diff options
Diffstat (limited to 'testSchemaFiles/security_event.json')
| -rw-r--r-- | testSchemaFiles/security_event.json | 3853 |
1 files changed, 3853 insertions, 0 deletions
diff --git a/testSchemaFiles/security_event.json b/testSchemaFiles/security_event.json new file mode 100644 index 0000000..8632905 --- /dev/null +++ b/testSchemaFiles/security_event.json @@ -0,0 +1,3853 @@ +{ + "type":"record", + "name":"security_event", + "namespace":"tsg_galaxy_v3", + "doc": + { + "primary_key":"common_log_id", + "partition_key":"common_recv_time", + "ttl":null, + "default_ttl":2592000, + "index_key": + [ + "common_log_id", + "common_recv_time", + "common_policy_id" + ], + "functions": + { + "$ref":"public_schema_info.json#/functions" + }, + "schema_query": + { + "dimensions": + [ + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_policy_id", + "common_action", + "common_sled_ip", + "common_device_id", + "common_client_location", + "common_server_location", + "common_subscriber_id", + "common_client_port", + "common_server_port", + "common_schema_type", + "common_l4_protocol", + "common_l7_protocol", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_client_asn", + "common_server_asn", + "common_start_time", + "common_end_time", + "common_imei", + "common_imsi", + "common_phone_number", + "common_app_label", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_referer", + "http_user_agent", + "ssl_sni", + "ssl_ja3_hash", + "ssl_passthrough_reason", + "ssl_client_side_version", + "ssl_server_side_version", + "ssl_cert_issuer", + "ssl_cert_subject", + "mail_account", + "mail_from", + "mail_to", + "quic_sni", + "quic_version" + ], + "metrics": + [ + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_subscriber_id", + "common_sled_ip", + "common_device_id", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_mirrored_pkts", + "common_mirrored_bytes", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_imei", + "common_imsi", + "common_phone_number", + "common_app_label", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_referer", + "http_user_agent", + "ssl_sni", + "ssl_ja3_hash", + "ssl_passthrough_reason", + "ssl_client_side_latency", + "ssl_server_side_latency", + "ssl_cert_issuer", + "ssl_cert_subject", + "mail_account", + "mail_from", + "mail_to", + "quic_sni" + ], + "filters": + [ + "common_policy_id", + "common_action", + "common_address_type", + "common_server_ip", + "common_client_ip", + "common_internal_ip", + "common_external_ip", + "common_client_port", + "common_server_port", + "common_client_location", + "common_server_location", + "common_subscriber_id", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_mirrored_pkts", + "common_mirrored_bytes", + "common_l4_protocol", + "common_l7_protocol", + "common_stream_dir", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_sled_ip", + "common_device_id", + "common_direction", + "common_schema_type", + "common_client_asn", + "common_server_asn", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_imei", + "common_imsi", + "common_phone_number", + "common_app_label", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_referer", + "http_user_agent", + "http_request_content_type", + "http_response_content_type", + "ssl_sni", + "ssl_ja3_hash", + "ssl_pinningst", + "ssl_intercept_state", + "ssl_passthrough_reason", + "ssl_client_side_version", + "ssl_server_side_version", + "ssl_cert_verify", + "ssl_client_side_latency", + "ssl_server_side_latency", + "ssl_cert_issuer", + "ssl_cert_subject", + "mail_account", + "mail_from", + "mail_to", + "mail_subject", + "quic_sni", + "quic_version" + ], + "references": + { + "$ref":"public_schema_info.json#/schema_query/references" + }, + "details": + { + "general": + [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "action": + [ + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region" + ], + "source": + [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number" + ], + "destination": + [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn" + ], + "application": + [ + "common_app_id", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": + [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": + [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file" + ] + + } + + }, + "schema_type": + { + "BASE": + { + "$ref":"public_schema_info.json#/schema_type/BASE" + }, + "HTTP": + { + "$ref":"public_schema_info.json#/schema_type/HTTP" + }, + "MAIL": + { + "$ref":"public_schema_info.json#/schema_type/MAIL" + }, + "DNS": + { + "$ref":"public_schema_info.json#/schema_type/DNS" + }, + "SSL": + { + "$ref":"public_schema_info.json#/schema_type/SSL" + }, + "QUIC": + { + "$ref":"public_schema_info.json#/schema_type/QUIC" + }, + "FTP": + { + "$ref":"public_schema_info.json#/schema_type/FTP" + }, + "BGP": + { + "$ref":"public_schema_info.json#/schema_type/BGP" + }, + "SIP": + { + "$ref":"public_schema_info.json#/schema_type/SIP" + }, + "RTP": + { + "$ref":"public_schema_info.json#/schema_type/RTP" + }, + "APP": + { + "$ref":"public_schema_info.json#/schema_type/APP" + }, + "SSH": + { + "$ref":"public_schema_info.json#/schema_type/SSH" + }, + "Stratum": + { + "$ref":"public_schema_info.json#/schema_type/Stratum" + }, + "RDP": + { + "$ref":"public_schema_info.json#/schema_type/RDP" + } + + }, + "default_columns": + [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "common_schema_type" + ], + "internal_columns": + [ + "common_recv_time", + "common_log_id", + "common_processing_time", + "common_ingestion_time", + "common_userdefine_app_name", + "common_tunnels", + "common_packet_capture_file", + "http_request_body", + "http_response_body", + "mail_eml_file", + "rtp_pcap_path" + ], + "tunnel_type": + { + "$ref":"public_schema_info.json#/tunnel_type" + } + + }, + "fields": + [ + { + "name":"common_recv_time", + "label":"Receive Time", + "doc": + { + "constraints": + { + "type":"timestamp" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_log_id", + "label":"Log ID", + "doc": + { + "format": + { + "functions":"snowflake_id" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_policy_id", + "label":"Policy ID", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_subscriber_id", + "label":"Subscriber ID", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_imei", + "label":"IMEI", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_imsi", + "label":"IMSI", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_phone_number", + "label":"Phone Number", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_client_ip", + "label":"Client IP", + "doc": + { + "constraints": + { + "type":"ip" + }, + "format": + { + "functions":"geo_asn,radius_match", + "appendTo":"common_client_asn,common_subscriber_id" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_internal_ip", + "label":"Internal IP", + "doc": + { + "constraints": + { + "type":"ip" + }, + "format": + { + "functions":"if", + "param":"$.common_direction=69,$.common_client_ip,$.common_server_ip" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_client_port", + "label":"Client Port", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_l4_protocol", + "label":"L4 Protocol", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_address_type", + "label":"Address Type", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"4", + "value":"ipv4" + }, + { + "code":"6", + "value":"ipv6" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_server_ip", + "label":"Server IP", + "doc": + { + "constraints": + { + "type":"ip" + }, + "format": + { + "functions":"geo_asn", + "appendTo":"common_server_asn" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_server_port", + "label":"Server Port", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_external_ip", + "label":"External IP", + "doc": + { + "constraints": + { + "type":"ip" + }, + "format": + { + "functions":"if", + "param":"$.common_direction=73,$.common_client_ip,$.common_server_ip" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_action", + "label":"Action", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"1", + "value":"Monitor" + }, + { + "code":"2", + "value":"Intercept" + }, + { + "code":"16", + "value":"Deny" + }, + { + "code":"128", + "value":"Allow" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_direction", + "label":"Direction", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"69", + "value":"outbound" + }, + { + "code":"73", + "value":"inbound" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_entrance_id", + "label":"Entrance ID", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_sled_ip", + "label":"Sled IP", + "doc": + { + "constraints": + { + "type":"ip" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_client_location", + "label":"Client Location", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_client_asn", + "label":"Client ASN", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_server_location", + "label":"Server Location", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_server_asn", + "label":"Server ASN", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_sessions", + "label":"Sessions", + "doc": + { + "format": + { + "functions":"set_value", + "param":"1" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_c2s_pkt_num", + "label":"Packets Sent", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_pkt_num", + "label":"Packets Received", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_c2s_byte_num", + "label":"Bytes Sent", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_byte_num", + "label":"Bytes Received", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_c2s_pkt_diff", + "label":"Packets Sent (Delta)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_pkt_diff", + "label":"Packets Received (Delta)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_c2s_byte_diff", + "label":"Bytes Sent (Delta)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_byte_diff", + "label":"Bytes Received (Delta)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_service", + "label":"Service", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_schema_type", + "label":"Schema