
"index.query.default_field.21": "data.audit.auid",
"index.query.default_field.22": "data.audit.command",
"index.query.default_field.23": "data.audit.cwd",
"index.query.default_field.24": "data.audit.dev",
"index.query.default_field.25": "data.audit.directory.inode",
"index.query.default_field.26": "data.audit.directory.mode",
"index.query.default_field.27": "data.audit.directory.name",
"index.query.default_field.28": "data.audit.egid",
"index.query.default_field.29": "data.audit.enforcing",
"index.query.default_field.30": "data.audit.euid",
"index.query.default_field.31": "data.audit.exe",
"index.query.default_field.32": "data.audit.execve.a0",
"index.query.default_field.33": "data.audit.execve.a1",
"index.query.default_field.34": "data.audit.execve.a2",
"index.query.default_field.35": "data.audit.execve.a3",
"index.query.default_field.36": "data.audit.exit",
"index.query.default_field.37": "data.audit.file.inode",
"index.query.default_field.38": "data.audit.file.mode",
"index.query.default_field.39": "data.audit.file.name",
"index.query.default_field.40": "data.audit.fsgid",
"index.query.default_field.41": "data.audit.fsuid",
"index.query.default_field.42": "data.audit.gid",
"index.query.default_field.43": "data.audit.id",
"index.query.default_field.44": "data.audit.key",
"index.query.default_field.45": "data.audit.list",
"index.query.default_field.46": "data.audit.old-auid",
"index.query.default_field.47": "data.audit.old-ses",
"index.query.default_field.48": "data.audit.old_enforcing",
"index.query.default_field.49": "data.audit.old_prom",
"index.query.default_field.50": "data.audit.op",
"index.query.default_field.51": "data.audit.pid",
"index.query.default_field.52": "data.audit.ppid",
"index.query.default_field.53": "data.audit.prom",
"index.query.default_field.54": "data.audit.res",
"index.query.default_field.55": "data.audit.session",
"index.query.default_field.56": "data.audit.sgid",
"index.query.default_field.57": "data.audit.srcip",
"index.query.default_field.58": "data.audit.subj",
"index.query.default_field.59": "data.audit.success",
"index.query.default_field.60": "data.audit.suid",
"index.query.default_field.61": "data.audit.syscall",
"index.query.default_field.62": "data.audit.tty",
"index.query.default_field.63": "data.audit.uid",
"index.query.default_field.64": "data.aws.accountId",
"index.query.default_field.65": "data.aws.account_id",
"index.query.default_field.66": "data.aws.action",
"index.query.default_field.67": "data.aws.actor",
"index.query.default_field.68": "data.aws.aws_account_id",
"index.query.default_field.69": "data.aws.description",
"index.query.default_field.70": "data.aws.dstport",
"index.query.default_field.71": "data.aws.errorCode",
"index.query.default_field.72": "data.aws.errorMessage",
"index.query.default_field.73": "data.aws.eventID",
"index.query.default_field.74": "data.aws.eventName",
"index.query.default_field.75": "data.aws.eventSource",
"index.query.default_field.76": "data.aws.eventType",
"index.query.default_field.77": "data.aws.id",
"index.query.default_field.78": "data.aws.name",
"index.query.default_field.79": "data.aws.requestParameters.accessKeyId",
"index.query.default_field.80": "data.aws.requestParameters.bucketName",
"index.query.default_field.81": "data.aws.requestParameters.gatewayId",
"index.query.default_field.82": "data.aws.requestParameters.groupDescription",
"index.query.default_field.83": "data.aws.requestParameters.groupId",
"index.query.default_field.84": "data.aws.requestParameters.groupName",
"index.query.default_field.85": "data.aws.requestParameters.host",
"index.query.default_field.86": "data.aws.requestParameters.hostedZoneId",
"index.query.default_field.87": "data.aws.requestParameters.instanceId",
"index.query.default_field.88": "data.aws.requestParameters.instanceProfileName",
"index.query.default_field.89": "data.aws.requestParameters.loadBalancerName",
"index.query.default_field.90": "data.aws.requestParameters.loadBalancerPorts",
"index.query.default_field.91": "data.aws.requestParameters.masterUserPassword",
"index.query.default_field.92": "data.aws.requestParameters.masterUsername",
"index.query.default_field.93": "data.aws.requestParameters.name",
"index.query.default_field.94": "data.aws.requestParameters.natGatewayId",
"index.query.default_field.95": "data.aws.requestParameters.networkAclId",
"index.query.default_field.96": "data.aws.requestParameters.path",
"index.query.default_field.97": "data.aws.requestParameters.policyName",
"index.query.default_field.98": "data.aws.requestParameters.port",
"index.query.default_field.99": "data.aws.requestParameters.stackId",
"index.query.default_field.100": "data.aws.requestParameters.stackName",
