diff --git a/README.md b/README.md
index 5c779807..a7580c5c 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ Networks Firewall
#### Latest Version ####
* Splunk Version: 6.x
-* App Version: 4.1
-* Last Modified: Apr 2013
+* App Version: 4.1.1
+* Last Modified: May 2014
* Authors:
* Monzy Merza - Splunk, Inc.
* Brian Torres-Gil - Palo Alto Networks
@@ -93,9 +93,18 @@ If you have customized the built-in dashboards of a previous app version, then t
## What's new in this version ##
-Version 4.1
+If upgrading from 3.x, please read the __Upgrade Notes__ above.
+
+Version 4.1.1
-If upgrading from a previous version, please read the __Upgrade Notes__ above.
+- Handle new fields in latest PAN-OS syslogs and WildFire reports
+- Significant improvements to indexing efficiency
+- Improved handling of Dynamic Address Group tagging
+- Improvements and minor updates for Splunk 6.1.x
+- Fix minor dashboard issues
+- Fix minor field parsing issue
+
+Version 4.1
- PAN-OS Data model including acceleration
- Data model accelerated dashboards (replaces TSIDX-based dashboards)
diff --git a/appserver/static/dashboard.css b/appserver/static/dashboard.css
index 06eb7af5..2696bef9 100644
--- a/appserver/static/dashboard.css
+++ b/appserver/static/dashboard.css
@@ -25,10 +25,11 @@
}
*/
-/* Shrink the form text inputs*/
-input, textarea, .uneditable-input {
+/* Shrink the form text inputs */
+/* Removed because Splunk 6.1 spaces the fields differently */
+/*input, textarea, .uneditable-input {
width: 120px;
-}
+}*/
/* Make the Search button on each dashboard blue instead of green */
diff --git a/bin/lib/pan/commit.py b/bin/lib/pan/commit.py
index 6a593617..f366ff99 100644
--- a/bin/lib/pan/commit.py
+++ b/bin/lib/pan/commit.py
@@ -17,7 +17,7 @@
from __future__ import print_function
import sys
-valid_part = set([
+_valid_part = set([
'device-and-network-excluded',
'policy-and-objects-excluded',
'shared-object-excluded',
diff --git a/bin/lib/pan/xapi.py b/bin/lib/pan/xapi.py
index e1bd4a10..e504b42f 100644
--- a/bin/lib/pan/xapi.py
+++ b/bin/lib/pan/xapi.py
@@ -322,6 +322,21 @@ def __get_response_msg(self):
lines = []
# XML API response message formats are not documented
+
+ # type=user-id register and unregister
+ path = './msg/line/uid-response/payload/*/entry'
+ elem = self.element_root.findall(path)
+ if len(elem) > 0:
+ if self.debug2:
+ print('path:', path, elem, file=sys.stderr)
+ for line in elem:
+ msg = ''
+ for key in line.keys():
+ msg += '%s: %s ' % (key, line.get(key))
+ if msg:
+ lines.append(msg.rstrip())
+ return '\n'.join(lines) if lines else None
+
path = './msg/line'
elem = self.element_root.findall(path)
if len(elem) > 0:
diff --git a/bin/panTag.py b/bin/panTag.py
index 0a8f369c..13fd1497 100644
--- a/bin/panTag.py
+++ b/bin/panTag.py
@@ -26,9 +26,9 @@
############################################
# How to Use this script
# in the example below, we are blocking all ip's returned by the search
-# example1: index=pan_logs 1.1.1.1 | stats dc(dst_ip) by dst_ip | panblock action="add" tag="malware-infected" device="1.0.0.1"
+# example1: index=pan_logs 1.1.1.1 | stats dc(dst_ip) by dst_ip | pantag action="add" tag="malware-infected" device="1.0.0.1"
# Adds a 'malware-infected' tag to the IP 1.1.1.1 on the firewall with ip 1.0.0.1
-# example2: index=pan_logs wine | stats dc(dst_ip) by dst_ip | panblock action="rem" group="shairpoint" device="sales-fw"
+# example2: index=pan_logs wine | stats dc(dst_ip) by dst_ip | pantag action="rem" group="shairpoint" device="sales-fw"
# Removes the 'shairpoint' tag from all dst_ip returned by the search on the firewall with hostname sales-fw
###########################################
@@ -40,35 +40,55 @@
###########################################
#############################
-# Change the values below to suit your PAN configuration
+# Change the values below to suit your PAN configuration, or
+# supply these values in the Splunk search bar.
+#
# WARNING!!!! Password is stored in clear text.
+# It is recommended to leave PANUSER and PANPASS commented out,
+# and user the app configuration screen to provide these instead.
#############################
+
# firewall IP. you can provide this via the device parameter
PAN = '192.168.4.100'
-# admin account for the PAN device
+
+# Admin account for the PAN device
#PANUSER = 'admin'
-# password for the admin user.
-# any special characters in the password must be URL/percent-encoded.
+
+# Password for the admin user.
+# Any special characters in the password must be URL/percent-encoded.
#PANPASS = 'admin'
+
# Defaults to vsys1. vsys substition is not supported at this time
VSYS = 'vsys1'
+
# Name of the address group for bad actors
TAG = 'bad-actor'
+
+# Add or Remove the tag (add or rem)
ACTION = 'add'
+
# This is a default actor.
ACTOR = '1.1.1.1'
-# The field to grab the IP from
-FIELD = None
+
# if you DO want to go through a proxy, e.g., HTTP_PROXY={squid:'2.2.2.2'}
HTTP_PROXY = {}
-# Fields that contain IP addresses and should be tagged if they exist
+
+# Default fields that contain IP addresses and should be tagged if they exist
IP_FIELDS = ['src_ip', 'dst_ip', 'ip']
+# Enable debugging (script is otherwise silent unless there is an error)
+DEBUG = False
+
#########################################################
# Do NOT modify anything below this line unless you are
# certain of the ramifications of the changes
#########################################################
+import splunk.mining.dcutils as dcu
+
+logger = dcu.getLogger().getChild('panTag')
+logger.setLevel(20)
+
try:
import splunk.Intersplunk # so you can interact with Splunk
import splunk.entity as entity # for splunk config info
@@ -76,23 +96,21 @@
import sys # for system params and sys.exit()
import os
import re # regular expressions checks in PAN messages
- import splunk.mining.dcutils as dcu
import traceback
libpath = os.path.dirname(os.path.abspath(__file__))
sys.path[:0] = [os.path.join(libpath, 'lib')]
import pandevice
+ import pan.xapi
except Exception, e:
- stack = traceback.format_exc()
+ stack = traceback.format_exc()
+ logger.warn(stack)
if isgetinfo:
splunk.Intersplunk.parseError(str(e))
-
results = splunk.Intersplunk.generateErrorResults(str(e))
- logger.warn(stack)
-logger = dcu.getLogger()
## Major props to Ledion. copying his function, verbatim and then adding comments and traceback and logging
@@ -106,7 +124,7 @@ def getCredentials(sessionKey):
# list all credentials
entities = entity.getEntities(['admin', 'passwords'], namespace=myapp, owner='nobody', sessionKey=sessionKey)
except Exception, e:
- stack = traceback.format_exc()
+ stack = traceback.format_exc()
logger.warn(stack)
logger.warn("entity exception")
raise Exception("Could not get %s credentials from splunk. Error: %s" % (myapp, str(e)))
@@ -131,6 +149,14 @@ def tag(device, add_remove, ip_addresses, tag):
args, kwargs = splunk.Intersplunk.getKeywordsAndOptions()
+
+if 'debug' in kwargs:
+ logger.info("Debugging enabled")
+ DEBUG = kwargs['debug']
+
+if DEBUG:
+ logger.setLevel(10)
+
#parse the kwargs for ACTION, VSYS, PAN
if kwargs.has_key('action'):
ACTION = kwargs['action']
@@ -145,7 +171,9 @@ def tag(device, add_remove, ip_addresses, tag):
if kwargs.has_key('tag'):
TAG = kwargs['tag']
if kwargs.has_key('field'):
- FIELD = kwargs['field']
+ field = kwargs['field']
+else:
+ field = None
# an empty dictionary. it will be used to hold system values
settings = dict()
@@ -167,8 +195,8 @@ def tag(device, add_remove, ip_addresses, tag):
try:
for result in results:
- if FIELD and FIELD in result:
- ADDRESSES.append(result[FIELD])
+ if field and field in result:
+ ADDRESSES.append(result[field])
else:
for field in IP_FIELDS:
if field in result:
@@ -180,13 +208,20 @@ def tag(device, add_remove, ip_addresses, tag):
tag(device, ACTION, ADDRESSES, TAG)
-except Exception, e:
- stack = traceback.format_exc()
- if isgetinfo:
+except pan.xapi.PanXapiError, e:
+ if re.search(r"tag [^ ]* already exists, ignore", str(e)):
+ pass
+ else:
+ stack = traceback.format_exc()
+ logger.warn(stack)
splunk.Intersplunk.parseError(str(e))
+ results = splunk.Intersplunk.generateErrorResults(str(e))
- results = splunk.Intersplunk.generateErrorResults(str(e))
+except Exception, e:
+ stack = traceback.format_exc()
logger.warn(stack)
+ splunk.Intersplunk.parseError(str(e))
+ results = splunk.Intersplunk.generateErrorResults(str(e))
# output results
splunk.Intersplunk.outputResults(results)
diff --git a/bin/retrieveNewApps.py b/bin/retrieveNewApps.py
index a69c64bc..2d350b8c 100644
--- a/bin/retrieveNewApps.py
+++ b/bin/retrieveNewApps.py
@@ -56,7 +56,8 @@ def retrieveNewApps():
sessionKey = settings['sessionKey']
try:
- DEBUG = True if 'debug' in kwargs else False
+ if 'debug' in kwargs:
+ DEBUG = kwargs['debug']
# setup the logger. $SPLUNK_HOME/var/log/splunk/python.log
logger = dcu.getLogger().getChild('retrieveNewApps')
diff --git a/bin/retrieveWildFireReport.py b/bin/retrieveWildFireReport.py
index 2ccfb76e..fdb78335 100644
--- a/bin/retrieveWildFireReport.py
+++ b/bin/retrieveWildFireReport.py
@@ -106,7 +106,7 @@ def retrieveWildFireData(apikey, serial, reportid):
# get the report
wfReportXml = retrieveWildFireData(PAN_WF_APIKEY, result['serial_number'], result['report_id']).read().strip()
# Add the report id to the XML for correlation to the original WildFire log from the firewall
- wfReportXml = wfReportXml.replace("", "\n "+result['report_id']+"", 1)
+ wfReportXml = wfReportXml.replace("", "\n"+result['report_id']+"", 1)
result['wildfire_report'] = wfReportXml
except:
logger.warn("Error retrieving WildFire report for report id: %s" % result['report_id'])
diff --git a/default/app.conf b/default/app.conf
index 59f61133..b1d91408 100755
--- a/default/app.conf
+++ b/default/app.conf
@@ -5,7 +5,7 @@ label = Splunk for Palo Alto Networks
[launcher]
author= btorres-gil@paloaltonetworks.com
description= The Splunk for Palo Alto Networks app is a set of field extractions, reports, lookups and dashboards which provide visibility into the Palo Alto Networks Firewall data.