Type", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"BASE", + "value":"BASE" + }, + { + "code":"HTTP", + "value":"HTTP" + }, + { + "code":"MAIL", + "value":"MAIL" + }, + { + "code":"DNS", + "value":"DNS" + }, + { + "code":"SSL", + "value":"SSL" + }, + { + "code":"QUIC", + "value":"QUIC" + }, + { + "code":"FTP", + "value":"FTP" + }, + { + "code":"SIP", + "value":"SIP" + }, + { + "code":"RTP", + "value":"RTP" + }, + { + "code":"SSH", + "value":"SSH" + }, + { + "code":"Stratum", + "value":"Stratum" + }, + { + "code":"RDP", + "value":"RDP" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_user_tags", + "label":"User Tags", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_sub_action", + "label":"Sub Action", + "doc": + { + "data": + [ + { + "code":"allow", + "value":"Allow" + }, + { + "code":"deny", + "value":"Deny" + }, + { + "code":"monitor", + "value":"Monitor" + }, + { + "code":"replace", + "value":"Replace" + }, + { + "code":"redirect", + "value":"Redirect" + }, + { + "code":"insert", + "value":"Insert" + }, + { + "code":"hijack", + "value":"Hijack" + } + + ], + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_user_region", + "label":"User Region", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_device_id", + "label":"Device ID", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_egress_link_id", + "label":"Egress Link ID", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_ingress_link_id", + "label":"Ingress Link ID", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_isp", + "label":"ISP", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_device_tag", + "label":"Device Tag", + "doc": + { + "visibility":"hidden", + "format": + { + "functions":"flattenSpec,flattenSpec", + "appendTo":"common_data_center,common_device_group", + "param":"$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" + }, + "ttl":null + }, + "type":"string" + }, + { + "name":"common_data_center", + "label":"Data Center", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + { + "$ref":"device_tag.json#", + "key":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value":"$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_device_group", + "label":"Device Group", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + { + "$ref":"device_tag.json#", + "key":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value":"$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_app_behavior", + "label":"Application Behavior", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_encapsulation", + "label":"Encapsulation", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + { + "$ref":"public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_app_label", + "label":"Application Label", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_tunnels", + "label":"Tunnels", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_protocol_label", + "label":"Protocol Label", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_app_id", + "label":"Application ID", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_userdefine_app_name", + "label":"User Define App Name", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_app_identify_info", + "label":"App Identity Info", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_app_surrogate_id", + "label":"Surrogate ID", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_l7_protocol", + "label":"L7 Protocol", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_service_category", + "label":"FQDN Category", + "doc": + { + "constraints": + { + "operator_functions":"has" + }, + "dict_location": + { + "path":"/v1/category/dict", + "key":"categoryId", + "value":"categoryName" + }, + "visibility":"enabled", + "ttl":null + }, + "type": + { + "type":"array", + "items":"int" + } + + }, + { + "name":"common_start_time", + "label":"Start Time", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"timestamp" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_end_time", + "label":"End Time", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"timestamp" + }, + "format": + { + "functions":"get_value", + "appendTo":"common_recv_time" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_establish_latency_ms", + "label":"TCP Handshake Latency (ms)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_con_duration_ms", + "label":"Duration (ms)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_stream_dir", + "label":"Stream Direction", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"1", + "value":"c2s" + }, + { + "code":"2", + "value":"s2c" + }, + { + "code":"3", + "value":"double" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_address_list", + "label":"Address List", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_has_dup_traffic", + "label":"Duplication Traffic", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + { + "$ref":"public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_stream_error", + "label":"Stream Error", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_stream_trace_id", + "label":"Session ID", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_link_info_c2s", + "label":"Link Info (c2s)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_link_info_s2c", + "label":"Link Info (s2c)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_packet_capture_file", + "label":"Packet Capture File", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"file" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"common_c2s_ipfrag_num", + "label":"Fragmentation Packets (c2s)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_ipfrag_num", + "label":"Fragmentation Packets (s2c)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_c2s_tcp_lostlen", + "label":"Sequence Gap Loss (c2s)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_tcp_lostlen", + "label":"Sequence Gap Loss (s2c)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_c2s_tcp_unorder_num", + "label":"Unordered Packets (c2s)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_tcp_unorder_num", + "label":"Unordered Packets (s2c)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_c2s_pkt_retrans", + "label":"Packet Retransmission (c2s)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_pkt_retrans", + "label":"Packet Retransmission (s2c)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_c2s_byte_retrans", + "label":"Byte Retransmission (c2s)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_s2c_byte_retrans", + "label":"Byte Retransmission (s2c)", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_tcp_client_isn", + "label":"TCP Client ISN", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_tcp_server_isn", + "label":"TCP Server ISN", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_first_ttl", + "label":"First TTL", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"common_processing_time", + "label":"Processing Time", + "doc": + { + "constraints": + { + "type":"timestamp" + }, + "format": + { + "functions":"current_timestamp" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_ingestion_time", + "label":"Ingestion Time", + "doc": + { + "constraints": + { + "type":"timestamp" + }, + "format": + { + "functions":"ingestion_time" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_mirrored_pkts", + "label":"Mirrored Packets", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"common_mirrored_bytes", + "label":"Mirrored Bytes", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"http_url", + "label":"HTTP.URL", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_host", + "label":"HTTP.Host", + "doc": + { + "format": + { + "functions":"sub_domain", + "appendTo":"http_domain" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_domain", + "label":"HTTP.Domain", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_line", + "label":"HTTP.Request Line", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_line", + "label":"HTTP.Response Line", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_header", + "label":"HTTP.Request Header", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_header", + "label":"HTTP.Response Header", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_content", + "label":"HTTP.Request Content", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_content_length", + "label":"HTTP.Request Content Length", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_content_type", + "label":"HTTP.Request Content Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_content", + "label":"HTTP.Response Content", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_content_length", + "label":"HTTP.Response Content Length", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_content_type", + "label":"HTTP.Response Content Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_body", + "label":"HTTP.Request Body", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"file" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_body", + "label":"HTTP.Response Body", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"file" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_request_body_key", + "label":"HTTP.Request Body Key", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_body_key", + "label":"HTTP.Response Body Key", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_proxy_flag", + "label":"HTTP.Proxy Flag", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"http_sequence", + "label":"HTTP.Sequence", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"http_snapshot", + "label":"HTTP.Snapshot", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_cookie", + "label":"HTTP.Cookie", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_referer", + "label":"HTTP.Referer", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_user_agent", + "label":"HTTP.User Agent", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_content_length", + "label":"HTTP.Content Length", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_content_type", + "label":"HTTP.Content Type", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_set_cookie", + "label":"HTTP.Set Cookie", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_version", + "label":"HTTP.Version", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"http_response_latency_ms", + "label":"HTTP.Response