"index.query.default_field.101": "data.aws.requestParameters.subnetId",
"index.query.default_field.102": "data.aws.requestParameters.subnetIds",
"index.query.default_field.103": "data.aws.requestParameters.volumeId",
"index.query.default_field.104": "data.aws.requestParameters.vpcId",
"index.query.default_field.105": "data.aws.resource.accessKeyDetails.accessKeyId",
"index.query.default_field.106": "data.aws.resource.accessKeyDetails.principalId",
"index.query.default_field.107": "data.aws.resource.accessKeyDetails.userName",
"index.query.default_field.108": "data.aws.resource.instanceDetails.instanceId",
"index.query.default_field.109": "data.aws.resource.instanceDetails.instanceState",
"index.query.default_field.110": "data.aws.resource.instanceDetails.networkInterfaces.privateDnsName",
"index.query.default_field.111": "data.aws.resource.instanceDetails.networkInterfaces.publicDnsName",
"index.query.default_field.112": "data.aws.resource.instanceDetails.networkInterfaces.subnetId",
"index.query.default_field.113": "data.aws.resource.instanceDetails.networkInterfaces.vpcId",
"index.query.default_field.114": "data.aws.resource.instanceDetails.tags.value",
"index.query.default_field.115": "data.aws.responseElements.AssociateVpcCidrBlockResponse.vpcId",
"index.query.default_field.116": "data.aws.responseElements.description",
"index.query.default_field.117": "data.aws.responseElements.instanceId",
"index.query.default_field.118": "data.aws.responseElements.instances.instanceId",
"index.query.default_field.119": "data.aws.responseElements.instancesSet.items.instanceId",
"index.query.default_field.120": "data.aws.responseElements.listeners.port",
"index.query.default_field.121": "data.aws.responseElements.loadBalancerName",
"index.query.default_field.122": "data.aws.responseElements.loadBalancers.vpcId",
"index.query.default_field.123": "data.aws.responseElements.loginProfile.userName",
"index.query.default_field.124": "data.aws.responseElements.networkAcl.vpcId",
"index.query.default_field.125": "data.aws.responseElements.ownerId",
"index.query.default_field.126": "data.aws.responseElements.publicIp",
"index.query.default_field.127": "data.aws.responseElements.user.userId",
"index.query.default_field.128": "data.aws.responseElements.user.userName",
"index.query.default_field.129": "data.aws.responseElements.volumeId",
"index.query.default_field.130": "data.aws.service.serviceName",
"index.query.default_field.131": "data.aws.severity",
"index.query.default_field.132": "data.aws.source",
"index.query.default_field.133": "data.aws.sourceIPAddress",
"index.query.default_field.134": "data.aws.srcport",
"index.query.default_field.135": "data.aws.userIdentity.accessKeyId",
"index.query.default_field.136": "data.aws.userIdentity.accountId",
"index.query.default_field.137": "data.aws.userIdentity.userName",
"index.query.default_field.138": "data.aws.vpcEndpointId",
"index.query.default_field.139": "data.command",
"index.query.default_field.140": "data.cis.group",
"index.query.default_field.141": "data.cis.rule_title",
"index.query.default_field.142": "data.data",
"index.query.default_field.143": "data.docker.Actor.Attributes.container",
"index.query.default_field.144": "data.docker.Actor.Attributes.image",
"index.query.default_field.145": "data.docker.Actor.Attributes.name",
"index.query.default_field.146": "data.docker.Actor.ID",
"index.query.default_field.147": "data.docker.id",
"index.query.default_field.148": "data.docker.message",
"index.query.default_field.149": "data.docker.status",
"index.query.default_field.150": "data.dstip",
"index.query.default_field.151": "data.dstport",
"index.query.default_field.152": "data.dstuser",
"index.query.default_field.153": "data.extra_data",
"index.query.default_field.154": "data.gcp.jsonPayload.queryName",
"index.query.default_field.155": "data.gcp.jsonPayload.vmInstanceName",
"index.query.default_field.156": "data.gcp.resource.labels.location",
"index.query.default_field.157": "data.gcp.resource.labels.project_id",
"index.query.default_field.158": "data.gcp.resource.labels.source_type",
"index.query.default_field.159": "data.gcp.resource.type",
"index.query.default_field.160": "data.github.org",
"index.query.default_field.161": "data.github.actor",
"index.query.default_field.162": "data.github.action",
"index.query.default_field.163": "data.github.repo",
"index.query.default_field.164": "data.hardware.serial",
"index.query.default_field.165": "data.id",
"index.query.default_field.166": "data.integration",
"index.query.default_field.167": "data.netinfo.iface.adapter",
"index.query.default_field.168": "data.netinfo.iface.ipv4.address",
"index.query.default_field.169": "data.netinfo.iface.ipv6.address",
"index.query.default_field.170": "data.netinfo.iface.mac",