-version = 4.1
+version = 4.1.1
[package]
id= SplunkforPaloAltoNetworks
diff --git a/default/data/models/pan_logs.json b/default/data/models/pan_logs.json
index f3173f4d..47dfcd34 100644
--- a/default/data/models/pan_logs.json
+++ b/default/data/models/pan_logs.json
@@ -1,4657 +1,37062 @@
{
+ "modelName": "pan_logs",
+ "displayName": "Palo Alto Networks Logs",
+ "description": "This datamodel represents all the syslogs produced by Palo Alto Networks devices. The datamodel is structured such that all logs are part of the first root event object so the entire datamodel is accelerated.",
+ "objectSummary": {
+ "Event-Based": 17,
+ "Transaction-Based": 0,
+ "Search-Based": 0
+ },
"objects": [
{
- "displayName": "All Logs",
+ "objectName": "log",
+ "displayName": "All Logs",
+ "parentName": "BaseEvent",
"fields": [
{
- "fieldName": "action",
- "required": false,
- "displayName": "action",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "action_flags",
- "required": false,
- "displayName": "action_flags",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "admin",
- "required": false,
- "displayName": "admin",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "app",
- "required": false,
- "displayName": "app",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "application",
- "required": false,
- "displayName": "application",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "bytes_received",
- "required": false,
- "displayName": "bytes_received",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "bytes_sent",
- "required": false,
- "displayName": "bytes_sent",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "category",
- "required": false,
- "displayName": "category",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "admin_ip",
- "required": false,
- "displayName": "admin_ip",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "admin_type",
- "required": false,
- "displayName": "admin_type",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "cmd",
- "required": false,
- "displayName": "cmd",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "command",
- "required": false,
- "displayName": "command",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "configuration_path",
- "required": false,
- "displayName": "configuration_path",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "content_type",
- "required": false,
- "displayName": "content_type",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "date_hour",
- "required": false,
- "displayName": "date_hour",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "date_mday",
- "required": false,
- "displayName": "date_mday",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "date_minute",
- "required": false,
- "displayName": "date_minute",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "date_month",
- "required": false,
- "displayName": "date_month",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "date_second",
- "required": false,
- "displayName": "date_second",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "date_wday",
- "required": false,
- "displayName": "date_wday",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "date_year",
- "required": false,
- "displayName": "date_year",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "date_zone",
- "required": false,
- "displayName": "date_zone",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "description",
- "required": false,
- "displayName": "description",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dest",
- "required": false,
- "displayName": "dest",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dest_ip",
- "required": false,
- "displayName": "dest_ip",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dest_port",
- "required": false,
- "displayName": "dest_port",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "direction",
- "required": false,
- "displayName": "direction",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dst_hostname",
- "required": false,
- "displayName": "dst_hostname",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dst_ip",
- "required": false,
- "displayName": "dst_ip",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dst_location",
- "required": false,
- "displayName": "dst_location",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dst_port",
- "required": false,
- "displayName": "dst_port",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "dst_user",
- "required": false,
- "displayName": "dst_user",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dst_zone",
- "required": false,
- "displayName": "dst_zone",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dvc",
- "required": false,
- "displayName": "dvc",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "egress_interface",
- "required": false,
- "displayName": "egress_interface",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "event_id",
- "required": false,
- "displayName": "event_id",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "eventtype",
- "required": false,
- "displayName": "eventtype",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "flags",
- "required": false,
- "displayName": "flags",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "generated_time",
- "required": false,
- "displayName": "generated_time",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "index",
- "required": false,
- "displayName": "index",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "ingress_interface",
- "required": false,
- "displayName": "ingress_interface",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "linecount",
- "required": false,
- "displayName": "linecount",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "log_forwarding_profile",
- "required": false,
- "displayName": "log_forwarding_profile",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "log_subtype",
- "required": false,
- "displayName": "log_subtype",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "log_type",
- "required": false,
- "displayName": "log_type",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "misc",
- "required": false,
- "displayName": "misc",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "module",
- "required": false,
- "displayName": "module",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "nat_dst_ip",
- "required": false,
- "displayName": "nat_dst_ip",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "nat_dst_port",
- "required": false,
- "displayName": "nat_dst_port",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "nat_src_ip",
- "required": false,
- "displayName": "nat_src_ip",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "nat_src_port",
- "required": false,
- "displayName": "nat_src_port",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "packets",
- "required": false,
- "displayName": "packets",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "packets_received",
- "required": false,
- "displayName": "packets_received",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "packets_sent",
- "required": false,
- "displayName": "packets_sent",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "path",
- "required": false,
- "displayName": "path",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "product",
- "required": false,
- "displayName": "product",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "protocol",
- "required": false,
- "displayName": "protocol",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "punct",
- "required": false,
- "displayName": "punct",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "receive_time",
- "required": false,
- "displayName": "receive_time",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "repeat_count",
- "required": false,
- "displayName": "repeat_count",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "result",
- "required": false,
- "displayName": "result",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "rule",
- "required": false,
- "displayName": "rule",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "rule_name",
- "required": false,
- "displayName": "rule_name",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "sequence_number",
- "required": false,
- "displayName": "sequence_number",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "serial",
- "required": false,
- "displayName": "serial",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "serial_number",
- "required": false,
- "displayName": "serial_number",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "session_id",
- "required": false,
- "displayName": "session_id",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "severity",
- "required": false,
- "displayName": "severity",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "splunk_server",
- "required": false,
- "displayName": "splunk_server",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "src",
- "required": false,
- "displayName": "src",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "src_ip",
- "required": false,
- "displayName": "src_ip",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "src_location",
- "required": false,
- "displayName": "src_location",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "src_port",
- "required": false,
- "displayName": "src_port",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "src_user",
- "required": false,
- "displayName": "src_user",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "src_zone",
- "required": false,
- "displayName": "src_zone",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "start_time",
- "required": false,
- "displayName": "start_time",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "tag",
- "required": false,
- "displayName": "tag",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "tag::eventtype",
- "required": false,
- "displayName": "tag::eventtype",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "report_id",
- "required": false,
- "displayName": "report_id",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "timeendpos",
- "required": false,
- "displayName": "timeendpos",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "timestartpos",
- "required": false,
- "displayName": "timestartpos",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "transport",
- "required": false,
- "displayName": "transport",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "type",
- "required": false,
- "displayName": "type",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "vendor",
- "required": false,
- "displayName": "vendor",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "virtual_system",
- "required": false,
- "displayName": "virtual_system",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "vsys",
- "required": false,
- "displayName": "vsys",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "ABLE_TO_TRANSFER_FILE",
- "required": false,
- "displayName": "application: capable of file transfer",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "DEFAULT_PORTS",
- "required": false,
- "displayName": "application: standard ports",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "RISK",
- "required": false,
- "displayName": "application: risk",
- "comment": "",
- "hidden": false,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "EXCESSIVE_BANDWIDTH",
- "required": false,
- "displayName": "application: excessive bandwidth",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "CATEGORY",
- "required": false,
- "displayName": "application: category",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "PRONE_TO_MISUSE",
- "required": false,
- "displayName": "application: prone to misuse",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "PERVASIVE_USE",
- "required": false,
- "displayName": "application: widely use",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "EVASIVE",
- "required": false,
- "displayName": "application: evasive",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "TECHNOLOGY",
- "required": false,
- "displayName": "application: technology",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "SUBCATEGORY",
- "required": false,
- "displayName": "application: subcategory",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "HAS_KNOWN_VULNERABILITY",
- "required": false,
- "displayName": "application: has known vulnerabilities",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "TUNNEL_OTHER_APPLICATION",
- "required": false,
- "displayName": "application: tunnels other applications",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "USED_BY_MALWARE",
- "required": false,
- "displayName": "application: used by malware",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.file.file_deleted{@deleted_file}",
- "required": false,
- "displayName": "wildfire.report.file.file_deleted{@deleted_file}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.file.file_deleted{@pid}",
- "required": false,
- "displayName": "wildfire.report.file.file_deleted{@pid}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.file.file_deleted{@process_image}",
- "required": false,
- "displayName": "wildfire.report.file.file_deleted{@process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.file.file_written{@pid}",
- "required": false,
- "displayName": "wildfire.report.file.file_written{@pid}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.file.file_written{@process_image}",
- "required": false,
- "displayName": "wildfire.report.file.file_written{@process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.file.file_written{@written_file}",
- "required": false,
- "displayName": "wildfire.report.file.file_written{@written_file}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.id",
- "required": false,
- "displayName": "wildfire.report.id",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.malware",
- "required": false,
- "displayName": "wildfire.report.malware",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.md5",
- "required": false,
- "displayName": "wildfire.report.md5",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.dns{@query}",
