http://git-wip-us.apache.org/repos/asf/metron/blob/7d554444/metron-interface/metron-alerts/e2e/mock-data/cluster-state.json ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/mock-data/cluster-state.json b/metron-interface/metron-alerts/e2e/mock-data/cluster-state.json new file mode 100644 index 0000000..43d0f3a --- /dev/null +++ b/metron-interface/metron-alerts/e2e/mock-data/cluster-state.json @@ -0,0 +1,9261 @@ +{ + "cluster_name": "metron", + "version": 18, + "state_uuid": "FOk3OOHmR5aoKyjtUHCTxg", + "master_node": "RAGvGbRETRa-8eXfofW1ag", + "blocks": {}, + "nodes": { + "RAGvGbRETRa-8eXfofW1ag": { + "name": "node1", + "transport_address": "10.0.2.15:9300", + "attributes": { + "data": "1", + "master": "true" + } + } + }, + "metadata": { + "cluster_uuid": "aErYKRkNQ4KjBw31YgWPCw", + "templates": { + "snort_index": { + "template": "snort_index*", + "order": 0, + "settings": {}, + "mappings": { + "snort_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "msg": { + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "sig_rev": { + "type": "string" + }, + "ethsrc": { + "index": "not_analyzed", + "type": "string" + }, + "tcpseq": { + "type": "string" + }, + "dgmlen": { + "type": "integer" + }, + "tcpwindow": { + "type": "string" + }, + "tcpack": { + "type": "string" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_addr": { + "type": "ip" + }, + "tos": { + "type": "integer" + }, + "id": { + "type": "integer" + }, + "ip_src_addr": { + "type": "ip" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "ethdst": { + "index": "not_analyzed", + "type": "string" + }, + "is_alert": { + "type": "boolean" + }, + "ttl": { + "type": "integer" + }, + "ethlen": { + "index": "not_analyzed", + "type": "string" + }, + "iplen": { + "type": "integer" + }, + "ip_src_port": { + "type": "integer" + }, + "threat:triage:level": { + "type": "double" + }, + "tcpflags": { + "type": "string" + }, + "sig_id": { + "type": "integer" + }, + "sig_generator": { + "index": "not_analyzed", + "type": "string" + } + } + } + } + }, + "bro_index": { + "template": "bro_index*", + "order": 0, + "settings": {}, + "mappings": { + "bro_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "qclass_name": { + "index": "not_analyzed", + "type": "string" + }, + "qtype_name": { + "index": "not_analyzed", + "type": "string" + }, + "status_code": { + "type": "integer" + }, + "ip_dst_port": { + "type": "integer" + }, + "rejected": { + "type": "boolean" + }, + "qtype": { + "type": "integer" + }, + "answers": { + "type": "ip" + }, + "trans_id": { + "type": "integer" + }, + "uid": { + "index": "not_analyzed", + "type": "string" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "trans_depth": { + "type": "integer" + }, + "ip_dst_addr": { + "type": "ip" + }, + "host": { + "index": "not_analyzed", + "type": "string" + }, + "Z": { + "type": "integer" + }, + "ip_src_addr": { + "type": "ip" + }, + "user_agent": { + "type": "string" + }, + "qclass": { + "type": "integer" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "AA": { + "type": "boolean" + }, + "method": { + "index": "not_analyzed", + "type": "string" + }, + "request_body_len": { + "type": "integer" + }, + "query": { + "index": "not_analyzed", + "type": "string" + }, + "rcode": { + "type": "integer" + }, + "uri": { + "index": "not_analyzed", + "type": "string" + }, + "TC": { + "type": "boolean" + }, + "RA": { + "type": "boolean" + }, + "rcode_name": { + "index": "not_analyzed", + "type": "string" + }, + "referrer": { + "index": "not_analyzed", + "type": "string" + }, + "RD": { + "type": "boolean" + }, + "ip_src_port": { + "type": "integer" + }, + "proto": { + "index": "not_analyzed", + "type": "string" + }, + "status_msg": { + "index": "not_analyzed", + "type": "string" + }, + "response_body_len": { + "type": "integer" + } + } + } + } + }, + "yaf_index": { + "template": "yaf_index*", + "order": 0, + "settings": {}, + "mappings": { + "yaf_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "iflags": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "uflags": { + "index": "not_analyzed", + "type": "string" + }, + "isn": { + "index": "not_analyzed", + "type": "string" + }, + "dip": { + "index": "not_analyzed", + "type": "string" + }, + "dp": { + "index": "not_analyzed", + "type": "string" + }, + "duration": { + "type": "double" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "rpkt": { + "type": "integer" + }, + "ip_dst_addr": { + "type": "ip" + }, + "pkt": { + "type": "integer" + }, + "ruflags": { + "index": "not_analyzed", + "type": "string" + }, + "sip": { + "index": "not_analyzed", + "type": "string" + }, + "tag": { + "index": "not_analyzed", + "type": "string" + }, + "roct": { + "type": "integer" + }, + "ip_src_addr": { + "type": "ip" + }, + "sp": { + "index": "not_analyzed", + "type": "string" + }, + "rtag": { + "index": "not_analyzed", + "type": "string" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "app": { + "index": "not_analyzed", + "type": "string" + }, + "oct": { + "type": "integer" + }, + "end-reason": { + "type": "string" + }, + "risn": { + "index": "not_analyzed", + "type": "string" + }, + "end_time": { + "format": "epoch_millis", + "type": "date" + }, + "start_time": { + "format": "epoch_millis", + "type": "date" + }, + "rtt": { + "type": "double" + }, + "riflags": { + "type": "string" + }, + "ip_src_port": { + "type": "integer" + }, + "proto": { + "index": "not_analyzed", + "type": "string" + } + } + } + } + } + }, + "indices": { + "bro_index_2017.04.10.17": { + "state": "open", + "settings": { + "index": { + "creation_date": "1491844701493", + "number_of_shards": "1", + "number_of_replicas": "0", + "uuid": "uwltlO6BS8SjJERp9Ge7EA", + "version": { + "created": "2030399" + } + } + }, + "mappings": { + "bro_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "TTLs": { + "type": "double" + }, + "bro_timestamp": { + "type": "string" + }, + "qclass_name": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:location_point": { + "type": "geo_point" + }, + "answers": { + "type": "ip" + }, + "enrichmentjoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "adapter:geoadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "resp_mime_types": { + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "original_string": { + "type": "string" + }, + "host": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:geoadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "AA": { + "type": "boolean" + }, + "method": { + "index": "not_analyzed", + "type": "string" + }, + "enrichmentsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "query": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:city": { + "index": "not_analyzed", + "type": "string" + }, + "rcode": { + "type": "integer" + }, + "adapter:hostfromjsonlistadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "orig_mime_types": { + "type": "string" + }, + "RA": { + "type": "boolean" + }, + "RD": { + "type": "boolean" + }, + "orig_fuids": { + "type": "string" + }, + "proto": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "response_body_len": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "qtype_name": { + "index": "not_analyzed", + "type": "string" + }, + "status_code": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "threatinteljoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "qtype": { + "type": "integer" + }, + "rejected": { + "type": "boolean" + }, + "enrichmentsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "trans_id": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:latitude": { + "type": "float" + }, + "uid": { + "index": "not_analyzed", + "type": "string" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "trans_depth": { + "type": "integer" + }, + "ip_dst_addr": { + "type": "ip" + }, + "adapter:hostfromjsonlistadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "Z": { + "type": "integer" + }, + "ip_src_addr": { + "type": "ip" + }, + "threatintelsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:longitude": { + "type": "float" + }, + "qclass": { + "type": "integer" + }, + "user_agent": { + "type": "string" + }, + "resp_fuids": { + "type": "string" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "request_body_len": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "uri": { + "index": "not_analyzed", + "type": "string" + }, + "TC": { + "type": "boolean" + }, + "rcode_name": { + "index": "not_analyzed", + "type": "string" + }, + "referrer": { + "index": "not_analyzed", + "type": "string" + }, + "ip_src_port": { + "type": "integer" + }, + "status_msg": { + "index": "not_analyzed", + "type": "string" + }, + "threatintelsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + } + } + } + }, + "aliases": [] + }, + "snort_index_2017.04.12.06": { + "state": "open", + "settings": { + "index": { + "creation_date": "1491976802071", + "number_of_shards": "1", + "number_of_replicas": "0", + "uuid": "tFjSpODDQieyXBtFyrh5jA", + "version": { + "created": "2030399" + } + } + }, + "mappings": { + "snort_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "msg": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:location_point": { + "type": "geo_point" + }, + "dgmlen": { + "type": "integer" + }, + "enrichments:geo:ip_src_addr:longitude": { + "type": "float" + }, + "enrichmentjoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:geoadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpack": { + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "original_string": { + "type": "string" + }, + "adapter:geoadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "id": { + "type": "integer" + }, + "threat:triage:rules:0:score": { + "type": "long" + }, + "enrichments:geo:ip_src_addr:location_point": { + "type": "geo_point" + }, + "enrichmentsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "threat:triage:score": { + "type": "double" + }, + "enrichments:geo:ip_dst_addr:city": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:hostfromjsonlistadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "ethlen": { + "index": "not_analyzed", + "type": "string" + }, + "threat:triage:level": { + "type": "double" + }, + "adapter:threatinteladapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpflags": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "sig_rev": { + "type": "string" + }, + "threatinteljoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "ethsrc": { + "index": "not_analyzed", + "type": "string" + }, + "tcpseq": { + "type": "string" + }, + "enrichmentsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpwindow": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:latitude": { + "type": "float" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_addr": { + "type": "ip" + }, + "adapter:hostfromjsonlistadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tos": { + "type": "integer" + }, + "enrichments:geo:ip_src_addr:latitude": { + "type": "float" + }, + "ip_src_addr": { + "type": "ip" + }, + "threatintelsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:longitude": { + "type": "float" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "ethdst": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "is_alert": { + "type": "boolean" + }, + "enrichments:geo:ip_src_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "ttl": { + "type": "integer" + }, + "iplen": { + "type": "integer" + }, + "ip_src_port": { + "type": "integer" + }, + "threatintelsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "sig_id": { + "type": "integer" + }, + "sig_generator": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_src_addr:city": { + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "aliases": [] + }, + "bro_index_2017.04.20.09": { + "state": "open", + "settings": { + "index": { + "creation_date": "1492678803304", + "number_of_shards": "1", + "number_of_replicas": "0", + "uuid": "vXkirib7S0GB3Oo3Dd8I-g", + "version": { + "created": "2030399" + } + } + }, + "mappings": { + "bro_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "TTLs": { + "type": "double" + }, + "bro_timestamp": { + "type": "string" + }, + "qclass_name": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:location_point": { + "type": "geo_point" + }, + "answers": { + "type": "ip" + }, + "enrichmentjoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "adapter:geoadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "resp_mime_types": { + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "original_string": { + "type": "string" + }, + "host": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:geoadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "AA": { + "type": "boolean" + }, + "method": { + "index": "not_analyzed", + "type": "string" + }, + "enrichmentsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "query": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:city": { + "index": "not_analyzed", + "type": "string" + }, + "rcode": { + "type": "integer" + }, + "adapter:hostfromjsonlistadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "orig_mime_types": { + "type": "string" + }, + "RA": { + "type": "boolean" + }, + "RD": { + "type": "boolean" + }, + "orig_fuids": { + "type": "string" + }, + "proto": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "guid": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "response_body_len": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "qtype_name": { + "index": "not_analyzed", + "type": "string" + }, + "status_code": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "threatinteljoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "qtype": { + "type": "integer" + }, + "rejected": { + "type": "boolean" + }, + "enrichmentsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "trans_id": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:latitude": { + "type": "float" + }, + "uid": { + "index": "not_analyzed", + "type": "string" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "trans_depth": { + "type": "integer" + }, + "ip_dst_addr": { + "type": "ip" + }, + "adapter:hostfromjsonlistadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "Z": { + "type": "integer" + }, + "ip_src_addr": { + "type": "ip" + }, + "threatintelsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:longitude": { + "type": "float" + }, + "qclass": { + "type": "integer" + }, + "user_agent": { + "type": "string" + }, + "resp_fuids": { + "type": "string" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "request_body_len": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "uri": { + "index": "not_analyzed", + "type": "string" + }, + "TC": { + "type": "boolean" + }, + "rcode_name": { + "index": "not_analyzed", + "type": "string" + }, + "referrer": { + "index": "not_analyzed", + "type": "string" + }, + "ip_src_port": { + "type": "integer" + }, + "status_msg": { + "index": "not_analyzed", + "type": "string" + }, + "threatintelsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + } + } + } + }, + "aliases": [] + }, + "snort_index_2017.04.12.05": { + "state": "open", + "settings": { + "index": { + "creation_date": "1491976189367", + "number_of_shards": "1", + "number_of_replicas": "0", + "uuid": "26c095PYRs-dmAjaf8VQcg", + "version": { + "created": "2030399" + } + } + }, + "mappings": { + "snort_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "msg": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:location_point": { + "type": "geo_point" + }, + "dgmlen": { + "type": "integer" + }, + "enrichments:geo:ip_src_addr:longitude": { + "type": "float" + }, + "enrichmentjoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:geoadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpack": { + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "original_string": { + "type": "string" + }, + "adapter:geoadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "id": { + "type": "integer" + }, + "threat:triage:rules:0:score": { + "type": "long" + }, + "enrichments:geo:ip_src_addr:location_point": { + "type": "geo_point" + }, + "enrichmentsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "threat:triage:score": { + "type": "double" + }, + "enrichments:geo:ip_dst_addr:city": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:hostfromjsonlistadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "ethlen": { + "index": "not_analyzed", + "type": "string" + }, + "threat:triage:level": { + "type": "double" + }, + "adapter:threatinteladapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpflags": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "sig_rev": { + "type": "string" + }, + "threatinteljoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "ethsrc": { + "index": "not_analyzed", + "type": "string" + }, + "tcpseq": { + "type": "string" + }, + "enrichmentsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpwindow": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:latitude": { + "type": "float" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_addr": { + "type": "ip" + }, + "adapter:hostfromjsonlistadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tos": { + "type": "integer" + }, + "enrichments:geo:ip_src_addr:latitude": { + "type": "float" + }, + "ip_src_addr": { + "type": "ip" + }, + "threatintelsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:longitude": { + "type": "float" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "ethdst": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "is_alert": { + "type": "boolean" + }, + "enrichments:geo:ip_src_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "ttl": { + "type": "integer" + }, + "iplen": { + "type": "integer" + }, + "ip_src_port": { + "type": "integer" + }, + "threatintelsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "sig_id": { + "type": "integer" + }, + "sig_generator": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_src_addr:city": { + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "aliases": [] + }, + "bro_index_2017.04.10.06": { + "state": "open", + "settings": { + "index": { + "creation_date": "1491804002071", + "number_of_shards": "1", + "number_of_replicas": "0", + "uuid": "IAKq3ZP2ShOd_CJtIPxP4w", + "version": { + "created": "2030399" + } + } + }, + "mappings": { + "bro_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "TTLs": { + "type": "double" + }, + "bro_timestamp": { + "type": "string" + }, + "qclass_name": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:location_point": { + "type": "geo_point" + }, + "answers": { + "type": "ip" + }, + "enrichmentjoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "adapter:geoadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "resp_mime_types": { + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "original_string": { + "type": "string" + }, + "host": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:geoadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "AA": { + "type": "boolean" + }, + "method": { + "index": "not_analyzed", + "type": "string" + }, + "enrichmentsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "query": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