"index.query.default_field.171": "data.netinfo.iface.name",
"index.query.default_field.172": "data.office365.Actor.ID",
"index.query.default_field.173": "data.office365.UserId",
"index.query.default_field.174": "data.office365.Operation",
"index.query.default_field.175": "data.office365.ClientIP",
"index.query.default_field.176": "data.ms-graph.relationship",
"index.query.default_field.177": "data.ms-graph.classification",
"index.query.default_field.178": "data.ms-graph.detectionSource",
"index.query.default_field.179": "data.ms-graph.determination",
"index.query.default_field.180": "data.ms-graph.remediationStatus",
"index.query.default_field.181": "data.ms-graph.roles",
"index.query.default_field.182": "data.ms-graph.verdict",
"index.query.default_field.183": "data.ms-graph.serviceSource",
"index.query.default_field.184": "data.ms-graph.severity",
"index.query.default_field.185": "data.ms-graph.actorDisplayName",
"index.query.default_field.186": "data.ms-graph.alertWebUrl",
"index.query.default_field.187": "data.ms-graph.assignedTo",
"index.query.default_field.188": "data.ms-graph.category",
"index.query.default_field.189": "data.ms-graph.comments",
"index.query.default_field.190": "data.ms-graph.description",
"index.query.default_field.191": "data.ms-graph.detectorId",
"index.query.default_field.192": "data.ms-graph.evidence._comment",
"index.query.default_field.193": "data.ms-graph.id",
"index.query.default_field.194": "data.ms-graph.incidentId",
"index.query.default_field.195": "data.ms-graph.incidentWebUrl",
"index.query.default_field.196": "data.ms-graph.mitreTechniques",
"index.query.default_field.197": "data.ms-graph.providerAlertId",
"index.query.default_field.198": "data.ms-graph.resource",
"index.query.default_field.199": "data.ms-graph.status",
"index.query.default_field.200": "data.ms-graph.tenantId",
"index.query.default_field.201": "data.ms-graph.threatDisplayName",
"index.query.default_field.202": "data.ms-graph.threatFamilyName",
"index.query.default_field.203": "data.ms-graph.title",
"index.query.default_field.204": "data.ms-graph.@odata.type",
"index.query.default_field.205": "data.ms-graph.activationLockBypassCode",
"index.query.default_field.206": "data.ms-graph.activity",
"index.query.default_field.207": "data.ms-graph.activityOperationType",
"index.query.default_field.208": "data.ms-graph.activityResult",
"index.query.default_field.209": "data.ms-graph.activityType",
"index.query.default_field.210": "data.ms-graph.actor.@odata.type",
"index.query.default_field.211": "data.ms-graph.actor.applicationDisplayName",
"index.query.default_field.212": "data.ms-graph.actor.applicationId",
"index.query.default_field.213": "data.ms-graph.actor.auditActorType",
"index.query.default_field.214": "data.ms-graph.actor.ipAddress",
"index.query.default_field.215": "data.ms-graph.actor.servicePrincipalName",
"index.query.default_field.216": "data.ms-graph.actor.type",
"index.query.default_field.217": "data.ms-graph.actor.userId",
"index.query.default_field.218": "data.ms-graph.actor.userPermissions",
"index.query.default_field.219": "data.ms-graph.actor.userPrincipalName",
"index.query.default_field.220": "data.ms-graph.androidSecurityPatchLevel",
"index.query.default_field.221": "data.ms-graph.appliedConditionalAccessPolicies",
"index.query.default_field.222": "data.ms-graph.azureADDeviceId",
"index.query.default_field.223": "data.ms-graph.azureADRegistered",
"index.query.default_field.224": "data.ms-graph.complianceState",
"index.query.default_field.225": "data.ms-graph.componentName",
"index.query.default_field.226": "data.ms-graph.configurationManagerClientEnabledFeatures.@odata.type",
"index.query.default_field.227": "data.ms-graph.configurationManagerClientEnabledFeatures.compliancePolicy",
"index.query.default_field.228": "data.ms-graph.configurationManagerClientEnabledFeatures.deviceConfiguration",
"index.query.default_field.229": "data.ms-graph.configurationManagerClientEnabledFeatures.inventory",
"index.query.default_field.230": "data.ms-graph.configurationManagerClientEnabledFeatures.modernApps",
"index.query.default_field.231": "data.ms-graph.configurationManagerClientEnabledFeatures.resourceAccess",
"index.query.default_field.232": "data.ms-graph.configurationManagerClientEnabledFeatures.windowsUpdateForBusiness",
"index.query.default_field.233": "data.ms-graph.correlationId",
"index.query.default_field.234": "data.ms-graph.deviceActionResults.@odata.type",
"index.query.default_field.235": "data.ms-graph.deviceActionResults.actionName",
"index.query.default_field.236": "data.ms-graph.deviceActionResults.actionState",
"index.query.default_field.237": "data.ms-graph.deviceCategoryDisplayName",
"index.query.default_field.238": "data.ms-graph.deviceEnrollmentType",