- "required": false,
- "displayName": "wildfire.report.network.dns{@query}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.dns{@type}",
- "required": false,
- "displayName": "wildfire.report.network.dns{@type}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.tcp-connection{@ip}",
- "required": false,
- "displayName": "wildfire.report.network.tcp-connection{@ip}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.tcp-connection{@pid}",
- "required": false,
- "displayName": "wildfire.report.network.tcp-connection{@pid}",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.tcp-connection{@port}",
- "required": false,
- "displayName": "wildfire.report.network.tcp-connection{@port}",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.tcp-connection{@process_image}",
- "required": false,
- "displayName": "wildfire.report.network.tcp-connection{@process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.TCP{@country}",
- "required": false,
- "displayName": "wildfire.report.network.TCP{@country}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.TCP{@ip}",
- "required": false,
- "displayName": "wildfire.report.network.TCP{@ip}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.TCP{@port}",
- "required": false,
- "displayName": "wildfire.report.network.TCP{@port}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.UDP{@country}",
- "required": false,
- "displayName": "wildfire.report.network.UDP{@country}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.UDP{@ip}",
- "required": false,
- "displayName": "wildfire.report.network.UDP{@ip}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.UDP{@port}",
- "required": false,
- "displayName": "wildfire.report.network.UDP{@port}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.url{@host}",
- "required": false,
- "displayName": "wildfire.report.network.url{@host}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.url{@method}",
- "required": false,
- "displayName": "wildfire.report.network.url{@method}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.url{@uri}",
- "required": false,
- "displayName": "wildfire.report.network.url{@uri}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.network.url{@user_agent}",
- "required": false,
- "displayName": "wildfire.report.network.url{@user_agent}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.process.process_created{@child_pid}",
- "required": false,
- "displayName": "wildfire.report.process.process_created{@child_pid}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.process.process_created{@child_process_image}",
- "required": false,
- "displayName": "wildfire.report.process.process_created{@child_process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.process.process_created{@parent_pid}",
- "required": false,
- "displayName": "wildfire.report.process.process_created{@parent_pid}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.process.process_created{@parent_process_image}",
- "required": false,
- "displayName": "wildfire.report.process.process_created{@parent_process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.process.process_terminated{@child_pid}",
- "required": false,
- "displayName": "wildfire.report.process.process_terminated{@child_pid}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.process.process_terminated{@child_process_image}",
- "required": false,
- "displayName": "wildfire.report.process.process_terminated{@child_process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.process.process_terminated{@parent_pid}",
- "required": false,
- "displayName": "wildfire.report.process.process_terminated{@parent_pid}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.process.process_terminated{@parent_process_image}",
- "required": false,
- "displayName": "wildfire.report.process.process_terminated{@parent_process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.DeleteKey{@pid}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteKey{@pid}",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.DeleteKey{@process_image}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteKey{@process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.DeleteKey{@reg_key}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteKey{@reg_key}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.DeleteValueKey{@pid}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteValueKey{@pid}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.DeleteValueKey{@process_image}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteValueKey{@process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.DeleteValueKey{@reg_key}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteValueKey{@reg_key}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.SetValueKey{@pid}",
- "required": false,
- "displayName": "wildfire.report.registry.SetValueKey{@pid}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.SetValueKey{@process_image}",
- "required": false,
- "displayName": "wildfire.report.registry.SetValueKey{@process_image}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.registry.SetValueKey{@reg_key}",
- "required": false,
- "displayName": "wildfire.report.registry.SetValueKey{@reg_key}",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.sha256",
- "required": false,
- "displayName": "wildfire.report.sha256",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.size",
- "required": false,
- "displayName": "wildfire.report.size",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.summary.entry",
- "required": false,
- "displayName": "wildfire.report.summary.entry",
- "comment": "",
- "hidden": true,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.task",
- "required": false,
- "displayName": "wildfire.report.task",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "wildfire.report.version",
- "required": false,
- "displayName": "wildfire.report.version",
- "comment": "",
- "hidden": true,
- "type": "number",
- "multivalue": false
- },
- {
- "fieldName": "client_location",
- "required": false,
- "displayName": "client_location",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "dst_class",
- "required": false,
- "displayName": "dst_class",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "server_ip",
- "required": false,
- "displayName": "server_ip",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "server_location",
- "required": false,
- "displayName": "server_location",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "src_class",
- "required": false,
- "displayName": "src_class",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "client_ip",
- "required": false,
- "displayName": "client_ip",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- },
- {
- "fieldName": "user",
- "required": false,
- "displayName": "user",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "BaseEvent",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "index=\"pan_logs\""
+ "search": "`pan_index`",
+ "owner": "log"
}
- ],
- "objectName": "log"
- },
+ ],
+ "lineage": "log"
+ },
{
- "displayName": "Traffic",
+ "objectName": "traffic",
+ "displayName": "Traffic",
+ "parentName": "log",
"fields": [
{
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "start_time",
- "required": false,
- "displayName": "start_time",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "bytes_received",
- "required": false,
- "displayName": "bytes_received",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes_sent",
- "required": false,
- "displayName": "bytes_sent",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "egress_interface",
- "required": false,
- "displayName": "egress_interface",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "ingress_interface",
- "required": false,
- "displayName": "ingress_interface",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "packets",
- "required": false,
- "displayName": "packets",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "packets_received",
- "required": false,
- "displayName": "packets_received",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "packets_sent",
- "required": false,
- "displayName": "packets_sent",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "log",
+ ],
"calculations": [
{
- "calculationID": "399y2eyb79j2a9k9",
- "calculationType": "Eval",
"outputFields": [
{
- "fieldName": "dst_ip_port",
- "required": false,
- "displayName": "dst_ip_port",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
+ "fieldName": "dst_ip_port",
+ "owner": "log.traffic",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip_port",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "expression": "dst_ip.\",\".dst_port",
- "comment": ""
+ ],
+ "calculationID": "399y2eyb79j2a9k9",
+ "owner": "log.traffic",
+ "editable": true,
+ "comment": "",
+ "calculationType": "Eval",
+ "expression": "dst_ip.\",\".dst_port"
}
- ],
+ ],
"constraints": [
{
- "search": "type=\"TRAFFIC\""
+ "search": "type=\"TRAFFIC\"",
+ "owner": "log.traffic"
}
- ],
- "objectName": "traffic"
- },
+ ],
+ "lineage": "log.traffic"
+ },
{
- "displayName": "Flow Start",
+ "objectName": "start",
+ "displayName": "Flow Start",
+ "parentName": "traffic",
"fields": [
{
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "start_time",
- "required": false,
- "displayName": "start_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "packets_sent",
- "required": false,
- "displayName": "packets_sent",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "packets_received",
- "required": false,
- "displayName": "packets_received",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "packets",
- "required": false,
- "displayName": "packets",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "ingress_interface",
- "required": false,
- "displayName": "ingress_interface",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "egress_interface",
- "required": false,
- "displayName": "egress_interface",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "bytes_sent",
- "required": false,
- "displayName": "bytes_sent",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes_received",
- "required": false,
- "displayName": "bytes_received",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "traffic",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"start\""
+ "search": "log_subtype=\"start\"",
+ "owner": "log.traffic.start"
}
- ],
- "objectName": "start"
- },
+ ],
+ "lineage": "log.traffic.start"
+ },
{
- "displayName": "Flow End",
+ "objectName": "end",
+ "displayName": "Flow End",
+ "parentName": "traffic",
"fields": [
{
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "start_time",
- "required": false,
- "displayName": "start_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "packets_sent",
- "required": false,
- "displayName": "packets_sent",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "packets_received",
- "required": false,
- "displayName": "packets_received",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "packets",
- "required": false,
- "displayName": "packets",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "ingress_interface",
- "required": false,
- "displayName": "ingress_interface",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "egress_interface",
- "required": false,
- "displayName": "egress_interface",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "bytes_sent",
- "required": false,
- "displayName": "bytes_sent",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes_received",
- "required": false,
- "displayName": "bytes_received",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "traffic",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"end\""
+ "search": "log_subtype=\"end\"",
+ "owner": "log.traffic.end"
}
- ],
- "objectName": "end"
- },
+ ],
+ "lineage": "log.traffic.end"
+ },
{
- "displayName": "Threat",
+ "objectName": "threat",
+ "displayName": "Threat",
+ "parentName": "log",
"fields": [
{
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "severity",
- "required": false,
- "displayName": "severity",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "log",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "type=\"THREAT\" (log_subtype=\"vulnerability\" OR log_subtype=\"virus\" OR log_subtype=\"spyware\")"
+ "search": "type=\"THREAT\" (log_subtype=\"vulnerability\" OR log_subtype=\"virus\" OR log_subtype=\"spyware\")",
+ "owner": "log.threat"
}
- ],
- "objectName": "threat"
- },
+ ],
+ "lineage": "log.threat"
+ },
{
- "displayName": "Vulnerability",
+ "objectName": "vulnerability",
+ "displayName": "Vulnerability",
+ "parentName": "threat",
"fields": [
{
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "severity",
- "required": false,
- "displayName": "severity",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "threat",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"vulnerability\""
+ "search": "log_subtype=\"vulnerability\"",
+ "owner": "log.threat.vulnerability"
}
- ],
- "objectName": "vulnerability"
- },
+ ],
+ "lineage": "log.threat.vulnerability"
+ },
{
- "displayName": "Virus",
+ "objectName": "virus",
+ "displayName": "Virus",
+ "parentName": "threat",
"fields": [
{
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "severity",
- "required": false,
- "displayName": "severity",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "threat",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"virus\""
+ "search": "log_subtype=\"virus\"",
+ "owner": "log.threat.virus"
}
- ],
- "objectName": "virus"
- },
+ ],
+ "lineage": "log.threat.virus"
+ },
{
- "displayName": "Spyware",
+ "objectName": "spyware",
+ "displayName": "Spyware",
+ "parentName": "threat",
"fields": [
{
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "severity",
- "required": false,
- "displayName": "severity",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "threat",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"spyware\""
+ "search": "log_subtype=\"spyware\"",
+ "owner": "log.threat.spyware"
}
- ],
- "objectName": "spyware"
- },
+ ],
+ "lineage": "log.threat.spyware"
+ },
{