Latency (ms)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"http_action_file_size", + "label":"HTTP.Action File Size", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"http_session_duration_ms", + "label":"HTTP.Session Duration (ms)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"long" + }, + { + "name":"mail_protocol_type", + "label":"Mail.Protocol Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_account", + "label":"Mail.Account", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_from_cmd", + "label":"Mail.From CMD", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_to_cmd", + "label":"Mail.To CMD", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_from", + "label":"Mail.From", + "doc": + { + "constraints": + { + "type":"email" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_to", + "label":"Mail.To", + "doc": + { + "constraints": + { + "type":"email" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_cc", + "label":"Mail.CC", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_bcc", + "label":"Mail.BCC", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_subject", + "label":"Mail.Subject", + "doc": + { + "format": + { + "functions":"decode_of_base64", + "param":"$.mail_subject_charset" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_subject_charset", + "label":"Mail.Subject Charset", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_content", + "label":"Mail.Content", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_content_charset", + "label":"Mail.Content Charset", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_attachment_name", + "label":"Mail.Attachment", + "doc": + { + "format": + { + "functions":"decode_of_base64", + "param":"$.mail_attachment_name_charset" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_attachment_name_charset", + "label":"Mail.Attachment Charset", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_attachment_content", + "label":"Mail.Attachment Content", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_eml_file", + "label":"Mail.EML File", + "doc": + { + "constraints": + { + "type":"file" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"mail_snapshot", + "label":"Mail.Snapshot", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"dns_message_id", + "label":"DNS.Message ID", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_qr", + "label":"DNS.QR", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"QUERY" + }, + { + "code":"1", + "value":"RESPONSE" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_opcode", + "label":"DNS.OPCODE", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"QUERY" + }, + { + "code":"1", + "value":"IQUERY" + }, + { + "code":"2", + "value":"STATUS" + }, + { + "code":"5", + "value":"UPDATE" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_aa", + "label":"DNS.AA", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_tc", + "label":"DNS.TC", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_rd", + "label":"DNS.RD", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_ra", + "label":"DNS.RA", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_rcode", + "label":"DNS.RCODE", + "doc": + { + "data": + [ + { + "code":0, + "value":"NoError" + }, + { + "code":1, + "value":"FormErr" + }, + { + "code":2, + "value":"ServFail" + }, + { + "code":3, + "value":"NXDomain" + }, + { + "code":4, + "value":"NotImp" + }, + { + "code":5, + "value":"Refused" + }, + { + "code":6, + "value":"YXDomain" + }, + { + "code":7, + "value":"YXRRSet" + }, + { + "code":8, + "value":"NXRRSet" + }, + { + "code":9, + "value":"NotAuth" + }, + { + "code":10, + "value":"NotZone" + }, + { + "code":16, + "value":"BADSIG" + }, + { + "code":17, + "value":"BADKEY" + }, + { + "code":18, + "value":"BADTIME" + }, + { + "code":19, + "value":"BADMODE" + }, + { + "code":20, + "value":"BADNAME" + }, + { + "code":21, + "value":"BADALG" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_qdcount", + "label":"DNS.QDCOUNT", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_ancount", + "label":"DNS.ANCOUNT", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_nscount", + "label":"DNS.NSCOUNT", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_arcount", + "label":"DNS.ARCOUNT", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_qname", + "label":"DNS.QNAME", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"dns_qtype", + "label":"DNS.QTYPE", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"1", + "value":"A" + }, + { + "code":"2", + "value":"NS" + }, + { + "code":"3", + "value":"MD" + }, + { + "code":"4", + "value":"MF" + }, + { + "code":"5", + "value":"CNAME" + }, + { + "code":"6", + "value":"SOA" + }, + { + "code":"7", + "value":"MB" + }, + { + "code":"8", + "value":"MG" + }, + { + "code":"9", + "value":"MR" + }, + { + "code":"10", + "value":"NULL" + }, + { + "code":"11", + "value":"WKS" + }, + { + "code":"12", + "value":"PTR" + }, + { + "code":"13", + "value":"HINFO" + }, + { + "code":"14", + "value":"MINFO" + }, + { + "code":"15", + "value