:city": { + "index": "not_analyzed", + "type": "string" + }, + "rcode": { + "type": "integer" + }, + "adapter:hostfromjsonlistadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "orig_mime_types": { + "type": "string" + }, + "RA": { + "type": "boolean" + }, + "RD": { + "type": "boolean" + }, + "orig_fuids": { + "type": "string" + }, + "proto": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "response_body_len": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "qtype_name": { + "index": "not_analyzed", + "type": "string" + }, + "status_code": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "threatinteljoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "qtype": { + "type": "integer" + }, + "rejected": { + "type": "boolean" + }, + "enrichmentsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "trans_id": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:latitude": { + "type": "float" + }, + "uid": { + "index": "not_analyzed", + "type": "string" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "trans_depth": { + "type": "integer" + }, + "ip_dst_addr": { + "type": "ip" + }, + "adapter:hostfromjsonlistadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "Z": { + "type": "integer" + }, + "ip_src_addr": { + "type": "ip" + }, + "threatintelsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:longitude": { + "type": "float" + }, + "qclass": { + "type": "integer" + }, + "user_agent": { + "type": "string" + }, + "resp_fuids": { + "type": "string" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "request_body_len": { + "type": "integer" + }, + "enrichments:geo:ip_dst_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "uri": { + "index": "not_analyzed", + "type": "string" + }, + "TC": { + "type": "boolean" + }, + "rcode_name": { + "index": "not_analyzed", + "type": "string" + }, + "referrer": { + "index": "not_analyzed", + "type": "string" + }, + "ip_src_port": { + "type": "integer" + }, + "status_msg": { + "index": "not_analyzed", + "type": "string" + }, + "threatintelsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + } + } + } + }, + "aliases": [] + }, + "snort_index_2017.04.20.07": { + "state": "open", + "settings": { + "index": { + "creation_date": "1492671602744", + "number_of_shards": "1", + "number_of_replicas": "0", + "uuid": "VIwYNQJIRRO37rAyv1wRPg", + "version": { + "created": "2030399" + } + } + }, + "mappings": { + "snort_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "msg": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:location_point": { + "type": "geo_point" + }, + "dgmlen": { + "type": "integer" + }, + "enrichments:geo:ip_src_addr:longitude": { + "type": "float" + }, + "enrichmentjoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:geoadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpack": { + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "original_string": { + "type": "string" + }, + "adapter:geoadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "id": { + "type": "integer" + }, + "threat:triage:rules:0:score": { + "type": "long" + }, + "enrichments:geo:ip_src_addr:location_point": { + "type": "geo_point" + }, + "enrichmentsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "threat:triage:score": { + "type": "double" + }, + "enrichments:geo:ip_dst_addr:city": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:hostfromjsonlistadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "ethlen": { + "index": "not_analyzed", + "type": "string" + }, + "threat:triage:level": { + "type": "double" + }, + "adapter:threatinteladapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "guid": { + "type": "string" + }, + "tcpflags": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "sig_rev": { + "type": "string" + }, + "threatinteljoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "ethsrc": { + "index": "not_analyzed", + "type": "string" + }, + "tcpseq": { + "type": "string" + }, + "enrichmentsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpwindow": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:latitude": { + "type": "float" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_addr": { + "type": "ip" + }, + "adapter:hostfromjsonlistadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tos": { + "type": "integer" + }, + "enrichments:geo:ip_src_addr:latitude": { + "type": "float" + }, + "ip_src_addr": { + "type": "ip" + }, + "threatintelsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:longitude": { + "type": "float" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "ethdst": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "is_alert": { + "type": "boolean" + }, + "enrichments:geo:ip_src_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "ttl": { + "type": "integer" + }, + "iplen": { + "type": "integer" + }, + "ip_src_port": { + "type": "integer" + }, + "threatintelsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "sig_id": { + "type": "integer" + }, + "sig_generator": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_src_addr:city": { + "index": "not_analyzed", + "type": "string" + } + } + } + }, + "aliases": [] + }, + "snort_index_2017.04.10.06": { + "state": "open", + "settings": { + "index": { + "creation_date": "1491804000366", + "number_of_shards": "1", + "number_of_replicas": "0", + "uuid": "2Rn93W8WRBKM-ouvaPh7Cw", + "version": { + "created": "2030399" + } + } + }, + "mappings": { + "snort_doc": { + "dynamic_templates": [ + { + "geo_location_point": { + "mapping": { + "type": "geo_point" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:location_point" + } + }, + { + "geo_country": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:country" + } + }, + { + "geo_city": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:city" + } + }, + { + "geo_location_id": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:locID" + } + }, + { + "geo_dma_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:dmaCode" + } + }, + { + "geo_postal_code": { + "mapping": { + "index": "not_analyzed", + "type": "string" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:postalCode" + } + }, + { + "geo_latitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:latitude" + } + }, + { + "geo_longitude": { + "mapping": { + "type": "float" + }, + "match_mapping_type": "*", + "match": "enrichments:geo:*:longitude" + } + }, + { + "timestamps": { + "mapping": { + "format": "epoch_millis", + "type": "date" + }, + "match_mapping_type": "*", + "match": "*:ts" + } + } + ], + "_timestamp": { + "enabled": true + }, + "properties": { + "msg": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:location_point": { + "type": "geo_point" + }, + "dgmlen": { + "type": "integer" + }, + "enrichments:geo:ip_src_addr:longitude": { + "type": "float" + }, + "enrichmentjoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:geoadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpack": { + "type": "string" + }, + "protocol": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:threatinteladapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "original_string": { + "type": "string" + }, + "adapter:geoadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "id": { + "type": "integer" + }, + "threat:triage:rules:0:score": { + "type": "long" + }, + "enrichments:geo:ip_src_addr:location_point": { + "type": "geo_point" + }, + "enrichmentsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "threat:triage:score": { + "type": "double" + }, + "enrichments:geo:ip_dst_addr:city": { + "index": "not_analyzed", + "type": "string" + }, + "adapter:hostfromjsonlistadapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_src_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "ethlen": { + "index": "not_analyzed", + "type": "string" + }, + "threat:triage:level": { + "type": "double" + }, + "adapter:threatinteladapter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpflags": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:locID": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:dmaCode": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_port": { + "type": "integer" + }, + "sig_rev": { + "type": "string" + }, + "threatinteljoinbolt:joiner:ts": { + "format": "epoch_millis", + "type": "date" + }, + "ethsrc": { + "index": "not_analyzed", + "type": "string" + }, + "tcpseq": { + "type": "string" + }, + "enrichmentsplitterbolt:splitter:begin:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tcpwindow": { + "type": "string" + }, + "enrichments:geo:ip_dst_addr:latitude": { + "type": "float" + }, + "source:type": { + "index": "not_analyzed", + "type": "string" + }, + "ip_dst_addr": { + "type": "ip" + }, + "adapter:hostfromjsonlistadapter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "tos": { + "type": "integer" + }, + "enrichments:geo:ip_src_addr:latitude": { + "type": "float" + }, + "ip_src_addr": { + "type": "ip" + }, + "threatintelsplitterbolt:splitter:end:ts": { + "format": "epoch_millis", + "type": "date" + }, + "enrichments:geo:ip_dst_addr:longitude": { + "type": "float" + }, + "timestamp": { + "format": "epoch_millis", + "type": "date" + }, + "ethdst": { + "index": "not_analyzed", + "type": "string" + }, + "enrichments:geo:ip_dst_addr:postalCode": { + "index": "not_analyzed", + "type": "string" + }, + "is_alert": { + "type": "boolean" + }, + "enrichments:geo:ip_src_addr:country": { + "index": "not_analyzed", + "type": "string" + }, + "ttl": { + "type": "integer" + }, + "iplen": { + "type": "integer" + }, + "ip_src_port": { +
<TRUNCATED>