- "displayName": "URL Filtering",
+ "objectName": "url",
+ "displayName": "URL Filtering",
+ "parentName": "log",
"fields": [
{
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "dst_hostname",
- "required": false,
- "displayName": "dst_hostname",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "egress_interface",
- "required": false,
- "displayName": "egress_interface",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "ingress_interface",
- "required": false,
- "displayName": "ingress_interface",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "timeendpos",
- "required": false,
- "displayName": "timeendpos",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- }
- ],
- "comment": "",
- "parentName": "log",
- "calculations": [
- {
- "inputField": "content_type",
- "outputFields": [
- {
- "fieldName": "major_content_type",
- "required": false,
- "displayName": "major_content_type",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
- }
- ],
- "comment": "",
- "calculationID": "09k28rp5v6j38fr",
- "calculationType": "Rex",
- "expression": "(?.*)/"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"url\""
+ "search": "log_subtype=\"url\"",
+ "owner": "log.url"
}
- ],
- "objectName": "url"
- },
+ ],
+ "lineage": "log.url"
+ },
{
- "displayName": "File Blocking",
+ "objectName": "file",
+ "displayName": "File Blocking",
+ "parentName": "log",
"fields": [
{
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "log",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"file\""
+ "search": "log_subtype=\"file\"",
+ "owner": "log.file"
}
- ],
- "objectName": "file"
- },
+ ],
+ "lineage": "log.file"
+ },
{
- "displayName": "Data Filtering",
+ "objectName": "data",
+ "displayName": "Data Filtering",
+ "parentName": "log",
"fields": [
{
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "log",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"data\""
+ "search": "log_subtype=\"data\"",
+ "owner": "log.data"
}
- ],
- "objectName": "data"
- },
+ ],
+ "lineage": "log.data"
+ },
{
- "displayName": "WildFire",
+ "objectName": "wildfire",
+ "displayName": "WildFire",
+ "parentName": "log",
"fields": [
{
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "report_id",
- "required": false,
- "displayName": "report_id",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "log",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "log_subtype=\"wildfire\""
+ "search": "log_subtype=\"wildfire\"",
+ "owner": "log.wildfire"
}
- ],
- "objectName": "wildfire"
- },
+ ],
+ "lineage": "log.wildfire"
+ },
{
- "displayName": "WildFire Report",
+ "objectName": "wildfire_report",
+ "displayName": "WildFire Report",
+ "parentName": "log",
"fields": [
{
- "fieldName": "user",
- "required": false,
- "displayName": "user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "client_location",
- "required": false,
- "displayName": "client_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "server_ip",
- "required": false,
- "displayName": "server_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "server_location",
- "required": false,
- "displayName": "server_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "client_ip",
- "required": false,
- "displayName": "client_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_class",
- "required": false,
- "displayName": "dst_class",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_class",
- "required": false,
- "displayName": "src_class",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "wildfire.report.file.file_deleted{@deleted_file}",
- "required": false,
- "displayName": "wildfire.report.file.file_deleted{@deleted_file}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.file.file_deleted{@pid}",
- "required": false,
- "displayName": "wildfire.report.file.file_deleted{@pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.file.file_deleted{@process_image}",
- "required": false,
- "displayName": "wildfire.report.file.file_deleted{@process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.file.file_written{@pid}",
- "required": false,
- "displayName": "wildfire.report.file.file_written{@pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.file.file_written{@process_image}",
- "required": false,
- "displayName": "wildfire.report.file.file_written{@process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.file.file_written{@written_file}",
- "required": false,
- "displayName": "wildfire.report.file.file_written{@written_file}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.id",
- "required": false,
- "displayName": "wildfire.report.id",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "wildfire.report.malware",
- "required": false,
- "displayName": "wildfire.report.malware",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.md5",
- "required": false,
- "displayName": "wildfire.report.md5",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.dns{@query}",
- "required": false,
- "displayName": "wildfire.report.network.dns{@query}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.dns{@type}",
- "required": false,
- "displayName": "wildfire.report.network.dns{@type}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.tcp-connection{@ip}",
- "required": false,
- "displayName": "wildfire.report.network.tcp-connection{@ip}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.tcp-connection{@pid}",
- "required": false,
- "displayName": "wildfire.report.network.tcp-connection{@pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "wildfire.report.network.tcp-connection{@port}",
- "required": false,
- "displayName": "wildfire.report.network.tcp-connection{@port}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "wildfire.report.network.tcp-connection{@process_image}",
- "required": false,
- "displayName": "wildfire.report.network.tcp-connection{@process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.TCP{@country}",
- "required": false,
- "displayName": "wildfire.report.network.TCP{@country}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.TCP{@ip}",
- "required": false,
- "displayName": "wildfire.report.network.TCP{@ip}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.TCP{@port}",
- "required": false,
- "displayName": "wildfire.report.network.TCP{@port}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.UDP{@country}",
- "required": false,
- "displayName": "wildfire.report.network.UDP{@country}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.UDP{@ip}",
- "required": false,
- "displayName": "wildfire.report.network.UDP{@ip}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.UDP{@port}",
- "required": false,
- "displayName": "wildfire.report.network.UDP{@port}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.url{@host}",
- "required": false,
- "displayName": "wildfire.report.network.url{@host}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.url{@method}",
- "required": false,
- "displayName": "wildfire.report.network.url{@method}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.url{@uri}",
- "required": false,
- "displayName": "wildfire.report.network.url{@uri}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.network.url{@user_agent}",
- "required": false,
- "displayName": "wildfire.report.network.url{@user_agent}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.process.process_created{@child_pid}",
- "required": false,
- "displayName": "wildfire.report.process.process_created{@child_pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.process.process_created{@child_process_image}",
- "required": false,
- "displayName": "wildfire.report.process.process_created{@child_process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.process.process_created{@parent_pid}",
- "required": false,
- "displayName": "wildfire.report.process.process_created{@parent_pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.process.process_created{@parent_process_image}",
- "required": false,
- "displayName": "wildfire.report.process.process_created{@parent_process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.process.process_terminated{@child_pid}",
- "required": false,
- "displayName": "wildfire.report.process.process_terminated{@child_pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.process.process_terminated{@child_process_image}",
- "required": false,
- "displayName": "wildfire.report.process.process_terminated{@child_process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.process.process_terminated{@parent_pid}",
- "required": false,
- "displayName": "wildfire.report.process.process_terminated{@parent_pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.process.process_terminated{@parent_process_image}",
- "required": false,
- "displayName": "wildfire.report.process.process_terminated{@parent_process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.registry.DeleteKey{@pid}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteKey{@pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "wildfire.report.registry.DeleteKey{@process_image}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteKey{@process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.registry.DeleteKey{@reg_key}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteKey{@reg_key}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.registry.DeleteValueKey{@pid}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteValueKey{@pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.registry.DeleteValueKey{@process_image}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteValueKey{@process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.registry.DeleteValueKey{@reg_key}",
- "required": false,
- "displayName": "wildfire.report.registry.DeleteValueKey{@reg_key}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.registry.SetValueKey{@pid}",
- "required": false,
- "displayName": "wildfire.report.registry.SetValueKey{@pid}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.registry.SetValueKey{@process_image}",
- "required": false,
- "displayName": "wildfire.report.registry.SetValueKey{@process_image}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.registry.SetValueKey{@reg_key}",
- "required": false,
- "displayName": "wildfire.report.registry.SetValueKey{@reg_key}",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.sha256",
- "required": false,
- "displayName": "wildfire.report.sha256",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.size",
- "required": false,
- "displayName": "wildfire.report.size",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "wildfire.report.summary.entry",
- "required": false,
- "displayName": "wildfire.report.summary.entry",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "wildfire.report.task",
- "required": false,
- "displayName": "wildfire.report.task",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "wildfire.report.version",
- "required": false,
- "displayName": "wildfire.report.version",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "action",
- "required": false,
- "displayName": "action",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "action_flags",
- "required": false,
- "displayName": "action_flags",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "application",
- "required": false,
- "displayName": "application",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "category",
- "required": false,
- "displayName": "category",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "content_type",
- "required": false,
- "displayName": "content_type",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dest_ip",
- "required": false,
- "displayName": "dest_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dest_port",
- "required": false,
- "displayName": "dest_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "direction",
- "required": false,
- "displayName": "direction",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_ip",
- "required": false,
- "displayName": "dst_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_location",
- "required": false,
- "displayName": "dst_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_port",
- "required": false,
- "displayName": "dst_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "dst_user",
- "required": false,
- "displayName": "dst_user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_zone",
- "required": false,
- "displayName": "dst_zone",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dvc",
- "required": false,
- "displayName": "dvc",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "flags",
- "required": false,
- "displayName": "flags",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "generated_time",
- "required": false,
- "displayName": "generated_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "log_forwarding_profile",
- "required": false,
- "displayName": "log_forwarding_profile",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "log_subtype",
- "required": false,
- "displayName": "log_subtype",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "misc",
- "required": false,
- "displayName": "misc",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_dst_ip",
- "required": false,
- "displayName": "nat_dst_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_dst_port",
- "required": false,
- "displayName": "nat_dst_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "nat_src_ip",
- "required": false,
- "displayName": "nat_src_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_src_port",
- "required": false,
- "displayName": "nat_src_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "protocol",
- "required": false,
- "displayName": "protocol",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "receive_time",
- "required": false,
- "displayName": "receive_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "repeat_count",
- "required": false,
- "displayName": "repeat_count",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "rule",
- "required": false,
- "displayName": "rule",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "sequence_number",