"index.query.default_field.239": "data.ms-graph.deviceHealthAttestationState.@odata.type",
"index.query.default_field.240": "data.ms-graph.deviceHealthAttestationState.attestationIdentityKey",
"index.query.default_field.241": "data.ms-graph.deviceHealthAttestationState.bitLockerStatus",
"index.query.default_field.242": "data.ms-graph.deviceHealthAttestationState.bootAppSecurityVersion",
"index.query.default_field.243": "data.ms-graph.deviceHealthAttestationState.bootDebugging",
"index.query.default_field.244": "data.ms-graph.deviceHealthAttestationState.bootManagerSecurityVersion",
"index.query.default_field.245": "data.ms-graph.deviceHealthAttestationState.bootManagerVersion",
"index.query.default_field.246": "data.ms-graph.deviceHealthAttestationState.bootRevisionListInfo",
"index.query.default_field.247": "data.ms-graph.deviceHealthAttestationState.codeIntegrity",
"index.query.default_field.248": "data.ms-graph.deviceHealthAttestationState.codeIntegrityCheckVersion",
"index.query.default_field.249": "data.ms-graph.deviceHealthAttestationState.codeIntegrityPolicy",
"index.query.default_field.250": "data.ms-graph.deviceHealthAttestationState.contentNamespaceUrl",
"index.query.default_field.251": "data.ms-graph.deviceHealthAttestationState.contentVersion",
"index.query.default_field.252": "data.ms-graph.deviceHealthAttestationState.dataExcutionPolicy",
"index.query.default_field.253": "data.ms-graph.deviceHealthAttestationState.deviceHealthAttestationStatus",
"index.query.default_field.254": "data.ms-graph.deviceHealthAttestationState.earlyLaunchAntiMalwareDriverProtection",
"index.query.default_field.255": "data.ms-graph.deviceHealthAttestationState.healthAttestationSupportedStatus",
"index.query.default_field.256": "data.ms-graph.deviceHealthAttestationState.healthStatusMismatchInfo",
"index.query.default_field.257": "data.ms-graph.deviceHealthAttestationState.operatingSystemKernelDebugging",
"index.query.default_field.258": "data.ms-graph.deviceHealthAttestationState.operatingSystemRevListInfo",
"index.query.default_field.259": "data.ms-graph.deviceHealthAttestationState.pcr0",
"index.query.default_field.260": "data.ms-graph.deviceHealthAttestationState.pcrHashAlgorithm",
"index.query.default_field.261": "data.ms-graph.deviceHealthAttestationState.resetCount",
"index.query.default_field.262": "data.ms-graph.deviceHealthAttestationState.restartCount",
"index.query.default_field.263": "data.ms-graph.deviceHealthAttestationState.safeMode",
"index.query.default_field.264": "data.ms-graph.deviceHealthAttestationState.secureBoot",
"index.query.default_field.265": "data.ms-graph.deviceHealthAttestationState.secureBootConfigurationPolicyFingerPrint",
"index.query.default_field.266": "data.ms-graph.deviceHealthAttestationState.testSigning",
"index.query.default_field.267": "data.ms-graph.deviceHealthAttestationState.tpmVersion",
"index.query.default_field.268": "data.ms-graph.deviceHealthAttestationState.virtualSecureMode",
"index.query.default_field.269": "data.ms-graph.deviceHealthAttestationState.windowsPE",
"index.query.default_field.270": "data.ms-graph.deviceName",
"index.query.default_field.271": "data.ms-graph.deviceRegistrationState",
"index.query.default_field.272": "data.ms-graph.displayName",
"index.query.default_field.273": "data.ms-graph.easActivated",
"index.query.default_field.274": "data.ms-graph.easDeviceId",
"index.query.default_field.275": "data.ms-graph.emailAddress",
"index.query.default_field.276": "data.ms-graph.enrollmentProfileName",
"index.query.default_field.277": "data.ms-graph.ethernetMacAddress",
"index.query.default_field.278": "data.ms-graph.exchangeAccessState",
"index.query.default_field.279": "data.ms-graph.exchangeAccessStateReason",
"index.query.default_field.280": "data.ms-graph.freeStorageSpaceInBytes",
"index.query.default_field.281": "data.ms-graph.iccid",
"index.query.default_field.282": "data.ms-graph.imei",
"index.query.default_field.283": "data.ms-graph.isEncrypted",
"index.query.default_field.284": "data.ms-graph.isSupervised",
"index.query.default_field.285": "data.ms-graph.jailBroken",
"index.query.default_field.286": "data.ms-graph.managedDeviceName",
"index.query.default_field.287": "data.ms-graph.managedDevices.deviceName",
"index.query.default_field.288": "data.ms-graph.managedDevices.id",
"index.query.default_field.289": "data.ms-graph.managedDeviceOwnerType",
"index.query.default_field.290": "data.ms-graph.managementAgent",
"index.query.default_field.291": "data.ms-graph.manufacturer",
"index.query.default_field.292": "data.ms-graph.meid",
"index.query.default_field.293": "data.ms-graph.model",
"index.query.default_field.294": "data.ms-graph.notes",
"index.query.default_field.295": "data.ms-graph.operatingSystem",
