Active Defence (Deception)
Version 1.0
\
Field Name
Data Type
ads.service.app_language
text
ads.service.app_remote
text
ads.service.arch_remote
text
ads.service.audit_action
text
ads.service.client_remote
text
ads.service.client_response
text
ads.service.command
text
ads.service.command_args
text
ads.service.community_string
text
ads.service.database_name
text
ads.service.filename
text
ads.service.host_domain
text
ads.service.host_remote
text
ads.service.log_msg
text
ads.service.name_local
text
ads.service.name_remote
text
ads.service.opcode
text
ads.service.repo_name
text
ads.service.request_call_id
text
ads.service.request_contact
text
ads.service.request_content_length
int
ads.service.request_cseq
text
ads.service.request_from
text
ads.service.request_max_forwards
int
ads.service.request_mime_type
text
ads.service.request_oid
text
ads.service.request_to
text
ads.service.request_via
text
ads.service.server_address
text
ads.service.server_challenge
text
ads.service.session_id
text
ads.service.share_filename
text
ads.service.share_name
text
ads.service.status
text
ads.service.transfer_mode
text
ads.service.url_domain
text
ads.service.url_path
text
ads.service.user_agent
text
ads.service.user_name
text
ads.service.user_password
text
ads.service.version_local
text
ads.service.version_remote
text
ads.service.web_module
text
ads.token.auth
text
ads.token.channel
text
ads.token.id
text
ads.token.manage_url
text
ads.token.reminder_text
text
ads.token.text
text
ads.token.type
text
ads.token.user_agent
text
agent.hostname
text
agent.type
text
destination.as.number
text
destination.as.organization.name
text
destination.geo.city_name
text
destination.geo.continent_code
text
destination.geo.country_code
text
destination.geo.country_name
text
destination.geo.location.lat
geopoint
destination.geo.location.lon
geopoint
destination.geo.region_name
text
destination.ip
ip
destination.locality
text
destination.port
int
event.action
text
event.category
array
event.code
int
event.created
date/time
event.dataset
text
event.kind
text
event.module
text
event.original
text
event.provider
text
event.type
array
file.directory
text
file.path
text
http.request.body.content
text
http.request.lang
text
http.request.method
text
http.request.mime_type
text
http.response.status_code
int
input.type
text
log.file.path
text
message
text
network.community.id
text
node.name
text
observer.as.number
text
observer.as.organization.name
text
observer.geo.city_name
text
observer.geo.continent_code
text
observer.geo.country_code
text
observer.geo.country_name
text
observer.geo.location.lat
geopoint
observer.geo.location.lon
geopoint
observer.geo.region_name
text
observer.hostname
text
observer.interface
text
observer.ip
ip
observer.locality
text
observer.mac
text
observer.type
text
observer.version
text
organization.id
text
related.hash
array
related.hosts
array
related.ip
array
related.user
array
sensor.id
text
service.address
ip
service.name
text
service.type
text
source.as.number
text
source.as.organization.name
text
source.geo.city_name
text
source.geo.continent_code
text
source.geo.country_code
text
source.geo.country_name
text
source.geo.location.lat
geopoint
source.geo.location.lon
geopoint
source.geo.region_name
text
source.ip
ip
source.locality
text
source.port
int
threat.indicator.lookup
text
threat.indicator.type
ip
threatintel.days
int
threatintel.entity
text
threatintel.event_data
text
threatintel.lookup
text
threatintel.malware.malware
text
threatintel.malware.timestamp
date/time
threatintel.severity
text
threatintel.tags
text
threatintel.white_list
text
url.domain
text
url.path
text
user.name
text
user.password
text
user_agent.original
text
uuid
text