- "required": false,
- "displayName": "sequence_number",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "serial_number",
- "required": false,
- "displayName": "serial_number",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "session_id",
- "required": false,
- "displayName": "session_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "src_ip",
- "required": false,
- "displayName": "src_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_location",
- "required": false,
- "displayName": "src_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_port",
- "required": false,
- "displayName": "src_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "src_user",
- "required": false,
- "displayName": "src_user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_zone",
- "required": false,
- "displayName": "src_zone",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "type",
- "required": false,
- "displayName": "type",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "virtual_system",
- "required": false,
- "displayName": "virtual_system",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "ABLE_TO_TRANSFER_FILE",
- "required": false,
- "displayName": "application: capable of file transfer",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "DEFAULT_PORTS",
- "required": false,
- "displayName": "application: standard ports",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "RISK",
- "required": false,
- "displayName": "application: risk",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "EXCESSIVE_BANDWIDTH",
- "required": false,
- "displayName": "application: excessive bandwidth",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "CATEGORY",
- "required": false,
- "displayName": "application: category",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "PRONE_TO_MISUSE",
- "required": false,
- "displayName": "applicaiton: prone to misuse",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "PERVASIVE_USE",
- "required": false,
- "displayName": "application: widely use",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "EVASIVE",
- "required": false,
- "displayName": "application: evasive",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "TECHNOLOGY",
- "required": false,
- "displayName": "application: technology",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "SUBCATEGORY",
- "required": false,
- "displayName": "application: subcategory",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "HAS_KNOWN_VULNERABILITY",
- "required": false,
- "displayName": "application: has known vulnerabilities",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "TUNNEL_OTHER_APPLICATION",
- "required": false,
- "displayName": "application: tunnels other applications",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "USED_BY_MALWARE",
- "required": false,
- "displayName": "application: used by malware",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "applicaiton: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "log",
+ ],
"calculations": [
{
- "calculationID": "2rucodj8x0uul3di",
- "calculationType": "Eval",
"outputFields": [
{
- "fieldName": "tcp_ip_port",
- "required": false,
- "displayName": "tcp_ip_port",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
+ "fieldName": "tcp_ip_port",
+ "owner": "log.wildfire_report",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "tcp_ip_port",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "expression": "tcp_ip_port",
- "comment": ""
- },
+ ],
+ "calculationID": "2rucodj8x0uul3di",
+ "owner": "log.wildfire_report",
+ "editable": true,
+ "comment": "",
+ "calculationType": "Eval",
+ "expression": "tcp_ip_port"
+ },
{
- "calculationID": "4kmhncs3aj198uxr",
- "calculationType": "Eval",
"outputFields": [
{
- "fieldName": "udp_ip_port",
- "required": false,
- "displayName": "udp_ip_port",
- "comment": "",
- "hidden": false,
- "type": "string",
- "multivalue": false
+ "fieldName": "udp_ip_port",
+ "owner": "log.wildfire_report",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "udp_ip_port",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "expression": "mvzip(udp_ip,udp_port)",
- "comment": ""
+ ],
+ "calculationID": "4kmhncs3aj198uxr",
+ "owner": "log.wildfire_report",
+ "editable": true,
+ "comment": "",
+ "calculationType": "Eval",
+ "expression": "mvzip(udp_ip,udp_port)"
}
- ],
+ ],
"constraints": [
{
- "search": "sourcetype=\"pan_wildfire_report\""
+ "search": "sourcetype=\"pan_wildfire_report\"",
+ "owner": "log.wildfire_report"
}
- ],
- "objectName": "wildfire_report"
- },
+ ],
+ "lineage": "log.wildfire_report"
+ },
{
- "displayName": "Benign File",
+ "objectName": "benign",
+ "displayName": "Benign File",
+ "parentName": "wildfire",
"fields": [
{
- "fieldName": "report_id",
- "required": false,
- "displayName": "report_id",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "wildfire",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "category=\"benign\""
+ "search": "category=\"benign\"",
+ "owner": "log.wildfire.benign"
}
- ],
- "objectName": "benign"
- },
+ ],
+ "lineage": "log.wildfire.benign"
+ },
{
- "displayName": "Malicious File",
+ "objectName": "malicious",
+ "displayName": "Malicious File",
+ "parentName": "wildfire",
"fields": [
{
- "fieldName": "report_id",
- "required": false,
- "displayName": "report_id",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "wildfire",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "category=\"malicious\""
+ "search": "category=\"malicious\"",
+ "owner": "log.wildfire.malicious"
}
- ],
- "objectName": "malicious"
- },
+ ],
+ "lineage": "log.wildfire.malicious"
+ },
{
- "displayName": "Config",
+ "objectName": "config",
+ "displayName": "Config",
+ "parentName": "log",
"fields": [
{
- "fieldName": "user",
- "required": false,
- "displayName": "user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "client_location",
- "required": false,
- "displayName": "client_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "server_ip",
- "required": false,
- "displayName": "server_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "server_location",
- "required": false,
- "displayName": "server_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "client_ip",
- "required": false,
- "displayName": "client_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_class",
- "required": false,
- "displayName": "dst_class",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_class",
- "required": false,
- "displayName": "src_class",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "result",
- "required": false,
- "displayName": "result",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "configuration_path",
- "required": false,
- "displayName": "configuration_path",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "admin_ip",
- "required": false,
- "displayName": "admin_ip",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "admin_type",
- "required": false,
- "displayName": "admin_type",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "admin",
- "required": false,
- "displayName": "admin",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "command",
- "required": false,
- "displayName": "command",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "action",
- "required": false,
- "displayName": "action",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "application",
- "required": false,
- "displayName": "application",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "category",
- "required": false,
- "displayName": "category",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "content_type",
- "required": false,
- "displayName": "content_type",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dest_ip",
- "required": false,
- "displayName": "dest_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dest_port",
- "required": false,
- "displayName": "dest_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "direction",
- "required": false,
- "displayName": "direction",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_ip",
- "required": false,
- "displayName": "dst_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_location",
- "required": false,
- "displayName": "dst_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_port",
- "required": false,
- "displayName": "dst_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "dst_user",
- "required": false,
- "displayName": "dst_user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_zone",
- "required": false,
- "displayName": "dst_zone",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "flags",
- "required": false,
- "displayName": "flags",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "generated_time",
- "required": false,
- "displayName": "generated_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "log_forwarding_profile",
- "required": false,
- "displayName": "log_forwarding_profile",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "misc",
- "required": false,
- "displayName": "misc",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_dst_ip",
- "required": false,
- "displayName": "nat_dst_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_dst_port",
- "required": false,
- "displayName": "nat_dst_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "nat_src_ip",
- "required": false,
- "displayName": "nat_src_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_src_port",
- "required": false,
- "displayName": "nat_src_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "protocol",
- "required": false,
- "displayName": "protocol",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "repeat_count",
- "required": false,
- "displayName": "repeat_count",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "rule",
- "required": false,
- "displayName": "rule",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "session_id",
- "required": false,
- "displayName": "session_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "src_ip",
- "required": false,
- "displayName": "src_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_location",
- "required": false,
- "displayName": "src_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_port",
- "required": false,
- "displayName": "src_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "src_user",
- "required": false,
- "displayName": "src_user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_zone",
- "required": false,
- "displayName": "src_zone",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "ABLE_TO_TRANSFER_FILE",
- "required": false,
- "displayName": "application: capable of file transfer",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "DEFAULT_PORTS",
- "required": false,
- "displayName": "application: standard ports",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "RISK",
- "required": false,
- "displayName": "application: risk",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "EXCESSIVE_BANDWIDTH",
- "required": false,
- "displayName": "application: excessive bandwidth",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "CATEGORY",
- "required": false,
- "displayName": "application: category",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "PRONE_TO_MISUSE",
- "required": false,
- "displayName": "application: prone to misuse",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "PERVASIVE_USE",
- "required": false,
- "displayName": "application: widely use",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "EVASIVE",
- "required": false,
- "displayName": "application: evasive",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "TECHNOLOGY",
- "required": false,
- "displayName": "application: technology",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "SUBCATEGORY",
- "required": false,
- "displayName": "application: subcategory",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "HAS_KNOWN_VULNERABILITY",
- "required": false,
- "displayName": "application: has known vulnerabilities",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "TUNNEL_OTHER_APPLICATION",
- "required": false,
- "displayName": "application: tunnels other applications",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "USED_BY_MALWARE",
- "required": false,
- "displayName": "application: used by malware",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "log",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "type=\"CONFIG\""
+ "search": "type=\"CONFIG\"",
+ "owner": "log.config"
}
- ],
- "objectName": "config"
- },
+ ],
+ "lineage": "log.config"
+ },
{
- "displayName": "System",
+ "objectName": "system",
+ "displayName": "System",
+ "parentName": "log",
"fields": [
{
- "fieldName": "user",
- "required": false,
- "displayName": "user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_class",
- "required": false,
- "displayName": "src_class",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "client_location",
- "required": false,
- "displayName": "client_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "server_ip",
- "required": false,
- "displayName": "server_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "server_location",
- "required": false,
- "displayName": "server_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "client_ip",
- "required": false,
- "displayName": "client_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "bytes",
- "required": false,
- "displayName": "bytes",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "description",
- "required": false,
- "displayName": "description",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "module",
- "required": false,
- "displayName": "module",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "event_id",
- "required": false,
- "displayName": "event_id",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "severity",
- "required": false,
- "displayName": "severity",
- "comment": "",
- "hidden": false,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "action",
- "required": false,
- "displayName": "action",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "application",
- "required": false,