":"MX" + }, + { + "code":"16", + "value":"TXT" + }, + { + "code":"17", + "value":"RP" + }, + { + "code":"18", + "value":"AFSDB" + }, + { + "code":"19", + "value":"X25" + }, + { + "code":"20", + "value":"ISDN" + }, + { + "code":"21", + "value":"RT" + }, + { + "code":"22", + "value":"NSAP" + }, + { + "code":"23", + "value":"NSAP" + }, + { + "code":"24", + "value":"SIG" + }, + { + "code":"25", + "value":"KEY" + }, + { + "code":"26", + "value":"PX" + }, + { + "code":"27", + "value":"GPOS" + }, + { + "code":"28", + "value":"AAAA" + }, + { + "code":"29", + "value":"LOC" + }, + { + "code":"30", + "value":"EID" + }, + { + "code":"31", + "value":"NIMLOC" + }, + { + "code":"32", + "value":"NB" + }, + { + "code":"33", + "value":"SRV" + }, + { + "code":"34", + "value":"ATMA" + }, + { + "code":"35", + "value":"NAPTR" + }, + { + "code":"36", + "value":"KX" + }, + { + "code":"37", + "value":"CERT" + }, + { + "code":"38", + "value":"A6" + }, + { + "code":"39", + "value":"DNAME" + }, + { + "code":"40", + "value":"SINK" + }, + { + "code":"41", + "value":"OPT" + }, + { + "code":"42", + "value":"APL" + }, + { + "code":"43", + "value":"DS" + }, + { + "code":"44", + "value":"SSHFP" + }, + { + "code":"45", + "value":"IPSECKEY" + }, + { + "code":"46", + "value":"RRSIG" + }, + { + "code":"47", + "value":"NSEC" + }, + { + "code":"48", + "value":"DNSKEY" + }, + { + "code":"49", + "value":"DHCID" + }, + { + "code":"50", + "value":"NSEC3" + }, + { + "code":"51", + "value":"NSEC3PARAM" + }, + { + "code":"52", + "value":"TLSA" + }, + { + "code":"53", + "value":"SMIMEA" + }, + { + "code":"55", + "value":"HIP" + }, + { + "code":"59", + "value":"CDS" + }, + { + "code":"60", + "value":"CDNSKEY" + }, + { + "code":"61", + "value":"OPENPGPKEY" + }, + { + "code":"62", + "value":"CSYNC" + }, + { + "code":"63", + "value":"ZONEMD" + }, + { + "code":"64", + "value":"SVCB" + }, + { + "code":"65", + "value":"HTTPS" + }, + { + "code":"99", + "value":"SPF" + }, + { + "code":"100", + "value":"UINFO" + }, + { + "code":"101", + "value":"UID" + }, + { + "code":"102", + "value":"GID" + }, + { + "code":"103", + "value":"UNSPEC" + }, + { + "code":"108", + "value":"EUI48" + }, + { + "code":"109", + "value":"EUI64" + }, + { + "code":"249", + "value":"TKEY" + }, + { + "code":"250", + "value":"TSIG" + }, + { + "code":"251", + "value":"IXFR" + }, + { + "code":"252", + "value":"AXFR" + }, + { + "code":"253", + "value":"MAILB" + }, + { + "code":"254", + "value":"MAILA" + }, + { + "code":"255", + "value":"*" + }, + { + "code":"256", + "value":"URI" + }, + { + "code":"257", + "value":"CAA" + }, + { + "code":"32768", + "value":"TA" + }, + { + "code":"32769", + "value":"DLV" + }, + { + "code":"65521", + "value":"INTEGRITY" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_qclass", + "label":"DNS.QCLASS", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_cname", + "label":"DNS.CNAME", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"dns_sub", + "label":"DNS.SUB", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"1", + "value":"DNS" + }, + { + "code":"2", + "value":"DNSSEC" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"dns_rr", + "label":"DNS.RR", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"dns_response_latency_ms", + "label":"DNS.Response Latency (ms)", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"ssl_version", + "label":"SSL.Version", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_sni", + "label":"SSL.SNI", + "doc": + { + "format": + { + "functions":"sub_domain", + "appendTo":"http_domain" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_san", + "label":"SSL.SAN", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_cn", + "label":"SSL.CN", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_pinningst", + "label":"SSL.Pinning", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"Not Pinning" + }, + { + "code":"1", + "value":"Pinning" + }, + { + "code":"2", + "value":"Maybe Pinning" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"ssl_intercept_state", + "label":"SSL.Intercept State", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"Passthrough" + }, + { + "code":"1", + "value":"Intercept" + }, + { + "code":"2", + "value":"Shutdown" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"ssl_passthrough_reason", + "label":"SSL.Passthrough Reason", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_server_side_latency", + "label":"SSL.Server Side Latency (ms)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"ssl_client_side_latency", + "label":"SSL.Client Side Latency (ms)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"ssl_server_side_version", + "label":"SSL.Server Side Version", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_client_side_version", + "label":"SSL.Client Side Version", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_cert_verify", + "label":"SSL.Certificate Verify", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"No" + }, + { + "code":"1", + "value":"Yes" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"ssl_error", + "label":"SSL.Error", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_con_latency_ms", + "label":"SSL.Handshake