"index.query.default_field.296": "data.ms-graph.osVersion",
"index.query.default_field.297": "data.ms-graph.partnerReportedThreatState",
"index.query.default_field.298": "data.ms-graph.phoneNumber",
"index.query.default_field.299": "data.ms-graph.physicalMemoryInBytes",
"index.query.default_field.300": "data.ms-graph.platform",
"index.query.default_field.301": "data.ms-graph.publisher",
"index.query.default_field.302": "data.ms-graph.remoteAssistanceSessionErrorDetails",
"index.query.default_field.303": "data.ms-graph.remoteAssistanceSessionUrl",
"index.query.default_field.304": "data.ms-graph.requireUserEnrollmentApproval",
"index.query.default_field.305": "data.ms-graph.resources.@odata.type",
"index.query.default_field.306": "data.ms-graph.resources.auditResourceType",
"index.query.default_field.307": "data.ms-graph.resources.displayName",
"index.query.default_field.308": "data.ms-graph.resources.modifiedProperties.@odata.type",
"index.query.default_field.309": "data.ms-graph.resources.modifiedProperties.displayName",
"index.query.default_field.310": "data.ms-graph.resources.modifiedProperties.oldValue",
"index.query.default_field.311": "data.ms-graph.resources.modifiedProperties.newValue",
"index.query.default_field.312": "data.ms-graph.resources.resourceId",
"index.query.default_field.313": "data.ms-graph.resources.type",
"index.query.default_field.314": "data.ms-graph.serialNumber",
"index.query.default_field.315": "data.ms-graph.sizeInByte",
"index.query.default_field.316": "data.ms-graph.subscriberCarrier",
"index.query.default_field.317": "data.ms-graph.totalStorageSpaceInBytes",
"index.query.default_field.318": "data.ms-graph.udid",
"index.query.default_field.319": "data.ms-graph.userDisplayName",
"index.query.default_field.320": "data.ms-graph.userId",
"index.query.default_field.321": "data.ms-graph.userPrincipalName",
"index.query.default_field.322": "data.ms-graph.version",
"index.query.default_field.323": "data.ms-graph.wiFiMacAddress",
"index.query.default_field.324": "data.os.architecture",
"index.query.default_field.325": "data.os.build",
"index.query.default_field.326": "data.os.codename",
"index.query.default_field.327": "data.os.hostname",
"index.query.default_field.328": "data.os.major",
"index.query.default_field.329": "data.os.minor",
"index.query.default_field.330": "data.os.patch",
"index.query.default_field.331": "data.os.name",
"index.query.default_field.332": "data.os.platform",
"index.query.default_field.333": "data.os.release",
"index.query.default_field.334": "data.os.release_version",
"index.query.default_field.335": "data.os.display_version",
"index.query.default_field.336": "data.os.sysname",
"index.query.default_field.337": "data.os.version",
"index.query.default_field.338": "data.oscap.check.description",
"index.query.default_field.339": "data.oscap.check.id",
"index.query.default_field.340": "data.oscap.check.identifiers",
"index.query.default_field.341": "data.oscap.check.oval.id",
"index.query.default_field.342": "data.oscap.check.rationale",
"index.query.default_field.343": "data.oscap.check.references",
"index.query.default_field.344": "data.oscap.check.result",
"index.query.default_field.345": "data.oscap.check.severity",
"index.query.default_field.346": "data.oscap.check.title",
"index.query.default_field.347": "data.oscap.scan.benchmark.id",
"index.query.default_field.348": "data.oscap.scan.content",
"index.query.default_field.349": "data.oscap.scan.id",
"index.query.default_field.350": "data.oscap.scan.profile.id",
"index.query.default_field.351": "data.oscap.scan.profile.title",
"index.query.default_field.352": "data.osquery.columns.address",
"index.query.default_field.353": "data.osquery.columns.command",
"index.query.default_field.354": "data.osquery.columns.description",
"index.query.default_field.355": "data.osquery.columns.dst_ip",
"index.query.default_field.356": "data.osquery.columns.gid",
"index.query.default_field.357": "data.osquery.columns.hostname",
"index.query.default_field.358": "data.osquery.columns.md5",
"index.query.default_field.359": "data.osquery.columns.path",
"index.query.default_field.360": "data.osquery.columns.sha1",
"index.query.default_field.361": "data.osquery.columns.sha256",
"index.query.default_field.362": "data.osquery.columns.src_ip",
"index.query.default_field.363": "data.osquery.columns.user",
"index.query.default_field.364": "data.osquery.columns.username",
"index.query.default_field.365": "data.osquery.name",
"index.query.default_field.366": "data.osquery.pack",
"index.query.default_field.367": "data.port.process",
"index.query.default_field.368": "data.port.protocol",
"index.query.default_field.369": "data.port.state",
