Active Defence (Deception)
Version 1.0
\
Field Name | Data Type |
ads.service.app_language | text |
ads.service.app_remote | text |
ads.service.arch_remote | text |
ads.service.audit_action | text |
ads.service.client_remote | text |
ads.service.client_response | text |
ads.service.command | text |
ads.service.command_args | text |
ads.service.community_string | text |
ads.service.database_name | text |
ads.service.filename | text |
ads.service.host_domain | text |
ads.service.host_remote | text |
ads.service.log_msg | text |
ads.service.name_local | text |
ads.service.name_remote | text |
ads.service.opcode | text |
ads.service.repo_name | text |
ads.service.request_call_id | text |
ads.service.request_contact | text |
ads.service.request_content_length | int |
ads.service.request_cseq | text |
ads.service.request_from | text |
ads.service.request_max_forwards | int |
ads.service.request_mime_type | text |
ads.service.request_oid | text |
ads.service.request_to | text |
ads.service.request_via | text |
ads.service.server_address | text |
ads.service.server_challenge | text |
ads.service.session_id | text |
ads.service.share_filename | text |
ads.service.share_name | text |
ads.service.status | text |
ads.service.transfer_mode | text |
ads.service.url_domain | text |
ads.service.url_path | text |
ads.service.user_agent | text |
ads.service.user_name | text |
ads.service.user_password | text |
ads.service.version_local | text |
ads.service.version_remote | text |
ads.service.web_module | text |
ads.token.auth | text |
ads.token.channel | text |
ads.token.id | text |
ads.token.manage_url | text |
ads.token.reminder_text | text |
ads.token.text | text |
ads.token.type | text |
ads.token.user_agent | text |
agent.hostname | text |
agent.type | text |
destination.as.number | text |
destination.as.organization.name | text |
destination.geo.city_name | text |
destination.geo.continent_code | text |
destination.geo.country_code | text |
destination.geo.country_name | text |
destination.geo.location.lat | geopoint |
destination.geo.location.lon | geopoint |
destination.geo.region_name | text |
destination.ip | ip |
destination.locality | text |
destination.port | int |
event.action | text |
event.category | array |
event.code | int |
event.created | date/time |
event.dataset | text |
event.kind | text |
event.module | text |
event.original | text |
event.provider | text |
event.type | array |
file.directory | text |
file.path | text |
http.request.body.content | text |
http.request.lang | text |
http.request.method | text |
http.request.mime_type | text |
http.response.status_code | int |
input.type | text |
log.file.path | text |
message | text |
network.community.id | text |
node.name | text |
observer.as.number | text |
observer.as.organization.name | text |
observer.geo.city_name | text |
observer.geo.continent_code | text |
observer.geo.country_code | text |
observer.geo.country_name | text |
observer.geo.location.lat | geopoint |
observer.geo.location.lon | geopoint |
observer.geo.region_name | text |
observer.hostname | text |
observer.interface | text |
observer.ip | ip |
observer.locality | text |
observer.mac | text |
observer.type | text |
observer.version | text |
organization.id | text |
related.hash | array |
related.hosts | array |
related.ip | array |
related.user | array |
sensor.id | text |
service.address | ip |
service.name | text |
service.type | text |
source.as.number | text |
source.as.organization.name | text |
source.geo.city_name | text |
source.geo.continent_code | text |
source.geo.country_code | text |
source.geo.country_name | text |
source.geo.location.lat | geopoint |
source.geo.location.lon | geopoint |
source.geo.region_name | text |
source.ip | ip |
source.locality | text |
source.port | int |
threat.indicator.lookup | text |
threat.indicator.type | ip |
threatintel.days | int |
threatintel.entity | text |
threatintel.event_data | text |
threatintel.lookup | text |
threatintel.malware.malware | text |
threatintel.malware.timestamp | date/time |
threatintel.severity | text |
threatintel.tags | text |
threatintel.white_list | text |
url.domain | text |
url.path | text |
user.name | text |
user.password | text |
user_agent.original | text |
uuid | text |