- "displayName": "application",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "category",
- "required": false,
- "displayName": "category",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "content_type",
- "required": false,
- "displayName": "content_type",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dest_ip",
- "required": false,
- "displayName": "dest_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dest_port",
- "required": false,
- "displayName": "dest_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "direction",
- "required": false,
- "displayName": "direction",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_ip",
- "required": false,
- "displayName": "dst_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_location",
- "required": false,
- "displayName": "dst_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_port",
- "required": false,
- "displayName": "dst_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "dst_user",
- "required": false,
- "displayName": "dst_user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "dst_zone",
- "required": false,
- "displayName": "dst_zone",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "elapsed_time",
- "required": false,
- "displayName": "elapsed_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "flags",
- "required": false,
- "displayName": "flags",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "generated_time",
- "required": false,
- "displayName": "generated_time",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "log_forwarding_profile",
- "required": false,
- "displayName": "log_forwarding_profile",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "misc",
- "required": false,
- "displayName": "misc",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_dst_ip",
- "required": false,
- "displayName": "nat_dst_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_dst_port",
- "required": false,
- "displayName": "nat_dst_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "nat_src_ip",
- "required": false,
- "displayName": "nat_src_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "nat_src_port",
- "required": false,
- "displayName": "nat_src_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "protocol",
- "required": false,
- "displayName": "protocol",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "repeat_count",
- "required": false,
- "displayName": "repeat_count",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "rule",
- "required": false,
- "displayName": "rule",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "session_id",
- "required": false,
- "displayName": "session_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "src_ip",
- "required": false,
- "displayName": "src_ip",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_location",
- "required": false,
- "displayName": "src_location",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_port",
- "required": false,
- "displayName": "src_port",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "src_user",
- "required": false,
- "displayName": "src_user",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "src_zone",
- "required": false,
- "displayName": "src_zone",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "threat_id",
- "required": false,
- "displayName": "threat_id",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "ABLE_TO_TRANSFER_FILE",
- "required": false,
- "displayName": "application: capable of file transfer",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "DEFAULT_PORTS",
- "required": false,
- "displayName": "application: standard ports",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "RISK",
- "required": false,
- "displayName": "application: risk",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "number"
- },
- {
- "fieldName": "EXCESSIVE_BANDWIDTH",
- "required": false,
- "displayName": "application: excessive bandwidth",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "CATEGORY",
- "required": false,
- "displayName": "application: category",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "PRONE_TO_MISUSE",
- "required": false,
- "displayName": "application: prone to misuse",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "PERVASIVE_USE",
- "required": false,
- "displayName": "application: widely use",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "EVASIVE",
- "required": false,
- "displayName": "application: evasive",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "TECHNOLOGY",
- "required": false,
- "displayName": "application: technology",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "SUBCATEGORY",
- "required": false,
- "displayName": "application: subcategory",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "HAS_KNOWN_VULNERABILITY",
- "required": false,
- "displayName": "application: has known vulnerabilities",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "TUNNEL_OTHER_APPLICATION",
- "required": false,
- "displayName": "application: tunnels other applications",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
- },
- {
- "fieldName": "USED_BY_MALWARE",
- "required": false,
- "displayName": "application: used by malware",
- "comment": "",
- "hidden": true,
- "multivalue": false,
- "owner": "log",
- "type": "string"
+ "fieldName": "action",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "action",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "action_flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "action_flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "app",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "app",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "application",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "bytes_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "bytes_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "category",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "admin_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "admin_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cmd",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cmd",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "command",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "command",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "configuration_path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "configuration_path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_hour",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_hour",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_mday",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_mday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_minute",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_minute",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_month",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_month",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_second",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_second",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_wday",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_wday",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_year",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_year",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "date_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "date_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "description",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "description",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dest_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dest_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "direction",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "direction",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_hostname",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_hostname",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "dst_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dvc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dvc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "egress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "egress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "elapsed_time",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "elapsed_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "event_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "event_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "flags",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "flags",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "generated_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "generated_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "index",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "index",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ingress_interface",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "ingress_interface",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "linecount",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "linecount",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_forwarding_profile",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_forwarding_profile",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_subtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "log_subtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "log_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "log_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "misc",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "misc",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "module",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "module",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_dst_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_dst_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_dst_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "nat_src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "nat_src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_received",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_received",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "packets_sent",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "packets_sent",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "path",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "path",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "product",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "product",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "protocol",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "protocol",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "punct",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "punct",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "receive_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "receive_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "repeat_count",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "repeat_count",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "result",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "result",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "rule_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "rule_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sequence_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sequence_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "serial",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "serial_number",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "serial_number",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "session_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "session_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "severity",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "severity",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "splunk_server",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "splunk_server",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_port",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_port",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_zone",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_zone",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "start_time",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "start_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "tag::eventtype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "tag::eventtype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "report_id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "report_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timeendpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timeendpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "timestartpos",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "timestartpos",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "transport",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "transport",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vendor",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vendor",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "virtual_system",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "virtual_system",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "vsys",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "vsys",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "ABLE_TO_TRANSFER_FILE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: capable of file transfer",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "DEFAULT_PORTS",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: standard ports",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "RISK",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: risk",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EXCESSIVE_BANDWIDTH",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: excessive bandwidth",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "CATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: category",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PRONE_TO_MISUSE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: prone to misuse",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "PERVASIVE_USE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: widely use",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "EVASIVE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: evasive",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TECHNOLOGY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: technology",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "SUBCATEGORY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: subcategory",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "HAS_KNOWN_VULNERABILITY",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: has known vulnerabilities",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "TUNNEL_OTHER_APPLICATION",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: tunnels other applications",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "USED_BY_MALWARE",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "application: used by malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "client_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "dst_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "dst_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "server_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "server_location",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "server_location",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "src_class",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "src_class",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "client_ip",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "client_ip",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "user",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "user",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "filename",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "filename",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "major_content_type",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "major_content_type",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "url",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "url",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "threat_name",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "threat_name",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "after_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "after_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "before_change",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "before_change",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "cloud_address",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "cloud_address",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "file_digest",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "file_digest",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "pcap_id",
+ "owner": "log",
+ "type": "number",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "pcap_id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.filetype",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.filetype",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.file_info.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.file_info.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.id",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.id",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.malware",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.malware",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.md5",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.md5",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.TCP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.TCP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@country}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@country}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@ip}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@ip}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.UDP{@port}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.UDP{@port}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@query}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@query}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@response}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@response}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.dns{@type}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.dns{@type}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@host}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@host}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@method}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@method}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@uri}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@uri}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.network.url{@user_agent}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.network.url{@user_agent}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.platform",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.platform",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.file.Delete{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.mutex.CreateMutex{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@child_process_image}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.process_activity.Create{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Create{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@data}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@key}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.registry.Set{@subkey}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process.service.Create{@path}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@command}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@command}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_list.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_list.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process.child.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@name}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@name}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@pid}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.process_tree.process{@text}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.process_tree.process{@text}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.sha256",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.sha256",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.size",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.size",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.software",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.software",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.summary.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.summary.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.timeline.entry{@seq}",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.task_info.report.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.task_info.report.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "wildfire.version",
+ "owner": "log",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": true,
+ "editable": true,
+ "displayName": "wildfire.version",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "_time",
+ "owner": "BaseEvent",
+ "type": "timestamp",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "_time",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "host",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "host",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "source",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "source",
+ "comment": "",
+ "fieldSearch": ""
+ },
+ {
+ "fieldName": "sourcetype",
+ "owner": "BaseEvent",
+ "type": "string",
+ "required": false,
+ "multivalue": false,
+ "hidden": false,
+ "editable": true,
+ "displayName": "sourcetype",
+ "comment": "",
+ "fieldSearch": ""
}
- ],
- "comment": "",
- "parentName": "log",
- "calculations": [],
+ ],
+ "calculations": [],
"constraints": [
{
- "search": "type=\"SYSTEM\""
+ "search": "type=\"SYSTEM\"",
+ "owner": "log.system"
}
- ],
- "objectName": "system"
+ ],
+ "lineage": "log.system"
}
- ],
- "description": "This datamodel represents all the syslogs produced by Palo Alto Networks devices. The datamodel is structured such that all logs are part of the first root event object so the entire datamodel is accelerated.",
- "displayName": "Palo Alto Networks Logs",
- "modelName": "pan_logs",
- "objectSummary": {
- "Event-Based": 17,
- "Interface Implementations": 0,
- "Search-Based": 0,
- "Transaction-Based": 0,
- "Interfaces": 0
- },
+ ],
"objectNameList": [
- "log",
- "traffic",
- "start",
- "end",
- "threat",
- "vulnerability",
- "virus",
- "spyware",
- "url",
- "file",
- "data",
- "wildfire",
- "wildfire_report",
- "benign",
- "malicious",
- "config",
+ "log",
+ "traffic",
+ "start",
+ "end",
+ "threat",
+ "vulnerability",
+ "virus",
+ "spyware",
+ "url",
+ "file",
+ "data",
+ "wildfire",
+ "wildfire_report",
+ "benign",
+ "malicious",
+ "config",
"system"
]
-}
\ No newline at end of file
+}
diff --git a/default/data/ui/views/content_overview.xml b/default/data/ui/views/content_overview.xml
index 51e5d7f7..59cfbc9d 100644
--- a/default/data/ui/views/content_overview.xml
+++ b/default/data/ui/views/content_overview.xml
@@ -81,7 +81,7 @@
Full Content Types
- | `tstats` count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby _time content_type| timechart values(cc) by content_type
+ | `tstats` count FROM `node(log.url)` $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby _time log.content_type | timechart values(count) by log.content_type
$earliest$
$latest$
@@ -109,7 +109,7 @@
Content Types and Apps
- | `tstats` count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby app content_type | stats values(cc) AS Count by content_type app | sort -Count | rename app AS Application | rename content_type AS "Content Type"
+ | `tstats` count FROM `node(log.url)` $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ `table(log.app log.content_type, count)`
$earliest$
$latest$
@@ -149,7 +149,7 @@
Non-Web Browsing Content Types
- | `tstats` count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby app content_type | where app != "web-browsing" | stats values(cc) AS Count by content_type app | sort -Count | rename app AS Application | rename content_type AS "Content Type"
+ | `tstats` count FROM `node(log.url)` $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ app!="web-browsing" `table(log.app log.content_type, count)`
$earliest$
$latest$
@@ -181,7 +181,7 @@
Content Types and Web Categories
- | `tstats` count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby category content_type | stats values(cc) AS Count by content_type category | sort -Count | rename category AS Category | rename content_type AS "Content Type"
+ | `tstats` count FROM `node(log.url)` $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ `table(log.category log.content_type, count)`
$earliest$
$latest$
diff --git a/default/data/ui/views/data_filtering_overview.xml b/default/data/ui/views/data_filtering_overview.xml
index 59697a21..d623d312 100644
--- a/default/data/ui/views/data_filtering_overview.xml
+++ b/default/data/ui/views/data_filtering_overview.xml
@@ -107,7 +107,7 @@
Data Filter Events by Application
- | `tstats` count FROM `node(log.data)` $user$ $src_ip$ $dst_ip$ $app$ $action$ $vsys$ `table(log.threat_id log.action log.src_ip log.app, count)`
+ | `tstats` count FROM `node(log.data)` $user$ $src_ip$ $dst_ip$ $app$ $action$ $vsys$ `table(log.threat_name log.action log.src_ip log.app, count)`
$earliest$
$latest$
@@ -140,7 +140,7 @@
diff --git a/default/data/ui/views/overview.xml b/default/data/ui/views/overview.xml
index b2f9bb39..24abfcd0 100644
--- a/default/data/ui/views/overview.xml
+++ b/default/data/ui/views/overview.xml
@@ -107,7 +107,7 @@
Recently Added to Applipedia
- index=pan_logs sourcetype="pan_newapps" | dedup app{@name} sortby +_time | sort -_time | table _time app{@name} app.technology app.category app.subcategory app.risk | convert timeformat="%m/%d/%y" ctime(_time) | rename _time AS "Date added" | rename app{@name} AS Name | rename app.technology AS Technology | rename app.category AS Category | rename app.subcategory AS Subcategory | rename app.risk AS Risk
+ `pan_index` sourcetype="pan_newapps" | dedup app{@name} sortby +_time | sort -_time | table _time app{@name} app.technology app.category app.subcategory app.risk | convert timeformat="%m/%d/%y" ctime(_time) | rename _time AS "Date added" | rename app{@name} AS Name | rename app.technology AS Technology | rename app.category AS Category | rename app.subcategory AS Subcategory | rename app.risk AS Risk
-2w@w
now
diff --git a/default/data/ui/views/threat_detail.xml b/default/data/ui/views/threat_detail.xml
index ff21c12c..900e54bb 100644
--- a/default/data/ui/views/threat_detail.xml
+++ b/default/data/ui/views/threat_detail.xml
@@ -10,7 +10,7 @@
- log.threat_id="
+ log.threat_name="
"
@@ -32,7 +32,7 @@
"
- | `tstats` values(sourcetype) as sourcetype values(log.threat_id) as threat_id sum(log.bytes) as bytes sum(log.elapsed_time) as duration
+ | `tstats` values(sourcetype) as sourcetype values(log.threat_name) as threat_name sum(log.bytes) as bytes sum(log.elapsed_time) as duration
FROM datamodel="pan_logs" WHERE (nodename="log.traffic" OR nodename="log.threat") $threat$ $user$ $application$ $location$
`groupby(log.session_id log.user log.server_ip log.application log.server_location)`
| search sourcetype="pan_threat" bytes!="" server_location!="" user!="" | eval KB=bytes/1024
@@ -134,7 +134,7 @@
Threats by Bytes Transferred and Sessions
- stats sum(KB) as "Transfer (KB)" count(session_id) as "Total Sessions" by threat_id
+ stats sum(KB) as "Transfer (KB)" count(session_id) as "Total Sessions" by threat_name
$earliest$
$latest$
@@ -158,7 +158,7 @@