"index.query.default_field.370": "data.process.args",
"index.query.default_field.371": "data.process.cmd",
"index.query.default_field.372": "data.process.egroup",
"index.query.default_field.373": "data.process.euser",
"index.query.default_field.374": "data.process.fgroup",
"index.query.default_field.375": "data.process.name",
"index.query.default_field.376": "data.process.rgroup",
"index.query.default_field.377": "data.process.ruser",
"index.query.default_field.378": "data.process.sgroup",
"index.query.default_field.379": "data.process.state",
"index.query.default_field.380": "data.process.suser",
"index.query.default_field.381": "data.program.architecture",
"index.query.default_field.382": "data.program.description",
"index.query.default_field.383": "data.program.format",
"index.query.default_field.384": "data.program.location",
"index.query.default_field.385": "data.program.multiarch",
"index.query.default_field.386": "data.program.name",
"index.query.default_field.387": "data.program.priority",
"index.query.default_field.388": "data.program.section",
"index.query.default_field.389": "data.program.source",
"index.query.default_field.390": "data.program.vendor",
"index.query.default_field.391": "data.program.version",
"index.query.default_field.392": "data.protocol",
"index.query.default_field.393": "data.pwd",
"index.query.default_field.394": "data.sca",
"index.query.default_field.395": "data.sca.check.compliance.cis",
"index.query.default_field.396": "data.sca.check.compliance.cis_csc",
"index.query.default_field.397": "data.sca.check.compliance.pci_dss",
"index.query.default_field.398": "data.sca.check.compliance.hipaa",
"index.query.default_field.399": "data.sca.check.compliance.nist_800_53",
"index.query.default_field.400": "data.sca.check.description",
"index.query.default_field.401": "data.sca.check.directory",
"index.query.default_field.402": "data.sca.check.file",
"index.query.default_field.403": "data.sca.check.id",
"index.query.default_field.404": "data.sca.check.previous_result",
"index.query.default_field.405": "data.sca.check.process",
"index.query.default_field.406": "data.sca.check.rationale",
"index.query.default_field.407": "data.sca.check.reason",
"index.query.default_field.408": "data.sca.check.references",
"index.query.default_field.409": "data.sca.check.registry",
"index.query.default_field.410": "data.sca.check.remediation",
"index.query.default_field.411": "data.sca.check.result",
"index.query.default_field.412": "data.sca.check.title",
"index.query.default_field.413": "data.sca.description",
"index.query.default_field.414": "data.sca.file",
"index.query.default_field.415": "data.sca.invalid",
"index.query.default_field.416": "data.sca.name",
"index.query.default_field.417": "data.sca.policy",
"index.query.default_field.418": "data.sca.policy_id",
"index.query.default_field.419": "data.sca.scan_id",
"index.query.default_field.420": "data.sca.total_checks",
"index.query.default_field.421": "data.scan_id",
"index.query.default_field.422": "data.script",
"index.query.default_field.423": "data.src_ip",
"index.query.default_field.424": "data.src_port",
"index.query.default_field.425": "data.srcip",
"index.query.default_field.426": "data.srcport",
"index.query.default_field.427": "data.srcuser",
"index.query.default_field.428": "data.status",
"index.query.default_field.429": "data.system_name",
"index.query.default_field.430": "data.title",
"index.query.default_field.431": "data.tty",
"index.query.default_field.432": "data.uid",
"index.query.default_field.433": "data.url",
"index.query.default_field.434": "data.virustotal.description",
"index.query.default_field.435": "data.virustotal.error",
"index.query.default_field.436": "data.virustotal.found",
"index.query.default_field.437": "data.virustotal.permalink",
"index.query.default_field.438": "data.virustotal.scan_date",
"index.query.default_field.439": "data.virustotal.sha1",
"index.query.default_field.440": "data.virustotal.source.alert_id",
"index.query.default_field.441": "data.virustotal.source.file",
"index.query.default_field.442": "data.virustotal.source.md5",
"index.query.default_field.443": "data.virustotal.source.sha1",
"index.query.default_field.444": "data.vulnerability.cve",
"index.query.default_field.445": "data.vulnerability.cvss.cvss2.base_score",
"index.query.default_field.446": "data.vulnerability.cvss.cvss2.exploitability_score",
"index.query.default_field.447": "data.vulnerability.cvss.cvss2.impact_score",
"index.query.default_field.448": "data.vulnerability.cvss.cvss2.vector.access_complexity",
"index.query.default_field.449": "data.vulnerability.cvss.cvss2.vector.attack_vector",
"index.query.default_field.450": "data.vulnerability.cvss.cvss2.vector.authentication",