Latency (ms)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"ssl_ja3_fingerprint", + "label":"SSL.JA3", + "doc": + { + "visibility":"hidden", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_ja3_hash", + "label":"SSL.JA3 hash", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_cert_issuer", + "label":"SSL.Issuer", + "doc": + { + "constraints": + { + "type":"items" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssl_cert_subject", + "label":"SSL.Subject", + "doc": + { + "constraints": + { + "type":"items" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"quic_version", + "label":"Quic.Version", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"quic_sni", + "label":"Quic.SNI", + "doc": + { + "format": + { + "functions":"sub_domain", + "appendTo":"http_domain" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"quic_user_agent", + "label":"Quic.User Agent", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ftp_account", + "label":"FTP.Account", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ftp_url", + "label":"FTP.URL", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ftp_content", + "label":"FTP.Content", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ftp_link_type", + "label":"FTP.Link Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"bgp_type", + "label":"BGP.Type", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"bgp_as_num", + "label":"BGP.AS Number", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"bgp_route", + "label":"BGP.Route", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"voip_calling_account", + "label":"VoIP.Calling Account", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"voip_called_account", + "label":"VoIP.Called Account", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"voip_calling_number", + "label":"VoIP.Calling Number", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"voip_called_number", + "label":"VoIP.Called Number", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"streaming_media_url", + "label":"Streaming.Media URL", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"streaming_media_protocol", + "label":"Streaming.Media Protocol", + "doc": + { + "visibility":"disabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"app_extra_info", + "label":"APP.Extra Info", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_call_id", + "label":"SIP.Call-ID", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_originator_description", + "label":"SIP.Originator", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_responder_description", + "label":"SIP.Responder", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_user_agent", + "label":"SIP.User-Agent", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_server", + "label":"SIP.Server", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_originator_sdp_connect_ip", + "label":"SIP.Originator IP", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_originator_sdp_media_port", + "label":"SIP.Originator Port", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"sip_originator_sdp_media_type", + "label":"SIP.Originator Media Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_originator_sdp_content", + "label":"SIP.Originator Content", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_responder_sdp_connect_ip", + "label":"SIP.Responder IP", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_responder_sdp_media_port", + "label":"SIP.Responder Port", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"sip_responder_sdp_media_type", + "label":"SIP.Responder Media Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_responder_sdp_content", + "label":"SIP.Responder Content", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"sip_duration_s", + "label":"SIP.Duration (s)", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"sip_bye", + "label":"SIP.Bye", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rtp_payload_type_c2s", + "label":"RTP.Payload Type (c2s)", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"PCMU" + }, + { + "code":"1", + "value":"1016" + }, + { + "code":"2", + "value":"G721" + }, + { + "code":"3", + "value":"GSM" + }, + { + "code":"4", + "value":"G723" + }, + { + "code":"5", + "value":"DVI4_8000" + }, + { + "code":"6", + "value":"DVI4_16000" + }, + { + "code":"7", + "value":"LPC" + }, + { + "code":"8", + "value":"PCMA" + }, + { + "code":"9", + "value":"G722" + }, + { + "code":"10", + "value":"L16_STEREO" + }, + { + "code":"11", + "value":"L16_MONO" + }, + { + "code":"12", + "value":"QCELP" + }, + { + "code":"13", + "value":"CN" + }, + { + "code":"14", + "value":"MPA" + }, + { + "code":"15", + "value":"G728" + }, + { + "code":"16", + "value":"DVI4_11025" + }, + { + "code":"17", + "value":"DVI4_22050" + }, + { + "code":"18", + "value":"G729" + }, + { + "code":"19", + "value":"CN_OLD" + }, + { + "code":"25", + "value":"CELB" + }, + { + "code":"26", + "value":"JPEG" + }, + { + "code":"28", + "value":"NV" + }, + { + "code":"31", + "value":"H261" + }, + { + "code":"32", + "value":"MPV" + }, + { + "code":"33", + "value":"MP2T" + }, + { + "code":"34", + "value":"H263" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"rtp_payload_type_s2c", + "label":"RTP.Payload