diff --git a/default/data/ui/views/threat_overview.xml b/default/data/ui/views/threat_overview.xml
index 5a9a49d7..01240253 100644
--- a/default/data/ui/views/threat_overview.xml
+++ b/default/data/ui/views/threat_overview.xml
@@ -19,10 +19,10 @@
log.dst_ip="
"
-
-
+
+
- log.threat_id="
+ log.threat_name="
"
@@ -53,7 +53,7 @@
Threat Subtypes
- | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby _time log.log_subtype | timechart values(count) by log.log_subtype
+ | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_name$ $vsys$ $app$ groupby _time log.log_subtype | timechart values(count) by log.log_subtype
$earliest$
$latest$
@@ -79,7 +79,7 @@
Severity
- | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby _time log.severity | timechart values(count) by log.severity
+ | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_name$ $vsys$ $app$ groupby _time log.severity | timechart values(count) by log.severity
$earliest$
$latest$
@@ -106,8 +106,8 @@
- Threat IDs
- | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby log.threat_id
+ Threats
+ | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_name$ $vsys$ $app$ groupby log.threat_name
$earliest$
$latest$
@@ -133,7 +133,7 @@
Threats by App
- | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby log.app
+ | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_name$ $vsys$ $app$ groupby log.app
$earliest$
$latest$
@@ -159,7 +159,7 @@
Threats by User
- | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby log.user
+ | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_name$ $vsys$ $app$ groupby log.user
$earliest$
$latest$
@@ -187,7 +187,7 @@
Source IP
- | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby log.src_ip
+ | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_name$ $vsys$ $app$ groupby log.src_ip
$earliest$
$latest$
@@ -213,7 +213,7 @@
Threats by Severity
- | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby log.severity
+ | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_name$ $vsys$ $app$ groupby log.severity
$earliest$
$latest$
@@ -239,7 +239,7 @@
Destination IP
- | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby log.dst_ip
+ | `tstats` count FROM `node(log.threat)` $src_ip$ $dst_ip$ $log_subtype$ $threat_name$ $vsys$ $app$ groupby log.dst_ip
$earliest$
$latest$
diff --git a/default/data/ui/views/traffic_overview.xml b/default/data/ui/views/traffic_overview.xml
index 39e913f2..8b6d9c55 100644
--- a/default/data/ui/views/traffic_overview.xml
+++ b/default/data/ui/views/traffic_overview.xml
@@ -106,7 +106,7 @@
Applications by Bytes Transfered
- | `tstats` sum(log.bytes_received) AS sbr sum(log.bytes_sent) AS sbs FROM `node(log.traffic.end)` $action$ $src_ip$ $dst_ip$ $dst_port$ $user$ $app$ groupby log.app | eval sumBytes = sbr + sbs | stats values(sumBytes) AS Bytes by log.app | `top(50)`
+ | `tstats` sum(log.bytes_received) AS sbr sum(log.bytes_sent) AS sbs FROM `node(log.traffic.end)` $action$ $src_ip$ $dst_ip$ $dst_port$ $user$ $app$ groupby log.app | eval sumBytes = sbr + sbs | stats values(sumBytes) AS Bytes by log.app | sort -Bytes | head 50
$earliest$
$latest$
diff --git a/default/data/ui/views/wildfire_overview.xml b/default/data/ui/views/wildfire_overview.xml
index 5e3f26ca..0f891543 100644
--- a/default/data/ui/views/wildfire_overview.xml
+++ b/default/data/ui/views/wildfire_overview.xml
@@ -111,7 +111,7 @@
Possible Malware Traffic
- | `tstats` count(traffic) FROM `node(log.traffic)` $src_ip$ $dst_ip$ $user$ $misc$ $vsys$ $app$ groupby _time log.traffic.dst_ip_port log.dst_ip log.dst_port log.src_ip log.user log.app | rename log.traffic.dst_ip_port AS ip_port | join type=inner ip_port [ | `tstats` count(log.wildfire_report) FROM datamodel="pan_logs" WHERE earliest=-1y latest=now nodename="log.wildfire_report" groupby log.wildfire.report.id log.wildfire_report.tcp_ip_port | rename log.wildfire_report.tcp_ip_port AS ip_port ] | dedup 1 log.src_ip log.user ip_port log.app | eval "Traffic Link" = "View Traffic Logs" | eval "WildFire Link" = "View WildFire Report" | table _time log.src_ip log.user log.dst_ip log.dst_port log.app log.wildfire.report.id "Traffic Link" "WildFire Link" | rex mode=sed field=ip_port "s/,/:/" | rename log.src_ip AS Source | rename log.dst_ip AS "Dest IP" | rename log.dst_port AS "Dest Port" | rename log.user AS User | rename log.app AS Application | rename log.wildfire.report.id AS "WildFire Report ID" | sort -_time
+ | `tstats` count(traffic) FROM `node(log.traffic)` $src_ip$ $dst_ip$ $user$ $misc$ $vsys$ $app$ groupby _time log.traffic.dst_ip_port log.dst_ip log.dst_port log.src_ip log.user log.app | rename log.traffic.dst_ip_port AS ip_port | join type=inner ip_port [ | `tstats` count(log.wildfire_report) FROM datamodel="pan_logs" WHERE earliest=-1y latest=now nodename="log.wildfire_report" groupby log.wildfire.id log.wildfire_report.tcp_ip_port | rename log.wildfire_report.tcp_ip_port AS ip_port ] | dedup 1 log.src_ip log.user ip_port log.app | eval "Traffic Link" = "View Traffic Logs" | eval "WildFire Link" = "View WildFire Report" | table _time log.src_ip log.user log.dst_ip log.dst_port log.app log.wildfire.id "Traffic Link" "WildFire Link" | rex mode=sed field=ip_port "s/,/:/" | rename log.src_ip AS Source | rename log.dst_ip AS "Dest IP" | rename log.dst_port AS "Dest Port" | rename log.user AS User | rename log.app AS Application | rename log.wildfire.id AS "WildFire Report ID" | sort -_time
$earliest$
$latest$
@@ -133,11 +133,6 @@
-
-
-
+
+
+
diff --git a/default/props.conf b/default/props.conf
index d88b24dc..e19eea46 100755
--- a/default/props.conf
+++ b/default/props.conf
@@ -7,10 +7,7 @@ MAX_TIMESTAMP_LOOKAHEAD = 44
pulldown_type = true
[pan_threat]
-REPORT-search = extract_threat
-REPORT-threatid = extract_threatid
-REPORT-urlhost = extract_urlhost
-REPORT-reportid = extract_reportid
+REPORT-search = extract_threat, extract_threat_id, extract_dst_hostname, extract_major_content_type, extract_filename
SHOULD_LINEMERGE = false
lookup_table = threat_lookup threat_id
lookup_table = app_lookup app
@@ -24,7 +21,9 @@ FIELDALIAS-src_for_pan_threat = src_ip as src
FIELDALIAS-dest_for_pan_threat = dst_ip as dest
FIELDALIAS-dest-port_for_pan_threat = dst_port as dest_port
FIELDALIAS-rule_name_for_pan_threat = rule_name as rule
-EVAL-user = coalesce(src_user,dst_user)
+FIELDALIAS-report_id_for_pan_threat = threat_id as report_id
+FIELDALIAS-url_for_pan_threat = misc as url
+EVAL-user = coalesce(src_user,dst_user,"unknown")
EVAL-server_ip = if(isnull(direction) OR direction="client-to-server", dst_ip, src_ip)
EVAL-client_ip = if(isnull(direction) OR direction="client-to-server", src_ip, dst_ip)
EVAL-server_location = if(isnull(direction) OR direction="client-to-server", dst_location, src_location)
@@ -36,7 +35,7 @@ SHOULD_LINEMERGE = false
lookup_table = app_lookup app
lookup_src_class = classification_lookup cidr AS src_ip OUTPUT classification AS src_class
lookup_dst_class = classification_lookup cidr AS dst_ip OUTPUT classification AS dst_class
-FIELDALIAS = "application" AS "app" "virtual_system" AS "vsys" "threatid" AS "threat_id"
+FIELDALIAS = "application" AS "app" "virtual_system" AS "vsys"
# Field Aliases to map palo alto fields to the Splunk Common Information Model
FIELDALIAS-dvc_for_pan_traffic = host as dvc
FIELDALIAS-transport_for_pan_traffic = protocol as transport
@@ -44,7 +43,7 @@ FIELDALIAS-src_for_pan_traffic = src_ip as src
FIELDALIAS-dest_for_pan_traffic = dst_ip as dest
FIELDALIAS-dest-port_for_pan_traffic = dst_port as dest_port
FIELDALIAS-rule_name_for_pan_traffic = rule_name as rule
-EVAL-user = coalesce(src_user,dst_user)
+EVAL-user = coalesce(src_user,dst_user,"unknown")
EVAL-server_ip = if(isnull(direction) OR direction="client-to-server", dst_ip, src_ip)
EVAL-client_ip = if(isnull(direction) OR direction="client-to-server", src_ip, dst_ip)
EVAL-server_location = if(isnull(direction) OR direction="client-to-server", dst_location, src_location)
@@ -61,7 +60,6 @@ FIELDALIAS-dest_for_pan_system = host as dest_ip, host as dest
[pan_config]
REPORT-search = extract_config
-REPORT-configsubtype = extract_configsubtype
SHOULD_LINEMERGE = false
FIELDALIAS_config = "virtual_system" AS "vsys" "command" AS "cmd" "configuration_path" AS "path"
# Field Aliases to map palo alto fields to the Splunk Common Information Model
@@ -69,6 +67,7 @@ FIELDALIAS-dvc_for_pan_config = host as dvc
FIELDALIAS-src_for_pan_config = src_ip as src
FIELDALIAS-dest_for_pan_config = dst_ip as dest
FIELDALIAS-dest_for_pan_config = host as dest_ip, host as dest
+EVAL-log_subtype = "config"
[pan_wildfire_report]
REPORT-search = extract_wildfire_report
@@ -76,11 +75,11 @@ KV_MODE = xml
LINE_BREAKER = ((?!))
SHOULD_LINEMERGE = false
TRUNCATE = 0
-FIELDALIAS-tcp_ip_for_pan_wildfire_report = wildfire.report.network.TCP{@ip} as tcp_ip
-FIELDALIAS-tcp_port_for_pan_wildfire_report = wildfire.report.network.TCP{@port} as tcp_port
-FIELDALIAS-udp_ip_for_pan_wildfire_report = wildfire.report.network.UDP{@ip} as udp_ip
-FIELDALIAS-udp_port_for_pan_wildfire_report = wildfire.report.network.UDP{@port} as udp_port
-FIELDALIAS-id_for_pan_wildfire_report = wildfire.report.id as report_id
+FIELDALIAS-tcp_ip_for_pan_wildfire_report = wildfire.task_info.report.network.TCP{@ip} as tcp_ip
+FIELDALIAS-tcp_port_for_pan_wildfire_report = wildfire.task_info.report.network.TCP{@port} as tcp_port
+FIELDALIAS-udp_ip_for_pan_wildfire_report = wildfire.task_info.report.network.UDP{@ip} as udp_ip
+FIELDALIAS-udp_port_for_pan_wildfire_report = wildfire.task_info.report.network.UDP{@port} as udp_port
+FIELDALIAS-id_for_pan_wildfire_report = wildfire.id as report_id
EVAL-tcp_ip_port = mvzip(tcp_ip,tcp_port)
EVAL-udp_ip_port = mvzip(udp_ip,udp_port)
diff --git a/default/savedsearches.conf b/default/savedsearches.conf
index 821dbbb9..71cf1002 100755
--- a/default/savedsearches.conf
+++ b/default/savedsearches.conf
@@ -10,7 +10,7 @@ displayview = flashtimeline
enableSched = 1
realtime_schedule = 0
request.ui_dispatch_view = flashtimeline
-search = `pan_wildfire` | rex field=threat_id "\((?\d+)\)" | wildfirereport | table wildfire_report | rename wildfire_report AS _raw | collect index=pan_logs sourcetype=pan_wildfire_report
+search = `pan_wildfire` | wildfirereport | table wildfire_report | rename wildfire_report AS _raw | collect index=pan_logs sourcetype=pan_wildfire_report
disabled = 0
########################
diff --git a/default/transforms.conf b/default/transforms.conf
index 2fcb38f9..b70d5233 100755
--- a/default/transforms.conf
+++ b/default/transforms.conf
@@ -1,26 +1,25 @@
-# TODO: add comments
[pan_vendor_info_lookup]
filename = pan_vendor_info.csv
[pan_threat]
DEST_KEY = MetaData:Sourcetype
-REGEX = ([^,]+,[^,]+,[^,]+,THREAT,)
+REGEX = ^[^,]+,[^,]+,[^,]+,THREAT,
FORMAT = sourcetype::pan_threat
[pan_traffic]
DEST_KEY = MetaData:Sourcetype
-REGEX = ([^,]+,[^,]+,[^,]+,TRAFFIC,)
+REGEX = ^[^,]+,[^,]+,[^,]+,TRAFFIC,
FORMAT = sourcetype::pan_traffic
[pan_system]
DEST_KEY = MetaData:Sourcetype
-REGEX = ([^,]+,[^,]+,[^,]+,SYSTEM,)
+REGEX = ^[^,]+,[^,]+,[^,]+,SYSTEM,
FORMAT = sourcetype::pan_system
[pan_config]
DEST_KEY = MetaData:Sourcetype
-REGEX = ([^,]+,[^,]+,[^,]+,CONFIG,)
+REGEX = ^[^,]+,[^,]+,[^,]+,CONFIG,
FORMAT = sourcetype::pan_config
[threat_lookup]
@@ -38,7 +37,7 @@ match_type = CIDR(cidr)
[extract_threat]
DELIMS = ","
-FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","future_use2","generated_time","src_ip","dst_ip","nat_src_ip","nat_dst_ip","rule_name","src_user","dst_user","application","virtual_system","src_zone","dst_zone","ingress_interface","egress_interface","log_forwarding_profile","future_use3","session_id","repeat_count","src_port","dst_port","nat_src_port","nat_dst_port","flags","protocol","action","misc","threat_id","category","severity","direction","sequence_number","action_flags","src_location","dst_location","future_use4","content_type"
+FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","future_use2","generated_time","src_ip","dst_ip","nat_src_ip","nat_dst_ip","rule_name","src_user","dst_user","application","virtual_system","src_zone","dst_zone","ingress_interface","egress_interface","log_forwarding_profile","future_use3","session_id","repeat_count","src_port","dst_port","nat_src_port","nat_dst_port","flags","protocol","action","misc","threat_name","category","severity","direction","sequence_number","action_flags","src_location","dst_location","future_use4","content_type","pcap_id","file_digest","cloud_address"
[extract_traffic]
DELIMS = ","
@@ -46,35 +45,27 @@ FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","futu
[extract_config]
DELIMS = ","
-FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","future_use2","future_use3","admin_ip","virtual_system","command","admin","admin_type","result","configuration_path","sequence_number","action_flags"
+FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","future_use2","future_use3","admin_ip","virtual_system","command","admin","admin_type","result","configuration_path","before_change","after_change","sequence_number","action_flags"
[extract_system]
DELIMS = ","
FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","future_use2","future_use3","virtual_system","event_id","object","future_use4","future_use5","module","severity","description","sequence_number","action_flags"
-[extract_threatid]
-SOURCE_KEY = threat_id
-REGEX = \((\d+)\)
-FORMAT = threat_id::$1
+[extract_threat_id]
+SOURCE_KEY = threat_name
+REGEX = \((?\d+)\)
-[extract_urlhost]
+[extract_dst_hostname]
SOURCE_KEY = misc
-REGEX = ^([^/]*)/
-FORMAT = dst_hostname::$1
-
-[extract_reportid]
-SOURCE_KEY = threat_id
-REGEX = \((\d+)\)
-FORMAT = report_id::$1
-
-[extract_domain]
-REGEX = (?:[^:]*:){2}\d+ (\d+.\d+.\d+.\d+)
-FORMAT = domain::$1
-
-[extract_configsubtype]
-#SOURCE_KEY = type
-REGEX = ([^,]+,[^,]+,[^,]+,CONFIG,)
-FORMAT = log_subtype::config
+REGEX = ^(?[^/]*)/
+
+[extract_major_content_type]
+SOURCE_KEY = content_type
+REGEX = ^(?[^/]*)/
+
+[extract_filename]
+SOURCE_KEY = misc
+REGEX = (?[^/?]*)(?:\?.*){0,1}$
[extract_wildfire_report]
MV_ADD = true