"index.query.default_field.451": "data.vulnerability.cvss.cvss2.vector.availability",
"index.query.default_field.452": "data.vulnerability.cvss.cvss2.vector.confidentiality_impact",
"index.query.default_field.453": "data.vulnerability.cvss.cvss2.vector.integrity_impact",
"index.query.default_field.454": "data.vulnerability.cvss.cvss2.vector.privileges_required",
"index.query.default_field.455": "data.vulnerability.cvss.cvss2.vector.scope",
"index.query.default_field.456": "data.vulnerability.cvss.cvss2.vector.user_interaction",
"index.query.default_field.457": "data.vulnerability.cvss.cvss3.base_score",
"index.query.default_field.458": "data.vulnerability.cvss.cvss3.exploitability_score",
"index.query.default_field.459": "data.vulnerability.cvss.cvss3.impact_score",
"index.query.default_field.460": "data.vulnerability.cvss.cvss3.vector.access_complexity",
"index.query.default_field.461": "data.vulnerability.cvss.cvss3.vector.attack_vector",
"index.query.default_field.462": "data.vulnerability.cvss.cvss3.vector.authentication",
"index.query.default_field.463": "data.vulnerability.cvss.cvss3.vector.availability",
"index.query.default_field.464": "data.vulnerability.cvss.cvss3.vector.confidentiality_impact",
"index.query.default_field.465": "data.vulnerability.cvss.cvss3.vector.integrity_impact",
"index.query.default_field.466": "data.vulnerability.cvss.cvss3.vector.privileges_required",
"index.query.default_field.467": "data.vulnerability.cvss.cvss3.vector.scope",
"index.query.default_field.468": "data.vulnerability.cvss.cvss3.vector.user_interaction",
"index.query.default_field.469": "data.vulnerability.cwe_reference",
"index.query.default_field.470": "data.vulnerability.package.source",
"index.query.default_field.471": "data.vulnerability.package.architecture",
"index.query.default_field.472": "data.vulnerability.package.condition",
"index.query.default_field.473": "data.vulnerability.package.generated_cpe",
"index.query.default_field.474": "data.vulnerability.package.name",
"index.query.default_field.475": "data.vulnerability.package.version",
"index.query.default_field.476": "data.vulnerability.rationale",
"index.query.default_field.477": "data.vulnerability.severity",
"index.query.default_field.478": "data.vulnerability.status",
"index.query.default_field.479": "data.vulnerability.title",
"index.query.default_field.480": "data.vulnerability.assigner",
"index.query.default_field.481": "data.vulnerability.cve_version",
"index.query.default_field.482": "data.win.eventdata.auditPolicyChanges",
"index.query.default_field.483": "data.win.eventdata.auditPolicyChangesId",
"index.query.default_field.484": "data.win.eventdata.binary",
"index.query.default_field.485": "data.win.eventdata.category",
"index.query.default_field.486": "data.win.eventdata.categoryId",
"index.query.default_field.487": "data.win.eventdata.data",
"index.query.default_field.488": "data.win.eventdata.image",
"index.query.default_field.489": "data.win.eventdata.ipAddress",
"index.query.default_field.490": "data.win.eventdata.ipPort",
"index.query.default_field.491": "data.win.eventdata.keyName",
"index.query.default_field.492": "data.win.eventdata.logonGuid",
"index.query.default_field.493": "data.win.eventdata.logonProcessName",
"index.query.default_field.494": "data.win.eventdata.operation",
"index.query.default_field.495": "data.win.eventdata.parentImage",
"index.query.default_field.496": "data.win.eventdata.processId",
"index.query.default_field.497": "data.win.eventdata.processName",
"index.query.default_field.498": "data.win.eventdata.providerName",
"index.query.default_field.499": "data.win.eventdata.returnCode",
"index.query.default_field.500": "data.win.eventdata.service",
"index.query.default_field.501": "data.win.eventdata.status",
"index.query.default_field.502": "data.win.eventdata.subcategory",
"index.query.default_field.503": "data.win.eventdata.subcategoryGuid",
"index.query.default_field.504": "data.win.eventdata.subcategoryId",
"index.query.default_field.505": "data.win.eventdata.subjectDomainName",
"index.query.default_field.506": "data.win.eventdata.subjectLogonId",
"index.query.default_field.507": "data.win.eventdata.subjectUserName",
"index.query.default_field.508": "data.win.eventdata.subjectUserSid",
"index.query.default_field.509": "data.win.eventdata.targetDomainName",
"index.query.default_field.510": "data.win.eventdata.targetLinkedLogonId",
"index.query.default_field.511": "data.win.eventdata.targetLogonId",
"index.query.default_field.512": "data.win.eventdata.targetUserName",
"index.query.default_field.513": "data.win.eventdata.targetUserSid",
"index.query.default_field.514": "data.win.eventdata.workstationName",
"index.query.default_field.515": "data.win.system.channel",