Type (s2c)", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"PCMU" + }, + { + "code":"1", + "value":"1016" + }, + { + "code":"2", + "value":"G721" + }, + { + "code":"3", + "value":"GSM" + }, + { + "code":"4", + "value":"G723" + }, + { + "code":"5", + "value":"DVI4_8000" + }, + { + "code":"6", + "value":"DVI4_16000" + }, + { + "code":"7", + "value":"LPC" + }, + { + "code":"8", + "value":"PCMA" + }, + { + "code":"9", + "value":"G722" + }, + { + "code":"10", + "value":"L16_STEREO" + }, + { + "code":"11", + "value":"L16_MONO" + }, + { + "code":"12", + "value":"QCELP" + }, + { + "code":"13", + "value":"CN" + }, + { + "code":"14", + "value":"MPA" + }, + { + "code":"15", + "value":"G728" + }, + { + "code":"16", + "value":"DVI4_11025" + }, + { + "code":"17", + "value":"DVI4_22050" + }, + { + "code":"18", + "value":"G729" + }, + { + "code":"19", + "value":"CN_OLD" + }, + { + "code":"25", + "value":"CELB" + }, + { + "code":"26", + "value":"JPEG" + }, + { + "code":"28", + "value":"NV" + }, + { + "code":"31", + "value":"H261" + }, + { + "code":"32", + "value":"MPV" + }, + { + "code":"33", + "value":"MP2T" + }, + { + "code":"34", + "value":"H263" + } + + ], + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"rtp_pcap_path", + "label":"RTP.PCAP", + "doc": + { + "allow_query":"false", + "constraints": + { + "type":"file" + }, + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rtp_originator_dir", + "label":"RTP.Direction", + "doc": + { + "constraints": + { + "operator_functions":"=,!=" + }, + "data": + [ + { + "code":"0", + "value":"unknown" + }, + { + "code":"1", + "value":"c2s" + }, + { + "code":"2", + "value":"s2c" + } + + ], + "visibility":"hidden", + "ttl":null + }, + "type":"int" + }, + { + "name":"ssh_version", + "label":"SSH.Version", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_auth_success", + "label":"SSH.Authentication Result", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_client_version", + "label":"SSH.Client Version", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_server_version", + "label":"SSH.Server Version", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_cipher_alg", + "label":"SSH.Encryption Algorithm", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_mac_alg", + "label":"SSH.Signing Algorithm", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_compression_alg", + "label":"SSH.Compression Algorithm", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_kex_alg", + "label":"SSH. Key Exchange Algorithm", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_host_key_alg", + "label":"SSH.Server Host Key Algorithm", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_host_key", + "label":"SSH.Server Key Fingerprint", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"ssh_hassh", + "label":"SSH.HASSH", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"stratum_cryptocurrency", + "label":"Stratum.Cryptocurrency", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"stratum_mining_pools", + "label":"Stratum.Mining Pools", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"stratum_mining_program", + "label":"Stratum.Mining Program", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_cookie", + "label":"RDP.Cookie", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_security_protocol", + "label":"RDP.Security Protocol", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_client_channels", + "label":"RDP.Client Channels", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_keyboard_layout", + "label":"RDP.Keyboard Layout", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_client_version", + "label":"RDP.Client Version", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_client_name", + "label":"RDP.Client Name", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_client_product_id", + "label":"RDP.Client Product ID", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_desktop_width", + "label":"RDP. Desktop Width", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_desktop_height", + "label":"RDP.Desktop Height", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_requested_color_depth", + "label":"RDP.Requested Color Depth", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_certificate_type", + "label":"RDP.Certificate Type", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_certificate_count", + "label":"RDP.Certificate Count", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"rdp_certificate_permanent", + "label":"RDP.Certificate Permanent", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"int" + }, + { + "name":"rdp_encryption_level", + "label":"RDP.Encryption Level", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + }, + { + "name":"rdp_encryption_method", + "label":"RDP.Encryption Method", + "doc": + { + "visibility":"enabled", + "ttl":null + }, + "type":"string" + } + + ] + +}
\ No newline at end of file |