"index.query.default_field.516": "data.win.system.computer",
"index.query.default_field.517": "data.win.system.eventID",
"index.query.default_field.518": "data.win.system.eventRecordID",
"index.query.default_field.519": "data.win.system.eventSourceName",
"index.query.default_field.520": "data.win.system.keywords",
"index.query.default_field.521": "data.win.system.level",
"index.query.default_field.522": "data.win.system.message",
"index.query.default_field.523": "data.win.system.opcode",
"index.query.default_field.524": "data.win.system.processID",
"index.query.default_field.525": "data.win.system.providerGuid",
"index.query.default_field.526": "data.win.system.providerName",
"index.query.default_field.527": "data.win.system.securityUserID",
"index.query.default_field.528": "data.win.system.severityValue",
"index.query.default_field.529": "data.win.system.userID",
"index.query.default_field.530": "decoder.ftscomment",
"index.query.default_field.531": "decoder.name",
"index.query.default_field.532": "decoder.parent",
"index.query.default_field.533": "full_log",
"index.query.default_field.534": "host",
"index.query.default_field.535": "id",
"index.query.default_field.536": "input",
"index.query.default_field.537": "location",
"index.query.default_field.538": "manager.name",
"index.query.default_field.539": "message",
"index.query.default_field.540": "offset",
"index.query.default_field.541": "predecoder.hostname",
"index.query.default_field.542": "predecoder.program_name",
"index.query.default_field.543": "previous_log",
"index.query.default_field.544": "previous_output",
"index.query.default_field.545": "program_name",
"index.query.default_field.546": "rule.cis",
"index.query.default_field.547": "rule.cve",
"index.query.default_field.548": "rule.description",
"index.query.default_field.549": "rule.gdpr",
"index.query.default_field.550": "rule.gpg13",
"index.query.default_field.551": "rule.groups",
"index.query.default_field.552": "rule.id",
"index.query.default_field.553": "rule.info",
"index.query.default_field.554": "rule.mitre.id",
"index.query.default_field.555": "rule.mitre.tactic",
"index.query.default_field.556": "rule.mitre.technique",
"index.query.default_field.557": "rule.pci_dss",
"index.query.default_field.558": "rule.hipaa",
"index.query.default_field.559": "rule.nist_800_53",
"index.query.default_field.560": "syscheck.audit.effective_user.id",
"index.query.default_field.561": "syscheck.audit.effective_user.name",
"index.query.default_field.562": "syscheck.audit.group.id",
"index.query.default_field.563": "syscheck.audit.group.name",
"index.query.default_field.564": "syscheck.audit.login_user.id",
"index.query.default_field.565": "syscheck.audit.login_user.name",
"index.query.default_field.566": "syscheck.audit.process.id",
"index.query.default_field.567": "syscheck.audit.process.name",
"index.query.default_field.568": "syscheck.audit.process.ppid",
"index.query.default_field.569": "syscheck.audit.user.id",
"index.query.default_field.570": "syscheck.audit.user.name",
"index.query.default_field.571": "syscheck.diff",
"index.query.default_field.572": "syscheck.event",
"index.query.default_field.573": "syscheck.gid_after",
"index.query.default_field.574": "syscheck.gid_before",
"index.query.default_field.575": "syscheck.gname_after",
"index.query.default_field.576": "syscheck.gname_before",
"index.query.default_field.577": "syscheck.inode_after",
"index.query.default_field.578": "syscheck.inode_before",
"index.query.default_field.579": "syscheck.md5_after",
"index.query.default_field.580": "syscheck.md5_before",
"index.query.default_field.581": "syscheck.path",
"index.query.default_field.582": "syscheck.mode",
"index.query.default_field.583": "syscheck.perm_after",
"index.query.default_field.584": "syscheck.perm_before",
"index.query.default_field.585": "syscheck.sha1_after",
"index.query.default_field.586": "syscheck.sha1_before",
"index.query.default_field.587": "syscheck.sha256_after",
"index.query.default_field.588": "syscheck.sha256_before",
"index.query.default_field.589": "syscheck.tags",
"index.query.default_field.590": "syscheck.uid_after",
"index.query.default_field.591": "syscheck.uid_before",
"index.query.default_field.592": "syscheck.uname_after",
"index.query.default_field.593": "syscheck.uname_before",
"index.query.default_field.594": "syscheck.arch",
"index.query.default_field.595": "syscheck.value_name",
"index.query.default_field.596": "syscheck.value_type",
"index.query.default_field.597": "syscheck.changed_attributes",
"index.query.default_field.598": "title",
"index.refresh_interval": "5s",
"index.replication.type": "DOCUMENT",
"index.uuid": "na8yq2ZXShCmogYG0Gg4lw",
"index.version.created": "136377827"
}Editor is loading...
Leave a Comment